Wrong usage of lp_idmap_backend() value?

Stefan (metze) Metzmacher metze at metzemix.de
Fri Jul 4 11:15:55 GMT 2003


At 10:10 04.07.2003 +0200, Simo Sorce wrote:
>On Fri, 2003-07-04 at 09:28, Jeremy Allison wrote:
> > On Fri, Jul 04, 2003 at 09:22:14AM +0200, Volker Lendecke wrote:
> > > I don't see a point in having the passdb backend and idmap backend 
> parameters
> > > be different. Why not merge them to one? If you have a LDAP passdb 
> backend, you
> > > also use it for idmap. If you have a smbpasswd or tdb passdb backend, 
> you only
> > > use the local stuff.
> >
> > Please fix your quoting. I didn't write the above (I think it's silly :-).
> >
> > Jerry and I have been discussing the idmap mess further... watch this 
> space.
>
>It would be nice if you tell us something, as me and others have
>discussed that as well for long.

Jeremy,
That would be very cool!
A detailed description of how the whole idmap stuff should be implemented

I think the whole system should get a more structured design.

I think it's not nice to register idmap_tdb and idmap_winbind as idmap 
backends!

when someone uses 'idmap backend = winbind' winbindd will call it self in a 
loop.


This is what I would like to see:

1.)As it is now idmap_tdb act as local (cache) database, directly working 
on the tdb file (winbindd_idmap.tdb)

we shouldn't use 'get_method("tdb")' , we should go like this:

in idmap.c:
struct idmap_methods *cache_map = &idmap_tdb_methods;

in idmap_tdb.c:
struct idmap_methods idmap_tdb_methods = {
         db_idmap_init,
         db_get_sid_from_id,
         db_get_id_from_sid,
         db_set_mapping,
         db_idmap_close,
         db_idmap_status
};

HACKS LIKE THIS ARE VERY,VERY UGLY!:
(special case for tdb, idmap_tdb should never go to the list of backends!)

         for(entry = backends; entry; entry = entry->next) {
                 if (!cache_method && strequal(entry->name, "tdb"))
                         continue; /* tdb is only cache method. */
                 if (strequal(entry->name, name))
                         return entry->methods;
         }

2a.)And smbd and winbindd independently directly call the remote (centralized)
idmap MODULE (which is selected via 'idmap backend' and can also be a 
shared module)

And for idmap_ldap (this should be the only idmap module (modules are using
smb_register_idmap()!  at the moment)

And Hacks like this:
if (!idmap_init((idmap_back && *idmap_back) ? "winbind" : NULL))

are also not that nice! idmap_winbind should also not be in the list of 
remote idmap backends...


>For the particulare instance I'd say Volker minimalist approach is not
>enough.

I thing we should not merge 'passdb backend' and 'idmap backend' together!

but we may should reuse the 'ldap server' option again:

passdb backend = ldapsam
idmap backend = ldap
ldap server = ldaps://server.domain
ldap suffix = ...
...

I think this would make sense



metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de> 




More information about the samba-technical mailing list