Hey Andreas.
Am 04.07.17 um 00:16 schrieb Andreas Treichel:
> Hey Côme, hey Andreas.
>
>> string|FALSE ldap_exop_whoami(resource $link) - The returned string is
>> the DN of the currently bound user.
>
> In my opinion the code is really ease to read with exceptions.
>
> try {
> $user = ldap_exop_whoami($link);
> }
> catch(Throwable $e) {
> }
It definitely is easier to read. But let's not try too much in one go.
As all of the current extension uses errors I'd currently stick to the
errors and leave moving to extensions for a later change. Partly to keep
at least some kind of consistency and partly to not come into the trap
of moving to extensions completely and therefore breaking BC…
>
>> string|FALSE ldap_exop_passwd(resource $link [, string $user [, string
>> $oldPassword [, string $newPassword]]] - The returned string is the new
>> password of the user. Either the given newPassword or a newly
>> generated one.
>
> Change password of current user with a random password.
> ldap_exop_passwd($link);
>
> Change password of $user with a random password.
> ldap_exop_passwd($link, $user);
>
> Change $oldPassword of $user with a random password.
> ldap_exop_passwd($link, $user, $oldPassword);
>
> Change $oldPassword of $user to $newPassword.
> ldap_exop_passwd($link, $user, $oldPassword, $newPassword);
>
> As i wrote the four samples, i actually already like the ordering of the
> arguments as it seems to make sense.
>
>
> How is the behavior of the following?
>
> Change $oldPassword of current user to $newPassword?
> ldap_exop_passwd($link, '', $oldPassword, $newPassword)
ldap_exop_passwd($link, null, $oldPassword, $newPassword);
Though passing an empty string should work also with the current code.
But I'd prefer to pass NULL
>
> Change $oldPassword of $user to empty string? Or random? Or is this an
> error?
> ldap_exop_passwd($link, $user, $oldPassword, '');
IMHO you can't change to an empty string. Because that would be like not
setting a password at all. I'd restrict that so far that providing an
empty password will cause the server to generate a random password that
is then returned.
>
>
> My previous suggestion was to split the function into two versions to
> reduce the amount of arguments.
>
> string|FALSE ldap_exop_passwd(resource $link, string $user, string
> $newPassword [, string $oldPassword])
>
> string|FALSE ldap_exop_random_passwd(resource $link, string $user [,
> string $oldPassword])
I would not do that as it bloats the API in an - in my eyes -
unnecessary way. Let's stick to one function for changing password…
One thing though that I thought about: Chapter 4 of RFC 3062 explicitly
states that this function should only be available with confidentially
support like TLS. So perhaps we should check whether the data will be
transfered via a secure connection and - if not - raise an error?
Cheers
Andreas
--
,,,
(o o)
+---------------------------------------------------------ooO-(_)-Ooo-+
| Andreas Heigl |
| mailto:andr...@heigl.org N 50°22'59.5" E 08°23'58" |
| http://andreas.heigl.org http://hei.gl/wiFKy7 |
+---------------------------------------------------------------------+
| http://hei.gl/root-ca |
+---------------------------------------------------------------------+
signature.asc
Description: OpenPGP digital signature
