From 743d4a474e1d80783f658fa1001a6d077fcfbede Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 17 Sep 2013 14:04:06 -0700 Subject: Use SASL/EXTERNAL over ldapi:// The provision script will map the uid of the user running the script to the samba-admin LDAP DN. Signed-off-by: Howard Chu Reviewed-by: Andrew Bartlett Reviewed-by: Nadezhda Ivanova --- python/samba/provision/backend.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'python') diff --git a/python/samba/provision/backend.py b/python/samba/provision/backend.py index 24d8675258..5360ef41f5 100644 --- a/python/samba/provision/backend.py +++ b/python/samba/provision/backend.py @@ -255,7 +255,7 @@ class LDAPBackend(ProvisionBackend): # Kerberos to an ldapi:// backend makes no sense self.credentials.set_kerberos_state(DONT_USE_KERBEROS) self.credentials.set_password(self.ldapadminpass) - self.credentials.set_forced_sasl_mech("DIGEST-MD5") + self.credentials.set_forced_sasl_mech("EXTERNAL") self.secrets_credentials = Credentials() self.secrets_credentials.guess(self.lp) @@ -263,7 +263,7 @@ class LDAPBackend(ProvisionBackend): self.secrets_credentials.set_kerberos_state(DONT_USE_KERBEROS) self.secrets_credentials.set_username("samba-admin") self.secrets_credentials.set_password(self.ldapadminpass) - self.secrets_credentials.set_forced_sasl_mech("DIGEST-MD5") + self.secrets_credentials.set_forced_sasl_mech("EXTERNAL") self.provision() @@ -533,7 +533,8 @@ class OpenLDAPBackend(LDAPBackend): "OLC_MMR_CONFIG": olc_mmr_config, "REFINT_CONFIG": refint_config, "INDEX_CONFIG": index_config, - "NOSYNC": nosync_config}) + "ADMIN_UID": str(os.getuid()), + "NOSYNC": nosync_config,}) self.setup_db_config(os.path.join(self.ldapdir, "db", "forestdns")) self.setup_db_config(os.path.join(self.ldapdir, "db", "domaindns")) -- cgit