Hi Jelmer, thanks for your reply!
> > > are there any plans to add some support for storing not only user > > > information, but also group mappings in the MySQL passdb backend? Or > > > are there problems I'm not aware of why this cannot be done? > > After I finish the registry library work, this is one of the things I'm > going to look at next. Could take a few months though... > > > I'd maybe be willing to try doing this on my own, if sombeody could give > > me some hints on how to start. Is it just the implementation of the > > methods for storing and retrieving the group mappings which I've found in > > the LDAP backend code? Or is there anything more to do? > > Yep, that's all. Doesn't seem to be much of a problem then, maybe I'll really try this. I have to finish some other stuff first, too; maybe in two or three weeks. I also consider a little patch for being able to use one single table for nss_mysql's and samba's data. More precise, I don't want smbpasswd -a or a samba domain join to fail if a row with the given UID/username already exists, but rather to fill the "samba-columns", i.e. doing an UPDATE instead of an INSERT, if the ID already exists. > > > And - by the way - is there any reason why pdb_mysql should not (yet) > > > be used in larger installations (several hundert clients), or why > > > several servers shouldn't share one common database? Are there any > > > experiences regarding such installations, or are any problems already > > > known? > > > > Nobody using it with more than a few users/clients? > > What a pitty... > > There are a couple of large installations out there. It's just that LDAP > is more commonly used for user databases. Other reasons might be: > > - libnss_mysql doesn't work very well (at least, last time I tried it) Works fine for me at the moment, although just in a really small experimental setup. Do you have some more information on what kind of problems occured? Maybe I could do some more specific tests then. > - user databases are most of the time read-only operations, something > LDAP is optimized for > - Easier extension of fields stored for users - it's easy to add a > schema, while in MySQL you would have to modify your table. We're working on an authentication scheme for server installations in schools, and we'll regularly have some quite complicated and large-scale automated modifications in the user and group structure -- at least once a year. Additionally we have some privilege-related user- and group-metadata with various kinds of relations, which doesn't fit into a tree structure very well and gets updated quite often. Therefore we got the idea of putting it all into a SQL database. Bjoern -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
