[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6550) Patch for smbk5pwd slapd overlay to include shadowLastChange

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6550) Patch for smbk5pwd slapd overlay to include shadowLastChange
From: michael@stroeder.com
Date: Fri, 14 May 2010 14:06:38 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Howard Chu wrote:
> michael@stroeder.com wrote:
>> michael@stroeder.com wrote:
>>> I'd rather argue that for
>>> Samba 3 'sambaPwdLastSet' should be set.
>>
>> Uumpf! This is already set. Sorry for the noise.
>>
>>> 'shadowLastChange' is rather a POSIX account attribute which from my
>>> understanding is out-of-scope for slapo-smbk5pwd. Well, the scope
>>> could be
>>> extended...
>>
>> But still it's the question whether we want to have this functionality
>> for
>> various password-related attribute all in on overlay or whether there
>> should
>> be distinct overlays for each account type (posixAccount/shadowAccount,
>> sambaSAMAccount, Kerberos user).
> 
> shadowAccount is deprecated. LDAP ppolicy already provides a
> pwdChangedTime attribute.

While I agree that slapo-ppolicy is the better solution in the long run I see
no reason why to not set both attributes at the server's side to make older
LDAP clients happy.

> Ultimately both Kerberos and Samba will just be using LDAP ppolicy.

Yes. But there is indeed a real need for a solution in the meantime...

Ciao, Michael.

Prev by Date: Re: (ITS#6550) Patch for smbk5pwd slapd overlay to include shadowLastChange
Next by Date: Re: (ITS#6550) Patch for smbk5pwd slapd overlay to include shadowLastChange
Index(es):
- Chronological
- Thread