[IPA] SID allocation using DNA plugin

Endi Sukma Dewata edewata at redhat.com
Thu Nov 12 20:26:40 MST 2009


Please take a look at the attached patch.

For now the schemaIdGuid is generated using SHA256. If we want to
replace it with another mechanism I think we could do it in another

Now the code generates 2 Schema objects:
- AD schema only. This one is created in provision().
- AD schema + backend-specific schema. This one is created in
  OpenLDAPBackend and FDSBackend classes.

As mentioned earlier, I removed the changes to schema_syntax.c.
I also moved the lists of LDB modules for SAM database into the
backend classes.

Are these ok? Thanks!

Endi S. Dewata

----- "Andrew Bartlett" <abartlet at samba.org> wrote:

> It really does not matter.  Given what we use it for (a pipelined
> process), we could just make it random, or the binary form of the OID
> padded with zeros, but I like it being a bit deterministic.  

> That's not quite what I meant.  We should keep the Schema as was for the
> Samba schema, but *also* create a new schema object in the FDS and
> OpenLDAP backends, that has the schema used by the backends only. That
> way, we don't put backend classes into the client-visible schema.  

> Essentially: we want to reuse the schema code, but with different data.
> Once upon a time, this didn't even share code, but some of the tables
> and 'create a schema string from a ldap entry' were close enough that it
> became silly to keep two similar sets of code. 

> The only thing I don't like is the change to schema_syntax.c, and that's
> just because I'll need to look at it more carefully to understand that
> it's safe (the schema code is at the core of way we use LDB in Samba4). 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: use-samba3-attributes.patch
Type: text/x-patch
Size: 33090 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091112/ee8306af/attachment.bin>

More information about the samba-technical mailing list