Ralf Becker
c12ee68114
added note about certificate validation and some more diagnostics to error_log, for failed ADS auth
2014-02-27 12:05:57 +00:00
Ralf Becker
9dfd92813a
* Preferences/EMail: if user changed password, update password in session correct, so eg. EMail using that password keeps working
2013-02-21 09:44:56 +00:00
Ralf Becker
56c1ef67cb
* LDAP authentication: if changing password fails bind as user, try changing is with given admin-dn, to cater for all sorts of ldap configurations
2012-07-31 12:28:28 +00:00
Ralf Becker
28b7e56f0b
fixed forwarding of authentication (ldap or ads) homedirectory attribute to egw_info and vfs
2011-11-15 19:48:55 +00:00
Ralf Becker
7ea3c19659
allow to use homedirectory attribute from LDAP or ADS authentication for VFS mounts
2011-11-15 12:44:41 +00:00
Ralf Becker
923c78940e
do NOT force user to change password, if LDAP does NOT support shadowlastchange attribute
2011-11-15 10:10:20 +00:00
Klaus Leithoff
f7a50ec383
* API/CheckPasswordAge: new approach to the issue, as we have to take into account that the timestamp of the last password change may not be provided by the auth system. We fetch the timestamp from the authsystem if the method is implemented for the auth method configured (instead of juggling with account_lastpasswd_change or account_lastpwd_change)
2011-09-26 08:51:48 +00:00
Ralf Becker
fae1d29e68
- implemented more secure password hashing types: sha512_crypt, sha256_crypt and blowfish_crypt (later was only just broken)
...
- DB schema update for account_pwd to varchar(128) to accomodate sha512_crypt hashes
- enable automatic migration to sha512_crypt, if on SQL or LDAP (but only on Linux, as OpenLDAP has not native support for it)
2011-06-05 23:22:51 +00:00
Klaus Leithoff
0b1e444325
do not use password on asetLastPwdChange in admin actions, as the use of passwords indicates the usage of the functionality in usermode; Handle params for egw_cache::getSession in the correct order
2011-05-19 10:32:46 +00:00
Ralf Becker
86837b37f7
password hash migration for LDAP (requires ACL to read password hash!)
2011-05-04 16:35:40 +00:00
Ralf Becker
18b818bd57
reverting accidently commit r34595
2011-04-10 15:05:47 +00:00
Ralf Becker
bd4f019062
some more PostgreSQL stuff from ADOdb 5.11
2011-04-10 15:04:40 +00:00
Klaus Leithoff
4f0e104e27
more to the issue: fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered by auth system
2011-03-16 12:44:42 +00:00
Klaus Leithoff
a080404dab
fix to regard the password-last-changed information from the auth system - if provided, and thus be able to react on forced password changes triggered from auth system. set password-last-changed info in authsystem on password change. when trying to force the user to change his password upon next login as admin from within egrouware, try to set the 0 value within the authsystem as well (in ldap rights are required for admin (or user) to set/alter the shadowlastchange attribute)
2011-03-16 11:00:16 +00:00
Klaus Leithoff
1e314fb59d
shadowLastChange vs. shadowlastchange. Normalize to shadowlastchange - all lower case
2010-11-17 14:39:12 +00:00
Ralf Becker
b48888f3a0
debug switch to get Apache error_log message, why logins fail
2010-11-16 08:54:09 +00:00
Ralf Becker
741a12bef2
fixed typo, wrong parameter name
2010-09-10 08:24:19 +00:00
Ralf Becker
61d26df913
reworked auth classes, to allow them to use each other and a new auth class using a primary backend (ldap) and a fallback (sql)
2010-01-28 04:22:37 +00:00
Ralf Becker
5291d0ac39
Fixing the fix ;-)
...
shadowLastChange has to be an integer
2009-04-09 08:11:24 +00:00
Ralf Becker
7698d3ef65
Fixed not (always) updated last password change date
2009-04-09 06:41:41 +00:00
Ralf Becker
4f94d5837d
use of global db object and new headers, made all methods of the auth class static
2008-03-15 17:27:36 +00:00
Ralf Becker
742f10831b
not using gidNumber for autocreating accounts, as it means nothing on our system and it stops the group selected in setup from beeing used
2007-10-28 06:04:16 +00:00
Ralf Becker
23c2f997fc
"- fixed problem reported by JOYDEEP on the user-list: disabled accounts can still login under the ldap account backend"
2007-06-20 07:40:59 +00:00
Ralf Becker
1697a56468
"- fixed handling of passwords with special chars
...
- made handling of empty passwords more obvious
- fixed primary group to use negative group-id"
2007-06-20 06:49:02 +00:00
Ralf Becker
d8d93ebd77
changed the authticate method to use common::ldapConnect() and not do it yourself, which fails as the ldap-version3 attribute no longer exists
2006-06-09 00:07:57 +00:00
Ralf Becker
98d8b30761
rewrite of the accounts classes:
...
- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
2006-06-06 23:42:36 +00:00
Lars Kneschke
3abea0dbe6
fixed changing passwords using ldap
2005-12-02 12:49:50 +00:00
Ralf Becker
dafaf45680
fixed typo which caused the admin passwd to be changed, instead the one of the edited user
2005-11-13 06:09:10 +00:00
Ralf Becker
c85d34c0fe
changed the following table-names:
...
- phpgw_accounts --> egw_accounts
- phpgw_acl --> egw_acl
- phpgw_log(_msg) --> egw_log(_msg)
- phpgw_config --> egw_config
- phpgw_applications --> egw_applications
This requires code-changes in many apps. Quite often I was able to replace the db access, with calls to the appropreate classes.
2005-11-02 11:45:52 +00:00
Miles Lott
137e472433
Use correct quoting when querying/setting account_id; minor formatting
2005-08-27 12:19:35 +00:00
dawnlinux
b305532907
Correct a variable name, it should be "$_account_id" not "$account_id"
2004-12-14 02:12:09 +00:00
Ralf Becker
508cff860c
added configurable search-filter to auth_ldap
2004-08-21 12:18:07 +00:00
Ralf Becker
eed94133c3
fixed and extended auto_create_accounts: the following information from ldap are now automaticaly stored in the sql-account:
...
- name & firstname
- primary group (if a group with that numerical id exists in eGW, its added as primary group to the account and acl)
- numerical account-id (if availible, no new one gets created, but the one from ldap is used)
- email (as preference for the email-app)
2004-05-22 11:00:18 +00:00
reinerj
48f840d7de
move from old projct to new one
2004-05-05 12:06:13 +00:00
Miles Lott
0d23f90fd4
ensure integer value sent to avoid badfilter
2004-01-26 03:24:40 +00:00
Miles Lott
77fd8f4882
Move password functions to auth class; Add support for new encryption types in setup
...
and implement password checking and creation for these new types
2004-01-18 21:12:53 +00:00
Lars Kneschke
05b73a96b0
enable check for casesensitive usernames
2004-01-16 07:44:38 +00:00
Lars Kneschke
b11297fc59
make password changing using ldap working again
2004-01-02 15:07:04 +00:00
Ralf Becker
c218e158b1
added a check agains ldap-insertion in the login-name
2003-10-02 21:01:37 +00:00
Ralf Becker
54bcb34236
fixed account-enabled check for account-storage != ldap
2003-09-24 12:21:38 +00:00
Lars Kneschke
2a4b75c483
ldap fixes
2003-09-21 19:02:12 +00:00
Lars Kneschke
bfb56ec1de
ldap fixes
2003-09-14 14:35:36 +00:00
Ralf Becker
b8557e49d9
make the phpgw Version-0_9_16-branch HEAD
2003-08-28 14:31:11 +00:00
ceb
ba80c900a7
update
2002-11-24 01:45:28 +00:00
Miles Lott
8dd5db4d01
Swap old/new update_lastlogin()
2001-09-03 03:56:12 +00:00
Miles Lott
07009748e5
using GLOBALS now
2001-08-30 19:39:13 +00:00
jengo
3c64f8fc3e
Started adding in some eventlog reporting
2001-08-05 09:54:44 +00:00
Miles Lott
83db6d7fb0
Moved the one altered function into old file as new_*, remove _wip
2001-06-26 21:29:39 +00:00
jengo
cf9686e512
I broke a few things durring last commit, tring it again ...
2001-06-03 18:20:05 +00:00
jengo
37bd9763fa
Added feature to drop the previous login into appsessions, this way developer can find out how long its been since they last logged in.
...
- Formating in sqlssl
- Fixed change_password() in sqlssl not being correct and based on older versions
2001-06-03 17:58:12 +00:00