2007/663 Winchester directory-based name mapping [FastTrack timeout 11/30/2007]

[Joseph Kowalski]

Gary Winiger wrote:
> I'm sponsoring this fast track for Nico Williams and the Winchester
> project team.  It adds another mapping style to the existing
> Winchester project.  The added interfaces request a Uncommitted
> taxonomy which matches the existing Winchester taxonomy.
> The case requests a Patch release binding (though a backport is not
> currently planned).
>   
Jim and Darren seem to have already expressed concern about "can't we do
better"?  This does seem to follow some other vendor's half-baked 
implementation.
This discussion seems to have been interrupted by the break - I hope the
discussion continues.

>     - Mixed mode
>
>       When mapping a Windows SID to a UID/GID idmapd will use the
>       procedure described above for AD-only mode.
>
>       When mapping a UID/GID to a SID, idmapd will use the procedure
>       described above for Native-LDAP-only mode.
>   
Just for my information, why would somebody used Mixed mode?
> PHASED DELIVERY
> ---------------
> Due to time pressures we request to deliver in up to three phases:
>
>  - AD-only mode (likely to integrate first)
>
>  - Native LDAP-only and Mixed modes (because of required modifications
>    to libsldap)
>
>  - Administrative idmap(1M) sub-commands (likely to integrate last; the
>    Sun internal consumer that requested directory-based mappings needs
>    the feature more than the new idmap(1M) sub-commands)
>   
In the OpenSolaris context, I wouldn't think that the community would be 
very
empathetic to this rationale.  Is this project complete?

Specifically, it seems that any proposed phasing which implements a 
feature without
the fully supported administrative tools just seems wrong.  I don't see 
an issue with
the ordering/separation of the modes, but the tools must be there with 
the first
integration.

- jek3