Merge with upstream

1 files changed, 21 insertions, 3 deletions

diff --git a/ipa-server/ipaserver/ipaldap.py b/ipa-server/ipaserver/ipaldap.py
index c0452b05a..69d909222 100644
--- a/ipa-server/ipaserver/ipaldap.py
+++ b/ipa-server/ipaserver/ipaldap.py
@@ -264,9 +264,9 @@ class IPAdmin(SimpleLDAPObject):
     def set_proxydn(self, proxydn):
         self.proxydn = proxydn
 
-    def set_keytab(self, keytab):
-        if keytab is not None:
-            os.environ["KRB5CCNAME"] = keytab
+    def set_krbccache(self, krbccache):
+        if krbccache is not None:
+            os.environ["KRB5CCNAME"] = krbccache
             self.sasl_interactive_bind_s("", sasl_auth)
         self.proxydn = None
 
@@ -469,6 +469,24 @@ class IPAdmin(SimpleLDAPObject):
             raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
         return "Success"
 
+    def modifyPassword(self,dn,oldpass,newpass):
+        """Set the user password using RFC 3062, LDAP Password Modify Extended
+           Operation. This ends up calling the IPA password slapi plugin 
+           handler so the Kerberos password gets set properly.
+
+           oldpass is not mandatory
+        """
+
+        sctrl = self.__get_server_controls__()
+
+        try:
+            if sctrl is not None:
+                self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
+            self.passwd_s(dn, oldpass, newpass)
+        except ldap.LDAPError, e:
+            raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
+        return "Success"
+
     def __wrapmethods(self):
         """This wraps all methods of SimpleLDAPObject, so that we can intercept
         the methods that deal with entries.  Instead of using a raw list of tuples