<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/389/ticket/363">https://fedorahosted.org/389/ticket/363</a><br>
<br>
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/389/attachment/ticket/363/0001-Ticket-363-Passsync-Winsync-handles-passwords-with-8.patch">https://fedorahosted.org/389/attachment/ticket/363/0001-Ticket-363-Passsync-Winsync-handles-passwords-with-8.patch</a><br>
<p>
Bug description: Passhook plugin used to store the password in<br>
the intermediate file passhook.dat using _snprintf which just<br>
converts wchar in ascii to char without considering the non-<br>
ascii characters.<br>
</p>
<p>
Fix description: Instead of using _snprintf, <a
href="https://fedorahosted.org/389/wiki/WideCharToMultiByte"
class="missing wiki" rel="nofollow">WideCharToMultiByte?</a><br>
is called to convert the Microsoft internal character set to<br>
UTF-8, which is valid in LDAP.<br>
</p>
<p>
Also, in <a
href="https://fedorahosted.org/389/wiki/SyncPasswords"
class="missing wiki" rel="nofollow">SyncPasswords?</a> (<a
href="https://fedorahosted.org/389/wiki/PassSync" class="missing
wiki" rel="nofollow">PassSync?</a>), it adds LDAP_INAPPROPRIATE_<br>
AUTH to the condition to send the password change on Windows to<br>
the Directory server. Bind returns LDAP_INAPPROPRIATE_AUTH, <br>
when a password is not in the entry for SIMPLE auth. <a
href="https://fedorahosted.org/389/wiki/PassSync" class="missing
wiki" rel="nofollow">PassSync?</a><br>
should be able to send the password for the case, as well.</p>
</body>
</html>