ldap sync project

Osama Dengler osama at denglernet.de
Tue Mar 12 23:58:04 GMT 2002

Am 12 Mar 2002, um 20:26 Uhr schrieb Kervin Pierre zum Thema ldap sync project:
Dazu meine Meinung:

> I've just started a project at sourceforge for the ldap synchronization 
> related project I'm working on at http://acctsync.sourceforge.net/ . 
> I'll probably mention more about it to the list after I get the DLL working.
I've coded a fully working password filter. Look at the sourcecode attached 
to this mail. I've tested it here and it works. The only thing I'm not shure
about is if it also works for domain accounts since it needs the cleartext
passwd and that is not sent over the wire AFAIK. However, I'll test this

> My first objective is to get a generic password filter working.  That 
> is, a password filter that would call an external script when it is 
> triggered with the values it is given by LSA.  The script name would be 
> a registry entry.  That would keep the windows DLL code to a minimum and 
> would also be the most flexible approach, I believe.
I'm not shure if this is the right way. Keep in mind that the password filter
is running in the LSA security context and so would the script. This is
a maior security risk. That's why I decided to do all password changing
stuff in the code. However, IMHO the code is still easily extendable as only
the function LdapChangePassword(Username, NewPassword) must be 
replaced by e.g. NISchangePasswd(Username, NewPassword)or
HTTPchangePasswd(...). One could even think about putting these functions
in separate DLLs and manage their execution through the registry.
> Let me know if you're interested in working on this as well.  I have 
> already put in a request for two mailing list on sourceforge 
> acctsync-devel and acctsync-general.  When these are made ( most likely 
> tommorrow ), I'll send more information to the acctsync-devel list.
Thanks for the information - I'll stay tuned. As I'm very interested in this
stuff please let me know if I can help in any way.

Cheers, Osama

Osama Dengler
-------------- next part --------------
The following section of this message contains a file attachment
prepared for transmission using the Internet MIME message format.
If you are using Pegasus Mail, or any another MIME-compliant system,
you should be able to save it or view it from within your mailer.
If you cannot, please ask your system administrator for assistance.

   ---- File information -----------
     File:  PasswordFilter.zip
     Date:  12 Mar 2002, 3:45
     Size:  26985 bytes.
     Type:  ZIP-archive
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PasswordFilter.zip
Type: application/zip
Size: 26985 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020312/61a724f2/PasswordFilter.zip

More information about the samba-technical mailing list