Fedora DS Support

Andrew Bartlett abartlet at samba.org
Mon Sep 7 05:45:53 MDT 2009

On Fri, 2009-09-04 at 17:26 -0400, Endi Sukma Dewata wrote:
> Andrew,
> ----- "Andrew Bartlett" <abartlet at samba.org> wrote:
> > The best way might be to provision as directory manager, and bound over
> > LDAPI directly remove the SASL mappings before we start, also fix ACI
> > once we are done.  We should still have pretty good control over the DS
> > (and not be exposed on TCP) at this point - I hope!
> Please have a look at the attached patch. It does the following:
> 1. During instance creation it will import the SASL mapping for
>    samba-admin. It's done here because of the schema problem I mentioned
>    previously preventing adding the mapping via ldapi.

Is there work being done to fix that?  Even if ldif2db is the right
approach long term, we should have the schema right. 

> 2. After that it will use ldif2db to import the cn=samba-admin.
> 3. Then it will start FDS and continue to do provisioning using DM with
>    simple bind to as before.
> 4. The SASL credentials will be stored in secrets.ldb, so when Samba
>    server runs later it will use the SASL credentials.


> 5. The aci attribute has been removed from Samba schema. It no longer
>    uses *_fds.ldif files. The ACL is hardcoded in provision.py.

Can you avoid using LDIF to add that?  If you create a LdbMessageElement
(and then an LdbMessage to feed to ldb.modify()), and the """text
string""" syntax, then you should be able to avoid all the escape
madness in current patch. 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090907/aa40ac59/attachment.pgp>

More information about the samba-technical mailing list