[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6550) Patch for smbk5pwd slapd overlay to include shadowLastChange
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6550) Patch for smbk5pwd slapd overlay to include shadowLastChange
- From: hyc@symas.com
- Date: Fri, 14 May 2010 13:01:29 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
michael@stroeder.com wrote:
> michael@stroeder.com wrote:
>> I'd rather argue that for
>> Samba 3 'sambaPwdLastSet' should be set.
>
> Uumpf! This is already set. Sorry for the noise.
>
>> 'shadowLastChange' is rather a POSIX account attribute which from my
>> understanding is out-of-scope for slapo-smbk5pwd. Well, the scope could be
>> extended...
>
> But still it's the question whether we want to have this functionality for
> various password-related attribute all in on overlay or whether there should
> be distinct overlays for each account type (posixAccount/shadowAccount,
> sambaSAMAccount, Kerberos user).
shadowAccount is deprecated. LDAP ppolicy already provides a pwdChangedTime
attribute.
> Personally I'd like to see this overlay moved from contrib/ into the standard
> build. But for Kerberos-related attributes the build and schema dependencies
> are an obstacle. => separate overlays at least for KDC/LDAP and Samba-Posix/LDAP.
Ultimately both Kerberos and Samba will just be using LDAP ppolicy. But yes,
the build dependencies are still annoying.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/