> I've got a little challenge... > > there is an attribute in AD call msDS-KeyVersionNumber. In AD this > operational attribute increments each time the unicodePwd attribute is > updated. It is typically a small integer, being the number of times > that the password has ever been changed. > > In Samba4, we maintain this by looking into our replication metadata > (replPropertyMetaData), and returning a counter that is maintained > there. > > I could maintain this manually from Samba's side (this is what we did in > the past), but I wanted to first check if there was something already > stored that I could convert.
If I understand correctly what you're asking for, modifications of the unicodePwd attribute should be accompanied by modify:increment of a counter. Something like: dn: cn=someone changetype: modify replace: unicodePwd unicodePwd:: <some value> - should be transformed into dn: cn=someone changetype: modify replace: unicodePwd unicodePwd:: <some value> - increment: msDS-KeyVersionNumber msDS-KeyVersionNumber: 1 - This way, the modification is atomic. As usual, this could be accomplished by stacking an overlay that intercepts modifications to specified attributes, like unicodePwd. Can you formalize this a little bit more? p.
