Bug 7200 - idmap backend nss domains should get domain part be stripped off
Summary: idmap backend nss domains should get domain part be stripped off
Status: NEW
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.5.0
Hardware: All All
: P3 major
Target Milestone: ---
Assignee: Michael Adam
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-02 10:55 UTC by Björn Jacke
Modified: 2010-03-02 12:00 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2010-03-02 10:55:05 UTC 
given you have an nsswitch.conf like

passwd: files ldap winbind
group: files ldap winbind

and a smb.conf with

idmap config MYDOM:backend = nss
idmap config MYDOM:range = 1000-1000000
idmap config MYDOM:readonly = yes

you get strange inconsistent results when users/groups are resolved:

# touch testfile
# chown a_domain_user testfile
# nscd -i passwd
# ls -l testfile
... MYDOM\a_domain_user ...
# nscd -i passwd
# ls -l testfile
... a_domain_user ...

To resolve this problem and to get consistent results a solution could be that any domains that are configured with idmap backend nss should get the domain part stipped off. Does that sound reasonable?
Comment 1 Simo Sorce 2010-03-02 10:59:26 UTC 
Should they be returned at all ?
Comment 2 Björn Jacke 2010-03-02 12:00:51 UTC 
simo: good point, indeed.

btw: the above steps to reproduce the problem need a
"getent passwd 'MYDOM\a_domain_user'" after the first nscd flush.