They are many years that i use smbldap-tools to manage my samba
domains, on debian, currently on lenny.
In these years i've coded some patches and new features, but i've post
them probably on wrong places: one time on IDEALIX, one time to
sourceforge project.
Now seems that this project are living here. ;)
My patches are:
1) fix sambaPwdLastSet attribute that have to be zero to force a
passwrod change on lenny's Samba (on smbldap-passwd)
[there was also a bug report on sf on thuis, AFAI remember]
2) fix '-T' option so that can be used to 'remove' email forward, i was
not able to do so... apart usting something like -T ","...
3) added a script, 'smbldap-useraccess', to update logon and logout
timestamp access (needed for italian privacy law).
4) added a script, 'smbldap-userexpire', that ''sanitize'' samba and
POSIX/shadow data, and migrate expiration info from Samba to
POSIX/shadow.
The rationale of this script came from the fact that ''vampirizing''
data from an NT domain leave account repository in a total ''dirty''
state in terms of expiration, and starting from this idea i've build up
a script that also keep in sync shadow with samba.
5) added a script, 'smbldap-userwarn', that scan user base and return
error code (and messages) if an account was expiring; these error code
can be ''catched'' by and external script and used to send warnings
(usually by email).
The rationale of this script came from the fact that some user have
account on remote domains, never or very seldom do logon on this domain
and so the got the account locked without notice.
Also was useful for a set of linux workstatios that use the ldap
account and password, because (even with sincronization) it is hard to
match samba and posix expiration.
6) a totaly custom extension to all above scripts, so the mail forward
parameters (-T) accept a ''expiration date''; in the LDAP schema
there's no room for an expiration date, so i've implemented as a crude
hack saving email forward as:
daystoexpire:[email protected]
and clearly hacking MTA configuration accordingly.
All hacks are clearly available as the same licence of the
smbldap-tools project, and apart the number 6 i think also generally useful.
Say me if and how i can contribute them to the project. Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
_______________________________________________
Smbldap-tools-tech mailing list
[email protected]
https://mail.gna.org/listinfo/smbldap-tools-tech