trying to correctly handle account passwords via ldap

Andrew Bartlett abartlet at
Tue Mar 28 03:17:18 GMT 2006

On Mon, 2006-03-27 at 22:11 -0500, Simo Sorce wrote:
> On Tue, 2006-03-28 at 12:47 +1000, Andrew Bartlett wrote:

> Sure, I'm not for password lock in, I just want to be compatible.

In LDAP, you only get what you ask for.  I think this gives us great
opportunities to provide administrators, without modification of
binaries or low-level commands, the ability to access information they

We can (and probably should) mark these as operational attributes, but I
don't see any reason why we can't expose them.  Perhaps you understand
the compatibility problems better than I do.  

I think we will have plenty of extra logic in the replication
implementation, that dealing with/mapping a few extra attributes won't
be too hard (particularly if we use different names).

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list