get_domain_user_groups() improvement.

Volker.Lendecke at SerNet.DE Volker.Lendecke at SerNet.DE
Fri Sep 24 15:27:45 GMT 2004

On Wed, Sep 22, 2004 at 11:55:16PM -0400, Igor Belyi wrote:
> If I understand philosophy behind Samba correctly (which I doubt) its 
> passwd/group/host databases are supposed to be maintained independently 
> of where local system keeps its own corresponding databases.

Just my 2 cents here: We had a really serious debate about exactly this topic.
I took it to the other extreme and made the Samba SAM implementation completely
depend on nss, and really only have the stuff that can not be represented by
nss in ldap. In particular this is aliases and for example the samba style
passwords. This was done in an experimental samba branch voyager which is quite
complete in that respect. The structure of that code is a lot simpler than
current 3_0, but I do not think that this will lead anywhere. I did not address
performance issues at all, but as the code is simpler caching mechanisms should
be much easier to implement.

Why did I do that? Because I simply could not solve the puzzle you are trying
to solve. The issue of 'root' and systems without nss_ldap break your scheme.
Pursuing that fully will directly get you into Samba 4, where the separation
between the Windows and Posix world is very clearly at the boundary of the
Posix VFS. None of the higher-level functions in Samba 4 will ever call into
nss, only when the Unix privileges of a client who is accessing the file system
need to be determined a mapping has to be done. This is not yet implemented

To be honest, I don't believe that this internal structure of Samba 3 will
fundamentally change anymore. We might add performance optimizations here and
there, but the major cleanup of Samba 3 code that is necessary sooner or later
is called Samba 4.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url :

More information about the samba-technical mailing list