CVS update: samba/source/lib

Andrew Bartlett abartlet at samba.org
Tue Apr 22 14:05:02 GMT 2003 

On Thu, 2003-04-03 at 13:30, jmcd at samba.org wrote:
> 
> Date:	Thu Apr  3 03:30:24 2003
> Author:	jmcd
> 
> Update of /home/cvs/samba/source/lib
> In directory dp.samba.org:/tmp/cvs-serv31240/source/lib
> 
> Added Files:
> 	ldap.c 
> Log Message:
> The ldap idmap backend from Anthony Liguori (aliguori at us.ibm.com):
> 
> This patch moves the ldap routines out of passdb into a generic
> library and implements an LDAP backend for IDMAP.  THe backend
> can be enabled with "idmap backend = ldap" in smb.conf.  THere
> are also schema changes to make sure to update teh ldap schema files.

Sorry to leave this for so long - but I've just started to run over bugs
created by this commit, and decided to read the code...

Firstly, the patch re-introduced code from an *old* version of pdb_ldap,
which broke deletion of user accounts.  When moving files, move current
files...

Secondly, the fundamental design of the ldap idmap storage mechanism is
completely flawed - idmap must deal with every arbitrary SID - not just
SIDs we happen to know the domain for.  This was explained at our
developer-day recently, but I had thought that aliguori had picked that
much up from our discussions on IRC...  (In fact, it was due to these
discussions that I had felt I could avoid having to read over it, and
got onto other work).

Thirdly, I've already fixed up other bugs in it - where it didn't even
compile if --with-ldapsam (a 2.2 compatibility option) was specified.

As such, I'm wondering if this might be best kept in HEAD or removed -
but certainly not merged to 3.0.  In particular, I would not want our
code to need to deal with this particular variant of ldap storage into
our stable series (where we have commitments about compatibility).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030423/0a224520/attachment.bin

More information about the samba-technical mailing list