View Issue Details

IDProjectCategoryView StatusLast Update
0001804SOGoSOPEpublic2012-05-22 16:08
Reporteraschild Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status newResolutionopen 
Summary0001804: Allow LDAP passwordchanges be done via extended operation
Description

Currently we have to tell SOGo how to store the password on the ldap server.
Most of the time such a descision should/can be left to the ldap server.

In the LDAP specs there exists a extended operation for modifying passwords:

http://ff1959.wordpress.com/2011/11/12/ldap-password-modify-extended-request/

Additional Information

This would probably also solve most of the ldap related requests in bug 0001608

TagsNo tags attached.

Activities

chrroessner

chrroessner

2012-05-16 16:54

reporter   ~0003920

In the link above I could not find the java example (404; did not search any further), but http://flylib.com/books/en/2.55.1.80/1/ show under "10.5.3.1 Extensions" a perl example for the LDAP extension mentioned. Maybe that helps

McMichaeli

McMichaeli

2012-05-17 10:29

reporter   ~0003922

I did express an interest on the mailing list some months back in writing a patch to implement this. I asked if anyone could point me in the right direction to start. I'm proficient in C, C++, Java and even vaguely x86 assembly, so hopefully I could cope with a little Objective C if assisted in starting!

efuste

efuste

2012-05-18 08:55

reporter   ~0003924

The password modify exop is already used when you have "passwordPolicy yes".
But the ppolicy support had it's own bugs, see bug 0001719.

Perhaps a new conf option should be added to be able to use the password modify exop without ppolicy.

McMichaeli

McMichaeli

2012-05-19 07:30

reporter   ~0003925

Which version was the EXOP first added in? I tested a few versions back and found SOGo directly modifying the userPassword attribute even with password policy enabled.

I will attempt a re-test ASAP but sadly only have a production environment in which to do it at the moment, so it may take a few days...

chrroessner

chrroessner

2012-05-22 08:23

reporter   ~0003933

The password modify exop is already used when you have "passwordPolicy yes".
But the ppolicy support had it's own bugs, see bug 0001719.

Are you talking about the ppolicy overlay in OpenLDAP? This is not a requirement for LDAP Password Modify Extended Operation. Could you give an option to simply activate the use of EXOP without depending on ppolicy?

efuste

efuste

2012-05-22 16:08

reporter   ~0003960

Yes, it is the reverse : LDAP Password Modify Extended Operation use is a prerequisite for the ppolicy overlay.
A new conf option o simply activate the use of the EXOP would be a good thing.

Issue History

Date Modified Username Field Change
2012-05-16 14:15 aschild New Issue
2012-05-16 16:54 chrroessner Note Added: 0003920
2012-05-17 10:29 McMichaeli Note Added: 0003922
2012-05-18 08:55 efuste Note Added: 0003924
2012-05-19 07:30 McMichaeli Note Added: 0003925
2012-05-22 08:23 chrroessner Note Added: 0003933
2012-05-22 16:08 efuste Note Added: 0003960