git.samba.org - samba.git/commit

author	Endi Sukma Dewata <edewata@redhat.com>
	Wed, 9 Sep 2009 16:45:24 +0000 (12:45 -0400)
committer	Andrew Bartlett <abartlet@samba.org>
	Wed, 9 Sep 2009 23:52:22 +0000 (09:52 +1000)
commit	b1dabb11333a715b0e23e91eecaf29933ea383a7
tree	b93c72d4aa78a3de7df3001bcc7b322e3ac50810	tree
parent	a224392649ffb81dc1d67f41a01dd983b76d513b	commit \| diff

s4: Use SASL authentication against Fedora DS.

1. During instance creation the provisioning script will import the SASL
   mapping for samba-admin. It's done here due to missing config schema
   preventing adding the mapping via ldapi.

2. After that it will use ldif2db to import the cn=samba-admin user as
   the target of SASL mapping.

3. Then it will start FDS and continue to do provisioning using the
   Directory Manager with simple bind.

4. The SASL credentials will be stored in secrets.ldb, so when Samba
   server runs later it will use the SASL credentials.

5. After the provisioning is done (just before stopping the slapd)
   it will use the DM over direct ldapi to delete the default SASL
   mappings included automatically by FDS, leaving just the new
   samba-admin mapping.

6. Also before stopping slapd it will use the DM over direct ldapi to
   set the ACL on the root entries of the user, configuration, and
   schema partitions. The ACL will give samba-admin the full access
   to these partitions.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

source4/scripting/python/samba/provision.py		diff \| blob \| history
source4/setup/fedorads-partitions.ldif		diff \| blob \| history
source4/setup/fedorads-samba.ldif	[new file with mode: 0644]	blob
source4/setup/fedorads-sasl.ldif	[new file with mode: 0644]	blob
source4/setup/fedorads.inf		diff \| blob \| history
source4/setup/schema_samba4.ldif		diff \| blob \| history