On 02/26/2014 11:01 PM, Paul Robert Marino wrote:
sorry for the delayed response I'm on vacation so I haven't
been
checking my email regularly.
On Thu, Feb 20, 2014 at 5:15 PM, Rich Megginson <rmeggins(a)redhat.com> wrote:
> On 02/20/2014 03:11 PM, Paul Robert Marino wrote:
>> I tried asking this on the developer list and didn't get an answer
>
> There is no good answer, which is probably why no one replied . . .
>
>
>> so
>> im trying the user list now
>>
>> So here is my goal I am about to write a plugin for Heimdal KDC's to
>> update matching password fields in LDAP servers.
>> In the case of 389 server it will also allow 389 server to manage
>> password quality checks.
>>
>> Ive been looking over the 389 servers docs and there is something I'm
>> unclear about.
>> How do I pass the password to 389 server to trigger the quality check
>> and update?
>
> There isn't a SLAPI way to do that. FreeIPA did something similar with
> their samba/kerberos password plugin, and they copy/pasted liberally from
> the core 389 server code.
It doesn't need to be via SLAPI in fact for compatibility reasons its
actually better if its not via SLAPI but instead a direct LDAP query.
If it is as you say than I dont see how a user updating their pasword
from a client node can ever be forced to use the password quality
check which seam to make it somewhat useless. Instead I would have
expected the check to be executed by a post modify trigger on the
password field or some other intermediate field.
Ok. I see. You are wanting to do this in conjunction with the regular
LDAP password processing. Then I think it should work.
You will probably want to do this as a BEPOSTTXN plugin, so that your
changes occur inside the same transaction as the regular password changes.
>> Is it simply just a bind as an administrator then update the users
>> password field with clear text password and let 389 server check and
>> hash it from there, or is there more to it like a C API call?
>>
>> If any one can point me to the appropriate doc or even better section
>> of the appropriate doc that would be very helpful.
>> If any one just happens to knows the answer I would appreciate that too.
>>
>> Note: The resulting plugin will be posted on Github with a GPL license
>> when I'm done.
>>
>> Thank You
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users