[IPA] SID allocation using DNA plugin
Endi Sukma Dewata
edewata at redhat.com
Wed Oct 28 15:00:31 MDT 2009
Andrew,
Please take a look at the attached patches.
Patch #0004 removes the redundant usage of SID in password_hash module as
we discussed previously.
Patch #0005 adds an "sid generator" parameter to flip the switch for using
the DNA plugin for SID allocation:
http://www.freeipa.org/page/Samba_4_SID_Allocation_using_DNA_Plugin
I think the patch #0004 can be applied independently from patch #0001-0003
that I've submitted previously, but patch #0005 is dependent on all of them.
Please let me know if you want me to resubmit these patches.
Thanks!
--
Endi S. Dewata
----- "Andrew Bartlett" <abartlet at samba.org> wrote:
> > It seems like the use of search filter here is redundant because the
> base DN and
> > the scope point to the domain object directly. Is it correct?
> >
> > If that's case can we use a NULL filter in this search, so we don't
> need the domain
> > SID, meaning we don't need to check the objectSid in the previous
> method. This way
> > the SID can be generated by the backend. Is this correct?
>
> This is a reasonable assumption. We had in the past written parts of
> Samba in a more generic way, trying to support the creation of
> multiple
> domains in a single Samba server. We don't try this any more, and a
> patch to remove this would be gladly accepted.
More information about the samba-technical
mailing list