[Date Prev][Date Next] [Chronological] [Thread] [Top]

Forgotten password recovery

To: openldap-technical@openldap.org
Subject: Forgotten password recovery
From: Vincent Panel <yohonet@gmail.com>
Date: Wed, 4 Feb 2009 16:59:24 +0100
In-reply-to: <15116fd10902040758r601b18afy4580d6c12447a542@mail.gmail.com>
References: <4988d49e.1e018e0a.1d5f.ffff90b2@mx.google.com> <15116fd10902040213o75edc302j3a269630bc976188@mail.gmail.com> <4989B72E.9090601@stroeder.com> <15116fd10902040758r601b18afy4580d6c12447a542@mail.gmail.com>

On 2/4/09, Michael Ströder <michael@stroeder.com> wrote:
 > Yes, but these "temporary security objects" have to be generated. If you
 >  do this automagically you have a privileged service account which resets
 >  the user's password in combination with a e-mail based
 >  challenge-response check.

I agree, but until I get your replies, I did not find any satisfying
 solution integrating this "e-mail based challenge-response check". I
 wanted the ldap server to validate the challenge which is going to be
 possible if I make drupal create those security objects with the
 challenge answer as the password.

 Once a user comes back with its response to the challenge, drupal will
 try to bind to the LDAP server as this temporary security object with
 the password being the "challenge" url. If the bind is successful,
 then drupal will automatically be granted the right to reset the
 corresponding user's password (thanks to regex ACLs). Once this is
 done, the user will be able to log in (or actually, drupal will log
 the user in)

 This is probably a bit complex to implement, but I'm gonna try.

References:
- Re: Forgotten password recovery
  - From: Vincent Panel <yohonet@gmail.com>
- Re: Forgotten password recovery
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Forgotten password recovery
Next by Date: Re: connection.c segfault with new sasl mechanism
Index(es):
- Chronological
- Thread