clearTextPassword attribute

Nadezhda Ivanova nadezhda.ivanova at
Wed Oct 28 10:18:35 MDT 2009

It makes sense even from LDAP standard point of view, as we can add what controls we like, that is the extensible part of the protocol. Its more work though, and I am unfamiliar with the rpc test code. What could be risky in this approach?

----- Original Message -----
> From: samba-technical-bounces at <samba-technical-bounces at>
> To: samba-technical at <samba-technical at>, simo <idra at>
> Sent: Wednesday, October 28, 2009 6:14:01 PM GMT+0200 Europe;Athens
> Subject: Re: clearTextPassword attribute

> > On Wed, 2009-10-28 at 16:18 +0100, Matthias Dieter Wallnöfer wrote:
> > 
> > Hi Nadya,
> > 
> > yeah this attribute is used only by s4. To handle it properly you
> > will 
> > have to do some exception handling regarding it (like it has been
> > done 
> > in the schema code). Isn't there a constraint line in the ACL for 
> all 
> > password attributes in common? If yes, apply this also for this 
> > attribute. If each password attribute has it's own setting do this:
> > use 
> > the rights for the "unicodePwd". The two attributes are nearly 
> > identical: the first is pure UTF16 cleartext (easier for use by s4 
> > calls) and the second one (transportable, since also supported by 
> > windows) is UTF16 quoted cleartext.
> Why don't we just stop using clearTextPassword and use unicodePwd
> instead with a control that specify it contains samab4 special data ?
> It would make more sense then adding exceptions in the acl code IMO.
> Simo.
> -- 
> Simo Sorce
> Samba Team GPL Compliance Officer <simo at>
> Principal Software Engineer at Red Hat, Inc. <simo at>

More information about the samba-technical mailing list