SASL EXTERNAL in smbldap.c

Andrew Bartlett abartlet at
Wed Oct 19 21:46:15 GMT 2005

On Wed, 2005-10-19 at 23:38 +0400, Alexey Lobanov wrote:
> Hello all.
> I found a quite interesting strings in smbldap.c:
> /*******************************************************************
>  connect to the ldap server under system privilege.
> ******************************************************************/
> static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP
> * ldap_struct)
> ................
> /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
> (OpenLDAP) doesnt' seem to support it */
> The questions are: who and when wrote it? 

A very, very long time ago.

> And how to see this stuff
> again? SASL EXTERNAL works fine in modern Linux-based systems, both
> through Unix sockets (ldapi://) and through SSL (ldaps://).
> The aim is obvious: to remove plaintext administrative passwords from
> any files...

I would be happy to see this work.  Even other SASL mechs if it were
fairly easy to support. 

Andrew Bartlett

Andrew Bartlett                      
Samba Developer, SuSE Labs, Novell Inc.
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list