Avoiding further (LDAP) stack proliferation in Samba
Ralph Boehme
slow at samba.org
Tue Jun 9 09:45:00 UTC 2020
Am 5/22/20 um 3:02 PM schrieb Stefan Metzmacher via samba-technical:
> As you know I like the idea of having things implemented just once!
> But as found out in the past this is a lot of work and
> replacing everything at once is often not possible.
> We learnt that we sometimes have to do small steps with intermediate
> states, which we sometimes not like, but at the same time require
> in order to make progress at all.
>
> There're a lot of things I'd like to see:
> 1. The ldb api should not be used for pure LDAP users,
> it's bad enough that the strange async model exists at all!
> We should hope that it's only used for LDAP for command line
> tools in a sync fashion.
> 2. source3/lib/tldap_gensec_bind.c should use gensec_update_send/recv
> 3. tldap makes use of the "client ldap sasl wrapping" and other
> options, which are use by source4/libcli/ldap/ and
> source3/libads/
> 4. We can add some helpers to get/pass 'struct ldb_message' from/to
> tldap c.
> 5. users of source4/libcli/ldap/ should move to the tldap api
> - lib/ldb-samba/ldb_ildap.c can become lib/ldb-samba/ldb_tldap.c
> 6. libads should go away it, at least it's low level internals
> maybe it can be build on top of tldap as a first step in
> order to avoid a rewrite of all non-winbind users.
> 7. winbindd should avoid libads and only use tldap.
>
> But the goal of
> https://gitlab.com/samba-team/samba/-/merge_requests/1351
> is moving along with 7.
>
> And I'm not seeing why we would require 4, 5, 6 before doing 7.
> They would be nice to have, but they tasks for another day.
this sounds reasonable.
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20200609/605acb31/signature.sig>
More information about the samba-technical
mailing list