[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to obtain a 'version number' of an attributes

To: Andrew Bartlett <abartlet@samba.org>
Subject: Re: How to obtain a 'version number' of an attributes
From: Howard Chu <hyc@symas.com>
Date: Mon, 24 May 2010 19:47:39 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <1274753849.2732.166.camel@naomi.s4.naomi.abartlet.net>
References: <1274753849.2732.166.camel@naomi.s4.naomi.abartlet.net>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.3a5pre) Gecko/20100413 Firefox 3.6

Andrew Bartlett wrote:

I've got a little challenge...

there is an attribute in AD call msDS-KeyVersionNumber.  In AD this
operational attribute increments each time the unicodePwd attribute is
updated.  It is typically a small integer, being the number of times
that the password has ever been changed.

In Samba4, we maintain this by looking into our replication metadata
(replPropertyMetaData), and returning a counter that is maintained
there.

I could maintain this manually from Samba's side (this is what we did in
the past), but I wanted to first check if there was something already
stored that I could convert.

We don't keep a counter on the LDAP side. However, the Heimdal KDC maintainsthe keyVersionNumber, and it seems to me that you'd have that integrated hereas well.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- How to obtain a 'version number' of an attributes
  - From: Andrew Bartlett <abartlet@samba.org>

Prev by Date: How to obtain a 'version number' of an attributes
Next by Date: Re: How to obtain a 'version number' of an attributes
Index(es):
- Chronological
- Thread