On Mon, Jun 20, 2016 at 11:15:20AM +0200, Lukas Slebodnik wrote:
> On (13/06/16 15:44), Sumit Bose wrote:
> >On Wed, Jun 08, 2016 at 07:24:02PM +0200, Lukas Slebodnik wrote:
> >> On (08/06/16 13:39), Sumit Bose wrote:
> >> >On Wed, Jun 08, 2016 at 10:50:00AM +0200, Jakub Hrozek wrote:
> >> >> On Tue, May 10, 2016 at 11:10:05AM +0200, Sumit Bose wrote:
> >> >> > Hi,
> >> >> >
> >> >> > this patch adds a new plugin similar to the one for the cifs-utils
> >> >> > which
> >> >> > allows winbind to use the same id-mapping as SSSD.
> >> >> >
> >> >> > Currently I only added it to the dlopen test because I think it would
> >> >> > be
> >> >> > best to test it directly when Samba becomes available in the CI.
> >> >> >
> >> >> > bye,
> >> >> > Sumit
> >> >>
> >> >> > From b16a64ccf236718a877ab83de1949ab1a8091187 Mon Sep 17 00:00:00 2001
> >> >> > From: Sumit Bose <sb...@redhat.com>
> >> >> > Date: Tue, 19 Apr 2016 13:52:59 +0200
> >> >> > Subject: [PATCH] Add winbind idmap plugin
> >> >> >
> >> >> > With this plugin winbind can use the same id-mapping as SSSD which
> >> >> > makes
> >> >> > it possible to run both together in a consistent way.
> >> >>
> >> >> [...]
> >> >>
> >> >> > @@ -3710,6 +3757,7 @@ install-data-hook:
> >> >> > if [ ! $(krb5rcachedir) = "__LIBKRB5_DEFAULTS__" ]; then \
> >> >> > $(MKDIR_P) $(DESTDIR)/$(krb5rcachedir) ; \
> >> >> > fi
> >> >> > + mv $(DESTDIR)/$(winbindplugindir)/winbind_idmap_sss.so
> >> >> > $(DESTDIR)/$(winbindplugindir)/sss.so
> >> >>
> >> >> You also need to do the same for the uninstall hook otherwise distcheck
> >> >> fails.
> >> >
> >> >fixed
> >> >
> >> >>
> >> >> >
> >> >> > uninstall-hook:
> >> >> > if [ -f $(abs_builddir)/src/config/.files2 ]; then \
> >> >> > diff --git a/configure.ac b/configure.ac
> >> >> > index
> >> >> > b4ba366d7a32a45879e9f2e9b6e84256a3ac7235..11d3f9c7333ba814cef54651cbc8e78c610b64e9
> >> >> > 100644
> >> >> > --- a/configure.ac
> >> >> > +++ b/configure.ac
> >> >> > @@ -126,6 +126,7 @@ WITH_KRB5_CONF
> >> >> > WITH_PYTHON2_BINDINGS
> >> >> > WITH_PYTHON3_BINDINGS
> >> >> > WITH_CIFS_PLUGIN_PATH
> >> >> > +WITH_WINBIND_PLUGIN_PATH
> >> >> > WITH_SELINUX
> >> >> > WITH_NSCD
> >> >> > WITH_IPA_GETKEYTAB
> >> >> > diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
> >> >> > index
> >> >> > 2ba6a4d4c919a0697b18c4293f5e33e12b996cac..63d4b28d886259bf7f7f3ea2a6f49a43da00c249
> >> >> > 100644
> >> >> > --- a/contrib/sssd.spec.in
> >> >> > +++ b/contrib/sssd.spec.in
> >> >> > @@ -1002,6 +1002,7 @@ done
> >> >> > %dir %{_libdir}/%{name}
> >> >> > %dir %{_libdir}/%{name}/modules
> >> >> > %{_libdir}/%{name}/modules/libwbclient.so.*
> >> >> > +%{_libdir}/samba/idmap/sss.so
> >> >>
> >> >> On a machine that doesn't have winbind installed, the
> >> >> libdir/samba/idmapdir would be unowned, sssd needs to own them in the
> >> >> same way it owns %{_libdir}/cifs-utils.
> >> >
> >> >fixed, I moved the plugin into the sssd-ad package as well. The
> >> >libwbclient package does not seem to be the right place because the
> >> >idmap plugin implies that winbind running while SSSD's libwbclient
> >> >implementation implies to opposite.
> >> >
> >> If I understand it correctly this plugin will be used by winbind.
> >> therefore it might be better to create separate sub-package for this file.
> >>
> >> Because in container world you will need to install sssd-ad if you want
> >> to use this plugin in "winbind container". It seems to be a overkill.
> >>
> >> "winbind container" will need to just this plugin + dependencies
> >> + bind mounted unix sockets for communication libsss_*idmap.so and sssd
> >> daemon.
> >
> >Makes sense. I put the plugin into a new package and to not make it feel
> >lonely I added a man page as well.
> >
> LGTM.
>
> BTW we can add Requires/Recommends into pacakge sssd-ad for this sub-pacakge.
> So it will be installed by default.
I think this is not needed. It is only needed for samba, not on an
general AD client. And even with samba people might want to select
between the idmap plugin and SSSD's libwbclient implementation.
bye,
Sumit
> But I can amend patch before pushing if there are not any other comments
> to this patch.
>
> LS
> _______________________________________________
> sssd-devel mailing list
> sssd-devel@lists.fedorahosted.org
> https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
