From ee7e9422674f449fd8571c8d359afbe862fa6676 Mon Sep 17 00:00:00 2001
From: Markus Krogh <markus@nordu.net>
Date: Thu, 7 Feb 2019 13:39:06 +0100
Subject: Set sasl password for SSO as well

---
 ldap.go | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'ldap.go')

diff --git a/ldap.go b/ldap.go
index e8a72ed..7b6feec 100644
--- a/ldap.go
+++ b/ldap.go
@@ -224,4 +224,22 @@ func calculateFingerprint(ssh_key string) string {
 	//return fmt.Sprintf("SHA256:%x", fingerprint)
 }
 
-//// set_nordunet_ldap_pw_sasl used on sso pw set if change pw fail?
+func (i *LdapInfo) SetSASLPassword(username string) error {
+	l, err := i.LdapConnectBind()
+	if err != nil {
+		return err
+	}
+	defer l.Close()
+
+	sasl := fmt.Sprintf("{SASL}%s@%s", username, pwman.Krb5Conf.Realm)
+
+	change := ldap.NewModifyRequest(i.UserDN(username))
+	change.Replace("userPassword", []string{sasl})
+
+	err = l.Modify(change)
+	if err != nil {
+		return err
+	}
+	log.Println("[INFO] changed ldap password to SASL for", username)
+	return nil
+}
-- 
cgit v1.1