Simplifying the multiple password backend code in HEAD and 3.0.

Andrew Bartlett abartlet at samba.org
Wed Oct 2 00:42:01 GMT 2002


jra at dp.samba.org wrote:
> 
> Spurred on by some complaints in IRC :-) I took a look at the passdb
> backend code in HEAD and 3.0.

So I see...  Must remember never to sleep...

> It looks nice, but it's horribly complex for what it needs to do
> (IMHO). Is there any real reason to have multiple possible backends
> simultaneously in a cascaded interface ?

The cascaded stuff was added because I felt it could be useful - and
ctrlsoft wrote a patch the used the existing code to maximal advantage.

Then, I took this work further and used it to help keep the issue of
'unix accounts not in the sam' (and their matching rids) at bay. 
Personally, I like the idea of abstraction, where this special case is
dealt with in a module, rather than in the interface.  This appears to
be contrary to the fundamental design philosophies of others :-(

> I can see the benefits of a plug-in architecture to allow different
> backends to be tested, but what we need is to do *one* good backend
> implementation (my vote would be for an LDAP one) and then use that
> to implement others - modfying the interfaces as needed to support
> any idiosyncracies that come out of the different backends.

I'm not sure what you mean here, but it sounds like a really bad idea...

I much prefer a relatively sane (yes, it has it's problems) interface
that all backends can implement without difficulty.

> If someone wants to change from one backend to another a decent
> export_all/import_all interface method is all we need (probably
> using the enumerate methods). Changing backends is a major thing
> to do (IMHO) as it means moving data between different databases,
> and I'm worried that the existing code makes it look as though you
> can just change a parameter and have it happen automatically.

Well, how do you propose to make it 'harder'.  It really is just export
and change an option, and I think that is a good thing.
 
> Comments welcome..... but I do want to start cutting out some of
> this code soon.

Yes, well while the current design has it's problems, I do think that it
provides a solid base to move into 3.0.  (vl has a patch for it that I
think does some nice stuff too, without pulling it apart too far).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net



More information about the samba-technical mailing list