Plugable passdb (SAM) modules
idra at samba.org
Wed Jan 16 09:09:01 GMT 2002
One question comes to mind immediately.
If I understanded correctly, you want to make it possible to have multiple backend up concurrently.
Well for read and update operations it may be ok, but what happen when you want to add a new user?
Which module will be used? Have you planned a way to tell which module to use by default to add a new user? Will it be configurabale?
 The update function may be really usefull to automatically switch from smbpasswd to tdb_sam moving accounts every time they are updated, smoothly, or to ldap or... there would be nice to have a "passdb update = pdb_unix, pdb_tdb" that would for example convert a the account from normal system accounts to tdb_sam accounts for example, thus creating samba account just changing the password.
does this make sense?
On Wed, Jan 16, 2002 at 12:01:11AM +1100, Andrew Bartlett wrote:
> I've started on an implementation of plugable passdb modules.
> My particular interst in this is to allow me to do 'intersting' things
> without having to recompile as I move betwen modules. (Like having
> users without a unix identity and other such objectionable notions).
> The idea is that there would be 'yet another smb.conf option': passdb
> backend = ...
> This would select from the list of available modules and load it at
> startup. (first passdb access or init).
> This requries a few changes, but I intend to wrap most of them behind
> the same external interface. Internally, each passdb module will have
> an init function that fills in and returns a struct containing function
> It will also have a void * in which it can store state (file handles,
> ldap handles etc). This should remove the need for statics.
> I'm also be implementing the 'reread' changes to the interface, where an
> add/update/delete don't 'succeed' until a re-read of the db produces a
> compatible result and the SAM_ACCOUNT passed for that user is updated.
> This whole this will look much like my auth work once its all done.
> The main problem with all this (once I get it coded, tested etc) is the
> fact that it will spoil all hopes of keeping 2.2 in sync on the passdb
> side of things. This is the main reason for this e-mail: A heads up
> and an oppotunity to say 'don't commit it any time soon' or the like...
> Andrew Bartlett
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
Simo Sorce idra at samba.org
Samba Team http://www.samba.org
More information about the samba-technical