Bug 7200 - idmap backend nss domains should get domain part be stripped off
idmap backend nss domains should get domain part be stripped off
Status: NEW
Product: Samba 3.5
Classification: Unclassified
Component: Winbind
All All
: P3 major
: ---
Assigned To: Michael Adam
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2010-03-02 10:55 UTC by Björn Jacke
Modified: 2010-03-02 12:00 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2010-03-02 10:55:05 UTC
given you have an nsswitch.conf like

passwd: files ldap winbind
group: files ldap winbind

and a smb.conf with

idmap config MYDOM:backend = nss
idmap config MYDOM:range = 1000-1000000
idmap config MYDOM:readonly = yes

you get strange inconsistent results when users/groups are resolved:

# touch testfile
# chown a_domain_user testfile
# nscd -i passwd
# ls -l testfile
... MYDOM\a_domain_user ...
# nscd -i passwd
# ls -l testfile
... a_domain_user ...

To resolve this problem and to get consistent results a solution could be that any domains that are configured with idmap backend nss should get the domain part stipped off. Does that sound reasonable?
Comment 1 Simo Sorce 2010-03-02 10:59:26 UTC
Should they be returned at all ?
Comment 2 Björn Jacke 2010-03-02 12:00:51 UTC
simo: good point, indeed.

btw: the above steps to reproduce the problem need a
"getent passwd 'MYDOM\a_domain_user'" after the first nscd flush.