Use SASL/EXTERNAL over ldapi://

The provision script will map the uid of the user running the script to the samba-admin LDAP DN. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
author: Howard Chu <hyc@symas.com> 2013-09-17 14:04:06 -0700
committer: Nadezhda Ivanova <nivanova@samba.org> 2013-09-18 19:47:55 +0200
commit: 743d4a474e1d80783f658fa1001a6d077fcfbede (patch)
tree: 506570ff9bb9488a860544edaf2d76b8bab869cf /source4/setup
parent: 6bf59b03d72b94b71e53fc2404c11e0d237e41b2 (diff)
download: samba-743d4a474e1d80783f658fa1001a6d077fcfbede.tar.gz
samba-743d4a474e1d80783f658fa1001a6d077fcfbede.tar.bz2
samba-743d4a474e1d80783f658fa1001a6d077fcfbede.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index 2eb65a3773..231ef82386 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -29,6 +29,10 @@ authz-regexp
           uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
           ldap:///cn=samba??one?(cn=\$1)
 
+authz-regexp
+	  gidNumber=.*\\\+uidNumber=${ADMIN_UID},cn=peercred,cn=external,cn=auth
+	  cn=samba-admin,cn=samba
+
 access to dn.base="" 
        by dn=cn=samba-admin,cn=samba manage
        by anonymous read
author	Howard Chu <hyc@symas.com>	2013-09-17 14:04:06 -0700
committer	Nadezhda Ivanova <nivanova@samba.org>	2013-09-18 19:47:55 +0200
commit	743d4a474e1d80783f658fa1001a6d077fcfbede (patch)
tree	506570ff9bb9488a860544edaf2d76b8bab869cf /source4/setup
parent	6bf59b03d72b94b71e53fc2404c11e0d237e41b2 (diff)
download	samba-743d4a474e1d80783f658fa1001a6d077fcfbede.tar.gz samba-743d4a474e1d80783f658fa1001a6d077fcfbede.tar.bz2 samba-743d4a474e1d80783f658fa1001a6d077fcfbede.zip