Howard Chu wrote:
Zdenek Styblik wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,
let's open up old wounds. Ok, it sounds jerky, but I don't mean it.
Anyway. As the subject suggests, my question is how to code application which allows user to change his password. Or better to ask, if there is some [to me] unknown LDAP function which figures out what password encryption [hash] is used and generates new hash of password, if application should have idea at all what kind of password encryption is used. I think this is just impossible. Login is one thing, changing password is another.
That's what ldappasswd is for. And no, the application should never have any idea what encryption a server uses. That's purely a server-internal issue.
Then there should be API or mechanisms which do allow such behavior. If you mean calling % ldappasswd; as an external script, then it is % slappasswd; all over again. Such option is always the last one. But, this is just my opinion and I'm perfectly fine if you don't agree :)
Zdenek