Configuration Reference Home
OpenDJ - Samba Password Plugin

Samba Password Plugin

Samba Password Synchronization Plugin.

This plugin captures clear-text password changes for a user and generates LanMan or NTLM hashes for the respective Samba attributes (sambaLMPassword and sambaNTPassword).

Parent Component

The Samba Password Plugin component inherits from the Plugin

Properties

A description of each property follows.


Basic Properties: Advanced Properties:
↓ enabled ↓ invoke-for-internal-operations
↓ java-class ↓ plugin-type
↓ pwd-sync-policy
↓ samba-administrator-dn

Basic Properties

enabled

Description
Indicates whether the plug-in is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No

java-class

Description
Specifies the fully-qualified name of the Java class that provides the plug-in implementation.
Default Value
org.opends.server.plugins.SambaPasswordPlugin
Allowed Values
A java class that implements or extends the class(es) :
org.opends.server.api.plugin.DirectoryServerPlugin
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No

pwd-sync-policy

Description
Specifies which Samba passwords should be kept synchronized.
Default Value
sync-nt-password
Allowed Values
sync-lm-password - Synchronize the LanMan password attribute "sambaLMPassword"

sync-nt-password - Synchronize the NT password attribute "sambaNTPassword"


Multi-valued
Yes
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No

samba-administrator-dn

Description
Specifies the distinguished name of the user which Samba uses to perform Password Modify extended operations against this directory server in order to synchronize the userPassword attribute after the LanMan or NT passwords have been updated. The user must have the 'password-reset' privilege and should not be a root user. This user name can be used in order to identify Samba connections and avoid double re-synchronization of the same password. If this property is left undefined, then no password updates will be skipped.
Default Value
Synchronize all updates to user passwords
Allowed Values
A valid DN.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No


Advanced Properties

invoke-for-internal-operations

Description
Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked.
Default Value
true
Allowed Values
true
false
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
Yes
Read-only
No

plugin-type

Description
Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked.
Default Value
preoperationmodify postoperationextended
Allowed Values
intermediateresponse - Invoked before sending an intermediate repsonse message to the client.

ldifexport - Invoked for each operation to be written during an LDIF export.

ldifimport - Invoked for each entry read during an LDIF import.

ldifimportbegin - Invoked at the beginning of an LDIF import session.

ldifimportend - Invoked at the end of an LDIF import session.

postconnect - Invoked whenever a new connection is established to the server.

postdisconnect - Invoked whenever an existing connection is terminated (by either the client or the server).

postoperationabandon - Invoked after completing the abandon processing.

postoperationadd - Invoked after completing the core add processing but before sending the response to the client.

postoperationbind - Invoked after completing the core bind processing but before sending the response to the client.

postoperationcompare - Invoked after completing the core compare processing but before sending the response to the client.

postoperationdelete - Invoked after completing the core delete processing but before sending the response to the client.

postoperationextended - Invoked after completing the core extended processing but before sending the response to the client.

postoperationmodify - Invoked after completing the core modify processing but before sending the response to the client.

postoperationmodifydn - Invoked after completing the core modify DN processing but before sending the response to the client.

postoperationsearch - Invoked after completing the core search processing but before sending the response to the client.

postoperationunbind - Invoked after completing the unbind processing.

postresponseadd - Invoked after sending the add response to the client.

postresponsebind - Invoked after sending the bind response to the client.

postresponsecompare - Invoked after sending the compare response to the client.

postresponsedelete - Invoked after sending the delete response to the client.

postresponseextended - Invoked after sending the extended response to the client.

postresponsemodify - Invoked after sending the modify response to the client.

postresponsemodifydn - Invoked after sending the modify DN response to the client.

postresponsesearch - Invoked after sending the search result done message to the client.

postsynchronizationadd - Invoked after completing post-synchronization processing for an add operation.

postsynchronizationdelete - Invoked after completing post-synchronization processing for a delete operation.

postsynchronizationmodify - Invoked after completing post-synchronization processing for a modify operation.

postsynchronizationmodifydn - Invoked after completing post-synchronization processing for a modify DN operation.

preoperationadd - Invoked prior to performing the core add processing.

preoperationbind - Invoked prior to performing the core bind processing.

preoperationcompare - Invoked prior to performing the core compare processing.

preoperationdelete - Invoked prior to performing the core delete processing.

preoperationextended - Invoked prior to performing the core extended processing.

preoperationmodify - Invoked prior to performing the core modify processing.

preoperationmodifydn - Invoked prior to performing the core modify DN processing.

preoperationsearch - Invoked prior to performing the core search processing.

preparseabandon - Invoked prior to parsing an abandon request.

preparseadd - Invoked prior to parsing an add request.

preparsebind - Invoked prior to parsing a bind request.

preparsecompare - Invoked prior to parsing a compare request.

preparsedelete - Invoked prior to parsing a delete request.

preparseextended - Invoked prior to parsing an extended request.

preparsemodify - Invoked prior to parsing a modify request.

preparsemodifydn - Invoked prior to parsing a modify DN request.

preparsesearch - Invoked prior to parsing a search request.

preparseunbind - Invoked prior to parsing an unbind request.

searchresultentry - Invoked before sending a search result entry to the client.

searchresultreference - Invoked before sending a search result reference to the client.

shutdown - Invoked during a graceful directory server shutdown.

startup - Invoked during the directory server startup process.

subordinatedelete - Invoked in the course of deleting a subordinate entry of a delete operation.

subordinatemodifydn - Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation.


Multi-valued
Yes
Required
Yes
Admin Action Required
The Samba Password Plugin must be disabled and re-enabled for changes to this setting to take effect
Advanced Property
Yes
Read-only
No