Hi Rob,
I appreciate the comment, and that would be a concern, but user's don't
have login access to the client system. The
php script is written to allow a friendly remote interface for the
nonlinux user to be able to change their password.
On 2/22/16 2:00 PM, Rob Crittenden wrote:
hou...@nso.edu wrote:
Hi,
I've been looking through the archives for information, but I haven't stumbled
on a solution to my problem.
I'm running ds-389 (389-ds-base-1.3.4.0) on a centos 7 box (CentOS Linux
release 7.2.1511). I have a centos OS client configured using SSL/TLS
which queries the LDAP server. Per a previous thread, I configured the
memeberOf plugin and all seems to be working properly.
I have a php script that will run on the client and change the LDAP password
for the user. The problem is, the script looks for the SSHA has
of the password when an ldapsearch is issued.
However, when I issue a general ldapsearch (anonymously) I don't get the
userpassword field. I read in your archives that I might have
to be the "directory manager" user in order to see the hashed password. I've
been playing around with the ldapsearch syntax, but I can't
quite get it right.
Anyway, my question is, can I set a flag in 389-ds that will display the hashed
userpassword? I think that will solve my problem with the php script returning
an error that it can't retrieve the old password.
IMHO you should fix the script, not allow the hash to be read. You
really want anonymous users to be able to get the password hash for
every user in LDAP?
rob
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org