Fedora DS Support

Endi Sukma Dewata edewata at redhat.com
Mon Aug 31 17:00:40 MDT 2009


----- "Andrew Bartlett" <abartlet at samba.org> wrote:

> >    In #3 I will add the SASL authentication. I might send another
> >    patch here.
> Good.  One particular task will be to figure out how to add a SASL user
> into Fedora DS. (We add them to OpenLDAP using it's LDIF backend and
> manually constructed LDIF).

I've been looking at the code and thinking to do this:

1. Create cn=samba partition in FDS.
2. As FDS directory manager, add user cn=samba-admin,cn=samba to the
   directory and set the password in clear text.
3. Setup SASL mapping for samba-admin to the above user.
4. Change the auth for Samba-to-FDS from anonymous to SASL as
   samba-admin as in Samba-to-OpenLDAP.

Is this the correct approach? I've figured out how to do #1 and #3.

I was trying to do #2 by adding another partition in samdb, but
it seems that an LDB can only have one rootDomainNamingContext,
so I can't add cn=samba because the root context is dc=samba,dc=example,
dc=com. Another alternative is to do this by invoking ldapi directly,
but I'm not sure how to do that from Python. Do you have an example?

About #4, where in the code does it set the anonymous connection for
FDS and SASL for OpenLDAP?


Endi S. Dewata

More information about the samba-technical mailing list