fixed again not working new account creation under AD agains Win2008r2

This commit is contained in:
Ralf Becker 2013-07-15 08:10:03 +00:00
parent d6459fec8a
commit e90a6e1d42
3 changed files with 17 additions and 3 deletions

View File

@ -960,6 +960,16 @@ class accounts
return $change_account_lid;
}
/**
* Query if backend requires password to be set, before allowing to enable an account
*
* @return boolean true if backend requires a password (AD), false or null otherwise (SQL, LDAP)
*/
function require_password_for_enable()
{
return constant(get_class($this->backend).'::REQUIRE_PASSWORD_FOR_ENABLE');
}
function list_methods($_type='xmlrpc')
{
if (is_array($_type))

View File

@ -63,6 +63,11 @@ class accounts_ads
*/
const CHANGE_ACCOUNT_LID = false;
/**
* Backend requires password to be set, before allowing to enable an account
*/
const REQUIRE_PASSWORD_FOR_ENABLE = true;
/**
* Attributes to query to be able to generate account_id and account_lid
*
@ -763,6 +768,7 @@ class accounts_ads
self::convertUnixTimeToWindowsTime($data[$egw]);
break;
case 'account_status':
if ($new_entry && empty($data['account_passwd'])) continue; // cant active new account without passwd!
$attributes[$adldap] = $data[$egw] == 'A';
break;
case 'account_lastpwd_change': // AD only allows to set 0 (force pw change) and -1 (reset time)

View File

@ -111,7 +111,7 @@ class auth_ads implements auth_backend
if (!($adldap->getUseSSL() || $adldap->getUseTLS()))
{
throw new egw_exception(lang('Failed to change password. Please contact your administrator.').' '.lang('Active directory requires SSL or TLS to change passwords!'));
throw new egw_exception(lang('Failed to change password.').' '.lang('Active directory requires SSL or TLS to change passwords!'));
}
if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login')
@ -137,7 +137,6 @@ class auth_ads implements auth_backend
return $ret;
}
catch (Exception $e) {
error_log(__METHOD__."('$old_passwd', '$new_passwd', $account_id) admin=$admin adldap->user()->password('$username', '$new_passwd') returned ".array2string($ret).' ('.ldap_error($adldap->getLdapConnection()).')');
// as we cant detect what the problem is, we do a password strength check and throw it's message, if it fails
$error = auth::crackcheck($new_passwd,
// if admin has nothing configured use windows default of 3 char classes, 7 chars min and name-part-check
@ -150,7 +149,6 @@ class auth_ads implements auth_backend
'Error' => lang('Error'),
'Server is unwilling to perform.' => lang('Server is unwilling to perform.'),
'Your password might not match the password policy.' => lang('Your password might not match the password policy.'),
'SSL must be configured on your webserver and enabled in the class to set passwords.' => lang('Encrypted LDAP connection is required to change passwords, but it is not configured in your installation.'),
));
throw new egw_exception('<p><b>'.lang('Failed to change password.')."</b></p>\n".$msg.($error ? "\n<p>".$error."</p>\n" : ''));
}