[Samba] Group Mapping in MySQL backend
jelmer at samba.org
Wed Feb 4 18:22:11 GMT 2004
On Wed, Feb 04, 2004 at 06:01:42PM +0100, Bjoern Scheuermann wrote about 'Re: [Samba] Group Mapping in MySQL backend':
> > > I'd maybe be willing to try doing this on my own, if sombeody could give
> > > me some hints on how to start. Is it just the implementation of the
> > > methods for storing and retrieving the group mappings which I've found in
> > > the LDAP backend code? Or is there anything more to do?
> > Yep, that's all.
> Doesn't seem to be much of a problem then, maybe I'll really try this. I have
> to finish some other stuff first, too; maybe in two or three weeks.
> I also consider a little patch for being able to use one single table for
> nss_mysql's and samba's data. More precise, I don't want smbpasswd -a or a
> samba domain join to fail if a row with the given UID/username already
> exists, but rather to fill the "samba-columns", i.e. doing an UPDATE instead
> of an INSERT, if the ID already exists.
That's a one-liner. INSERT should be replaced with REPLACE in that
> > > > And - by the way - is there any reason why pdb_mysql should not (yet)
> > > > be used in larger installations (several hundert clients), or why
> > > > several servers shouldn't share one common database? Are there any
> > > > experiences regarding such installations, or are any problems already
> > > > known?
> > > Nobody using it with more than a few users/clients?
> > > What a pitty...
> > There are a couple of large installations out there. It's just that LDAP
> > is more commonly used for user databases. Other reasons might be:
> > - libnss_mysql doesn't work very well (at least, last time I tried it)
> Works fine for me at the moment, although just in a really small experimental
> setup. Do you have some more information on what kind of problems occured?
> Maybe I could do some more specific tests then.
I had random crashes, etc, so I wrote my own
libnss_mysql back then. I'm not sure how the code is these days,
> > - user databases are most of the time read-only operations, something
> > LDAP is optimized for
> > - Easier extension of fields stored for users - it's easy to add a
> > schema, while in MySQL you would have to modify your table.
> We're working on an authentication scheme for server installations in schools,
> and we'll regularly have some quite complicated and large-scale automated
> modifications in the user and group structure -- at least once a year.
> Additionally we have some privilege-related user- and group-metadata with
> various kinds of relations, which doesn't fit into a tree structure very well
> and gets updated quite often.
> Therefore we got the idea of putting it all into a SQL database.
Ah, cool. It's always nice to hear when people are using the software
you wrote :-)
Jelmer Vernooij <jelmer at samba.org>
My Samba bugs: 18
More information about the samba