diff --git a/phpgwapi/inc/class.accounts.inc.php b/phpgwapi/inc/class.accounts.inc.php
index 7cfb88191c..3d68294034 100644
--- a/phpgwapi/inc/class.accounts.inc.php
+++ b/phpgwapi/inc/class.accounts.inc.php
@@ -960,6 +960,16 @@ class accounts
return $change_account_lid;
}
+ /**
+ * Query if backend requires password to be set, before allowing to enable an account
+ *
+ * @return boolean true if backend requires a password (AD), false or null otherwise (SQL, LDAP)
+ */
+ function require_password_for_enable()
+ {
+ return constant(get_class($this->backend).'::REQUIRE_PASSWORD_FOR_ENABLE');
+ }
+
function list_methods($_type='xmlrpc')
{
if (is_array($_type))
diff --git a/phpgwapi/inc/class.accounts_ads.inc.php b/phpgwapi/inc/class.accounts_ads.inc.php
index db13bf8501..9efdcccb87 100644
--- a/phpgwapi/inc/class.accounts_ads.inc.php
+++ b/phpgwapi/inc/class.accounts_ads.inc.php
@@ -63,6 +63,11 @@ class accounts_ads
*/
const CHANGE_ACCOUNT_LID = false;
+ /**
+ * Backend requires password to be set, before allowing to enable an account
+ */
+ const REQUIRE_PASSWORD_FOR_ENABLE = true;
+
/**
* Attributes to query to be able to generate account_id and account_lid
*
@@ -763,6 +768,7 @@ class accounts_ads
self::convertUnixTimeToWindowsTime($data[$egw]);
break;
case 'account_status':
+ if ($new_entry && empty($data['account_passwd'])) continue; // cant active new account without passwd!
$attributes[$adldap] = $data[$egw] == 'A';
break;
case 'account_lastpwd_change': // AD only allows to set 0 (force pw change) and -1 (reset time)
diff --git a/phpgwapi/inc/class.auth_ads.inc.php b/phpgwapi/inc/class.auth_ads.inc.php
index 6d6e461f18..804a0def40 100644
--- a/phpgwapi/inc/class.auth_ads.inc.php
+++ b/phpgwapi/inc/class.auth_ads.inc.php
@@ -111,7 +111,7 @@ class auth_ads implements auth_backend
if (!($adldap->getUseSSL() || $adldap->getUseTLS()))
{
- throw new egw_exception(lang('Failed to change password. Please contact your administrator.').' '.lang('Active directory requires SSL or TLS to change passwords!'));
+ throw new egw_exception(lang('Failed to change password.').' '.lang('Active directory requires SSL or TLS to change passwords!'));
}
if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login')
@@ -137,7 +137,6 @@ class auth_ads implements auth_backend
return $ret;
}
catch (Exception $e) {
- error_log(__METHOD__."('$old_passwd', '$new_passwd', $account_id) admin=$admin adldap->user()->password('$username', '$new_passwd') returned ".array2string($ret).' ('.ldap_error($adldap->getLdapConnection()).')');
// as we cant detect what the problem is, we do a password strength check and throw it's message, if it fails
$error = auth::crackcheck($new_passwd,
// if admin has nothing configured use windows default of 3 char classes, 7 chars min and name-part-check
@@ -150,7 +149,6 @@ class auth_ads implements auth_backend
'Error' => lang('Error'),
'Server is unwilling to perform.' => lang('Server is unwilling to perform.'),
'Your password might not match the password policy.' => lang('Your password might not match the password policy.'),
- 'SSL must be configured on your webserver and enabled in the class to set passwords.' => lang('Encrypted LDAP connection is required to change passwords, but it is not configured in your installation.'),
));
throw new egw_exception(''.lang('Failed to change password.')."
\n".$msg.($error ? "\n".$error."
\n" : ''));
}