2 * idmap_ad: map between Active Directory and RFC 2307 accounts
4 * Copyright (C) Volker Lendecke 2015
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 #include "tldap_gensec_bind.h"
24 #include "tldap_util.h"
26 #include "lib/param/param.h"
27 #include "utils/net.h"
28 #include "auth/gensec/gensec.h"
29 #include "librpc/gen_ndr/ndr_netlogon.h"
30 #include "libads/ldap_schema_oids.h"
31 #include "../libds/common/flags.h"
32 #include "libcli/ldap/ldap_ndr.h"
33 #include "libcli/security/dom_sid.h"
35 struct idmap_ad_schema_names;
37 struct idmap_ad_context {
38 struct idmap_domain *dom;
39 struct tldap_context *ld;
40 struct idmap_ad_schema_names *schema;
41 const char *default_nc;
43 bool unix_primary_group;
47 static NTSTATUS idmap_ad_get_context(struct idmap_domain *dom,
48 struct idmap_ad_context **pctx);
50 static char *get_schema_path(TALLOC_CTX *mem_ctx, struct tldap_context *ld)
52 struct tldap_message *rootdse;
54 rootdse = tldap_rootdse(ld);
55 if (rootdse == NULL) {
59 return tldap_talloc_single_attribute(rootdse, "schemaNamingContext",
63 static char *get_default_nc(TALLOC_CTX *mem_ctx, struct tldap_context *ld)
65 struct tldap_message *rootdse;
67 rootdse = tldap_rootdse(ld);
68 if (rootdse == NULL) {
72 return tldap_talloc_single_attribute(rootdse, "defaultNamingContext",
76 struct idmap_ad_schema_names {
85 static TLDAPRC get_attrnames_by_oids(struct tldap_context *ld,
87 const char *schema_path,
93 const char *attrs[] = { "lDAPDisplayName", "attributeId" };
96 struct tldap_message **msgs;
99 filter = talloc_strdup(mem_ctx, "(|");
100 if (filter == NULL) {
101 return TLDAP_NO_MEMORY;
104 for (i=0; i<num_oids; i++) {
105 filter = talloc_asprintf_append_buffer(
106 filter, "(attributeId=%s)", oids[i]);
107 if (filter == NULL) {
108 return TLDAP_NO_MEMORY;
112 filter = talloc_asprintf_append_buffer(filter, ")");
113 if (filter == NULL) {
114 return TLDAP_NO_MEMORY;
117 rc = tldap_search(ld, schema_path, TLDAP_SCOPE_SUB, filter,
118 attrs, ARRAY_SIZE(attrs), 0, NULL, 0, NULL, 0,
119 0, 0, 0, mem_ctx, &msgs);;
121 if (!TLDAP_RC_IS_SUCCESS(rc)) {
125 for (i=0; i<num_oids; i++) {
129 num_msgs = talloc_array_length(msgs);
131 for (i=0; i<num_msgs; i++) {
132 struct tldap_message *msg = msgs[i];
136 if (tldap_msg_type(msg) != TLDAP_RES_SEARCH_ENTRY) {
137 /* Could be a TLDAP_RES_SEARCH_REFERENCE */
141 oid = tldap_talloc_single_attribute(
142 msg, "attributeId", msg);
147 for (j=0; j<num_oids; j++) {
148 if (strequal(oid, oids[j])) {
159 names[j] = tldap_talloc_single_attribute(
160 msg, "lDAPDisplayName", mem_ctx);
165 return TLDAP_SUCCESS;
168 static TLDAPRC get_posix_schema_names(struct tldap_context *ld,
169 const char *schema_mode,
171 struct idmap_ad_schema_names **pschema)
174 struct idmap_ad_schema_names *schema;
176 const char *oids_sfu[] = {
177 ADS_ATTR_SFU_UIDNUMBER_OID,
178 ADS_ATTR_SFU_GIDNUMBER_OID,
179 ADS_ATTR_SFU_HOMEDIR_OID,
180 ADS_ATTR_SFU_SHELL_OID,
181 ADS_ATTR_SFU_GECOS_OID,
184 const char *oids_sfu20[] = {
185 ADS_ATTR_SFU20_UIDNUMBER_OID,
186 ADS_ATTR_SFU20_GIDNUMBER_OID,
187 ADS_ATTR_SFU20_HOMEDIR_OID,
188 ADS_ATTR_SFU20_SHELL_OID,
189 ADS_ATTR_SFU20_GECOS_OID,
190 ADS_ATTR_SFU20_UID_OID
192 const char *oids_rfc2307[] = {
193 ADS_ATTR_RFC2307_UIDNUMBER_OID,
194 ADS_ATTR_RFC2307_GIDNUMBER_OID,
195 ADS_ATTR_RFC2307_HOMEDIR_OID,
196 ADS_ATTR_RFC2307_SHELL_OID,
197 ADS_ATTR_RFC2307_GECOS_OID,
198 ADS_ATTR_RFC2307_UID_OID
204 schema = talloc(mem_ctx, struct idmap_ad_schema_names);
205 if (schema == NULL) {
206 return TLDAP_NO_MEMORY;
209 schema_path = get_schema_path(schema, ld);
210 if (schema_path == NULL) {
212 return TLDAP_NO_MEMORY;
217 if ((schema_mode != NULL) && (schema_mode[0] != '\0')) {
218 if (strequal(schema_mode, "sfu")) {
220 } else if (strequal(schema_mode, "sfu20")) {
222 } else if (strequal(schema_mode, "rfc2307" )) {
225 DBG_WARNING("Unknown schema mode %s\n", schema_mode);
229 rc = get_attrnames_by_oids(ld, schema, schema_path, 6, oids, names);
230 TALLOC_FREE(schema_path);
231 if (!TLDAP_RC_IS_SUCCESS(rc)) {
236 schema->uid = names[0];
237 schema->gid = names[1];
238 schema->dir = names[2];
239 schema->shell = names[3];
240 schema->gecos = names[4];
241 schema->name = names[5];
245 return TLDAP_SUCCESS;
248 static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
250 struct tldap_context **pld)
252 struct netr_DsRGetDCNameInfo *dcinfo;
253 struct sockaddr_storage dcaddr;
254 struct cli_credentials *creds;
255 struct loadparm_context *lp_ctx;
256 struct tldap_context *ld;
262 status = wb_dsgetdcname_gencache_get(mem_ctx, domname, &dcinfo);
263 if (!NT_STATUS_IS_OK(status)) {
264 DBG_DEBUG("Could not get dcinfo for %s: %s\n", domname,
269 if (dcinfo->dc_unc == NULL) {
271 return NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
273 if (dcinfo->dc_unc[0] == '\\') {
276 if (dcinfo->dc_unc[0] == '\\') {
280 ok = resolve_name(dcinfo->dc_unc, &dcaddr, 0x20, true);
282 DBG_DEBUG("Could not resolve name %s\n", dcinfo->dc_unc);
284 return NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
287 status = open_socket_out(&dcaddr, 389, 10000, &fd);
288 if (!NT_STATUS_IS_OK(status)) {
289 DBG_DEBUG("open_socket_out failed: %s\n", nt_errstr(status));
294 ld = tldap_context_create(dcinfo, fd);
296 DBG_DEBUG("tldap_context_create failed\n");
299 return NT_STATUS_NO_MEMORY;
303 * Here we use or own machine account as
304 * we run as domain member.
306 status = pdb_get_trust_credentials(lp_workgroup(),
310 if (!NT_STATUS_IS_OK(status)) {
311 DBG_DEBUG("pdb_get_trust_credentials() failed - %s\n",
317 lp_ctx = loadparm_init_s3(dcinfo, loadparm_s3_helpers());
318 if (lp_ctx == NULL) {
319 DBG_DEBUG("loadparm_init_s3 failed\n");
321 return NT_STATUS_NO_MEMORY;
324 rc = tldap_gensec_bind(ld, creds, "ldap", dcinfo->dc_unc, NULL, lp_ctx,
325 GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
326 if (!TLDAP_RC_IS_SUCCESS(rc)) {
327 DBG_DEBUG("tldap_gensec_bind failed: %s\n",
328 tldap_errstr(dcinfo, ld, rc));
330 return NT_STATUS_LDAP(TLDAP_RC_V(rc));
333 rc = tldap_fetch_rootdse(ld);
334 if (!TLDAP_RC_IS_SUCCESS(rc)) {
335 DBG_DEBUG("tldap_fetch_rootdse failed: %s\n",
336 tldap_errstr(dcinfo, ld, rc));
338 return NT_STATUS_LDAP(TLDAP_RC_V(rc));
341 *pld = talloc_move(mem_ctx, &ld);
346 static int idmap_ad_context_destructor(struct idmap_ad_context *ctx)
348 if ((ctx->dom != NULL) && (ctx->dom->private_data == ctx)) {
349 ctx->dom->private_data = NULL;
354 static NTSTATUS idmap_ad_context_create(TALLOC_CTX *mem_ctx,
355 struct idmap_domain *dom,
357 struct idmap_ad_context **pctx)
359 struct idmap_ad_context *ctx;
360 char *schema_config_option;
361 const char *schema_mode;
365 ctx = talloc(mem_ctx, struct idmap_ad_context);
367 return NT_STATUS_NO_MEMORY;
371 talloc_set_destructor(ctx, idmap_ad_context_destructor);
373 status = idmap_ad_get_tldap_ctx(ctx, domname, &ctx->ld);
374 if (!NT_STATUS_IS_OK(status)) {
375 DBG_DEBUG("idmap_ad_get_tldap_ctx failed: %s\n",
381 ctx->default_nc = get_default_nc(ctx, ctx->ld);
382 if (ctx->default_nc == NULL) {
383 DBG_DEBUG("No default nc\n");
388 schema_config_option = talloc_asprintf(
389 ctx, "idmap config %s", domname);
390 if (schema_config_option == NULL) {
392 return NT_STATUS_NO_MEMORY;
395 ctx->unix_primary_group = lp_parm_bool(
396 -1, schema_config_option, "unix_primary_group", false);
397 ctx->unix_nss_info = lp_parm_bool(
398 -1, schema_config_option, "unix_nss_info", false);
400 TALLOC_FREE(schema_config_option);
402 schema_mode = idmap_config_const_string(
403 domname, "schema_mode", "rfc2307");
405 rc = get_posix_schema_names(ctx->ld, schema_mode, ctx, &ctx->schema);
406 if (!TLDAP_RC_IS_SUCCESS(rc)) {
407 DBG_DEBUG("get_posix_schema_names failed: %s\n",
408 tldap_errstr(ctx, ctx->ld, rc));
410 return NT_STATUS_LDAP(TLDAP_RC_V(rc));
417 static NTSTATUS idmap_ad_query_user(struct idmap_domain *domain,
418 struct wbint_userinfo *info)
420 struct idmap_ad_context *ctx;
423 char *sidstr, *filter;
424 const char *attrs[4];
426 struct tldap_message **msgs;
428 status = idmap_ad_get_context(domain, &ctx);
429 if (!NT_STATUS_IS_OK(status)) {
433 if (!(ctx->unix_primary_group || ctx->unix_nss_info)) {
437 attrs[0] = ctx->schema->gid;
438 attrs[1] = ctx->schema->gecos;
439 attrs[2] = ctx->schema->dir;
440 attrs[3] = ctx->schema->shell;
442 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), &info->user_sid);
443 if (sidstr == NULL) {
444 return NT_STATUS_NO_MEMORY;
447 filter = talloc_asprintf(talloc_tos(), "(objectsid=%s)", sidstr);
449 if (filter == NULL) {
450 return NT_STATUS_NO_MEMORY;
453 DBG_DEBUG("Filter: [%s]\n", filter);
455 rc = tldap_search(ctx->ld, ctx->default_nc, TLDAP_SCOPE_SUB, filter,
456 attrs, ARRAY_SIZE(attrs), 0, NULL, 0, NULL, 0,
457 0, 0, 0, talloc_tos(), &msgs);
458 if (!TLDAP_RC_IS_SUCCESS(rc)) {
459 return NT_STATUS_LDAP(TLDAP_RC_V(rc));
464 num_msgs = talloc_array_length(msgs);
466 for (i=0; i<num_msgs; i++) {
467 struct tldap_message *msg = msgs[i];
469 if (tldap_msg_type(msg) != TLDAP_RES_SEARCH_ENTRY) {
473 if (ctx->unix_primary_group) {
477 ok = tldap_pull_uint32(msg, ctx->schema->gid, &gid);
479 DBG_DEBUG("Setting primary group "
480 "to %"PRIu32" from attr %s\n",
481 gid, ctx->schema->gid);
482 info->primary_gid = gid;
486 if (ctx->unix_nss_info) {
489 attr = tldap_talloc_single_attribute(
490 msg, ctx->schema->dir, talloc_tos());
492 info->homedir = talloc_move(info, &attr);
496 attr = tldap_talloc_single_attribute(
497 msg, ctx->schema->shell, talloc_tos());
499 info->shell = talloc_move(info, &attr);
503 attr = tldap_talloc_single_attribute(
504 msg, ctx->schema->gecos, talloc_tos());
506 info->full_name = talloc_move(info, &attr);
515 static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom)
517 dom->query_user = idmap_ad_query_user;
518 dom->private_data = NULL;
522 static NTSTATUS idmap_ad_get_context(struct idmap_domain *dom,
523 struct idmap_ad_context **pctx)
525 struct idmap_ad_context *ctx = NULL;
528 if (dom->private_data != NULL) {
529 *pctx = talloc_get_type_abort(dom->private_data,
530 struct idmap_ad_context);
534 status = idmap_ad_context_create(dom, dom, dom->name, &ctx);
535 if (!NT_STATUS_IS_OK(status)) {
536 DBG_DEBUG("idmap_ad_context_create failed: %s\n",
541 dom->private_data = ctx;
546 static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom,
549 struct idmap_ad_context *ctx;
552 struct tldap_message **msgs;
555 char *u_filter, *g_filter, *filter;
557 const char *attrs[] = {
560 NULL, /* attr_uidnumber */
561 NULL, /* attr_gidnumber */
564 status = idmap_ad_get_context(dom, &ctx);
565 if (!NT_STATUS_IS_OK(status)) {
569 attrs[2] = ctx->schema->uid;
570 attrs[3] = ctx->schema->gid;
572 u_filter = talloc_strdup(talloc_tos(), "");
573 if (u_filter == NULL) {
574 return NT_STATUS_NO_MEMORY;
577 g_filter = talloc_strdup(talloc_tos(), "");
578 if (g_filter == NULL) {
579 return NT_STATUS_NO_MEMORY;
582 for (i=0; ids[i] != NULL; i++) {
583 struct id_map *id = ids[i];
585 id->status = ID_UNKNOWN;
587 switch (id->xid.type) {
589 u_filter = talloc_asprintf_append_buffer(
590 u_filter, "(%s=%ju)", ctx->schema->uid,
591 (uintmax_t)id->xid.id);
592 if (u_filter == NULL) {
593 return NT_STATUS_NO_MEMORY;
599 g_filter = talloc_asprintf_append_buffer(
600 g_filter, "(%s=%ju)", ctx->schema->gid,
601 (uintmax_t)id->xid.id);
602 if (g_filter == NULL) {
603 return NT_STATUS_NO_MEMORY;
609 DBG_WARNING("Unknown id type: %u\n",
610 (unsigned)id->xid.type);
615 filter = talloc_strdup(talloc_tos(), "(|");
616 if (filter == NULL) {
617 return NT_STATUS_NO_MEMORY;
620 if (*u_filter != '\0') {
621 filter = talloc_asprintf_append_buffer(
623 "(&(|(sAMAccountType=%d)(sAMAccountType=%d)"
624 "(sAMAccountType=%d))(|%s))",
625 ATYPE_NORMAL_ACCOUNT, ATYPE_WORKSTATION_TRUST,
626 ATYPE_INTERDOMAIN_TRUST, u_filter);
627 if (filter == NULL) {
628 return NT_STATUS_NO_MEMORY;
631 TALLOC_FREE(u_filter);
633 if (*g_filter != '\0') {
634 filter = talloc_asprintf_append_buffer(
636 "(&(|(sAMAccountType=%d)(sAMAccountType=%d))(|%s))",
637 ATYPE_SECURITY_GLOBAL_GROUP,
638 ATYPE_SECURITY_LOCAL_GROUP,
640 if (filter == NULL) {
641 return NT_STATUS_NO_MEMORY;
644 TALLOC_FREE(g_filter);
646 filter = talloc_asprintf_append_buffer(filter, ")");
647 if (filter == NULL) {
648 return NT_STATUS_NO_MEMORY;
651 DBG_DEBUG("Filter: [%s]\n", filter);
653 rc = tldap_search(ctx->ld, ctx->default_nc, TLDAP_SCOPE_SUB, filter,
654 attrs, ARRAY_SIZE(attrs), 0, NULL, 0, NULL, 0,
655 0, 0, 0, talloc_tos(), &msgs);
656 if (!TLDAP_RC_IS_SUCCESS(rc)) {
657 return NT_STATUS_LDAP(TLDAP_RC_V(rc));
662 num_msgs = talloc_array_length(msgs);
664 for (i=0; i<num_msgs; i++) {
665 struct tldap_message *msg = msgs[i];
674 if (tldap_msg_type(msg) != TLDAP_RES_SEARCH_ENTRY) {
678 ok = tldap_entry_dn(msg, &dn);
680 DBG_DEBUG("No dn found in msg %zu\n", i);
684 ok = tldap_pull_uint32(msg, "sAMAccountType", &atype);
686 DBG_DEBUG("No atype in object %s\n", dn);
690 switch (atype & 0xF0000000) {
691 case ATYPE_SECURITY_GLOBAL_GROUP:
692 case ATYPE_SECURITY_LOCAL_GROUP:
695 case ATYPE_NORMAL_ACCOUNT:
696 case ATYPE_WORKSTATION_TRUST:
697 case ATYPE_INTERDOMAIN_TRUST:
701 DBG_WARNING("unrecognized SAM account type %08x\n",
706 ok = tldap_pull_uint32(msg, (type == ID_TYPE_UID) ?
707 ctx->schema->uid : ctx->schema->gid,
710 DBG_WARNING("No unix id in object %s\n", dn);
714 ok = tldap_pull_binsid(msg, "objectSid", &sid);
716 DBG_DEBUG("No objectSid in object %s\n", dn);
721 for (j=0; ids[j]; j++) {
722 if ((type == ids[j]->xid.type) &&
723 (xid == ids[j]->xid.id)) {
729 DBG_DEBUG("Got unexpected sid %s from object %s\n",
730 sid_string_tos(&sid), dn);
734 sid_copy(map->sid, &sid);
735 map->status = ID_MAPPED;
737 DBG_DEBUG("Mapped %s -> %ju (%d)\n", sid_string_dbg(map->sid),
738 (uintmax_t)map->xid.id, map->xid.type);
746 static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom,
749 struct idmap_ad_context *ctx;
752 struct tldap_message **msgs;
757 const char *attrs[] = {
760 NULL, /* attr_uidnumber */
761 NULL, /* attr_gidnumber */
764 status = idmap_ad_get_context(dom, &ctx);
765 if (!NT_STATUS_IS_OK(status)) {
769 attrs[2] = ctx->schema->uid;
770 attrs[3] = ctx->schema->gid;
772 filter = talloc_asprintf(
774 "(&(|(sAMAccountType=%d)(sAMAccountType=%d)(sAMAccountType=%d)"
775 "(sAMAccountType=%d)(sAMAccountType=%d))(|",
776 ATYPE_NORMAL_ACCOUNT, ATYPE_WORKSTATION_TRUST,
777 ATYPE_INTERDOMAIN_TRUST, ATYPE_SECURITY_GLOBAL_GROUP,
778 ATYPE_SECURITY_LOCAL_GROUP);
779 if (filter == NULL) {
780 return NT_STATUS_NO_MEMORY;
783 for (i=0; ids[i]; i++) {
786 ids[i]->status = ID_UNKNOWN;
788 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), ids[i]->sid);
789 if (sidstr == NULL) {
790 return NT_STATUS_NO_MEMORY;
793 filter = talloc_asprintf_append_buffer(
794 filter, "(objectSid=%s)", sidstr);
796 if (filter == NULL) {
797 return NT_STATUS_NO_MEMORY;
801 filter = talloc_asprintf_append_buffer(filter, "))");
802 if (filter == NULL) {
803 return NT_STATUS_NO_MEMORY;
806 DBG_DEBUG("Filter: [%s]\n", filter);
808 rc = tldap_search(ctx->ld, ctx->default_nc, TLDAP_SCOPE_SUB, filter,
809 attrs, ARRAY_SIZE(attrs), 0, NULL, 0, NULL, 0,
810 0, 0, 0, talloc_tos(), &msgs);
811 if (!TLDAP_RC_IS_SUCCESS(rc)) {
812 return NT_STATUS_LDAP(TLDAP_RC_V(rc));
817 num_msgs = talloc_array_length(msgs);
819 for (i=0; i<num_msgs; i++) {
820 struct tldap_message *msg = msgs[i];
826 uint64_t account_type, xid;
829 if (tldap_msg_type(msg) != TLDAP_RES_SEARCH_ENTRY) {
833 ok = tldap_entry_dn(msg, &dn);
835 DBG_DEBUG("No dn found in msg %zu\n", i);
839 ok = tldap_pull_binsid(msg, "objectSid", &sid);
841 DBG_DEBUG("No objectSid in object %s\n", dn);
846 for (j=0; ids[j]; j++) {
847 if (dom_sid_equal(&sid, ids[j]->sid)) {
853 DBG_DEBUG("Got unexpected sid %s from object %s\n",
854 sid_string_tos(&sid), dn);
858 ok = tldap_pull_uint64(msg, "sAMAccountType", &account_type);
860 DBG_DEBUG("No sAMAccountType in %s\n", dn);
864 switch (account_type & 0xF0000000) {
865 case ATYPE_SECURITY_GLOBAL_GROUP:
866 case ATYPE_SECURITY_LOCAL_GROUP:
869 case ATYPE_NORMAL_ACCOUNT:
870 case ATYPE_WORKSTATION_TRUST:
871 case ATYPE_INTERDOMAIN_TRUST:
875 DBG_WARNING("unrecognized SAM account type %"PRIu64"\n",
880 ok = tldap_pull_uint64(msg,
881 type == ID_TYPE_UID ?
882 ctx->schema->uid : ctx->schema->gid,
885 DBG_DEBUG("No xid in %s\n", dn);
890 map->xid.type = type;
892 map->status = ID_MAPPED;
894 DEBUG(10, ("Mapped %s -> %lu (%d)\n", sid_string_dbg(map->sid),
895 (unsigned long)map->xid.id, map->xid.type));
903 static NTSTATUS idmap_ad_unixids_to_sids_retry(struct idmap_domain *dom,
906 const NTSTATUS status_server_down =
907 NT_STATUS_LDAP(TLDAP_RC_V(TLDAP_SERVER_DOWN));
910 status = idmap_ad_unixids_to_sids(dom, ids);
912 if (NT_STATUS_EQUAL(status, status_server_down)) {
913 TALLOC_FREE(dom->private_data);
914 status = idmap_ad_unixids_to_sids(dom, ids);
920 static NTSTATUS idmap_ad_sids_to_unixids_retry(struct idmap_domain *dom,
923 const NTSTATUS status_server_down =
924 NT_STATUS_LDAP(TLDAP_RC_V(TLDAP_SERVER_DOWN));
927 status = idmap_ad_sids_to_unixids(dom, ids);
929 if (NT_STATUS_EQUAL(status, status_server_down)) {
930 TALLOC_FREE(dom->private_data);
931 status = idmap_ad_sids_to_unixids(dom, ids);
937 static struct idmap_methods ad_methods = {
938 .init = idmap_ad_initialize,
939 .unixids_to_sids = idmap_ad_unixids_to_sids_retry,
940 .sids_to_unixids = idmap_ad_sids_to_unixids_retry,
944 NTSTATUS idmap_ad_init(void)
948 status = smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION,
950 if (!NT_STATUS_IS_OK(status)) {
954 status = idmap_ad_nss_init();
955 if (!NT_STATUS_IS_OK(status)) {