Commit my stuff to 3.0?

Sat Oct 12 16:33:00 GMT 2002

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

Discussion moved to samba-technical.

> Instead of just doing a pdb_getsampwnam() on the name from pass struct,
> I would prefer that we instead change the callers.  Most of the callers
> can be changed to do the pdb_getsampwnam() instead of Get_Pwnam(), now
> that we have unixsam giving us access to all users.  (This is why we
> didn't do this before).

To be honest I would like to get rid of the necessity of unixsam for
encrypted passwords. One case where this breaks: You want a
workstation to join your domain. You do not want to use 'add user
script', so you add the wks account to
/etc/passwd. _api_samr_create_user says user exists, and after that
set_userinfo creates the account in passdb. And boom, you again have
algorithmic mapping in your rich passdb backend.

I am not sure if metze's new passdb code covers this case, but there
are so many cases like this where pdb_getsampwnam succeeding just from
unixsam is not transparent enough for the caller.

> Given that we need passdb and groups in 3.0, I woud support merging it
> in there.  In particualar this should simplify greatly the 'name -> sid'
> and 'sid -> name' code.  (Add calls for these to the interface).  

If I started to rewrite the group mapping API, I would like to remove
the enumgroups call. This is just too ugly for large numbers of
groups. And people *will* use lots of groups, especially as we do not
have support for nested groups.

And when automagically creating group mappings, I would like to create
them as domain groups and not as aliases. I think this is what users
would expect. It also removes the annoying messages that NT does not
like aliases as a user's primary group.

Volker
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Key-ID ADE377D8, Fingerprint available: phone +49 551 3700000

iD8DBQE9qE5PZeeQha3jd9gRAgYtAJ9WxUJ3Wzc9IVasZvuQi1vFl413qACcCAhy
O+0OO6J8WTqpOxHR0F+oXm8=
=+CCE
-----END PGP SIGNATURE-----