Commit Graph

62 Commits

Author SHA1 Message Date
Ralf Becker
42563b8d1a * LDAP authentication: if changing password fails bind as user, try changing is with given admin-dn, to cater for all sorts of ldap configurations 2012-07-31 12:28:05 +00:00
Ralf Becker
f6fe40f2d9 fixed forwarding of authentication (ldap or ads) homedirectory attribute to egw_info and vfs 2011-11-15 19:16:09 +00:00
Ralf Becker
8ab9b0d2f2 allow to use homedirectory attribute from LDAP or ADS authentication for VFS mounts 2011-11-15 12:43:59 +00:00
Ralf Becker
8202298db5 do NOT force user to change password, if LDAP does NOT support shadowlastchange attribute 2011-11-15 10:09:44 +00:00
Klaus Leithoff
53c78cd9e2 as the timestamp used for ldap is not the unixtimestamp, we just use time for updating the session cache on auth_alpwchange_val 2011-09-23 11:10:05 +00:00
Klaus Leithoff
ac22466ba0 set the session cache for auth_alpwchange_val in methods for changepassword too 2011-09-23 09:56:12 +00:00
Klaus Leithoff
6bff18eadd set the session cache only when not in admin mode 2011-09-23 09:41:03 +00:00
Klaus Leithoff
b860d7fb50 set the session cache for auth_alpwchange_val on setLastPwdChange 2011-09-23 09:29:59 +00:00
Ralf Becker
fae1d29e68 - implemented more secure password hashing types: sha512_crypt, sha256_crypt and blowfish_crypt (later was only just broken)
- DB schema update for account_pwd to varchar(128) to accomodate sha512_crypt hashes
- enable automatic migration to sha512_crypt, if on SQL or LDAP (but only on Linux, as OpenLDAP has not native support for it)
2011-06-05 23:22:51 +00:00
Klaus Leithoff
0b1e444325 do not use password on asetLastPwdChange in admin actions, as the use of passwords indicates the usage of the functionality in usermode; Handle params for egw_cache::getSession in the correct order 2011-05-19 10:32:46 +00:00
Ralf Becker
86837b37f7 password hash migration for LDAP (requires ACL to read password hash!) 2011-05-04 16:35:40 +00:00
Ralf Becker
18b818bd57 reverting accidently commit r34595 2011-04-10 15:05:47 +00:00
Ralf Becker
bd4f019062 some more PostgreSQL stuff from ADOdb 5.11 2011-04-10 15:04:40 +00:00
Klaus Leithoff
4f0e104e27 more to the issue: fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered by auth system 2011-03-16 12:44:42 +00:00
Klaus Leithoff
a080404dab fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered from auth system. set password-last-changed info in authsystem on password change. when trying to force the user to change his password upon next login as admin from within egrouware, try to set the 0 value within the authsystem as well (in ldap rights are required for admin (or user) to set/alter the shadowlastchange attribute) 2011-03-16 11:00:16 +00:00
Klaus Leithoff
1e314fb59d shadowLastChange vs. shadowlastchange. Normalize to shadowlastchange - all lower case 2010-11-17 14:39:12 +00:00
Ralf Becker
b48888f3a0 debug switch to get Apache error_log message, why logins fail 2010-11-16 08:54:09 +00:00
Ralf Becker
741a12bef2 fixed typo, wrong parameter name 2010-09-10 08:24:19 +00:00
Ralf Becker
61d26df913 reworked auth classes, to allow them to use each other and a new auth class using a primary backend (ldap) and a fallback (sql) 2010-01-28 04:22:37 +00:00
Ralf Becker
5291d0ac39 Fixing the fix ;-)
shadowLastChange has to be an integer
2009-04-09 08:11:24 +00:00
Ralf Becker
7698d3ef65 Fixed not (always) updated last password change date 2009-04-09 06:41:41 +00:00
Ralf Becker
4f94d5837d use of global db object and new headers, made all methods of the auth class static 2008-03-15 17:27:36 +00:00
Ralf Becker
742f10831b not using gidNumber for autocreating accounts, as it means nothing on our system and it stops the group selected in setup from beeing used 2007-10-28 06:04:16 +00:00
Ralf Becker
23c2f997fc "- fixed problem reported by JOYDEEP on the user-list: disabled accounts can still login under the ldap account backend" 2007-06-20 07:40:59 +00:00
Ralf Becker
1697a56468 "- fixed handling of passwords with special chars
- made handling of empty passwords more obvious
- fixed primary group to use negative group-id"
2007-06-20 06:49:02 +00:00
Ralf Becker
d8d93ebd77 changed the authticate method to use common::ldapConnect() and not do it yourself, which fails as the ldap-version3 attribute no longer exists 2006-06-09 00:07:57 +00:00
Ralf Becker
98d8b30761 rewrite of the accounts classes:
- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
2006-06-06 23:42:36 +00:00
Lars Kneschke
3abea0dbe6 fixed changing passwords using ldap 2005-12-02 12:49:50 +00:00
Ralf Becker
dafaf45680 fixed typo which caused the admin passwd to be changed, instead the one of the edited user 2005-11-13 06:09:10 +00:00
Ralf Becker
c85d34c0fe changed the following table-names:
- phpgw_accounts --> egw_accounts
- phpgw_acl --> egw_acl
- phpgw_log(_msg) --> egw_log(_msg)
- phpgw_config --> egw_config
- phpgw_applications --> egw_applications
This requires code-changes in many apps. Quite often I was able to replace the db access, with calls to the appropreate classes.
2005-11-02 11:45:52 +00:00
Miles Lott
137e472433 Use correct quoting when querying/setting account_id; minor formatting 2005-08-27 12:19:35 +00:00
dawnlinux
b305532907 Correct a variable name, it should be "$_account_id" not "$account_id" 2004-12-14 02:12:09 +00:00
Ralf Becker
508cff860c added configurable search-filter to auth_ldap 2004-08-21 12:18:07 +00:00
Ralf Becker
eed94133c3 fixed and extended auto_create_accounts: the following information from ldap are now automaticaly stored in the sql-account:
- name & firstname
- primary group (if a group with that numerical id exists in eGW, its added as primary group to the account and acl)
- numerical account-id (if availible, no new one gets created, but the one from ldap is used)
- email (as preference for the email-app)
2004-05-22 11:00:18 +00:00
reinerj
48f840d7de move from old projct to new one 2004-05-05 12:06:13 +00:00
Miles Lott
0d23f90fd4 ensure integer value sent to avoid badfilter 2004-01-26 03:24:40 +00:00
Miles Lott
77fd8f4882 Move password functions to auth class; Add support for new encryption types in setup
and implement password checking and creation for these new types
2004-01-18 21:12:53 +00:00
Lars Kneschke
05b73a96b0 enable check for casesensitive usernames 2004-01-16 07:44:38 +00:00
Lars Kneschke
b11297fc59 make password changing using ldap working again 2004-01-02 15:07:04 +00:00
Ralf Becker
c218e158b1 added a check agains ldap-insertion in the login-name 2003-10-02 21:01:37 +00:00
Ralf Becker
54bcb34236 fixed account-enabled check for account-storage != ldap 2003-09-24 12:21:38 +00:00
Lars Kneschke
2a4b75c483 ldap fixes 2003-09-21 19:02:12 +00:00
Lars Kneschke
bfb56ec1de ldap fixes 2003-09-14 14:35:36 +00:00
Ralf Becker
b8557e49d9 make the phpgw Version-0_9_16-branch HEAD 2003-08-28 14:31:11 +00:00
ceb
ba80c900a7 update 2002-11-24 01:45:28 +00:00
Miles Lott
8dd5db4d01 Swap old/new update_lastlogin() 2001-09-03 03:56:12 +00:00
Miles Lott
07009748e5 using GLOBALS now 2001-08-30 19:39:13 +00:00
jengo
3c64f8fc3e Started adding in some eventlog reporting 2001-08-05 09:54:44 +00:00
Miles Lott
83db6d7fb0 Moved the one altered function into old file as new_*, remove _wip 2001-06-26 21:29:39 +00:00
jengo
cf9686e512 I broke a few things durring last commit, tring it again ... 2001-06-03 18:20:05 +00:00