[389-users] 389-DSGW and userPassword / sambaNTPassword / sambaLMPassword synchronization

Rich Megginson rmeggins at redhat.com
Mon Jul 18 12:45:42 UTC 2011 

On 07/17/2011 03:32 PM, Alexandr Popov wrote:
> Hey, Rich!
>
> I've written a patch for DSGW. This patch allows to change 
> "userpassword" and "sambantpassword" synchronously when users change 
> their passwords in DSGW.
>
> Where should I learn how to make this patch available for community 
> feedback and usage?
Open a bugzilla at https://bugzilla.redhat.com/enter_bug.cgi?product=389
Attach the patch to the bug as an attachment
Post the link to the bug to the users list for review
>
>
> 2011/7/5 Rich Megginson <rmeggins at redhat.com <mailto:rmeggins at redhat.com>>
>
>     On 07/05/2011 07:02 AM, Alexandr Popov wrote:
>>     Hello!
>>
>>     I've got a directory server and DSGW running.
>>
>>     Mail server, openvpn server and samba share use ldap
>>     authentication against this directory server. Users change their
>>     passwords in DSGW.
>>
>>     The mailserver and openvpn use SSHA hash in "userpassword" field,
>>     but samba uses NT hash and LM hash in "sambantpassword" and
>>     "sambalmpassword" fields accordingly.
>>
>>     How can I make "userpassword" , "sambantpassword" and
>>     "sambalmpassword" fields change synchronously when users change
>>     their passwords in DSGW?
>>
>>     As I can understand, there is no already written 389-DS-plugin
>>     for synchronizing these fields.
>>     Moreover, it seems to me that such issues as mine are often
>>     solved on the ldap clients:
>>     http://web.archiveorange.com/archive/v/I3m7YImbRJ3Dj9WoXlCz
>>     Am I right?
>>
>>     So should I change domodify.c
>>     <http://git.fedorahosted.org/git?p=389/dsgw.git;a=blob;f=domodify.c;h=5a3719276e3283e80415a884998e5281e066a8c1;hb=refs/tags/389-dsgw-1.1.7>
>>     which is responsible for password change in DSGW? Does it seem to
>>     be useful for Community?
>>
>>     Looking forward to your prompt repy.
>     Patches welcome.
>
>     Or you could use IPA instead - IPA provides a plugin that keeps
>     all of your passwords in sync - userPassword, and Samba and
>     Kerberos passwords.
>>
>>     Best regards,
>>     Alex Popov.
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110718/ad3e51e0/attachment.html>

More information about the 389-users mailing list