mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-27 03:20:22 +08:00
ITS#8903 - Add option to bind early in ldappasswd
ldappasswd is slightly different from a standard passwd workflow in that it requests an old password, then a new password, then the old password again. This confuses people who are used to the unix passwd tool as well as people who use password manager. I've seen quite a few people who have generated a new password, overwriting the old one, and then need a password reset because they still need to bind to modify their password. This patch adds an option to bind at the beginning of the process so that you can pass '-E' to ldappasswd and it will bind early in the process so that the process is the same as the standard passwd. All it does is run the bind towards the beginning of the process instead of the end. The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Randall Mason randall@mason.ch. I have not assigned rights and/or interest in this work to any party. I, Randall Mason, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
This commit is contained in:
parent
44e1c6535e
commit
6285668ce5
@ -56,6 +56,7 @@
|
||||
static struct berval newpw = { 0, NULL };
|
||||
static struct berval oldpw = { 0, NULL };
|
||||
|
||||
static int want_bindearly = 0;
|
||||
static int want_newpw = 0;
|
||||
static int want_oldpw = 0;
|
||||
|
||||
@ -69,6 +70,7 @@ usage( void )
|
||||
fprintf( stderr,_("usage: %s [options] [user]\n"), prog);
|
||||
fprintf( stderr, _(" user: the authentication identity, commonly a DN\n"));
|
||||
fprintf( stderr, _("Password change options:\n"));
|
||||
fprintf( stderr, _(" -E bind early\n"));
|
||||
fprintf( stderr, _(" -a secret old password\n"));
|
||||
fprintf( stderr, _(" -A prompt for old password\n"));
|
||||
fprintf( stderr, _(" -t file read file for old password\n"));
|
||||
@ -80,7 +82,7 @@ usage( void )
|
||||
}
|
||||
|
||||
|
||||
const char options[] = "a:As:St:T:"
|
||||
const char options[] = "Ea:As:St:T:"
|
||||
"d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
|
||||
|
||||
int
|
||||
@ -117,6 +119,11 @@ handle_private_option( int i )
|
||||
}
|
||||
#endif
|
||||
|
||||
case 'E': /* bind to the LDAP server before other actions */
|
||||
want_bindearly++;
|
||||
break;
|
||||
|
||||
|
||||
case 'a': /* old password (secret) */
|
||||
oldpw.bv_val = strdup( optarg );
|
||||
{
|
||||
@ -195,6 +202,13 @@ main( int argc, char *argv[] )
|
||||
user = NULL;
|
||||
}
|
||||
|
||||
if( want_bindearly ) {
|
||||
/* bind */
|
||||
ld = tool_conn_setup( 0, 0 );
|
||||
|
||||
tool_bind( ld );
|
||||
}
|
||||
|
||||
if( oldpwfile ) {
|
||||
rc = lutil_get_filed_password( oldpwfile, &oldpw );
|
||||
if( rc ) {
|
||||
@ -245,9 +259,12 @@ main( int argc, char *argv[] )
|
||||
newpw.bv_len = strlen( newpw.bv_val );
|
||||
}
|
||||
|
||||
if( ! want_bindearly ) {
|
||||
/* bind */
|
||||
ld = tool_conn_setup( 0, 0 );
|
||||
|
||||
tool_bind( ld );
|
||||
}
|
||||
|
||||
if( user != NULL || oldpw.bv_val != NULL || newpw.bv_val != NULL ) {
|
||||
/* build the password modify request data */
|
||||
|
Loading…
Reference in New Issue
Block a user