summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-07-15 15:07:13 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-07-15 15:07:13 +1000
commit532899386b229fc4e72303d18e951686634c8757 (patch)
tree83f588e6a9a3009788bb02fc0df27b76b3ce2c74 /source4/dsdb
parentf5d18f4d241907950e079dcbfe1c724358187ec0 (diff)
downloadsamba-532899386b229fc4e72303d18e951686634c8757.tar.gz
samba-532899386b229fc4e72303d18e951686634c8757.tar.bz2
samba-532899386b229fc4e72303d18e951686634c8757.zip
Use secrets.ldb to store credentials to contact LDAP backend.
This makes Samba4 behave much like Samba3 did, and use a single set of administrative credentials for it's connection to LDAP. Andrew Bartlett (This used to be commit e396a59788d77aa2fbf3b523c3773fe0e5c976c0)
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/samdb.c27
1 files changed, 26 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index acc2c2a9a1..b5b7ddfdc6 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -39,6 +39,8 @@
#include "dsdb/common/flags.h"
#include "param/param.h"
#include "lib/events/events.h"
+#include "auth/credentials/credentials.h"
+#include "param/secrets.h"
char *samdb_relative_path(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
@@ -67,6 +69,28 @@ char *samdb_relative_path(struct ldb_context *ldb,
return full_name;
}
+struct cli_credentials *samdb_credentials(TALLOC_CTX *mem_ctx,
+ struct event_context *event_ctx,
+ struct loadparm_context *lp_ctx)
+{
+ struct cli_credentials *cred = cli_credentials_init(mem_ctx);
+ if (!cred) {
+ return NULL;
+ }
+ cli_credentials_set_conf(cred, lp_ctx);
+
+ /* We don't want to use krb5 to talk to our samdb - recursion
+ * here would be bad, and this account isn't in the KDC
+ * anyway */
+ cli_credentials_set_kerberos_state(cred, CRED_DONT_USE_KERBEROS);
+
+ if (!NT_STATUS_IS_OK(cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL, NULL,
+ SECRETS_LDAP_FILTER))) {
+ /* Perfectly OK - if not against an LDAP backend */
+ return NULL;
+ }
+ return cred;
+}
/*
connect to the SAM database
@@ -80,7 +104,8 @@ struct ldb_context *samdb_connect(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb;
ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx,
lp_sam_url(lp_ctx), session_info,
- NULL, 0, NULL);
+ samdb_credentials(mem_ctx, ev_ctx, lp_ctx),
+ 0, NULL);
if (!ldb) {
return NULL;
}