mirror of
https://github.com/samba-team/samba.git
synced 2025-08-03 04:22:09 +03:00
matthew chapman's ldap code, to date. plus docs!
(This used to be commit 2c438c86cb)
This commit is contained in:
Luke Leighton
@ -547,14 +547,12 @@ it() link(bf(keepalive))(keepalive)
|
||||
|
||||
it() link(bf(kernel oplocks))(kerneloplocks)
|
||||
|
||||
it() link(bf(ldap filter))(ldapfilter)
|
||||
it() link(bf(ldap bind as))(ldapbindas)
|
||||
|
||||
it() link(bf(ldap passwd file))(ldappasswdfile)
|
||||
|
||||
it() link(bf(ldap port))(ldapport)
|
||||
|
||||
it() link(bf(ldap root))(ldaproot)
|
||||
|
||||
it() link(bf(ldap root passwd))(ldaprootpasswd)
|
||||
|
||||
it() link(bf(ldap server))(ldapserver)
|
||||
|
||||
it() link(bf(ldap suffix))(ldapsuffix)
|
||||
@ -2595,74 +2593,56 @@ This parameter defaults to em("On") on systems that have the support,
|
||||
and em("off") on systems that don't. You should never need to touch
|
||||
this parameter.
|
||||
|
||||
label(ldapfilter)
|
||||
dit(bf(ldap filter (G)))
|
||||
label(ldapbindas)
|
||||
dit(bf(ldap bind as (G)))
|
||||
|
||||
This parameter is part of the em(EXPERIMENTAL) Samba support for a
|
||||
password database stored on an LDAP server back-end. These options
|
||||
are only available if your version of Samba was configured with
|
||||
the bf(--with-ldap) option.
|
||||
password database stored on an LDAP server. These options are only
|
||||
available if your version of Samba was configured with the bf(--with-ldap)
|
||||
option.
|
||||
|
||||
This parameter specifies an LDAP search filter used to search for a
|
||||
user name in the LDAP database. It must contain the string
|
||||
link(bf(%u))(percentU) which will be replaced with the user being
|
||||
searched for.
|
||||
This parameter specifies the entity to bind to an LDAP directory as.
|
||||
Usually it should be safe to use the LDAP root account; for larger
|
||||
installations it may be preferable to restrict Samba's access. See also
|
||||
link(bf(ldap passwd file))(ldappasswdfile).
|
||||
|
||||
bf(Default:)
|
||||
tt( empty string.)
|
||||
tt( none (bind anonymously))
|
||||
|
||||
bf(Example:)
|
||||
tt( ldap bind as = "uid=root, dc=mydomain, dc=org")
|
||||
|
||||
label(ldappasswdfile)
|
||||
dit(bf(ldap passwd file (G)))
|
||||
|
||||
This parameter is part of the em(EXPERIMENTAL) Samba support for a
|
||||
password database stored on an LDAP server. These options are only
|
||||
available if your version of Samba was configured with the bf(--with-ldap)
|
||||
option.
|
||||
|
||||
This parameter specifies a file containing the password with which
|
||||
Samba should bind to an LDAP server. For obvious security reasons
|
||||
this file must be set to mode 700 or less.
|
||||
|
||||
bf(Default:)
|
||||
tt( none (bind anonymously))
|
||||
|
||||
bf(Example:)
|
||||
tt( ldap passwd file = /usr/local/samba/private/ldappasswd)
|
||||
|
||||
label(ldapport)
|
||||
dit(bf(ldap port (G)))
|
||||
|
||||
This parameter is part of the em(EXPERIMENTAL) Samba support for a
|
||||
password database stored on an LDAP server back-end. These options
|
||||
are only available if your version of Samba was configured with
|
||||
the bf(--with-ldap) option.
|
||||
password database stored on an LDAP server. These options are only
|
||||
available if your version of Samba was configured with the bf(--with-ldap)
|
||||
option.
|
||||
|
||||
This parameter specifies the TCP port number to use to contact
|
||||
the LDAP server on.
|
||||
This parameter specifies the TCP port number of the LDAP server.
|
||||
|
||||
bf(Default:)
|
||||
tt( ldap port = 389.)
|
||||
|
||||
label(ldaproot)
|
||||
dit(bf(ldap root (G)))
|
||||
|
||||
This parameter is part of the em(EXPERIMENTAL) Samba support for a
|
||||
password database stored on an LDAP server back-end. These options
|
||||
are only available if your version of Samba was configured with
|
||||
the bf(--with-ldap) option.
|
||||
|
||||
This parameter specifies the entity to bind to the LDAP server
|
||||
as (essentially the LDAP username) in order to be able to perform
|
||||
queries and modifications on the LDAP database.
|
||||
|
||||
See also link(bf(ldap root passwd))(ldaprootpasswd).
|
||||
|
||||
bf(Default:)
|
||||
tt( empty string (no user defined))
|
||||
|
||||
label(ldaprootpasswd)
|
||||
dit(bf(ldap root passwd (G)))
|
||||
|
||||
This parameter is part of the em(EXPERIMENTAL) Samba support for a
|
||||
password database stored on an LDAP server back-end. These options
|
||||
are only available if your version of Samba was configured with
|
||||
the bf(--with-ldap) option.
|
||||
|
||||
This parameter specifies the password for the entity to bind to the
|
||||
LDAP server as (the password for this LDAP username) in order to be
|
||||
able to perform queries and modifications on the LDAP database.
|
||||
|
||||
em(BUGS:) This parameter should em(NOT) be a readable parameter
|
||||
in the bf(smb.conf) file and will be removed once a correct
|
||||
storage place is found.
|
||||
|
||||
See also link(bf(ldap root))(ldaproot).
|
||||
|
||||
bf(Default:)
|
||||
tt( empty string.)
|
||||
|
||||
label(ldapserver)
|
||||
dit(bf(ldap server (G)))
|
||||
|
||||
@ -2672,7 +2652,8 @@ are only available if your version of Samba was configured with
|
||||
the bf(--with-ldap) option.
|
||||
|
||||
This parameter specifies the DNS name of the LDAP server to use
|
||||
for SMB/CIFS authentication purposes.
|
||||
when storing and retrieving information about Samba users and
|
||||
groups.
|
||||
|
||||
bf(Default:)
|
||||
tt( ldap server = localhost)
|
||||
@ -2685,12 +2666,15 @@ password database stored on an LDAP server back-end. These options
|
||||
are only available if your version of Samba was configured with
|
||||
the bf(--with-ldap) option.
|
||||
|
||||
This parameter specifies the tt("dn") or LDAP em("distinguished name")
|
||||
that tells url(bf(smbd))(smbd.8.html) to start from when searching
|
||||
for an entry in the LDAP password database.
|
||||
This parameter specifies the node of the LDAP tree beneath which
|
||||
Samba should store its information. This parameter MUST be provided
|
||||
when using LDAP with Samba.
|
||||
|
||||
bf(Default:)
|
||||
tt( empty string.)
|
||||
tt( none)
|
||||
|
||||
bf(Example:)
|
||||
tt( ldap suffix = "dc=mydomain, dc=org")
|
||||
|
||||
label(lmannounce)
|
||||
dit(bf(lm announce (G)))
|
||||
|
||||
@ -153,10 +153,11 @@ LOCKING_OBJ = locking/locking.o locking/locking_shm.o locking/locking_slow.o \
|
||||
GROUPDB_OBJ = groupdb/groupdb.o groupdb/aliasdb.o groupdb/builtindb.o \
|
||||
groupdb/groupfile.o groupdb/aliasfile.o \
|
||||
groupdb/groupunix.o groupdb/aliasunix.o groupdb/builtinunix.o \
|
||||
groupdb/groupldap.o groupdb/aliasldap.o groupdb/builtinldap.o \
|
||||
passdb/passgrp.o passdb/smbpassgroup.o \
|
||||
passdb/smbpassgroupunix.o
|
||||
passdb/smbpassgroupunix.o passdb/passgrpldap.o
|
||||
|
||||
SAMPASSDB_OBJ = passdb/sampassdb.o passdb/sampass.o
|
||||
SAMPASSDB_OBJ = passdb/sampassdb.o passdb/sampass.o passdb/sampassldap.o
|
||||
|
||||
PASSDB_OBJ = passdb/passdb.o passdb/smbpassfile.o passdb/smbpass.o \
|
||||
passdb/pass_check.o passdb/ldap.o passdb/nispass.o \
|
||||
|
||||
@ -775,6 +775,7 @@ AC_ARG_WITH(ldap,
|
||||
yes)
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(WITH_LDAP)
|
||||
LIBS="$LIBS -lldap -llber"
|
||||
;;
|
||||
*)
|
||||
AC_MSG_RESULT(no)
|
||||
|
||||
@ -146,11 +146,12 @@ typedef struct
|
||||
char *szDomainOtherSIDs;
|
||||
char *szDriverFile;
|
||||
char *szNameResolveOrder;
|
||||
#ifdef WITH_LDAP
|
||||
char *szLdapServer;
|
||||
char *szLdapSuffix;
|
||||
char *szLdapFilter;
|
||||
char *szLdapRoot;
|
||||
char *szLdapRootPassword;
|
||||
char *szLdapBindAs;
|
||||
char *szLdapPasswdFile;
|
||||
#endif /* WITH_LDAP */
|
||||
char *szPanicAction;
|
||||
int max_log_size;
|
||||
int mangled_stack;
|
||||
@ -742,9 +743,8 @@ static struct parm_struct parm_table[] =
|
||||
{"ldap server", P_STRING, P_GLOBAL, &Globals.szLdapServer, NULL, NULL, 0},
|
||||
{"ldap port", P_INTEGER, P_GLOBAL, &Globals.ldap_port, NULL, NULL, 0},
|
||||
{"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, NULL, NULL, 0},
|
||||
{"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, 0},
|
||||
{"ldap root", P_STRING, P_GLOBAL, &Globals.szLdapRoot, NULL, NULL, 0},
|
||||
{"ldap root passwd", P_STRING, P_GLOBAL, &Globals.szLdapRootPassword,NULL, NULL, 0},
|
||||
{"ldap bind as", P_STRING, P_GLOBAL, &Globals.szLdapBindAs, NULL, NULL, 0},
|
||||
{"ldap passwd file", P_STRING, P_GLOBAL, &Globals.szLdapPasswdFile, NULL, NULL, 0},
|
||||
#endif /* WITH_LDAP */
|
||||
|
||||
|
||||
@ -1156,9 +1156,8 @@ FN_GLOBAL_STRING(lp_panic_action,&Globals.szPanicAction)
|
||||
#ifdef WITH_LDAP
|
||||
FN_GLOBAL_STRING(lp_ldap_server,&Globals.szLdapServer);
|
||||
FN_GLOBAL_STRING(lp_ldap_suffix,&Globals.szLdapSuffix);
|
||||
FN_GLOBAL_STRING(lp_ldap_filter,&Globals.szLdapFilter);
|
||||
FN_GLOBAL_STRING(lp_ldap_root,&Globals.szLdapRoot);
|
||||
FN_GLOBAL_STRING(lp_ldap_rootpasswd,&Globals.szLdapRootPassword);
|
||||
FN_GLOBAL_STRING(lp_ldap_bind_as,&Globals.szLdapBindAs);
|
||||
FN_GLOBAL_STRING(lp_ldap_passwd_file,&Globals.szLdapPasswdFile);
|
||||
#endif /* WITH_LDAP */
|
||||
|
||||
#ifdef WITH_SSL
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -185,5 +185,5 @@ struct passgrp_ops *file_initialise_password_grp(void)
|
||||
|
||||
#else
|
||||
/* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
|
||||
void smbpass_dummy_function(void) { } /* stop some compilers complaining */
|
||||
void smbpassgroup_dummy_function(void) { } /* stop some compilers complaining */
|
||||
#endif /* USE_SMBPASS_DB */
|
||||
|
||||
@ -223,5 +223,5 @@ struct passgrp_ops *unix_initialise_password_grp(void)
|
||||
|
||||
#else
|
||||
/* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
|
||||
void smbpass_dummy_function(void) { } /* stop some compilers complaining */
|
||||
void smbpassgroupunix_dummy_function(void) { } /* stop some compilers complaining */
|
||||
#endif /* USE_SMBPASS_DB */
|
||||
|
||||
Reference in New Issue
Block a user