<?xml version="1.0" encoding="utf-8"?>
|
<!--
|
! CDDL HEADER START
|
!
|
! The contents of this file are subject to the terms of the
|
! Common Development and Distribution License, Version 1.0 only
|
! (the "License"). You may not use this file except in compliance
|
! with the License.
|
!
|
! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
|
! or http://forgerock.org/license/CDDLv1.0.html.
|
! See the License for the specific language governing permissions
|
! and limitations under the License.
|
!
|
! When distributing Covered Code, include this CDDL HEADER in each
|
! file and include the License file at legal-notices/CDDLv1_0.txt.
|
! If applicable, add the following below this CDDL HEADER, with the
|
! fields enclosed by brackets "[]" replaced with your own identifying
|
! information:
|
! Portions Copyright [yyyy] [name of copyright owner]
|
!
|
! CDDL HEADER END
|
!
|
!
|
! Copyright 2011 profiq s.r.o.
|
! Portions copyright 2011 ForgeRock AS
|
! -->
|
<adm:managed-object name="samba-password-plugin"
|
plural-name="samba-password-plugins"
|
package="org.opends.server.admin.std" extends="plugin"
|
xmlns:adm="http://www.opends.org/admin"
|
xmlns:ldap="http://www.opends.org/admin-ldap">
|
<adm:synopsis>Samba Password Synchronization Plugin.</adm:synopsis>
|
<adm:description>
|
This plugin captures clear-text password changes for a user and generates
|
LanMan or NTLM hashes for the respective Samba attributes (sambaLMPassword
|
and sambaNTPassword).
|
</adm:description>
|
<adm:profile name="ldap">
|
<ldap:object-class>
|
<ldap:name>ds-cfg-samba-password-plugin</ldap:name>
|
<ldap:superior>ds-cfg-plugin</ldap:superior>
|
</ldap:object-class>
|
</adm:profile>
|
<adm:property-override name="java-class">
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>org.opends.server.plugins.SambaPasswordPlugin</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
</adm:property-override>
|
<adm:property-override name="plugin-type" advanced="true">
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>preoperationmodify</adm:value>
|
<adm:value>postoperationextended</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
</adm:property-override>
|
<adm:property name="pwd-sync-policy" mandatory="true" multi-valued="true">
|
<adm:synopsis>
|
Specifies which Samba passwords should be kept synchronized.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>sync-nt-password</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:enumeration>
|
<adm:value name="sync-nt-password">
|
<adm:synopsis>
|
Synchronize the NT password attribute "sambaNTPassword"
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="sync-lm-password">
|
<adm:synopsis>
|
Synchronize the LanMan password attribute "sambaLMPassword"
|
</adm:synopsis>
|
</adm:value>
|
</adm:enumeration>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>
|
ds-cfg-pwd-sync-policy
|
</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="samba-administrator-dn" mandatory="false">
|
<adm:synopsis>
|
Specifies the distinguished name of the user which Samba uses to
|
perform Password Modify extended operations against this directory
|
server in order to synchronize the userPassword attribute after the
|
LanMan or NT passwords have been updated.
|
</adm:synopsis>
|
<adm:description>
|
The user must have the 'password-reset' privilege and should not be
|
a root user. This user name can be used in order to identify Samba
|
connections and avoid double re-synchronization of the same password.
|
If this property is left undefined, then no password updates will be
|
skipped.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>Synchronize all updates to user passwords</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:dn />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-samba-administrator-dn</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
</adm:managed-object>
|
