Plugable passdb (SAM) modules
Simo Sorce
idra at samba.org
Wed Jan 16 09:09:01 GMT 2002
One question comes to mind immediately.
If I understanded correctly, you want to make it possible to have multiple backend up concurrently.
Well for read and update[1] operations it may be ok, but what happen when you want to add a new user?
Which module will be used? Have you planned a way to tell which module to use by default to add a new user? Will it be configurabale?
[1] The update function may be really usefull to automatically switch from smbpasswd to tdb_sam moving accounts every time they are updated, smoothly, or to ldap or... there would be nice to have a "passdb update = pdb_unix, pdb_tdb" that would for example convert a the account from normal system accounts to tdb_sam accounts for example, thus creating samba account just changing the password.
does this make sense?
On Wed, Jan 16, 2002 at 12:01:11AM +1100, Andrew Bartlett wrote:
> I've started on an implementation of plugable passdb modules.
>
> My particular interst in this is to allow me to do 'intersting' things
> without having to recompile as I move betwen modules. (Like having
> users without a unix identity and other such objectionable notions).
>
> The idea is that there would be 'yet another smb.conf option': passdb
> backend = ...
>
> This would select from the list of available modules and load it at
> startup. (first passdb access or init).
>
> This requries a few changes, but I intend to wrap most of them behind
> the same external interface. Internally, each passdb module will have
> an init function that fills in and returns a struct containing function
> pointers.
>
> It will also have a void * in which it can store state (file handles,
> ldap handles etc). This should remove the need for statics.
>
> I'm also be implementing the 'reread' changes to the interface, where an
> add/update/delete don't 'succeed' until a re-read of the db produces a
> compatible result and the SAM_ACCOUNT passed for that user is updated.
>
> This whole this will look much like my auth work once its all done.
>
> The main problem with all this (once I get it coded, tested etc) is the
> fact that it will spoil all hopes of keeping 2.2 in sync on the passdb
> side of things. This is the main reason for this e-mail: A heads up
> and an oppotunity to say 'don't commit it any time soon' or the like...
>
> Andrew Bartlett
>
> --
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
>
--
Simo Sorce idra at samba.org
-------------------------------
Samba Team http://www.samba.org
More information about the samba-technical
mailing list