diff options
author | Michael Adam <obnox@samba.org> | 2011-02-01 11:58:14 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2011-03-22 23:57:29 +0100 |
commit | cfae1e795f56add279d5ea24e3410d376ae908d2 (patch) | |
tree | f3ea79cb60e468356f7137aa5c6ca2f229626e46 /WHATSNEW.txt | |
parent | 2bfe9d177273d9abf6dda237ebf2d8bd9e143ec3 (diff) | |
download | samba-cfae1e795f56add279d5ea24e3410d376ae908d2.tar.gz |
s3:WHATSNEW: document changes of the id mapping system
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue Mar 22 23:57:29 CET 2011 on sn-devel-104
Diffstat (limited to 'WHATSNEW.txt')
-rw-r--r-- | WHATSNEW.txt | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8bd56867eaf..abf90881e59 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -114,6 +114,49 @@ need printing functionality in their appliances, reducing the code footprint. +ID Mapping Changes +------------------ + +The id mapping configuration has been a source of much grief in the past. +For this release, id mapping has ben rewritten yet again with the goal +of making the configuration more simple and more coherent while keeping +the needed flexibility and even adding to the flexibility in some respects. + +The major change that implies the configuration simplifications is at +the heart of the id mapping system: The separation of the "idmap alloc +system" that is responsible for the unix id counters in the tdb, tdb2 +and ldap idmap backends from the id mapping code itself has been removed. +The sids_to_unixids operation is now atomic and encapsulates (if needed) +the action of allocating a unix id for a mapping that is to be created. +Consequently all idmap alloc configuration parameters have vanished and +it is hence now also not possible any more to specify an idmap alloc +backend different from the idmap backend. Each idmap backend uses its +own idmap unixid creation mechanism transparently. + +As a consequence of the id mapping changes, the methods that are used +for storing and deleting id mappings have been removed from the winbindd +API. The "net idmap dump/restore" commands have been rewritten to +not speak through winbindd any more but directly act on the databases. +This is currently available for the tdb and tdb2 backends, the implementation +for ldap still missing. + +The allocate_id functionality is preserved for the unix id creator of the +default idmap configuration is also used as the source of unix ids +for the group mapping database and for the posix attributes in a +ldapsam:editposix setup. + +As part of the changes, the default idmap configuration has been +changed to be more coherent with the per-domain configuration. +The parameters "idmap uid", "idmap gid" and "idmap range" are now +deprecated in favour of the systematic "idmap config * : range" +and "idmap config * : backend" parameters. The reason for this change +is that the old options only provided an incomplete and hence deceiving +backwards compatibility, which was a source of many problems with +updgrades. By introducing this change in configuration, it should be +brought to the conciousness of the users that even the simple +id mapping is not working exactly as in Samba 3.0 versions any more. + + SMB Traffic Analyzer -------------------- |