trying to correctly handle account passwords via ldap

simo idra at
Tue Mar 28 00:48:18 GMT 2006

On Tue, 2006-03-28 at 10:43 +1000, Luke Howard wrote:
> >Do you mean that unicodePwd and dBCSPwd can be read out from an AD LDAP
> >server ?
> >I thought these were write only attributes.
> They can be read using DRS RPC only.

Ok, that's as I thought it were.

So the way they are stored does not really matter from an LDAP pov, and
it can be easily handled at the DRSUAPI level.

So by just adding dBCSPwd my previous idea stands.
And we can even decide to make these attributes readable if that's what
our user base needs.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at

More information about the samba-technical mailing list