[Samba] A few questions and propostions on the samba architecture
rpenny at samba.org
Fri Jul 13 08:29:54 UTC 2018
On Fri, 13 Jul 2018 09:36:14 +0200
Anton Engelhardt via samba <samba at lists.samba.org> wrote:
> Due to a few problems I encountered I had a tiny look at the samba
> code and gut a few questions, statements and propositions. Please by
> all means, correct me if I got something wrong.
> 1. besides filestore for shares and config files samba uses ldb as an
> exclusive storage backend
> 1. LDB supports TDB, LDAP and SQLITE3 backend
> 2. Samba hard codes to TDB files like "sam.ldb"
There is ongoing work to use LDAP instead of LDB, but it is very much a
WIP, I do not know of any woek to use SQLITE3.
> 2. ldap does not support any server side actions
> 1. Not possible to implement "on create class user
Well no, but you can add a couple of attributes (Which are added and
used if you create users & groups from Windows ADUC) and then write a
script around 'samba-tool user create'
> 2. Only possible to define required/optional attributes
Not sure what you mean here, surely being able to update the schema is
a good thing.
> 3. ldap service is provided trough ldb-ldap -> tdb
> I don't know if it is a good idea, but when using something like
> sqlite3 it would be possible to use "CREATE TRIGGER", to perform some
> automation magic on server side, like giving out uidNumber and
As I said, it can be done, you just need to script it yourself.
> Or even use "CREATE VIEW" with "CREATE TRIGGER" to implement fancy
> stuff like server side transparent password token validation.
Samba-tool will tell you if a password doesn't meet the required
> Depending on my undarstanding of the current architecture and the
> state of the ldb sqlite backend this would seem like the easiest
> approach, correct me if I'm too far off.
I cannot see SQLITE3 ever being used, the LDAP work as been ongoing for
years and still doesn't work (last time I heard).
More information about the samba