|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
firstyear commented 4 years ago | ||
|
||
|
||
|
||
|
||
|
||
|
||
firstyear commented 4 years ago You should zero this on the stack with Slapi_Mods smods = {0}; | ||
|
||
|
||
|
||
firstyear commented 4 years ago Use exact size, IE int32_t. | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
firstyear commented 4 years ago In this error, it's always good to consider "what, why, how to fix". So what went wrong - multivalued password. But why? And how to fix? I think you could also add "not supported for hash upgrade on bind: to resolve on %{dn} only have a single userPassword field". | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
firstyear commented 4 years ago Does mods_add_string copy the value? or just use the reference? (I actualy can't remember, want to be sure you have checked. It would be good to comment about that here potentially). | ||
|
||
|
||
|
||
|
||
|
||
|
||
firstyear commented 4 years ago So you are right to be concerned about the repl flag here, because it could indicate to the server to also NOT replicate this operation to the partner server. I think a better method would either be a unique flag for OP_FLAG_PASSWORD_UPGRADE. I'm wondering if a simpler approach could be "if userPassword schema != config scheme -> just apply a mod of userPassword with the cleartext password". We don't care if the password history is in there twice because I would hope OP_INTERNAL would bypass the reject of the re-used password. It also means you would probably avoid any messiness trying to encode and modify yourself in light of the password migration flag. Saying this, I could be totally wrong too as I have not looked at pw code in a longggg time. :) | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
firstyear commented 4 years ago I'm not a fan of inline if, so please make these | ||
|
||
firstyear commented 4 years ago Doesn't pblock destroy check for nulls? I think you can just call it without the if check. | ||
|
||
|
||
|
||
It may be better to consider an enum here for succes vs error. Some places in the code are updated to have this, but not universal.
Alternately, it may be better to define this as int32_t to specify the exact size.