Hi,
Does anyone know of a bit of code I can look at that does an *internal*
(completed inline) LDAP_MOD_REPLACE operation on one attribute without
chaining (ie it does a return 0)?
I've found Sun docs for doing this in a slapi plugin but not an openldap
slapd plugin.
Reason:
Basically, I've been hacking on smbkrb5pwd.c and discovered if I do a
"return 0;" at the end, I can prevent chaining (not documented but found
some openldap hacking - denyop.c - that demonstrated this).
At this point, smbkrb5pwd.c has changed our MIT Kerberos principal's
password, and "return 0" prevenrs_modsts slapd from chaining onto the
code that tries to set a local hash into userPassword. And it does it
without causing a nasty client error.
I thought: would it not be nice to set userPassword: to
{SASL}[email protected] now... Each user's auth method gets switched upon
the first successful password change that propagates to kerberos.
However, all the existing overlays seem to set extra attributes by
setting up a request in ->rs_mods off the original request. I assume
these get actioned after a "return SLAP_CB_CONTINUE".
So - how do set an attribute if we are halting the chain at our overlay?
Cheers :)
Tim
--
Tim Watts
Personal Blog: http://squiddy.blog.dionic.net/
http://www.sensorly.com/ Crowd mapping of 2G/3G/4G mobile signal coverage
