summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-06-06 22:50:54 +0000
committerGerald Carter <jerry@samba.org>2003-06-06 22:50:54 +0000
commite485bc7e3e192c419e4a9b9dc435f07cfb4535fc (patch)
tree68bbfaff0be025a79696219f7e16941417799737
parent71298881c4a630666c1a14be99048f8f86e48162 (diff)
downloadsamba-e485bc7e3e192c419e4a9b9dc435f07cfb4535fc.tar.gz
samba-e485bc7e3e192c419e4a9b9dc435f07cfb4535fc.tar.bz2
samba-e485bc7e3e192c419e4a9b9dc435f07cfb4535fc.zip
support LDAP_EXOP_MODIFY_PASSWORD (not experiemental in OpenLDAP 2.1)
(This used to be commit 50fdc938222112b5470d05d8cd15386bd0a112df)
-rw-r--r--source3/param/loadparm.c10
-rw-r--r--source3/passdb/pdb_ldap.c30
2 files changed, 25 insertions, 15 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 49f0bbd2a4..b76a56328b 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -624,18 +624,16 @@ static const struct enum_list enum_ldap_ssl[] = {
};
static const struct enum_list enum_ldap_passwd_sync[] = {
- {LDAP_PASSWD_SYNC_ON, "Yes"},
- {LDAP_PASSWD_SYNC_ON, "yes"},
- {LDAP_PASSWD_SYNC_ON, "on"},
- {LDAP_PASSWD_SYNC_ON, "On"},
{LDAP_PASSWD_SYNC_OFF, "no"},
{LDAP_PASSWD_SYNC_OFF, "No"},
{LDAP_PASSWD_SYNC_OFF, "off"},
{LDAP_PASSWD_SYNC_OFF, "Off"},
-#ifdef LDAP_EXOP_X_MODIFY_PASSWD
+ {LDAP_PASSWD_SYNC_ON, "Yes"},
+ {LDAP_PASSWD_SYNC_ON, "yes"},
+ {LDAP_PASSWD_SYNC_ON, "on"},
+ {LDAP_PASSWD_SYNC_ON, "On"},
{LDAP_PASSWD_SYNC_ONLY, "Only"},
{LDAP_PASSWD_SYNC_ONLY, "only"},
-#endif /* LDAP_EXOP_X_MODIFY_PASSWD */
{-1, NULL}
};
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 3ddbd99ca3..c79564ac6f 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -55,6 +55,24 @@
#define LDAP_OPT_SUCCESS 0
#endif
+#if defined(LDAP_EXOP_X_MODIFY_PASSWD) && !defined(LDAP_EXOP_MODIFY_PASSWD)
+#define LDAP_EXOP_MODIFY_PASSWD LDAP_EXOP_X_MODIFY_PASSWD
+#elif !defined(LDAP_EXOP_MODIFY_PASSWD)
+#define "1.3.6.1.4.1.4203.1.11.1"
+#endif
+
+#if defined(LDAP_EXOP_X_MODIFY_PASSWD_ID) && !defined(LDAP_EXOP_MODIFY_PASSWD_ID)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID LDAP_EXOP_X_MODIFY_PASSWD_ID
+#elif !defined(LDAP_EXOP_MODIFY_PASSWD_ID)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U)
+#endif
+
+#if defined(LDAP_EXOP_X_MODIFY_PASSWD_NEW) && !defined(LDAP_EXOP_MODIFY_PASSWD_NEW)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW LDAP_EXOP_X_MODIFY_PASSWD_NEW
+#elif !defined(LDAP_EXOP_MODIFY_PASSWD_NEW)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)
+#endif
+
#ifndef SAM_ACCOUNT
#define SAM_ACCOUNT struct sam_passwd
#endif
@@ -631,7 +649,6 @@ static int ldapsam_delete(struct ldapsam_privates *ldap_state, char *dn)
return rc;
}
-#ifdef LDAP_EXOP_X_MODIFY_PASSWD
static int ldapsam_extended_operation(struct ldapsam_privates *ldap_state, LDAP_CONST char *reqoid, struct berval *reqdata, LDAPControl **serverctrls, LDAPControl **clientctrls, char **retoidp, struct berval **retdatap)
{
int rc = LDAP_SERVER_DOWN;
@@ -655,7 +672,6 @@ static int ldapsam_extended_operation(struct ldapsam_privates *ldap_state, LDAP_
return rc;
}
-#endif
/*******************************************************************
run the search by name.
@@ -2348,7 +2364,6 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
}
}
-#ifdef LDAP_EXOP_X_MODIFY_PASSWD
if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) &&
(lp_ldap_passwd_sync() != LDAP_PASSWD_SYNC_OFF) &&
need_update(newpwd, PDB_PLAINTEXT_PW) &&
@@ -2375,8 +2390,8 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
}
ber_printf (ber, "{");
- ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID, utf8_dn);
- ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, utf8_password);
+ ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn);
+ ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password);
ber_printf (ber, "N}");
if ((rc = ber_flatten (ber, &bv))<0) {
@@ -2391,7 +2406,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
SAFE_FREE(utf8_password);
ber_free(ber, 1);
- if ((rc = ldapsam_extended_operation(ldap_state, LDAP_EXOP_X_MODIFY_PASSWD,
+ if ((rc = ldapsam_extended_operation(ldap_state, LDAP_EXOP_MODIFY_PASSWD,
bv, NULL, NULL, &retoid, &retdata))!=LDAP_SUCCESS) {
DEBUG(0,("LDAP Password could not be changed for user %s: %s\n",
pdb_get_username(newpwd),ldap_err2string(rc)));
@@ -2405,9 +2420,6 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
}
ber_bvfree(bv);
}
-#else
- DEBUG(10,("LDAP PASSWORD SYNC is not supported!\n"));
-#endif /* LDAP_EXOP_X_MODIFY_PASSWD */
return NT_STATUS_OK;
}