[Freeipa-users] FreeIPA and sambaPwdLastSet
Dmitri Pal
dpal at redhat.com
Tue Apr 28 17:45:31 UTC 2015
On 04/28/2015 12:17 PM, Christopher Lamb wrote:
> Hi All
>
> I wish to pick your brains on the attribute sambaPwdLastSet
>
> We have a newly setup FreeIPA 4.1.0, with users and groups migrated from an
> old 3.0.0 instance.
>
> We are also running Samba to share files to Windows and OSX users. This
> means that all the FreeIPA user accounts have the attribute
> sambaPwdLastSet.
>
> If this has the value 0, our users cannot map Samba shares, so we need to
> make sure the value is a positive integer.
>
> In an attempt to do this, I modified user.py, adding the attribute to the
> takes_params for the class user as follows:
>
> class user(LDAPObject):
> . . .
> takes_params = (
> . . .
> Int('sambapwdlastset?',
> label=_('sambaPwdLastSet'),
> doc=_('Date as an integer when the samba password was last set'
> ),
> default=1,
> autofill=True,
> ),
> . . .
>
> This works fine if I create a user via the CLI.
>
> However if I create a user via the Web UI, or use the Web UI to reset a
> user's password, then the attribute sambaPwdLastSet is set to zero.
>
> So what scripts do I need to change to make sure the Web UI sets
> sambaPwdLast Set to a positive value? (I don't want to run ldapmodify
> scripts, or have to use Apache Directory Studio to hack the db..)
>
> Or is there an altogether better approach to handling this field?
>
> Thanks
>
> Chris
>
>
>
>
>
May be you should consider managed entry plugin and make this attribute
be updated at the same time the standard password expiration attribute
is updated?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list