Le 29/11/2017 à 08:38, Geoff Swan a
écrit :
Hello, I think that ppolicy is not supposed to try to analyze a password that is prefixed by a hash indicator... that is kinda weird. The support for LDAP EXOP (especially "LDAP Password Modify Extended Operation") has been merged to PHP 7.2, but did not exist before, so you will not be able to use it until then, so you are stuck with the hash-before-modify method. I suggest, if you did not already, that you take a look at the https://ltb-project.org/documentation/self-service-password project, that is also PHP-based, has plan to support exops when they will be available in PHP, so you might either inspire yourself from its code or switch to using it :) (Also, one of its main developers, Clément Oudot, lurks on this mailing list so you might get useful advice from him). We actually do use SSP here with SSHA512 support AND ppolicy and it works flawlessly. -- Matthieu Cerda Infrastructure, BU Means @ NBS System |
Attachment:
signature.asc
Description: OpenPGP digital signature