[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6550) Patch for smbk5pwd slapd overlay to include shadowLastChange

Mark A. Ziesemer wrote:
> 2010/5/14 Michael Ströder <michael@stroeder.com
> <mailto:michael@stroeder.com>>
> 'shadowLastChange' is rather a POSIX account attribute which from my 
> understanding is out-of-scope for slapo-smbk5pwd. Well, the scope could be 
> extended...
> I guess I wouldn't have any objections if all the references to "shadow"
> were renamed to "posix".  However, the shadowLastChange attribute is
> part of the shadowAccount objectClass - with neither of these names
> referring to POSIX.

I didn't consider to change the name of the attribute. With POSIX account data
I rather wanted to point to RFC 2307 where posixAccount and shadowAccount
object classes and the accompanying attributes are defined.

Don't get me wrong. I support the idea of setting shadowLastChange even if
Howard considers it to be deprecated. And I have no objections to a
one-sets-all-of-these overlay.

But I'd even like to see this overlay available as standard feature. Since in
the current state it has build dependencies to Kerberos libs this is not easy.
Only building the Samba support is possible and needs some tweaking of the

> There are many issues posted online with all the password attributes
> except shadowLastChange getting updated.  This patch should provide a
> solution for many of these cases.

Yupp. I already thought these problems long ago when implementing the
different password change use-cases in web2ldap.

Ciao, Michael.