On 2009-03-09, Michael Ströder <[email protected]> wrote:
> >
> > But, it occurred to me that I'm not fully sure what I'm doing
> > when creating the SSHA1 hash,
>
> If the password is usable afterwards there's nothing wrong with
> client-side password hashing. The salt should be at least 4 bytes long.
Still, I'm uncertain how f.ex. character encodings will/should be
handled, so it seems safer to let the directory server handle both the
hashing and verification.
>
> Simply use None for oldpw.
>
It didn't like None:
Traceback (most recent call last):
File "./update-ldap-from-atmail.py", line 166, in ?
con.passwd_s( dn, None, mailpassword )
File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 330, in
passwd_s
msgid = self.passwd(user,oldpw,newpw,serverctrls,clientctrls)
File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 327, in
passwd
return
self._ldap_call(self._l.passwd,user,oldpw,newpw,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls))
File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 94, in
_ldap_call
result = func(*args,**kwargs)
TypeError: argument 2 must be string or read-only buffer, not None
but "" seems to work (after I set up SSL to get around the
ldap.CONFIDENTIALITY_REQUIRED). Thanks!
-jf
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Python-LDAP-dev mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
