summaryrefslogtreecommitdiff
path: root/examples/LDAP/smbldap-tools/INFRASTRUCTURE
diff options
context:
space:
mode:
Diffstat (limited to 'examples/LDAP/smbldap-tools/INFRASTRUCTURE')
-rw-r--r--examples/LDAP/smbldap-tools/INFRASTRUCTURE11
1 files changed, 11 insertions, 0 deletions
diff --git a/examples/LDAP/smbldap-tools/INFRASTRUCTURE b/examples/LDAP/smbldap-tools/INFRASTRUCTURE
index 25fbda8599..e14ec70e02 100644
--- a/examples/LDAP/smbldap-tools/INFRASTRUCTURE
+++ b/examples/LDAP/smbldap-tools/INFRASTRUCTURE
@@ -1,3 +1,5 @@
+# $Source: /data/src/mirror/cvs/samba/examples/LDAP/smbldap-tools/INFRASTRUCTURE,v $
+#
## Some notes about the architecture
@@ -41,6 +43,15 @@ man smb.conf for more):
domain admin group = " @"Domain Admins" "
+However, to make pdb_ldap accept bind without being uid=0, a quick and
+dirty patch must be applied to 2.2.4 (see samba-2.2.4-ldapbindnotuid0.patch).
+This patch is Q&D because the check is there because Samba store admin
+credentials to establish the LDAP connection. The uid == 0 check was to
+ensure that a normal user could not get write access to the LDAP backend.
+A more logical situation should be done for 2.2.5 by checking if the user
+is a member of the domain admin group (reported to Jerremy and Gerald
+2002-05-28).
+
Other built in groups are really cosmetic ones with Samba 2.2.x. We did not
removed them because one of these days, we whish to use Samba 3.0 where
Windows Group Support should be operational.
generated by cgit (git 2.34.1) at 2024-06-28 09:29:18 +0000