mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-22 23:00:56 +01:00
* LDAP authentication: if changing password fails bind as user, try changing is with given admin-dn, to cater for all sorts of ldap configurations
This commit is contained in:
parent
eafb5f8730
commit
42563b8d1a
@ -288,7 +288,7 @@ class auth_ldap implements auth_backend
|
||||
$filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)';
|
||||
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter);
|
||||
|
||||
$ds = common::ldapConnect();
|
||||
$ds = $ds_admin = common::ldapConnect();
|
||||
$sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter);
|
||||
$allValues = ldap_get_entries($ds, $sri);
|
||||
|
||||
@ -302,9 +302,17 @@ class auth_ldap implements auth_backend
|
||||
|
||||
if($old_passwd) // if old password given (not called by admin) --> bind as that user to change the pw
|
||||
{
|
||||
$ds = common::ldapConnect('',$dn,$old_passwd);
|
||||
$user_ds = new ldap(true); // true throw exceptions in case of error
|
||||
try {
|
||||
$ds = $user_ds->ldapConnect('',$dn,$old_passwd);
|
||||
}
|
||||
catch (egw_exception_no_permission $e) {
|
||||
return false; // wrong old user password
|
||||
}
|
||||
}
|
||||
if (!@ldap_modify($ds, $dn, $entry))
|
||||
// try changing password bind as user or as admin, to cater for all sorts of ldap configuration
|
||||
// where either only user is allowed to change his password, or only admin user is allowed to
|
||||
if (!@ldap_modify($ds, $dn, $entry) && (!$old_passwd || !@ldap_modify($ds_admin, $dn, $entry)))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user