On 4/22/22 20:56, Abdelkader Chelouah wrote:
On 22/04/2022 17:38, Quanah Gibson-Mount wrote:
--On Friday, April 22, 2022 12:47 PM +0200 Abdelkader Chelouah a.chelouah@gmail.com wrote:
I used to build smbkrb5pwd module (https://github.com/opinsys/smbkrb5pwd) under OpenLDAP 2.4 and everything was working as expected. Starting from OpenLDAP 2.5, building the module still succeeds but an error 80 occurs when the module is loaded
I'm wondering if someone has experienced the same issue and was able to overcome it ?
You need to contact the code owner and ask them to update the module for OpenLDAP 2.5+ compatibility. This is not an OpenLDAP issue.
I know it is the right approach. However, the source code is no longer maintained (no commit for 6 years) and the code owner is not responding to any request.
But how could others help here except taking over maintenance of the module?
You could take another approach and use back-sock as overlay, configure it to send extended operations (e.g. Password Modify ext. op.) to an external process via Unix domain socket, and let this external process sync the password via kadmind.
https://www.openldap.org/software/man.cgi?query=slapd-sock
I did something like this to sync password changes to MS AD via LDAPS. The code for the external listener implemented in Python is buried into a module package:
https://code.stroeder.com/AE-DIR/ae-dir-pproc/src/branch/main/aedir_pproc/pw...
Did not use the code for a while though. But it can serve as an example how to do it.
Ciao, Michael.
P.S.: No, I won't implement such kadmind support myself. I have no interest in Kerberos in my FLOSS projects.