[PATCH] ldap pw sync exop

Ignacio Coupeau icoupeau at unav.es
Mon Jan 5 10:41:02 GMT 2004

Pierre Filippone wrote:

> Hi,
> we would like Samba 3 to be part of our "One Account/One Password" 
> solution based on OpenLDAP.
> Therefore we need the ldap password synchronisation feature.
> Our problem:
> It uses ldap extended operations to set the "userpassword" attribute, 
> which encrypts the passwords.
> Basically quite OK, but not for us, because we need the user password in 
> cleartext for various reasons
> (for example Radius and CHAP...)
> So I made a little patch, introducing a new boolean parameter "ldap 
> password sync exop".
> It defaults to "yes", so the behaviour is as it was without the patch.
> If set to "no", "smbldap_modify" is used instead of 
> "smbldap_extended_operation", which leads
> to plaintext userpassword attributes, as we need it. 

this thread may points a shortcut:

also the freeradius-0.9.3/doc/rlm_ldap tell about password_header = 


Ignacio Coupeau, Ph.D.     icoupeau at unav.es
CTI, Director              icoupeau at alumni.unav.es
University of Navarra      icoupeau at ieee.org
Pamplona, SPAIN            http://www.unav.es/cti/

More information about the samba-technical mailing list