winbindd uid and gid range assumptions
abartlet at samba.org
abartlet at samba.org
Tue May 14 05:42:02 GMT 2002
On Tue, May 14, 2002 at 08:20:03AM -0400, Mike Gerdts wrote:
> On Mon, 2002-05-13 at 18:42, Andrew Bartlett wrote:
> > Moving over the socket is a very expencive operation, particularly
> > compared to a simple if statement. Also, where we know that a uid is
> > local, we need to check with code that winbind isn't linked to - the
> > passdb backend.
>
> So in a situation where you have UIDs interspersed between NIS and
> domain users, it may be cheaper to check to see if it is local first
> followed by winbind. At least this may be better in my situation, as
> each of my NFS/Samba servers is already an NIS slave. Even though a UID
> lookup may have to talk to nscd and/or ypserv, it is still on the same
> machine, thus avoiding network delays.
>
> Perhaps this would be a place where the plug-in architecture could be
> useful as well. Checks could all be relegated to idmap_ops->islocal().
> The default op could be to check the winbind id range. Others that are
> willing to or need to pay the price of a socket operation will have the
> option of doing so. Presumably islocal() would not just be a straight
> BOOL operation. I could imagine it replying True, False, LocalFirst, or
> DomainFirst.
Sounds like an interesting idea.
> > But yes, we need to deal with things like getting the uid from the SFU
> > LDAP schema, so this may well change in the future.
>
> Do you have any relative time frame or rough release number that you are
> shooting for?
No, its just an idea in my HEAD until I get a chance to look at it, or sombody
codes me up a patch :-).
> Do you see a plug-in that merges the functionality of the existing idmap
> to the architecture present in the VFS, or should I start barking up a
> different tree?
That seems to be the current plugin arch, but we may move across to a more
centralised scheme at some stage.
Andrew Bartlett
More information about the samba-technical
mailing list