On Tue, 28 Apr 2015, Dmitri Pal wrote:
On 04/28/2015 12:17 PM, Christopher Lamb wrote:
Hi All
I wish to pick your brains on the attribute sambaPwdLastSet
We have a newly setup FreeIPA 4.1.0, with users and groups migrated from an
old 3.0.0 instance.
We are also running Samba to share files to Windows and OSX users. This
means that all the FreeIPA user accounts have the attribute
sambaPwdLastSet.
If this has the value 0, our users cannot map Samba shares, so we need to
make sure the value is a positive integer.
In an attempt to do this, I modified user.py, adding the attribute to the
takes_params for the class user as follows:
class user(LDAPObject):
. . .
takes_params = (
. . .
Int('sambapwdlastset?',
label=_('sambaPwdLastSet'),
doc=_('Date as an integer when the samba password was last set'
),
default=1,
autofill=True,
),
. . .
This works fine if I create a user via the CLI.
However if I create a user via the Web UI, or use the Web UI to reset a
user's password, then the attribute sambaPwdLastSet is set to zero.
So what scripts do I need to change to make sure the Web UI sets
sambaPwdLast Set to a positive value? (I don't want to run ldapmodify
scripts, or have to use Apache Directory Studio to hack the db..)
Or is there an altogether better approach to handling this field?
Thanks
Chris
May be you should consider managed entry plugin and make this
attribute be updated at the same time the standard password expiration
attribute is updated?
Dmitri, it is already updated -- we set it to 0 when admin changes
user's password.
I've wrote an answer to Chris but forgot to CC: the list. I'll re-send
my answer.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
