[OpenAFS-devel] re: re: replacing ptserver for AD integration

[Brett Trotter]

>Message: 5
>From: Atro Tossavainen <atossava@cc.helsinki.fi>

>> Ditch the ACLs and just do incrementals using the /afs filespace?

>(And be sure not to have any links to foreign cells anywhere in AFS lest
you start backing up the whole world at a _very_ slow rate :)

I thought of writing a script to parse through the mount list of "salvager
-nowrite -showmounts -showlog" to look for recursive mounts or non-local
mounts.

We had really hoped to backup ACLs though, and also not have to back up
entire user volumes every time. Not only is that a lot of tape for 10,000
volumes, but we then would have the tape running probably all day at
least.

We could do incrementals over the /afs file space fine and ditch the ACLs,
but what if we also wrote a script htat grabs a list of all the directory
ACLs for the entire local afs space and backs those up in a file for
emergency restoration if needed. Or on an even smaller granularity,
networker could execute a script to grab the acls of the directory its
backing up and store them in .networker-afs-acls before the backup or
something. Then in an emergency situation we could restore the backups and
then have a script go through and look at all the .networker-afs-acls
files and restore those acls.

Just a thought.


Also, regarding part of my original post.. Volker Lendke's ptproxy is a
fantastic way to replace the ptserver ubik database with AD calls via
winbind. I've been implementing some of the code myself, hopefully Volker
will approve- its been a while since I've worked in C code rather than
C++.

Thanks for your reply.

-Brett