[Date Prev][Date Next]
Re: (ITS#6056) Samba4 breaks OpenLDAP over ldapi
Content-Type: text/plain; charset="UTF-8"
On Tue, 2009-05-26 at 15:40 +0200, Michael Str=C3=B6der wrote:
> firstname.lastname@example.org wrote:
> > Samba4 always uses SASL credentials these days (trying to avoid simple
> > binds).
> libsasldb2.so is not required for a SASL bind with password-based
> mechanism. You can store the passwords in attribute userPassword (in
> clear-text). So the security consideration is more about password
> storage than SASL vs. simple bind on the wire.
Which we already use. Regardless, Howard's great detective work shows
it still gets in the way.=20
> > Perhaps it's time to investigate EXTERNAL
> That would be good anyway since in Samba4 the result of standard
> provision is LDAPI access anyway. So you could directly map the Unix
> user smbd is running as (root?) with authz-regexp to directory user
> samba-admin. Well, we already discussed that.. ;-)
We did. =20
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----