[389-users] 389-DSGW and userPassword / sambaNTPassword / sambaLMPassword synchronization

Rich Megginson rmeggins at redhat.com
Tue Jul 5 14:43:36 UTC 2011

On 07/05/2011 07:02 AM, Alexandr Popov wrote:
> Hello!
> I've got a directory server and DSGW running.
> Mail server, openvpn server and samba share use ldap authentication 
> against this directory server. Users change their passwords in DSGW.
> The mailserver and openvpn use SSHA hash in "userpassword" field, but 
> samba uses NT hash and LM hash in "sambantpassword" and 
> "sambalmpassword" fields accordingly.
> How can I make "userpassword" , "sambantpassword" and 
> "sambalmpassword" fields change synchronously when users change their 
> passwords in DSGW?
> As I can understand, there is no already written 389-DS-plugin for 
> synchronizing these fields.
> Moreover, it seems to me that such issues as mine are often solved on 
> the ldap clients:
> http://web.archiveorange.com/archive/v/I3m7YImbRJ3Dj9WoXlCz
> Am I right?
> So should I change domodify.c 
> <http://git.fedorahosted.org/git?p=389/dsgw.git;a=blob;f=domodify.c;h=5a3719276e3283e80415a884998e5281e066a8c1;hb=refs/tags/389-dsgw-1.1.7> 
> which is responsible for password change in DSGW? Does it seem to be 
> useful for Community?
> Looking forward to your prompt repy.
Patches welcome.

Or you could use IPA instead - IPA provides a plugin that keeps all of 
your passwords in sync - userPassword, and Samba and Kerberos passwords.
> Best regards,
> Alex Popov.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110705/a3ddbf4b/attachment.html>

More information about the 389-users mailing list