1 2package Net::LDAP::Extension::SetPassword; 3 4require Net::LDAP::Extension; 5 6our @ISA = qw(Net::LDAP::Extension); 7our $VERSION = '0.06'; 8 9use Convert::ASN1; 10my $passwdModReq = Convert::ASN1->new; 11$passwdModReq->prepare(q<SEQUENCE { 12 user [0] OCTET STRING OPTIONAL, 13 oldpasswd [1] OCTET STRING OPTIONAL, 14 newpasswd [2] OCTET STRING OPTIONAL 15 }>); 16 17my $passwdModRes = Convert::ASN1->new; 18$passwdModRes->prepare(q<SEQUENCE { 19 genPasswd [0] OCTET STRING OPTIONAL 20 }>); 21 22sub Net::LDAP::set_password { 23 my $ldap = shift; 24 my %opt = @_; 25 26 my $res = $ldap->extension( 27 name => '1.3.6.1.4.1.4203.1.11.1', 28 value => $passwdModReq->encode(\%opt), 29 ($opt{control} ? (control => $opt{control}) : ()) 30 ); 31 32 bless $res; # Naughty :-) 33} 34 35sub gen_password { 36 my $self = shift; 37 38 my $out = $passwdModRes->decode($self->response); 39 40 $out->{genPasswd}; 41} 42 431; 44 45__END__ 46 47=head1 NAME 48 49Net::LDAP::Extension::SetPassword - LDAPv3 Modify Password extension object 50 51=head1 SYNOPSIS 52 53 use Net::LDAP; 54 use Net::LDAP::Extension::SetPassword; 55 56 $ldap = Net::LDAP->new( "ldap.mydomain.eg" ); 57 58 $ldap->bind('cn=Joe User,cn=People,dc=mydomain,dc=eg", 59 password => 'oldPassword'); 60 61 $mesg = $ldap->set_password( oldpasswd => 'oldPassword' ); 62 63 die "error: ", $mesg->code(), ": ", $mesg->error() if ($mesg->code()); 64 65 print "changed your password to", $mesg->gen_password() , "\n"; 66 67 68=head1 DESCRIPTION 69 70C<Net::LDAP::Extension::SetPassword> implements the C<Modify Password> 71extended LDAPv3 operation as described in RFC 3062. 72 73It implements no object by itself but extends the L<Net::LDAP> object 74by another method: 75 76=head1 METHODS 77 78=over 4 79 80=item set_password ( OPTIONS ) 81 82Set the password for a user. 83 84OPTIONS is a list of key/value pairs. The following keys are recognized: 85 86=over 4 87 88=item user 89 90If present, this option contains the octet string representation of the 91user associated with the request. Depending on how users are identified 92in the directory this string may or may not be a DN according to RFC 4514. 93 94If this option is not present, the request acts up upon the password 95of the user currently associated with the LDAP session. 96 97=item oldpasswd 98 99This option, if present, must contain the current password of the user 100for whom this operation is performed. 101 102It depends on the server's implementation in which circumstances this 103option is allowed to be missing. 104 105=item newpasswd 106 107If present, this option contains the desired password for the user for 108whom the operation is performed. 109 110Depending on the server's implementation this option may be required by 111the LDAP server. 112 113=back 114 115 116=item gen_password ( ) 117 118Return the password generated by the server in response to the 119C<set_password()> call when applicable. The server will not generate 120a new password if C<newpasswd> was passed to C<set_password()>. 121 122This method is a method of the L<Net::LDAP::Message> response object 123returned in reply to C<set_password()> in case the C<set_password()> 124call succeeded. 125 126By this method the caller can query for the value of the password in 127case he did not call C<set_password()> with the C<newpasswd> option. 128 129=back 130 131=head1 SEE ALSO 132 133L<Net::LDAP>, 134L<Net::LDAP::Extension> 135 136=head1 AUTHOR 137 138Graham Barr E<lt>gbarr@pobox.comE<gt>, 139documentation by Peter Marschall E<lt>peter@adpm.deE<gt>. 140 141Please report any bugs, or post any suggestions, to the perl-ldap 142mailing list E<lt>perl-ldap@perl.orgE<gt> 143 144=head1 COPYRIGHT 145 146Copyright (c) 2002-2004 Graham Barr. All rights reserved. This program is 147free software; you can redistribute it and/or modify it under the same 148terms as Perl itself. 149 150=cut 151 152