Some more PR effort... Standalone from UNIX ====================
One of the primary tenants of the 'new SAM' is that it would not attempt to deal with 'what unix id for that'. This would be left to the 'SMS' (Sid Mapping System') or SID farm, and probably administered via winbind. We have had constructive discussion on how 'basic' unix accounts like 'root' would be handled, and we think this can work. Accounts not preexisting in unix would be served up via winbind. This is an *optional* part, and my preferred end-game. We have a fare way to go before things like winbind up to it however. Handles and Races in the new SAM ================================ One of the things that the 'new SAM' work has tried to face is both compatibility with existing code, and a closer alignment to the SAMR interface. I consider SAMR to be a 'primary customer' to the this work, because if we get alignment with that wrong, things get more, rather than less complex. Also, most other parts of Samba are much more flexible with what they can allow. In any case, that was a decision taken as to how the general design would progress. BTW, my understanding of SAMR may be completely flawed. One of the most race-prone areas of the new code is the conflicting update problem. We have taken two approaches: - 'Not conflicting' conflicts. Due to the way usrmgr operates, it will open a user, display all the properties and *save* them all, even if you don't change any. For this, see what I've done in rpc_server/srv_samr_util.c. I intend to take this one step further, and operate on the 'handle' that the values were read from. This should mean that we only update things that have *really* changed. - 'conflicting' updates: Currently we don't deal with this (in passdb or the new sam stuff), but the design is sufficiently flexible to 'deny' a second update. I don't foresee locking records however. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
