Do not rely on exop_passwd

[susnux]

• Fixes #128

Instead of relying on exop_passwd for password changing, check rootDSE for support and fallback to mod_replace otherwise. This should fix AD support.

[come-nc]

AD really does not support password EXOP?

[susnux]

How about adding a dropdown setting for the password handling:

• Default
  • Same as current handling with fallback to userPassword
• Hash
  • Manually hash the password using ssha
• Unicode
  • Required for AD without heuristics, setting password to unicodePwd and convert it to UTF16

[come-nc]

I am a bit uneasy having a fallback from passwd exop to modify on failure. If passwd exop is advertised as supported by rootDSE upon default config it should try the exop and error out on failure.

[susnux]

@come-nc

I am a bit uneasy having a fallback from passwd exop to modify on failure. If passwd exop is advertised as supported by rootDSE upon default config it should try the exop and error out on failure.

I agree! Now if rootDSE advertises the password exop, an error will be thrown if it does not succeed. But if password exop is not supported the password is set by using the userPassword or (if configured) unicodePwd for AD support.

[susnux]

@come-nc @blizzz I rebased this, is there anything I can help with to get this merged?

(Drone is failing because of https://github.com/nextcloud/ldap_write_support/pull/579 )

[susnux]

@come-nc fixed your comments

[Fmstrat]

Any idea when this PR will make it's way through? Debating on handling via a custom branch or not.

[blizzz]

CI is failing

[susnux]

@blizzz

CI is failing

I was able to finally solve this (was a typo :sweat_smile: )