[samba-tng] status: nt5ldap and samtdb
Cole, Timothy D.
timothy_d_cole at md.northgrum.com
Tue Feb 1 16:54:22 GMT 2000
> -----Original Message-----
> From: Luke Kenneth Casson Leighton [SMTP:lkcl at samba.org]
> Sent: Monday, January 31, 2000 2:46
> To: Multiple recipients of list SAMBA-TECHNICAL
> Subject: [samba-tng] status: nt5ldap and samtdb
>
> decided lst week to abandon the old (1 year old) passwd db api.
>
> luke howard is implementing an nt5ldap password database. i'm
> implementing a samtdb. the idea is to encourage luke to work with the
> SAM-defined api, but he's waiting for me to get into samtdb, first.
>
> i have the following functions up-and-running:
>
> sam functions:
>
> _samr_connect
> _samr_connect_anon
> _samr_close
> _samr_enum_domains
> _samr_lookup_domain
>
> domain functions:
>
> _samr_open_domain
> _samr_enum_dom_users
>
> user functions:
>
> _samr_create_user
>
>
> _samr_create_user is hard-coded, i need to do a RID-cycling function.
> actually, tim, i need that libsurs really badly! we also have a
> chicken-and-egg problem. a lookup to create an NT user requires a unix
> user, first, but no lookup in the surs table is going to help resolve
> users that don't exist in the NT user database if you haven't added them
> yet! agh!
>
> i am somewhat at a loss on this one. i wouldn't mind if it wasn't for
> having to deal with both mathematical _and_ database-based surs table
> implementations.
>
> if you think it through, there's an atomic-operation problem (i.e any
> possible algorithms aren't atomic in updating both the surs and the SAM
> database). oops. not going to think about it now.
>
> ok, i thought about it. i think the solution is to have the surs table
> have an extra parameter: BOOL create
>
> i.e if the SID doesn't exist, then create one in the table.
>
> mathematical surs tables, that's trivial: all SIDs (in their limited space
> because the uid/gid space is only 32 bit) already exist, therefore
> creation is trivial.
>
> table-based ones, that means that the table must create the unique SID. i
> suggest that the first few components of the SID be used as the base, and
> the newly-created RID be concatenated on the input SID parameter.
>
> either that, or just create a new function surscreatesidfromposix().
>
Ohh... dammit, I was hoping I wouldn't have to get into this... :P
Um, it's probably best done in a separate functions, because there's
too much semantic difference depending on if you specify create or not...
I'll think more about this when I get home.
More information about the samba-technical
mailing list