-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!
Discussion moved to samba-technical. > Instead of just doing a pdb_getsampwnam() on the name from pass struct, > I would prefer that we instead change the callers. Most of the callers > can be changed to do the pdb_getsampwnam() instead of Get_Pwnam(), now > that we have unixsam giving us access to all users. (This is why we > didn't do this before). To be honest I would like to get rid of the necessity of unixsam for encrypted passwords. One case where this breaks: You want a workstation to join your domain. You do not want to use 'add user script', so you add the wks account to /etc/passwd. _api_samr_create_user says user exists, and after that set_userinfo creates the account in passdb. And boom, you again have algorithmic mapping in your rich passdb backend. I am not sure if metze's new passdb code covers this case, but there are so many cases like this where pdb_getsampwnam succeeding just from unixsam is not transparent enough for the caller. > Given that we need passdb and groups in 3.0, I woud support merging it > in there. In particualar this should simplify greatly the 'name -> sid' > and 'sid -> name' code. (Add calls for these to the interface). If I started to rewrite the group mapping API, I would like to remove the enumgroups call. This is just too ugly for large numbers of groups. And people *will* use lots of groups, especially as we do not have support for nested groups. And when automagically creating group mappings, I would like to create them as domain groups and not as aliases. I think this is what users would expect. It also removes the annoying messages that NT does not like aliases as a user's primary group. Volker -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Key-ID ADE377D8, Fingerprint available: phone +49 551 3700000 iD8DBQE9qE5PZeeQha3jd9gRAgYtAJ9WxUJ3Wzc9IVasZvuQi1vFl413qACcCAhy O+0OO6J8WTqpOxHR0F+oXm8= =+CCE -----END PGP SIGNATURE-----
