[Fedora-directory-devel] Re: userPassword/sambaNTPassword synchronization
Howard Chu
hyc at symas.com
Tue May 9 20:12:16 UTC 2006
fedora-directory-devel-request at redhat.com wrote:
> Message: 1
> Date: Tue, 9 May 2006 10:43:10 +0100
> From: Jonathan Barber <jon at compbio.dundee.ac.uk>
>
> Hi,
> I'm currently looking at using FDS as a backend for Samba 3. The
> issue I have is with sync'ing of the userpassword, sambaNTPassword, and
> sambaLMPassword attributes, so that each of our user's accounts have
> consistant password for each attribute.
>
> Samba can be configured to change all three of these attributes when
> it recieves a password change request (the "ldap passwd sync"
> directive), but when the passwords are changed outwith samba (FDS
> console, ldappasswd, etc.), the passwords lose sync. It therefore seems
> sensible to write a FDS plugin to intercept password modification
> attempts, and for the plugin to create all of the required hashes.
>
> Before starting, I thought it'd be sensible to see if:
> 1) It was a good idea, or is there something blindingly obvious I've
> missed which means it won't work.
> 2) Is there any ongoing work in this area that I can contribute to
> rather than rolling my own.
>
> WRT 2) I've seen the openldap smbk5pwd overlay, which does what I want,
> but appears to be openldap specific.
>
> Any comments?
>
> Cheers.
>
Somewhere around here I wrote the corresponding SLAPI (smbk5pwd) plugin
for one of our clients a few years back. At the time there wasn't any
open source project to contribute it to, will have to see if I can dig
it up. It was only tested with SunOne but I expect it will work here.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
More information about the Fedora-directory-devel
mailing list