The change_password method is broken !

[Fnux]

Hello,

change_password/3 and change_password/4 directly edit the unicodePwd field of the user. It's an issue since this field might not be used depending on hte setup. For example, my setup uses the userPassword field and SSHA to hash the password.

Moreover, :eldap already provides a method_password method, why don't we use it ?

I would be glad to submit a patch.

[jmerriweather]

I primarily use this library against Active Directory and unfortunately it doesn't follow RFC 3062.

We could add in modify_password/3 and modify_password/4, we would just have to explain in the docs why there is change_password and modify_password and when to use one or the other.

[Fnux]

Having both modify_password and change_password is seriously confusing. The ideal would be to add an ad_ prefix/suffix/parameter [0] to the original method, but will break compatibility with older releases...

[0] I think the AD case should be the "special case" since it doesn't follow the RFC.

[Fnux]

Or some kind of server_type/is_active_directory parameter defaulting to the "AD way" to avoid breaking existing code, while keeping a somewhat sane API ?

[jmerriweather]

Yeah I agree that it would be pretty confusing having both modify_password and change_password. I like the server_type/is_active_directory idea.

server_type: :active_directory | :ldap