Commit my stuff to 3.0?
Volker.Lendecke at SerNet.DE
Volker.Lendecke at SerNet.DE
Sat Oct 12 16:33:00 GMT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
Discussion moved to samba-technical.
> Instead of just doing a pdb_getsampwnam() on the name from pass struct,
> I would prefer that we instead change the callers. Most of the callers
> can be changed to do the pdb_getsampwnam() instead of Get_Pwnam(), now
> that we have unixsam giving us access to all users. (This is why we
> didn't do this before).
To be honest I would like to get rid of the necessity of unixsam for
encrypted passwords. One case where this breaks: You want a
workstation to join your domain. You do not want to use 'add user
script', so you add the wks account to
/etc/passwd. _api_samr_create_user says user exists, and after that
set_userinfo creates the account in passdb. And boom, you again have
algorithmic mapping in your rich passdb backend.
I am not sure if metze's new passdb code covers this case, but there
are so many cases like this where pdb_getsampwnam succeeding just from
unixsam is not transparent enough for the caller.
> Given that we need passdb and groups in 3.0, I woud support merging it
> in there. In particualar this should simplify greatly the 'name -> sid'
> and 'sid -> name' code. (Add calls for these to the interface).
If I started to rewrite the group mapping API, I would like to remove
the enumgroups call. This is just too ugly for large numbers of
groups. And people *will* use lots of groups, especially as we do not
have support for nested groups.
And when automagically creating group mappings, I would like to create
them as domain groups and not as aliases. I think this is what users
would expect. It also removes the annoying messages that NT does not
like aliases as a user's primary group.
Volker
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Key-ID ADE377D8, Fingerprint available: phone +49 551 3700000
iD8DBQE9qE5PZeeQha3jd9gRAgYtAJ9WxUJ3Wzc9IVasZvuQi1vFl413qACcCAhy
O+0OO6J8WTqpOxHR0F+oXm8=
=+CCE
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list