configuration, ldap and NetInfo
Jean-Francois Micouleau
Jean-Francois.Micouleau at utc.fr
Thu Apr 16 17:04:23 GMT 1998
On Thu, 16 Apr 1998, Robert Frank wrote:
> Now to the changes I have in mind: (Jean-Francois, do pipe in if this is
> totally inadequate for ldap!)
most of your mail is adequate to ldap, I just want to clarify some minors
points :-)
First I'm not an ldap guru, I just have looked at it and started to
support ldap in samba, mainly to do the users and machines authentication.
> First of all, NetInfo, and probalbly any other database interface,
> delivers lists as such (and not as a string of values), thus, I'd like to
> change the syntax of the smb.conf file (very slightly):
[snip]
> Why all of this? I want to parse value lists at launch time, not each time
> the list is used, because NetInfo will provide such a list by default.
> Currently, I have to reconstruct the list for samba when retrieving values
> from NetInfo. I guess ldap has similar facilities.
yes, ldap does the same.
a little example (I like example, usually it makes things clearer :-)
if in smb.conf you have:
password server = server1 server2
ldap would return server1 and server2 in value[0] and value[1]
respectively with value being defined as char **value
> A list in a conf file would simply be a sequence of whitespace separated
> strings as defined above. Currently, list values are sperated by all kinds
> of different characters - this should be cleaned up.
>
> The database interface is a bit more trickey:
> we basically have two options here:
> - either we do a one-time lookup as if it were a flat file
> - or we check the database for the value when it is used.
>
> The first has the same defeciancy as the conf file: changes aren't
> reflected (until the database is reread), but it is quite easy to
> implement and requires little changes to the code.
yes, easy and don't slow the process
> The latter always uses uptodate values, but requires several changes to
> the code.
It would slow down the process I think, at least with ldap and the
database being on another machine. (don't know about netinfo)
> The service and global structures:
>
> Add a pointer 'dynamic' to the service structure (and also to the global
> structure) which will hold specific data for accessing the database (added
> via ifdefs). If this pointer is NULL, the parameter is retrieved from the
> structure as is done now. If this isn't NULL, then the appropriate lookup
> is done and the value is returned from the database, or, if no such value
> exists, or the database hasn't changed, from the structure.
>
>
> The functions for retrieving a parameter:
>
> Add database access support. For this, it will be neccessary to add the
> parameter name to the defines (if no database is involved, this will be
> ignored), as the database lookups will use this to fetch the value (at
> least NetInfo will).
>
>
>
> The samba password methods would also need changes in order to use the
> databases. I'd like to have a scheme similar to SOLARIS nsswitch, which
I like that ! Currently I hacked up samba that if it doesn't find the user
in the ldap base it falls back to standard method (etc/passwd and
smbpasswd)
> allows specifying an order of lookups. Of course, real databases such as
> NetInfo (ldap?) would retrieve even this from the database, not from a
> file.
isn't it a chicken and eggs problem ? :-)
If the members of this list are interrested, I can send a mail to explain
why ldap can be a good thing (tm) for samba.
Jean Francois
-----------------------------------------------------------
: Jean Francois Micouleau : Email: jfm at utc.fr :
: Universite de : Tel : 03 44 23 47 78 :
: Technologie de : Service Informatique :
: Compiegne France : Division IRNM :
-----------------------------------------------------------
More information about the samba-technical
mailing list