s3:idmap_tdb2: honour the "idmap read only" flag in the tdb2 module.

Note that this will not prevent the idmap script from writing its
mappings to the database, but no new unix ids will be allocated via
the allocator and hence no new mappings will be autogenerated.

diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c
index 0c9488ae0375f86c41876c7c9c59e78573e88a9f..e6416f1eeef96f9cbf3dec64be88a5720136e063 100644 (file)
--- a/source3/winbindd/idmap_tdb2.c
+++ b/source3/winbindd/idmap_tdb2.c
@@ -852,7 +852,7 @@ static NTSTATUS idmap_tdb2_sids_to_unixids(struct idmap_domain *dom, struct id_m
 
        ret = idmap_tdb2_sids_to_unixids_action(idmap_tdb2, &state);
 
-       if (NT_STATUS_EQUAL(ret, STATUS_SOME_UNMAPPED)) {
+       if (NT_STATUS_EQUAL(ret, STATUS_SOME_UNMAPPED) && !dom->read_only) {
                state.allocate_unmapped = true;
                ret = dbwrap_trans_do(idmap_tdb2,
                                      idmap_tdb2_sids_to_unixids_action,