nadezhda.ivanova at postpath.com
Wed Oct 28 10:18:35 MDT 2009
It makes sense even from LDAP standard point of view, as we can add what controls we like, that is the extensible part of the protocol. Its more work though, and I am unfamiliar with the rpc test code. What could be risky in this approach?
----- Original Message -----
> From: samba-technical-bounces at lists.samba.org <samba-technical-bounces at lists.samba.org>
> To: samba-technical at lists.samba.org <samba-technical at lists.samba.org>, simo <idra at samba.org>
> Sent: Wednesday, October 28, 2009 6:14:01 PM GMT+0200 Europe;Athens
> Subject: Re: clearTextPassword attribute
> > On Wed, 2009-10-28 at 16:18 +0100, Matthias Dieter Wallnöfer wrote:
> > Hi Nadya,
> > yeah this attribute is used only by s4. To handle it properly you
> > will
> > have to do some exception handling regarding it (like it has been
> > done
> > in the schema code). Isn't there a constraint line in the ACL for
> > password attributes in common? If yes, apply this also for this
> > attribute. If each password attribute has it's own setting do this:
> > use
> > the rights for the "unicodePwd". The two attributes are nearly
> > identical: the first is pure UTF16 cleartext (easier for use by s4
> > calls) and the second one (transportable, since also supported by
> > windows) is UTF16 quoted cleartext.
> Why don't we just stop using clearTextPassword and use unicodePwd
> instead with a control that specify it contains samab4 special data ?
> It would make more sense then adding exceptions in the acl code IMO.
> Simo Sorce
> Samba Team GPL Compliance Officer <simo at samba.org>
> Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical