Discussion from bug # 4088

Volker Lendecke Volker.Lendecke at SerNet.DE
Sat Sep 9 18:19:32 GMT 2006


Hi!

Carrying a discussion from bugzilla to where it belongs :-)

I've got one further comment: I've looked at all the places
where pdb_get_account_policy is being called. The only one
which is not a write operation is the bad password stuff. So
for normal operation we don't fetch account policies. 

So I would be surprised we would slow down considerably if
we don't cache them.

Volker

 ------- Comment #4 From Volker Lendecke  2006-09-09 12:26 MST  [reply] -------

Argl, sorry, I was wrong. This is confusing. Before account policies are stored
in LDAP at all, you need to migrate them from tdb to LDAP with

pdbedit -i tdbsam -e ldapsam -y

Günther, I would propose to remove this account_policy_migrated flag. We don't
do this for groups and users, and I don't see a reason to do it for the
policies.

What do you think?

Volker


------- Comment #5 From Gerald (Jerry) Carter 2006-09-09 13:02 MST [reply] -------

Volker, the manual migration was by my request.  Although,
I willing to automatically migrate the policy settings in
the next release.  Assuming that we know everything is working
ok.


------- Comment #6 From Volker Lendecke 2006-09-09 13:07 MST [reply] -------

Sure, agreed. I'm not asking for automatic migration, I'm asking to remove the
definite need to do the manual migration.

I would like to have it the same as for users and group mappings: Whatever the
passdb backend option says is relevant. This is not the case for account
policies. If you change from tdbsam or smbpasswd to ldap, then without explicit
migration the account policy values still end up in the tdb.  
Changing this would mean that for the caching functionality (do we really need
that?) we would have to use another mechanism. gencache might be the
appropriate place.

Volker


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060909/2711cab7/attachment.bin


More information about the samba-technical mailing list