leenooks
Add SASL as a userPassword attribute modifier
When using LDAP with Kerberos as authentication backend, one can use saslauthd to serve as the in-between. I've seen https://github.com/leenooks/phpLDAPadmin/pull/92 and https://github.com/leenooks/phpLDAPadmin/pull/93 but those deal with PLA-ldap server communication.
The exact entry that I want to use is:
userPassword: {SASL}[email protected]
Which is not possible with current options.
I found this request and took a quick look at the code since we wanted the same thing. This is what I came up with as a quick and dirty fix:
lib/functions.php:
$ diff original/lib/functions.php modified/lib/functions.php
2170a2171
> 'sasl'=>'sasl',
2298c2299
< default:
---
>
2299a2301,2306
>
> break;
>
> case 'sasl':
> default:
> $new_value = sprintf('{SASL}%s',$password_clear);
config/config.php:
$ diff original/config/config.php modified/config/config.php
185a186,189
> // show clear/sasl passwords
> $config->custom->appearance['obfuscate_password_display'] = false;
> $config->custom->appearance['show_clear_password'] = true;
Testing it shows it to be working as expected and no issues that I can find with the code adjustments, though we're not using LDAP to store passwords at all and instead are using Kerberos for that. Hope this helps.
