2007/663 Winchester directory-based name mapping [FastTrack timeout 11/30/2007]

[Nicolas Williams]

On Wed, Nov 21, 2007 at 10:52:03AM +0000, Darren J Moffat wrote:
> If I'm understanding this case correctly there are NO new LDAP schema 
> needed for any of the modes, but using one is allowed.

No, schema extensions are required for all modes.

> Will the LDIF files be shipped as part of Solaris if so where ? (Hint: 
> /usr/share/lib/ldif would be a good place), even as examples it would be 
> nice.

We certainly could.  Our intention had been to have them in the
docs.sun.com guide book only.

> Is there a reason why default values for the {nldap,ad}_*_attr 
> properties can't be defined ?  I would have thought there might be some 
> reasonable default that could be selected based on the normal schema in 
> use with AD or NLDAP is that not the case ?

We're following others' lead in the market.

> What is the default value for config/ds_name_mapping_enabled ?  I think 
> it is false but I couldn't find it explicitly mentioned in the proposal. 

It has to be false since values for some of the other properties have to
be provided before idmapd can perform ds name mapping.

> What is the behaiour if config/ds_name_mapping_enabled is set to true 
> and none of the _attr properties have a value ?

A message will be logged to LOG_WARN and the feature will remain
disabled.

> Isn't the _enabled suffix redundant since this property is of type boolean ?

Hmmm, I don't think so -- users looking at the property name alone
wouldn't know its type.

> Man Page nit, AD is used without reference to that fact that this means 
> "Microsoft Active Directory"

We'll fix that.

Nico
--