[ltb-dev] [LDAP Tool Box - Feature #714] (New) Add some attibutes sambaSamAccount/shadowAccount

noreply at lsc-project.org noreply at lsc-project.org
Wed Jul 30 16:51:21 CEST 2014

Issue #714 has been reported by Jarbas Peixoto Junior.

Feature #714: Add some attibutes sambaSamAccount/shadowAccount

Author: Jarbas Peixoto Junior
Status: New
Priority: Normal
Assigned to: Clément OUDOT
Category: Self Service Password
Target version: self-service-password-?

When a password is changed and used by samba, it's interesting that the logged on Windows user received notification that your password has expired, but was not allowed to even change the password with a simple CTRL + ALT + DEL. 

The above same situation can be applied to Linux desktops. 

With the help of some attributes can force the user to know that your password has expired and at the same time does not allow it to be possible to change it in Windows / Linux. Thus the only alternative is to access the URL with that application, thus ensuring uniformity of validations. 

MaxPwdAge - Password Expiry (in days) 
MinPwdAge - How many days after I exchange again. 

Note: When MinPwdAge MaxPwdAge is larger than the exchange can be made only after the password expiration.

A code snippet (from lib/functions.inc.php) with the suggested changes is below: 



    $PwdLastSet=time();         # Today - now
    $MaxPwdAge=45;              # Password Expiry (in days)
    $MinPwdAge=365;             # How many days after I exchange again

    # Set Samba password value
    if ( $samba_mode ) {
        $userdata["sambaNTPassword"] = make_md4_password($password);
        $userdata["sambaPwdLastSet"] = $PwdLastSet;                     # Now
        $userdata["sambaPwdMustChange"] = $PwdLastSet+$MaxPwdAge;       # So when the password is valid. 
        $userdata["sambaPwdCanChange"] = $PwdLastSet+$MinPwdAge;        # When you can change the password again.


    # Shadow options
    if ( $shadow_options['update_shadowLastChange'] ) {
        $userdata["shadowLastChange"] = floor($PwdLastSet/60/60/24);    # When the password has been changed. 
        $userdata["shadowMax"] = floor($MaxPwdAge/60/60/24);            # Password Age (days).
        $userdata["shadowWarning"] = 7;                                 # How many days before expiry will be warned


You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20140730/967cd552/attachment.htm>

More information about the ltb-dev mailing list