Fedora DS Support
Endi Sukma Dewata
edewata at redhat.com
Mon Aug 31 23:02:20 MDT 2009
----- "Andrew Bartlett" <abartlet at samba.org> wrote:
> > I've been looking at the code and thinking to do this:
> > 1. Create cn=samba partition in FDS.
> > 2. As FDS directory manager, add user cn=samba-admin,cn=samba to the
> > directory and set the password in clear text.
> > 3. Setup SASL mapping for samba-admin to the above user.
> > 4. Change the auth for Samba-to-FDS from anonymous to SASL as
> > samba-admin as in Samba-to-OpenLDAP.
> > Is this the correct approach? I've figured out how to do #1 and #3.
> Yes, I think this is exactly the right approach. The only other thing
> you might consider is if you can create the cn=samba-admin,cn=samba user
> via an 'initial LDIF' fragment into FDS.
> > I was trying to do #2 by adding another partition in samdb, but
> > it seems that an LDB can only have one rootDomainNamingContext,
> > so I can't add cn=samba because the root context is dc=samba,dc=example,
> > dc=com. Another alternative is to do this by invoking ldapi
> Yes, you should do this against ldapi directly.
Ok, I got it working now. I've verified in FDS access log that Samba is
authenticated using SASL. Thanks for the instructions. Attached is the
There's an issue about SASL mapping, by default the FDS includes this
dn: cn=uid mapping,cn=mapping,cn=sasl,cn=config
cn: uid mapping
But for samba-admin I need the following mapping:
cn: uid mapping
To avoid conflict I have to change the regex of the first mapping
to: ^(?!samba-admin)$. I'm not sure if this is actually working.
Also, Samba only includes the 00core.ldif and 99_ad.ldif schema files
which is causing the FDS to complain about undefined schema for some
of its configuration objects (cn=config). For now I have to partially
include some additional FDS schema files.
Do you have any suggestions about these issues? I will check with
FDS people too. I'll post the patch after these issues get resolved.
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 48398 bytes
Desc: not available
More information about the samba-technical