Bug 3108

Summary: OpenLDAP needs Heimdal Kerberos support restored!
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Packages from MainAssignee: Alexey Ivanov <a.ivanov>
Status: RESOLVED DUPLICATE QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: denis.silakov
Version: Fresh   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: openldap-servers ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2013-11-10 20:25:10 MSK 
OpenLDAP does not produce smbk5pwd.la due to a decsion to compile it without Heimdal. This needs to be reversed. 

Reason:

While nss-ldapd is used for the nsswitch.conf uses LDAP for Authorization, actual authentication by PAM takes place with pam_krb5. smbk5pwd was used to sync up OpenLDAP Posix, Samba, and Heimdal Kerberos passwords. (Heimdal used OpenLDAP as its backend database.)

When libuser.conf was configured to utilize LDAP such that userdrake, lpasswd, luseradd, etc could alter passwords and usernames, smbk5pwd made sure those password changes all said the same thing. Now that has stopped working, because the password sync only syncs OpenLDAP and Samba, and not Heimdal. (resulting in passwords not being changed.)

Please restore the prior functionality.
Comment 1 Alexey Ivanov 2015-03-26 08:47:25 MSK 
We are working on it. Please see Bug 5098.

*** This bug has been marked as a duplicate of bug 5098 ***