Merge remote-tracking branch master into revisions

13 files changed, 151 insertions, 10 deletions

diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php
index 6c3637e15..b22b82ecc 100644
--- a/lib/plugins/authldap/auth.php
+++ b/lib/plugins/authldap/auth.php
@@ -36,8 +36,8 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin {
             return;
         }
 
-        // auth_ldap currently just handles authentication, so no
-        // capabilities are set
+        // Add the capabilities to change the password
+        $this->cando['modPass'] = true;
     }
 
     /**
@@ -103,7 +103,7 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin {
             return true;
         } else {
             // See if we can find the user
-            $info = $this->getUserData($user, true);
+            $info = $this->_getUserData($user, true);
             if(empty($info['dn'])) {
                 return false;
             } else {
@@ -146,10 +146,19 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin {
      * @author  Steffen Schoch <schoch@dsb.net>
      *
      * @param   string $user
+     * @param   bool   $requireGroups (optional) - ignored, groups are always supplied by this plugin
+     * @return  array containing user data or false
+     */
+    public function getUserData($user, $requireGroups=true) {
+        return $this->_getUserData($user);
+    }
+
+    /**
+     * @param   string $user
      * @param   bool   $inbind authldap specific, true if in bind phase
      * @return  array containing user data or false
      */
-    public function getUserData($user, $inbind = false) {
+    protected function _getUserData($user, $inbind = false) {
         global $conf;
         if(!$this->_openLDAP()) return false;
 
@@ -264,6 +273,62 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin {
     }
 
     /**
+     * Definition of the function modifyUser in order to modify the password
+     */
+
+    function modifyUser($user,$changes){
+
+        // open the connection to the ldap
+        if(!$this->_openLDAP()){
+            msg('LDAP cannot connect: '. htmlspecialchars(ldap_error($this->con)));
+            return false;
+        }
+
+        // find the information about the user, in particular the "dn"
+        $info = $this->getUserData($user,true);
+        if(empty($info['dn'])) {
+            msg('LDAP cannot find your user dn');
+            return false;
+        }
+        $dn = $info['dn'];
+
+        // find the old password of the user
+        list($loginuser,$loginsticky,$loginpass) = auth_getCookie();
+        if ($loginuser !== null) { // the user is currently logged in
+            $secret = auth_cookiesalt(!$loginsticky, true);
+            $pass   = auth_decrypt($loginpass, $secret);
+
+            // bind with the ldap
+            if(!@ldap_bind($this->con, $dn, $pass)){
+                msg('LDAP user bind failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
+                return false;
+            }
+        } elseif ($this->getConf('binddn') && $this->getConf('bindpw')) {
+            // we are changing the password on behalf of the user (eg: forgotten password)
+            // bind with the superuser ldap
+            if (!@ldap_bind($this->con, $this->getConf('binddn'), $this->getConf('bindpw'))){
+                $this->_debug('LDAP bind as superuser: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
+                return false;
+            }
+        }
+        else {
+            return false; // no otherway
+        }
+
+        // Generate the salted hashed password for LDAP
+        $phash = new PassHash();
+        $hash = $phash->hash_ssha($changes['pass']);
+
+        // change the password
+        if(!@ldap_mod_replace($this->con, $dn,array('userpassword' => $hash))){
+            msg('LDAP mod replace failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)));
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
      * Most values in LDAP are case-insensitive
      *
      * @return bool
diff --git a/lib/plugins/authldap/lang/es/settings.php b/lib/plugins/authldap/lang/es/settings.php
index f8c3ad014..6991546d3 100644
--- a/lib/plugins/authldap/lang/es/settings.php
+++ b/lib/plugins/authldap/lang/es/settings.php
@@ -4,8 +4,22 @@
  * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
  * 
  * @author Antonio Bueno <atnbueno@gmail.com>
+ * @author Eloy <ej.perezgomez@gmail.com>
  */
+$lang['server']                = 'Tu servidor LDAP. Puede ser el nombre del host  (<code>localhost</code>) o una URL completa (<code>ldap://server.tld:389</code>)';
+$lang['port']                  = 'Servidor LDAP en caso de que no se diera la URL completa anteriormente.';
+$lang['usertree']              = 'Donde encontrar cuentas de usuario. Ej. <code>ou=People, dc=server, dc=tld</code>';
+$lang['grouptree']             = 'Donde encontrar grupos de usuarios. Ej. <code>ou=Group, dc=server, dc=tld</code>';
+$lang['userfilter']            = 'Filtro LDAP para la busqueda de cuentas de usuario. P. E. <code>(&amp;(uid=%{user})(objectClass=posixAccount))</code>';
+$lang['groupfilter']           = 'Filtro LDAP para la busqueda de grupos. P. E. <code>(&amp;(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>';
+$lang['version']               = 'La versión del protocolo a usar. Puede que necesites poner esto a <code>3</code>';
 $lang['starttls']              = 'Usar conexiones TLS?';
+$lang['referrals']             = '¿Deben ser seguidas las referencias?';
+$lang['deref']                 = '¿Cómo desreferenciar los alias?';
+$lang['bindpw']                = 'Contraseña del usuario de arriba.';
+$lang['userscope']             = 'Limitar ámbito de búsqueda para búsqueda de usuarios';
+$lang['groupscope']            = 'Limitar ámbito de búsqueda para búsqueda de grupos';
+$lang['groupkey']              = 'Pertenencia al grupo desde cualquier atributo de usuario (en lugar de grupos AD estándar) p.e., grupo a partir departamento o número de teléfono';
 $lang['debug']                 = 'Mostrar información adicional para depuración de errores';
 $lang['deref_o_0']             = 'LDAP_DEREF_NEVER';
 $lang['deref_o_1']             = 'LDAP_DEREF_SEARCHING';
diff --git a/lib/plugins/authldap/lang/et/settings.php b/lib/plugins/authldap/lang/et/settings.php
index 9bba85dda..f4933b6bf 100644
--- a/lib/plugins/authldap/lang/et/settings.php
+++ b/lib/plugins/authldap/lang/et/settings.php
@@ -5,5 +5,5 @@
  * 
  * @author Janar Leas <janar.leas@eesti.ee>
  */
-$lang['grouptree']             = 'Kus kohast kasutaja rühmi otsida. Nt. <code>ou=Rühm, dc=server, dc=tld</code';
+$lang['grouptree']             = 'Kus kohast kasutaja rühmi otsida. Nt. <code>ou=Rühm, dc=server, dc=tld</code>';
 $lang['groupscope']            = 'Piiritle otsingu ulatus rühma otsinguga';
diff --git a/lib/plugins/authldap/lang/hr/settings.php b/lib/plugins/authldap/lang/hr/settings.php
new file mode 100644
index 000000000..cb8df7218
--- /dev/null
+++ b/lib/plugins/authldap/lang/hr/settings.php
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author Davor Turkalj <turki.bsc@gmail.com>
+ */
+$lang['server']                = 'Vaš LDAP server. Upišite ili naziv računala (<code>localhost</code>) ili puni URL (<code>ldap://server.tld:389</code>)';
+$lang['port']                  = 'LDAP server port, ako gore nije specificiran puni URL.';
+$lang['usertree']              = 'Gdje da nađem korisničke prijave. Npr. <code>ou=People, dc=server, dc=tld</code>';
+$lang['grouptree']             = 'Gdje da nađem korisničke grupe. Npr. <code>ou=Group, dc=server, dc=tld</code>';
+$lang['userfilter']            = 'LDAP filter za pretragu korisničkih prijava. Npr. <code>(&amp;(uid=%{user})(objectClass=posixAccount))</code>';
+$lang['groupfilter']           = 'LDAP filter za pretragu grupa. Npr. <code>(&amp;(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>';
+$lang['version']               = 'Protokol koji se koristi. Možda će te trebati postaviti na <code>3</code>';
+$lang['starttls']              = 'Korisni TLS vezu?';
+$lang['referrals']             = 'Da li da slijedim uputnice?';
+$lang['deref']                 = 'Kako da razlikujem aliase?';
+$lang['binddn']                = 'DN opcionalnog korisnika ako anonimni korisnik nije dovoljan. Npr. <code>cn=admin, dc=my, dc=home</code>';
+$lang['bindpw']                = 'Lozinka gore navedenog korisnika';
+$lang['userscope']             = 'Ograniči područje za pretragu korisnika';
+$lang['groupscope']            = 'Ograniči područje za pretragu grupa';
+$lang['groupkey']              = 'Članstvo grupa iz svih atributa korisnika (umjesto standardnih AD grupa) npr. grupa iz odjela ili telefonskog broja';
+$lang['debug']                 = 'Prikaži dodatne informacije u slučaju greške';
+$lang['deref_o_0']             = 'LDAP_DEREF_NEVER';
+$lang['deref_o_1']             = 'LDAP_DEREF_SEARCHING';
+$lang['deref_o_2']             = 'LDAP_DEREF_FINDING';
+$lang['deref_o_3']             = 'LDAP_DEREF_ALWAYS';
diff --git a/lib/plugins/authldap/lang/it/settings.php b/lib/plugins/authldap/lang/it/settings.php
index eba7cde6e..858c694b8 100644
--- a/lib/plugins/authldap/lang/it/settings.php
+++ b/lib/plugins/authldap/lang/it/settings.php
@@ -5,6 +5,7 @@
  * 
  * @author Edmondo Di Tucci <snarchio@gmail.com>
  * @author Claudio Lanconelli <lancos@libero.it>
+ * @author Francesco <francesco.cavalli@hotmail.com>
  */
 $lang['server']                = 'Il tuo server LDAP. Inserire o l\'hostname (<code>localhost</code>) oppure un URL completo (<code>ldap://server.tld:389</code>)';
 $lang['port']                  = 'Porta del server LDAP se non è stato fornito un URL completo più sopra.';
@@ -14,6 +15,11 @@ $lang['userfilter']            = 'Filtro per cercare l\'account utente LDAP. Eg.
 $lang['groupfilter']           = 'Filtro per cercare i gruppi LDAP. Eg. <code>(&amp;(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>';
 $lang['version']               = 'Versione protocollo da usare. Pu<code>3</code>';
 $lang['starttls']              = 'Usare la connessione TSL?';
+$lang['deref']                 = 'Come differenziare un alias?';
 $lang['userscope']             = 'Limita il contesto di ricerca per la ricerca degli utenti';
 $lang['groupscope']            = 'Limita il contesto di ricerca per la ricerca dei gruppi';
 $lang['debug']                 = 'In caso di errori mostra ulteriori informazioni di debug';
+$lang['deref_o_0']             = 'LDAP_DEREF_NEVER';
+$lang['deref_o_1']             = 'LDAP_DEREF_SEARCHING';
+$lang['deref_o_2']             = 'LDAP_DEREF_FINDING';
+$lang['deref_o_3']             = 'LDAP_DEREF_ALWAYS';
diff --git a/lib/plugins/authldap/lang/ja/settings.php b/lib/plugins/authldap/lang/ja/settings.php
index 6dec9a576..6cff0ea67 100644
--- a/lib/plugins/authldap/lang/ja/settings.php
+++ b/lib/plugins/authldap/lang/ja/settings.php
@@ -6,8 +6,9 @@
  * @author Satoshi Sahara <sahara.satoshi@gmail.com>
  * @author Hideaki SAWADA <sawadakun@live.jp>
  * @author Hideaki SAWADA <chuno@live.jp>
+ * @author PzF_X <jp_minecraft@yahoo.co.jp>
  */
-$lang['server']                = 'LDAPサーバー。ホスト名（<code>localhost</code）又は完全修飾URL（<code>ldap://server.tld:389</code>）';
+$lang['server']                = 'LDAPサーバー。ホスト名（<code>localhost</code>）又は完全修飾URL（<code>ldap://server.tld:389</code>）';
 $lang['port']                  = '上記が完全修飾URLでない場合、LDAPサーバーポート';
 $lang['usertree']              = 'ユーザーアカウントを探す場所。例：<code>ou=People, dc=server, dc=tld</code>';
 $lang['grouptree']             = 'ユーザーグループを探す場所。例：<code>ou=Group, dc=server, dc=tld</code>';
@@ -15,8 +16,14 @@ $lang['userfilter']            = 'ユーザーアカウントを探すためのL
 $lang['groupfilter']           = 'グループを探すLDAP抽出条件。例：<code>(&amp;(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>';
 $lang['version']               = '使用するプロトコルのバージョン。<code>3</code>を設定する必要がある場合があります。';
 $lang['starttls']              = 'TLS接続を使用しますか？';
+$lang['referrals']             = '紹介に従いますか?';
+$lang['deref']                 = 'どのように間接参照のエイリアスにしますか?';
 $lang['binddn']                = '匿名バインドでは不十分な場合、オプションバインドユーザーのDN。例：<code>cn=admin, dc=my, dc=home</code>';
 $lang['bindpw']                = '上記ユーザーのパスワード';
+$lang['userscope']             = 'ユーザー検索の範囲を限定させる';
+$lang['groupscope']            = 'グループ検索の範囲を限定させる';
+$lang['groupkey']              = 'ユーザー属性をグループのメンバーシップから設定します(代わりに標準のADグループ)。
+例えば、部署や電話番号などです。';
 $lang['debug']                 = 'エラーに関して追加のデバッグ情報を表示する。';
 $lang['deref_o_0']             = 'LDAP_DEREF_NEVER';
 $lang['deref_o_1']             = 'LDAP_DEREF_SEARCHING';
diff --git a/lib/plugins/authldap/lang/ko/settings.php b/lib/plugins/authldap/lang/ko/settings.php
index ae8dc7ab6..e663ba063 100644
--- a/lib/plugins/authldap/lang/ko/settings.php
+++ b/lib/plugins/authldap/lang/ko/settings.php
@@ -13,8 +13,8 @@ $lang['userfilter']            = '사용자 계정을 찾을 LDAP 필터. 예를
 $lang['groupfilter']           = '그룹을 찾을 LDAP 필터. 예를 들어 <code>(&amp;(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>';
 $lang['version']               = '사용할 프로토콜 버전. <code>3</code>으로 설정해야 할 수도 있습니다';
 $lang['starttls']              = 'TLS 연결을 사용하겠습니까?';
-$lang['referrals']             = '참고(referrals)를 허용하겠습니까? ';
-$lang['deref']                 = '어떻게 별명을 간접 참고하겠습니까?';
+$lang['referrals']             = '참조(referrals)를 허용하겠습니까? ';
+$lang['deref']                 = '어떻게 별명을 간접 참조하겠습니까?';
 $lang['binddn']                = '익명 바인드가 충분하지 않으면 선택적인 바인드 사용자의 DN. 예를 들어 <code>cn=admin, dc=my, dc=home</code>';
 $lang['bindpw']                = '위 사용자의 비밀번호';
 $lang['userscope']             = '사용자 검색에 대한 검색 범위 제한';
diff --git a/lib/plugins/authldap/lang/lv/settings.php b/lib/plugins/authldap/lang/lv/settings.php
new file mode 100644
index 000000000..90986e4f1
--- /dev/null
+++ b/lib/plugins/authldap/lang/lv/settings.php
@@ -0,0 +1,9 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author Aivars Miška <allefm@gmail.com>
+ */
+$lang['starttls']              = 'Lietot TLS  savienojumus?';
+$lang['bindpw']                = 'Lietotāja parole';
diff --git a/lib/plugins/authldap/lang/ru/settings.php b/lib/plugins/authldap/lang/ru/settings.php
index 04a3ee784..5677e06a3 100644
--- a/lib/plugins/authldap/lang/ru/settings.php
+++ b/lib/plugins/authldap/lang/ru/settings.php
@@ -7,9 +7,12 @@
  * @author Aleksandr Selivanov <alexgearbox@gmail.com>
  * @author Erli Moen <evseev.jr@gmail.com>
  * @author Aleksandr Selivanov <alexgearbox@yandex.ru>
+ * @author Владимир <id37736@yandex.ru>
  */
+$lang['starttls']              = 'Использовать TLS подключения?';
 $lang['deref']                 = 'Как расшифровывать псевдонимы?';
 $lang['bindpw']                = 'Пароль для указанного пользователя.';
+$lang['debug']                 = 'Показывать дополнительную отладочную информацию при ошибках';
 $lang['deref_o_0']             = 'LDAP_DEREF_NEVER';
 $lang['deref_o_1']             = 'LDAP_DEREF_SEARCHING';
 $lang['deref_o_2']             = 'LDAP_DEREF_FINDING';
diff --git a/lib/plugins/authldap/lang/sl/settings.php b/lib/plugins/authldap/lang/sl/settings.php
index f180226fc..f63070390 100644
--- a/lib/plugins/authldap/lang/sl/settings.php
+++ b/lib/plugins/authldap/lang/sl/settings.php
@@ -4,5 +4,7 @@
  * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
  * 
  * @author matej <mateju@svn.gnome.org>
+ * @author Jernej Vidmar <jernej.vidmar@vidmarboehm.com>
  */
 $lang['starttls']              = 'Ali naj se uporabijo povezave TLS?';
+$lang['bindpw']                = 'Geslo uporabnika zgoraj';
diff --git a/lib/plugins/authldap/lang/tr/settings.php b/lib/plugins/authldap/lang/tr/settings.php
new file mode 100644
index 000000000..843b7ef9c
--- /dev/null
+++ b/lib/plugins/authldap/lang/tr/settings.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author ilker rifat kapaç <irifat@gmail.com>
+ */
+$lang['bindpw']                = 'Üstteki kullanıcının şifresi';
diff --git a/lib/plugins/authldap/lang/zh-tw/settings.php b/lib/plugins/authldap/lang/zh-tw/settings.php
index 7e35ef632..e3d85cb87 100644
--- a/lib/plugins/authldap/lang/zh-tw/settings.php
+++ b/lib/plugins/authldap/lang/zh-tw/settings.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
  * 
@@ -19,7 +20,6 @@ $lang['userscope']             = '限制使用者搜索的範圍';
 $lang['groupscope']            = '限制群組搜索的範圍';
 $lang['groupkey']              = '以其他使用者屬性 (而非標準 AD 群組) 來把使用者分組，例如以部門或電話號碼分類';
 $lang['debug']                 = '有錯誤時，顯示額外除錯資訊';
-
 $lang['deref_o_0']             = 'LDAP_DEREF_NEVER';
 $lang['deref_o_1']             = 'LDAP_DEREF_SEARCHING';
 $lang['deref_o_2']             = 'LDAP_DEREF_FINDING';
diff --git a/lib/plugins/authldap/plugin.info.txt b/lib/plugins/authldap/plugin.info.txt
index 0d0b13f65..964fbb994 100644
--- a/lib/plugins/authldap/plugin.info.txt
+++ b/lib/plugins/authldap/plugin.info.txt
@@ -1,7 +1,7 @@
 base   authldap
 author Andreas Gohr
 email  andi@splitbrain.org
-date   2013-04-19
+date   2014-05-18
 name   LDAP Auth Plugin
 desc   Provides user authentication against an LDAP server
 url    http://www.dokuwiki.org/plugin:authldap