From ed6ab17c9c703edb43c92a3205c5536771ce4d4f Mon Sep 17 00:00:00 2001
From: "rcritten@redhat.com" <rcritten@redhat.com>
Date: Tue, 11 Sep 2007 02:48:53 -0400
Subject: Add function to allow user's to set/reset their kerberos password
 Remove some unused calls to retrieve the current realm

---
 ipa-server/ipaserver/ipaldap.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'ipa-server/ipaserver/ipaldap.py')

diff --git a/ipa-server/ipaserver/ipaldap.py b/ipa-server/ipaserver/ipaldap.py
index c0452b05..27a8903d 100644
--- a/ipa-server/ipaserver/ipaldap.py
+++ b/ipa-server/ipaserver/ipaldap.py
@@ -469,6 +469,24 @@ class IPAdmin(SimpleLDAPObject):
             raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
         return "Success"
 
+    def modifyPassword(self,dn,oldpass,newpass):
+        """Set the user password using RFC 3062, LDAP Password Modify Extended
+           Operation. This ends up calling the IPA password slapi plugin 
+           handler so the Kerberos password gets set properly.
+
+           oldpass is not mandatory
+        """
+
+        sctrl = self.__get_server_controls__()
+
+        try:
+            if sctrl is not None:
+                self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
+            self.passwd_s(dn, oldpass, newpass)
+        except ldap.LDAPError, e:
+            raise ipaerror.gen_exception(ipaerror.LDAP_DATABASE_ERROR, None, e)
+        return "Success"
+
     def __wrapmethods(self):
         """This wraps all methods of SimpleLDAPObject, so that we can intercept
         the methods that deal with entries.  Instead of using a raw list of tuples
-- 
cgit 


From b85668579ec3fc69c2ed709533f8bd8d00e0e7e9 Mon Sep 17 00:00:00 2001
From: "rcritten@redhat.com" <rcritten@redhat.com>
Date: Fri, 14 Sep 2007 17:19:02 -0400
Subject: Use ticket forwarding with TurboGears. mod_proxy forwards the
 principal  name and location of the keytab. In order for this keytab to be
 usable  TurboGears and Apache will need to run as the same user. We will also
 need  to listen only on localhost in TG.

---
 ipa-server/ipaserver/ipaldap.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'ipa-server/ipaserver/ipaldap.py')

diff --git a/ipa-server/ipaserver/ipaldap.py b/ipa-server/ipaserver/ipaldap.py
index 27a8903d..69d90922 100644
--- a/ipa-server/ipaserver/ipaldap.py
+++ b/ipa-server/ipaserver/ipaldap.py
@@ -264,9 +264,9 @@ class IPAdmin(SimpleLDAPObject):
     def set_proxydn(self, proxydn):
         self.proxydn = proxydn
 
-    def set_keytab(self, keytab):
-        if keytab is not None:
-            os.environ["KRB5CCNAME"] = keytab
+    def set_krbccache(self, krbccache):
+        if krbccache is not None:
+            os.environ["KRB5CCNAME"] = krbccache
             self.sasl_interactive_bind_s("", sasl_auth)
         self.proxydn = None
 
-- 
cgit