-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, Apr 14, 2002 at 08:04:35PM +1000, Anand Kumria wrote about 'Re: pdb_xml':
> On Sun, Apr 14, 2002 at 10:02:37AM +0200, Simo Sorce wrote:
> > On Sun, 2002-04-14 at 09:43, Anand Kumria wrote:
> > > On Sat, Apr 13, 2002 at 05:02:10PM +0200, Jelmer Vernooij wrote:
> > > > Here's my proposal for the file format for the pdb_xml database
> > > > backend. I haven't included the unknown* stuff yet, should that be
> > > > included?
> > > I'd say try and avoid attributes if you can. I'd also move the
> > > domain thing to the top element because I wouldn't imaging you
> > > would have users from different domains in the file.
> > > I'm not sure how groups might work though.
> > you may have multihomed servers maybe in future we may support also
> > multidomain servers.
> Fair enough. Then making the domain an entity of each of user would
> probably be more useful; i.e.
> <samba>
> <user rid="#" uid="#">
> <domain>FOO</domain>
> <domain>BAR<domain>
> ...
> </user>
AFAIK, each user can only be in one domain; that means we only need to
specify the domain once.
> > > <samba domain="BLAH">
> > > <user rid="5424232" uid="423">
> > > <username>
> > > <nt>JelmerVernooij</nt>
> > > <unix>jelmer</unix>
> > > <vms>j32</vms>
> > > <full>Jelmer Vernooij</full>
> > > </username>
> > > <password>
> > > <crypt type="md5">{encrypted}</crypt>
> > > <crypt type="des">{encrypted}</crypt>
> > > <crypt type="lanman32">{encrypted}</crypt>
> > > <crypt type="xor">{encrypted}</crypt>
> > > <last_change>01-02-2002</last_change>
> > > <can_change>02-03-2002</can_change>
> > > <must_change>03-04-2002</must_change>
> > > </password>
> > why crypt type? We can use only lanman and nt type, not crypt, nor md5
> > nor anyone else.
> For now, yes. I'm not sure how the LDAP/Kerberos stuff is stored so I
> thought extensibility might be a good idea. With type you can default
> everything to a particular format (lanman) and store just the exceptions.
> Although perhaps having a seperate element for each crypt type would be
> more useful? Not sure.
No, I don't think so. One <crypt> tag makes things more portable.
> > > <account>
> > > <group rid="#" gid="#">Administrators</group>
> > > <group rid="#" gid="#">Power Users</group>
> > no setting group names into user account is not smart, what you do if a
> > group is renamed? the SID should be stored
> Would you suggest:
> <group rid="#" gid="#">SID#</group>
> ? I'm not familiar with how groups work or are represented via SMB so
> I'm sort of stabbing in the dark here.
Mentioning both the RID and the SID is a bit 'overkill'; the SID
contains the RID (plus some other stuff).
Jelmer
- --
Jelmer Vernooij <[EMAIL PROTECTED]> - http://nl.linux.org/~jelmer/
Development And Underdevelopment: http://library.thinkquest.org/C0110231/
Listening to Radio 3FM
11:29:44 up 15:54, 7 users, load average: 1.54, 1.36, 1.35
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8uUz8Pa9Uoh7vUnYRAj60AJ9qO5wFco/ZjPBO1jSXxzily8rIVwCdEEhe
ZHYTn8pPLYLqoHNAmhAtbSY=
=jk+X
-----END PGP SIGNATURE-----
