[PATCH] Improve OpenLDAP backend

Howard Chu hyc at symas.com
Mon Sep 16 23:23:54 CEST 2013

Simo wrote:
> On Mon, 2013-09-16 at 10:07 -0700, Andrew Bartlett wrote:
>> These patches file off some of the rough edges around the OpenLDAP
>> backend, in particular allowing us to force DIGEST-MD5, allowing the
>> disable NTLMv2 patches to be dropped.
>> Next we just need the right patches for the slapd.conf to use mdb and
>> the right database names, and we should be at the point we got to
>> demonstrating last night.
>> Please review/merge.
>> Andrew Bartlett
> Is there any reason why we are not just using ldapi with external auth ?
> Why do we need actual authentication (besides checking uid is root) ?

That was my question too. I intend to write a patch for this; the provision 
script will set a slapd authz-regexp to map the <user running provision> to 
the samba-admin identity.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the samba-technical mailing list