order of idmap backends

Andrew Bartlett abartlet at samba.org
Thu Jun 26 05:12:27 GMT 2003 

On Thu, 2003-06-26 at 14:54, Jeremy Allison wrote:
> On Thu, Jun 26, 2003 at 10:56:21AM +1000, Andrew Bartlett wrote:
> > 
> > The way I was going to deal with this was the same way we deal with the
> > 'auth_winbind' code.
> > 
> > I was going to make the default idmap backend work like this:
> > 
> > idmap backend = idmap_winbind:idmap_tdb
> > 
> > Where idmap_winbind would know it was in winbind and just pass all
> > operations on to idmap_tdb.  
> > 
> > Likewise, smbd would call idmap_winbind, and if winbind isn't there, it
> > would contact idmap_tdb directly.
> > 
> > This means that only winbindd is allocating in the TDB, and can use it's
> > knowledge of 'it really is a group/user' until we work out a scheme
> > where we can do without this knowledge.
> > 
> > Naturally, this also means that for the default setup, we should not
> > have a problem with 1-connection-per-smbd to the remote ldap server. 
> > The ability to 'set' an IDMAP mapping can also occur on the winbind
> > pipe, protected by the 'winbind priv pipe' system.
> > 
> > How does this sound?
> 
> Sounds ok but please don't change this code. It has been broken
> for too long to for me to trust the changes.

OK...

> I will make this work over the next few days - including correct
> locking within idmap etc.
> 
> Any changes I will revert as I need to ensure this code is production
> quality and I need complete control over it for the next few days.

As you know, I no longer commit changes directly into CVS - all my
patches are sent to samba-technical for peer review and approval.

And thank-you for taking a look at this - it's a nasty area and one of
the key features in Samba 3.0.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030626/4a0032de/attachment.bin

More information about the samba-technical mailing list