samba-technical@lists.samba.org
[Top] [All Lists]

Re: Winbind's offline state and idmap_ldap

Subject: Re: Winbind's offline state and idmap_ldap
From: simo
Date: Mon, 19 Feb 2007 12:37:09 -0500
On Mon, 2007-02-19 at 11:16 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Simo,
> 
> > Ok, when in offline mode you should just ignore the error 
> > code: NT_STATUS_SYNCHRONIZATION_REQUIRED and take
> > the returned struct id_map as good. When back online such
> > an error should trigger a call to the backend to
> > refresh and confirm it.
> 
> Why is this different than how the normal winbindd
> cache manager behaves.  If you are offline, just don't
> expire the cache,  Why should the caller have to check for
> mutliple error codes?  If you are offline, the cache
> manager should just say NT_STATUS_OK and not expire the
> record.

The problem is that per current design the cache do not call directly
the backends, rather returns an error and idmap has the responsibility
of calling the backends and update the cache accordingly.
This may not be the best design now that we are introducing the
online/offline concept here but it was what I came up before this.

> I don't understand the advantage to using a different design
> and adding more weight and work to the caller.

Another reason is that we absolutely don;t want to expire a cache if for
some reason we are not able to actually refresh it. If the backend for
some reason can't resolve a SID/UID/GID we should not delete the
mapping, in my design you delete a mapping from the cache only if you
know it is really to be deleted because the backend confirmed it has
been deleted in the main storage.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra@xxxxxxxxx
http://samba.org

<Prev in Thread] Current Thread [Next in Thread>