[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to change userPassword in overlay...

Hallvard B Furuseth wrote:
Marcin Giedz writes:
Looking at smbk5pwd overlay I'm trying to build something similar.

Actually it does not sound similar, since that just modifies incoming
update operations while you need to spawn multiple search-and-updates:
One of the attributes I need to change is userPassword for selected
uid (not dn). In my LDAP tree I have several places where uid=user1
exists. Now I need to change userPassword for this user in all these
places at once (through passwd).

Look at how the refint overlay handles modrdn operations. They trigger
a search for other entries to modify or delete.
I will
From my perspective EXOP_MODIFY_PASSWD is not suitable
for me. So I though about creating overlay for this issue. I'm looking
for low level operation for changing userPassword attribute with respect
to previous password hash.

Not sure what "with respect to previous password hash" means, if not EXOP_MODIFY_PASSWD.
I mean. If userPassword uses md5 hash change it to new one but keep/use the same hash.

That's exactly what it does. You just need an
overlay in addition, to spawn updates to other entires. And if you want
to catch add and modify operations too, the overlay can do that as well.
So as I understand:
1) in my overlay check if EXOP_MODIFY is trigged if so let him do the job
2) then back to my overlay and "search and modify" the other entries of userPassword, right?


Or do you mean: If you update uid=foo,ou=bar with password X and the
overlay also finds uid=foo,ou=baz with another password Y, should then
the other password be updated as well?  Don't know but I guess you just
duplicate the operation of the modify password exop with the old
password.  Note that if you read the password to verify, you may run
into access control rules that just allow minimal access: write and

ARISE M.Giedz, T.ÅebruÅ sp.j.
http: www.arise.pl
mail: giedz@arise.pl
tel: +48 502 537 157