Status of the ldb_map module (Samba4 vs. external LDAP)

Andrew Bartlett abartlet at samba.org
Tue Jul 11 14:01:37 GMT 2006 

On Tue, 2006-07-11 at 03:16 +0200, Martin Kühl wrote:
> Summary: the module compiles and loads but doesn't run without issues.
> 
> Compiling my branched versions of the ldb_map and samba3sam modules
> works fine.  I've also branched the samba3sam test script to adapt it
> to the new module and the tests run fine up to (and including)
> reconnecting to the database with the samba3sam module loaded.
> 
> The rest of the test fails because the new ldb_map requires a local
> "proxy" record for each remote record to consider, while the
> initialisation just pumps data into the remote database.
> So I modified the test to add a record after reconnecting.  (I also
> decided to unload the kludge_acl module before reconnection, which
> threw LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS errors at me and I didn't
> care to look into that problem too far.)

Yeah, I would avoid kludge_acl till it's all working.  But why does it
rely on the local record?  What if the admin adds to the remote LDAP,
without going via Samba?  

> This test runs fine only if both map_add and map_search immediately
> call ldb_next_request.  If either of them isn't skipped, the test run
> makes my machine unusable until it is collected by the oom-killer.
> Debug sessions on map_add suggest that the process keeps spinning in
> oc_async_wait_all (from the objectclass module), so I guess my
> handling of async handles is broken.

Have a good look at the local_password module again, but yes, it's a
difficult problem until you get it right...

> I'll experiment a little with different async handle styles, with
> debug sessions on map_search and with a few different machines over
> the next week, but I'm planning to focus on defining real mappings and
> get back to this later -- I don't blame the module's core logic.
> 
> There's also a deeper issue with objectClasses I haven't thought about
> enough yet, I'll bring that up again in a few days.
> 
> The attached patch (against the mkhl/testprogs-map branch) reflects
> the current test I'm running.

I want to spend some time reviewing the code, and getting an idea what
works.  When is a good time to sync up on IRC or phone?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060712/7669c0e3/attachment.bin

More information about the samba-technical mailing list