The 1.0.9.x version breaks my password hooks

In my 1.0.8.x instalation I had two hooks to validate and syncronize password changes:

fdPasswordHook: /usr/local/sbin/fdPasswordHook.sh
fdTabHook: password|postmodify|/usr/local/sbin/fdPasswordSyncHook.sh password postmodify %dn% %userPassword%

The first one is used to check the password strenght and the availability of the user on a Samba4 server; if the password is not good enough or the user is not syncronized with the Samba4 server the change password operation fails and a message is shown to the user.

I check the password strenght using pwqcheck and if that succeds I check that the user exists on the Samba4 LDAP; this server is syncronized with openldap using lsc (http://lsc-project.org/), on my setup when the user is created by fusiondirectory the information is syncronized in realtime with the Samba4 server and the script checks if the operation succeded or not, to make sure that we will be able to sync the password once it is changed on the LDAP server.

The second script is used to syncronize the password with the Samba4 server (on that hook we have the password in clear text and the administrator can set it using the unicodePassword attribute).

Note that I work with samba4, but the schema will also be useful to work with ActiveDirectory, as the logic used is the same.

It would be great to recover the old functionalities:

• be able to ask about the old password on change operations (right now the new password has to be writen in two fields, this functionality just needs an old password fileld on the same box)
• have a separated tab to change passwords (IMHO it is a lot simpler for the user to have this operation on a separated tab)
• have separated password Hooks as before (having a separated tab there would be no need for an specific fdPasswordHook, as we can have precreate and premodify hooks besides the postcreate and postmodify ones).

I can re-implement my hooks using the user fdTabHook, but it some functionality will be lost (the old password check) and my users will complain about the way the password has to be changed... ;(

(from redmine: issue id 4186, created on 2015-10-05, closed on 2015-10-08)

• Relations:
  • relates #3383
  • relates #4187
• Custom Fields:
  • Bug in version: 1.0.9

hello,

user hooks can use: @ %userPassword% to get password hash %passwordMethod% to get password method (usually ssha) %passwordClear% to get clear password %userLocked% to get user lock status (/!\ empty if unlocked) @ Cheers

(from redmine: written on 2015-10-05)

By bmortier on 2017-09-02T15:24:16 (imported from GitLab)

Here is the documentation.

https://documentation.fusiondirectory.org/en/documentation/how_to/use/hooks_password_109

Close issue

(from redmine: written on 2015-10-08)

By Jonathan Swaelens on 2017-09-02T15:24:17 (imported from GitLab)

closed

By Jonathan Swaelens on 2017-09-02T15:24:17 (imported from GitLab)

changed the description

By bmortier on 2018-10-05T15:09:31 (imported from GitLab)

added Added label

By bmortier on 2018-10-05T15:09:41 (imported from GitLab)

added user-manual label

By bmortier on 2018-10-05T15:09:57 (imported from GitLab)