Commit Graph

61 Commits

Author SHA1 Message Date
Ralf Becker
c12ee68114 added note about certificate validation and some more diagnostics to error_log, for failed ADS auth 2014-02-27 12:05:57 +00:00
Ralf Becker
9dfd92813a * Preferences/EMail: if user changed password, update password in session correct, so eg. EMail using that password keeps working 2013-02-21 09:44:56 +00:00
Ralf Becker
56c1ef67cb * LDAP authentication: if changing password fails bind as user, try changing is with given admin-dn, to cater for all sorts of ldap configurations 2012-07-31 12:28:28 +00:00
Ralf Becker
28b7e56f0b fixed forwarding of authentication (ldap or ads) homedirectory attribute to egw_info and vfs 2011-11-15 19:48:55 +00:00
Ralf Becker
7ea3c19659 allow to use homedirectory attribute from LDAP or ADS authentication for VFS mounts 2011-11-15 12:44:41 +00:00
Ralf Becker
923c78940e do NOT force user to change password, if LDAP does NOT support shadowlastchange attribute 2011-11-15 10:10:20 +00:00
Klaus Leithoff
f7a50ec383 * API/CheckPasswordAge: new approach to the issue, as we have to take into account that the timestamp of the last password change may not be provided by the auth system. We fetch the timestamp from the authsystem if the method is implemented for the auth method configured (instead of juggling with account_lastpasswd_change or account_lastpwd_change) 2011-09-26 08:51:48 +00:00
Ralf Becker
fae1d29e68 - implemented more secure password hashing types: sha512_crypt, sha256_crypt and blowfish_crypt (later was only just broken)
- DB schema update for account_pwd to varchar(128) to accomodate sha512_crypt hashes
- enable automatic migration to sha512_crypt, if on SQL or LDAP (but only on Linux, as OpenLDAP has not native support for it)
2011-06-05 23:22:51 +00:00
Klaus Leithoff
0b1e444325 do not use password on asetLastPwdChange in admin actions, as the use of passwords indicates the usage of the functionality in usermode; Handle params for egw_cache::getSession in the correct order 2011-05-19 10:32:46 +00:00
Ralf Becker
86837b37f7 password hash migration for LDAP (requires ACL to read password hash!) 2011-05-04 16:35:40 +00:00
Ralf Becker
18b818bd57 reverting accidently commit r34595 2011-04-10 15:05:47 +00:00
Ralf Becker
bd4f019062 some more PostgreSQL stuff from ADOdb 5.11 2011-04-10 15:04:40 +00:00
Klaus Leithoff
4f0e104e27 more to the issue: fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered by auth system 2011-03-16 12:44:42 +00:00
Klaus Leithoff
a080404dab fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered from auth system. set password-last-changed info in authsystem on password change. when trying to force the user to change his password upon next login as admin from within egrouware, try to set the 0 value within the authsystem as well (in ldap rights are required for admin (or user) to set/alter the shadowlastchange attribute) 2011-03-16 11:00:16 +00:00
Klaus Leithoff
1e314fb59d shadowLastChange vs. shadowlastchange. Normalize to shadowlastchange - all lower case 2010-11-17 14:39:12 +00:00
Ralf Becker
b48888f3a0 debug switch to get Apache error_log message, why logins fail 2010-11-16 08:54:09 +00:00
Ralf Becker
741a12bef2 fixed typo, wrong parameter name 2010-09-10 08:24:19 +00:00
Ralf Becker
61d26df913 reworked auth classes, to allow them to use each other and a new auth class using a primary backend (ldap) and a fallback (sql) 2010-01-28 04:22:37 +00:00
Ralf Becker
5291d0ac39 Fixing the fix ;-)
shadowLastChange has to be an integer
2009-04-09 08:11:24 +00:00
Ralf Becker
7698d3ef65 Fixed not (always) updated last password change date 2009-04-09 06:41:41 +00:00
Ralf Becker
4f94d5837d use of global db object and new headers, made all methods of the auth class static 2008-03-15 17:27:36 +00:00
Ralf Becker
742f10831b not using gidNumber for autocreating accounts, as it means nothing on our system and it stops the group selected in setup from beeing used 2007-10-28 06:04:16 +00:00
Ralf Becker
23c2f997fc "- fixed problem reported by JOYDEEP on the user-list: disabled accounts can still login under the ldap account backend" 2007-06-20 07:40:59 +00:00
Ralf Becker
1697a56468 "- fixed handling of passwords with special chars
- made handling of empty passwords more obvious
- fixed primary group to use negative group-id"
2007-06-20 06:49:02 +00:00
Ralf Becker
d8d93ebd77 changed the authticate method to use common::ldapConnect() and not do it yourself, which fails as the ldap-version3 attribute no longer exists 2006-06-09 00:07:57 +00:00
Ralf Becker
98d8b30761 rewrite of the accounts classes:
- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
2006-06-06 23:42:36 +00:00
Lars Kneschke
3abea0dbe6 fixed changing passwords using ldap 2005-12-02 12:49:50 +00:00
Ralf Becker
dafaf45680 fixed typo which caused the admin passwd to be changed, instead the one of the edited user 2005-11-13 06:09:10 +00:00
Ralf Becker
c85d34c0fe changed the following table-names:
- phpgw_accounts --> egw_accounts
- phpgw_acl --> egw_acl
- phpgw_log(_msg) --> egw_log(_msg)
- phpgw_config --> egw_config
- phpgw_applications --> egw_applications
This requires code-changes in many apps. Quite often I was able to replace the db access, with calls to the appropreate classes.
2005-11-02 11:45:52 +00:00
Miles Lott
137e472433 Use correct quoting when querying/setting account_id; minor formatting 2005-08-27 12:19:35 +00:00
dawnlinux
b305532907 Correct a variable name, it should be "$_account_id" not "$account_id" 2004-12-14 02:12:09 +00:00
Ralf Becker
508cff860c added configurable search-filter to auth_ldap 2004-08-21 12:18:07 +00:00
Ralf Becker
eed94133c3 fixed and extended auto_create_accounts: the following information from ldap are now automaticaly stored in the sql-account:
- name & firstname
- primary group (if a group with that numerical id exists in eGW, its added as primary group to the account and acl)
- numerical account-id (if availible, no new one gets created, but the one from ldap is used)
- email (as preference for the email-app)
2004-05-22 11:00:18 +00:00
reinerj
48f840d7de move from old projct to new one 2004-05-05 12:06:13 +00:00
Miles Lott
0d23f90fd4 ensure integer value sent to avoid badfilter 2004-01-26 03:24:40 +00:00
Miles Lott
77fd8f4882 Move password functions to auth class; Add support for new encryption types in setup
and implement password checking and creation for these new types
2004-01-18 21:12:53 +00:00
Lars Kneschke
05b73a96b0 enable check for casesensitive usernames 2004-01-16 07:44:38 +00:00
Lars Kneschke
b11297fc59 make password changing using ldap working again 2004-01-02 15:07:04 +00:00
Ralf Becker
c218e158b1 added a check agains ldap-insertion in the login-name 2003-10-02 21:01:37 +00:00
Ralf Becker
54bcb34236 fixed account-enabled check for account-storage != ldap 2003-09-24 12:21:38 +00:00
Lars Kneschke
2a4b75c483 ldap fixes 2003-09-21 19:02:12 +00:00
Lars Kneschke
bfb56ec1de ldap fixes 2003-09-14 14:35:36 +00:00
Ralf Becker
b8557e49d9 make the phpgw Version-0_9_16-branch HEAD 2003-08-28 14:31:11 +00:00
ceb
ba80c900a7 update 2002-11-24 01:45:28 +00:00
Miles Lott
8dd5db4d01 Swap old/new update_lastlogin() 2001-09-03 03:56:12 +00:00
Miles Lott
07009748e5 using GLOBALS now 2001-08-30 19:39:13 +00:00
jengo
3c64f8fc3e Started adding in some eventlog reporting 2001-08-05 09:54:44 +00:00
Miles Lott
83db6d7fb0 Moved the one altered function into old file as new_*, remove _wip 2001-06-26 21:29:39 +00:00
jengo
cf9686e512 I broke a few things durring last commit, tring it again ... 2001-06-03 18:20:05 +00:00
jengo
37bd9763fa Added feature to drop the previous login into appsessions, this way developer can find out how long its been since they last logged in.
- Formating in sqlssl
- Fixed change_password() in sqlssl not being correct and based on older versions
2001-06-03 17:58:12 +00:00