[IPA] SID allocation using DNA plugin

Endi Sukma Dewata edewata at redhat.com
Wed Oct 28 15:00:31 MDT 2009


Please take a look at the attached patches.

Patch #0004 removes the redundant usage of SID in password_hash module as
we discussed previously.

Patch #0005 adds an "sid generator" parameter to flip the switch for using
the DNA plugin for SID allocation:

I think the patch #0004 can be applied independently from patch #0001-0003
that I've submitted previously, but patch #0005 is dependent on all of them.
Please let me know if you want me to resubmit these patches.


Endi S. Dewata

----- "Andrew Bartlett" <abartlet at samba.org> wrote:

> > It seems like the use of search filter here is redundant because the
> base DN and
> > the scope point to the domain object directly. Is it correct?
> > 
> > If that's case can we use a NULL filter in this search, so we don't
> need the domain
> > SID, meaning we don't need to check the objectSid in the previous
> method. This way
> > the SID can be generated by the backend. Is this correct?
> This is a reasonable assumption.  We had in the past written parts of
> Samba in a more generic way, trying to support the creation of
> multiple
> domains in a single Samba server.  We don't try this any more, and a
> patch to remove this would be gladly accepted.

More information about the samba-technical mailing list