samba 4: a new configuration system?

Mike Hammond (Laptop) korann at accel.cornell.edu
Mon Jun 27 18:03:31 GMT 2005 

On Thursday 23 June 2005 18:46, Andrew Tridgell wrote:
> Alan,
>
>  >   That's a great idea, and I wish more projects had that kind of
>  > tool.
>
> I would not be surprised if ldbedit gets usage outside of Samba. It
> still needs a bit of work to be used as a general ldap editor (for
> example, it does the fancy SPNEGO/NTLMSSP authentication schemes that
> windows uses, but doesn't do plain text ldap binds), but once those
> are fixed I can well imagine administrators using it for managing
> ldap servers that have nothing to do with Samba.

Always nice to see people building general tools.
>
>  >   One question, though.  I haven't looked, but is it possible to
>  > dump the ldb to a text file, and then import that text file back
>  > into the ldb?  That would allow other scripts to root through the
>  > DB via text, and would also give admins a "warm and fuzzy" feeling
>  > that the DB could be backed up in a format humans can understand.
>
> yes, the import/export format is ldif.
>
> ldbedit does a little more than just import/export though, and
> perhaps the additional functionality should be exposed in a tool. The
> main extra thing it does is a "ldap diff", which works out what you
> changed in the editor, and forms a ldif changeset to apply to the
> server. We could have a "ldbdiff" tool that exposes that
> functionality so you could do:

ldbdiff (or ldifdiff?) would be a nice standalone tool.

Hate to be the anal one, but we should add locking, yes?:
    ldb_lock config.ldb
>   ldbsearch '(some=expression)' > a.ldif
>   run_my_script.sh a.ldif > b.ldif
>   ldbdiff a.ldif b.ldif > changes.ldif
>   ldbmodify changes.ldif
    ldb_unlock config.ldb

It would "almost" always work without the locking, but ....
>
> you could in fact do that now by setting your 'editor' in ldbedit to
> run_my_script.sh, but perhaps it would be neater to split it out. 
>
> Cheers, Tridge

Setting EDITOR=run_my_script.sh has the advantage of inherent locking.  
The script could always output a copy.  


A true Unix style hack.
EDITOR=cat
ldbedit -H config.ldb > config.ldif


-- 

	Mch(Michael Hammond)
	korann at accel.cornell.edu	(607)255-8575	mch22 at cornell.edu
	korann at blueblaze.com	(607)277-4565voice	(607)277-2216fax

More information about the samba-technical mailing list