CVS update: samba/source/lib
abartlet at samba.org
Tue Apr 22 14:05:02 GMT 2003
On Thu, 2003-04-03 at 13:30, jmcd at samba.org wrote:
> Date: Thu Apr 3 03:30:24 2003
> Author: jmcd
> Update of /home/cvs/samba/source/lib
> In directory dp.samba.org:/tmp/cvs-serv31240/source/lib
> Added Files:
> Log Message:
> The ldap idmap backend from Anthony Liguori (aliguori at us.ibm.com):
> This patch moves the ldap routines out of passdb into a generic
> library and implements an LDAP backend for IDMAP. THe backend
> can be enabled with "idmap backend = ldap" in smb.conf. THere
> are also schema changes to make sure to update teh ldap schema files.
Sorry to leave this for so long - but I've just started to run over bugs
created by this commit, and decided to read the code...
Firstly, the patch re-introduced code from an *old* version of pdb_ldap,
which broke deletion of user accounts. When moving files, move current
Secondly, the fundamental design of the ldap idmap storage mechanism is
completely flawed - idmap must deal with every arbitrary SID - not just
SIDs we happen to know the domain for. This was explained at our
developer-day recently, but I had thought that aliguori had picked that
much up from our discussions on IRC... (In fact, it was due to these
discussions that I had felt I could avoid having to read over it, and
got onto other work).
Thirdly, I've already fixed up other bugs in it - where it didn't even
compile if --with-ldapsam (a 2.2 compatibility option) was specified.
As such, I'm wondering if this might be best kept in HEAD or removed -
but certainly not merged to 3.0. In particular, I would not want our
code to need to deal with this particular variant of ldap storage into
our stable series (where we have commitments about compatibility).
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030423/0a224520/attachment.bin
More information about the samba-technical