SF Feature #1745642 - Add extended password modify support (RFC 3062) #8

New Issue

Open

opened 2015-09-25 04:04:17 +00:00 by deon · 2 comments

deon commented 2015-09-25 04:04:17 +00:00 (Migrated from gitlab.dege.au)

Copy Link

When modifying userPassword attributes of a user entity, it would be nice if PLA used the extended password modify operation as described in RFC 3062. This enables additional password-related security features, such as requiring the existing password to be supplied, and enabling the password policy overlay provided by OpenLDAP.

I am asking because I am trying to deploy PLA 1.0.2 as a directory administration tool for our customer, but the sticking point is the fact that it does not support enforcement of password policy. I added the ppolicy overlay to our OpenLDAP directory, but it only takes effect if the RFC3062 extended operation is used to modify the userPassword attribute.

PLA uses a "normal" ldap-modify operation that bypasses the policy enforcement.

When modifying userPassword attributes of a user entity, it would be nice if PLA used the extended password modify operation as described in RFC 3062. This enables additional password-related security features, such as requiring the existing password to be supplied, and enabling the password policy overlay provided by OpenLDAP. I am asking because I am trying to deploy PLA 1.0.2 as a directory administration tool for our customer, but the sticking point is the fact that it does not support enforcement of password policy. I added the ppolicy overlay to our OpenLDAP directory, but it only takes effect if the RFC3062 extended operation is used to modify the userPassword attribute. PLA uses a "normal" ldap-modify operation that bypasses the policy enforcement.

deon commented 2015-09-25 04:23:06 +00:00 (Migrated from gitlab.dege.au)

Copy Link

I dont think the PHP API supports extended operations (yet)? If I am wrong and somebody can provide an example of how this is done in PHP, i'll aim to implement it in the next release...

I dont think the PHP API supports extended operations (yet)? If I am wrong and somebody can provide an example of how this is done in PHP, i'll aim to implement it in the next release...

deon commented 2020-08-23 02:36:09 +00:00 (Migrated from gitlab.dege.au)

Copy Link

mentioned in commit eca5c4ea9f

mentioned in commit eca5c4ea9f49a71c5ae5e414c9a73020b376a1d9

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

BRANCH-2.0

BRANCH-1.2

SANDPIT.new

SANDPIT

documentation

BRANCH-1.1

BRANCH-1.0

BRANCH-0.9.7

BRANCH-0.9.8

BRANCH-0.9.6

BRANCH-0.9.4

1.2.6.6

1.2.6.5

1.2.6.4

1.2.6.3

1.2.6.2

1.2.6.1

1.2.6

1.2.5

1.2.4

RELEASE-1.2.3

1.2.3

RELEASE-1.2.2

RELEASE-1.2.1.1

RELEASE-1.2.1

RELEASE-1.2.0.5

RELEASE-1.2.0.4

RELEASE-1.2.0.3

RELEASE-1.2.0.2

RELEASE-1.2.0.1

RELEASE-1.2.0

RELEASE-1.2.0-rc1

RELEASE-1.1.0.7

RELEASE-1.1.0.6

RELEASE-1.1.0.5

RELEASE-1.1.0.4

RELEASE-1.1.0.3

RELEASE-1.1.0.2

RELEASE-1.0.2

RELEASE-1.0.1

RELEASE-0.9.8.5

RELEASE-0.9.8.4

RELEASE-0.9.8.3

RELEASE-0.9.8.2

RELEASE-1.1.0.1

RELEASE-1.1.0

RELEASE-1.0.0

RELEASE-0.9.8.1

RELEASE-0.9.8

RELEASE-0.9.7.2

RELEASE-0.9.7.1

RELEASE-0.9.7

RELEASE-0.9.6c

RELEASE-0.9.6b

RELEASE-0.9.6a

RELEASE-0.9.6

RELEASE-0.9.5

RELEASE-0.9.4b

RELEASE-0.9.4a

RELEASE-0.9.4

RELEASE-0.9.3

RELEASE-0.9.2

RELEASE-0.9.1

RELEASE-0.9.0

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: deon/phpldapadmin#8

No description provided.