[Freeipa-devel] [PATCH] Support password change operation by direct manipulation of userPassword
Simo Sorce
ssorce at redhat.com
Tue Aug 12 18:48:09 UTC 2008
On Tue, 2008-08-12 at 11:38 -0700, Nathan Kinder wrote:
> Simo Sorce wrote:
> > On Thu, 2008-07-24 at 11:13 -0400, Simo Sorce wrote:
> >
> >> On Wed, 2008-07-23 at 10:20 -0400, Simo Sorce wrote:
> >>
> >>> This is an initial patch to support generating kerberos key material
> >>> (and other hashes) when an ldap ADD or MODIFY operation is performed on
> >>> the userPassword attribute.
> >>>
> >>> Basic testing seem to work, but I'd like feedback both on the method
> >>> used and on the implementation. I have probably missed something as I
> >>> had to work on the patch at different times with large intervals between
> >>> each coding session, so please test it if you can before I push it to
> >>> master.
> >>>
> >> New patch, this incorporate suggestions to create helper functions for
> >> common code and also fixes quite a number of bugs, thanks to Rich for a
> >> quite accurate analysis too.
> >>
> >
> > Another revision, this one removes the requirement to have an ssl
> > connection to just ldapadd/ldapmodify the userPassword attribute.
> > This would be a change in behavior for DS and may cause problems to
> > existing applications.
> >
> There's a leak of a Slapi_Entry at the end of your pre-op function in
> the case of "rc == LDAP_SUCCESS". I already spoke with you about this
> one in IRC. I'd also prefer you #define the "sambaLMPassword" and
> "sambaNTPassword" attribute names.
>
> Other than that, it looks good.
Ok I will address the sambaNTPassword/sambaLMPassword attribute names
definition ina a following patch as they are used in other parts of the
code too IIRC.
I will quick fix the memleak and push the patch as is.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list