Intergrate Heimdal's hdb-ldap and Samba

Howard Chu hyc at
Sun Feb 29 07:06:18 GMT 2004

> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at]

> The tricky bit is that we need to modify attributes outside just the
> userPassword.  Storing the password is one thing, but if we store the
> krb5Key in userPassword, we still need to store the KVNO (key version
> number), and for samba you *must* update the 'last changed time'.

> So, is it possible that your patch will update these
> attributes too, and
> given that, will it update the krb5key and sambaNTpassword, or will we
> need to have multiple places we look for passwords (not hard
> for Samba,
> but a pain for all the auxiliary scripts)?

I don't see this happening in the core slapd code, but we could certainly do
it in an overlay that augments or replaces the existing passwordModify exop.
(We've been working to isolate the Kerberos-dependent code and move it
outside the OpenLDAP core, so this is not likely to be something we add back
into the core, even with #ifdef's. But as a separate overlay, no problem.)

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun     
  Symas: Premier OpenSource Development and Support

More information about the samba-technical mailing list