forked from extern/egroupware
fixed again not working new account creation under AD agains Win2008r2
This commit is contained in:
parent
d6459fec8a
commit
e90a6e1d42
@ -960,6 +960,16 @@ class accounts
|
|||||||
return $change_account_lid;
|
return $change_account_lid;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Query if backend requires password to be set, before allowing to enable an account
|
||||||
|
*
|
||||||
|
* @return boolean true if backend requires a password (AD), false or null otherwise (SQL, LDAP)
|
||||||
|
*/
|
||||||
|
function require_password_for_enable()
|
||||||
|
{
|
||||||
|
return constant(get_class($this->backend).'::REQUIRE_PASSWORD_FOR_ENABLE');
|
||||||
|
}
|
||||||
|
|
||||||
function list_methods($_type='xmlrpc')
|
function list_methods($_type='xmlrpc')
|
||||||
{
|
{
|
||||||
if (is_array($_type))
|
if (is_array($_type))
|
||||||
|
@ -63,6 +63,11 @@ class accounts_ads
|
|||||||
*/
|
*/
|
||||||
const CHANGE_ACCOUNT_LID = false;
|
const CHANGE_ACCOUNT_LID = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Backend requires password to be set, before allowing to enable an account
|
||||||
|
*/
|
||||||
|
const REQUIRE_PASSWORD_FOR_ENABLE = true;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Attributes to query to be able to generate account_id and account_lid
|
* Attributes to query to be able to generate account_id and account_lid
|
||||||
*
|
*
|
||||||
@ -763,6 +768,7 @@ class accounts_ads
|
|||||||
self::convertUnixTimeToWindowsTime($data[$egw]);
|
self::convertUnixTimeToWindowsTime($data[$egw]);
|
||||||
break;
|
break;
|
||||||
case 'account_status':
|
case 'account_status':
|
||||||
|
if ($new_entry && empty($data['account_passwd'])) continue; // cant active new account without passwd!
|
||||||
$attributes[$adldap] = $data[$egw] == 'A';
|
$attributes[$adldap] = $data[$egw] == 'A';
|
||||||
break;
|
break;
|
||||||
case 'account_lastpwd_change': // AD only allows to set 0 (force pw change) and -1 (reset time)
|
case 'account_lastpwd_change': // AD only allows to set 0 (force pw change) and -1 (reset time)
|
||||||
|
@ -111,7 +111,7 @@ class auth_ads implements auth_backend
|
|||||||
|
|
||||||
if (!($adldap->getUseSSL() || $adldap->getUseTLS()))
|
if (!($adldap->getUseSSL() || $adldap->getUseTLS()))
|
||||||
{
|
{
|
||||||
throw new egw_exception(lang('Failed to change password. Please contact your administrator.').' '.lang('Active directory requires SSL or TLS to change passwords!'));
|
throw new egw_exception(lang('Failed to change password.').' '.lang('Active directory requires SSL or TLS to change passwords!'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login')
|
if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login')
|
||||||
@ -137,7 +137,6 @@ class auth_ads implements auth_backend
|
|||||||
return $ret;
|
return $ret;
|
||||||
}
|
}
|
||||||
catch (Exception $e) {
|
catch (Exception $e) {
|
||||||
error_log(__METHOD__."('$old_passwd', '$new_passwd', $account_id) admin=$admin adldap->user()->password('$username', '$new_passwd') returned ".array2string($ret).' ('.ldap_error($adldap->getLdapConnection()).')');
|
|
||||||
// as we cant detect what the problem is, we do a password strength check and throw it's message, if it fails
|
// as we cant detect what the problem is, we do a password strength check and throw it's message, if it fails
|
||||||
$error = auth::crackcheck($new_passwd,
|
$error = auth::crackcheck($new_passwd,
|
||||||
// if admin has nothing configured use windows default of 3 char classes, 7 chars min and name-part-check
|
// if admin has nothing configured use windows default of 3 char classes, 7 chars min and name-part-check
|
||||||
@ -150,7 +149,6 @@ class auth_ads implements auth_backend
|
|||||||
'Error' => lang('Error'),
|
'Error' => lang('Error'),
|
||||||
'Server is unwilling to perform.' => lang('Server is unwilling to perform.'),
|
'Server is unwilling to perform.' => lang('Server is unwilling to perform.'),
|
||||||
'Your password might not match the password policy.' => lang('Your password might not match the password policy.'),
|
'Your password might not match the password policy.' => lang('Your password might not match the password policy.'),
|
||||||
'SSL must be configured on your webserver and enabled in the class to set passwords.' => lang('Encrypted LDAP connection is required to change passwords, but it is not configured in your installation.'),
|
|
||||||
));
|
));
|
||||||
throw new egw_exception('<p><b>'.lang('Failed to change password.')."</b></p>\n".$msg.($error ? "\n<p>".$error."</p>\n" : ''));
|
throw new egw_exception('<p><b>'.lang('Failed to change password.')."</b></p>\n".$msg.($error ? "\n<p>".$error."</p>\n" : ''));
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user