HI!
I'd like to intercept password changes (clear-text password) via back-sock used as overlay:
# send all modify requests to external listener (after ppolicy checking) overlay sock extensions binddn peername ssf connid socketpath /tmp/noop-listener sockops modify
What seems odd is that internal modifications done by slapo-lastbind have
binddn: uid=bccb,cn=test,ou=ae-dir
like the bound user and same connid (see log excerpt attached below). Shouldn't internal write operations set another binddn (e.g. to the rootdn)?
Ciao, Michael.
My listeners log:
2017-03-20 19:13:35,000 DEBUG 140308582867240 ----- incoming request via '/tmp/noop-listener' from pid=21348 uid=1000 gid=100 ----- 2017-03-20 19:13:35,000 DEBUG 140308582867240 request_data='MODIFY\nmsgid: 1\nbinddn: uid=bccb,cn=test,ou=ae-dir\nsuffix: ou=ae-dir\ndn: uid=bccb,cn=test,ou=ae-dir\nreplace: authTimestamp\nauthTimestamp: 20170320181334Z\n-\n\n' 2017-03-20 19:13:35,000 DEBUG 140308582867240 reqtype='MODIFY' 2017-03-20 19:13:35,000 DEBUG 140308582867240 sock_req=<slapdsock.message.MODIFYRequest object at 0x7f9c233fe250> // {'dn': 'uid=bccb,cn=test,ou=ae-dir', 'binddn': u'uid=bccb,cn=test,ou=ae-dir', 'suffix': u'ou=ae-dir', '_linecount': 4, 'msgid': 1, '_req_lines': ['MODIFY', 'msgid: 1', 'binddn: uid=bccb,cn=test,ou=ae-dir', 'suffix: ou=ae-dir', 'dn: uid=bccb,cn=test,ou=ae-dir', 'changetype: modify', 'replace: authTimestamp', 'authTimestamp: 20170320181334Z', '-', '', ''], 'modops': [(2, 'authTimestamp', ['20170320181334Z'])], 'reqtype': 'MODIFY'} 2017-03-20 19:13:35,001 DEBUG 140308582867240 msgid=1 Request not cached: cache_key=None 2017-03-20 19:13:35,001 DEBUG 140308582867240 msgid=1 response_str='CONTINUE\n' 2017-03-20 19:13:35,001 DEBUG 140308582867240 msgid=1 response_delay=0.001