Fedora DS Support

Andrew Bartlett abartlet at samba.org
Thu Sep 10 03:19:31 MDT 2009 

On Wed, 2009-09-09 at 22:26 -0400, Endi Sukma Dewata wrote: 
> Andrew,
> 
> ----- "Andrew Bartlett" <abartlet at samba.org> wrote:
> 
> > > Is there a problem with the current Samba code?
> > 
> > Not that I know of.  Was this a clean build?  Can you give a
> > backtrace?
> 
> I think it was clean, but I will try again tomorrow.
> 
> > > Next I'll be working on the SID allocation using DNA plugin as I mentioned
> > > sometime ago. I need to add the binary support on the DNA plugin first, then
> > > I'll contact you when it's ready to be used by Samba.
> > 
> > Why binary?  We can convert the SID into a string in the simple_ldap_map
> > module if it makes it easier. 
> 
> To my understanding the SID is stored as binary in FDS. In order to use the DNA
> plugin we need to split the SID into a static prefix and a dynamically generated
> integer. Currently the DNA plugin can only work with string prefix, also the
> integer would be concatenated to the prefix as string. To generate binary SID the
> DNA plugin needs to support binary prefix and binary concatenation.

Urgh.  You would have to start an invalid NDR structure as the prefix
(because otherwise it will have the wrong number of sub-authorities).

> Are you suggesting we can store SID as string in FDS? That certainly will eliminate
> the need to fix the DNA plugin, but we probably need a different schema for Samba
> and FDS. Also would there be a big performance impact?

I don't think so.  I think it's the best approach - we could also rename
to sambaSID.  

BTW, when next submitting patches please check 'make quicktest', to
ensure you don't break the normal LDB backend when fixing things for
Fedora DS.  Also check the OpenLDAP backend if at all possible.

Andrew Bartlett 

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090910/dc50771b/attachment.pgp>

More information about the samba-technical mailing list