[Samba] kind of ldap operation changing password from windows
Andrew Bartlett
abartlet at samba.org
Wed Jul 6 22:11:33 GMT 2005
On Wed, 2005-07-06 at 23:43 +0200, Geert Stappers wrote:
> On Tue, Jul 05, 2005 at 05:35:15PM -0500, Alex Canizales wrote:
> <snip/>
> >
> > Already i had put the ldap passwd sync=yes
> >
> > >What does you root DSE look like?
> >
> > This is my root DSE access control point rules:
> >
> > dn:
> > changetype: modify
> > replace: orclaci
> > orclaci: access to entry by * (browse)
> > orclaci: access to attr=(*) by * (search,read,compare)
> > orclentrylevelaci: access to entry by * (browse)
> >
> > The problems isn't here,
>
>
> I have
>
> access to attrs=sambaLMPassword,sambaNTPassword
> by self ssf=128 write
> by anonymous ssf=128 auth
> by dn="cn=smbadmin,ou=People,dc=gpm,dc=stappers,dc=nl" ssf=128 write
> by dn="cn=admin,ou=People,dc=gpm,dc=stappers,dc=nl" ssf=128 write
> by * none
>
>
>
> >
> > is there any samba developer that tell me what other kind of ldap operation
> > make when change the password from windows? why i got the message: ldap
> > password change requested, but LDAP server does not support it -- ignoring
> > ? if Oracle Ldap doesn't support this, why it's changing just the samba
> > password and not the userpassword, and why it is changed when i use the
> > smbldap-password command?
>
> smbldap-password probably uses smbadmin ( has write accces on OID )
> Windows probably uses "self" ( has no write access on OID )
Windows is *not* touching ldap directly, only asking Samba to change the
NT4 domain password in a SAM, which happens to be Samba on LDAP. You
can see what the smbldap script is doing by reading the script, but the
Samba 'ldap password sync = yes', is making the OpenLDAP password set
exop call. This it hopes might set some LDAP password, in the hope of
keeping everything in sync.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050707/712c67e0/attachment.bin
More information about the samba
mailing list