diff options
author | Simo Sorce <ssorce@redhat.com> | 2007-09-20 17:11:01 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2007-09-20 17:11:01 -0400 |
commit | e16e215cddffc28c69a1c55bea408f108027eeac (patch) | |
tree | 301425db2aa0c4bcd409eec38c9b434f46c7d2d8 /ipa-server/ipaserver | |
parent | 3fd4b9ba2ce40ff068bdfb8cd5ff3d04d26119aa (diff) | |
parent | fbfefe6b0e5723b79b0f9a3a96f93e9336017fd8 (diff) | |
download | freeipa-e16e215cddffc28c69a1c55bea408f108027eeac.tar.gz freeipa-e16e215cddffc28c69a1c55bea408f108027eeac.tar.xz freeipa-e16e215cddffc28c69a1c55bea408f108027eeac.zip |
Merge with upstream
Diffstat (limited to 'ipa-server/ipaserver')
-rw-r--r-- | ipa-server/ipaserver/ipaldap.py | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/ipa-server/ipaserver/ipaldap.py b/ipa-server/ipaserver/ipaldap.py index c0452b05a..69d909222 100644 --- a/ipa-server/ipaserver/ipaldap.py +++ b/ipa-server/ipaserver/ipaldap.py @@ -264,9 +264,9 @@ class IPAdmin(SimpleLDAPObject): def set_proxydn(self, proxydn): self.proxydn = proxydn - def set_keytab(self, keytab): - if keytab is not None: - os.environ["KRB5CCNAME"] = keytab + def set_krbccache(self, krbccache): + if krbccache is not None: + os.environ["KRB5CCNAME"] = krbccache self.sasl_interactive_bind_s("", sasl_auth) self.proxydn = None @@ -469,6 +469,24 @@ class IPAdmin(SimpleLDAPObject): raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e) return "Success" + def modifyPassword(self,dn,oldpass,newpass): + """Set the user password using RFC 3062, LDAP Password Modify Extended + Operation. This ends up calling the IPA password slapi plugin + handler so the Kerberos password gets set properly. + + oldpass is not mandatory + """ + + sctrl = self.__get_server_controls__() + + try: + if sctrl is not None: + self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl) + self.passwd_s(dn, oldpass, newpass) + except ldap.LDAPError, e: + raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e) + return "Success" + def __wrapmethods(self): """This wraps all methods of SimpleLDAPObject, so that we can intercept the methods that deal with entries. Instead of using a raw list of tuples |