diff options
author | Petr Vobornik <pvoborni@redhat.com> | 2014-05-23 15:53:54 +0200 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2014-06-26 12:37:38 +0200 |
commit | 7fca783ec554e525465221af13e17f419769c760 (patch) | |
tree | c3c88ce3e5e8a6faaa3788bd60ef0bdca148465c /ipaserver | |
parent | 3e0245f28fe3f294f21b8d0cc298b1901119921d (diff) | |
download | freeipa-7fca783ec554e525465221af13e17f419769c760.tar.gz freeipa-7fca783ec554e525465221af13e17f419769c760.tar.xz freeipa-7fca783ec554e525465221af13e17f419769c760.zip |
ldap2: add otp support to modify_password
https://fedorahosted.org/freeipa/ticket/4262
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/plugins/ldap2.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index cfcec7c80..29bb20d41 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -408,18 +408,21 @@ class ldap2(LDAPClient, CrudBackend): return False - def modify_password(self, dn, new_pass, old_pass=''): + def modify_password(self, dn, new_pass, old_pass='', otp='', skip_bind=False): """Set user password.""" assert isinstance(dn, DN) # The python-ldap passwd command doesn't verify the old password # so we'll do a simple bind to validate it. - if old_pass != '': + if not skip_bind and old_pass != '': + pw = old_pass + if (otp): + pw = old_pass+otp with self.error_handler(): conn = IPASimpleLDAPObject( self.ldap_uri, force_schema_updates=False) - conn.simple_bind_s(dn, old_pass) + conn.simple_bind_s(dn, pw) conn.unbind_s() with self.error_handler(): |