[OpenIndiana-discuss] idmap timeout
Reginald Beardsley
pulaskite at yahoo.com
Mon Feb 25 22:32:55 UTC 2013
--- On Mon, 2/25/13, James Relph <james at themacplace.co.uk> wrote:
> From: James Relph <james at themacplace.co.uk>
> Subject: Re: [OpenIndiana-discuss] idmap timeout
> To: "Discussion list for OpenIndiana" <openindiana-discuss at openindiana.org>
> Date: Monday, February 25, 2013, 3:00 PM
>
> > Try modifying your cron job to do a:
> >
> > "idmap dump -nv"
>
> I'll add that in, see what drops out.
>
> > Writing a static set of name rules using awk should be
> pretty trivial if one can query Windows and Mac OS for
> authorized user name lists. Updating could be
> triggered by a request that didn't have a mapping yet.
> This would then all persist across boots.
>
> I did think of that, but it's things like triggering that,
> keeping it up to date (ie. when users are removed from AD)
> and the rest, and I thought it might become quite a big
> project really and something that may be better written as
> some kind of alternate idmap option (i.e. instead of just
> having static and ephemeral, have static, ephemeral and
> cached - with cached basically being automatically created
> user mappings).
>
> To be fair if idmap was able to just use static mapping to a
> range of IDs that would be good enough.
Unless I've badly misunderstood what I've read it can do that now. Of course, comments and code are not always in agreement. Or perhaps the more common, "However, if you did that then, you can't do this now."
Ignoring that the only limitation I see is what will Windows & Mac OS reveal w/o requiring installing a program. If OI can query the AD hosts, then idmap can trigger an update on a fail of identifier lookup. That's a pretty clean change. One function call in the right place. Or update every 5 minutes and there's no change needed. Just a cron job.
Have Fun!
Reg
More information about the OpenIndiana-discuss
mailing list