[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: smbk5pwd and ppolicy working together

To: adamtaunowilliams@gmail.com
Subject: Re: smbk5pwd and ppolicy working together
From: Howard Chu <hyc@symas.com>
Date: Wed, 02 Apr 2008 13:32:06 -0700
Cc: openldap-software@openldap.org
In-reply-to: <1207164419.5657.61.camel@WM_ADAM1.morrison.iserv.net>
References: <47F27B2A.5060607@archer-group.com> <47F28040.90304@tranquil-it-systems.fr> <47F28816.3010504@archer-group.com> <47F29112.3040909@archer-group.com> <1207085230.24284.44.camel@localhost> <47F2BE74.7090900@symas.com> <47F3A56E.1080705@archer-group.com> <1207164419.5657.61.camel@WM_ADAM1.morrison.iserv.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9b5pre) Gecko/2008030700 SeaMonkey/2.0a1pre

Adam Tauno Williams wrote:

Is your Samba server binding as your manager/admin DN?  Don't do that,
ever.   Create a bind context for Samba and use ACLs to give that
context the access it requires.   I don't know if it will fix Samba
+ppolicy but it is the correct thing to do either way.

Correct. As the slapo-ppolicy(5) manpage states, the admin DN bypasses most policy restrictions. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

References:
- smbk5pwd and ppolicy working together
  - From: Ryan Steele <rsteele@archer-group.com>
- Re: smbk5pwd and ppolicy working together
  - From: Pat Riehecky <prieheck@iwu.edu>
- Re: smbk5pwd and ppolicy working together
  - From: Howard Chu <hyc@symas.com>
- Re: smbk5pwd and ppolicy working together
  - From: Ryan Steele <rsteele@archer-group.com>
- Re: smbk5pwd and ppolicy working together
  - From: Adam Tauno Williams <adamtaunowilliams@gmail.com>

Prev by Date: Re: restricting slapd memory consumption
Next by Date: Re: slap_sl_malloc of X bytes failed, using ch_malloc
Index(es):
- Chronological
- Thread