Re: Do an LDAP Password Modify Extended Operation?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Mike Mackintosh <mike.mackintosh@xxxxxxxxxxxxxxx> wrote on 02/17/2012 
07:25:36 PM:

> [image removed] 
> 
> Re:  Do an LDAP Password Modify Extended Operation?
> 
> Mike Mackintosh 
> 
> to:
> 
> Kirk.Johnson, PHP General List
> 
> 02/17/2012 07:26 PM
> 
> On Feb 17, 2012, at 3:34 PM, Kirk.Johnson@xxxxxxxxxxx wrote:
> 
> > Mike Mackintosh <mike.mackintosh@xxxxxxxxxxxxxxx> wrote on 02/17/2012 
> > 12:36:06 PM:
> > 
> >> On Feb 17, 2012, at 10:57, Kirk.Johnson@xxxxxxxxxxx wrote:
> >> 
> >>> Is it possible to do an LDAP Password Modify Extended Operation, as 
> >>> specified in RFC 3062? The password hashing scheme in the LDAP 
> >>> directory I 
> >>> am working with may change periodically, so it is my understanding 
> >>> that I 
> >>> can't hash a new password according to a specific scheme, e.g., 
{SHA}, 
> >>> on 
> >>> my side. Instead, I should use an Extended Operation and let the 
> >>> directory 
> >>> do the hashing. Is that correct? The help page for ldap_set_option 
> >>> suggests that it might be possible, but I sure can't find any 
example 
> >>> code 
> >>> anywhere. 
> >>> 
> >>> TIA
> >>> 
> >>> Kirk
> >> 
> >> I have an example of this on my lab box at home. I noticed issues 
> >> depending on if the requesting application was Linux or windows due 
> >> to the different Linux LDAP libraries. 
> >> 
> >> When I get home I'll forward you the example of what I have so far
> > 
> > Woohoo! Extended Operation doesn't seem to be a practice that is in 
> > wide-spread use. Looking forward to what you've come up with. Thanks.
> 
> 
> Kirk,
> 
> What i've been trying to do, is revive the patch i found here:
> 
> http://www.mail-archive.com/internals@xxxxxxxxxxxxx/msg19665.html
> 
> It provides a lot of the functionality that you can only imagine and
> more, but it fails against versions 5.3.x.
> 
> I sent an email to the original maintainer, Pierangelo, but have not
> received a response yet on that status of maintenance.
> 
> Do you use OpenLDAP? I am not sure if it built, if it would support AD 
or not.
> 
> Mike Mackintosh
> PHP, the drug of choice - www.highonphp.com

Had a nice 3-day weekend ;)

Yes, using OpenLDAP 2.x. I found the same Internals email thread from 
Pierangelo. 

Looking at Example #2 in the documentation for ldap_set_option, it appears 
that exop's might be supported, since the example uses an OID. Did you 
play around with the LDAP_OPT_SERVER_CONTROLS option at all, or am I 
completely off track there?

> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux