[PATCH] Create a 'binddns dir' for files used by the bind_dlz module and named

Andrew Bartlett abartlet at samba.org
Tue Sep 5 05:31:47 UTC 2017


On Tue, 2017-09-05 at 06:09 +0200, Volker Lendecke wrote:
> On Tue, Sep 05, 2017 at 07:22:39AM +1200, Andrew Bartlett via samba-technical wrote:
> > How does that handle transactions?  I wanted to do this over ldapi when
> > it started, but I understood that oddities meant that we needed direct
> > LDB access and transactions. 
> 
> My 2ct on transactions: Either you bundle a larger operation that
> requires multiple steps into a single extended operation and execute
> that in the ldap server under a transaction. Or -- over ldapi just
> *do* transactions like we do them now with ldb. It's ldapi, we can
> check for root. Why can't we just block and unblock the ldb in an
> exop? Functionally, that should not make a difference. Also, you have
> a better way to kill a rogue client after a minute or so if it does
> not finish its transaction in that time frame.

Volker,

I agree both are reasonable approaches.

I also wonder if there was already a solved way to handle matching the
DNS transactions to something constrained in LDAP, and mention that
issue so we don't forget that detail in the rush to an alternate
solution. 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba-technical mailing list