[PATCH] ldap pw sync exop

Pierre Filippone pierre.filippone at Retail-sc.com
Mon Jan 5 10:15:22 GMT 2004


we would like Samba 3 to be part of our "One Account/One Password" 
solution based on OpenLDAP.
Therefore we need the ldap password synchronisation feature.

Our problem:
It uses ldap extended operations to set the "userpassword" attribute, 
which encrypts the passwords.
Basically quite OK, but not for us, because we need the user password in 
cleartext for various reasons
(for example Radius and CHAP...)

So I made a little patch, introducing a new boolean parameter "ldap 
password sync exop".
It defaults to "yes", so the behaviour is as it was without the patch.
If set to "no", "smbldap_modify" is used instead of 
"smbldap_extended_operation", which leads
to plaintext userpassword attributes, as we need it. 

Is there any chance, that the change is included in the next release ? 


Pierre Filippone

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldap_passwd_sync_exop.patch
Type: application/octet-stream
Size: 5996 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20040105/267e64d4/ldap_passwd_sync_exop.obj

More information about the samba-technical mailing list