order of idmap backends
Jeremy Allison
jra at samba.org
Thu Jun 26 04:54:45 GMT 2003
On Thu, Jun 26, 2003 at 10:56:21AM +1000, Andrew Bartlett wrote:
>
> The way I was going to deal with this was the same way we deal with the
> 'auth_winbind' code.
>
> I was going to make the default idmap backend work like this:
>
> idmap backend = idmap_winbind:idmap_tdb
>
> Where idmap_winbind would know it was in winbind and just pass all
> operations on to idmap_tdb.
>
> Likewise, smbd would call idmap_winbind, and if winbind isn't there, it
> would contact idmap_tdb directly.
>
> This means that only winbindd is allocating in the TDB, and can use it's
> knowledge of 'it really is a group/user' until we work out a scheme
> where we can do without this knowledge.
>
> Naturally, this also means that for the default setup, we should not
> have a problem with 1-connection-per-smbd to the remote ldap server.
> The ability to 'set' an IDMAP mapping can also occur on the winbind
> pipe, protected by the 'winbind priv pipe' system.
>
> How does this sound?
Sounds ok but please don't change this code. It has been broken
for too long to for me to trust the changes.
I will make this work over the next few days - including correct
locking within idmap etc.
Any changes I will revert as I need to ensure this code is production
quality and I need complete control over it for the next few days.
Jeremy.
More information about the samba-technical
mailing list