Intergrate Heimdal's hdb-ldap and Samba

Love lha at
Sat Mar 6 23:48:43 GMT 2004

Andrew Bartlett <abartlet at> writes:

>> Shouldn't type-23 keys be stored in both entries ?
> Perhaps they should.  I'm a bit worried about storing duplicate data -
> what do we do when they don't match.  Now, that is pretty lame, as if
> the two representations of the type-32 key don't match, then the DES
> keys would also be in conflict with the NT password....

Well, at least by storing the data its possible to detect mismatch. Is
there a password changing protocol in SMB/cifs so that data can get out of
sync ?

>> The db really need to store all the data, so using something like
>> HDBEntry2OldHDBEntry wouldn't work.
> OK.

So, I integrated did a patch and almost that does this in a forward
compatible maner by using ANY. It break forward compat, but should be ok in
the future.

But I've not tested the patch yet more then compiling it. 

You changed the structural object class from person to account, is this
wise ?

Dunno how to express the data for ldap. Example of data that I want to
store in the extention structure is pkinit acl's, certificates, old keys
(krbtgt's). I guess part of that is expresable in ldap (pkinit acl's at
least, because that is what MS does).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 477 bytes
Desc: not available
Url :

More information about the samba-technical mailing list