From cb523f84006fa962159533cda34e203c6e7fde89 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Sat, 13 Jul 2013 07:50:36 +0000 Subject: [PATCH] * Admin/Active Directory: fixed not working display, setting and removing of "must change password upon next login" --- admin/inc/class.uiaccounts.inc.php | 4 ++-- phpgwapi/inc/class.accounts_ads.inc.php | 12 ++++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/admin/inc/class.uiaccounts.inc.php b/admin/inc/class.uiaccounts.inc.php index 45e76682a9..dc81091ca7 100755 --- a/admin/inc/class.uiaccounts.inc.php +++ b/admin/inc/class.uiaccounts.inc.php @@ -948,7 +948,7 @@ $var['changepassword'] = !$acl->check('nopasswordchange',1,'preferences') ? '  X' : ' '; if (!isset($auth)) $auth =& CreateObject('phpgwapi.auth'); $accLPWDC = $auth->getLastPwdChange($userData['account_lid']); - if ($accLPWC !== false) $userData['account_lastpwd_change'] = $accLPWDC; + if ($accLPWDC !== false) $userData['account_lastpwd_change'] = $accLPWDC; $var['mustchangepassword']= (isset($userData['account_lastpwd_change']) && ((is_string($userData['account_lastpwd_change']) && $userData['account_lastpwd_change']==="0")||(is_int($userData['account_lastpwd_change']) && $userData['account_lastpwd_change']===0)) ? '  X' : ' '); unset($acl); @@ -1318,7 +1318,7 @@ $userData['changepassword'] = !$acl->check('nopasswordchange',1,'preferences'); if (!isset($auth)) $auth =& CreateObject('phpgwapi.auth'); $accLPWDC = $auth->getLastPwdChange($userData['account_lid']); - if ($accLPWC !== false) $userData['account_lastpwd_change'] = $accLPWDC; + if ($accLPWDC !== false) $userData['account_lastpwd_change'] = $accLPWDC; $userData['mustchangepassword'] = (isset($userData['account_lastpwd_change']) && ((is_string($userData['account_lastpwd_change']) && $userData['account_lastpwd_change']==="0")||(is_int($userData['account_lastpwd_change']) && $userData['account_lastpwd_change']===0))?true:false); unset($acl); } diff --git a/phpgwapi/inc/class.accounts_ads.inc.php b/phpgwapi/inc/class.accounts_ads.inc.php index c05ebabb5c..638de8a366 100644 --- a/phpgwapi/inc/class.accounts_ads.inc.php +++ b/phpgwapi/inc/class.accounts_ads.inc.php @@ -481,8 +481,8 @@ class accounts_ads 'account_status' => $data['useraccountcontrol'][0] & 2 ? false : 'A', 'account_expires' => !isset($data['accountexpires']) || $data['accountexpires'][0] == self::EXPIRES_NEVER ? -1 : $this->adldap->utilities()->convertWindowsTimeToUnixTime($data['accountexpires'][0]), - 'account_lastpwd_change' => !isset($data['pwdlastset']) ? null : - $this->adldap->utilities()->convertWindowsTimeToUnixTime($data['pwdlastset'][0]), + 'account_lastpwd_change' => !isset($data['pwdlastset']) ? null : (!$data['pwdlastset'][0] ? 0 : + $this->adldap->utilities()->convertWindowsTimeToUnixTime($data['pwdlastset'][0])), 'account_created' => !isset($data['whencreated'][0]) ? null : self::_when2ts($data['whencreated'][0]), 'account_modified' => !isset($data['whenchanged'][0]) ? null : @@ -712,7 +712,8 @@ class accounts_ads 'account_status' => 'enabled', 'account_primary_group' => 'primarygroupid', 'account_expires' => 'expires', - 'mustchangepassword'=> 'change_password', + //'mustchangepassword'=> 'change_password', // can only set it, but not reset it, therefore we set pwdlastset direct + 'account_lastpwd_change' => 'pwdlastset', //'account_phone' => 'telephone', not updated by accounts, only read so far ); $attributes = $ldap = array(); @@ -759,6 +760,9 @@ class accounts_ads case 'account_status': $attributes[$adldap] = $data[$egw] == 'A'; break; + case 'account_lastpwd_change': // AD only allows to set 0 (force pw change) and -1 (reset time) + $ldap[$adldap] = !$data[$egw] ? 0 : -1; + break; default: $attributes[$adldap] = $data[$egw]; break; @@ -775,7 +779,7 @@ class accounts_ads // attributes not (yet) suppored by adldap if ($ldap && !($ret = @ldap_modify($ds=$this->ldap_connection(), $old['account_dn'], $ldap))) { - error_log(__METHOD__."(".array2string($data).") ldap_modify($ds, '$old[account_dn]', ".array2string($ldap).') returned '.array2string($ret).' '.function_backtrace()); + error_log(__METHOD__."(".array2string($data).") ldap_modify($ds, '$old[account_dn]', ".array2string($ldap).') returned '.array2string($ret).' ('.ldap_error($ds).') '.function_backtrace()); return false; } //elseif ($ldap) error_log(__METHOD__."(".array2string($data).") ldap_modify($ds, '$old[account_dn]', ".array2string($ldap).') returned '.array2string($ret).' '.function_backtrace());