Gratuitous advice: files vs. DBs & referential integrity

Nicolas Williams Nicolas.Williams at wdr.com
Fri Jan 28 21:27:51 GMT 2000


(was Re: [samba-tng] spoolss conversion and others)

I'm a regular Unix sysadmin. Most of my command lines are really KSH
inline scripts. I avoid GUIs (except two). I run screen in two xterms.

Now for the advice:

 - passwd/group/netgroup/auto.home/aliases/etc... are like a low-tech
   relational database. You have to update all of them when making
   certain changes (such as changing a user's username, or closing an
   account, and many more such changes).

 - relational flat-file databases do NOT scale, both in terms of
   performance AND, most importantly, in terms of cost of
   administration. If your organization is large enough mistakes are
   likely to create as much or more work as service requests.

So, what I suggest be done:

 - have a database that implements network semantics or, better yet, and
   object-oriented database.

 - have a name service (NIS, LDAP, DNS, tdb, who cares) that is not
   flat-file based.

 - have a database->name service(s) system

 - if you must, have a flat-file->name service data system so you can
   make urgent changes by hand if your database->name service latency is
   too high. Possibly have the database->name service system really be
   more like database->flat files->name services.

 - structure it all so that a simple change, such as closing an account
   or changing a username propagate to all the relevant flat files and
   name services as appropriate.

This idea is not far-fetched. Where I work we have implemented a system
as above and it has saved us a lot of work. The product we use is no
longer available commercially, but there are other alternatives,
including Ganymede (open source).

So, Luke, to you I suggest that you use TDB for the Samba SAM DB and
that you (or someone else) write a TDB dump/load tool so that others
(those who complain!) can write their own flat-file->Samba SAM TDB
maintenance system, ala NIS.

The two GUIs I use? Web browsers and the GUI for the OO DB we use for
administration of our name spaces.

Discuss.

:) :)

Nico
-DISCLAIMER: an automatically appended disclaimer may follow. By posting-
-to a public e-mail mailing list I hereby grant permission to distribute-
-and copy this message.-

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.



More information about the samba-ntdom mailing list