[email protected] wrote: > [email protected] wrote: >> I'd rather argue that for >> Samba 3 'sambaPwdLastSet' should be set. > > Uumpf! This is already set. Sorry for the noise. > >> 'shadowLastChange' is rather a POSIX account attribute which from my >> understanding is out-of-scope for slapo-smbk5pwd. Well, the scope could be >> extended... > > But still it's the question whether we want to have this functionality for > various password-related attribute all in on overlay or whether there should > be distinct overlays for each account type (posixAccount/shadowAccount, > sambaSAMAccount, Kerberos user).
shadowAccount is deprecated. LDAP ppolicy already provides a pwdChangedTime attribute. > Personally I'd like to see this overlay moved from contrib/ into the standard > build. But for Kerberos-related attributes the build and schema dependencies > are an obstacle. => separate overlays at least for KDC/LDAP and > Samba-Posix/LDAP. Ultimately both Kerberos and Samba will just be using LDAP ppolicy. But yes, the build dependencies are still annoying. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
