trying to correctly handle account passwords via ldap

simo idra at samba.org
Tue Mar 28 00:48:18 GMT 2006


On Tue, 2006-03-28 at 10:43 +1000, Luke Howard wrote:
> >Do you mean that unicodePwd and dBCSPwd can be read out from an AD LDAP
> >server ?
> >I thought these were write only attributes.
> 
> They can be read using DRS RPC only.

Ok, that's as I thought it were.

So the way they are stored does not really matter from an LDAP pov, and
it can be easily handled at the DRSUAPI level.

So by just adding dBCSPwd my previous idea stands.
And we can even decide to make these attributes readable if that's what
our user base needs.

Simo. 

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba-technical mailing list