Proposals for idmap backend redesign [was Re: svn commit: samba r16822 - in trunk/source/include: .]

Gautier, B (Bob) Bob.Gautier at rabobank.com
Wed Jul 5 16:11:15 GMT 2006


 

> -----Original Message-----
> From: Gerald (Jerry) Carter [mailto:jerry at samba.org] 
> Sent: 05 July 2006 16:38
> To: Gautier, B (Bob)
> Cc: samba-technical at lists.samba.org; idra at samba.org
> Subject: Re: Proposals for idmap backend redesign [was Re: 
> svn commit: samba r16822 - in trunk/source/include: .]
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Gautier, B (Bob) wrote:
> >> This way we can
> >>
> >> (a) have drop replacements for persistent storage
> >> (b) have a tunable expiring cache layer that is reused by all.
> >>
> >> Sound reasonable?  I will volunteer to do the initial 
> redesign work 
> >> if everyone agrees.
> > 
> > Yes please!  I'd really love to see a caching layer in idmap that 
> > expires entries properly.  If you can do negative caching too that 
> > would be ideal.
> 
> By negative caching, I assume you mean for backends that 
> cannot allocate on their own like idmap_ad.  Something like a 
> "I already looked for this SID and it has no uid" cache entry?
> 

Yes, sorry, I should have taken the time to explain, but you got it
anyway: I expect to be using winbind+idmap_ad in an environment with
tens of thousands of users, where initially very few (hundreds) will
have uid etc.  So it would be very nice to avoid repeatedly asking AD
for information it doesn't have.  But also essential for winbindd to
(eventually) notice when we *do* give an existing user a uid (so
negative caching without expiry is a complete loser).

Bob G

> 
> 
> cheers, jerry
> =====================================================================
> Samba                                    ------- http://www.samba.org
> Centeris                         -----------  http://www.centeris.com
> "What man is a man who does not make the world better?"      --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
> 
> iD8DBQFEq9zFIR7qMdg1EfYRAhi6AKDiXRVYC/r2jS1grGLC/wnPEZbEKQCfbhRf
> B3IuF35mTjpSlughndw4vA0=
> =SxKG
> -----END PGP SIGNATURE-----
> 
_____________________________________________________________

This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat.
_____________________________________________________________


More information about the samba-technical mailing list