Major new ubiqx release

Jean-Francois Micouleau Jean-Francois.Micouleau at utc.fr
Tue Apr 21 22:23:10 GMT 1998


On Wed, 22 Apr 1998, Christopher R. Hertel wrote:

> Jeremy wrote:
> >
> > Well, I've recently implemented a UNIX style of password
> > interface (getsmbpwnam() etc.) through which all access
> > to the underlying password database is now funnelled in
> > the main branch code.
> 
> This is the way to go!

Yep, 
While I think of it, we also need a function returning a chained-list of
all the users (for the NT user manager program).

> > So long as we stick with these interafaces, we can
> > build whatever we want as the backend - and even have 
> > them plugged in. I would say not to commit to an
> > LDAP storage yet, until we know what the best
> > method will be (we don't even have a gdbm backend
> > yet - let's walk before we run :-).
> 
> Not just plugged in, but swappable, or even chainable.  Underlying your
> API there could be a variety of storage & retrieval mechanisms.  LDAP
> could be one, the normal flat file could be the default, there may be 
> others that communicate with something like Active Directory (just 
> brainstorming, but hey!)

Like robert Frank proposed something like the nsswitch.conf ???

while we brainstrom, why not an SQL backend ?

> > The main thing we have to decide is what schema gets
> > mapped into the 'struct smb_passwd' that is returned
> > by these functions. It needs to be a superset of all
> > the desired schema - with reasonable defaults returned
> > for systems that do not store all the data (the current
> > smbpasswd file for instance).
> 
> We also need to define the minimum set.  What *must* the underlying schema
> or schemes be able to handle.

That's the big dilema I currently have :) An as much as complete schema
with a minimal requirement plugable in an existing schema for people
already having one...

> I think we're on the right track here.

yep, but does samba really need to communicate with some specific backend ? 

How many sites will use this kind of feature ? Does in the past people
have asked for such features ?

>   * Samba could have it's own *authoritative* list, and also (optionally!)
>     copy changes out to other databases (inc., LDAP, the WINS.DAT file,
>     whatever).  Changes made directly to these outside databases would
>     *not* be sent back to Samba.
> 
> --or--
> 
>   * Do we want to allow changes to the outside database back in to Samba?

If I understood what luke told me, he wants such a feature.

> For WINS, I'm not sure (except that we already allow the WINS.DAT to be
> modified while Samba is down--and then it's loaded back in).  The
> configuration information is a different story.  In that case, the goal is
> to provide for input more than for output.
> 
> What about passwords?
> 
> I think we may need to identify all of the data to which we would like to
> provide external access.  So far I have the password database, the 
> configuration database, and the WINS database.  What else?

the groups, the user mapping, the printers definition file, 

I certainly forgot other important ones.

	Jean Francois

-----------------------------------------------------------
: Jean Francois Micouleau       : Email: jfm at utc.fr       :
: Universite de                 : Tel  : 03 44 23 47 78   :
: Technologie de                :  Service Informatique   :
: Compiegne              France :     Division IRNM       :
-----------------------------------------------------------



More information about the samba-technical mailing list