access idmap cache directly from smbd

Gerald (Jerry) Carter jerry at
Tue Aug 19 12:32:16 GMT 2008

Hash: SHA1

Volker Lendecke wrote:
> On Mon, Aug 18, 2008 at 04:28:32PM -0700, Jeremy Allison wrote:
>> Pseudocode to try and make things clearer...
>> smbd_check_winbindd_cache();
>> if (!in_cache) {
>> 	smbd_check_in_local_memory_cache();
>> }
>> if (!in_cache) {
>> 	ask_winbindd();
>> }
>> do_legacy_mapping_and_store_in_local_memory_cache();
> What about the case where winbind does not run, we have
> pdb_ldap as a DC, and we use "hide unreadable"? Every smbd
> has to ask ldap itself. This is what killed the LDAP server
> for me.

Hey VOlker,

The possibilities from the discussion are (as I understand
them are):

  a) Utilize the winbind cache as a cache management, database
     layer used by both smbd and winbindd
  b) Add a local caching mechanism on a per pdb instance
     (i.e. just in pdb_ldap)
  c) Extend smbd's in memory sid/id cache to a tdb that can
     be shared by all smbd processes but is individual from
     winbind's own idmap cache.

The issue with (a) is that it recouples winbindd to smbd
by relying on a common cache manager (instead of the API
we have now).  Solution (b) means duplicate code in every
pdb that needs a cache.  But (c) seems perfectly valid.
I don't understand what the problem is with that solution.
Architecturally it is very satisfying to me.  Also it solves
the scenario you describe above as well as the general case.

cheers, jerry
- --
Samba                                    -------
Likewise Software          ---------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list