[PATCH] ldap connection caching (not ready!!!)

Ignacio Coupeau icoupeau at unav.es
Fri Oct 18 08:26:01 GMT 2002


Stefan (metze) Metzmacher wrote:
!!!  a few line above I read 'return NT_STATUS_OK' but it
> was 'ret = NT_STATUS_OK'  :-(
> 
> but now it works! :-)
> 
> what I need is to test is the non_unix_account stuff.
> 

I browsed the code and the ldap schema changes... if I don't 
misunderstand, the the nextrid is used only for non_unix_account, and 
the algorithmic mapping for unix accounts, rigth?

So, the other question is if a non_unix_account should be in only-one 
domain? In other words: if an user logs in the domain x the ldap stuff 
will provide a rid-x only useable for the domain-x?

I wonder if this may be a strong restriction for large sites with "n" 
domains and only-one ldap base... because the administrators should 
maintain n accounts/rid per-user for access to the n domains. On the 
other hand, if the domain attr takes n-values may solve the multiple 
logon but the rid space may be broken.

Ignacio

-- 
____________________________________________________
Ignacio Coupeau, Ph.D.     e-mail: icoupeau at unav.es
CTI, Director              fax:    948 425619
University of Navarra      voice:  948 425600
Pamplona, SPAIN            http://www.unav.es/cti/




More information about the samba-technical mailing list