[PATCH] New external idmap module

simo idra at samba.org
Tue May 30 22:58:34 GMT 2006

On Wed, 2006-05-31 at 00:56 +0200, Volker Lendecke wrote:
> On Tue, May 30, 2006 at 06:41:26PM -0400, simo wrote:
> > I think you are taking this more seriously than it deserves.
> > I repeat you that the option to run without idmap_tdb is just an that,
> > an option.
> But it adds code that needs to be maintained. It has taken a
> *lot* of pain including numerous phonecalls to get rid of
> the pdb_sql modules because they were not properly
> maintained.

You are driving me mad Volker :-)

It is part of my paid work to take care of this code.
I will maintain it, an make sure it does not break.

> I would not be so serious about it if there was no
> alternative using much simpler code than you propose. But
> there is.

I created this code because I had a technical need to fulfill.
I am not making it just for fun and dropping it there.

> I do see the need for external control, but adding a
> complete RPC protocol is just too much. Why don't you use
> the MSRPC infrastructure that is given to you with the
> unixinfo pipe? There was a reason behind putting so much
> effort into NTLMSSP binds. They give you sign/seal and so on
> within current infrastructure. Something you do not need to
> re-invent with half-baked stunnel tricks.

You can't seriously call that an RPC method, it is a very trivial
communication protocol, and it need to be simple because we do not need
to extend it nor to pass any fancy data in it.
I am following a KISS approach.
I can even strip out the tcp support if it makes you happier, I do not
really need it, I just thought it was nice to have a way to make it
SIMPLE to chare mappings without the need to set up an openLdap server
which is very difficult for many admins.

> > The unixinfo pipe solves a different purpose.
> > It solves only the purpose of distributing the mappings between samba
> > servers not the problem to control the mappings externally and
> > potentially sharing this mapping with other applications.
> You can set up a central smbd that ships from a local tdb
> that you can freely control on your server.

No you can't, not always, and you still will have to solve the problem
of feeding the master smbd server, and it will be a single point of
failure etc...


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org

More information about the samba-technical mailing list