Re: Getting OpenLDAP to auth users against sambaNTPassword

[Roger Sen Montero <rogersm@tau.uab.es>]

 Sorry if I'm late regarding this thread but I'm a lurker.
Recently a customer asked  for synchronizing NT SAM data (accounts and
passwords) and a openldap  server. Password sync must be on-line, but
accounts can be done in batch mode (on-line is desirable, but not a must)

 We have different solutions for password sync and the 'standard one'
seems to be:

   CYRUS SASL V 2.1.7
   BerkeleyDB 4.0
   pam_winbind (included in the SAMBA package)
   OpenLDAP 2.1.x

 as stated in:
http://www.enic.fr/people/landru/lobster/openldap/OpenLDAP-authenticating-with-PAM.txt


 but as some one said here 'it must be easier than this'. Is it possible
with the 2.2 SLAPI plug-in architecture to get the data from the NT domain
in the same way pam_winbind does (coding PAM in the plugin or moving the
code from the pam_winbind to the SLAPI plugin).

 Can I hook change password operations to do the same change password
operation in the NT domain?

 Suppose I need it now, and 2.2 is still not 'production code'. What can I
do with 2.1?

 Is it possible to stack backends in 2.1? Other possibility is coding a
back-passwd-winnt to filter the password related operations and let the
rest pass-thru to the main backend.

 Regards,
rogersm.