member/memberOf and samldb.c
abartlet at samba.org
Mon Aug 29 00:32:12 GMT 2005
On Mon, 2005-08-29 at 10:00 +1000, tridge at samba.org wrote:
> Simo and Andrew,
> I'm looking at what we need in the backend to do the user management
> code right for the web interface (and command line interface too for
> that matter).
> Currently our provision code sets up both the 'member' attribute of
> the user and the memberOf attribute of the group separately. The
> problem with this approach is it is all too easy for the two to get
> out of sync, plus its not what windows ldap tools will expect.
> So I've been thinking about how we should handle this type of detail
> in our ldb code. I can see two workable approaches:
> 1) we could not store the memberOf fields in the user record in ldb
> at all, and instead generate them on the fly in the samldb.c ldb
> module. This could be made efficient using an indexing trick (more
> on that below).
I strongly favor the dynamic approach, until we show that it cannot be
sustained. This is particularly because will allow it to work
transparently and atomically with an arbitrary ldap or tdb backend,
without the need for transactions.
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050829/c4669b3d/attachment.bin
More information about the samba-technical