[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapo-rwm intercept and maasage an attribute?

To: openldap-technical@openldap.org
Subject: Re: slapo-rwm intercept and maasage an attribute?
From: Tim Watts <tw@dionic.net>
Date: Wed, 27 Feb 2013 12:44:06 +0000
In-reply-to: <512DF9F1.2040001@aero.polimi.it>
References: <512DEDD4.9070604@dionic.net> <512DF9F1.2040001@aero.polimi.it>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0

On 27/02/13 12:20, Pierangelo Masarati wrote:

On 02/27/2013 12:28 PM, Tim Watts wrote:

Hi,

Following on from SASL/EXOP password related issues, I'd like to try
something.

When an EXOP PASS MOD happens, I'd like to catch it before it updates
userPassword: in the hdb backend and chance the data to

{SASL}<uid>@FIXED.REALM.NAME

I've been through the slapo-rwm man page several times and all over
google and I'm more confused that I was to start with.

Could anyone give me a hint please?

2 problems:

What context does this update happen in? Is it a
exopPasswdDN context or a modifyAttrDN context? Bearing in mind I want


"extendedDN" (I got this by looking at the code; it is not documented,
as far as I can tell).


Hi Pierangelo,

Glad I did not miss something in the docs. I don;t have enougharchitectural familiarity to follow the code as it weaves between files(I have looked a a few bits in the region of passwd.c and friends).Thanks for checking :)

to catch where the Password Modify EXOP goes to write the userPassword
entry.


slapo-rwm(5) does not allow to rewrite the password.  It allows to
rewrite the request DN (AFAIK).

OK - so you are saying that slapo-rwn *cannot* change data written touserPassword: but it can change other attributes?

How do I pull the uid of the current bind doing the password change? I'm
guessing it is a $ parameter defref, but I do not see any examples?


You need to get it during bind using appropriate rules, and store it in
a variable for reuse.

Thanks for the pointer. This is reminding me of Apache rules wheresometimes you have to set a variable in a rule that executes in anearlier phase for use by a later phase's rule which cannot get directlyat the data you want... I'll see if I can try something...

Use a "slapd" map with "entryDN=<the bind dn>" as
filter and "uid" as the attrs field to fetch the uid of the entry being
bound.  Examples for storing and retrieving variables within a session
are given in slapo-rwm(5).


Many thanks for that - let's experiment! :)

Cheers

Tim

Many thanks,

Tim

BTW, if there's a better mailing list for "user" questions I'll happily
bugger off there :)


This is the right list for questions like yours.

p.



--
Tim Watts

Personal Blog:http://www.dionic.net/tim/


"It would be better to live under robber barons than under omnipotent
moral busybodies."

Follow-Ups:
- Re: slapo-rwm intercept and maasage an attribute?
  - From: Howard Chu <hyc@symas.com>

References:
- slapo-rwm intercept and maasage an attribute?
  - From: Tim Watts <tw@dionic.net>
- Re: slapo-rwm intercept and maasage an attribute?
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

Prev by Date: Re: slapo-rwm intercept and maasage an attribute?
Next by Date: Re: slapo-rwm intercept and maasage an attribute?
Index(es):
- Chronological
- Thread