forked from extern/egroupware
fixed again not working new account creation under AD agains Win2008r2
This commit is contained in:
parent
d6459fec8a
commit
e90a6e1d42
@ -960,6 +960,16 @@ class accounts
|
||||
return $change_account_lid;
|
||||
}
|
||||
|
||||
/**
|
||||
* Query if backend requires password to be set, before allowing to enable an account
|
||||
*
|
||||
* @return boolean true if backend requires a password (AD), false or null otherwise (SQL, LDAP)
|
||||
*/
|
||||
function require_password_for_enable()
|
||||
{
|
||||
return constant(get_class($this->backend).'::REQUIRE_PASSWORD_FOR_ENABLE');
|
||||
}
|
||||
|
||||
function list_methods($_type='xmlrpc')
|
||||
{
|
||||
if (is_array($_type))
|
||||
|
@ -63,6 +63,11 @@ class accounts_ads
|
||||
*/
|
||||
const CHANGE_ACCOUNT_LID = false;
|
||||
|
||||
/**
|
||||
* Backend requires password to be set, before allowing to enable an account
|
||||
*/
|
||||
const REQUIRE_PASSWORD_FOR_ENABLE = true;
|
||||
|
||||
/**
|
||||
* Attributes to query to be able to generate account_id and account_lid
|
||||
*
|
||||
@ -763,6 +768,7 @@ class accounts_ads
|
||||
self::convertUnixTimeToWindowsTime($data[$egw]);
|
||||
break;
|
||||
case 'account_status':
|
||||
if ($new_entry && empty($data['account_passwd'])) continue; // cant active new account without passwd!
|
||||
$attributes[$adldap] = $data[$egw] == 'A';
|
||||
break;
|
||||
case 'account_lastpwd_change': // AD only allows to set 0 (force pw change) and -1 (reset time)
|
||||
|
@ -111,7 +111,7 @@ class auth_ads implements auth_backend
|
||||
|
||||
if (!($adldap->getUseSSL() || $adldap->getUseTLS()))
|
||||
{
|
||||
throw new egw_exception(lang('Failed to change password. Please contact your administrator.').' '.lang('Active directory requires SSL or TLS to change passwords!'));
|
||||
throw new egw_exception(lang('Failed to change password.').' '.lang('Active directory requires SSL or TLS to change passwords!'));
|
||||
}
|
||||
|
||||
if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login')
|
||||
@ -137,7 +137,6 @@ class auth_ads implements auth_backend
|
||||
return $ret;
|
||||
}
|
||||
catch (Exception $e) {
|
||||
error_log(__METHOD__."('$old_passwd', '$new_passwd', $account_id) admin=$admin adldap->user()->password('$username', '$new_passwd') returned ".array2string($ret).' ('.ldap_error($adldap->getLdapConnection()).')');
|
||||
// as we cant detect what the problem is, we do a password strength check and throw it's message, if it fails
|
||||
$error = auth::crackcheck($new_passwd,
|
||||
// if admin has nothing configured use windows default of 3 char classes, 7 chars min and name-part-check
|
||||
@ -150,7 +149,6 @@ class auth_ads implements auth_backend
|
||||
'Error' => lang('Error'),
|
||||
'Server is unwilling to perform.' => lang('Server is unwilling to perform.'),
|
||||
'Your password might not match the password policy.' => lang('Your password might not match the password policy.'),
|
||||
'SSL must be configured on your webserver and enabled in the class to set passwords.' => lang('Encrypted LDAP connection is required to change passwords, but it is not configured in your installation.'),
|
||||
));
|
||||
throw new egw_exception('<p><b>'.lang('Failed to change password.')."</b></p>\n".$msg.($error ? "\n<p>".$error."</p>\n" : ''));
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user