[Samba] What does "ldap passwd sync" do?

Anthony Linux anthony.linux at gmail.com
Thu Jan 20 22:28:23 GMT 2005

Thanks.  I will read up on this functionality in OpenLDAP.  From what
I've read so far, the default is to just update userPassword, but I
will look into the modules or configuration options to add
shadowLastChange to that.

Thanks again,

On Fri, 21 Jan 2005 09:09:27 +1100, Andrew Bartlett <abartlet at samba.org> wrote:
> On Thu, 2005-01-20 at 15:00 -0500, Anthony Linux wrote:
> > Question regarding what the smb.conf line ldap passwd sync = Yes actually does.
> >
> > I have a lab with mixed Win2k and RH9 computers running Samba 3 and
> > OpenLdap.  Right now we're having a problem with password expiration.
> > Samba is working just fine and when a user changes their password, the
> > date changes as well.
> >
> > But for Linux, however the password is being changed is not updating
> > the shadowLastChange parameter.  So even though the users are
> > successfully changing their passwords (though Windows), the Linux
> > boxes are denying access due to that parameter not being set.
> It is up to your LDAP sever to update these values.  Samba makes a call
> to the OpenLDAP defined (and internet-stadnard-proposed, I think)
> password set extended operation.  The LDAP server is expected to do
> something sane .  You may need to obtain/write some modules for OpenLDAP
> to handle this.
> Andrew Bartlett
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Student Network Administrator, Hawker College  http://hawkerc.net

More information about the samba mailing list