Ralf Becker
42563b8d1a
* LDAP authentication: if changing password fails bind as user, try changing is with given admin-dn, to cater for all sorts of ldap configurations
2012-07-31 12:28:05 +00:00
Ralf Becker
f6fe40f2d9
fixed forwarding of authentication (ldap or ads) homedirectory attribute to egw_info and vfs
2011-11-15 19:16:09 +00:00
Ralf Becker
8ab9b0d2f2
allow to use homedirectory attribute from LDAP or ADS authentication for VFS mounts
2011-11-15 12:43:59 +00:00
Ralf Becker
8202298db5
do NOT force user to change password, if LDAP does NOT support shadowlastchange attribute
2011-11-15 10:09:44 +00:00
Klaus Leithoff
53c78cd9e2
as the timestamp used for ldap is not the unixtimestamp, we just use time for updating the session cache on auth_alpwchange_val
2011-09-23 11:10:05 +00:00
Klaus Leithoff
ac22466ba0
set the session cache for auth_alpwchange_val in methods for changepassword too
2011-09-23 09:56:12 +00:00
Klaus Leithoff
6bff18eadd
set the session cache only when not in admin mode
2011-09-23 09:41:03 +00:00
Klaus Leithoff
b860d7fb50
set the session cache for auth_alpwchange_val on setLastPwdChange
2011-09-23 09:29:59 +00:00
Ralf Becker
fae1d29e68
- implemented more secure password hashing types: sha512_crypt, sha256_crypt and blowfish_crypt (later was only just broken)
...
- DB schema update for account_pwd to varchar(128) to accomodate sha512_crypt hashes
- enable automatic migration to sha512_crypt, if on SQL or LDAP (but only on Linux, as OpenLDAP has not native support for it)
2011-06-05 23:22:51 +00:00
Klaus Leithoff
0b1e444325
do not use password on asetLastPwdChange in admin actions, as the use of passwords indicates the usage of the functionality in usermode; Handle params for egw_cache::getSession in the correct order
2011-05-19 10:32:46 +00:00
Ralf Becker
86837b37f7
password hash migration for LDAP (requires ACL to read password hash!)
2011-05-04 16:35:40 +00:00
Ralf Becker
18b818bd57
reverting accidently commit r34595
2011-04-10 15:05:47 +00:00
Ralf Becker
bd4f019062
some more PostgreSQL stuff from ADOdb 5.11
2011-04-10 15:04:40 +00:00
Klaus Leithoff
4f0e104e27
more to the issue: fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered by auth system
2011-03-16 12:44:42 +00:00
Klaus Leithoff
a080404dab
fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered from auth system. set password-last-changed info in authsystem on password change. when trying to force the user to change his password upon next login as admin from within egrouware, try to set the 0 value within the authsystem as well (in ldap rights are required for admin (or user) to set/alter the shadowlastchange attribute)
2011-03-16 11:00:16 +00:00
Klaus Leithoff
1e314fb59d
shadowLastChange vs. shadowlastchange. Normalize to shadowlastchange - all lower case
2010-11-17 14:39:12 +00:00
Ralf Becker
b48888f3a0
debug switch to get Apache error_log message, why logins fail
2010-11-16 08:54:09 +00:00
Ralf Becker
741a12bef2
fixed typo, wrong parameter name
2010-09-10 08:24:19 +00:00
Ralf Becker
61d26df913
reworked auth classes, to allow them to use each other and a new auth class using a primary backend (ldap) and a fallback (sql)
2010-01-28 04:22:37 +00:00
Ralf Becker
5291d0ac39
Fixing the fix ;-)
...
shadowLastChange has to be an integer
2009-04-09 08:11:24 +00:00
Ralf Becker
7698d3ef65
Fixed not (always) updated last password change date
2009-04-09 06:41:41 +00:00
Ralf Becker
4f94d5837d
use of global db object and new headers, made all methods of the auth class static
2008-03-15 17:27:36 +00:00
Ralf Becker
742f10831b
not using gidNumber for autocreating accounts, as it means nothing on our system and it stops the group selected in setup from beeing used
2007-10-28 06:04:16 +00:00
Ralf Becker
23c2f997fc
"- fixed problem reported by JOYDEEP on the user-list: disabled accounts can still login under the ldap account backend"
2007-06-20 07:40:59 +00:00
Ralf Becker
1697a56468
"- fixed handling of passwords with special chars
...
- made handling of empty passwords more obvious
- fixed primary group to use negative group-id"
2007-06-20 06:49:02 +00:00
Ralf Becker
d8d93ebd77
changed the authticate method to use common::ldapConnect() and not do it yourself, which fails as the ldap-version3 attribute no longer exists
2006-06-09 00:07:57 +00:00
Ralf Becker
98d8b30761
rewrite of the accounts classes:
...
- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
2006-06-06 23:42:36 +00:00
Lars Kneschke
3abea0dbe6
fixed changing passwords using ldap
2005-12-02 12:49:50 +00:00
Ralf Becker
dafaf45680
fixed typo which caused the admin passwd to be changed, instead the one of the edited user
2005-11-13 06:09:10 +00:00
Ralf Becker
c85d34c0fe
changed the following table-names:
...
- phpgw_accounts --> egw_accounts
- phpgw_acl --> egw_acl
- phpgw_log(_msg) --> egw_log(_msg)
- phpgw_config --> egw_config
- phpgw_applications --> egw_applications
This requires code-changes in many apps. Quite often I was able to replace the db access, with calls to the appropreate classes.
2005-11-02 11:45:52 +00:00
Miles Lott
137e472433
Use correct quoting when querying/setting account_id; minor formatting
2005-08-27 12:19:35 +00:00
dawnlinux
b305532907
Correct a variable name, it should be "$_account_id" not "$account_id"
2004-12-14 02:12:09 +00:00
Ralf Becker
508cff860c
added configurable search-filter to auth_ldap
2004-08-21 12:18:07 +00:00
Ralf Becker
eed94133c3
fixed and extended auto_create_accounts: the following information from ldap are now automaticaly stored in the sql-account:
...
- name & firstname
- primary group (if a group with that numerical id exists in eGW, its added as primary group to the account and acl)
- numerical account-id (if availible, no new one gets created, but the one from ldap is used)
- email (as preference for the email-app)
2004-05-22 11:00:18 +00:00
reinerj
48f840d7de
move from old projct to new one
2004-05-05 12:06:13 +00:00
Miles Lott
0d23f90fd4
ensure integer value sent to avoid badfilter
2004-01-26 03:24:40 +00:00
Miles Lott
77fd8f4882
Move password functions to auth class; Add support for new encryption types in setup
...
and implement password checking and creation for these new types
2004-01-18 21:12:53 +00:00
Lars Kneschke
05b73a96b0
enable check for casesensitive usernames
2004-01-16 07:44:38 +00:00
Lars Kneschke
b11297fc59
make password changing using ldap working again
2004-01-02 15:07:04 +00:00
Ralf Becker
c218e158b1
added a check agains ldap-insertion in the login-name
2003-10-02 21:01:37 +00:00
Ralf Becker
54bcb34236
fixed account-enabled check for account-storage != ldap
2003-09-24 12:21:38 +00:00
Lars Kneschke
2a4b75c483
ldap fixes
2003-09-21 19:02:12 +00:00
Lars Kneschke
bfb56ec1de
ldap fixes
2003-09-14 14:35:36 +00:00
Ralf Becker
b8557e49d9
make the phpgw Version-0_9_16-branch HEAD
2003-08-28 14:31:11 +00:00
ceb
ba80c900a7
update
2002-11-24 01:45:28 +00:00
Miles Lott
8dd5db4d01
Swap old/new update_lastlogin()
2001-09-03 03:56:12 +00:00
Miles Lott
07009748e5
using GLOBALS now
2001-08-30 19:39:13 +00:00
jengo
3c64f8fc3e
Started adding in some eventlog reporting
2001-08-05 09:54:44 +00:00
Miles Lott
83db6d7fb0
Moved the one altered function into old file as new_*, remove _wip
2001-06-26 21:29:39 +00:00
jengo
cf9686e512
I broke a few things durring last commit, tring it again ...
2001-06-03 18:20:05 +00:00