Re: Proxy authorization fail with cyrus-sasl and postfix
On Mon, 24 May 2010 15:37:48 +0200 (CEST), masar...@aero.polimi.it wrote: Just change your authz-regexp line to authz-regexp ^uid=([^,]+).*,cn=[^,]*,cn=auth$ ldap:///dc=linuxwall,dc=info??sub?(|(uid=$1)(mail=$1)) p. YES ! I WORKS ! I couldn't be more grateful, I spent days trying to diagnose this, it's written nowhere in the postfix doc that it tries to authenticate using the mail value... Thanks a lot. Julien thanks a lot !
Integration OpenLDAP - MS Active Directory
Hello everyone, I would like to know if any of you. has had experience of integration of AD with LDAP. My idea is to have a core LDAP and AD users consume. I have a concern would be the root domain and AD ldap.sitio.int eg ad.sitio.int would not? LDAP (sitio.int) --- AD (sitio.int) I have understood that you can import / export an LDIF from OpenLDAP to AD. I am implementing this scheme for a unified authentication issue, working through cross-platform and I must be based on an LDAP. Sincerely, Sebastián Veloso Vars
How to obtain a 'version number' of an attributes
I've got a little challenge... there is an attribute in AD call msDS-KeyVersionNumber. In AD this operational attribute increments each time the unicodePwd attribute is updated. It is typically a small integer, being the number of times that the password has ever been changed. In Samba4, we maintain this by looking into our replication metadata (replPropertyMetaData), and returning a counter that is maintained there. I could maintain this manually from Samba's side (this is what we did in the past), but I wanted to first check if there was something already stored that I could convert. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. signature.asc Description: This is a digitally signed message part
Re: How to obtain a 'version number' of an attributes
Andrew Bartlett wrote: I've got a little challenge... there is an attribute in AD call msDS-KeyVersionNumber. In AD this operational attribute increments each time the unicodePwd attribute is updated. It is typically a small integer, being the number of times that the password has ever been changed. In Samba4, we maintain this by looking into our replication metadata (replPropertyMetaData), and returning a counter that is maintained there. I could maintain this manually from Samba's side (this is what we did in the past), but I wanted to first check if there was something already stored that I could convert. We don't keep a counter on the LDAP side. However, the Heimdal KDC maintains the keyVersionNumber, and it seems to me that you'd have that integrated here as well. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: How to obtain a 'version number' of an attributes
On Tue, 2010-05-25 at 05:11 +0200, masar...@aero.polimi.it wrote: I've got a little challenge... there is an attribute in AD call msDS-KeyVersionNumber. In AD this operational attribute increments each time the unicodePwd attribute is updated. It is typically a small integer, being the number of times that the password has ever been changed. In Samba4, we maintain this by looking into our replication metadata (replPropertyMetaData), and returning a counter that is maintained there. I could maintain this manually from Samba's side (this is what we did in the past), but I wanted to first check if there was something already stored that I could convert. If I understand correctly what you're asking for, modifications of the unicodePwd attribute should be accompanied by modify:increment of a counter. Something like: dn: cn=someone changetype: modify replace: unicodePwd unicodePwd:: some value - should be transformed into dn: cn=someone changetype: modify replace: unicodePwd unicodePwd:: some value - increment: msDS-KeyVersionNumber msDS-KeyVersionNumber: 1 - This way, the modification is atomic. As usual, this could be accomplished by stacking an overlay that intercepts modifications to specified attributes, like unicodePwd. Can you formalize this a little bit more? That's pretty much what I was looking for. The exact semantics don't matter too much, but this I need: - a 'small' monotonically increasing increasing integer - only increases for unicodePwd, not other updates. - always strictly related to the unicodePwd value it was incremented for (as it will be used as an abstract idenifier, along with the DN/samaccountname/etc to identify the secret unicodePwd value). Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. signature.asc Description: This is a digitally signed message part
Re: How to obtain a 'version number' of an attributes
--On Tuesday, May 25, 2010 5:11 AM +0200 masar...@aero.polimi.it wrote: This way, the modification is atomic. As usual, this could be accomplished by stacking an overlay that intercepts modifications to specified attributes, like unicodePwd. Can you formalize this a little bit more? Imagine the possibilities if you could generalize this for uidNumber's too... --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration