unicodePwd and dBCSPwd attributes

Luke Howard lukeh at PADL.COM
Wed Feb 9 22:43:16 GMT 2000


These are the two LDAP attributes Microsoft uses to store
the NT and LM passwords, respectively. (I expect that
additional key types, such as DES passwords, are also
stored in the unicodePwd attribute.)

I haven't yet figured out how to expose these in Active
Directory (ie. I know they're there because of the schema,
but I can never see them over LDAP), let alone figure out
their syntax.

So... if anyone is planning on using the nt5ldap stuff
maybe it would be wiser to

s/unicodePwd/sambaNtPwd/g
s/dBCSPwd/sambaLmPwd/g

until such time that we can use the AD attributes properly.

Which brings me to... 

(a) the nt5ldap is a long way off but...
(b) using the nt5ldap with an Active Directory server, rather
    than an OpenLDAP server, is an even further way off!

It's likely that a lot of the attributes we create, like
objectSid, Active Directory won't let user programs modify,
instead expecting to create them itself.


-- Luke

--
Luke Howard
PADL Software Pty Ltd
http://www.padl.com


More information about the samba-ntdom mailing list