Move from unicodePwd to userPassword?

Luke Howard lukeh at
Fri Dec 30 21:58:44 GMT 2005

>> Also, you might want to use an attribute other than userPassword if you
>> eventually want to support RFC 2307 (s. 5.3).
>Yes, I had meant to frame that as part of the question:  Is there a
>good, standard attribute name I should consider for this?

For the cleartext password? None I can think of (except for userPassword,
of course).

If LDAP clients will never see the attribute it doesn't really matter.
You could even just use an OID. Or make it a Kerberos keytype and put
it in krb5Key. The latter is a little more akin to AD, which uses the
supplementalCredentials attribute to store a set of credentials tagged
by security package.


-- luke


More information about the samba-technical mailing list