docs: Mention _NO_WINBINDD in idmap_script.8

Thanks to Joachim Achtzehnter <joachima@netacquire.com> for pointing out this
flaw!

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 31 23:57:13 CEST 2016 on sn-devel-144

diff --git a/docs-xml/manpages/idmap_script.8.xml b/docs-xml/manpages/idmap_script.8.xml
index a378e7ba30dbc56450e956e3844b255699e81919..328a16bfd2dc7283d144ab95c189982cf4290167 100644 (file)
--- a/docs-xml/manpages/idmap_script.8.xml
+++ b/docs-xml/manpages/idmap_script.8.xml
@@ -148,6 +148,24 @@
        look up the mapping in a table or use some other mechanism for
        mapping SIDs to UIDs and etc.
        </para>
+
+       <para>
+         Please be aware that the script is called with the
+         _NO_WINBINDD environment variable set to 1. This prevents
+         recursive calls into winbind from the script both via
+         explicit calls to wbinfo and via implicit calls via
+         nss_winbind. For example a call to <command>ls -l</command>
+         could trigger such an infinite recursion.
+       </para>
+
+       <para>
+         It is safe to call <command>wbinfo -n</command> and
+         <command>wbinfo -s</command> from within an idmap script. To
+         do so, the script must unset the _NO_WINBINDD environment
+         variable right before the call to <command>wbinfo</command>
+         and set it to 1 again right after <command>wbinfo</command>
+         has returned to protect against the recursion.
+       </para>
 </refsect1>
 
 <refsect1>