This case was approved at today's PSARC meeting. I've updated the IAM file.
On Mon, Mar 03, 2008 at 03:05:22PM -0600, Nicolas Williams wrote: > I typoed the OpenSolaris discuss list names. Sigh. > > Please cc' [EMAIL PROTECTED] and [email protected], > not [EMAIL PROTECTED] and [EMAIL PROTECTED] > > Nico > > On Mon, Mar 03, 2008 at 12:54:29PM -0800, Nicolas Williams wrote: > > > > Template Version: @(#)sac_nextcase 1.64 07/13/07 SMI > > This information is Copyright 2008 Sun Microsystems > > 1. Introduction > > 1.1. Project/Component Working Name: > > idmap(1M) observability > > 1.2. Name of Document Author/Supplier: > > Author: Nicolas Williams > > 1.3 Date of This Document: > > 03 March, 2008 > > 4. Technical Description > > > > I'm sponsoring this case for Julian Pullen. I've set the timer to > > expire on Wednesday, March 12th, 2008. > > > > The requested release binding is micro/patch (note: the base ARC case > > has minor release binding, so "micro/patch" here is not meaningfully > > different from minor). > > > > BACKGROUND > > ---------- > > > > PSARC/2006/315 introduced a facility for mapping between Windows and > > Solaris user/group identities. > > > > idmap(1M) is the primary user interface for the Solaris ID mapping > > facility. It allows the administrator to specify rules for ID mapping, > > as well as to observe what identities have been mapped, and to request > > mappings for specific IDs. > > > > idmap now supports the following mapping methods > > 1) Hardcoded mappings for _some_ Well-Known SIDs > > 2) Directory-based name mapping using AD only (soon also using > > native LDAP, and a mixed mode; see PSARC/2007/663) > > 3) Name-based rule mapping > > 4) Ephemeral mapping > > 5) Local SID mapping > > > > PROBLEM > > ------- > > > > The idmap(1M) utility provides no information as to how any one mapping > > was performed, nor what conditions led to failure to produce a requested > > mapping. > > > > SOLUTION > > -------- > > > > This case enhances idmap to enable it to display how the the identifiers > > were mapped. The "idmap show" and "idmap dump" commands will be > > extended with a -v flag to display this information. The "idmap show" > > command will also display whether the ID mapping was just generated as a > > result of the command or whether it had been cached. > > > > The information displayed will include the type of mapping. For > > directory-based name mapping it will include if the Directory is AD or > > Native LDAP, the Distinguished name of the entry and the mapping > > attribute and value. For name-based rule mapping it will include the > > matching rule. > > > > Man page diffs will be added to the case directory. > > > > INTERFACE STABILITY > > ------------------- > > > > The new -v option to 'idmap dump' and 'idmap show' will be Committed. > > > > The output of 'idmap dump' and 'idmap show' is hereby declared to be Not > > an Interface. A future case may introduce stable output formats > > suitable for scripting. > > > > PHASED DELIVERY > > --------------- > > > > We may deliver this case in two phases: one that adds observability for > > success cases, and one that adds observability for failure cases. > > > > We expect this provision to be non-controversial given the Not-an- > > Interface nature of idmap(1M)'s output at this time. > > > > OUTPUT > > ------ > > > > [Remember, idmap(1M) output remains Not an Interface, thus we reserve > > the right to change the output formats shown below.] > > > > Success cases: > > > > % idmap show ... > > <mapping> > > % idmap show -v ... > > <mapping> > > New: yes | cached > > Method: <method-name> > > [DN: <LDAP DN>] > > [Attribute: <LDAP attribute name> = <value>] > > [Rule: <rule>] > > > > Where: > > > > - <mapping> is the output that idmap produces today. > > > > - <method-name> is one of: AD Directory, Native LDAP Directory, Name > > Rule, Ephemeral, Local SID, Well-Known mapping. > > > > - <LDAP DN> is the DN of an AD or native LDAP object (if ds-based name > > mapping was used). > > > > - <LDAP attribute name> and <value> are the name and value of the > > attribute used for directory-based name mapping (if ds-based name > > mapping was used). > > > > - <rule> is the matching name-based rule, if any, using the same format > > as used by "idmap list" today. > > > > Output for "idmap dump" will be the same as "show -v" but it will not > > contain "New: ..." (all dumped entries must be in the cache). > > > > > > Error cases: > > > > % idmap show ... > > [<mapping>] > > Failed Method: <method-name> > > Error: <error message> > > > > > > > > 6. Resources and Schedule > > 6.4. Steering Committee requested information > > 6.4.1. Consolidation C-team Name: > > ON > > 6.5. ARC review type: FastTrack > > 6.6. ARC Exposure: open > > _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
