[Samba] A few questions and propostions on the samba architecture

Rowland Penny rpenny at samba.org
Fri Jul 13 08:29:54 UTC 2018 

On Fri, 13 Jul 2018 09:36:14 +0200
Anton Engelhardt via samba <samba at lists.samba.org> wrote:

> Due to a few problems I encountered I had a tiny look at the samba
> code and gut a few questions, statements and propositions. Please by
> all means, correct me if I got something wrong.
> 
>  1. besides filestore for shares and config files samba uses ldb as an
>     exclusive storage backend
>      1. LDB supports TDB, LDAP and SQLITE3 backend
>      2. Samba hard codes to TDB files like "sam.ldb"

There is ongoing work to use LDAP instead of LDB, but it is very much a
WIP, I do not know of any woek to use SQLITE3.

>  2. ldap does not support any server side actions
>      1. Not possible to implement "on create class user
>         uidNumber=get_next_free_uid()"

Well no, but you can add a couple of attributes (Which are added and
used if you create users & groups from Windows ADUC) and then write a
script around 'samba-tool user create'

>      2. Only possible to define required/optional attributes

Not sure what you mean here, surely being able to update the schema is
a good thing.

>      3. ldap service is provided trough ldb-ldap -> tdb
> 
> I don't know if it is a good idea, but when using something like
> sqlite3 it would be possible to use "CREATE TRIGGER", to perform some
> automation magic on server side, like giving out uidNumber and
> gidNumber.

As I said, it can be done, you just need to script it yourself.

> 
> Or even use "CREATE VIEW" with "CREATE TRIGGER" to implement fancy
> stuff like server side transparent password token validation.

Samba-tool will tell you if a password doesn't meet the required
complexity.

> 
> Depending on my undarstanding of the current architecture and the
> state of the ldb sqlite backend this would seem like the easiest
> approach, correct me if I'm too far off.
> 

I cannot see SQLITE3 ever being used, the LDAP work as been ongoing for
years and still doesn't work (last time I heard).

Rowland

More information about the samba mailing list