openldap2007@mnagl.de wrote:

Full_Name: Matthias Nagl Version: OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (137.248.132.104)

The current stable version of mit-krb5 (http://web.mit.edu/Kerberos/) seems to have a much better support for LDAP-Backends than Heimdal. Sadly the smbk5pwd-overlay currently won't support password synchronization with the new MIT-schema. It would be great if smbk5pwd could be extended to work with the new mit-krb5.

You're welcome to submit a patch to provide the necessary support.

I'll note that the MIT schema is deficient in a number of areas too; we're looking at writing up an IETF Draft defining a more comprehensive schema that can be used by both MIT and Heimdal going forward.

As a total aside, the MIT code's stability leaves a lot to be desired. I won't deploy it on any of my networks because I've seen it crash too many times. In contrast, I've deployed Heimdal at numerous sites and never had to fuss with it, it just works. Your Mileage May Vary, just relating my personal experience accumulated over several years.