[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6056) Samba4 breaks OpenLDAP over ldapi



abartlet@samba.org wrote:
> Samba4 always uses SASL credentials these days (trying to avoid simple
> binds).

libsasldb2.so is not required for a SASL bind with password-based
mechanism. You can store the passwords in attribute userPassword (in
clear-text). So the security consideration is more about password
storage than SASL vs. simple bind on the wire.

>  Perhaps it's time to investigate EXTERNAL

That would be good anyway since in Samba4 the result of standard
provision is LDAPI access anyway. So you could directly map the Unix
user smbd is running as (root?) with authz-regexp to directory user
samba-admin. Well, we already discussed that.. ;-)

Ciao, Michael.