deon
/
phpldapadmin
1
0
Fork 0
Code Issues 36 Pull Requests Packages Projects Releases Wiki Activity

SF Feature #1745642 - Add extended password modify support (RFC 3062) #8

New Issue
Open
opened 2015-09-25 04:04:17 +00:00 by deon · 2 comments
deon commented 2015-09-25 04:04:17 +00:00 (Migrated from gitlab.dege.au)
Copy Link

When modifying userPassword attributes of a user entity, it would be nice if PLA used the extended password modify operation as described in RFC 3062. This enables additional password-related security features, such as requiring the existing password to be supplied, and enabling the password policy overlay provided by OpenLDAP.

I am asking because I am trying to deploy PLA 1.0.2 as a directory administration tool for our customer, but the sticking point is the fact that it does not support enforcement of password policy. I added the ppolicy overlay to our OpenLDAP directory, but it only takes effect if the RFC3062 extended operation is used to modify the userPassword attribute.

PLA uses a "normal" ldap-modify operation that bypasses the policy enforcement.

When modifying userPassword attributes of a user entity, it would be nice if PLA used the extended password modify operation as described in RFC 3062. This enables additional password-related security features, such as requiring the existing password to be supplied, and enabling the password policy overlay provided by OpenLDAP. I am asking because I am trying to deploy PLA 1.0.2 as a directory administration tool for our customer, but the sticking point is the fact that it does not support enforcement of password policy. I added the ppolicy overlay to our OpenLDAP directory, but it only takes effect if the RFC3062 extended operation is used to modify the userPassword attribute. PLA uses a "normal" ldap-modify operation that bypasses the policy enforcement.
deon commented 2015-09-25 04:23:06 +00:00 (Migrated from gitlab.dege.au)
Copy Link

I dont think the PHP API supports extended operations (yet)? If I am wrong and somebody can provide an example of how this is done in PHP, i'll aim to implement it in the next release...

I dont think the PHP API supports extended operations (yet)? If I am wrong and somebody can provide an example of how this is done in PHP, i'll aim to implement it in the next release...
deon commented 2020-08-23 02:36:09 +00:00 (Migrated from gitlab.dege.au)
Copy Link

mentioned in commit eca5c4ea9f

mentioned in commit eca5c4ea9f49a71c5ae5e414c9a73020b376a1d9
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
BRANCH-2.0
BRANCH-1.2
SANDPIT.new
SANDPIT
documentation
BRANCH-1.1
BRANCH-1.0
BRANCH-0.9.7
BRANCH-0.9.8
BRANCH-0.9.6
BRANCH-0.9.4
1.2.6.6
1.2.6.5
1.2.6.4
1.2.6.3
1.2.6.2
1.2.6.1
1.2.6
1.2.5
1.2.4
RELEASE-1.2.3
1.2.3
RELEASE-1.2.2
RELEASE-1.2.1.1
RELEASE-1.2.1
RELEASE-1.2.0.5
RELEASE-1.2.0.4
RELEASE-1.2.0.3
RELEASE-1.2.0.2
RELEASE-1.2.0.1
RELEASE-1.2.0
RELEASE-1.2.0-rc1
RELEASE-1.1.0.7
RELEASE-1.1.0.6
RELEASE-1.1.0.5
RELEASE-1.1.0.4
RELEASE-1.1.0.3
RELEASE-1.1.0.2
RELEASE-1.0.2
RELEASE-1.0.1
RELEASE-0.9.8.5
RELEASE-0.9.8.4
RELEASE-0.9.8.3
RELEASE-0.9.8.2
RELEASE-1.1.0.1
RELEASE-1.1.0
RELEASE-1.0.0
RELEASE-0.9.8.1
RELEASE-0.9.8
RELEASE-0.9.7.2
RELEASE-0.9.7.1
RELEASE-0.9.7
RELEASE-0.9.6c
RELEASE-0.9.6b
RELEASE-0.9.6a
RELEASE-0.9.6
RELEASE-0.9.5
RELEASE-0.9.4b
RELEASE-0.9.4a
RELEASE-0.9.4
RELEASE-0.9.3
RELEASE-0.9.2
RELEASE-0.9.1
RELEASE-0.9.0
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: deon/phpldapadmin#8
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?