[SCM] Samba Shared Repository - branch master updated

Michael Adam Tue, 31 May 2011 17:57:59 -0700

The branch, master has been updated
       via  697d5c0 s3:doc: update the ldap_user_dn documentation in the 
idmap_ldap manpage
       via  74cd06b s3:idmap_ldap: allow creation of ldap stored mappings for 
explicitly configured domains.
       via  dea3ef1 s3:idmap_ldap: rename idmap_ldap_get_new_id to 
idmap_ldap_allocate_id
       via  2de65b9 s3:idmap_ldap: rename idmap_ldap_allocate_id to 
idmap_ldap_allocate_id_internal
       via  5882d3e idmap_ldap.8: Add example with readonly backend
      from  00577e9 librpc/ndr: Use converted_size to determine if NULL 
termination was sent


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 697d5c08acc85944df8ca9f26ab3f58bb3e7764a
Author: Michael Adam <[email protected]>
Date:   Wed Jun 1 01:19:50 2011 +0200

    s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage
    
    also extend the example with ldap_user_dn.
    
    Autobuild-User: Michael Adam <[email protected]>
    Autobuild-Date: Wed Jun  1 02:53:32 CEST 2011 on sn-devel-104

commit 74cd06b3dff42bda4dd0a0f3fd250a975d0258ed
Author: Michael Adam <[email protected]>
Date:   Wed Jun 1 00:30:11 2011 +0200

    s3:idmap_ldap: allow creation of ldap stored mappings for explicitly 
configured domains.
    
    After the preparations, this is achieved by using 
idmap_ldap_allocate_id_internal()
    as get_new_id rw method instead of idmap_ldap_allocate_id().

commit dea3ef1ab689a3d01846147d2a83377b09335f8f
Author: Michael Adam <[email protected]>
Date:   Wed Jun 1 00:25:23 2011 +0200

    s3:idmap_ldap: rename idmap_ldap_get_new_id to idmap_ldap_allocate_id
    
    This is in preparation of allowing allocating ldap based domain-specific 
configs.

commit 2de65b97b98e2c8cc218b60da749ac17195d8413
Author: Michael Adam <[email protected]>
Date:   Wed Jun 1 00:25:23 2011 +0200

    s3:idmap_ldap: rename idmap_ldap_allocate_id to 
idmap_ldap_allocate_id_internal
    
    This is in preparation of allowing allocating ldap based domain-specific 
configs.

commit 5882d3eba3d7a82234d09a6ccb8c64e81a6240d9
Author: Luk Claes <[email protected]>
Date:   Tue May 31 23:28:57 2011 +0200

    idmap_ldap.8: Add example with readonly backend
    
    Signed-off-by: Luk Claes <[email protected]>
    Signed-off-by: Michael Adam <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages-3/idmap_ldap.8.xml |   36 +++++++++++++++++++++++++++++++--
 source3/winbindd/idmap_ldap.c        |   18 ++++++++--------
 2 files changed, 42 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml 
b/docs-xml/manpages-3/idmap_ldap.8.xml
index 4cbfe84..2c0fcfd 100644
--- a/docs-xml/manpages-3/idmap_ldap.8.xml
+++ b/docs-xml/manpages-3/idmap_ldap.8.xml
@@ -48,8 +48,14 @@
                <varlistentry>
                <term>ldap_user_dn = DN</term>
                <listitem><para>
-                       Defines the user DN to be used for authentication. If 
absent an
-                       anonymous bind will be performed.
+                       Defines the user DN to be used for authentication.
+                       The secret for authenticating this user should be
+                       stored with net idmap secret
+                       (see <citerefentry><refentrytitle>net</refentrytitle>
+                       <manvolnum>8</manvolnum></citerefentry>).
+                       If absent, the ldap credentials from the ldap passdb 
configuration
+                       are used, and if these are also absent, an anonymous
+                       bind will be performed as last fallback.
                </para></listitem>
                </varlistentry>
 
@@ -78,7 +84,8 @@
        <para>
        The following example shows how an ldap directory is used as the 
        default idmap backend. It also configures the idmap range and base 
-       directory suffix.
+       directory suffix. The secret for the ldap_user_dn has to be set with
+       &quot;net idmap secret '*' password&quot;.
        </para>
 
        <programlisting>
@@ -87,6 +94,29 @@
        idmap config * : range        = 1000000-1999999
        idmap config * : ldap_url     = ldap://localhost/
        idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
+       idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
+       </programlisting>
+
+       <para>
+       This example shows how ldap can be used as a readonly backend while
+       tdb is the default backend used to store the mappings.
+       It adds an explicit configuration for some domain DOM1, that
+       uses the ldap idmap backend. Note that a range disjoint from the
+       default range is used.
+       </para>
+
+       <programlisting>
+       [global]
+       # "backend = tdb" is redundant here since it is the default
+       idmap config * : backend = tdb
+       idmap config * : range = 1000000-1999999
+
+       idmap config DOM1 : backend = ldap
+       idmap config DOM1 : range = 2000000-2999999
+       idmap config DOM1 : read only = yes
+       idmap config DOM1 : ldap_url = ldap://server/
+       idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
+       idmap config DOM1 : ldap_user_dn = 
cn=idmap_admin,dc=dom1,dc=example,dc=com
        </programlisting>
 </refsect1>
 
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 7195912..a9cb4fc 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -232,8 +232,8 @@ done:
  Allocate a new uid or gid
 ********************************/
 
-static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom,
-                                      struct unixid *xid)
+static NTSTATUS idmap_ldap_allocate_id_internal(struct idmap_domain *dom,
+                                               struct unixid *xid)
 {
        TALLOC_CTX *mem_ctx;
        NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
@@ -391,21 +391,21 @@ done:
  * For now this is for the default idmap domain only.
  * Should be extended later on.
  */
-static NTSTATUS idmap_ldap_get_new_id(struct idmap_domain *dom,
-                                     struct unixid *id)
+static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom,
+                                      struct unixid *id)
 {
        NTSTATUS ret;
 
        if (!strequal(dom->name, "*")) {
-               DEBUG(3, ("idmap_ldap_get_new_id: "
+               DEBUG(3, ("idmap_ldap_allocate_id: "
                          "Refusing allocation of a new unixid for domain'%s'. "
-                         "Currently only supported for the default "
+                         "This is only supported for the default "
                          "domain \"*\".\n",
                           dom->name));
                return NT_STATUS_NOT_IMPLEMENTED;
        }
 
-       ret = idmap_ldap_allocate_id(dom, id);
+       ret = idmap_ldap_allocate_id_internal(dom, id);
 
        return ret;
 }
@@ -484,7 +484,7 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom)
        ctx->rw_ops = talloc_zero(ctx, struct idmap_rw_ops);
        CHECK_ALLOC_DONE(ctx->rw_ops);
 
-       ctx->rw_ops->get_new_id = idmap_ldap_get_new_id;
+       ctx->rw_ops->get_new_id = idmap_ldap_allocate_id_internal;
        ctx->rw_ops->set_mapping = idmap_ldap_set_mapping;
 
        ret = smbldap_init(ctx, winbind_event_context(), ctx->url,
@@ -1144,7 +1144,7 @@ static struct idmap_methods idmap_ldap_methods = {
        .init = idmap_ldap_db_init,
        .unixids_to_sids = idmap_ldap_unixids_to_sids,
        .sids_to_unixids = idmap_ldap_sids_to_unixids,
-       .allocate_id = idmap_ldap_get_new_id,
+       .allocate_id = idmap_ldap_allocate_id,
 };
 
 NTSTATUS idmap_ldap_init(void);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to