Re: [PHP] Do an LDAP Password Modify Extended Operation?
Mike Mackintosh mike.mackint...@angrystatic.com wrote on 02/17/2012
07:25:36 PM:
[image removed]
Re: [PHP] Do an LDAP Password Modify Extended Operation?
Mike Mackintosh
to:
Kirk.Johnson, PHP General List
02/17/2012 07:26 PM
On Feb 17, 2012, at 3:34 PM, kirk.john...@zootweb.com wrote:
Mike Mackintosh mike.mackint...@angrystatic.com wrote on 02/17/2012
12:36:06 PM:
On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote:
Is it possible to do an LDAP Password Modify Extended Operation, as
specified in RFC 3062? The password hashing scheme in the LDAP
directory I
am working with may change periodically, so it is my understanding
that I
can't hash a new password according to a specific scheme, e.g.,
{SHA},
on
my side. Instead, I should use an Extended Operation and let the
directory
do the hashing. Is that correct? The help page for ldap_set_option
suggests that it might be possible, but I sure can't find any
example
code
anywhere.
TIA
Kirk
I have an example of this on my lab box at home. I noticed issues
depending on if the requesting application was Linux or windows due
to the different Linux LDAP libraries.
When I get home I'll forward you the example of what I have so far
Woohoo! Extended Operation doesn't seem to be a practice that is in
wide-spread use. Looking forward to what you've come up with. Thanks.
Kirk,
What i've been trying to do, is revive the patch i found here:
http://www.mail-archive.com/internals@lists.php.net/msg19665.html
It provides a lot of the functionality that you can only imagine and
more, but it fails against versions 5.3.x.
I sent an email to the original maintainer, Pierangelo, but have not
received a response yet on that status of maintenance.
Do you use OpenLDAP? I am not sure if it built, if it would support AD
or not.
Mike Mackintosh
PHP, the drug of choice - www.highonphp.com
Had a nice 3-day weekend ;)
Yes, using OpenLDAP 2.x. I found the same Internals email thread from
Pierangelo.
Looking at Example #2 in the documentation for ldap_set_option, it appears
that exop's might be supported, since the example uses an OID. Did you
play around with the LDAP_OPT_SERVER_CONTROLS option at all, or am I
completely off track there?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Do an LDAP Password Modify Extended Operation?
Is it possible to do an LDAP Password Modify Extended Operation, as
specified in RFC 3062? The password hashing scheme in the LDAP directory I
am working with may change periodically, so it is my understanding that I
can't hash a new password according to a specific scheme, e.g., {SHA}, on
my side. Instead, I should use an Extended Operation and let the directory
do the hashing. Is that correct? The help page for ldap_set_option
suggests that it might be possible, but I sure can't find any example code
anywhere.
TIA
Kirk
Re: [PHP] Do an LDAP Password Modify Extended Operation?
On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote:
Is it possible to do an LDAP Password Modify Extended Operation, as
specified in RFC 3062? The password hashing scheme in the LDAP directory I
am working with may change periodically, so it is my understanding that I
can't hash a new password according to a specific scheme, e.g., {SHA}, on
my side. Instead, I should use an Extended Operation and let the directory
do the hashing. Is that correct? The help page for ldap_set_option
suggests that it might be possible, but I sure can't find any example code
anywhere.
TIA
Kirk
I have an example of this on my lab box at home. I noticed issues depending on
if the requesting application was Linux or windows due to the different Linux
LDAP libraries.
When I get home I'll forward you the example of what I have so far
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Do an LDAP Password Modify Extended Operation?
Mike Mackintosh mike.mackint...@angrystatic.com wrote on 02/17/2012
12:36:06 PM:
On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote:
Is it possible to do an LDAP Password Modify Extended Operation, as
specified in RFC 3062? The password hashing scheme in the LDAP
directory I
am working with may change periodically, so it is my understanding
that I
can't hash a new password according to a specific scheme, e.g., {SHA},
on
my side. Instead, I should use an Extended Operation and let the
directory
do the hashing. Is that correct? The help page for ldap_set_option
suggests that it might be possible, but I sure can't find any example
code
anywhere.
TIA
Kirk
I have an example of this on my lab box at home. I noticed issues
depending on if the requesting application was Linux or windows due
to the different Linux LDAP libraries.
When I get home I'll forward you the example of what I have so far
Woohoo! Extended Operation doesn't seem to be a practice that is in
wide-spread use. Looking forward to what you've come up with. Thanks.
Re: [PHP] Do an LDAP Password Modify Extended Operation?
On Feb 17, 2012, at 3:34 PM, kirk.john...@zootweb.com wrote:
Mike Mackintosh mike.mackint...@angrystatic.com wrote on 02/17/2012
12:36:06 PM:
On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote:
Is it possible to do an LDAP Password Modify Extended Operation, as
specified in RFC 3062? The password hashing scheme in the LDAP
directory I
am working with may change periodically, so it is my understanding
that I
can't hash a new password according to a specific scheme, e.g., {SHA},
on
my side. Instead, I should use an Extended Operation and let the
directory
do the hashing. Is that correct? The help page for ldap_set_option
suggests that it might be possible, but I sure can't find any example
code
anywhere.
TIA
Kirk
I have an example of this on my lab box at home. I noticed issues
depending on if the requesting application was Linux or windows due
to the different Linux LDAP libraries.
When I get home I'll forward you the example of what I have so far
Woohoo! Extended Operation doesn't seem to be a practice that is in
wide-spread use. Looking forward to what you've come up with. Thanks.
Kirk,
What i've been trying to do, is revive the patch i found here:
http://www.mail-archive.com/internals@lists.php.net/msg19665.html
It provides a lot of the functionality that you can only imagine and more, but
it fails against versions 5.3.x.
I sent an email to the original maintainer, Pierangelo, but have not received a
response yet on that status of maintenance.
Do you use OpenLDAP? I am not sure if it built, if it would support AD or not.
Mike Mackintosh
PHP, the drug of choice - www.highonphp.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
