Patches to head (become_root and some RPC stuff)

Doug VanLeuven ldx at
Wed Aug 25 00:21:56 GMT 1999

Michael Stockman wrote:

> You are using LDAP, right? The patches rely on trying to do something
> and failing. If the ldap server gives out the information to a process
> with user privileges, then you should get it. The idea is that smbd
> acts with your privileges and smbd thus cannot do anything you
> couldn't do anyway.
> I don't know LDAP, so please, could you tell me how the LDAP server is
> secured, because that is the key to what smbd is doing wrong.

I read thru this message again & got a different insight.  Any unix user can access
the LDAP database for read.  If they know the LDAP "root" password they can
modify it.
defaultaccess read

My slapd.conf

suffix  "o=LDX Micros, c=US"
rootdn  "uid=root, o=LDX Micros, c=US"

defaultaccess read
access to dn=".*, o=LDX Micros, c=US"
 by self write
 by * search

Samba binds to the rootdn using the secret password.
Am I getting a glimmer that this may need to be redone in a more restrictive way?

-- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax)
Chief Engineer, USMM roamdad at
Programmer/Analyst, SCWA doug at

More information about the samba-technical mailing list