tldap search paged
swen
swen at linux.ibm.com
Thu Apr 9 16:05:06 UTC 2020
On Wed, 2020-04-08 at 10:19 -0700, Jeremy Allison wrote:
> On Wed, Apr 08, 2020 at 07:07:57PM +0200, swen wrote:
> > On Wed, 2020-04-08 at 09:07 -0700, Jeremy Allison wrote:
> > > You haven't explained *why* you need this code.
> > Hmm sorry, I thought I did say that I'm in the process of creating
> > a
> > winbindd_ldap which is supposed to replace winbindd_ads.
>
> Can you start with explaining your overall design
> for this, rather than diving into low-level coding.
>
The base goal is to lay the foundation for a series
of winbind improvements.
The replacement of the ADS-API in winbindd by the tldap library
is just
the first step.
Further goals in this area are:
- Improve the failover times for disappeared DC
- optimize the kerberos ticket handling in such a way that
existing
tickets are used instead of triggering a new auth request
- centralize the DC connection management to support a reliable and
fast detection of connection loss and reconnection process
- integrate and condense the required code and functionality to
a minimum number of layers and remove APIs and layers not required.
As a first step we decided to align the ldap libraries and
move the
functionality, included in winbindd_ads.c,
to use the tldap library.
Since we didn't want to reinvent the wheel we started using the
functio
nality offered by the tldap-/tldap_util-library which does offer
already a few of the required features.
As a starting point of this first step, we replace each externally
trig
gered function (callbacks) from the winbindd_ads.c
by pure-ldap
versions.
Not only that this is the least invasive approach but it eases the
test
ing as the results and timings are easy to compare.
I hope this explains things and motivates you all to support the small
modifications suggested by my patch-set.
Cheers Swen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20200409/23b9be29/signature.sig>
More information about the samba-technical
mailing list