otherwise you have to keep passwords in clear and somehow emulate (is
OpenLDAP capable of this ?) sambaNTPassword via cleartext userPassword
Password syncronization is trivial. See "ldap password sync" to do it
from the Samba side or the smbk5pwd overlay to extend the
hmm...
sounds very good.
by the way, does smbk5pwd work on ldap_modify request ?
No, only the password modify operation.
PHP/ldap doesn't have any ldap_passwd equivalence, so I change passwords
via mhash-->ldap_modify on userPassword field.
I'm pretty certain I recall having invoked extended operations via PHP
in the past. Look at the annotated online manual in the LDAP section,
probably under ldap_options(?) [ it has been awhile since I've done any
web development ].
http://php.net/ldap
hmm-m-m ... ldap_mod_replace ?
password-modify exop on the LDAP side to always set all passwords. Or
the third option is to use Kerberos for authentication of non-CIFS
connections as the Hiemdal KDC can use the same LDAP SAM as Samba.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
