Re: (ITS#6056) Samba4 breaks OpenLDAP over ldapi

Tuesday, 26 May 2009



--=-Qa9s282ZNKloqhE3QHt5
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, 2009-05-26 at 15:40 +0200, Michael Str=C3=B6der wrote:
...
 abartlet(a)samba.org wrote:
 > Samba4 always uses SASL credentials these days (trying to avoid simple
 > binds).
=20
 libsasldb2.so is not required for a SASL bind with password-based
 mechanism. You can store the passwords in attribute userPassword (in
 clear-text). So the security consideration is more about password
 storage than SASL vs. simple bind on the wire. 
Which we already use.  Regardless, Howard's great detective work shows
it still gets in the way.=20

...
 >  Perhaps it's time to investigate EXTERNAL
=20
 That would be good anyway since in Samba4 the result of standard
 provision is LDAPI access anyway. So you could directly map the Unix
 user smbd is running as (root?) with authz-regexp to directory user
 samba-admin. Well, we already discussed that.. ;-) 
We did. =20

Andrew Bartlett

--=20
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com


--=-Qa9s282ZNKloqhE3QHt5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

...PGP SIGNATURE...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQBKHJj0z4A8Wyi0NrsRAqkfAJ4jsghUdEiUTnOHsmG2Bg9njDe6agCeN4hF
aNRmEnt5qtFNRw7WtnaXqto=
=midd
-----END PGP SIGNATURE----- 
--=-Qa9s282ZNKloqhE3QHt5--

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006