Hi, concerning Wolfgangs work on the GOsa setup for wheezy which I currently do for debian-lan, I found the following which I would like to share to not double debugging.
I had to modify the variable name to be send to gosa-sync: <pathMenu> <plugin acl="users/netatalk:self,users/environment:self,users/posixAccount:self,users/kolabAccount:self,users/php <plugin acl="users/password:self" class="password" - postmodify="USERPASSWORD=%userPassword /usr/bin/sudo /usr/local/sbin/gosa-sync %dn" + postmodify="USERPASSWORD=%new_password /usr/bin/sudo /usr/local/sbin/gosa-sync %dn" /> </pathMenu> If I don't do that, I end up with the hash in the variable making gosa sync fail. If you don't need that, it would be rather interesting to find out why it's needed here. In addition and for your information, I filed http://bugs.debian.org/698544 on the use of SASL instead of ssha as "password hash" in GOsa. Using SASL would allow to authenticate login to gosa with kerberos authentication. The password hashes would only be stored in kerberos and additionally providing the hash in LDAP wouldn't be needed anymore. kpasswd could be used for changes as well as the GOsa interface. Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130120123822.GA16810@fuzi