From 743d4a474e1d80783f658fa1001a6d077fcfbede Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@symas.com>
Date: Tue, 17 Sep 2013 14:04:06 -0700
Subject: Use SASL/EXTERNAL over ldapi://

The provision script will map the uid of the user running the
script to the samba-admin LDAP DN.

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
---
 source4/setup/slapd.conf | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source4/setup/slapd.conf')

diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index 2eb65a3773..231ef82386 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -29,6 +29,10 @@ authz-regexp
           uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
           ldap:///cn=samba??one?(cn=\$1)
 
+authz-regexp
+	  gidNumber=.*\\\+uidNumber=${ADMIN_UID},cn=peercred,cn=external,cn=auth
+	  cn=samba-admin,cn=samba
+
 access to dn.base="" 
        by dn=cn=samba-admin,cn=samba manage
        by anonymous read
-- 
cgit