[PATCH] some cleanups for smbldap.c
vl at samba.org
vl at samba.org
Wed Apr 19 15:53:11 UTC 2017
On Wed, Apr 19, 2017 at 06:39:18PM +0300, Alexander Bokovoy via samba-technical wrote:
> We do SASL GSSAPI authentication against IPA LDAP server. The reason for
> that is because cifs/... principal has special rights in LDAP to read
> and write keys of TDO objects and ability to set up access to them for
> SSSD on IPA master.
>
> Thus, BIND callback is really important to have to FreeIPA.
>
> Would a similar
>
> void smbldap_set_bind_callback(struct smbldap_state*, bindproc, void *binddata);
>
> where bindproc is what we have already
>
> int (*bind_callback)(LDAP *ldap_struct, struct smbldap_state *ldap_state, void *data);
>
> be acceptable?
As a quick workaround, sure. I would however highly appreciate to get
proper authentication (based on gensec?) into smbldap proper. That's
one of the reasons why I started working on that: I want to get rid of
the special code in source3/libads/ldap.c. That also does "proper"
authentication, and I want that to use smbldap, or vice-versa. But
because smbldap looks more basic to me, the initial idea is to layer
ads_struct on top of smbldap. So smbldap needs to learn sasl.
Volker
More information about the samba-technical
mailing list