Merge branch 'master' into stable

Conflicts: data/deleted.files doku.php lib/exe/xmlrpc.php
author: Adrian Lang <mail@adrianlang.de> 2011-04-22 22:35:43 +0200
committer: Adrian Lang <mail@adrianlang.de> 2011-04-22 22:35:43 +0200
commit: 8ccf9c9785ec2b626bad30a88a21f02886845418 (patch)
tree: 0ecd6103880e3350bd37ba11ae3872805ede1755 /inc/auth
parent: e2092379b1c3200832cb569781ec647db5aeef0f (diff)
parent: 23d27376b2a2f6a1ccf0777c48435717494d85b1 (diff)
download: rpg-8ccf9c9785ec2b626bad30a88a21f02886845418.tar.gz
rpg-8ccf9c9785ec2b626bad30a88a21f02886845418.tar.bz2
6 files changed, 61 insertions, 11 deletions
diff --git a/inc/auth/ad.class.php b/inc/auth/ad.class.php
index 90fe0266b..9ffd3e18b 100644
--- a/inc/auth/ad.class.php
+++ b/inc/auth/ad.class.php
@@ -24,6 +24,7 @@
  *   $conf['auth']['ad']['ad_password']        = 'pass';
  *   $conf['auth']['ad']['real_primarygroup']  = 1;
  *   $conf['auth']['ad']['use_ssl']            = 1;
+ *   $conf['auth']['ad']['use_tls']            = 1;
  *   $conf['auth']['ad']['debug']              = 1;
  *
  *   // get additional information to the userinfo array
@@ -51,6 +52,7 @@ class auth_ad extends auth_basic {
         global $conf;
         $this->cnf = $conf['auth']['ad'];
 
+
         // additional information fields
         if (isset($this->cnf['additional'])) {
             $this->cnf['additional'] = str_replace(' ', '', $this->cnf['additional']);
@@ -60,7 +62,7 @@ class auth_ad extends auth_basic {
         // ldap extension is needed
         if (!function_exists('ldap_connect')) {
             if ($this->cnf['debug'])
-                msg("LDAP err: PHP LDAP extension not found.",-1);
+                msg("AD Auth: PHP LDAP extension not found.",-1);
             $this->success = false;
             return;
         }
@@ -97,7 +99,12 @@ class auth_ad extends auth_basic {
         $this->opts['domain_controllers'] = array_map('trim',$this->opts['domain_controllers']);
         $this->opts['domain_controllers'] = array_filter($this->opts['domain_controllers']);
 
-        // we currently just handle authentication, so no capabilities are set
+        // we can change the password if SSL is set
+        if($this->opts['use_ssl'] || $this->opts['use_tls']){
+            $this->cando['modPass'] = true;
+        }
+        $this->cando['modName'] = true;
+        $this->cando['modMail'] = true;
     }
 
     /**
@@ -126,7 +133,7 @@ class auth_ad extends auth_basic {
      * at least these fields:
      *
      * name string  full name of the user
-     * mail string  email addres of the user
+     * mail string  email address of the user
      * grps array   list of groups the user is in
      *
      * This LDAP specific function returns the following
@@ -247,6 +254,49 @@ class auth_ad extends auth_basic {
     }
 
     /**
+     * Modify user data
+     *
+     * @param   $user      nick of the user to be changed
+     * @param   $changes   array of field/value pairs to be changed
+     * @return  bool
+    */
+    function modifyUser($user, $changes) {
+        $return = true;
+
+        // password changing
+        if(isset($changes['pass'])){
+            try {
+                $return = $this->adldap->user_password($user,$changes['pass']);
+            } catch (adLDAPException $e) {
+                if ($this->cnf['debug']) msg('AD Auth: '.$e->getMessage(), -1);
+                $return = false;
+            }
+            if(!$return) msg('AD Auth: failed to change the password. Maybe the password policy was not met?',-1);
+        }
+
+        // changing user data
+        $adchanges = array();
+        if(isset($changes['name'])){
+            // get first and last name
+            $parts = explode(' ',$changes['name']);
+            $adchanges['surname']   = array_pop($parts);
+            $adchanges['firstname'] = join(' ',$parts);
+            $adchanges['display_name'] = $changes['name'];
+        }
+        if(isset($changes['mail'])){
+            $adchanges['email'] = $changes['mail'];
+        }
+        try {
+            $return = $return & $this->adldap->user_modify($user,$adchanges);
+        } catch (adLDAPException $e) {
+            if ($this->cnf['debug']) msg('AD Auth: '.$e->getMessage(), -1);
+            $return = false;
+        }
+
+        return $return;
+    }
+
+    /**
      * Initialize the AdLDAP library and connect to the server
      */
     function _init(){
@@ -261,7 +311,7 @@ class auth_ad extends auth_basic {
             return true;
         } catch (adLDAPException $e) {
             if ($this->cnf['debug']) {
-                msg($e->getMessage(), -1);
+                msg('AD Auth: '.$e->getMessage(), -1);
             }
             $this->success = false;
             $this->adldap  = null;
@@ -296,4 +346,4 @@ class auth_ad extends auth_basic {
     }
 }
 
-//Setup VIM: ex: et ts=4 enc=utf-8 :
+//Setup VIM: ex: et ts=4 :
diff --git a/inc/auth/basic.class.php b/inc/auth/basic.class.php
index fa38970ae..c7e7031bf 100644
--- a/inc/auth/basic.class.php
+++ b/inc/auth/basic.class.php
@@ -400,4 +400,4 @@ class auth_basic {
   }
 
 }
-//Setup VIM: ex: et ts=2 enc=utf-8 :
+//Setup VIM: ex: et ts=2 :
diff --git a/inc/auth/ldap.class.php b/inc/auth/ldap.class.php
index 7f1eec187..420043238 100644
--- a/inc/auth/ldap.class.php
+++ b/inc/auth/ldap.class.php
@@ -457,4 +457,4 @@ class auth_ldap extends auth_basic {
     }
 }
 
-//Setup VIM: ex: et ts=4 enc=utf-8 :
+//Setup VIM: ex: et ts=4 :
diff --git a/inc/auth/mysql.class.php b/inc/auth/mysql.class.php
index ca607ced5..653c725a3 100644
--- a/inc/auth/mysql.class.php
+++ b/inc/auth/mysql.class.php
@@ -46,7 +46,7 @@ class auth_mysql extends auth_basic {
 
       // set capabilities based upon config strings set
       if (empty($this->cnf['server']) || empty($this->cnf['user']) ||
-          empty($this->cnf['password']) || empty($this->cnf['database'])){
+          !isset($this->cnf['password']) || empty($this->cnf['database'])){
         if ($this->cnf['debug'])
           msg("MySQL err: insufficient configuration.",-1,__LINE__,__FILE__);
         $this->success = false;
@@ -936,4 +936,4 @@ class auth_mysql extends auth_basic {
     }
 }
 
-//Setup VIM: ex: et ts=2 enc=utf-8 :
+//Setup VIM: ex: et ts=2 :
diff --git a/inc/auth/pgsql.class.php b/inc/auth/pgsql.class.php
index 8e68e865e..cf8bf7600 100644
--- a/inc/auth/pgsql.class.php
+++ b/inc/auth/pgsql.class.php
@@ -407,4 +407,4 @@ class auth_pgsql extends auth_mysql {
 
 }
 
-//Setup VIM: ex: et ts=2 enc=utf-8 :
+//Setup VIM: ex: et ts=2 :
diff --git a/inc/auth/plain.class.php b/inc/auth/plain.class.php
index ec9e52beb..3941190e9 100644
--- a/inc/auth/plain.class.php
+++ b/inc/auth/plain.class.php
@@ -325,4 +325,4 @@ class auth_plain extends auth_basic {
     }
 }
 
-//Setup VIM: ex: et ts=2 enc=utf-8 :
+//Setup VIM: ex: et ts=2 :
author	Adrian Lang <mail@adrianlang.de>	2011-04-22 22:35:43 +0200
committer	Adrian Lang <mail@adrianlang.de>	2011-04-22 22:35:43 +0200
commit	8ccf9c9785ec2b626bad30a88a21f02886845418 (patch)
tree	0ecd6103880e3350bd37ba11ae3872805ede1755 /inc/auth
parent	e2092379b1c3200832cb569781ec647db5aeef0f (diff)
parent	23d27376b2a2f6a1ccf0777c48435717494d85b1 (diff)
download	rpg-8ccf9c9785ec2b626bad30a88a21f02886845418.tar.gz rpg-8ccf9c9785ec2b626bad30a88a21f02886845418.tar.bz2