From: Volker Lendecke <vl@samba.org>
Date: Thu, 31 Mar 2016 15:10:39 +0000 (+0200)
Subject: docs: Mention _NO_WINBINDD in idmap_script.8
X-Git-Tag: tdb-1.3.9~58
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=10054c4281d73652b641921b756eaaae14964e6b;p=thirdparty%2Fsamba.git

docs: Mention _NO_WINBINDD in idmap_script.8

Thanks to Joachim Achtzehnter <joachima@netacquire.com> for pointing out this
flaw!

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 31 23:57:13 CEST 2016 on sn-devel-144
---

diff --git a/docs-xml/manpages/idmap_script.8.xml b/docs-xml/manpages/idmap_script.8.xml
index a378e7ba30d..328a16bfd2d 100644
--- a/docs-xml/manpages/idmap_script.8.xml
+++ b/docs-xml/manpages/idmap_script.8.xml
@@ -148,6 +148,24 @@
 	look up the mapping in a table or use some other mechanism for
 	mapping SIDs to UIDs and etc.
 	</para>
+
+	<para>
+	  Please be aware that the script is called with the
+	  _NO_WINBINDD environment variable set to 1. This prevents
+	  recursive calls into winbind from the script both via
+	  explicit calls to wbinfo and via implicit calls via
+	  nss_winbind. For example a call to <command>ls -l</command>
+	  could trigger such an infinite recursion.
+	</para>
+
+	<para>
+	  It is safe to call <command>wbinfo -n</command> and
+	  <command>wbinfo -s</command> from within an idmap script. To
+	  do so, the script must unset the _NO_WINBINDD environment
+	  variable right before the call to <command>wbinfo</command>
+	  and set it to 1 again right after <command>wbinfo</command>
+	  has returned to protect against the recursion.
+	</para>
 </refsect1>
 
 <refsect1>