[PATCH] some cleanups for smbldap.c

vl at samba.org vl at samba.org
Wed Apr 19 15:53:11 UTC 2017

On Wed, Apr 19, 2017 at 06:39:18PM +0300, Alexander Bokovoy via samba-technical wrote:
> We do SASL GSSAPI authentication against IPA LDAP server. The reason for
> that is because cifs/... principal has special rights in LDAP to read
> and write keys of TDO objects and ability to set up access to them for
> SSSD on IPA master.
> Thus, BIND callback is really important to have to FreeIPA.
> Would a similar 
>  void smbldap_set_bind_callback(struct smbldap_state*, bindproc, void  *binddata);
> where bindproc is what we have already
> int (*bind_callback)(LDAP *ldap_struct, struct smbldap_state *ldap_state, void *data);
> be acceptable?

As a quick workaround, sure. I would however highly appreciate to get
proper authentication (based on gensec?) into smbldap proper. That's
one of the reasons why I started working on that: I want to get rid of
the special code in source3/libads/ldap.c. That also does "proper"
authentication, and I want that to use smbldap, or vice-versa. But
because smbldap looks more basic to me, the initial idea is to layer
ads_struct on top of smbldap. So smbldap needs to learn sasl.


More information about the samba-technical mailing list