diff options
Diffstat (limited to 'lib/plugins/authldap')
| -rw-r--r-- | lib/plugins/authldap/auth.php | 60 | ||||
| -rw-r--r-- | lib/plugins/authldap/lang/ja/settings.php | 7 |
2 files changed, 65 insertions, 2 deletions
diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php index 6c3637e15..0d5e130ea 100644 --- a/lib/plugins/authldap/auth.php +++ b/lib/plugins/authldap/auth.php @@ -36,8 +36,8 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { return; } - // auth_ldap currently just handles authentication, so no - // capabilities are set + // Add the capabilities to change the password + $this->cando['modPass'] = true; } /** @@ -264,6 +264,62 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin { } /** + * Definition of the function modifyUser in order to modify the password + */ + + function modifyUser($user,$changes){ + + // open the connection to the ldap + if(!$this->_openLDAP()){ + msg('LDAP cannot connect: '. htmlspecialchars(ldap_error($this->con))); + return false; + } + + // find the information about the user, in particular the "dn" + $info = $this->getUserData($user,true); + if(empty($info['dn'])) { + msg('LDAP cannot find your user dn'); + return false; + } + $dn = $info['dn']; + + // find the old password of the user + list($loginuser,$loginsticky,$loginpass) = auth_getCookie(); + if ($loginuser !== null) { // the user is currently logged in + $secret = auth_cookiesalt(!$loginsticky, true); + $pass = auth_decrypt($loginpass, $secret); + + // bind with the ldap + if(!@ldap_bind($this->con, $dn, $pass)){ + msg('LDAP user bind failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); + return false; + } + } elseif ($this->getConf('binddn') && $this->getConf('bindpw')) { + // we are changing the password on behalf of the user (eg: forgotten password) + // bind with the superuser ldap + if (!@ldap_bind($this->con, $this->getConf('binddn'), $this->getConf('bindpw'))){ + $this->_debug('LDAP bind as superuser: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__); + return false; + } + } + else { + return false; // no otherway + } + + // Generate the salted hashed password for LDAP + $phash = new PassHash(); + $hash = $phash->hash_ssha($changes['pass']); + + // change the password + if(!@ldap_mod_replace($this->con, $dn,array('userpassword' => $hash))){ + msg('LDAP mod replace failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con))); + return false; + } + + return true; + } + + /** * Most values in LDAP are case-insensitive * * @return bool diff --git a/lib/plugins/authldap/lang/ja/settings.php b/lib/plugins/authldap/lang/ja/settings.php index 3c0e08f6a..6cff0ea67 100644 --- a/lib/plugins/authldap/lang/ja/settings.php +++ b/lib/plugins/authldap/lang/ja/settings.php @@ -6,6 +6,7 @@ * @author Satoshi Sahara <sahara.satoshi@gmail.com> * @author Hideaki SAWADA <sawadakun@live.jp> * @author Hideaki SAWADA <chuno@live.jp> + * @author PzF_X <jp_minecraft@yahoo.co.jp> */ $lang['server'] = 'LDAPサーバー。ホスト名(<code>localhost</code>)又は完全修飾URL(<code>ldap://server.tld:389</code>)'; $lang['port'] = '上記が完全修飾URLでない場合、LDAPサーバーポート'; @@ -15,8 +16,14 @@ $lang['userfilter'] = 'ユーザーアカウントを探すためのL $lang['groupfilter'] = 'グループを探すLDAP抽出条件。例:<code>(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>'; $lang['version'] = '使用するプロトコルのバージョン。<code>3</code>を設定する必要がある場合があります。'; $lang['starttls'] = 'TLS接続を使用しますか?'; +$lang['referrals'] = '紹介に従いますか?'; +$lang['deref'] = 'どのように間接参照のエイリアスにしますか?'; $lang['binddn'] = '匿名バインドでは不十分な場合、オプションバインドユーザーのDN。例:<code>cn=admin, dc=my, dc=home</code>'; $lang['bindpw'] = '上記ユーザーのパスワード'; +$lang['userscope'] = 'ユーザー検索の範囲を限定させる'; +$lang['groupscope'] = 'グループ検索の範囲を限定させる'; +$lang['groupkey'] = 'ユーザー属性をグループのメンバーシップから設定します(代わりに標準のADグループ)。 +例えば、部署や電話番号などです。'; $lang['debug'] = 'エラーに関して追加のデバッグ情報を表示する。'; $lang['deref_o_0'] = 'LDAP_DEREF_NEVER'; $lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING'; |