Re: slapo-rwm intercept and maasage an attribute?

[Pierangelo Masarati <masarati@aero.polimi.it>]

On 02/27/2013 12:28 PM, Tim Watts wrote:
> Hi,
>
> Following on from SASL/EXOP password related issues, I'd like to try
> something.
>
> When an EXOP PASS MOD happens, I'd like to catch it before it updates
> userPassword: in the hdb backend and chance the data to
>
> {SASL}<uid>@FIXED.REALM.NAME
>
> I've been through the slapo-rwm man page several times and all over
> google and I'm more confused that I was to start with.
>
> Could anyone give me a hint please?
>
> 2 problems:
>
> What context does this update happen in? Is it a
> exopPasswdDN context or a modifyAttrDN context? Bearing in mind I want

"extendedDN" (I got this by looking at the code; it is not documented, 
as far as I can tell).

> to catch where the Password Modify EXOP goes to write the userPassword
> entry.

slapo-rwm(5) does not allow to rewrite the password.  It allows to 
rewrite the request DN (AFAIK).

> How do I pull the uid of the current bind doing the password change? I'm
> guessing it is a $ parameter defref, but I do not see any examples?

You need to get it during bind using appropriate rules, and store it in 
a variable for reuse.  Use a "slapd" map with "entryDN=<the bind dn>" 
as filter and "uid" as the attrs field to fetch the uid of the entry 
being bound.  Examples for storing and retrieving variables within a 
session are given in slapo-rwm(5).

> Many thanks,
>
> Tim
>
> BTW, if there's a better mailing list for "user" questions I'll happily
> bugger off there :)

This is the right list for questions like yours.

p.

--
Pierangelo Masarati
Associate Professor
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano