[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Intergrate Heimdal's hdb-ldap and Samba



> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet@samba.org]

> The tricky bit is that we need to modify attributes outside just the
> userPassword.  Storing the password is one thing, but if we store the
> krb5Key in userPassword, we still need to store the KVNO (key version
> number), and for samba you *must* update the 'last changed time'.

> So, is it possible that your patch will update these
> attributes too, and
> given that, will it update the krb5key and sambaNTpassword, or will we
> need to have multiple places we look for passwords (not hard
> for Samba,
> but a pain for all the auxiliary scripts)?

I don't see this happening in the core slapd code, but we could certainly do
it in an overlay that augments or replaces the existing passwordModify exop.
(We've been working to isolate the Kerberos-dependent code and move it
outside the OpenLDAP core, so this is not likely to be something we add back
into the core, even with #ifdef's. But as a separate overlay, no problem.)

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support