HI!
I'd like to intercept password changes (clear-text password) via back-sock used as overlay:
# send all modify requests to external listener (after ppolicy checking)
overlay sock
extensions binddn peername ssf connid
socketpath /tmp/noop-listener
sockops modify
What seems odd is that internal modifications done by slapo-lastbind have
binddn: uid=bccb,cn=test,ou=ae-dir
like the bound user and same connid (see log excerpt attached below). Shouldn't internal
write operations set another binddn (e.g. to the rootdn)?
Ciao, Michael.
My listeners log:
2017-03-20 19:13:35,000 DEBUG 140308582867240 ----- incoming request via
'/tmp/noop-listener' from pid=21348 uid=1000 gid=100 -----
2017-03-20 19:13:35,000 DEBUG 140308582867240 request_data='MODIFY\nmsgid: 1\nbinddn:
uid=bccb,cn=test,ou=ae-dir\nsuffix: ou=ae-dir\ndn: uid=bccb,cn=test,ou=ae-dir\nreplace:
authTimestamp\nauthTimestamp: 20170320181334Z\n-\n\n'
2017-03-20 19:13:35,000 DEBUG 140308582867240 reqtype='MODIFY'
2017-03-20 19:13:35,000 DEBUG 140308582867240 sock_req=<slapdsock.message.MODIFYRequest
object at 0x7f9c233fe250> // {'dn': 'uid=bccb,cn=test,ou=ae-dir', 'binddn':
u'uid=bccb,cn=test,ou=ae-dir', 'suffix': u'ou=ae-dir', '_linecount': 4, 'msgid': 1,
'_req_lines': ['MODIFY', 'msgid: 1', 'binddn: uid=bccb,cn=test,ou=ae-dir', 'suffix:
ou=ae-dir', 'dn: uid=bccb,cn=test,ou=ae-dir', 'changetype: modify', 'replace:
authTimestamp', 'authTimestamp: 20170320181334Z', '-', '', ''], 'modops': [(2,
'authTimestamp', ['20170320181334Z'])], 'reqtype': 'MODIFY'}
2017-03-20 19:13:35,001 DEBUG 140308582867240 msgid=1 Request not cached: cache_key=None
2017-03-20 19:13:35,001 DEBUG 140308582867240 msgid=1 response_str='CONTINUE\n'
2017-03-20 19:13:35,001 DEBUG 140308582867240 msgid=1 response_delay=0.001
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature