From e71486720b31055a51ab5e5d5fbf5cf44a423f41 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Thu, 29 May 2008 14:00:48 -0400
Subject: Let DS encode the password, this will allow IPA -> AD password
 synchronization to work again.

---
 ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 24b7df17..031243df 100644
--- a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -1643,7 +1643,6 @@ static int ipapwd_SetPassword(struct ipapwd_data *data)
 	struct ntlm_keys ntlm;
 	int ntlm_flags = 0;
 	Slapi_Value *sambaSamAccount;
-	char *userpwd;
 
 	krberr = krb5_init_context(&krbctx);
 	if (krberr) {
@@ -1713,15 +1712,10 @@ static int ipapwd_SetPassword(struct ipapwd_data *data)
 		free(password);
 	}
 
-	/* use the default configured encoding */
-	userpwd = slapi_encode(data->password, NULL);
-	if (!userpwd) {
-		slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "failed to make userPassword hash\n");
-		ret = LDAP_OPERATIONS_ERROR;
-		goto free_and_return;
-	}
-
-	slapi_mods_add_string(smods, LDAP_MOD_REPLACE, "userPassword", userpwd);
+	/* let DS encode the password itself, this allows also other plugins to
+	 * intercept it to perform operations like synchronization with Active
+	 * Directory domains through the replication plugin */
+	slapi_mods_add_string(smods, LDAP_MOD_REPLACE, "userPassword", data->password);
 
 	/* set password history */
 	pwvals = ipapwd_setPasswordHistory(smods, data);
-- 
cgit