[PATCH] New external idmap module
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue May 30 22:56:00 GMT 2006
On Tue, May 30, 2006 at 06:41:26PM -0400, simo wrote:
> I think you are taking this more seriously than it deserves.
> I repeat you that the option to run without idmap_tdb is just an that,
> an option.
But it adds code that needs to be maintained. It has taken a
*lot* of pain including numerous phonecalls to get rid of
the pdb_sql modules because they were not properly
maintained.
I would not be so serious about it if there was no
alternative using much simpler code than you propose. But
there is.
I do see the need for external control, but adding a
complete RPC protocol is just too much. Why don't you use
the MSRPC infrastructure that is given to you with the
unixinfo pipe? There was a reason behind putting so much
effort into NTLMSSP binds. They give you sign/seal and so on
within current infrastructure. Something you do not need to
re-invent with half-baked stunnel tricks.
> The unixinfo pipe solves a different purpose.
> It solves only the purpose of distributing the mappings between samba
> servers not the problem to control the mappings externally and
> potentially sharing this mapping with other applications.
You can set up a central smbd that ships from a local tdb
that you can freely control on your server.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060531/a389b140/attachment.bin
More information about the samba-technical
mailing list