Re: [PHP] Do an LDAP Password Modify Extended Operation?
Mike Mackintosh wrote on 02/17/2012 07:25:36 PM: > [image removed] > > Re: [PHP] Do an LDAP Password Modify Extended Operation? > > Mike Mackintosh > > to: > > Kirk.Johnson, PHP General List > > 02/17/2012 07:26 PM > > On Feb 17, 2012, at 3:34 PM, kirk.john...@zootweb.com wrote: > > > Mike Mackintosh wrote on 02/17/2012 > > 12:36:06 PM: > > > >> On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote: > >> > >>> Is it possible to do an LDAP Password Modify Extended Operation, as > >>> specified in RFC 3062? The password hashing scheme in the LDAP > >>> directory I > >>> am working with may change periodically, so it is my understanding > >>> that I > >>> can't hash a new password according to a specific scheme, e.g., {SHA}, > >>> on > >>> my side. Instead, I should use an Extended Operation and let the > >>> directory > >>> do the hashing. Is that correct? The help page for ldap_set_option > >>> suggests that it might be possible, but I sure can't find any example > >>> code > >>> anywhere. > >>> > >>> TIA > >>> > >>> Kirk > >> > >> I have an example of this on my lab box at home. I noticed issues > >> depending on if the requesting application was Linux or windows due > >> to the different Linux LDAP libraries. > >> > >> When I get home I'll forward you the example of what I have so far > > > > Woohoo! Extended Operation doesn't seem to be a practice that is in > > wide-spread use. Looking forward to what you've come up with. Thanks. > > > Kirk, > > What i've been trying to do, is revive the patch i found here: > > http://www.mail-archive.com/internals@lists.php.net/msg19665.html > > It provides a lot of the functionality that you can only imagine and > more, but it fails against versions 5.3.x. > > I sent an email to the original maintainer, Pierangelo, but have not > received a response yet on that status of maintenance. > > Do you use OpenLDAP? I am not sure if it built, if it would support AD or not. > > Mike Mackintosh > PHP, the drug of choice - www.highonphp.com Had a nice 3-day weekend ;) Yes, using OpenLDAP 2.x. I found the same Internals email thread from Pierangelo. Looking at Example #2 in the documentation for ldap_set_option, it appears that exop's might be supported, since the example uses an OID. Did you play around with the LDAP_OPT_SERVER_CONTROLS option at all, or am I completely off track there? > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >
Re: [PHP] Do an LDAP Password Modify Extended Operation?
On Feb 17, 2012, at 3:34 PM, kirk.john...@zootweb.com wrote: > Mike Mackintosh wrote on 02/17/2012 > 12:36:06 PM: > >> On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote: >> >>> Is it possible to do an LDAP Password Modify Extended Operation, as >>> specified in RFC 3062? The password hashing scheme in the LDAP >>> directory I >>> am working with may change periodically, so it is my understanding >>> that I >>> can't hash a new password according to a specific scheme, e.g., {SHA}, >>> on >>> my side. Instead, I should use an Extended Operation and let the >>> directory >>> do the hashing. Is that correct? The help page for ldap_set_option >>> suggests that it might be possible, but I sure can't find any example >>> code >>> anywhere. >>> >>> TIA >>> >>> Kirk >> >> I have an example of this on my lab box at home. I noticed issues >> depending on if the requesting application was Linux or windows due >> to the different Linux LDAP libraries. >> >> When I get home I'll forward you the example of what I have so far > > Woohoo! Extended Operation doesn't seem to be a practice that is in > wide-spread use. Looking forward to what you've come up with. Thanks. Kirk, What i've been trying to do, is revive the patch i found here: http://www.mail-archive.com/internals@lists.php.net/msg19665.html It provides a lot of the functionality that you can only imagine and more, but it fails against versions 5.3.x. I sent an email to the original maintainer, Pierangelo, but have not received a response yet on that status of maintenance. Do you use OpenLDAP? I am not sure if it built, if it would support AD or not. Mike Mackintosh PHP, the drug of choice - www.highonphp.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Do an LDAP Password Modify Extended Operation?
Mike Mackintosh wrote on 02/17/2012 12:36:06 PM: > On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote: > > > Is it possible to do an LDAP Password Modify Extended Operation, as > > specified in RFC 3062? The password hashing scheme in the LDAP directory I > > am working with may change periodically, so it is my understanding that I > > can't hash a new password according to a specific scheme, e.g., {SHA}, on > > my side. Instead, I should use an Extended Operation and let the directory > > do the hashing. Is that correct? The help page for ldap_set_option > > suggests that it might be possible, but I sure can't find any example code > > anywhere. > > > > TIA > > > > Kirk > > I have an example of this on my lab box at home. I noticed issues > depending on if the requesting application was Linux or windows due > to the different Linux LDAP libraries. > > When I get home I'll forward you the example of what I have so far Woohoo! Extended Operation doesn't seem to be a practice that is in wide-spread use. Looking forward to what you've come up with. Thanks.
Re: [PHP] Do an LDAP Password Modify Extended Operation?
On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote: > Is it possible to do an LDAP Password Modify Extended Operation, as > specified in RFC 3062? The password hashing scheme in the LDAP directory I > am working with may change periodically, so it is my understanding that I > can't hash a new password according to a specific scheme, e.g., {SHA}, on > my side. Instead, I should use an Extended Operation and let the directory > do the hashing. Is that correct? The help page for ldap_set_option > suggests that it might be possible, but I sure can't find any example code > anywhere. > > TIA > > Kirk I have an example of this on my lab box at home. I noticed issues depending on if the requesting application was Linux or windows due to the different Linux LDAP libraries. When I get home I'll forward you the example of what I have so far -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php