> >Samba can't supply the original password. Can this be changed? It
> >seems to me the only way of fixing this is by modifying the source
> >file sources/ldapserver/ldap/servers/slapd/passwd_extop.c, but the
> >building process seems overwhelming for me to try.
> >
> >
> This is probably a bug in the server. I can't remember if the IETF
> password modify draft says that the original password can be omitted
> (the server has it anyway, from the BIND operation), but other password
> modify extop clients expect to be able to only pass in the new
> password.
I would say it's a bug, indeed (from the RFC3602):
--- BEGIN ---
2. Password Modify Request and Response
The Password Modify operation is an LDAPv3 Extended Operation
[RFC2251, Section 4.12] and is identified by the OBJECT IDENTIFIER
passwdModifyOID. This section details the syntax of the protocol
request and response.
passwdModifyOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.11.1
PasswdModifyRequestValue ::= SEQUENCE {
userIdentity [0] OCTET STRING OPTIONAL
oldPasswd [1] OCTET STRING OPTIONAL
newPasswd [2] OCTET STRING OPTIONAL }
...
The userIdentity field, if present, SHALL contain an octet string
representation of the user associated with the request. This string
may or may not be an LDAPDN [RFC2253]. If no userIdentity field is
present, the request acts up upon the password of the user currently
associated with the LDAP session.
The oldPasswd field, if present, SHALL contain the user's current
password.
...
--- END ---
As you can see, the oldPasswd is an OPTIONAL ASN.1 attribute. Should I
submit a bug report for this?
Thanks!
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
