On 02/27/2013 12:28 PM, Tim Watts wrote:
Hi,
Following on from SASL/EXOP password related issues, I'd like to try something.
When an EXOP PASS MOD happens, I'd like to catch it before it updates userPassword: in the hdb backend and chance the data to
{SASL}<uid>@FIXED.REALM.NAME
I've been through the slapo-rwm man page several times and all over google and I'm more confused that I was to start with.
Could anyone give me a hint please?
2 problems:
What context does this update happen in? Is it a exopPasswdDN context or a modifyAttrDN context? Bearing in mind I want
"extendedDN" (I got this by looking at the code; it is not documented, as far as I can tell).
to catch where the Password Modify EXOP goes to write the userPassword entry.
slapo-rwm(5) does not allow to rewrite the password. It allows to rewrite the request DN (AFAIK).
How do I pull the uid of the current bind doing the password change? I'm guessing it is a $ parameter defref, but I do not see any examples?
You need to get it during bind using appropriate rules, and store it in a variable for reuse. Use a "slapd" map with "entryDN=<the bind dn>" as filter and "uid" as the attrs field to fetch the uid of the entry being bound. Examples for storing and retrieving variables within a session are given in slapo-rwm(5).
Many thanks,
Tim
BTW, if there's a better mailing list for "user" questions I'll happily bugger off there :)
This is the right list for questions like yours.
p.