Ralf Becker
845d7d20a7
* ActiveDirectory: fixed user who never changed his password get forced to change his password
...
pwdlastset attributes seems not set, if password was never changed, different from 0 value for forced password change
2016-02-05 14:02:00 +00:00
Ralf Becker
86d0b31b3b
* ActiveDirectory: real password change (not reset) for PHP 5.4>=5.4.26, 5.5>=5.5.10, 5.6+ (subject to minimum password age policy!)
2015-03-29 15:22:43 +00:00
Ralf Becker
5bb6635822
harden ldap auth, by removing \000 bytes, causing passwords to be not empty by php, but empty to c libaries
2015-02-17 22:25:48 +00:00
Ralf Becker
f218f9412c
added note about certificate validation and some more diagnostics to error_log, for failed ADS auth
2014-02-27 12:05:37 +00:00
Ralf Becker
94926467d2
always check with "passwd_forbid_name" enabled, if setting of password failed
2013-07-16 14:57:06 +00:00
Ralf Becker
10436d5e41
fixed not being able to switch "forbid password to contain name" off again, after it has been switched on (caused by name "passwd_forbid_name")
2013-07-16 14:50:12 +00:00
Ralf Becker
b54aef66e4
need to use own authentication method, to be able to auth user forced to change password and need to always recheck flag, if user are forced to change password, as otherwise he will be prompt again after changing it
2013-07-15 20:29:49 +00:00
Ralf Becker
526c938eec
* Active Directory: allow to do a forced password change in EGroupware and handle reset of that flag for Samba4 too
2013-07-15 20:01:01 +00:00
Ralf Becker
e90a6e1d42
fixed again not working new account creation under AD agains Win2008r2
2013-07-15 08:10:03 +00:00
Ralf Becker
6898ee9cdb
* Admin/Preferences/Active Directory: more understandable password policy errors and using windows defaults only, if admin has not configured something else
2013-07-14 13:05:24 +00:00
Ralf Becker
8325352e88
* Admin/Preferences/ADS: give explicit error, that AD requires SSL or TLS to change passwords (not just failing with unspecific error)
2013-06-29 08:51:02 +00:00
Ralf Becker
aa1426b8de
* Admin: split password strength config in minimum length and number of character types, allow account backends specially AD to report password policy failures
2013-06-25 16:37:44 +00:00
Ralf Becker
293d395472
allow auth backends to throw exceptions to give verbose error why password changing failed, auth_ads does now password strength check (even if not configured), as this is most likely cause for not changed password
2013-06-23 10:46:26 +00:00
Ralf Becker
4037993dc5
* API: full support of active directory as account storage, tested so far with Samba4
2013-05-22 17:22:20 +00:00
Ralf Becker
f6fe40f2d9
fixed forwarding of authentication (ldap or ads) homedirectory attribute to egw_info and vfs
2011-11-15 19:16:09 +00:00
Ralf Becker
8ab9b0d2f2
allow to use homedirectory attribute from LDAP or ADS authentication for VFS mounts
2011-11-15 12:43:59 +00:00
Ralf Becker
61d26df913
reworked auth classes, to allow them to use each other and a new auth class using a primary backend (ldap) and a fallback (sql)
2010-01-28 04:22:37 +00:00
Ralf Becker
232252475f
patch fixing many depricated functions (eg. posix regular expressions) and features, which fill up the error_log under php5.3 (and will no longer be available under php6).
...
Patch is mostly created by script in egroupware/doc/fix_depricated.php in separate commit.
I do NOT advice to apply this patch to a production system (it's commited to trunk!), as the automatic modified regular expressions have a good change to break something ...
2009-06-08 16:21:14 +00:00
Ralf Becker
d56c51d71d
deny ADS logins with empty passwords, in case anonymous search/bind is enabled on ADS
2007-06-08 15:42:07 +00:00
Ralf Becker
e3a4af3a1d
"bugfix/patch #632 : Active Directory (ADS) authentication in 1.4 Beta 4 (1.3.019)"
2007-05-03 13:40:38 +00:00
Ralf Becker
c85d34c0fe
changed the following table-names:
...
- phpgw_accounts --> egw_accounts
- phpgw_acl --> egw_acl
- phpgw_log(_msg) --> egw_log(_msg)
- phpgw_config --> egw_config
- phpgw_applications --> egw_applications
This requires code-changes in many apps. Quite often I was able to replace the db access, with calls to the appropreate classes.
2005-11-02 11:45:52 +00:00
Miles Lott
137e472433
Use correct quoting when querying/setting account_id; minor formatting
2005-08-27 12:19:35 +00:00
Ralf Becker
b883eca49d
new auth_ads class:
...
- only needs host- and domain-name
- needs NO extra account on the ADS host
- can be used with accounts in SQL or LDAP to auto-create autheticated users
- new param to lowercase the user-names before auto-creating them (to deal with case-insensitve and case-sensitive system)
2005-05-13 15:58:10 +00:00
Lars Kneschke
11219ead38
add class to authenticate against ADS
2004-08-13 15:53:07 +00:00