Andrew Bartlett abartlet at
Sat Aug 9 04:05:24 GMT 2008

On Fri, 2008-08-08 at 10:38 +0200, Oliver Liebel wrote:
> my proposal:
> in this early test-stage (unencrypted sync)
> we could set up three (ssha-crypted) rootpws for the corresponding
> subcontexts: schema, config, user in slapd.conf
> so we dont need the samba-admin for replication purposes.
> in a later stage (e.g. using sasl-bind with TLS/External)  the
> cert-dn can be mapped by authz-regexp to the account we want/need.

That all seems very reasonable.  I would like to see SASL used in the end.

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list