[Samba] "ldap passwd sync" and shadow attributes
Andrew Bartlett
abartlet at samba.org
Wed Nov 2 02:18:07 GMT 2005
On Tue, 2005-11-01 at 21:13 -0500, Eric A. Hall wrote:
> On 11/1/2005 7:58 PM, Andrew Bartlett wrote:
> > On Mon, 2005-10-31 at 22:55 -0500, Eric A. Hall wrote:
>
> >>I just rechecked and am seeing the same thing you are: shadowLastChange
> >>does not get updated.
> >
> > The idea (which never really got picked up properly) was that the ldap
> > server should do this. It could then update any type of password it
> > chose, and set all the right 'changed times' etc.
> >
> > So we really need to work with vendors to have good modules in their
> > ldap servers.
>
> Are you asking the LDAP server to change the password, or are you changing
> it yourself? It sounds like the former, and if that's the case then the
> server should definitely be updating the shadow stuff.
We call the openldap password change control, giving it the new
plaintext. The LDAP server should do something sensible with it.
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051102/245155a9/attachment.bin
More information about the samba
mailing list