Plugable passdb (SAM) modules

Simo Sorce idra at
Wed Jan 16 09:09:01 GMT 2002

One question comes to mind immediately.
If I understanded correctly, you want to make it possible to have multiple backend up concurrently.
Well for read and update[1] operations it may be ok, but what happen when you want to add a new user?
Which module will be used? Have you planned a way to tell which module to use by default to add a new user? Will it be configurabale?

[1] The update function may be really usefull to automatically switch from smbpasswd to tdb_sam moving accounts every time they are updated, smoothly, or to ldap or... there would be nice to have a "passdb update = pdb_unix, pdb_tdb" that would for example convert a the account from normal system accounts to tdb_sam accounts for example, thus creating samba account just changing the password.

does this make sense?

On Wed, Jan 16, 2002 at 12:01:11AM +1100, Andrew Bartlett wrote:
> I've started on an implementation of plugable passdb modules.
> My particular interst in this is to allow me to do 'intersting' things
> without having to recompile as I move betwen modules.  (Like having
> users without a unix identity and other such objectionable notions).
> The idea is that there would be 'yet another smb.conf option': passdb
> backend = ...
> This would select from the list of available modules and load it at
> startup. (first passdb access or init).
> This requries a few changes, but I intend to wrap most of them behind
> the same external interface.  Internally, each passdb module will have
> an init function that fills in and returns a struct containing function
> pointers.  
> It will also have a void * in which it can store state (file handles,
> ldap handles etc).  This should remove the need for statics.
> I'm also be implementing the 'reread' changes to the interface, where an
> add/update/delete don't 'succeed' until a re-read of the db produces a
> compatible result and the SAM_ACCOUNT passed for that user is updated.
> This whole this will look much like my auth work once its all done.
> The main problem with all this (once I get it coded, tested etc) is the
> fact that it will spoil all hopes of keeping 2.2 in sync on the passdb
> side of things.  This is the main reason for this e-mail:  A heads up
> and an oppotunity to say 'don't commit it any time soon' or the like...
> Andrew Bartlett
> -- 
> Andrew Bartlett                                 abartlet at
> Manager, Authentication Subsystems, Samba Team  abartlet at
> Student Network Administrator, Hawker College   abartlet at

Simo Sorce       idra at
Samba Team

More information about the samba-technical mailing list