Re: using kpasswd with ldap db (0.7.2)

["Eric Ortego" <ericortego@gmail.com>]

On 5/24/06, Love Hörnquist Åstrand <lha@kth.se> wrote:
> I think its a bug somewhere where the krb5EncryptionType is set, but I
> can't figure out what it is. If you have time to debug the code its in
> lib/hdb/hdb-ldap.c:LDAP_entry2mods() where the krb5EncryptionType is set.

I am not very proficient in C but my curiosity leads me to take a stab at it.

> if you can't find the error, you can just comment out the while "if
> (ent->etypes) { " section in that file.

My guess is that in this section(i.e. ent->etypes) the LDAP_MOD_ADD
should be LDAP_MOD_REPLACE.
Seems logical that if the ldap entry is in fact a heimdal entry that
it would already have the "krb5EncryptionType" set in the entry thus
leading to my error when trying to add instead of replace. Ill also
guess that the for loops twice and is why I get the error twice.

        for (i = 0; i < ent->etypes->len; i++) {
            if (is_samba_account &&
                ent->keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5)
            {
                ;
            } else if (is_heimdal_entry) {
                ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_ADD,
                                          "krb5EncryptionType",
                                          ent->etypes->val[i]);
                if (ret)
                    goto out;
            }
        }

I would test my guesses but I do not have a test environment and since
I have a work around for changing passwords atm I will stick with that
until someone more proficient than I takes a look into it.
Cheers,
Eric