Issue #143 has been updated by Clément Oudot.
Hi David, I want use exop too but as you wrote, the solutions are not very easy. The "self service password" (SSP) is designed to be very simple to install and configure, so recompile PHP is not an option. Call a perl script is just bad (and add a dependance on Perl-LDAP). The only thing I see is to abandon PHP to have a Ruby or Perl version of the tool. For your actual problem, you can configure SSP to send password in cleartext, so that the check password tool is used, and configure the OpenLDAP ppolicy overlay to hash the password: <pre> overlay ppolicy ppolicy_hash_cleartext </pre> And of course, you can set SSL between SSP and OpenLDAP so the password transmission is secured. Does it fit to your needs? ---------------------------------------- Feature #143: Change Self Service Password to use LDAP exop (so it can be used with Check Password) http://tools.lsc-project.org/issues/show/143 Author: David Rosenstrauch Status: New Priority: Normal Assigned to: Category: Self Service Password Target version: In #127 ("Store hashed passwords") there was some discussion of using LDAP exop to perform the password change function in Self Service Password. But this was rejected in favor of just providing a SSHA option to create hashed passwords. But if someone is trying to use Self Service Password in conjunction with the Check Password tool - as I am - then SSHA isn't an option (since Check Password will likely reject the hashed password). However, leaving Self Service Password set to use clear text passwords isn't a viable option either, since that will cause the password to get stored in clear text in the LDAP server. Is there any way to enhance Self Service Password to use LDAP exop to set the password so that it would be possible to use all of these features together? I know that #127 mentioned that PHP-LDAP did not support exop. Is there any other library out there that does? (A quick google turned up 2 possible solutions - one is calling a Perl module from PHP, and the other is a patch to PHP - but I'm not sure if either of them is easy to integrate with Self Service Password.) It would be really great if there was *some* solution to this, though, else I won't be able to use the Self Service Password GUI - which would be a shame since it provides most of the functionality I need. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
