https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=202872 Bug(s) fixed: 202872Bug Description: The current behavior of the Directory Server is to only allow the password modify extended operation when the connection is using SSL or TLS. If you attempt to use a connection that is not using SSL or TLS, the server returns
LDAP_CONFIDENTIALITY_REQUIRED.We should allow the password modify extended operation if the connection is
using a SASL security layer that has privacy. Reviewed by: ??? Files: See diffs Branch: HEADFix Description: I added a new internal function "int ids_sasl_privacy_enabled(Connection *conn)" that will check if a SASL security layer supporting privacy has been negotiated for a particular connection. This function uses the sasl_getprop() function to check the SSF (security strength factor) to see if privacy has been
negotiated.This function allows us to have the password modify extop code check if privacy is enabled so it can allow the operation to be processed. The new server behavior is to allow the password modify extended operation if using SSL, TLS,
or a SASL privacy layer. All other attempts will return LDAP_CONFIDENTIALITY_REQUIRED. Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=134347
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
