This patch from "Stefan (metze) Metzmacher" <metze@metzemix.de> cleans up

pdb_ldap and adds a 'ldap passwd sync' option.

The idea with this option is to do allow an ldap backend to do all the fancy
password hashing etc - and to tell smbd no to try and double-up.  Using 'ldap
passwd sync = only' will do this, but is not recommended unless such a backend
is in place...

Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd
sync = yes' and having both PAM and pam_ldap correctly configured for 'magic
root' behaviour, but only using ldap connection, and one set of credentials.

This also gets us closer to allowing ldap to say 'password too short' etc,
which might assist in maintaining a consistant password policy.

Andrew Bartlett
(This used to be commit f13e243f1a13d34ae057b40b01f561e8b95d4570)

1 files changed, 4 insertions, 1 deletions

diff --git a/source3/include/smb.h b/source3/include/smb.h
index 59bfb6b449..c39ebed950 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -616,7 +616,7 @@ typedef struct sam_passwd
 		
 		DATA_BLOB lm_pw; /* .data is Null if no password */
 		DATA_BLOB nt_pw; /* .data is Null if no password */
-		DATA_BLOB plaintext_pw; /* .data is Null if not available */
+		char* plaintext_pw; /* is Null if not available */
 		
 		uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
 		uint32 unknown_3; /* 0x00ff ffff */
@@ -1346,6 +1346,9 @@ enum schema_types {SCHEMA_COMPAT, SCHEMA_AD, SCHEMA_SAMBA};
 /* LDAP SSL options */
 enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
 
+/* LDAP PASSWD SYNC methods */
+enum ldap_passwd_sync_types {LDAP_PASSWD_SYNC_ON, LDAP_PASSWD_SYNC_OFF, LDAP_PASSWD_SYNC_ONLY};
+
 /* Remote architectures we know about. */
 enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_SAMBA};