Re: [PHP] Do an LDAP Password Modify Extended Operation?
Mike Mackintosh wrote on 02/17/2012
07:25:36 PM:
> [image removed]
>
> Re: [PHP] Do an LDAP Password Modify Extended Operation?
>
> Mike Mackintosh
>
> to:
>
> Kirk.Johnson, PHP General List
>
> 02/17/2012 07:26 PM
>
> On Feb 17, 2012, at 3:34 PM, kirk.john...@zootweb.com wrote:
>
> > Mike Mackintosh wrote on 02/17/2012
> > 12:36:06 PM:
> >
> >> On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote:
> >>
> >>> Is it possible to do an LDAP Password Modify Extended Operation, as
> >>> specified in RFC 3062? The password hashing scheme in the LDAP
> >>> directory I
> >>> am working with may change periodically, so it is my understanding
> >>> that I
> >>> can't hash a new password according to a specific scheme, e.g.,
{SHA},
> >>> on
> >>> my side. Instead, I should use an Extended Operation and let the
> >>> directory
> >>> do the hashing. Is that correct? The help page for ldap_set_option
> >>> suggests that it might be possible, but I sure can't find any
example
> >>> code
> >>> anywhere.
> >>>
> >>> TIA
> >>>
> >>> Kirk
> >>
> >> I have an example of this on my lab box at home. I noticed issues
> >> depending on if the requesting application was Linux or windows due
> >> to the different Linux LDAP libraries.
> >>
> >> When I get home I'll forward you the example of what I have so far
> >
> > Woohoo! Extended Operation doesn't seem to be a practice that is in
> > wide-spread use. Looking forward to what you've come up with. Thanks.
>
>
> Kirk,
>
> What i've been trying to do, is revive the patch i found here:
>
> http://www.mail-archive.com/internals@lists.php.net/msg19665.html
>
> It provides a lot of the functionality that you can only imagine and
> more, but it fails against versions 5.3.x.
>
> I sent an email to the original maintainer, Pierangelo, but have not
> received a response yet on that status of maintenance.
>
> Do you use OpenLDAP? I am not sure if it built, if it would support AD
or not.
>
> Mike Mackintosh
> PHP, the drug of choice - www.highonphp.com
Had a nice 3-day weekend ;)
Yes, using OpenLDAP 2.x. I found the same Internals email thread from
Pierangelo.
Looking at Example #2 in the documentation for ldap_set_option, it appears
that exop's might be supported, since the example uses an OID. Did you
play around with the LDAP_OPT_SERVER_CONTROLS option at all, or am I
completely off track there?
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
Re: [PHP] Do an LDAP Password Modify Extended Operation?
On Feb 17, 2012, at 3:34 PM, kirk.john...@zootweb.com wrote:
> Mike Mackintosh wrote on 02/17/2012
> 12:36:06 PM:
>
>> On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote:
>>
>>> Is it possible to do an LDAP Password Modify Extended Operation, as
>>> specified in RFC 3062? The password hashing scheme in the LDAP
>>> directory I
>>> am working with may change periodically, so it is my understanding
>>> that I
>>> can't hash a new password according to a specific scheme, e.g., {SHA},
>>> on
>>> my side. Instead, I should use an Extended Operation and let the
>>> directory
>>> do the hashing. Is that correct? The help page for ldap_set_option
>>> suggests that it might be possible, but I sure can't find any example
>>> code
>>> anywhere.
>>>
>>> TIA
>>>
>>> Kirk
>>
>> I have an example of this on my lab box at home. I noticed issues
>> depending on if the requesting application was Linux or windows due
>> to the different Linux LDAP libraries.
>>
>> When I get home I'll forward you the example of what I have so far
>
> Woohoo! Extended Operation doesn't seem to be a practice that is in
> wide-spread use. Looking forward to what you've come up with. Thanks.
Kirk,
What i've been trying to do, is revive the patch i found here:
http://www.mail-archive.com/internals@lists.php.net/msg19665.html
It provides a lot of the functionality that you can only imagine and more, but
it fails against versions 5.3.x.
I sent an email to the original maintainer, Pierangelo, but have not received a
response yet on that status of maintenance.
Do you use OpenLDAP? I am not sure if it built, if it would support AD or not.
Mike Mackintosh
PHP, the drug of choice - www.highonphp.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Do an LDAP Password Modify Extended Operation?
Mike Mackintosh wrote on 02/17/2012
12:36:06 PM:
> On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote:
>
> > Is it possible to do an LDAP Password Modify Extended Operation, as
> > specified in RFC 3062? The password hashing scheme in the LDAP
directory I
> > am working with may change periodically, so it is my understanding
that I
> > can't hash a new password according to a specific scheme, e.g., {SHA},
on
> > my side. Instead, I should use an Extended Operation and let the
directory
> > do the hashing. Is that correct? The help page for ldap_set_option
> > suggests that it might be possible, but I sure can't find any example
code
> > anywhere.
> >
> > TIA
> >
> > Kirk
>
> I have an example of this on my lab box at home. I noticed issues
> depending on if the requesting application was Linux or windows due
> to the different Linux LDAP libraries.
>
> When I get home I'll forward you the example of what I have so far
Woohoo! Extended Operation doesn't seem to be a practice that is in
wide-spread use. Looking forward to what you've come up with. Thanks.
Re: [PHP] Do an LDAP Password Modify Extended Operation?
On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote:
> Is it possible to do an LDAP Password Modify Extended Operation, as
> specified in RFC 3062? The password hashing scheme in the LDAP directory I
> am working with may change periodically, so it is my understanding that I
> can't hash a new password according to a specific scheme, e.g., {SHA}, on
> my side. Instead, I should use an Extended Operation and let the directory
> do the hashing. Is that correct? The help page for ldap_set_option
> suggests that it might be possible, but I sure can't find any example code
> anywhere.
>
> TIA
>
> Kirk
I have an example of this on my lab box at home. I noticed issues depending on
if the requesting application was Linux or windows due to the different Linux
LDAP libraries.
When I get home I'll forward you the example of what I have so far
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
