Fedora DS Support

Endi Sukma Dewata edewata at redhat.com
Wed Sep 2 16:18:29 MDT 2009


----- "Andrew Bartlett" <abartlet at samba.org> wrote:

> > Ok, I got it working now. I've verified in FDS access log that Samba is
> > authenticated using SASL. Thanks for the instructions. Attached is the
> > result.

> Great!  (and yes, I'll need to look into the segfault once I reproduce
> your success). 

Attached is the patch for enabling the SASL auth against FDS.

> We should just replace it with the samba mapping.  (Because we will
> never bind using any other user, and normal users  - ie those in
> dc=samba,dc=example,dc=com will not bind to the backend directly)

I ended up using a new SASL mapping for samba-admin which I put in front
of the other mappings. This is going to achieve the same result while still
allowing the original mapping to continue to work. This is done by prefixing
the samba-admin mapping with "z" because the ordering is based on reverse

> My original work to spit 00core.ldif from the 'important, but not quite
> core' schema is showing it's age.  You will probably need to re-adjust
> the balance, while trying not to import the whole schema (due to
> conflicts with the AD schema). 

I've discussed this with FDS people and they will fix it. In the mean time,
I was able to avoid the problem by importing the entries with setup-ds.pl
and ldif2db. Previously I was using ldapi but it failed when the schema is

Another thing, I changed the provisioning script so that it creates 2
credential objects: one for the directory manager (simple) and another
for samba-admin (SASL). The script will use the directory manager
credential for importing Samba objects. The samba-admin credential object
will only be used for creating the secrets database. For OpenLDAP, these
2 credential objects will be identical (SASL), so everything should work
the same as before.

Please let me know if you have any feedbacks about the patch. Thanks.

Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sasl.patch
Type: text/x-patch
Size: 16226 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090902/2de2b8b4/attachment.bin>

More information about the samba-technical mailing list