Hi folks,
In our happy adventures in ID mapping between windows and Unix, I've
come across an odd issue with the idmap : script mapping method when
using tdb2.
Basically - my idmap script behaves like this:
#idmap.sh IDTOSID GID 123456
SID:S-blah-blah-blah
as one would hope, and as per the requirements in the idmap_tdb2 man
page. Similarly, it'll return UID:123545 or GID:1234356 in response to
SIDTOID S-blah-blah-blah
This all works well when calling the script directly, but when running
it through winbind I was getting:
# wbinfo -G 12345
Could not convert gid 12345 to sid
despite the fact that this would return fine:
# idmap.sh IDTOSID 12345
SID:S-blah-blah-blah
However, going the other way would always work fine (SIDTOID).
(To be clear - I was flushing the cache and deleting the relevant
entries from the tdb's between lookups.)
In a flash of inspiration, I changed the "echo SID:$SID" line in my
idmap to be "printf SID:$SID" so that it didn't give a newline in
the
response, and, lo and behold, it magically started working fine!
Note that the SIDTOID calls still use "echo GID:$GID", and not printf,
and work fine.
So - a quick patch to the example "idmap-nis.sh" script might act as a
quick workaround:
--- examples/scripts/idmap/idmap_nis.sh.orig 2013-02-13
16:27:07.253852132 +0000
+++ examples/scripts/idmap/idmap_nis.sh 2013-02-13 16:27:18.633913917 +0000
@@ -108,7 +108,7 @@
echo "ERR: name $name not found in ADS"
exit 1
}
- echo "SID:$sid"
+ printf "SID:$sid"
;;
*)
echo "ERR: Unknown command $cmd"
but I'm afraid my efforts to dig into the source3/winbindd/idmap_tdb2.c
code came up against my non-coder impenetrable barrier of fail!
Hope this helps someone - let me know if you think I should do anything
further with this (like submitting a bug).
--
Orlando
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.