[sork] ldap bug report
Eric Rostetter
eric.rostetter@physics.utexas.edu
Thu Nov 14 16:34:13 2002
We've received the following bug report. Can anyone using ldap confirm
or deny this? Any ideas at all welcome...
----
When using the passwd module, I've noticed, that if I change a passwd, and log
out and then log back in, it will change my passwd correctly, but If I go to
change it again, it says the my old passwd was incorrect. Now I beleive that
this happens due to a bug in the php crypt function, if you dont give it a salt
it creates it's own, I've found that if it creates it's own, it usually uses a
really long salt, when it needs to use a 2 byte salt. The way that I got around
this was by editing ldap.php in the /var/www/horde/passwd/lib/Driver directory
and change line 114 to give it's own 2byte random salt like so
$change_info["userPassword"] = "{crypt}" . crypt($newPassword, 'rand()rand()');
I've only tested this on my own box, here is my setup
Linux SuSe 7.3 2.4.10-64GB-SMP #1 SMP Fri Sep 28 17:26:36 GMT 2001 i686 unknown
I'm using PHP-4.2.3, with the following includes
./configure --with-gettext --with-imap --with-ldap --with-mysql --with-xml
--with-apxs --with-mcrypt
I also use ldap for the passwd module.
----
Thanks for any feedback.
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Why get even? Get odd!
More information about the sork
mailing list