Actually, that's the point, my kerberos data and the userPassword are not in separate entries, so the locking issue. As far as concerned SASL passthrough, we are migrating users from OpenLDAP to KDC+OpenLDAP Backend. As we cannot derive a user password from the hash, first we have to force users to change their password (for the synchronization with the KDC password) and then to use SASL passthrough.
On 13/02/2014 22:18, Ryan Tandy wrote:
On 14-02-13 12:55 PM, Abdelkader Chelouah wrote:
The module is loaded correctly. However, the "ldappasswd" command hangs now. This is apparently due to a locking issue. Is anyone succeeded to configure the overlay ?
I'm using (slightly modified [1]) smbkrb5pwd in production and haven't encountered any such locking issue. Can you provide more details about your setup, and perhaps a debug log of such a hung request? I assume your userPassword attribute and Kerberos data are in separate entries as per the README.
[1] https://github.com/sd63/smbkrb5pwd/compare/opinsys:master...master
BTW, I don't understand your mention of SASL passthrough. The point of smbkrb5pwd is to synchronize the userPassword and Kerberos password. If you want to use SASL passthrough instead, then you should just change the Kerberos password directly, right?