[Samba] Samba 3.0.24 handling LDAP responses incorrectly
simo
idra at samba.org
Wed Apr 9 20:16:39 GMT 2008
On Wed, 2008-04-09 at 15:11 -0400, Adam Tauno Williams wrote:
> On Wed, 2008-04-09 at 11:57 -0400, simo wrote:
> > On Wed, 2008-04-09 at 17:54 +0200, Volker Lendecke wrote:
> > > On Wed, Apr 09, 2008 at 11:40:33AM -0400, Adam Tauno Williams wrote:
> > > > > > How are these policies exactly defined in LDAP? Are they
> > > > > > visible for LDAP clients?
> > > > > It's an explicit entry in LDAP:
> > > > ppolicy support in Samba would be awesome. Would make PCI/DSS (and
> > > > other regulatory compliance) *much* easier for shops using a Samba PDC.
> > > > <http://www.openldap.org/software/man.cgi?query=slapo-ppolicy>
> > > Ok, that looks doable. Problem is as always developer time.
> > > I'd be happy to review patches though.
> > FYI: we are discussing for a new IETF blessed RFC proposal for a
> > standard way to handle password policies in LDAP. Nothing implemented in
> > servers so far of course, but better to take that in account if someone
> > is going to write a patch so that it will be easier to switch to the
> > "standard" if we get one at the end of the process.
>
> This is different than the existing one? From the ppolicy man page:
> "The ppolicy overlay is an implementation of the most recent IETF Pass-
> word Policy proposal for LDAP."
>
> <http://tools.ietf.org/draft/draft-behera-ldap-password-policy/draft-behera-ldap-password-policy-09.txt>
Yes it is different (although the new one is based on the Behera one),
this is the current one:
http://www.ietf.org/internet-drafts/draft-zeilenga-ldap-passwords-00.txt
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>
More information about the samba
mailing list