new unicode_password ldb module
Luke Howard
lukeh at padl.com
Wed Dec 28 08:34:08 GMT 2005
>I thought about using supplementalCredentials, but I was worried that I
>don't know what the format is. (I still haven't finished the crypto
>work on DRSUAPI).
Right, this is not an issue until you support replication. In the
shipping version of XAD, we did pretty much the same thing as you.
>We could rename our current unicodePwd -> userPassword, ntPwdHash ->
>unicodePwd, lmPwdHash -> dBCSPwd and krb5Key ->
>supplementalCredentials.
Actually, backwards compatibility can get really ugly when you use
the same attributes. So it's arguably better to use different ones.
>The other interesting challenge in this are is how to implement the
>'write to unicodePwd over LDAP', which has bizarre semantics (UCS2, with
>" surrounding), which wouldn't normally fit well into our ldb interface.
In XAD we have a plugin that, after validation, expands a modification
of the unicodePwd attribute to a series of modifications of other
attributes. You can probably do something with LDB, right?
cheers,
-- Luke
--
More information about the samba-technical
mailing list