[IPA] SID allocation using DNA plugin

Endi Sukma Dewata edewata at redhat.com
Thu Nov 12 01:09:54 MST 2009


Andrew,

Attached is a 'preview' of the changes I'm making for removing the
dependency on the full Samba 3 schema shipped with FDS and instead
using a subset of Samba 3 schema shipped with Samba.

In this patch I'm converting examples/LDAP/samba3.schema into AD-LDIF
using the oLschema2ldif. As I mentioned earlier, there are some
attributes that I had to add before it can be loaded properly.

The schemaIdGuid currently is generated by hashing the OID using MD5.
If we use another method such as SHA256 that generates longer hash
values, can I just use the first 16 byte as the GUID? Would that
increase the risk of collision, or does it matter at all?

I also removed some of the mappings I added previously because it's
no longer necessary with partial Samba 3 schema (no more conflicts).

In the provisioning tool the Schema object creation has been moved
inside the xxxBackend class so that each backend can generate a custom
schema that works for the backend. This allows FDSBackend to add
additional prefix maps without changing the global prefixMap.txt.

I also moved some of the FDS-specific variables into the FDSBackend
class for better encapsulation. There are some other OpenLDAP-specific
variables also, but that's for another patch.

I've tested this patch on top of the latest code from master branch
with the default, FDS, and OpenLDAP backend. So far everything seems
to be working consistently, there's no more crashing.

Are these ok so far? Thanks!

--
Endi S. Dewata


----- "Andrew Bartlett" <abartlet at samba.org> wrote:

> > However, I'm still missing the schemaIdGuid. How do I get the value of
> > this attribute for each Samba 3 schema element? Is it generated randomly
> > or converted from another value, and which function should I use?
> 
> MD5(OID) perhaps?  (That would be unique and consistent).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: use-samba3-attributes.patch
Type: text/x-patch
Size: 31823 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091112/00387922/attachment.bin>


More information about the samba-technical mailing list