[Pkg-samba-maint] ldb modules dir and <ldb.h> placement: is ldb samba-specific or not?

Andrew Bartlett abartlet at samba.org
Mon Apr 11 22:38:24 BST 2022 

On Mon, 2022-04-11 at 12:39 +0300, Michael Tokarev wrote:
> 11.04.2022 12:29, Michael Tokarev wrote:
> ..
> > I don't even know how samba-dsdb-modules worked before
> > the merge. Before-ldb-merge samba-dsdb-modules  shipped
> > a symlink, $libdir/ldb/modules/ldb/samba, pointing to
> > ../../../samba/ldb (to where samba ldb modules are installed).
> > If ldb searches their modules recursively it should work.
> > If not and it uses regular path-search, it wont, since
> > samba-supplied modules would be like samba/wins_ldb.so,
> > not just wins_ldb.so.  Did these _ever_ work? :)
> 
> And yes it works: samba programs do use all these plugins
> with old (before-ldb-merge) samba package.  So apparently
> ldb performs the recursive modules load thing... or samba
> is using some trick in there, I dunno...
> 
> I tried to run a random ldb util, it was ldbsearch, and
> straced it, - apparently it readdir($modulesdir) for
> each path (in $LDB_MODULES_DIR too), and performs an
> recursive load of everything found in there! So it is
> not just a specific module which it loads, but *all*
> of them, no matter if they're needed or not. That's
> why all samba processes have them *all* open. Wow!..
> This is another quite.. unexpected thing to me to
> find.. ;)

Yeah.  They don't get used, but they get loaded in case they might want
to add to the command line handlers.

This is where it gets tricky - while Samba will force its own modules
path in, when running as Samba, we want to preserve behaviour where
folks can use ldbsearch -H ldap://ad.dc and be able to use NTLM and
Kerberos, plus Samba's version of ldap (yes, there are two ldap
clients, ldb has one I've never used in anger, based around openldap,
and Samba has one with ldap reimplemented). 

I (because naturally I develop) almost never use packaged Samba, I
don't get to experience this juggle day-to-day in terms of should
'ldbsearch' when invoked directly be 'plain' or 'featureful'.

Andrew

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

More information about the Pkg-samba-maint mailing list