On Tue, 28 Apr 2015, Dmitri Pal wrote:
On 04/28/2015 12:17 PM, Christopher Lamb wrote:
Hi All

I wish to pick your brains on the attribute sambaPwdLastSet

We have a newly setup FreeIPA 4.1.0, with users and groups migrated from an
old 3.0.0 instance.

We are also running Samba to share files to Windows and OSX users. This
means that all the FreeIPA user accounts have the attribute

If this has the value 0, our users cannot map Samba shares, so we need to
make sure the value is a positive integer.

In an attempt to do this, I modified user.py, adding the attribute to the
takes_params for the class user as follows:

class user(LDAPObject):
   . . .
   takes_params = (
        . . .
            doc=_('Date as an integer when the samba password was last set'
        . . .

This works fine if I create a user via the CLI.

However if I create a user via the Web UI, or use the Web UI to reset a
user's password, then the attribute sambaPwdLastSet is set to zero.

So what scripts do I need to change to make sure the Web UI sets
sambaPwdLast Set to a positive value? (I don't want to run ldapmodify
scripts, or have to use Apache Directory Studio to hack the db..)

Or is there an altogether better approach to handling this field?



May be you should consider managed entry plugin and make this attribute be updated at the same time the standard password expiration attribute is updated?
Dmitri, it is already updated -- we set it to 0 when admin changes
user's password.

I've wrote an answer to Chris but forgot to CC: the list. I'll re-send
my answer.
/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to