[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [pamldap] pamldap-118 and EXOP



(CCing openldap-software, as this is about ldappasswd too)

Answering to myself...

I did what that response told me: I commented that part in pam_ldap which
sets the oldpassword, and now I can change passwords using EXOP:

--- pam_ldap.c~ Tue Jun 26 20:29:20 2001
+++ pam_ldap.c  Wed Jun 27 17:52:58 2001
@@ -2190,7 +2190,7 @@
       ber_printf (ber, "{");
       ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID,
                  session->info->userdn);
-      ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, old_password);
+/*      ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, old_password);*/
       ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, new_password);
       ber_printf (ber, "N}");


By the way, I now also tried to use ldappasswd making it ask me for the old
password, the bind password and also the new password, and got the same 
"unwilling to perform" error I had with pam_ldap. If I don't provide the old
password, it works. 

I'll finish reading that draft in /usr/share/doc/openldap-doc-2.0.11 about
ldap_extended_operation_s and see what that tells me...



Em Wed, Jun 27, 2001 at 01:40:29AM -0300, Andreas Hasenack escreveu:
> 0x0040   041f 7573 6520 6269 6e64 2074 6f20 7665        ..use.bind.to.ve
> 0x0050   7269 6679 206f 6c64 2070 6173 7377 6f72        rify.old.passwor
> 0x0060   64                                             d