[PATCH] New external idmap module
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed May 31 07:35:44 GMT 2006
On Tue, May 30, 2006 at 06:46:17PM -0400, simo wrote:
> Another one is for example that with a daemon you don't have to
> initialize a new sql connection at each required mapping or any other
> potentially slow operation.
What other slow operation do you see except new mappings? I
know that you want to be able to change existing mappings
now and then, but I do not want to make this possible with
shipped main code. I fear this is getting us in a lot of
trouble.
> > BTW, thinking about it... Why would a central daemon not be
> > able to map a SID to a unix ID? The whole point of the idmap
> > range is that we are free to allocate from that. This is
> > another assumption quite deep in the code. Thus negative
> > hits happen exactly once per SID. What am I missing here?
>
> Have you thought what happen when you use idmap_ad and a user/group does
> not have any rfc2307 attribute associated?
> Same thing.
Sure, but this is a broken configuration that I do not want
to optimize for. If for every such SID you fork every time
you hit it, fine by me. The admin should go in and put a
mapping into his AD or have the user in question not
connect.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060531/87857591/attachment.bin
More information about the samba-technical
mailing list