[Freeipa-devel] [PATCH] Support password change operation by direct manipulation of userPassword

[Simo Sorce]

On Tue, 2008-08-12 at 14:48 -0400, Simo Sorce wrote:
> On Tue, 2008-08-12 at 11:38 -0700, Nathan Kinder wrote:
> > Simo Sorce wrote:
> > > On Thu, 2008-07-24 at 11:13 -0400, Simo Sorce wrote:
> > >   
> > >> On Wed, 2008-07-23 at 10:20 -0400, Simo Sorce wrote:
> > >>     
> > >>> This is an initial patch to support generating kerberos key material
> > >>> (and other hashes) when an ldap ADD or MODIFY operation is performed on
> > >>> the userPassword attribute.
> > >>>
> > >>> Basic testing seem to work, but I'd like feedback both on the method
> > >>> used and on the implementation. I have probably missed something as I
> > >>> had to work on the patch at different times with large intervals between
> > >>> each coding session, so please test it if you can before I push it to
> > >>> master.
> > >>>       
> > >> New patch, this incorporate suggestions to create helper functions for
> > >> common code and also fixes quite a number of bugs, thanks to Rich for a
> > >> quite accurate analysis too.
> > >>     
> > >
> > > Another revision, this one removes the requirement to have an ssl
> > > connection to just ldapadd/ldapmodify the userPassword attribute.
> > > This would be a change in behavior for DS and may cause problems to
> > > existing applications.
> > >   
> > There's a leak of a Slapi_Entry at the end of your pre-op function in 
> > the case of "rc == LDAP_SUCCESS".  I already spoke with you about this 
> > one in IRC.  I'd also prefer you #define the "sambaLMPassword" and 
> > "sambaNTPassword" attribute names.
> > 
> > Other than that, it looks good.
> 
> Ok I will address the sambaNTPassword/sambaLMPassword attribute names
> definition ina a following patch as they are used in other parts of the
> code too IIRC.
> 
> I will quick fix the memleak and push the patch as is.

pushed to master

-- 
Simo Sorce * Red Hat, Inc * New York