[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2090-g23b501e

Andrew Bartlett abartlet at samba.org
Sun Jun 7 09:30:37 GMT 2009

On Sat, 2009-06-06 at 06:10 -0500, Volker Lendecke wrote:
> The branch, master has been updated
>        via  23b501e02a15fe94e807e279c224e5657ce47af2 (commit)
>        via  256b227b27b599fffe5746bae7132a27e2c59dd4 (commit)
>        via  1769c8d81b8b4ad7bae77fabce2bf2051a7d32c1 (commit)
>        via  7194937eea7f12a9408655654777fe19832e338a (commit)
>       from  0e261d0e9c89ff11dc37b2bfd70c74c3a06486bd (commit)
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> - Log -----------------------------------------------------------------
> commit 23b501e02a15fe94e807e279c224e5657ce47af2
> Author: Volker Lendecke <vl at samba.org>
> Date:   Sat Jun 6 11:25:02 2009 +0200
>     Add an early prototyp of pdb_ads.c.
>     The purpose of this module is to connect to a locally running samba4 ldap
>     server for an alternative "Franky" setup. Right now it contains a couple of
>     gross hacks: For example it just takes the s4-chosed RID directly as uid/gid...
>     Checking in tldap and pdb_ads now, I think 3777 insertions are enough for a
>     start...

I think this is a really interesting idea.  I've for a long time wanted
to see an passdb module using the ADS schema, but never had the reason
to implement it.

> commit 256b227b27b599fffe5746bae7132a27e2c59dd4
> Author: Volker Lendecke <vl at samba.org>
> Date:   Fri May 29 10:48:54 2009 +0200
>     Allow access as SYSTEM on a privileged ldapi connection
>     This patch creates ldap_priv/ as a subdirectory under the private dir with the
>     appropriate permissions to only allow the same access as the privileged winbind
>     socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap
>     database.

Rather than this, I would really prefer to implement the EXTERNAL bind
with the unix credential passing system.  This would better match the
behaviour of other LDAP servers (such as OpenLDAP and Fedora DS).

> commit 1769c8d81b8b4ad7bae77fabce2bf2051a7d32c1
> Author: Volker Lendecke <vl at samba.org>
> Date:   Sat Jun 6 12:32:46 2009 +0200
>     Add some samba-style tldap utility functions
> commit 7194937eea7f12a9408655654777fe19832e338a
> Author: Volker Lendecke <vl at samba.org>
> Date:   Sat Jun 6 12:30:57 2009 +0200
>     Add the early start of an async ldap library
>     There's a lot of things this does not do yet: For example it does not parse the
>     reply blob in the sasl bind, it does not do anything with controls yet, a lot
>     of the ldap requests are not covered yet. But it provides a basis for me to
>     play with a pdb_ads passdb module.

Perhaps I'm missing something, but rather than build yet another LDAP
lib from scratch, why not just use async LDB and it's ldb_ildap?

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090607/f096ee53/attachment.bin

More information about the samba-technical mailing list