[PATCH] ldap pw sync exop
Ignacio Coupeau
icoupeau at unav.es
Mon Jan 5 10:41:02 GMT 2004
Pierre Filippone wrote:
> Hi,
>
> we would like Samba 3 to be part of our "One Account/One Password"
> solution based on OpenLDAP.
> Therefore we need the ldap password synchronisation feature.
>
> Our problem:
> It uses ldap extended operations to set the "userpassword" attribute,
> which encrypts the passwords.
> Basically quite OK, but not for us, because we need the user password in
> cleartext for various reasons
> (for example Radius and CHAP...)
>
> So I made a little patch, introducing a new boolean parameter "ldap
> password sync exop".
> It defaults to "yes", so the behaviour is as it was without the patch.
> If set to "no", "smbldap_modify" is used instead of
> "smbldap_extended_operation", which leads
> to plaintext userpassword attributes, as we need it.
>
this thread may points a shortcut:
http://lists.cistron.nl/pipermail/freeradius-users/2002-March/006128.html
also the freeradius-0.9.3/doc/rlm_ldap tell about password_header =
"{clear}"
Regards,
Ignacio
--
____________________________________________________
Ignacio Coupeau, Ph.D. icoupeau at unav.es
CTI, Director icoupeau at alumni.unav.es
University of Navarra icoupeau at ieee.org
Pamplona, SPAIN http://www.unav.es/cti/
More information about the samba-technical
mailing list