You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Emmanuel Lécharny <el...@gmail.com> on 2020/03/04 21:48:04 UTC
[Studio] ModifyPasword operation support
Hi Stefan,
we can't send a PasswordModify extended operation in Studio, and that is
a bit of a bother for servers that deal with support such operations.
The only way to get a password injected is to first hash it on the
client side, then send a Modify operation. This is unefficient,
especially if the server uses a specific Hash function that is not common.
What would it take to add such a feature in Studio (more from the
functional PoV, because technically this is pretty trivial). Typically,
shouldd we have a popup where we ask which user we have to change the
password for, or is t better to right click on a user and hhave a meny
entry 'Password modification' ?
wdyt ?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
Re: [Studio] ModifyPasword operation support
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
Ok, I'm working on it now.
On 3/15/20 11:43 AM, Emmanuel Lecharny wrote:
> Hi Stefan, no, i havn’t
>
> Le dim. 15 mars 2020 à 11:14, Stefan Seelmann a écrit :
>
>> FTR, there's already a Jira:
>> https://issues.apache.org/jira/browse/DIRSTUDIO-648
>>
>> @Emmanuel, did you already started implementing it?
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
Re: [Studio] ModifyPasword operation support
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
FTR, there's already a Jira:
https://issues.apache.org/jira/browse/DIRSTUDIO-648
@Emmanuel, did you already started implementing it?
On 3/5/20 11:02 PM, Emmanuel Lécharny wrote:
>
> On 05/03/2020 18:17, Stefan Seelmann wrote:
>> On 3/5/20 9:02 AM, Emmanuel Lécharny wrote:
>>> On 05/03/2020 07:48, Stefan Seelmann wrote:
>>>> On 3/4/20 10:48 PM, Emmanuel Lécharny wrote:
>>>>> we can't send a PasswordModify extended operation in Studio, and
>>>>> that is
>>>>> a bit of a bother for servers that deal with support such operations.
>>>>> The only way to get a password injected is to first hash it on the
>>>>> client side, then send a Modify operation. This is unefficient,
>>>>> especially if the server uses a specific Hash function that is not
>>>>> common.
>>>>>
>>>>>
>>>>> What would it take to add such a feature in Studio (more from the
>>>>> functional PoV, because technically this is pretty trivial).
>>>>> Typically,
>>>>> shouldd we have a popup where we ask which user we have to change the
>>>>> password for, or is t better to right click on a user and hhave a meny
>>>>> entry 'Password modification' ?
>>>> A menu entry (maybe within an "Extended Operations" sub-menu) in the
>>>> context makes most sense to me.
>>>
>>> Yes, sounds legit. It might also be worthful to have a popup where you
>>> can pick the user then modify its password.
>> Hm, I thought if it's just in the context menu of the entry you select
>> in the left-hand tree then we already know the user (it's DN). Studio
>> also has sufficient search capabilities to find an entry, so also the
>> context menu of search result entries can containt the new menu.
>
>
> I think both options are valid. Either you have the entry in the
> browser, you right click on it, and get the option to change its
> password, or you don't want to bother finding the entry (something that
> might be good if there are thousands of entries...), so having the
> possibility to have a global menu entry that offers the possibility to
> find an entry is good to have.
>
>
> Note that we can send the PasswordModify operation with no DN, in this
> case the logged in user will see its password modified.
>
>>
>> When clicking we have of course a popup where to enter the new password,
>> and showing the DN. We can reuse the existing password widget in case it
>> should be posssible to select different hashing methods, but I don't
>> know what the extended op supports.
>
> The idea is to not select any hash value : the server will do that. All
> in all, we just enter the previous password, the new one, and send all
> that to the server using the PasswordModify extended operation.
> Optionally, we may even not provide a password, the server will then
> generate one and return it.
>
>
>
>
>>
>>> Implementation wise, the tricky part is to check that the server
>>> supports the extended operation (I think most of them do).
>> Shouldn't that be exposed in RootDSE?
>
> Yes, the PasswdModifyOID (1.3.6.1.4.1.4203.1.11.1) value should be
> returned in the RootDSE supportedExtension attribute.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
> For additional commands, e-mail: dev-help@directory.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
Re: [Studio] ModifyPasword operation support
Posted by Emmanuel Lécharny <el...@gmail.com>.
On 05/03/2020 18:17, Stefan Seelmann wrote:
> On 3/5/20 9:02 AM, Emmanuel Lécharny wrote:
>> On 05/03/2020 07:48, Stefan Seelmann wrote:
>>> On 3/4/20 10:48 PM, Emmanuel Lécharny wrote:
>>>> we can't send a PasswordModify extended operation in Studio, and that is
>>>> a bit of a bother for servers that deal with support such operations.
>>>> The only way to get a password injected is to first hash it on the
>>>> client side, then send a Modify operation. This is unefficient,
>>>> especially if the server uses a specific Hash function that is not
>>>> common.
>>>>
>>>>
>>>> What would it take to add such a feature in Studio (more from the
>>>> functional PoV, because technically this is pretty trivial). Typically,
>>>> shouldd we have a popup where we ask which user we have to change the
>>>> password for, or is t better to right click on a user and hhave a meny
>>>> entry 'Password modification' ?
>>> A menu entry (maybe within an "Extended Operations" sub-menu) in the
>>> context makes most sense to me.
>>
>> Yes, sounds legit. It might also be worthful to have a popup where you
>> can pick the user then modify its password.
> Hm, I thought if it's just in the context menu of the entry you select
> in the left-hand tree then we already know the user (it's DN). Studio
> also has sufficient search capabilities to find an entry, so also the
> context menu of search result entries can containt the new menu.
I think both options are valid. Either you have the entry in the
browser, you right click on it, and get the option to change its
password, or you don't want to bother finding the entry (something that
might be good if there are thousands of entries...), so having the
possibility to have a global menu entry that offers the possibility to
find an entry is good to have.
Note that we can send the PasswordModify operation with no DN, in this
case the logged in user will see its password modified.
>
> When clicking we have of course a popup where to enter the new password,
> and showing the DN. We can reuse the existing password widget in case it
> should be posssible to select different hashing methods, but I don't
> know what the extended op supports.
The idea is to not select any hash value : the server will do that. All
in all, we just enter the previous password, the new one, and send all
that to the server using the PasswordModify extended operation.
Optionally, we may even not provide a password, the server will then
generate one and return it.
>
>> Implementation wise, the tricky part is to check that the server
>> supports the extended operation (I think most of them do).
> Shouldn't that be exposed in RootDSE?
Yes, the PasswdModifyOID (1.3.6.1.4.1.4203.1.11.1) value should be
returned in the RootDSE supportedExtension attribute.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
Re: [Studio] ModifyPasword operation support
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
On 3/5/20 9:02 AM, Emmanuel Lécharny wrote:
>
> On 05/03/2020 07:48, Stefan Seelmann wrote:
>> On 3/4/20 10:48 PM, Emmanuel Lécharny wrote:
>>> we can't send a PasswordModify extended operation in Studio, and that is
>>> a bit of a bother for servers that deal with support such operations.
>>> The only way to get a password injected is to first hash it on the
>>> client side, then send a Modify operation. This is unefficient,
>>> especially if the server uses a specific Hash function that is not
>>> common.
>>>
>>>
>>> What would it take to add such a feature in Studio (more from the
>>> functional PoV, because technically this is pretty trivial). Typically,
>>> shouldd we have a popup where we ask which user we have to change the
>>> password for, or is t better to right click on a user and hhave a meny
>>> entry 'Password modification' ?
>> A menu entry (maybe within an "Extended Operations" sub-menu) in the
>> context makes most sense to me.
>
>
> Yes, sounds legit. It might also be worthful to have a popup where you
> can pick the user then modify its password.
Hm, I thought if it's just in the context menu of the entry you select
in the left-hand tree then we already know the user (it's DN). Studio
also has sufficient search capabilities to find an entry, so also the
context menu of search result entries can containt the new menu.
When clicking we have of course a popup where to enter the new password,
and showing the DN. We can reuse the existing password widget in case it
should be posssible to select different hashing methods, but I don't
know what the extended op supports.
> Implementation wise, the tricky part is to check that the server
> supports the extended operation (I think most of them do).
Shouldn't that be exposed in RootDSE?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
Re: [Studio] ModifyPasword operation support
Posted by Emmanuel Lécharny <el...@gmail.com>.
On 05/03/2020 07:48, Stefan Seelmann wrote:
> On 3/4/20 10:48 PM, Emmanuel Lécharny wrote:
>> we can't send a PasswordModify extended operation in Studio, and that is
>> a bit of a bother for servers that deal with support such operations.
>> The only way to get a password injected is to first hash it on the
>> client side, then send a Modify operation. This is unefficient,
>> especially if the server uses a specific Hash function that is not common.
>>
>>
>> What would it take to add such a feature in Studio (more from the
>> functional PoV, because technically this is pretty trivial). Typically,
>> shouldd we have a popup where we ask which user we have to change the
>> password for, or is t better to right click on a user and hhave a meny
>> entry 'Password modification' ?
> A menu entry (maybe within an "Extended Operations" sub-menu) in the
> context makes most sense to me.
Yes, sounds legit. It might also be worthful to have a popup where you
can pick the user then modify its password.
Implementation wise, the tricky part is to check that the server
supports the extended operation (I think most of them do).
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
Re: [Studio] ModifyPasword operation support
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
On 3/4/20 10:48 PM, Emmanuel Lécharny wrote:
> we can't send a PasswordModify extended operation in Studio, and that is
> a bit of a bother for servers that deal with support such operations.
> The only way to get a password injected is to first hash it on the
> client side, then send a Modify operation. This is unefficient,
> especially if the server uses a specific Hash function that is not common.
>
>
> What would it take to add such a feature in Studio (more from the
> functional PoV, because technically this is pretty trivial). Typically,
> shouldd we have a popup where we ask which user we have to change the
> password for, or is t better to right click on a user and hhave a meny
> entry 'Password modification' ?
A menu entry (maybe within an "Extended Operations" sub-menu) in the
context makes most sense to me.
Kind Regards,
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org