Re: [PHP] Do an LDAP Password Modify Extended Operation?
Mike Mackintosh mike.mackint...@angrystatic.com wrote on 02/17/2012 07:25:36 PM: [image removed] Re: [PHP] Do an LDAP Password Modify Extended Operation? Mike Mackintosh to: Kirk.Johnson, PHP General List 02/17/2012 07:26 PM On Feb 17, 2012, at 3:34 PM, kirk.john...@zootweb.com wrote: Mike Mackintosh mike.mackint...@angrystatic.com wrote on 02/17/2012 12:36:06 PM: On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote: Is it possible to do an LDAP Password Modify Extended Operation, as specified in RFC 3062? The password hashing scheme in the LDAP directory I am working with may change periodically, so it is my understanding that I can't hash a new password according to a specific scheme, e.g., {SHA}, on my side. Instead, I should use an Extended Operation and let the directory do the hashing. Is that correct? The help page for ldap_set_option suggests that it might be possible, but I sure can't find any example code anywhere. TIA Kirk I have an example of this on my lab box at home. I noticed issues depending on if the requesting application was Linux or windows due to the different Linux LDAP libraries. When I get home I'll forward you the example of what I have so far Woohoo! Extended Operation doesn't seem to be a practice that is in wide-spread use. Looking forward to what you've come up with. Thanks. Kirk, What i've been trying to do, is revive the patch i found here: http://www.mail-archive.com/internals@lists.php.net/msg19665.html It provides a lot of the functionality that you can only imagine and more, but it fails against versions 5.3.x. I sent an email to the original maintainer, Pierangelo, but have not received a response yet on that status of maintenance. Do you use OpenLDAP? I am not sure if it built, if it would support AD or not. Mike Mackintosh PHP, the drug of choice - www.highonphp.com Had a nice 3-day weekend ;) Yes, using OpenLDAP 2.x. I found the same Internals email thread from Pierangelo. Looking at Example #2 in the documentation for ldap_set_option, it appears that exop's might be supported, since the example uses an OID. Did you play around with the LDAP_OPT_SERVER_CONTROLS option at all, or am I completely off track there? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Do an LDAP Password Modify Extended Operation?
Is it possible to do an LDAP Password Modify Extended Operation, as specified in RFC 3062? The password hashing scheme in the LDAP directory I am working with may change periodically, so it is my understanding that I can't hash a new password according to a specific scheme, e.g., {SHA}, on my side. Instead, I should use an Extended Operation and let the directory do the hashing. Is that correct? The help page for ldap_set_option suggests that it might be possible, but I sure can't find any example code anywhere. TIA Kirk
Re: [PHP] Do an LDAP Password Modify Extended Operation?
On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote: Is it possible to do an LDAP Password Modify Extended Operation, as specified in RFC 3062? The password hashing scheme in the LDAP directory I am working with may change periodically, so it is my understanding that I can't hash a new password according to a specific scheme, e.g., {SHA}, on my side. Instead, I should use an Extended Operation and let the directory do the hashing. Is that correct? The help page for ldap_set_option suggests that it might be possible, but I sure can't find any example code anywhere. TIA Kirk I have an example of this on my lab box at home. I noticed issues depending on if the requesting application was Linux or windows due to the different Linux LDAP libraries. When I get home I'll forward you the example of what I have so far -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Do an LDAP Password Modify Extended Operation?
Mike Mackintosh mike.mackint...@angrystatic.com wrote on 02/17/2012 12:36:06 PM: On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote: Is it possible to do an LDAP Password Modify Extended Operation, as specified in RFC 3062? The password hashing scheme in the LDAP directory I am working with may change periodically, so it is my understanding that I can't hash a new password according to a specific scheme, e.g., {SHA}, on my side. Instead, I should use an Extended Operation and let the directory do the hashing. Is that correct? The help page for ldap_set_option suggests that it might be possible, but I sure can't find any example code anywhere. TIA Kirk I have an example of this on my lab box at home. I noticed issues depending on if the requesting application was Linux or windows due to the different Linux LDAP libraries. When I get home I'll forward you the example of what I have so far Woohoo! Extended Operation doesn't seem to be a practice that is in wide-spread use. Looking forward to what you've come up with. Thanks.
Re: [PHP] Do an LDAP Password Modify Extended Operation?
On Feb 17, 2012, at 3:34 PM, kirk.john...@zootweb.com wrote: Mike Mackintosh mike.mackint...@angrystatic.com wrote on 02/17/2012 12:36:06 PM: On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote: Is it possible to do an LDAP Password Modify Extended Operation, as specified in RFC 3062? The password hashing scheme in the LDAP directory I am working with may change periodically, so it is my understanding that I can't hash a new password according to a specific scheme, e.g., {SHA}, on my side. Instead, I should use an Extended Operation and let the directory do the hashing. Is that correct? The help page for ldap_set_option suggests that it might be possible, but I sure can't find any example code anywhere. TIA Kirk I have an example of this on my lab box at home. I noticed issues depending on if the requesting application was Linux or windows due to the different Linux LDAP libraries. When I get home I'll forward you the example of what I have so far Woohoo! Extended Operation doesn't seem to be a practice that is in wide-spread use. Looking forward to what you've come up with. Thanks. Kirk, What i've been trying to do, is revive the patch i found here: http://www.mail-archive.com/internals@lists.php.net/msg19665.html It provides a lot of the functionality that you can only imagine and more, but it fails against versions 5.3.x. I sent an email to the original maintainer, Pierangelo, but have not received a response yet on that status of maintenance. Do you use OpenLDAP? I am not sure if it built, if it would support AD or not. Mike Mackintosh PHP, the drug of choice - www.highonphp.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php