Fedora DS Support
Endi Sukma Dewata
edewata at redhat.com
Mon Aug 31 17:00:40 MDT 2009
----- "Andrew Bartlett" <abartlet at samba.org> wrote:
> > In #3 I will add the SASL authentication. I might send another
> > patch here.
> Good. One particular task will be to figure out how to add a SASL user
> into Fedora DS. (We add them to OpenLDAP using it's LDIF backend and
> manually constructed LDIF).
I've been looking at the code and thinking to do this:
1. Create cn=samba partition in FDS.
2. As FDS directory manager, add user cn=samba-admin,cn=samba to the
directory and set the password in clear text.
3. Setup SASL mapping for samba-admin to the above user.
4. Change the auth for Samba-to-FDS from anonymous to SASL as
samba-admin as in Samba-to-OpenLDAP.
Is this the correct approach? I've figured out how to do #1 and #3.
I was trying to do #2 by adding another partition in samdb, but
it seems that an LDB can only have one rootDomainNamingContext,
so I can't add cn=samba because the root context is dc=samba,dc=example,
dc=com. Another alternative is to do this by invoking ldapi directly,
but I'm not sure how to do that from Python. Do you have an example?
About #4, where in the code does it set the anonymous connection for
FDS and SASL for OpenLDAP?
Endi S. Dewata
More information about the samba-technical