The exop password change branch
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Nov 26 02:06:57 MST 2010
when will you start working on this?
Andrew Bartlett wrote:
> On Thu, 2010-11-18 at 11:46 +0100, Matthias Dieter Wallnöfer wrote:
>> Hi abartlet,
>> Andrew Bartlett wrote:
>>> I thought you asked me recently to look at your extended password change
>>> operation code, so I've looked over your 'exop' branch, and I have so
>>> say, the code looks pretty good (and somehow simpler than I imagined).
>>> I would however like to comment on a few things, to make it even better:
>>> While it's great to have the extended op in the same module as the rest
>>> of the password changes, it does mean that we go down the stack, then
>>> back up again. I wonder if it might be better to have a new module at
>>> the top of the stack, so the process is clearer.
>> Well, but there aren't so many modules, which implement extended
>> operations - therefore this shouldn't take too long. And I think this
>> really belongs in the "password_hash" module - well it's my personal
>> point of view.
> It is more about structure than about speed. What should the ACL module
> do with extended operations? If it is transformed into normal
> modifications above the ACL module then no additional changes or
> exceptions are required.
>>> The patch should also allow administrative password changes, where just
>>> like on unicodePwd, the admin does not need to specify the old password.
>> Probably you are right. Will look again into the code.
>>> I couldn't find the ASN.1 code, which I think you were trying to ask me
>>> (somewhere - I can't remember where) to look over. Can you point me at
>>> it? I think this will be one of our first extended operations to be
>>> decoded in the LDAP server, so you may need to set up some
>>> infrastructure :-)
>> The issue is that I really do understand nothing about ASN.1. Therefore
>> it would be great if someone could take over this part or give me some
>> tight instructions.
> ASN.1 is deserving of it's nasty reputation. I'll try and look at it
> over the next day or so - remind me if I don't get to it by next week.
> BTW, thanks for getting to this! This will be a very useful feature
> once implemented.
> Andrew Bartlett
More information about the samba-technical