Felipe Alfaro Solana wrote:
Samba can't supply the original password. Can this be changed? It seems to me the only way of fixing this is by modifying the source file sources/ldapserver/ldap/servers/slapd/passwd_extop.c, but the building process seems overwhelming for me to try.This is probably a bug in the server. I can't remember if the IETF password modify draft says that the original password can be omitted (the server has it anyway, from the BIND operation), but other password modify extop clients expect to be able to only pass in the new password.I would say it's a bug, indeed (from the RFC3602): --- BEGIN --- 2. Password Modify Request and Response The Password Modify operation is an LDAPv3 Extended Operation [RFC2251, Section 4.12] and is identified by the OBJECT IDENTIFIER passwdModifyOID. This section details the syntax of the protocol request and response. passwdModifyOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.11.1 PasswdModifyRequestValue ::= SEQUENCE { userIdentity [0] OCTET STRING OPTIONAL oldPasswd [1] OCTET STRING OPTIONAL newPasswd [2] OCTET STRING OPTIONAL } ... The userIdentity field, if present, SHALL contain an octet string representation of the user associated with the request. This string may or may not be an LDAPDN [RFC2253]. If no userIdentity field is present, the request acts up upon the password of the user currently associated with the LDAP session. The oldPasswd field, if present, SHALL contain the user's current password. ... --- END --- As you can see, the oldPasswd is an OPTIONAL ASN.1 attribute. Should I submit a bug report for this?
Yes, please.
Thanks! -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
