On (08/06/16 13:39), Sumit Bose wrote:
On Wed, Jun 08, 2016 at 10:50:00AM +0200, Jakub Hrozek wrote:
> On Tue, May 10, 2016 at 11:10:05AM +0200, Sumit Bose wrote:
> > Hi,
> >
> > this patch adds a new plugin similar to the one for the cifs-utils which
> > allows winbind to use the same id-mapping as SSSD.
> >
> > Currently I only added it to the dlopen test because I think it would be
> > best to test it directly when Samba becomes available in the CI.
> >
> > bye,
> > Sumit
>
> > From b16a64ccf236718a877ab83de1949ab1a8091187 Mon Sep 17 00:00:00 2001
> > From: Sumit Bose <sbose(a)redhat.com>
> > Date: Tue, 19 Apr 2016 13:52:59 +0200
> > Subject: [PATCH] Add winbind idmap plugin
> >
> > With this plugin winbind can use the same id-mapping as SSSD which makes
> > it possible to run both together in a consistent way.
>
> [...]
>
> > @@ -3710,6 +3757,7 @@ install-data-hook:
> > if [ ! $(krb5rcachedir) = "__LIBKRB5_DEFAULTS__" ]; then \
> > $(MKDIR_P) $(DESTDIR)/$(krb5rcachedir) ; \
> > fi
> > + mv $(DESTDIR)/$(winbindplugindir)/winbind_idmap_sss.so
$(DESTDIR)/$(winbindplugindir)/sss.so
>
> You also need to do the same for the uninstall hook otherwise distcheck
> fails.
fixed
>
> >
> > uninstall-hook:
> > if [ -f $(abs_builddir)/src/config/.files2 ]; then \
> > diff --git a/configure.ac b/configure.ac
> > index
b4ba366d7a32a45879e9f2e9b6e84256a3ac7235..11d3f9c7333ba814cef54651cbc8e78c610b64e9 100644
> > --- a/configure.ac
> > +++ b/configure.ac
> > @@ -126,6 +126,7 @@ WITH_KRB5_CONF
> > WITH_PYTHON2_BINDINGS
> > WITH_PYTHON3_BINDINGS
> > WITH_CIFS_PLUGIN_PATH
> > +WITH_WINBIND_PLUGIN_PATH
> > WITH_SELINUX
> > WITH_NSCD
> > WITH_IPA_GETKEYTAB
> > diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
> > index
2ba6a4d4c919a0697b18c4293f5e33e12b996cac..63d4b28d886259bf7f7f3ea2a6f49a43da00c249 100644
> > --- a/contrib/sssd.spec.in
> > +++ b/contrib/sssd.spec.in
> > @@ -1002,6 +1002,7 @@ done
> > %dir %{_libdir}/%{name}
> > %dir %{_libdir}/%{name}/modules
> > %{_libdir}/%{name}/modules/libwbclient.so.*
> > +%{_libdir}/samba/idmap/sss.so
>
> On a machine that doesn't have winbind installed, the
> libdir/samba/idmapdir would be unowned, sssd needs to own them in the
> same way it owns %{_libdir}/cifs-utils.
fixed, I moved the plugin into the sssd-ad package as well. The
libwbclient package does not seem to be the right place because the
idmap plugin implies that winbind running while SSSD's libwbclient
implementation implies to opposite.
If I understand it correctly this plugin will be used by winbind.
therefore it might be better to create separate sub-package for this file.
Because in container world you will need to install sssd-ad if you want
to use this plugin in "winbind container". It seems to be a overkill.
"winbind container" will need to just this plugin + dependencies
+ bind mounted unix sockets for communication libsss_*idmap.so and sssd daemon.
It seems to me the same use-case as
https://fedorahosted.org/sssd/ticket/3024
LS