'System' access to LDAPI without a bind in Samba4

Andrew Bartlett abartlet at samba.org
Wed Jun 10 22:01:06 GMT 2009

On Wed, 2009-06-10 at 07:54 -0400, simo wrote:
> On Wed, 2009-06-10 at 20:40 +1000, Andrew Bartlett wrote:
> > On Wed, 2009-06-10 at 17:26 +1000, tridge at samba.org wrote:
> > > > No, it belongs in GENSEC as another SASL mechanism.
> > > 
> > > ok. How will the gensec code get access to the file descriptor in the
> > > ldap server so it can ask the kernel who owns the other side of that
> > > fd? Is there a path to the fd somewhere inside the gensec structures?
> > 
> > Doing this cleanly will certainly be a challenge.  
> > 
> > It's not there at the moment.  I'm honestly not sure how best to pass
> > this in, but at worst we add a mechanism like ldb_opaque.  It could be
> > useful for passing out some other things anyway...
> Please don't use ldb_opaque for something like this.

I'm not talking about LDB here, but the idea of using a similar
mechanism to communicate the additional information from
source4/ldap_server to GENSEC.  I've considered doing something similar
to allow GENSEC users to pass in hints about how to use the auth
subsystem for NTLM authentication (ntlm_auth might know that it needs to
go via winbind for example).

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090611/eb0043fd/attachment.bin

More information about the samba-technical mailing list