On Thu, Nov 08, 2007 at 12:08:04PM -0700, Richard Megginson wrote:
Jonathan Barber wrote:
>On Thu, Nov 08, 2007 at 08:23:37AM -0700, Richard Megginson wrote:
>
>>Jonathan Barber wrote:
>>
>>>I'm having a look (again) at writing a couple of plugins, the aspects
>>>I'm interested in are:
>>>
>>>1) Updating samba hashes when an entries userpassword is updated (both
>>> through the password extop and LDAP replace/add)
>>>
>>>
>>This has already been done as part of the
freeipa.org project. It also
>>does Kerberos. I don't know how hard it would be to just use it for
>>Samba, but probably much easier than writing from scratch.
>>
>
>Wow, that looks like an exciting project. Looks like they have an eye on
>dealing with the memberuid stuff as well.
>
>What's the relationship between the freeipa and fds projects, will we see
>their plugins packaged into fds?
>
freeipa will support using fedora ds as its ldap backend
We will probably incorporate their plugins into fedora ds at some point.
[snip]
>Hmm, is there a way of disabling the existing password exop from
the
>server config then, so if I use the freeipa plugin, I can stop the
>existing password exop from interfering, or is that overly paranoid?
>
>I ask, as disabling the plugin by recompiling the main server gives me
>the willies for deploying into a production service.
>
I'm not sure. Take a look at what the freeipa guys have done.
I did, they don't seem to do anything.
[snip]
--
Jonathan Barber
High Performance Computing Analyst
Tel. +44 (0) 1382 386389