Marcin Giedz writes:Precisely!
Looking at smbk5pwd overlay I'm trying to build something similar.
Actually it does not sound similar, since that just modifies incoming
update operations while you need to spawn multiple search-and-updates:
I willOne of the attributes I need to change is userPassword for selected
uid (not dn). In my LDAP tree I have several places where uid=user1
exists. Now I need to change userPassword for this user in all these
places at once (through passwd).
Look at how the refint overlay handles modrdn operations. They trigger
a search for other entries to modify or delete.
I mean. If userPassword uses md5 hash change it to new one but keep/use the same hash.From my perspective EXOP_MODIFY_PASSWD is not suitable
for me. So I though about creating overlay for this issue. I'm looking
for low level operation for changing userPassword attribute with respect
to previous password hash.
Not sure what "with respect to previous password hash" means, if not EXOP_MODIFY_PASSWD.
That's exactly what it does. You just need anSo as I understand:
overlay in addition, to spawn updates to other entires. And if you want
to catch add and modify operations too, the overlay can do that as well.
Marcin.
Or do you mean: If you update uid=foo,ou=bar with password X and the overlay also finds uid=foo,ou=baz with another password Y, should then the other password be updated as well? Don't know but I guess you just duplicate the operation of the modify password exop with the old password. Note that if you read the password to verify, you may run into access control rules that just allow minimal access: write and auth.
-- ARISE M.Giedz, T.ÅebruÅ sp.j. http: www.arise.pl mail: giedz@arise.pl tel: +48 502 537 157