[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6550) Patch for smbk5pwd slapd overlay to include shadowLastChange

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6550) Patch for smbk5pwd slapd overlay to include shadowLastChange
From: hyc@symas.com
Date: Fri, 14 May 2010 13:01:29 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

michael@stroeder.com wrote:
> michael@stroeder.com wrote:
>> I'd rather argue that for
>> Samba 3 'sambaPwdLastSet' should be set.
>
> Uumpf! This is already set. Sorry for the noise.
>
>> 'shadowLastChange' is rather a POSIX account attribute which from my
>> understanding is out-of-scope for slapo-smbk5pwd. Well, the scope could be
>> extended...
>
> But still it's the question whether we want to have this functionality for
> various password-related attribute all in on overlay or whether there should
> be distinct overlays for each account type (posixAccount/shadowAccount,
> sambaSAMAccount, Kerberos user).

shadowAccount is deprecated. LDAP ppolicy already provides a pwdChangedTime 
attribute.

> Personally I'd like to see this overlay moved from contrib/ into the standard
> build. But for Kerberos-related attributes the build and schema dependencies
> are an obstacle. =>  separate overlays at least for KDC/LDAP and Samba-Posix/LDAP.

Ultimately both Kerberos and Samba will just be using LDAP ppolicy. But yes, 
the build dependencies are still annoying.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#6550) Patch for smbk5pwd slapd overlay to include shadowLastChange
Next by Date: Re: (ITS#6550) Patch for smbk5pwd slapd overlay to include shadowLastChange
Index(es):
- Chronological
- Thread