IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ldap2: add otp support to modify_password

Browse Source 
https://fedorahosted.org/freeipa/ticket/4262

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
This commit is contained in:
Petr Vobornik
2014-05-23 15:53:54 +02:00
parent 3e0245f28f
commit 7fca783ec5
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ipaserver/plugins/ldap2.py
View File

@@ -408,18 +408,21 @@ class ldap2(LDAPClient, CrudBackend):
return False return False
def modify_password(self, dn, new_pass, old_pass=''): def modify_password(self, dn, new_pass, old_pass='', otp='', skip_bind=False):
"""Set user password.""" """Set user password."""
assert isinstance(dn, DN) assert isinstance(dn, DN)
# The python-ldap passwd command doesn't verify the old password # The python-ldap passwd command doesn't verify the old password
# so we'll do a simple bind to validate it. # so we'll do a simple bind to validate it.
if old_pass != '': if not skip_bind and old_pass != '':
pw = old_pass
if (otp):
pw = old_pass+otp
with self.error_handler(): with self.error_handler():
conn = IPASimpleLDAPObject( conn = IPASimpleLDAPObject(
self.ldap_uri, force_schema_updates=False) self.ldap_uri, force_schema_updates=False)
conn.simple_bind_s(dn, old_pass) conn.simple_bind_s(dn, pw)
conn.unbind_s() conn.unbind_s()
with self.error_handler(): with self.error_handler():