Does anybody use idmap_adex?
Gerald Carter
jerry at plainjoe.org
Mon Jun 28 09:20:36 MDT 2010
Hey Volker,
On 06/28/2010 10:07 AM, Volker Lendecke wrote:
> Part of what I want to test is possible changes to for
> example the routine _nss_adex_get_info(). This has code like
>
> {
> NTSTATUS nt_status;
> struct likewise_cell *cell;
>
> nt_status = _idmap_adex_init(NULL, NULL);
> if (!NT_STATUS_IS_OK(nt_status))
> return nt_status;
>
> if ((cell = cell_list_head()) == NULL) {
> return NT_STATUS_INVALID_SERVER_STATE;
> }
>
> return cell->provider->get_nss_info(sid, ctx, homedir,
> shell, gecos, p_gid);
> }
>
>
> which to me very much looks like having to do with Likewise
> Cells. But I might be completely wrong, and that is part of
> the problem: I do not fully understand the code in for
> example provider_unified.c, and I am not intellectually
> capable enough to fully understand it without running the
> code at all.
Yeah. It's a bit of a tough spot. The "struct likewise_cell"
is a scoping object. But in this case, the scope is actually
the forest and not a particular OU. There is a cell structure
per domain which also acts as the connection caching mechanism
IIRC. So there should be a list of likewise_cell structures,
one per domain. I'd had to look at the code again to remember
how the GC connection handling is done.
There's some neat features in it and at the time, I really felt
it was a more flexible and robust module than idmap_ad due to
the support for trusts and things like aliases names for users
and group.
But....(remaining thoughts below)
> I might be wrong here, but to me it looks like that
> _idmap_adex_init calls cell_locate_membership. I am a bit
> worried that I break something in that realm when making
> changes to the cell->provider->get_nss_info call which seems
> to call search_cell_list() for example. I would like to be
> able to run that code and see how it behaves, not the least
> to be able to understand what it actually does before making
> changes.
I think that unless a large number of ppl strongly object, I would
remove it. As we both know, I don't have time to support or
test it any more either. And as you point out, without at least
some of the historical background, the code is a bit confusing.
cheers, jerry
More information about the samba-technical
mailing list