fixed again not working new account creation under AD agains Win2008r2

This commit is contained in:
Ralf Becker 2013-07-15 08:10:03 +00:00
parent d6459fec8a
commit e90a6e1d42
3 changed files with 17 additions and 3 deletions

View File

@ -960,6 +960,16 @@ class accounts
return $change_account_lid; return $change_account_lid;
} }
/**
* Query if backend requires password to be set, before allowing to enable an account
*
* @return boolean true if backend requires a password (AD), false or null otherwise (SQL, LDAP)
*/
function require_password_for_enable()
{
return constant(get_class($this->backend).'::REQUIRE_PASSWORD_FOR_ENABLE');
}
function list_methods($_type='xmlrpc') function list_methods($_type='xmlrpc')
{ {
if (is_array($_type)) if (is_array($_type))

View File

@ -63,6 +63,11 @@ class accounts_ads
*/ */
const CHANGE_ACCOUNT_LID = false; const CHANGE_ACCOUNT_LID = false;
/**
* Backend requires password to be set, before allowing to enable an account
*/
const REQUIRE_PASSWORD_FOR_ENABLE = true;
/** /**
* Attributes to query to be able to generate account_id and account_lid * Attributes to query to be able to generate account_id and account_lid
* *
@ -763,6 +768,7 @@ class accounts_ads
self::convertUnixTimeToWindowsTime($data[$egw]); self::convertUnixTimeToWindowsTime($data[$egw]);
break; break;
case 'account_status': case 'account_status':
if ($new_entry && empty($data['account_passwd'])) continue; // cant active new account without passwd!
$attributes[$adldap] = $data[$egw] == 'A'; $attributes[$adldap] = $data[$egw] == 'A';
break; break;
case 'account_lastpwd_change': // AD only allows to set 0 (force pw change) and -1 (reset time) case 'account_lastpwd_change': // AD only allows to set 0 (force pw change) and -1 (reset time)

View File

@ -111,7 +111,7 @@ class auth_ads implements auth_backend
if (!($adldap->getUseSSL() || $adldap->getUseTLS())) if (!($adldap->getUseSSL() || $adldap->getUseTLS()))
{ {
throw new egw_exception(lang('Failed to change password. Please contact your administrator.').' '.lang('Active directory requires SSL or TLS to change passwords!')); throw new egw_exception(lang('Failed to change password.').' '.lang('Active directory requires SSL or TLS to change passwords!'));
} }
if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login') if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login')
@ -137,7 +137,6 @@ class auth_ads implements auth_backend
return $ret; return $ret;
} }
catch (Exception $e) { catch (Exception $e) {
error_log(__METHOD__."('$old_passwd', '$new_passwd', $account_id) admin=$admin adldap->user()->password('$username', '$new_passwd') returned ".array2string($ret).' ('.ldap_error($adldap->getLdapConnection()).')');
// as we cant detect what the problem is, we do a password strength check and throw it's message, if it fails // as we cant detect what the problem is, we do a password strength check and throw it's message, if it fails
$error = auth::crackcheck($new_passwd, $error = auth::crackcheck($new_passwd,
// if admin has nothing configured use windows default of 3 char classes, 7 chars min and name-part-check // if admin has nothing configured use windows default of 3 char classes, 7 chars min and name-part-check
@ -150,7 +149,6 @@ class auth_ads implements auth_backend
'Error' => lang('Error'), 'Error' => lang('Error'),
'Server is unwilling to perform.' => lang('Server is unwilling to perform.'), 'Server is unwilling to perform.' => lang('Server is unwilling to perform.'),
'Your password might not match the password policy.' => lang('Your password might not match the password policy.'), 'Your password might not match the password policy.' => lang('Your password might not match the password policy.'),
'SSL must be configured on your webserver and enabled in the class to set passwords.' => lang('Encrypted LDAP connection is required to change passwords, but it is not configured in your installation.'),
)); ));
throw new egw_exception('<p><b>'.lang('Failed to change password.')."</b></p>\n".$msg.($error ? "\n<p>".$error."</p>\n" : '')); throw new egw_exception('<p><b>'.lang('Failed to change password.')."</b></p>\n".$msg.($error ? "\n<p>".$error."</p>\n" : ''));
} }