[Samba] Samba 3.0.24 handling LDAP responses incorrectly
Adam Tauno Williams
adamtaunowilliams at gmail.com
Wed Apr 9 19:11:21 GMT 2008
On Wed, 2008-04-09 at 11:57 -0400, simo wrote:
> On Wed, 2008-04-09 at 17:54 +0200, Volker Lendecke wrote:
> > On Wed, Apr 09, 2008 at 11:40:33AM -0400, Adam Tauno Williams wrote:
> > > > > How are these policies exactly defined in LDAP? Are they
> > > > > visible for LDAP clients?
> > > > It's an explicit entry in LDAP:
> > > ppolicy support in Samba would be awesome. Would make PCI/DSS (and
> > > other regulatory compliance) *much* easier for shops using a Samba PDC.
> > > <http://www.openldap.org/software/man.cgi?query=slapo-ppolicy>
> > Ok, that looks doable. Problem is as always developer time.
> > I'd be happy to review patches though.
> FYI: we are discussing for a new IETF blessed RFC proposal for a
> standard way to handle password policies in LDAP. Nothing implemented in
> servers so far of course, but better to take that in account if someone
> is going to write a patch so that it will be easier to switch to the
> "standard" if we get one at the end of the process.
This is different than the existing one? From the ppolicy man page:
"The ppolicy overlay is an implementation of the most recent IETF Pass-
word Policy proposal for LDAP."
More information about the samba