On Feb 17, 2012, at 3:34 PM, Kirk.Johnson@xxxxxxxxxxx wrote:
> Mike Mackintosh <mike.mackintosh@xxxxxxxxxxxxxxx> wrote on 02/17/2012
> 12:36:06 PM:
>
>> On Feb 17, 2012, at 10:57, Kirk.Johnson@xxxxxxxxxxx wrote:
>>
>>> Is it possible to do an LDAP Password Modify Extended Operation, as
>>> specified in RFC 3062? The password hashing scheme in the LDAP
>>> directory I
>>> am working with may change periodically, so it is my understanding
>>> that I
>>> can't hash a new password according to a specific scheme, e.g., {SHA},
>>> on
>>> my side. Instead, I should use an Extended Operation and let the
>>> directory
>>> do the hashing. Is that correct? The help page for ldap_set_option
>>> suggests that it might be possible, but I sure can't find any example
>>> code
>>> anywhere.
>>>
>>> TIA
>>>
>>> Kirk
>>
>> I have an example of this on my lab box at home. I noticed issues
>> depending on if the requesting application was Linux or windows due
>> to the different Linux LDAP libraries.
>>
>> When I get home I'll forward you the example of what I have so far
>
> Woohoo! Extended Operation doesn't seem to be a practice that is in
> wide-spread use. Looking forward to what you've come up with. Thanks.
Kirk,
What i've been trying to do, is revive the patch i found here:
http://www.mail-archive.com/internals@xxxxxxxxxxxxx/msg19665.html
It provides a lot of the functionality that you can only imagine and more, but it fails against versions 5.3.x.
I sent an email to the original maintainer, Pierangelo, but have not received a response yet on that status of maintenance.
Do you use OpenLDAP? I am not sure if it built, if it would support AD or not.
Mike Mackintosh
PHP, the drug of choice - www.highonphp.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
