diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2009-09-09 12:45:24 -0400 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-09-10 09:52:22 +1000 |
commit | b1dabb11333a715b0e23e91eecaf29933ea383a7 (patch) | |
tree | b93c72d4aa78a3de7df3001bcc7b322e3ac50810 /librpc/idl | |
parent | a224392649ffb81dc1d67f41a01dd983b76d513b (diff) | |
download | samba-b1dabb11333a715b0e23e91eecaf29933ea383a7.tar.gz samba-b1dabb11333a715b0e23e91eecaf29933ea383a7.tar.bz2 samba-b1dabb11333a715b0e23e91eecaf29933ea383a7.zip |
s4: Use SASL authentication against Fedora DS.
1. During instance creation the provisioning script will import the SASL
mapping for samba-admin. It's done here due to missing config schema
preventing adding the mapping via ldapi.
2. After that it will use ldif2db to import the cn=samba-admin user as
the target of SASL mapping.
3. Then it will start FDS and continue to do provisioning using the
Directory Manager with simple bind.
4. The SASL credentials will be stored in secrets.ldb, so when Samba
server runs later it will use the SASL credentials.
5. After the provisioning is done (just before stopping the slapd)
it will use the DM over direct ldapi to delete the default SASL
mappings included automatically by FDS, leaving just the new
samba-admin mapping.
6. Also before stopping slapd it will use the DM over direct ldapi to
set the ACL on the root entries of the user, configuration, and
schema partitions. The ACL will give samba-admin the full access
to these partitions.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'librpc/idl')
0 files changed, 0 insertions, 0 deletions