2 Jul
2007
2 Jul
'07
12:49 p.m.
Hallvard B Furuseth writes:
I mean. If userPassword uses md5 hash change it to new one but keep/use the same hash.
Oh. Just grab the old one, ignoring any access control rules, and see if it starts with '{something}'. (...)
Or look at how libraries/liblutil/passwd.c:lutil_passwd() does it. But note that lutil_password() can trigger SASL, callbacks to slapd, and whatnot, looking for how to authenticate the password. If you want to do the same (authenticating other entries), you need to set thread-specific data with key slap_sasl_bind, like be_isroot_pw() does in slapd/backend.c. I have no idea where that leads, having only looked superficially at the code myself.
--
Regards,
Hallvard