[sork] ldap bug report

eculp@encontacto.net eculp@encontacto.net
Thu Nov 14 16:55:47 2002 

Quoting Eric Rostetter <eric.rostetter@physics.utexas.edu>:

 | We've received the following bug report.  Can anyone using ldap confirm
 | or deny this?  Any ideas at all welcome...
 | 
 | ----
 | When using the passwd module, I've noticed, that if I change a passwd, and
 | log
 | out and then log back in, it will change my passwd correctly, but If I go to
 | change it again, it says the my old passwd was incorrect.  Now I beleive
 | that
 | this happens due to a bug in the php crypt function, if you dont give it a
 | salt
 | it creates it's own, I've found that if it creates it's own, it usually uses
 | a
 | really long salt, when it needs to use a 2 byte salt.  The way that I got
 | around
 | this was by editing ldap.php in the /var/www/horde/passwd/lib/Driver
 | directory
 | and change line 114 to give it's own 2byte random salt like so
 | $change_info["userPassword"] = "{crypt}" . crypt($newPassword,
 | 'rand()rand()');
I got a bit confused with your logout's and in's so I did the following
just to be sure:

  In the head version, about an hour old, I logged in went to the passwd
  module and changed my password successfully, I then used that password
  to change it again successfully, logged out and logged in with the last
  password without any problem. I then changed it back to the original
  successfully, logged out and back in without a problem.

I hope this is what you were looking for.

ed 

P.S. Again this is the head version.
 | 
 | I've only tested this on my own box, here is my setup
 | Linux SuSe 7.3 2.4.10-64GB-SMP #1 SMP Fri Sep 28 17:26:36 GMT 2001 i686
 | unknown
 | I'm using PHP-4.2.3, with the following includes
 | ./configure --with-gettext --with-imap --with-ldap --with-mysql --with-xml
 | --with-apxs --with-mcrypt
 | I also use ldap for the passwd module.
 | ----
 | 
 | Thanks for any feedback.
 | 
 | --
 | Eric Rostetter
 | The Department of Physics
 | The University of Texas at Austin
 | 
 | Why get even? Get odd!
 | --
 | Sork mailing list
 | Frequently Asked Questions: http://horde.org/faq/
 | To unsubscribe, mail: sork-unsubscribe@lists.horde.org
 | 


-- 


-------------------------------------------------

More information about the sork mailing list