[PATCH] store SID's in SAM_ACCOUNT
Stefan (metze) Metzmacher
metze at metzemix.de
Tue May 28 05:45:04 GMT 2002
At 05:28 28.05.2002 -0700, you wrote:
>On Tue, May 28, 2002 at 02:07:52PM +0200, Simo Sorce wrote:
> > Hi Stefan.
> >
> > As you may have seen I have already changed the pdb_interface to search
> > by SID and I'm really i favour to use SIDs inside SAM_ACCOUNT instead of
> > RIDS, but I think this patch does not address the problem the right way.
> >
> > What we should do is store the SID in the backends, not convert it at
> > run time.
>
>Given time, yes. But (for example) we really cannot change the LDAP schema
>at this stage (we must certainly still support the current schema) and other
>backends might chose to store the RID/SID in a way that best suits their
>technology.
I agree with Andrew
> > I think we may use part of your code inside pdbedit to have a tool to
> > upgrade from previous backends that store by RID into the new ones.
>
>I don't see the need for a forced 'upgrade'. New backends can use this - but
>with the majoir passdb backends (ldap, smbpasswd) still being RID based into
>the future, we are going to still need this.
>
> > I'm working on tdbsam2 that will store by SID and have also some other
> > interesting things (privileges and such) I have discussed with JFM the
Storing privileges would be fine.
> > last samba experience conference.
>
>BTW, pdbedit already handles 'upgrades', just import from one format and
>export to the other. This code will ensure that it all 'just works'
>
> > What others do think?
>
>I think this patch is fine. We have to start somewhere - and while you
>might *like* to rework the while passdb in one hit, I don't see any reason
>why an incremental patch cannot be applied in the meantime.
>
>On the patch itself, my only comment is that when implementing the
>compatibilty functions, make them call the 'real' funcitons (see
>pdb_set_plaintext_password()) rather than modifiying the struct directly.
>
>Also I see you still have pdb_set_user_rid(), which just calls the fallback.
>If this is really a complete patch, then these functions can go, and other
>coders will notice it - and hopfully see what the new interface is.
I change this..
>Either that, or don't rename the fn at all.
>
>Finally, re the SID initialisation: Make a new function that returns the
>global sam sid. Make it 'auto-initailise', if its not been run before, then
>it should figure it out, and store it in a static.
I will see what I can do...
And I remove all pdb_get_rid()'s and replace them with
sid_peek_rid(pdb_get_sid())...
metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de>
More information about the samba-technical
mailing list