[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6056) Samba4 breaks OpenLDAP over ldapi

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6056) Samba4 breaks OpenLDAP over ldapi
From: michael@stroeder.com
Date: Tue, 26 May 2009 13:41:05 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

abartlet@samba.org wrote:
> Samba4 always uses SASL credentials these days (trying to avoid simple
> binds).

libsasldb2.so is not required for a SASL bind with password-based
mechanism. You can store the passwords in attribute userPassword (in
clear-text). So the security consideration is more about password
storage than SASL vs. simple bind on the wire.

>  Perhaps it's time to investigate EXTERNAL

That would be good anyway since in Samba4 the result of standard
provision is LDAPI access anyway. So you could directly map the Unix
user smbd is running as (root?) with authz-regexp to directory user
samba-admin. Well, we already discussed that.. ;-)

Ciao, Michael.

Prev by Date: Re: (ITS#6056) Samba4 breaks OpenLDAP over ldapi
Next by Date: (ITS#6145) Resource leaks shown when running cppcheck against openldap
Index(es):
- Chronological
- Thread