On Tue, Oct 01, 2002 at 09:49:53PM +0000, [EMAIL PROTECTED] wrote about 'Simplifying the multiple password backend code in HEAD and 3.0.': > Spurred on by some complaints in IRC :-) I took a look at the passdb > backend code in HEAD and 3.0. > > It looks nice, but it's horribly complex for what it needs to do > (IMHO). Is there any real reason to have multiple possible backends > simultaneously in a cascaded interface ? > > I can see the benefits of a plug-in architecture to allow different > backends to be tested, but what we need is to do *one* good backend > implementation (my vote would be for an LDAP one) and then use that > to implement others - modfying the interfaces as needed to support > any idiosyncracies that come out of the different backends. > > If someone wants to change from one backend to another a decent > export_all/import_all interface method is all we need (probably > using the enumerate methods). Changing backends is a major thing > to do (IMHO) as it means moving data between different databases, > and I'm worried that the existing code makes it look as though you > can just change a parameter and have it happen automatically. > > Comments welcome..... but I do want to start cutting out some of > this code soon. I originally wrote this code, but I agree. Having multiple backends can be useful some times (I used such a configuration at my school - saving machine accounts in tdbsam, students accounts in a mysql db and teacher accounts in another mysql db - thus not having to modify any student administration tools or php scripts that used these tables as well).
Multiple passdb backends should be supported in a seperate passdb backend. A plugin possibly. That's exactly the way we will implement it in sam as well. Currently we don't do any checking on whether a user exists in more than one database (in getpwnam for example), and there are more like problems. Jelmer
