[PATCH] Create a 'binddns dir' for files used by the bind_dlz module and named
Alexander Bokovoy
ab at samba.org
Wed Sep 6 13:28:11 UTC 2017
On ti, 05 syys 2017, Andrew Bartlett via samba-technical wrote:
> On Tue, 2017-09-05 at 06:09 +0200, Volker Lendecke wrote:
> > On Tue, Sep 05, 2017 at 07:22:39AM +1200, Andrew Bartlett via samba-technical wrote:
> > > How does that handle transactions? I wanted to do this over ldapi when
> > > it started, but I understood that oddities meant that we needed direct
> > > LDB access and transactions.
> >
> > My 2ct on transactions: Either you bundle a larger operation that
> > requires multiple steps into a single extended operation and execute
> > that in the ldap server under a transaction. Or -- over ldapi just
> > *do* transactions like we do them now with ldb. It's ldapi, we can
> > check for root. Why can't we just block and unblock the ldb in an
> > exop? Functionally, that should not make a difference. Also, you have
> > a better way to kill a rogue client after a minute or so if it does
> > not finish its transaction in that time frame.
>
> Volker,
>
> I agree both are reasonable approaches.
>
> I also wonder if there was already a solved way to handle matching the
> DNS transactions to something constrained in LDAP, and mention that
> issue so we don't forget that detail in the rush to an alternate
> solution.
There is nothing like that, unfortunately. Volker is fully right in his
proposals.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list