tldap search paged

swen swen at linux.ibm.com
Thu Apr 9 16:05:06 UTC 2020 

On Wed, 2020-04-08 at 10:19 -0700, Jeremy Allison wrote:
> On Wed, Apr 08, 2020 at 07:07:57PM +0200, swen wrote:
> > On Wed, 2020-04-08 at 09:07 -0700, Jeremy Allison wrote:
> > > You haven't explained *why* you need this code.
> > Hmm sorry, I thought I did say that I'm in the process of creating
> > a
> > winbindd_ldap which is supposed to replace winbindd_ads.
> 
> Can you start with explaining your overall design
> for this, rather than diving into low-level coding.
> 
The base goal is to lay the foundation for a series
of winbind improvements.
The replacement of the ADS-API in winbindd by the tldap library
is just
the first step.

Further goals in this area are:

- Improve the failover times for disappeared DC

- optimize the kerberos ticket handling in such a way that 
  existing
tickets are used instead of triggering a new auth request

- centralize the DC connection management to support a reliable and 
 
fast detection of connection loss and reconnection process

- integrate and condense the required code and functionality to
  a minimum number of layers and remove APIs and layers not required.

As a first step we decided to align the ldap libraries and
move the
functionality, included in winbindd_ads.c,
to use the tldap library.

Since we didn't want to reinvent the wheel we started using the 
functio
nality offered by the tldap-/tldap_util-library which does offer
already a few of the required features.

As a starting point of this first step, we replace each externally 
trig
gered function (callbacks) from the winbindd_ads.c 
by pure-ldap
versions.
Not only that this is the least invasive approach but it eases the 
test
ing as the results and timings are easy to compare.

I hope this explains things and motivates you all to support the small
modifications suggested by my patch-set.

Cheers Swen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20200409/23b9be29/signature.sig>

More information about the samba-technical mailing list