[PATCH] New external idmap module

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue May 30 22:56:00 GMT 2006

On Tue, May 30, 2006 at 06:41:26PM -0400, simo wrote:
> I think you are taking this more seriously than it deserves.
> I repeat you that the option to run without idmap_tdb is just an that,
> an option.

But it adds code that needs to be maintained. It has taken a
*lot* of pain including numerous phonecalls to get rid of
the pdb_sql modules because they were not properly

I would not be so serious about it if there was no
alternative using much simpler code than you propose. But
there is.

I do see the need for external control, but adding a
complete RPC protocol is just too much. Why don't you use
the MSRPC infrastructure that is given to you with the
unixinfo pipe? There was a reason behind putting so much
effort into NTLMSSP binds. They give you sign/seal and so on
within current infrastructure. Something you do not need to
re-invent with half-baked stunnel tricks.

> The unixinfo pipe solves a different purpose.
> It solves only the purpose of distributing the mappings between samba
> servers not the problem to control the mappings externally and
> potentially sharing this mapping with other applications.

You can set up a central smbd that ships from a local tdb
that you can freely control on your server.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060531/a389b140/attachment.bin

More information about the samba-technical mailing list