AD auth: allow users to modify their profile data

1 files changed, 52 insertions, 2 deletions

diff --git a/inc/auth/ad.class.php b/inc/auth/ad.class.php
index 5478d64b9..7c4f69c67 100644
--- a/inc/auth/ad.class.php
+++ b/inc/auth/ad.class.php
@@ -51,6 +51,13 @@ class auth_ad extends auth_basic {
         global $conf;
         $this->cnf = $conf['auth']['ad'];
 
+        // we can change the password if SSL is set
+        if($this->cnf['use_ssl']){
+            $this->cando['modPass'] = true;
+        }
+        $this->cando['modName'] = true;
+        $this->cando['modMail'] = true;
+
         // additional information fields
         if (isset($this->cnf['additional'])) {
             $this->cnf['additional'] = str_replace(' ', '', $this->cnf['additional']);
@@ -60,7 +67,7 @@ class auth_ad extends auth_basic {
         // ldap extension is needed
         if (!function_exists('ldap_connect')) {
             if ($this->cnf['debug'])
-                msg("LDAP err: PHP LDAP extension not found.",-1);
+                msg("AD Auth: PHP LDAP extension not found.",-1);
             $this->success = false;
             return;
         }
@@ -247,6 +254,49 @@ class auth_ad extends auth_basic {
     }
 
     /**
+     * Modify user data
+     *
+     * @param   $user      nick of the user to be changed
+     * @param   $changes   array of field/value pairs to be changed
+     * @return  bool
+    */
+    function modifyUser($user, $changes) {
+        $return = true;
+
+        // password changing
+        if(isset($changes['pass'])){
+            try {
+                $return = $this->adldap->user_password($user,$changes['pass']);
+            } catch (adLDAPException $e) {
+                if ($this->cnf['debug']) msg('AD Auth: '.$e->getMessage(), -1);
+                $return = false;
+            }
+            if(!$return) msg('AD Auth: failed to change the password. Maybe the password policy was not met?',-1);
+        }
+
+        // changing user data
+        $adchanges = array();
+        if(isset($changes['name'])){
+            // get first and last name
+            $parts = explode(' ',$changes['name']);
+            $adchanges['surname']   = array_pop($parts);
+            $adchanges['firstname'] = join(' ',$parts);
+            $adchanges['display_name'] = $changes['name'];
+        }
+        if(isset($changes['mail'])){
+            $adchanges['email'] = $changes['mail'];
+        }
+        try {
+            $return = $return & $this->adldap->user_modify($user,$adchanges);
+        } catch (adLDAPException $e) {
+            if ($this->cnf['debug']) msg('AD Auth: '.$e->getMessage(), -1);
+            $return = false;
+        }
+
+        return $return;
+    }
+
+    /**
      * Initialize the AdLDAP library and connect to the server
      */
     function _init(){
@@ -261,7 +311,7 @@ class auth_ad extends auth_basic {
             return true;
         } catch (adLDAPException $e) {
             if ($this->cnf['debug']) {
-                msg($e->getMessage(), -1);
+                msg('AD Auth: '.$e->getMessage(), -1);
             }
             $this->success = false;
             $this->adldap  = null;