summaryrefslogtreecommitdiff
path: root/pidl
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2009-09-09 12:45:24 -0400
committerAndrew Bartlett <abartlet@samba.org>2009-09-10 09:52:22 +1000
commitb1dabb11333a715b0e23e91eecaf29933ea383a7 (patch)
treeb93c72d4aa78a3de7df3001bcc7b322e3ac50810 /pidl
parenta224392649ffb81dc1d67f41a01dd983b76d513b (diff)
downloadsamba-b1dabb11333a715b0e23e91eecaf29933ea383a7.tar.gz
samba-b1dabb11333a715b0e23e91eecaf29933ea383a7.tar.bz2
samba-b1dabb11333a715b0e23e91eecaf29933ea383a7.zip
s4: Use SASL authentication against Fedora DS.
1. During instance creation the provisioning script will import the SASL mapping for samba-admin. It's done here due to missing config schema preventing adding the mapping via ldapi. 2. After that it will use ldif2db to import the cn=samba-admin user as the target of SASL mapping. 3. Then it will start FDS and continue to do provisioning using the Directory Manager with simple bind. 4. The SASL credentials will be stored in secrets.ldb, so when Samba server runs later it will use the SASL credentials. 5. After the provisioning is done (just before stopping the slapd) it will use the DM over direct ldapi to delete the default SASL mappings included automatically by FDS, leaving just the new samba-admin mapping. 6. Also before stopping slapd it will use the DM over direct ldapi to set the ACL on the root entries of the user, configuration, and schema partitions. The ACL will give samba-admin the full access to these partitions. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'pidl')
0 files changed, 0 insertions, 0 deletions