summaryrefslogtreecommitdiff
path: root/examples/LDAP/smbldap-tools/INFRASTRUCTURE
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-12-05 13:57:02 +0000
committerGerald Carter <jerry@samba.org>2003-12-05 13:57:02 +0000
commit814591c0c5054b29978ba9c4b8842b921fe2bc89 (patch)
tree5e6f0c50eb913e05bbc4c4cfe6a3ee2da82a0b36 /examples/LDAP/smbldap-tools/INFRASTRUCTURE
parent1d4978d7225c3bab6374bb3f6aa5d563e69f52cf (diff)
downloadsamba-814591c0c5054b29978ba9c4b8842b921fe2bc89.tar.gz
samba-814591c0c5054b29978ba9c4b8842b921fe2bc89.tar.bz2
samba-814591c0c5054b29978ba9c4b8842b921fe2bc89.zip
* removing extra file
* updating version in Makefile (This used to be commit 3249e69274c00922c6d8710019c19d8c8add8255)
Diffstat (limited to 'examples/LDAP/smbldap-tools/INFRASTRUCTURE')
-rw-r--r--examples/LDAP/smbldap-tools/INFRASTRUCTURE11
1 files changed, 11 insertions, 0 deletions
diff --git a/examples/LDAP/smbldap-tools/INFRASTRUCTURE b/examples/LDAP/smbldap-tools/INFRASTRUCTURE
index 25fbda8599..e14ec70e02 100644
--- a/examples/LDAP/smbldap-tools/INFRASTRUCTURE
+++ b/examples/LDAP/smbldap-tools/INFRASTRUCTURE
@@ -1,3 +1,5 @@
+# $Source: /data/src/mirror/cvs/samba/examples/LDAP/smbldap-tools/INFRASTRUCTURE,v $
+#
## Some notes about the architecture
@@ -41,6 +43,15 @@ man smb.conf for more):
domain admin group = " @"Domain Admins" "
+However, to make pdb_ldap accept bind without being uid=0, a quick and
+dirty patch must be applied to 2.2.4 (see samba-2.2.4-ldapbindnotuid0.patch).
+This patch is Q&D because the check is there because Samba store admin
+credentials to establish the LDAP connection. The uid == 0 check was to
+ensure that a normal user could not get write access to the LDAP backend.
+A more logical situation should be done for 2.2.5 by checking if the user
+is a member of the domain admin group (reported to Jerremy and Gerald
+2002-05-28).
+
Other built in groups are really cosmetic ones with Samba 2.2.x. We did not
removed them because one of these days, we whish to use Samba 3.0 where
Windows Group Support should be operational.