Andrew Bartlett wrote:
I've got a little challenge...
there is an attribute in AD call msDS-KeyVersionNumber. In AD this
operational attribute increments each time the unicodePwd attribute is
updated. It is typically a small integer, being the number of times
that the password has ever been changed.
In Samba4, we maintain this by looking into our replication metadata
(replPropertyMetaData), and returning a counter that is maintained
there.
I could maintain this manually from Samba's side (this is what we did in
the past), but I wanted to first check if there was something already
stored that I could convert.
We don't keep a counter on the LDAP side. However, the Heimdal KDC maintains
the keyVersionNumber, and it seems to me that you'd have that integrated here
as well.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
