[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Fedora-directory-devel] Re: userPassword/sambaNTPassword synchronization

fedora-directory-devel-request redhat com wrote:
Message: 1
Date: Tue, 9 May 2006 10:43:10 +0100
From: Jonathan Barber <jon compbio dundee ac uk>

    I'm currently looking at using FDS as a backend for Samba 3. The
issue I have is with sync'ing of the userpassword, sambaNTPassword, and
sambaLMPassword attributes, so that each of our user's accounts have
consistant password for each attribute.

Samba can be configured to change all three of these attributes when
it recieves a password change request (the "ldap passwd sync"
directive), but when the passwords are changed outwith samba (FDS
console, ldappasswd, etc.), the passwords lose sync. It therefore seems
sensible to write a FDS plugin to intercept password modification
attempts, and for the plugin to create all of the required hashes.

Before starting, I thought it'd be sensible to see if:
1) It was a good idea, or is there something blindingly obvious I've
   missed which means it won't work.
2) Is there any ongoing work in this area that I can contribute to
   rather than rolling my own.

WRT 2) I've seen the openldap smbk5pwd overlay, which does what I want,
but appears to be openldap specific.

Any comments?


Somewhere around here I wrote the corresponding SLAPI (smbk5pwd) plugin for one of our clients a few years back. At the time there wasn't any open source project to contribute it to, will have to see if I can dig it up. It was only tested with SunOne but I expect it will work here.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]