[Samba] "ldap passwd sync" and shadow attributes

Andrew Bartlett abartlet at samba.org
Wed Nov 2 02:18:07 GMT 2005

On Tue, 2005-11-01 at 21:13 -0500, Eric A. Hall wrote:
> On 11/1/2005 7:58 PM, Andrew Bartlett wrote:
> > On Mon, 2005-10-31 at 22:55 -0500, Eric A. Hall wrote:
> >>I just rechecked and am seeing the same thing you are: shadowLastChange
> >>does not get updated.
> > 
> > The idea (which never really got picked up properly) was that the ldap
> > server should do this.  It could then update any type of password it
> > chose, and set all the right 'changed times' etc.
> > 
> > So we really need to work with vendors to have good modules in their
> > ldap servers.
> Are you asking the LDAP server to change the password, or are you changing
> it yourself? It sounds like the former, and if that's the case then the
> server should definitely be updating the shadow stuff.

We call the openldap password change control, giving it the new
plaintext.  The LDAP server should do something sensible with it.

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051102/245155a9/attachment.bin

More information about the samba mailing list