[Samba] "ldap passwd sync" and shadow attributes
abartlet at samba.org
Wed Nov 2 02:18:07 GMT 2005
On Tue, 2005-11-01 at 21:13 -0500, Eric A. Hall wrote:
> On 11/1/2005 7:58 PM, Andrew Bartlett wrote:
> > On Mon, 2005-10-31 at 22:55 -0500, Eric A. Hall wrote:
> >>I just rechecked and am seeing the same thing you are: shadowLastChange
> >>does not get updated.
> > The idea (which never really got picked up properly) was that the ldap
> > server should do this. It could then update any type of password it
> > chose, and set all the right 'changed times' etc.
> > So we really need to work with vendors to have good modules in their
> > ldap servers.
> Are you asking the LDAP server to change the password, or are you changing
> it yourself? It sounds like the former, and if that's the case then the
> server should definitely be updating the shadow stuff.
We call the openldap password change control, giving it the new
plaintext. The LDAP server should do something sensible with it.
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051102/245155a9/attachment.bin
More information about the samba