[PATCH] some cleanups for smbldap.c

vl at samba.org vl at samba.org
Wed Apr 19 16:03:35 UTC 2017


On Wed, Apr 19, 2017 at 07:00:52PM +0300, Alexander Bokovoy wrote:
> > As a quick workaround, sure. I would however highly appreciate to get
> > proper authentication (based on gensec?) into smbldap proper. That's
> > one of the reasons why I started working on that: I want to get rid of
> > the special code in source3/libads/ldap.c. That also does "proper"
> > authentication, and I want that to use smbldap, or vice-versa. But
> > because smbldap looks more basic to me, the initial idea is to layer
> > ads_struct on top of smbldap. So smbldap needs to learn sasl.
> I can make a patch that introduces SASL GSSAPI similar what we have in
> ipasam. A general helper should be fine but I need to think more on
> how to pass authentication information as 
> 
> bool smbldap_set_creds(struct smbldap_state *ldap_state, bool anon, const char *dn, const char *secret);
> 
> is not enough -- we should probably move to a better way to specify
> creds.

Right. That's why I referred to gensec. As much as I disagree with the
bloat and non-asynchrony of gensec_update it brings, this is our
solution to do such things.

Volker



More information about the samba-technical mailing list