[Freeipa-users] Re: kadmin help when using LDAP db (MIT kerberos)
Robert Marcano
robert at marcanoonline.com
Mon Nov 17 13:27:15 UTC 2008
On Sun, 2008-11-16 at 16:58 -0500, Simo Sorce wrote:
> On Sun, 2008-11-16 at 14:41 -0430, Robert Marcano wrote:
> > I added a little patch to freeipa in order to update sambaPwdLastSet on
> > the DS plugin code (ipa_pwd_extop.c), see attachment
>
> Interesting, although we should probbaly better patch samba to use
> freeipa's own fields, keeping mulitple copies of the same data is always
> a mess as they easily get out of sync.
The same can be said about the password hashes that can go out of sync
for some unexpected reason (and those can not be merged with any
existing field). I think the only way to have this patched on Samba is
to build a new passdb backend (reusing code from the ldap backend), that
way no schema change will occur for any current Samba/LDAP user, and the
samba configuration for IPA can be made easier, no "ldap * suffix" to be
defined, minimum one setting will be needed, the IPA domain
>
> Simo.
>
More information about the Freeipa-users
mailing list