[jadmin] ldapauth catch-22

- zad - zadk at mynet.com
Tue Feb 5 06:06:44 CST 2002


Hello Nathan,

I was able to solve this problem in ldapauth, by not avoiding saving the
passwords in the user.xml altogether. Creating a duplicate of this vital
data didn't seem a good idea to me at all. But in your case, you need to
clean up all the old user.xml files. :(

zad

> -----Original Message-----
> From: jadmin-admin at jabber.org [mailto:jadmin-admin at jabber.org]On
> Behalf Of Nathan J. Mehl
> Sent: Tuesday, February 05, 2002 12:00 AM
> To: jadmin at jabber.org
> Subject: [jadmin] ldapauth catch-22
>
>
>
> So my brief honeymoon with ldapauth came to a sudden end today.
>
> The situation: ldapauth2 is used to authenticate our jabber
> connections against our Microsoft Exchange Server.
>
> The problem: when a user first registers an account on the jabber
> servers, the user.xml spool file created stores the user's password in
> cleartext, e.g.:
>
> 	<xdb><password xdbns='jabber:iq:auth'>password</password>
>
> This is fine...until the user's password expires on the NT Domain (and
> thus the Exchange server), at which point the password in the spool
> file is no longer in sync with the LDAP password.  At that point, the
> user is caught in a catch-22: if he tries to log in with his new
> password, jabber rejects it out of hand, since it doesn't match what's
> in the spool file.  However, if he logs in using his old password,
> ldapauth uses the password stored in the spool file to attempt to bind
> to the ldap server, which of course also fails.
>
> This strikes me as very poor behavior, since the only way to avoid
> this situation would be to manually change the jabber password before
> one changed the ldap password, which is not possible in the case of a
> user being prompted to change their password on login.
>
> Is there any way to configure ldapauth to _completely_ ignore the
> password as stored in the spool file?
>
> -n
>
> ------------------------------------------------------------<memor
> y at blank.org>
> "...the irony of this development constitutes an enigma wrapped
> in a paradox
> bound up in a colostomy bag."
(--www.suck.com)
<http://blank.org/memory/>--------------------------------------------------
--
_______________________________________________
jadmin mailing list
jadmin at jabber.org
http://mailman.jabber.org/listinfo/jadmin




More information about the JAdmin mailing list