pdb interface

[Jeremy Allison]

On Thu, Dec 09, 2004 at 12:55:33PM -0700, Vince Brimhall wrote:
> I've been working on making modifications to the ldap passdb backend to
> provide an increased level of integration with Novell Directory
> Services (NDS).
> 
> I'mlooking for a way to have NDS updated for login success/failure for
> Samba
> logins. I've been unable to figure out how to accomplish this with the
> existing
> passdb interface and would like to propose adding a function to the
> interface
> that would allow passdb backends to act on the result of Samba's
> authentication.
> 
> Could you comment on the possiblity of adding the following function or
> something
> similar to the interface?
> 
>    NTSTATUS (*pdb_update_login_attempts)(struct pdb_context *context,
> 				SAM_ACCOUNT *sam_acct, BOOL success);
> 
> Of course if I've missed a way that it can be done with the existing
> code I'd be
> grateful for that information as well.

Can you explain what attributes in the SAM_ACCOUNT struct you need
to set here ? We do call pdb_increment_bad_password_count() on logon
failure and pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); on
success already - this changes the bad_password_count attribute in
the sampass->private struct which should be seen by the backends.

We only do this when we are authoritative for the user (in the auth_sam.c
code) and not when this is a user from an AD domain.

What extra do you need to do ?

Jeremy.