[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL pass-through and changing passwords

To: openldap-technical@openldap.org
Subject: SASL pass-through and changing passwords
From: linux nuse <nuse.linux@yandex.com>
Date: Fri, 11 May 2018 15:55:41 +0300
Authentication-results: smtp2p.mail.yandex.net; dkim=pass header.i=@yandex.com
Content-language: en-GB
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1526043343; bh=ivEY3KeGbTmyOUhgo/FnUQroZZvcjzwbWFV2EWtdR4k=; h=To:From:Subject:Message-ID:Date; b=D/u/iev2LiwW/q5nBXkxWiDDlRI5LbMwJ/MZmSEcofPEMzNKJRlK22ngWpgMacAog iK1mnXvF4j9rg4UIQAM8Hy5zgwYKauIVu42A3yPjfBjzWMEEx4eqb8hVPErdJKwKIm 9LrCQnQYp2wXQT7fDcitL0Xrj9iPRBX1kIHOGXPA=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1526043342; bh=ivEY3KeGbTmyOUhgo/FnUQroZZvcjzwbWFV2EWtdR4k=; h=To:From:Subject:Message-ID:Date; b=pWofhq1ubBwhvHXFYNf8khkAh2Zb26BKL+LpZ3GGOJGCktqlqnP6tlvOa+ilCIUOj 3g+eE4FgbYCDuB6B7jallfd5zYkYIab4i+lUdgnIxFOL54ME+dAh2Avgm4oHxP6VIU 7RSTuSNUb68ztLDKC10SlBnSmDLr1Uop+6bwkq24=

Hi,

There was similar topic 5 years ago, but the problem wasn't completely solved.
I've set `olcPasswordHash` to `{SASL}`, so ldappaswd is no longer smashing `userPassword` attribute.

I get the same error which Tim Watts encountered 5 years ago.
https://www.openldap.org/lists/openldap-technical/201302/msg00190.html
namely, ldappaswd says:

Result: Other (e.g., implementation specific) error (80)
Additional info: scheme provided no hash function


Tim wrote:

However, the kerberos principle does get updated - and userPassword is left alone.


In my case I just get the error and the kerberos password is NOT updated.


Also, 9 years ago it was asked (https://www.openldap.org/lists/openldap-software/200909/msg00010.html):

- salspasswd2 calls sasl_setpass(), and a look at OpenLDAP sources
shows that passwd_extop()/slap_sasl_setpass() does the same. That
suggests it is possible to have slapd doing the thing, but how does
it works? In passwd_extop(), slap_sasl_setpass() will only be
called if op-o_bd is NULL. In what situation does it happen?


But the question is not answered.

Does anyone remember how passwd_extop() works and how to get into
the if-statement block with call to slap_sasl_setpass()?

Prev by Date: Re: Search only few subtrees under baseDN
Next by Date: OpenLDAP, MySQL e MemberOf
Index(es):
- Chronological
- Thread