member/memberOf and samldb.c

Andrew Bartlett abartlet at
Mon Aug 29 00:32:12 GMT 2005

On Mon, 2005-08-29 at 10:00 +1000, tridge at wrote:
> Simo and Andrew,
> I'm looking at what we need in the backend to do the user management
> code right for the web interface (and command line interface too for
> that matter).
> Currently our provision code sets up both the 'member' attribute of
> the user and the memberOf attribute of the group separately. The
> problem with this approach is it is all too easy for the two to get
> out of sync, plus its not what windows ldap tools will expect. 

> So I've been thinking about how we should handle this type of detail
> in our ldb code. I can see two workable approaches:
>  1) we could not store the memberOf fields in the user record in ldb
>     at all, and instead generate them on the fly in the samldb.c ldb
>     module. This could be made efficient using an indexing trick (more
>     on that below).

I strongly favor the dynamic approach, until we show that it cannot be
sustained.   This is particularly because will allow it to work
transparently and atomically with an arbitrary ldap or tdb backend,
without the need for transactions.

Andrew Bartlett

Andrew Bartlett                      
Samba Developer, SuSE Labs, Novell Inc.
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list