Pat Riehecky wrote:
Like many before me I would love to get the smbk5pwd module up and running, but I have a question.
In OpenLDAP 2.4.7: If I set a password expiration time up (with ppolicy), and the user's password expires, does it lock the Heimdal, Samba, and ldap passwords?
No. The smbk5pwd overlay doesn't know about ppolicy, and vice versa. smbk5pwd could be patched to look for the ppolicy expiration, of course.
On the flip side, if I set a password expiration time up (with smbk5pwd), and the user's password expires, does it lock the Heimdal, Samba, and ldap passwords?
Likewise, no.
Or perhaps more to the point, what can I do to keep all three of these passwords either all valid or all expired at the same time?
Extend the smbk5pwd code to synchronize their different policy attributes, and submit your patch to the ITS.
The documentation is a bit vague on this one point, and the archives left me still in confusion.....
The documentation states exactly what the overlay will manage. Anything that isn't described is clearly not going to be managed.