[Samba] password sync and ldap acls
Thierry Lacoste
lacoste at univ-paris12.fr
Fri Jun 2 11:56:22 GMT 2006
On Thursday 01 June 2006 23:23, Thierry Lacoste wrote:
> I'm using samba 3.0.14a + openldap .2.27 on FreeBSD 6.0-RELEASE.
>
> I followed the "Linux Samba-OpenLDAP Howto" from IDEALX.
> My slapd.conf rootdn is cn=ldapmgr,ou=Managers,o=miage
> My smb.conf ldap admin dn is cn=sambamgr,ou=Managers,o=miage
>
> With the ACLs from section 5 (Security considerations) of the Howto
> when I change a user password from windows XP the userPassword
> attribute is not modified so my Unix and Windows passwords are
> not in sync.
>
> I found that adding the following ACL to my slapd.conf resoves the issue.
>
> access to *
> by dn="cn=sambamgr,ou=Managers,o=miage" read
>
> I did several tests but can't figure out what are the attributes that
> sambamgr needs to read in order to update the userPassword attribute.
Answering myself the following thread discusses this issue:
http://lists.samba.org/archive/samba/2005-February/099816.html
Sorry for the noise.
Thierry.
More information about the samba
mailing list