Samba Password Synchronization Plugin.
This plugin captures clear-text password changes for a user and generates LanMan or NTLM hashes for the respective Samba attributes (sambaLMPassword and sambaNTPassword).
The Samba Password Plugin component inherits from the Plugin
A description of each property follows.
Basic Properties: | Advanced Properties: |
---|---|
↓ enabled | ↓ invoke-for-internal-operations |
↓ java-class | ↓ plugin-type |
↓ pwd-sync-policy | |
↓ samba-administrator-dn |
Description | Indicates whether the plug-in is enabled for use. |
Default Value | None |
Allowed Values | true false |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | Specifies the fully-qualified name of the Java class that provides the plug-in implementation. |
Default Value | org.opends.server.plugins.SambaPasswordPlugin |
Allowed Values | A java class that implements or extends the class(es) : org.opends.server.api.plugin.DirectoryServerPlugin |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | Specifies which Samba passwords should be kept synchronized. |
Default Value | sync-nt-password |
Allowed Values | sync-lm-password - Synchronize the LanMan password attribute "sambaLMPassword" sync-nt-password - Synchronize the NT password attribute "sambaNTPassword" |
Multi-valued | Yes |
Required | Yes |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
Description | Specifies the distinguished name of the user which Samba uses to perform Password Modify extended operations against this directory server in order to synchronize the userPassword attribute after the LanMan or NT passwords have been updated. The user must have the 'password-reset' privilege and should not be a root user. This user name can be used in order to identify Samba connections and avoid double re-synchronization of the same password. If this property is left undefined, then no password updates will be skipped. |
Default Value | Synchronize all updates to user passwords |
Allowed Values | A valid DN. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced Property | No |
Read-only | No |
invoke-for-internal-operations
Description | Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. |
Default Value | true |
Allowed Values | true false |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced Property | Yes |
Read-only | No |
Description | Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. |
Default Value | preoperationmodify
postoperationextended |
Allowed Values | intermediateresponse - Invoked before sending an intermediate repsonse message to the client. ldifexport - Invoked for each operation to be written during an LDIF export. ldifimport - Invoked for each entry read during an LDIF import. ldifimportbegin - Invoked at the beginning of an LDIF import session. ldifimportend - Invoked at the end of an LDIF import session. postconnect - Invoked whenever a new connection is established to the server. postdisconnect - Invoked whenever an existing connection is terminated (by either the client or the server). postoperationabandon - Invoked after completing the abandon processing. postoperationadd - Invoked after completing the core add processing but before sending the response to the client. postoperationbind - Invoked after completing the core bind processing but before sending the response to the client. postoperationcompare - Invoked after completing the core compare processing but before sending the response to the client. postoperationdelete - Invoked after completing the core delete processing but before sending the response to the client. postoperationextended - Invoked after completing the core extended processing but before sending the response to the client. postoperationmodify - Invoked after completing the core modify processing but before sending the response to the client. postoperationmodifydn - Invoked after completing the core modify DN processing but before sending the response to the client. postoperationsearch - Invoked after completing the core search processing but before sending the response to the client. postoperationunbind - Invoked after completing the unbind processing. postresponseadd - Invoked after sending the add response to the client. postresponsebind - Invoked after sending the bind response to the client. postresponsecompare - Invoked after sending the compare response to the client. postresponsedelete - Invoked after sending the delete response to the client. postresponseextended - Invoked after sending the extended response to the client. postresponsemodify - Invoked after sending the modify response to the client. postresponsemodifydn - Invoked after sending the modify DN response to the client. postresponsesearch - Invoked after sending the search result done message to the client. postsynchronizationadd - Invoked after completing post-synchronization processing for an add operation. postsynchronizationdelete - Invoked after completing post-synchronization processing for a delete operation. postsynchronizationmodify - Invoked after completing post-synchronization processing for a modify operation. postsynchronizationmodifydn - Invoked after completing post-synchronization processing for a modify DN operation. preoperationadd - Invoked prior to performing the core add processing. preoperationbind - Invoked prior to performing the core bind processing. preoperationcompare - Invoked prior to performing the core compare processing. preoperationdelete - Invoked prior to performing the core delete processing. preoperationextended - Invoked prior to performing the core extended processing. preoperationmodify - Invoked prior to performing the core modify processing. preoperationmodifydn - Invoked prior to performing the core modify DN processing. preoperationsearch - Invoked prior to performing the core search processing. preparseabandon - Invoked prior to parsing an abandon request. preparseadd - Invoked prior to parsing an add request. preparsebind - Invoked prior to parsing a bind request. preparsecompare - Invoked prior to parsing a compare request. preparsedelete - Invoked prior to parsing a delete request. preparseextended - Invoked prior to parsing an extended request. preparsemodify - Invoked prior to parsing a modify request. preparsemodifydn - Invoked prior to parsing a modify DN request. preparsesearch - Invoked prior to parsing a search request. preparseunbind - Invoked prior to parsing an unbind request. searchresultentry - Invoked before sending a search result entry to the client. searchresultreference - Invoked before sending a search result reference to the client. shutdown - Invoked during a graceful directory server shutdown. startup - Invoked during the directory server startup process. subordinatedelete - Invoked in the course of deleting a subordinate entry of a delete operation. subordinatemodifydn - Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. |
Multi-valued | Yes |
Required | Yes |
Admin Action Required | The Samba Password Plugin must be disabled and re-enabled for changes to this setting to take effect |
Advanced Property | Yes |
Read-only | No |