On Fri, 2003-06-20 at 06:08, Roger Sen Montero wrote: > > Sorry if I'm late regarding this thread but I'm a lurker. > Recently a customer asked for synchronizing NT SAM data (accounts and > passwords) and a openldap server. Password sync must be on-line, but > accounts can be done in batch mode (on-line is desirable, but not a must) It sounds like you want to discuss Samba's 'vampire' features over on the samba lists. > We have different solutions for password sync and the 'standard one' > seems to be: > > CYRUS SASL V 2.1.7 > BerkeleyDB 4.0 > pam_winbind (included in the SAMBA package) > OpenLDAP 2.1.x > > as stated in: > http://www.enic.fr/people/landru/lobster/openldap/OpenLDAP-authenticating-with-PAM.txt > > > but as some one said here 'it must be easier than this'. Is it possible > with the 2.2 SLAPI plug-in architecture to get the data from the NT domain > in the same way pam_winbind does (coding PAM in the plugin or moving the > code from the pam_winbind to the SLAPI plugin). Moving code from pam_winbind into anything else has *bad idea* written all over it. The winbind pipe protocol is a samba-internal protocol, and we do change it at will. I produced a utility (ntlm_auth) to specifically get squid out of this mess (which I got them into :-). > Can I hook change password operations to do the same change password > operation in the NT domain? > > Suppose I need it now, and 2.2 is still not 'production code'. What can I > do with 2.1? > > Is it possible to stack backends in 2.1? Other possibility is coding a > back-passwd-winnt to filter the password related operations and let the > rest pass-thru to the main backend. > > Regards, > rogersm. -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
Attachment:
signature.asc
Description: This is a digitally signed message part