Proposals for idmap backend redesign [was Re: svn commit: samba r16822 - in trunk/source/include: .]

Gerald (Jerry) Carter jerry at
Wed Jul 5 15:20:06 GMT 2006

Hash: SHA1


> Author: idra
> Date: 2006-07-05 14:55:21 +0000 (Wed, 05 Jul 2006)
> New Revision: 16822
> WebSVN:
> Log:
> Let's have a name for when you do not want to pass in any flags, 
> it is more understandable than passing just "0"

I'd like to propose a hold on any idmap backend changes
for the moment.  I don't want to see too many chefs in the
kitchen.  Can we have a single discussion about what the
design should be so that we are all on the same page.

Here is what Volker proposed to me this morning on the phone.

Separate the authoritative and caching functions. Currently
we label id backends as local or remote with the latter using
caching provided by the local tdb backend.  Let's remove local
vs. remote and simply have a persistent vs. cache relationship.
The persistent can be heavy (transactional local db, remote
LDAP, AD, etc...) which the caching layer is lighter (possibly
reuse gencache).

The cache can be shared by smbd and winbindd thus removing
the sid to id cache in lookup_sid.c.  The persistent backend
and hence uid/gid allocation is only provided by winbindd.

This way we can

(a) have drop replacements for persistent storage
(b) have a tunable expiring cache layer that is reused by all.

Sound reasonable?  I will volunteer to do the initial
redesign work if everyone agrees.

cheers, jerry
Samba                                    -------
Centeris                         -----------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE -


More information about the samba-technical mailing list