order of idmap backends
Andrew Bartlett
abartlet at samba.org
Thu Jun 26 05:12:27 GMT 2003
On Thu, 2003-06-26 at 14:54, Jeremy Allison wrote:
> On Thu, Jun 26, 2003 at 10:56:21AM +1000, Andrew Bartlett wrote:
> >
> > The way I was going to deal with this was the same way we deal with the
> > 'auth_winbind' code.
> >
> > I was going to make the default idmap backend work like this:
> >
> > idmap backend = idmap_winbind:idmap_tdb
> >
> > Where idmap_winbind would know it was in winbind and just pass all
> > operations on to idmap_tdb.
> >
> > Likewise, smbd would call idmap_winbind, and if winbind isn't there, it
> > would contact idmap_tdb directly.
> >
> > This means that only winbindd is allocating in the TDB, and can use it's
> > knowledge of 'it really is a group/user' until we work out a scheme
> > where we can do without this knowledge.
> >
> > Naturally, this also means that for the default setup, we should not
> > have a problem with 1-connection-per-smbd to the remote ldap server.
> > The ability to 'set' an IDMAP mapping can also occur on the winbind
> > pipe, protected by the 'winbind priv pipe' system.
> >
> > How does this sound?
>
> Sounds ok but please don't change this code. It has been broken
> for too long to for me to trust the changes.
OK...
> I will make this work over the next few days - including correct
> locking within idmap etc.
>
> Any changes I will revert as I need to ensure this code is production
> quality and I need complete control over it for the next few days.
As you know, I no longer commit changes directly into CVS - all my
patches are sent to samba-technical for peer review and approval.
And thank-you for taking a look at this - it's a nasty area and one of
the key features in Samba 3.0.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030626/4a0032de/attachment.bin
More information about the samba-technical
mailing list