Samba 3.0 + openldap + exop passwd change

Andrew Bartlett abartlet at
Tue Oct 28 21:57:54 GMT 2003

On Wed, 2003-10-29 at 08:29, Andrew Bird (Sphere Systems) wrote:
> Hi there
> 	I'm just getting to grips with replacing NIS/smbpasswd  with LDAP for single 
> storage of user accounts. I'm looking into the passwd changing mechanism for 
> both Windows and UNIX clients. Whilst you seem to have the Windows clients 
> covered completely, userPassword/sambaNTpassword/sambaLMpassword all being 
> populated fully from a windows client change. I can't currently see a way of 
> populating these fields from UNIX. I want to use the pam_ldap module from 
> PADL with the extended password operation passing up the plaintext password 
> to the openldap server. But I think the server side only sets the 
> userPassword attribute with the encrypted value (of servers choice). I read 
> somewhere on the web that openldap has a plugin structure. Do you think it 
> would be possible to write such a plugin to populate all three fields that 
> could be executed by the exop passwd change mechanism?

As I have mentioned a number of times on various lists, I would really
love to see somebody write this plugin.  In understand it is possible to
take over that particular EXOP, but I never really got started looking
at it.  Make sure you use a recent OpenLDAP server.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list