[Patch] Add an idmap implementation to winbind
idra at samba.org
Fri Feb 15 06:59:33 GMT 2008
On Fri, 2008-02-15 at 07:48 +0100, Stefan (metze) Metzmacher wrote:
> > You can start with just using the default partition imo, we will se if
> > there is any reason to split it in a separate one.
> > sam.ldb will require schema though.
> And that's bad, we need work without any schema changes!
What's the problem with additional schema ?
> So I think it's good to have an idmap.ldb.
> Later we can create a new samdb.ldb idmap backend,
> but for now it should be very simple.
We can settle for a compromise, it will just be other work to do yet
again "later", maybe its ok this way.
> > Yes sidmap used the assumption that pure ldb with tdb backend never
> > blocks. But as soon as you consider using an ldap uri instead of a tdb
> > file (which is a very neat way to use a common shared server between
> > different member servers without changing a single line of code), then
> > this does not hold true anymore.
> I think relying on the tdb backend is ok for now.
> The goal should be to have something very simple that works.
> The next step should be that only the winbind task uses
> the idmap interface and all others use winbind.
Yes I agree we should not use idmapping directly from smbd again.
> (This should allow us to also use a samba3 winbindd)
> And the last step can be to have multiple idmap backends,
> and use async ldb calls.
Not sure about the multiple idmap backends, I'd rather have a standard
way to store mappings that is compatible with also storing them in AD
(even if it requires a schema extension), and at most have different
allocation strategies, but there is time to discuss about this later.
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>
More information about the samba-technical