From 845d7d20a72dbea6e029ccec3dbaf6965be76aff Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Fri, 5 Feb 2016 14:02:00 +0000
Subject: [PATCH] * ActiveDirectory: fixed user who never changed his password
 get forced to change his password pwdlastset attributes seems not set, if
 password was never changed, different from 0 value for forced password change

---
 phpgwapi/inc/class.auth_ads.inc.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/phpgwapi/inc/class.auth_ads.inc.php b/phpgwapi/inc/class.auth_ads.inc.php
index 34edeeca4e..da36f35e48 100644
--- a/phpgwapi/inc/class.auth_ads.inc.php
+++ b/phpgwapi/inc/class.auth_ads.inc.php
@@ -124,7 +124,8 @@ class auth_ads implements auth_backend
 	 * Required by EGroupware to force user to change password.
 	 *
 	 * @param string $username username of account to authenticate
-	 * @return mixed false on error, 0 if user must change on next login, or timestamp of last change
+	 * @return mixed false on error, 0 if user must change on next login,
+	 *	or NULL if user never changed his password or timestamp of last change
 	 */
 	static function getLastPwdChange($username)
 	{
@@ -132,10 +133,10 @@ class auth_ads implements auth_backend
 		if (($adldap = accounts_ads::get_adldap()) &&
 			($data = $adldap->user()->info($username, array('pwdlastset'))))
 		{
-			$ret = !$data[0]['pwdlastset'][0] ? 0 :
+			$ret = !$data[0]['pwdlastset'][0] ? $data[0]['pwdlastset'][0] :
 				$adldap->utilities()->convertWindowsTimeToUnixTime($data[0]['pwdlastset'][0]);
 		}
-		//error_log(__METHOD__."('$username') returned ".array2string($ret));
+		//error_log(__METHOD__."('$username') pwdlastset=".array2string($data[0]['pwdlastset'][0])." returned ".array2string($ret));
 		return $ret;
 	}