Fedora DS Support
Andrew Bartlett
abartlet at samba.org
Wed Aug 26 16:14:01 MDT 2009
On Wed, 2009-08-26 at 14:35 -0400, Endi Sukma Dewata wrote:
> Andrew,
>
> Attached is the patch created against the master branch. I haven't been
> able to test it because I'm still having a build problem with the
> master branch. So please feel free to try it. I'll let you know when I
> can get it to work. Thanks.
Endi,
Thanks for getting back to me quickly, as it means I can help redirect
your efforts. It seems I must have been unclear about the future of
those particular changes. We must remove them - not re-add them.
Setting that ACI makes Fedora DS completely insecure - because it
changes the ACL on each partition to be 'anonymous may do anything'. It
was a great hack when we first started this, but it must not be revived.
The patch I need from you, against master, is best summed up as:
'whatever is needed to make Fedora DS work as a backend, as pass as much
of make test as possible, using SASL authentication between Samba4 and
Fedora DS'.
The background to this is that I reworked the OpenLDAP backend to use
secure SASL authentication and strict access control between Samba4 and
OpenLDAP many months ago, but did not upgrade Fedora DS to that same
level of support. The Fedora DS backend needs to be upgraded to this
same level of maturity.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090827/13e92684/attachment.pgp>
More information about the samba-technical
mailing list