Penguin

Differences between current version and previous revision of Samba3LDAP.

Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History

Newer page: version 15 Last edited on Tuesday, June 13, 2006 10:15:58 am by JeffDavis
Older page: version 14 Last edited on Tuesday, March 28, 2006 8:20:35 am by DanielLawson Revert
@@ -51,8 +51,17 @@
  ldap password sync = No 
  unix passwd sync = Yes 
  passwd program = /path/to/program %u 
  passwd chat = *chat*script* 
+</verbatim>  
+  
+Additionally, you may need to tweak your slapd.conf acls to support password sync. The DSA needs access to the root DSE in order to determine the server's capabilities. If you are using the Idealx scripts, this should do the trick:  
+  
+<verbatim>  
+ access to *  
+ by dn="cn=samba,ou=dsa,dc=example,dc=com" read  
+ by dn="cn=smbldap-tools,ou=dsa,dc=example,dc=com" read  
+ by * none  
 </verbatim> 
  
 Obviously, the passwd program and passwd chat parameters need to be tailored to your script. I use the smbldap-passwd program from IdealX, and have it set to only update the 'userPassword' attribute in LDAP, not the NT/LM hashes (as samba will do this anyway):