[Samba] Group Mapping in MySQL backend

Jelmer Vernooij jelmer at samba.org
Wed Feb 4 18:22:11 GMT 2004

Hi Bjoern,

On Wed, Feb 04, 2004 at 06:01:42PM +0100, Bjoern Scheuermann wrote about 'Re: [Samba] Group Mapping in MySQL backend':
> > > I'd maybe be willing to try doing this on my own, if sombeody could give
> > > me some hints on how to start. Is it just the implementation of the
> > > methods for storing and retrieving the group mappings which I've found in
> > > the LDAP backend code? Or is there anything more to do?
> > Yep, that's all.

> Doesn't seem to be much of a problem then, maybe I'll really try this. I have 
> to finish some other stuff first, too; maybe in two or three weeks.

> I also consider a little patch for being able to use one single table for 
> nss_mysql's and samba's data. More precise, I don't want smbpasswd -a or a 
> samba domain join to fail if a row with the given UID/username already 
> exists, but rather to fill the "samba-columns", i.e. doing an UPDATE instead 
> of an INSERT, if the ID already exists.
That's a one-liner. INSERT should be replaced with REPLACE in that

> > > > And - by the way - is there any reason why pdb_mysql should not (yet)
> > > > be used in larger installations (several hundert clients), or why
> > > > several servers shouldn't share one common database? Are there any
> > > > experiences regarding such installations, or are any problems already
> > > > known?

> > > Nobody using it with more than a few users/clients?
> > > What a pitty...

> > There are a couple of large installations out there. It's just that LDAP
> > is more commonly used for user databases. Other reasons might be:

> > - libnss_mysql doesn't work very well (at least, last time I tried it)
> Works fine for me at the moment, although just in a really small experimental 
> setup. Do you have some more information on what kind of problems occured? 
> Maybe I could do some more specific tests then.
I had random crashes, etc, so I wrote my own
libnss_mysql back then. I'm not sure how the code is these days,

> > - user databases are most of the time read-only operations, something
> > LDAP is optimized for
> > - Easier extension of fields stored for users - it's easy to add a
> > schema, while in MySQL you would have to modify your table.

> We're working on an authentication scheme for server installations in schools, 
> and we'll regularly have some quite complicated and large-scale automated 
> modifications in the user and group structure -- at least once a year. 
> Additionally we have some privilege-related user- and group-metadata with 
> various kinds of relations, which doesn't fit into a tree structure very well 
> and gets updated quite often.
> Therefore we got the idea of putting it all into a SQL database.
Ah, cool. It's always nice to hear when people are using the software
you wrote :-)


Jelmer Vernooij                                              <jelmer at samba.org>
http://samba.org/~jelmer/                             http://samba.vernstok.nl/
My Samba bugs: 18 

More information about the samba mailing list