CVS update: samba/source/lib

Andrew Bartlett abartlet at
Tue Apr 22 14:05:02 GMT 2003

On Thu, 2003-04-03 at 13:30, jmcd at wrote:
> Date:	Thu Apr  3 03:30:24 2003
> Author:	jmcd
> Update of /home/cvs/samba/source/lib
> In directory
> Added Files:
> 	ldap.c 
> Log Message:
> The ldap idmap backend from Anthony Liguori (aliguori at
> This patch moves the ldap routines out of passdb into a generic
> library and implements an LDAP backend for IDMAP.  THe backend
> can be enabled with "idmap backend = ldap" in smb.conf.  THere
> are also schema changes to make sure to update teh ldap schema files.

Sorry to leave this for so long - but I've just started to run over bugs
created by this commit, and decided to read the code...

Firstly, the patch re-introduced code from an *old* version of pdb_ldap,
which broke deletion of user accounts.  When moving files, move current

Secondly, the fundamental design of the ldap idmap storage mechanism is
completely flawed - idmap must deal with every arbitrary SID - not just
SIDs we happen to know the domain for.  This was explained at our
developer-day recently, but I had thought that aliguori had picked that
much up from our discussions on IRC...  (In fact, it was due to these
discussions that I had felt I could avoid having to read over it, and
got onto other work).

Thirdly, I've already fixed up other bugs in it - where it didn't even
compile if --with-ldapsam (a 2.2 compatibility option) was specified.

As such, I'm wondering if this might be best kept in HEAD or removed -
but certainly not merged to 3.0.  In particular, I would not want our
code to need to deal with this particular variant of ldap storage into
our stable series (where we have commitments about compatibility).

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list