order of idmap backends

Andrew Bartlett abartlet at samba.org
Thu Jun 26 05:12:27 GMT 2003

On Thu, 2003-06-26 at 14:54, Jeremy Allison wrote:
> On Thu, Jun 26, 2003 at 10:56:21AM +1000, Andrew Bartlett wrote:
> > 
> > The way I was going to deal with this was the same way we deal with the
> > 'auth_winbind' code.
> > 
> > I was going to make the default idmap backend work like this:
> > 
> > idmap backend = idmap_winbind:idmap_tdb
> > 
> > Where idmap_winbind would know it was in winbind and just pass all
> > operations on to idmap_tdb.  
> > 
> > Likewise, smbd would call idmap_winbind, and if winbind isn't there, it
> > would contact idmap_tdb directly.
> > 
> > This means that only winbindd is allocating in the TDB, and can use it's
> > knowledge of 'it really is a group/user' until we work out a scheme
> > where we can do without this knowledge.
> > 
> > Naturally, this also means that for the default setup, we should not
> > have a problem with 1-connection-per-smbd to the remote ldap server. 
> > The ability to 'set' an IDMAP mapping can also occur on the winbind
> > pipe, protected by the 'winbind priv pipe' system.
> > 
> > How does this sound?
> Sounds ok but please don't change this code. It has been broken
> for too long to for me to trust the changes.


> I will make this work over the next few days - including correct
> locking within idmap etc.
> Any changes I will revert as I need to ensure this code is production
> quality and I need complete control over it for the next few days.

As you know, I no longer commit changes directly into CVS - all my
patches are sent to samba-technical for peer review and approval.

And thank-you for taking a look at this - it's a nasty area and one of
the key features in Samba 3.0.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030626/4a0032de/attachment.bin

More information about the samba-technical mailing list