Bug 2326 - [patch] changing ldap crypt passwd without exop
Summary: [patch] changing ldap crypt passwd without exop
Status: RESOLVED DUPLICATE of bug 3514
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.9
Hardware: All All
: P3 enhancement
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-02-08 08:19 UTC by Olaf Flebbe
Modified: 2006-05-16 15:41 UTC (History)
1 user (show)

See Also:


Attachments
patch against svn head (2.18 KB, patch)
2005-02-08 08:20 UTC, Olaf Flebbe
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Olaf Flebbe 2005-02-08 08:19:35 UTC
this patch enables samba to change the LDAP userPassword when the LDAP server
does not support the pwchange_exop extended operation:

tested with samba-3.0.10, patch applied to svn head
Comment 1 Olaf Flebbe 2005-02-08 08:20:38 UTC
Created attachment 956 [details]
patch against svn head
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-02-08 08:24:17 UTC
not sure how I feel forcing the password to use {crypt}
Comment 3 Andrew Bartlett 2005-09-08 15:24:08 UTC
A similar patch was proposed in the past, to use a plaintext password.  I would
be more comforatable with that, where we could detect the presense of a
plaintext password, create NT and LM password on the fly, and use that as the
clue to set back a plaintext password.  (other services needed the plaintext in
this case)

The reason I used the exop is that then samba wasn't having to decide schemas,
crypt() and everything else.  I share jerry's reservation about the {crypt} stuff.
Comment 4 Volker Lendecke 2006-02-06 06:18:33 UTC
What concrete LDAP server is this targeted at? Isn't there any other way to get the password into that particular one?

Volker
Comment 5 Olaf Flebbe 2006-02-06 22:18:23 UTC
(In reply to comment #4)
> What concrete LDAP server is this targeted at? Isn't there any other way to get
> the password into that particular one?

If I remember correctly, it was an openldap server. But please stay tuned, the collegue who asked me to implement this patch is not available today. Will answer the question tomorrow, hopefully.
Comment 6 Olaf Flebbe 2006-02-09 03:23:29 UTC
Sorry I was wrong. It was a SUN One Server. It does not support the exop openldap supports. We found no other way to implement changing passwords. The default  didn't work.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2006-05-16 15:41:17 UTC

*** This bug has been marked as a duplicate of 3514 ***