mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-27 10:23:28 +01:00
* LDAP authentication: if changing password fails bind as user, try changing is with given admin-dn, to cater for all sorts of ldap configurations
This commit is contained in:
parent
44d80c2476
commit
56c1ef67cb
@ -288,7 +288,7 @@ class auth_ldap implements auth_backend
|
|||||||
$filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)';
|
$filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)';
|
||||||
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter);
|
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter);
|
||||||
|
|
||||||
$ds = common::ldapConnect();
|
$ds = $ds_admin = common::ldapConnect();
|
||||||
$sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter);
|
$sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter);
|
||||||
$allValues = ldap_get_entries($ds, $sri);
|
$allValues = ldap_get_entries($ds, $sri);
|
||||||
|
|
||||||
@ -302,9 +302,17 @@ class auth_ldap implements auth_backend
|
|||||||
|
|
||||||
if($old_passwd) // if old password given (not called by admin) --> bind as that user to change the pw
|
if($old_passwd) // if old password given (not called by admin) --> bind as that user to change the pw
|
||||||
{
|
{
|
||||||
$ds = common::ldapConnect('',$dn,$old_passwd);
|
$user_ds = new ldap(true); // true throw exceptions in case of error
|
||||||
|
try {
|
||||||
|
$ds = $user_ds->ldapConnect('',$dn,$old_passwd);
|
||||||
}
|
}
|
||||||
if (!@ldap_modify($ds, $dn, $entry))
|
catch (egw_exception_no_permission $e) {
|
||||||
|
return false; // wrong old user password
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// try changing password bind as user or as admin, to cater for all sorts of ldap configuration
|
||||||
|
// where either only user is allowed to change his password, or only admin user is allowed to
|
||||||
|
if (!@ldap_modify($ds, $dn, $entry) && (!$old_passwd || !@ldap_modify($ds_admin, $dn, $entry)))
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user