Intergrate Heimdal's hdb-ldap and Samba
Love
lha at stacken.kth.se
Sun Mar 7 16:33:59 GMT 2004
Andrew Bartlett <abartlet at samba.org> writes:
> There certainly is a password change protocol :-)
>
> I would not object to storing both, and asserting that they are the same
> in Heimdal. Samba can't assert that they are the same, but the only
> heimdal code that is going to be used will update the Samba passwords
> anyway, so it is a non-issue.
I don't think I care that much, and just leave it as it is.
>> You changed the structural object class from person to account, is this
>> wise ?
>
> I certainly think it is. Person requires the account to be a real
> human, and I would claim that machines are not. Furthermore, it matches
> what Samba does.
But its not what the old code does, and I guess it might break for old
installations.
If I did some more guessing, its because microsoft uses person the old ldap
code uses person.
It should be simple enough to just have a runtime option.
>> Dunno how to express the data for ldap. Example of data that I want to
>> store in the extention structure is pkinit acl's, certificates, old keys
>> (krbtgt's). I guess part of that is expresable in ldap (pkinit acl's at
>> least, because that is what MS does).
>
> People have generally found that almost anything can be shoved into
> LDAP, given suffienct force ;-)
The idea was not to use way too much force.
> For x.509 certificates, there is a objectClass
> (strongAuthenticationUser) and an attribute (userCertificate) for it
> already.
I was thinking more something like microsoft's
altSecurity(Identity|Principal) (?).
Love
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 477 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20040307/935e8f1f/attachment.bin
More information about the samba-technical
mailing list