Fedora DS Support

Andrew Bartlett abartlet at samba.org
Tue Sep 8 20:38:01 MDT 2009


On Tue, 2009-09-08 at 22:31 -0400, Endi Sukma Dewata wrote:
> Andrew,
> 
> ----- "Andrew Bartlett" <abartlet at samba.org> wrote:
> 
> > > 1. During instance creation it will import the SASL mapping for
> > >    samba-admin. It's done here because of the schema problem I mentioned
> > >    previously preventing adding the mapping via ldapi.
> > 
> > Is there work being done to fix that?  Even if ldif2db is the right
> > approach long term, we should have the schema right. 
> 
> Yes, this is the FDS bug that I opened last week for the schema issue:
> https://bugzilla.redhat.com/show_bug.cgi?id=520921
> 
> It's tentatively planned to be fixed in FDS 1.2.3. The solution is still
> being discussed because there are some complexities related to upgrading
> existing FDS instance.
> 
> In my opinion we shouldn't rely on this bug to be fixed in FDS 1.2.x
> because it's probably going to be complicated to determine reliably which
> version of FDS is installed, whether it has the right schema, and then
> make provisioning script to use different methods for different FDS
> versions. Instead, we should just use ldif2db that's going to work with
> any FDS version. I think it'll make more sense to wait until FDS 1.3.x
> if we want to replace ldif2db with a more optimized method. What do you
> think?
> 
> > > 5. The aci attribute has been removed from Samba schema. It no longer
> > >    uses *_fds.ldif files. The ACL is hardcoded in provision.py.
> > 
> > Can you avoid using LDIF to add that?  If you create a LdbMessageElement
> > (and then an LdbMessage to feed to ldb.modify()), and the """text
> > string""" syntax, then you should be able to avoid all the escape
> > madness in current patch. 
> 
> Do you have a short example on how to use these classes? I'm still
> new to Python. Thanks!

Sorry, I meant to point this out to you:

See lib/ldb/tests/python/api.py for a great set of examples.

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090909/32d00721/attachment.pgp>


More information about the samba-technical mailing list