prevent winbind from expanding groups

[noelmcloughlin]

Try to speedup AD group lookup by default. Resolve #40

• Add winbind expand groups: 0
• Update idmap for AD (see https://wiki.samba.org/index.php/Idmap_config_ad)

The ad ID mapping back end implements a read-only API to read account and group information from Active Directory (AD)

[noelmcloughlin]

No reviews occurred in good time - meets selfie-merge criteria .

[qno]

@noelmcloughlin

I run into problem with this change (on Ubuntu 16.04 - salt 2018.3.2 (Oxygen))
For me it works if I change this into idmap config *:schema_mode: rfc2307

Error message is:

╭─silvio@nuc /srv/salt  ‹master›
╰─$ sudo salt 'nuc' state.highstate
nuc:
    Data failed to compile:
----------
    Rendering SLS 'base:samba.config' failed: Jinja syntax error: Encountered error loading yaml: could not found expected ':'
---
[...]
        encrypt passwords: yes
        # idmap config for this domain
        idmap config *:range: 16777216-33554431
        #idmap config *:backend = ad
        idmap config *:schema_mode = rfc2307
        kerberos method: secrets and keytab    <======================
        template shell: /bin/bash
        template homedir: /home/%U
        os level: 2
        winbind enum users: yes
        winbind enum groups: yes
[...]
---
/var/cache/salt/minion/files/base/samba/map.jinja(87):
---
[...]
     },
   }, grain='os')
)%}

{# start with defaults, merge osmappings, and finally pillars #}
{% import_yaml "samba/defaults.yaml" as defaults %}    <======================
{% do defaults.samba.update( samba_osmap ) %}
{% do defaults.samba.winbind.update( winbind_osmap ) %}
{% set samba = salt['pillar.get']( 'samba', default=defaults.samba, merge=True) %}

---
ERROR: Minions returned with non-zero exit code

[noelmcloughlin]

@qno This maybe yaml rendering error as syntax appears correct.

Could you try instead 'idmap config *:schema_mode = rfc2307' to see if yaml is problem?

[noelmcloughlin]

Moved to here: #44