[sork] ldap bug report

[Mike Cochrane]

I never noticed any problems with the HEAD driver code. But this code just
changes it to using a constant key of 'ra', somehow I don't think that was intended.

- Mike :-)

> ----- Message from eric.rostetter@physics.utexas.edu ---------
> 
> We've received the following bug report.  Can anyone using ldap confirm
> or deny this?  Any ideas at all welcome...
> 
> ----
> When using the passwd module, I've noticed, that if I change a passwd, and
> log
> out and then log back in, it will change my passwd correctly, but If I go to
> change it again, it says the my old passwd was incorrect.  Now I beleive that
> this happens due to a bug in the php crypt function, if you dont give it a
> salt
> it creates it's own, I've found that if it creates it's own, it usually uses
> a
> really long salt, when it needs to use a 2 byte salt.  The way that I got
> around
> this was by editing ldap.php in the /var/www/horde/passwd/lib/Driver
> directory
> and change line 114 to give it's own 2byte random salt like so
> $change_info["userPassword"] = "{crypt}" . crypt($newPassword,
> 'rand()rand()');
> 
> I've only tested this on my own box, here is my setup
> Linux SuSe 7.3 2.4.10-64GB-SMP #1 SMP Fri Sep 28 17:26:36 GMT 2001 i686
> unknown
> I'm using PHP-4.2.3, with the following includes
> ./configure --with-gettext --with-imap --with-ldap --with-mysql --with-xml
> --with-apxs --with-mcrypt
> I also use ldap for the passwd module.
> ----
> 
> Thanks for any feedback.
> 
> --
> Eric Rostetter
> The Department of Physics
> The University of Texas at Austin
> 
> Why get even? Get odd!
> --
> Sork mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: sork-unsubscribe@lists.horde.org
> 
> 
> 
> ----- End message from eric.rostetter@physics.utexas.edu -----