8 files changed, 128 insertions, 6 deletions

diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php
index 6c3637e15..b22b82ecc 100644
--- a/lib/plugins/authldap/auth.php
+++ b/lib/plugins/authldap/auth.php
@@ -36,8 +36,8 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin {
             return;
         }
 
-        // auth_ldap currently just handles authentication, so no
-        // capabilities are set
+        // Add the capabilities to change the password
+        $this->cando['modPass'] = true;
     }
 
     /**
@@ -103,7 +103,7 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin {
             return true;
         } else {
             // See if we can find the user
-            $info = $this->getUserData($user, true);
+            $info = $this->_getUserData($user, true);
             if(empty($info['dn'])) {
                 return false;
             } else {
@@ -146,10 +146,19 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin {
      * @author  Steffen Schoch <schoch@dsb.net>
      *
      * @param   string $user
+     * @param   bool   $requireGroups (optional) - ignored, groups are always supplied by this plugin
+     * @return  array containing user data or false
+     */
+    public function getUserData($user, $requireGroups=true) {
+        return $this->_getUserData($user);
+    }
+
+    /**
+     * @param   string $user
      * @param   bool   $inbind authldap specific, true if in bind phase
      * @return  array containing user data or false
      */
-    public function getUserData($user, $inbind = false) {
+    protected function _getUserData($user, $inbind = false) {
         global $conf;
         if(!$this->_openLDAP()) return false;
 
@@ -264,6 +273,62 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin {
     }
 
     /**
+     * Definition of the function modifyUser in order to modify the password
+     */
+
+    function modifyUser($user,$changes){
+
+        // open the connection to the ldap
+        if(!$this->_openLDAP()){
+            msg('LDAP cannot connect: '. htmlspecialchars(ldap_error($this->con)));
+            return false;
+        }
+
+        // find the information about the user, in particular the "dn"
+        $info = $this->getUserData($user,true);
+        if(empty($info['dn'])) {
+            msg('LDAP cannot find your user dn');
+            return false;
+        }
+        $dn = $info['dn'];
+
+        // find the old password of the user
+        list($loginuser,$loginsticky,$loginpass) = auth_getCookie();
+        if ($loginuser !== null) { // the user is currently logged in
+            $secret = auth_cookiesalt(!$loginsticky, true);
+            $pass   = auth_decrypt($loginpass, $secret);
+
+            // bind with the ldap
+            if(!@ldap_bind($this->con, $dn, $pass)){
+                msg('LDAP user bind failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
+                return false;
+            }
+        } elseif ($this->getConf('binddn') && $this->getConf('bindpw')) {
+            // we are changing the password on behalf of the user (eg: forgotten password)
+            // bind with the superuser ldap
+            if (!@ldap_bind($this->con, $this->getConf('binddn'), $this->getConf('bindpw'))){
+                $this->_debug('LDAP bind as superuser: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
+                return false;
+            }
+        }
+        else {
+            return false; // no otherway
+        }
+
+        // Generate the salted hashed password for LDAP
+        $phash = new PassHash();
+        $hash = $phash->hash_ssha($changes['pass']);
+
+        // change the password
+        if(!@ldap_mod_replace($this->con, $dn,array('userpassword' => $hash))){
+            msg('LDAP mod replace failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)));
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
      * Most values in LDAP are case-insensitive
      *
      * @return bool
diff --git a/lib/plugins/authldap/lang/hr/settings.php b/lib/plugins/authldap/lang/hr/settings.php
new file mode 100644
index 000000000..cb8df7218
--- /dev/null
+++ b/lib/plugins/authldap/lang/hr/settings.php
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author Davor Turkalj <turki.bsc@gmail.com>
+ */
+$lang['server']                = 'Vaš LDAP server. Upišite ili naziv računala (<code>localhost</code>) ili puni URL (<code>ldap://server.tld:389</code>)';
+$lang['port']                  = 'LDAP server port, ako gore nije specificiran puni URL.';
+$lang['usertree']              = 'Gdje da nađem korisničke prijave. Npr. <code>ou=People, dc=server, dc=tld</code>';
+$lang['grouptree']             = 'Gdje da nađem korisničke grupe. Npr. <code>ou=Group, dc=server, dc=tld</code>';
+$lang['userfilter']            = 'LDAP filter za pretragu korisničkih prijava. Npr. <code>(&amp;(uid=%{user})(objectClass=posixAccount))</code>';
+$lang['groupfilter']           = 'LDAP filter za pretragu grupa. Npr. <code>(&amp;(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>';
+$lang['version']               = 'Protokol koji se koristi. Možda će te trebati postaviti na <code>3</code>';
+$lang['starttls']              = 'Korisni TLS vezu?';
+$lang['referrals']             = 'Da li da slijedim uputnice?';
+$lang['deref']                 = 'Kako da razlikujem aliase?';
+$lang['binddn']                = 'DN opcionalnog korisnika ako anonimni korisnik nije dovoljan. Npr. <code>cn=admin, dc=my, dc=home</code>';
+$lang['bindpw']                = 'Lozinka gore navedenog korisnika';
+$lang['userscope']             = 'Ograniči područje za pretragu korisnika';
+$lang['groupscope']            = 'Ograniči područje za pretragu grupa';
+$lang['groupkey']              = 'Članstvo grupa iz svih atributa korisnika (umjesto standardnih AD grupa) npr. grupa iz odjela ili telefonskog broja';
+$lang['debug']                 = 'Prikaži dodatne informacije u slučaju greške';
+$lang['deref_o_0']             = 'LDAP_DEREF_NEVER';
+$lang['deref_o_1']             = 'LDAP_DEREF_SEARCHING';
+$lang['deref_o_2']             = 'LDAP_DEREF_FINDING';
+$lang['deref_o_3']             = 'LDAP_DEREF_ALWAYS';
diff --git a/lib/plugins/authldap/lang/it/settings.php b/lib/plugins/authldap/lang/it/settings.php
index eba7cde6e..858c694b8 100644
--- a/lib/plugins/authldap/lang/it/settings.php
+++ b/lib/plugins/authldap/lang/it/settings.php
@@ -5,6 +5,7 @@
  * 
  * @author Edmondo Di Tucci <snarchio@gmail.com>
  * @author Claudio Lanconelli <lancos@libero.it>
+ * @author Francesco <francesco.cavalli@hotmail.com>
  */
 $lang['server']                = 'Il tuo server LDAP. Inserire o l\'hostname (<code>localhost</code>) oppure un URL completo (<code>ldap://server.tld:389</code>)';
 $lang['port']                  = 'Porta del server LDAP se non è stato fornito un URL completo più sopra.';
@@ -14,6 +15,11 @@ $lang['userfilter']            = 'Filtro per cercare l\'account utente LDAP. Eg.
 $lang['groupfilter']           = 'Filtro per cercare i gruppi LDAP. Eg. <code>(&amp;(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>';
 $lang['version']               = 'Versione protocollo da usare. Pu<code>3</code>';
 $lang['starttls']              = 'Usare la connessione TSL?';
+$lang['deref']                 = 'Come differenziare un alias?';
 $lang['userscope']             = 'Limita il contesto di ricerca per la ricerca degli utenti';
 $lang['groupscope']            = 'Limita il contesto di ricerca per la ricerca dei gruppi';
 $lang['debug']                 = 'In caso di errori mostra ulteriori informazioni di debug';
+$lang['deref_o_0']             = 'LDAP_DEREF_NEVER';
+$lang['deref_o_1']             = 'LDAP_DEREF_SEARCHING';
+$lang['deref_o_2']             = 'LDAP_DEREF_FINDING';
+$lang['deref_o_3']             = 'LDAP_DEREF_ALWAYS';
diff --git a/lib/plugins/authldap/lang/ja/settings.php b/lib/plugins/authldap/lang/ja/settings.php
index 3c0e08f6a..6cff0ea67 100644
--- a/lib/plugins/authldap/lang/ja/settings.php
+++ b/lib/plugins/authldap/lang/ja/settings.php
@@ -6,6 +6,7 @@
  * @author Satoshi Sahara <sahara.satoshi@gmail.com>
  * @author Hideaki SAWADA <sawadakun@live.jp>
  * @author Hideaki SAWADA <chuno@live.jp>
+ * @author PzF_X <jp_minecraft@yahoo.co.jp>
  */
 $lang['server']                = 'LDAPサーバー。ホスト名（<code>localhost</code>）又は完全修飾URL（<code>ldap://server.tld:389</code>）';
 $lang['port']                  = '上記が完全修飾URLでない場合、LDAPサーバーポート';
@@ -15,8 +16,14 @@ $lang['userfilter']            = 'ユーザーアカウントを探すためのL
 $lang['groupfilter']           = 'グループを探すLDAP抽出条件。例：<code>(&amp;(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>';
 $lang['version']               = '使用するプロトコルのバージョン。<code>3</code>を設定する必要がある場合があります。';
 $lang['starttls']              = 'TLS接続を使用しますか？';
+$lang['referrals']             = '紹介に従いますか?';
+$lang['deref']                 = 'どのように間接参照のエイリアスにしますか?';
 $lang['binddn']                = '匿名バインドでは不十分な場合、オプションバインドユーザーのDN。例：<code>cn=admin, dc=my, dc=home</code>';
 $lang['bindpw']                = '上記ユーザーのパスワード';
+$lang['userscope']             = 'ユーザー検索の範囲を限定させる';
+$lang['groupscope']            = 'グループ検索の範囲を限定させる';
+$lang['groupkey']              = 'ユーザー属性をグループのメンバーシップから設定します(代わりに標準のADグループ)。
+例えば、部署や電話番号などです。';
 $lang['debug']                 = 'エラーに関して追加のデバッグ情報を表示する。';
 $lang['deref_o_0']             = 'LDAP_DEREF_NEVER';
 $lang['deref_o_1']             = 'LDAP_DEREF_SEARCHING';
diff --git a/lib/plugins/authldap/lang/lv/settings.php b/lib/plugins/authldap/lang/lv/settings.php
new file mode 100644
index 000000000..90986e4f1
--- /dev/null
+++ b/lib/plugins/authldap/lang/lv/settings.php
@@ -0,0 +1,9 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author Aivars Miška <allefm@gmail.com>
+ */
+$lang['starttls']              = 'Lietot TLS  savienojumus?';
+$lang['bindpw']                = 'Lietotāja parole';
diff --git a/lib/plugins/authldap/lang/tr/settings.php b/lib/plugins/authldap/lang/tr/settings.php
new file mode 100644
index 000000000..843b7ef9c
--- /dev/null
+++ b/lib/plugins/authldap/lang/tr/settings.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author ilker rifat kapaç <irifat@gmail.com>
+ */
+$lang['bindpw']                = 'Üstteki kullanıcının şifresi';
diff --git a/lib/plugins/authldap/lang/zh-tw/settings.php b/lib/plugins/authldap/lang/zh-tw/settings.php
index 7e35ef632..e3d85cb87 100644
--- a/lib/plugins/authldap/lang/zh-tw/settings.php
+++ b/lib/plugins/authldap/lang/zh-tw/settings.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
  * 
@@ -19,7 +20,6 @@ $lang['userscope']             = '限制使用者搜索的範圍';
 $lang['groupscope']            = '限制群組搜索的範圍';
 $lang['groupkey']              = '以其他使用者屬性 (而非標準 AD 群組) 來把使用者分組，例如以部門或電話號碼分類';
 $lang['debug']                 = '有錯誤時，顯示額外除錯資訊';
-
 $lang['deref_o_0']             = 'LDAP_DEREF_NEVER';
 $lang['deref_o_1']             = 'LDAP_DEREF_SEARCHING';
 $lang['deref_o_2']             = 'LDAP_DEREF_FINDING';
diff --git a/lib/plugins/authldap/plugin.info.txt b/lib/plugins/authldap/plugin.info.txt
index 0d0b13f65..964fbb994 100644
--- a/lib/plugins/authldap/plugin.info.txt
+++ b/lib/plugins/authldap/plugin.info.txt
@@ -1,7 +1,7 @@
 base   authldap
 author Andreas Gohr
 email  andi@splitbrain.org
-date   2013-04-19
+date   2014-05-18
 name   LDAP Auth Plugin
 desc   Provides user authentication against an LDAP server
 url    http://www.dokuwiki.org/plugin:authldap