pdb_xml

Anand Kumria wildfire at progsoc.uts.edu.au
Sun Apr 14 03:11:03 GMT 2002 

On Sun, Apr 14, 2002 at 10:02:37AM +0200, Simo Sorce wrote:
> On Sun, 2002-04-14 at 09:43, Anand Kumria wrote:
> > On Sat, Apr 13, 2002 at 05:02:10PM +0200, Jelmer Vernooij wrote:
> > > Hi!
> > > 
> > > Here's my proposal for the file format for the pdb_xml database
> > > backend. I haven't included the unknown* stuff yet, should that be
> > > included?
> > > 
> > > Comments, please!
> > 
> > I'd say try and avoid attributes if you can. I'd also move the
> > domain thing to the top element because I wouldn't imaging you
> > would have users from different domains in the file.
> > 
> > I'm not sure how groups might work though. 
> > 
> 
> you may have multihomed servers maybe in future we may support also
> multidomain servers.

Fair enough. Then making the domain an entity of each of user would
probably be more useful; i.e.

<samba>
	<user rid="#" uid="#">
		<domain>FOO</domain>
		<domain>BAR<domain>
		...
	</user>
> 
> > <samba domain="BLAH">
> >     <user rid="5424232" uid="423">
> > 	<username>
> > 		<nt>JelmerVernooij</nt>
> > 		<unix>jelmer</unix>
> > 		<vms>j32</vms>
> > 		<full>Jelmer Vernooij</full>
> > 	</username>
> ok
> 
> > 	<password>
> > 		<crypt type="md5">{encrypted}</crypt>
> > 		<crypt type="des">{encrypted}</crypt>
> > 		<crypt type="lanman32">{encrypted}</crypt>
> > 		<crypt type="xor">{encrypted}</crypt>
> > 		<last_change>01-02-2002</last_change>
> > 		<can_change>02-03-2002</can_change>
> > 		<must_change>03-04-2002</must_change>
> > 	</password>
> 
> why crypt type? We can use only lanman and nt type, not crypt, nor md5
> nor anyone else.

For now, yes. I'm not sure how the LDAP/Kerberos stuff is stored so I
thought extensibility might be a good idea. With type you can default
everything to a particular format (lanman) and store just the exceptions.

Although perhaps having a seperate element for each crypt type would be
more useful? Not sure.

> 
> > 	<account>
> > 		<group rid="#" gid="#">Administrators</group>
> > 		<group rid="#" gid="#">Power Users</group>
> 
> no setting group names into user account is not smart, what you do if a
> group is renamed? the SID should be stored

Would you suggest:

		<group rid="#" gid="#">SID#</group>

? I'm not familiar with how groups work or are represented via SMB so 
I'm sort of stabbing in the dark here.

Regards,
Anand

More information about the samba-technical mailing list