Intergrate Heimdal's hdb-ldap and Samba
lha at stacken.kth.se
Sat Mar 6 23:48:43 GMT 2004
Andrew Bartlett <abartlet at samba.org> writes:
>> Shouldn't type-23 keys be stored in both entries ?
> Perhaps they should. I'm a bit worried about storing duplicate data -
> what do we do when they don't match. Now, that is pretty lame, as if
> the two representations of the type-32 key don't match, then the DES
> keys would also be in conflict with the NT password....
Well, at least by storing the data its possible to detect mismatch. Is
there a password changing protocol in SMB/cifs so that data can get out of
>> The db really need to store all the data, so using something like
>> HDBEntry2OldHDBEntry wouldn't work.
So, I integrated did a patch and almost that does this in a forward
compatible maner by using ANY. It break forward compat, but should be ok in
But I've not tested the patch yet more then compiling it.
You changed the structural object class from person to account, is this
Dunno how to express the data for ldap. Example of data that I want to
store in the extention structure is pkinit acl's, certificates, old keys
(krbtgt's). I guess part of that is expresable in ldap (pkinit acl's at
least, because that is what MS does).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 477 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20040307/716037ad/attachment.bin
More information about the samba-technical