[Patch] Add an idmap implementation to winbind

simo idra at samba.org
Fri Feb 15 06:59:33 GMT 2008

On Fri, 2008-02-15 at 07:48 +0100, Stefan (metze) Metzmacher wrote:
> > You can start with just using the default partition imo, we will se if
> > there is any reason to split it in a separate one.
> > sam.ldb will require schema though.
> And that's bad, we need work without any schema changes!

What's the problem with additional schema ?

> So I think it's good to have an idmap.ldb.
> Later we can create a new samdb.ldb idmap backend,
> but for now it should be very simple.

We can settle for a compromise, it will just be other work to do yet
again "later", maybe its ok this way.

> > Yes sidmap used the assumption that pure ldb with tdb backend never
> > blocks. But as soon as you consider using an ldap uri instead of a tdb
> > file (which is a very neat way to use a common shared server between
> > different member servers without changing a single line of code), then
> > this does not hold true anymore.
> I think relying on the tdb backend is ok for now.
> The goal should be to have something very simple that works.
> The next step should be that only the winbind task uses
> the idmap interface and all others use winbind.

Yes I agree we should not use idmapping directly from smbd again.

> (This should allow us to also use a samba3 winbindd)
> And the last step can be to have multiple idmap backends,
> and use async ldb calls.

Not sure about the multiple idmap backends, I'd rather have a standard
way to store mappings that is compatible with also storing them in AD
(even if it requires a schema extension), and at most have different
allocation strategies, but there is time to discuss about this later.


Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>

More information about the samba-technical mailing list