change password for user
Jan-Frode Myklebust
janfrode at tanso.net
Mon Mar 9 12:04:55 CET 2009
On 2009-03-09, Michael Ströder <michael at stroeder.com> wrote:
> >
> > But, it occurred to me that I'm not fully sure what I'm doing
> > when creating the SSHA1 hash,
>
> If the password is usable afterwards there's nothing wrong with
> client-side password hashing. The salt should be at least 4 bytes long.
Still, I'm uncertain how f.ex. character encodings will/should be
handled, so it seems safer to let the directory server handle both the
hashing and verification.
>
> Simply use None for oldpw.
>
It didn't like None:
Traceback (most recent call last):
File "./update-ldap-from-atmail.py", line 166, in ?
con.passwd_s( dn, None, mailpassword )
File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 330, in passwd_s
msgid = self.passwd(user,oldpw,newpw,serverctrls,clientctrls)
File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 327, in passwd
return self._ldap_call(self._l.passwd,user,oldpw,newpw,EncodeControlTuples(serverctrls),EncodeControlTuples(clientctrls))
File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 94, in _ldap_call
result = func(*args,**kwargs)
TypeError: argument 2 must be string or read-only buffer, not None
but "" seems to work (after I set up SSL to get around the
ldap.CONFIDENTIALITY_REQUIRED). Thanks!
-jf
More information about the python-ldap
mailing list