[Samba] Group Mapping in MySQL backend
bjoern at solution.de
Wed Feb 4 17:01:42 GMT 2004
thanks for your reply!
> > > are there any plans to add some support for storing not only user
> > > information, but also group mappings in the MySQL passdb backend? Or
> > > are there problems I'm not aware of why this cannot be done?
> After I finish the registry library work, this is one of the things I'm
> going to look at next. Could take a few months though...
> > I'd maybe be willing to try doing this on my own, if sombeody could give
> > me some hints on how to start. Is it just the implementation of the
> > methods for storing and retrieving the group mappings which I've found in
> > the LDAP backend code? Or is there anything more to do?
> Yep, that's all.
Doesn't seem to be much of a problem then, maybe I'll really try this. I have
to finish some other stuff first, too; maybe in two or three weeks.
I also consider a little patch for being able to use one single table for
nss_mysql's and samba's data. More precise, I don't want smbpasswd -a or a
samba domain join to fail if a row with the given UID/username already
exists, but rather to fill the "samba-columns", i.e. doing an UPDATE instead
of an INSERT, if the ID already exists.
> > > And - by the way - is there any reason why pdb_mysql should not (yet)
> > > be used in larger installations (several hundert clients), or why
> > > several servers shouldn't share one common database? Are there any
> > > experiences regarding such installations, or are any problems already
> > > known?
> > Nobody using it with more than a few users/clients?
> > What a pitty...
> There are a couple of large installations out there. It's just that LDAP
> is more commonly used for user databases. Other reasons might be:
> - libnss_mysql doesn't work very well (at least, last time I tried it)
Works fine for me at the moment, although just in a really small experimental
setup. Do you have some more information on what kind of problems occured?
Maybe I could do some more specific tests then.
> - user databases are most of the time read-only operations, something
> LDAP is optimized for
> - Easier extension of fields stored for users - it's easy to add a
> schema, while in MySQL you would have to modify your table.
We're working on an authentication scheme for server installations in schools,
and we'll regularly have some quite complicated and large-scale automated
modifications in the user and group structure -- at least once a year.
Additionally we have some privilege-related user- and group-metadata with
various kinds of relations, which doesn't fit into a tree structure very well
and gets updated quite often.
Therefore we got the idea of putting it all into a SQL database.
More information about the samba