configuration, ldap and NetInfo

Jean-Francois Micouleau Jean-Francois.Micouleau at utc.fr
Thu Apr 16 17:04:23 GMT 1998 

On Thu, 16 Apr 1998, Robert Frank wrote:

> Now to the changes I have in mind: (Jean-Francois, do pipe in if this is
> totally inadequate for ldap!)

most of your mail is adequate to ldap, I just want to clarify some minors
points :-)

First I'm not an ldap guru, I just have looked at it and started to
support ldap in samba, mainly to do the users and machines authentication.


> First of all, NetInfo, and probalbly any other database interface,
> delivers lists as such (and not as a string of values), thus, I'd like to
> change the syntax of the smb.conf file (very slightly):

[snip]

> Why all of this? I want to parse value lists at launch time, not each time
> the list is used, because NetInfo will provide such a list by default.
> Currently, I have to reconstruct the list for samba when retrieving values
> from NetInfo. I guess ldap has similar facilities.

yes, ldap does the same.

a little example (I like example, usually it makes things clearer :-)
if in smb.conf you have:

	password server = server1 server2

ldap would return server1 and server2 in value[0] and value[1]
respectively with value being defined as char **value

> A list in a conf file would simply be a sequence of whitespace separated
> strings as defined above. Currently, list values are sperated by all kinds
> of different characters - this should be cleaned up.
> 
> The database interface is a bit more trickey:
>   we basically have two options here:
>     - either we do a one-time lookup as if it were a flat file
>     - or we check the database for the value when it is used.
> 
> The first has the same defeciancy as the conf file: changes aren't
> reflected (until the database is reread), but it is quite easy to
> implement and requires little changes to the code.

yes, easy and don't slow the process

> The latter always uses uptodate values, but requires several changes to
> the code. 

It would slow down the process I think, at least with ldap and the
database being on another machine. (don't know about netinfo)

> The service and global structures:
> 
> Add a pointer 'dynamic' to the service structure (and also to the global
> structure) which will hold specific data for accessing the database (added
> via ifdefs). If this pointer is NULL, the parameter is retrieved from the
> structure as is done now. If this isn't NULL, then the appropriate lookup
> is done and the value is returned from the database, or, if no such value
> exists, or the database hasn't changed, from the structure.
> 
> 
> The functions for retrieving a parameter:
> 
> Add database access support. For this, it will be neccessary to add the
> parameter name to the defines (if no database is involved, this will be
> ignored), as the database lookups will use this to fetch the value (at
> least NetInfo will).
> 
> 
> 
> The samba password methods would also need changes in order to use the
> databases.  I'd like to have a scheme similar to SOLARIS nsswitch, which

I like that ! Currently I hacked up samba that if it doesn't find the user
in the ldap base it falls back to standard method (etc/passwd and
smbpasswd)

> allows specifying an order of lookups. Of course, real databases such as
> NetInfo (ldap?) would retrieve even this from the database, not from a
> file.

isn't it a chicken and eggs problem ? :-)

If the members of this list are interrested, I can send a mail to explain
why ldap can be a good thing (tm) for samba. 

		Jean Francois

-----------------------------------------------------------
: Jean Francois Micouleau       : Email: jfm at utc.fr       :
: Universite de                 : Tel  : 03 44 23 47 78   :
: Technologie de                :  Service Informatique   :
: Compiegne              France :     Division IRNM       :
-----------------------------------------------------------

More information about the samba-technical mailing list