CVS update: samba/source/lib
Andrew Bartlett
abartlet at samba.org
Tue Apr 22 14:05:02 GMT 2003
On Thu, 2003-04-03 at 13:30, jmcd at samba.org wrote:
>
> Date: Thu Apr 3 03:30:24 2003
> Author: jmcd
>
> Update of /home/cvs/samba/source/lib
> In directory dp.samba.org:/tmp/cvs-serv31240/source/lib
>
> Added Files:
> ldap.c
> Log Message:
> The ldap idmap backend from Anthony Liguori (aliguori at us.ibm.com):
>
> This patch moves the ldap routines out of passdb into a generic
> library and implements an LDAP backend for IDMAP. THe backend
> can be enabled with "idmap backend = ldap" in smb.conf. THere
> are also schema changes to make sure to update teh ldap schema files.
Sorry to leave this for so long - but I've just started to run over bugs
created by this commit, and decided to read the code...
Firstly, the patch re-introduced code from an *old* version of pdb_ldap,
which broke deletion of user accounts. When moving files, move current
files...
Secondly, the fundamental design of the ldap idmap storage mechanism is
completely flawed - idmap must deal with every arbitrary SID - not just
SIDs we happen to know the domain for. This was explained at our
developer-day recently, but I had thought that aliguori had picked that
much up from our discussions on IRC... (In fact, it was due to these
discussions that I had felt I could avoid having to read over it, and
got onto other work).
Thirdly, I've already fixed up other bugs in it - where it didn't even
compile if --with-ldapsam (a 2.2 compatibility option) was specified.
As such, I'm wondering if this might be best kept in HEAD or removed -
but certainly not merged to 3.0. In particular, I would not want our
code to need to deal with this particular variant of ldap storage into
our stable series (where we have commitments about compatibility).
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030423/0a224520/attachment.bin
More information about the samba-technical
mailing list