[PATCH] ldap pw sync exop
Andrew Bartlett
abartlet at samba.org
Mon Jan 5 10:27:50 GMT 2004
On Mon, Jan 05, 2004 at 11:15:22AM +0100, Pierre Filippone wrote:
> Hi,
>
> we would like Samba 3 to be part of our "One Account/One Password"
> solution based on OpenLDAP.
> Therefore we need the ldap password synchronisation feature.
>
> Our problem:
> It uses ldap extended operations to set the "userpassword" attribute,
> which encrypts the passwords.
> Basically quite OK, but not for us, because we need the user password in
> cleartext for various reasons
> (for example Radius and CHAP...)
>
> So I made a little patch, introducing a new boolean parameter "ldap
> password sync exop".
> It defaults to "yes", so the behaviour is as it was without the patch.
> If set to "no", "smbldap_modify" is used instead of
> "smbldap_extended_operation", which leads
> to plaintext userpassword attributes, as we need it.
>
> Is there any chance, that the change is included in the next release ?
No. You should be able to configure/modify the OpenLDAP server not to use hashed passwords.
I think
password-hash {CLEARTEXT}
option in the slapd.conf should do it.
Andrew Bartlett
More information about the samba-technical
mailing list