summaryrefslogtreecommitdiff
path: root/lib/plugins/authldap
diff options
context:
space:
mode:
Diffstat (limited to 'lib/plugins/authldap')
-rw-r--r--lib/plugins/authldap/auth.php60
-rw-r--r--lib/plugins/authldap/lang/es/settings.php14
-rw-r--r--lib/plugins/authldap/lang/et/settings.php2
-rw-r--r--lib/plugins/authldap/lang/it/settings.php6
-rw-r--r--lib/plugins/authldap/lang/ja/settings.php9
-rw-r--r--lib/plugins/authldap/lang/ko/settings.php4
-rw-r--r--lib/plugins/authldap/lang/no/settings.php9
-rw-r--r--lib/plugins/authldap/lang/ru/settings.php3
-rw-r--r--lib/plugins/authldap/lang/sl/settings.php2
-rw-r--r--lib/plugins/authldap/lang/tr/settings.php8
10 files changed, 111 insertions, 6 deletions
diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php
index 6c3637e15..0d5e130ea 100644
--- a/lib/plugins/authldap/auth.php
+++ b/lib/plugins/authldap/auth.php
@@ -36,8 +36,8 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin {
return;
}
- // auth_ldap currently just handles authentication, so no
- // capabilities are set
+ // Add the capabilities to change the password
+ $this->cando['modPass'] = true;
}
/**
@@ -264,6 +264,62 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin {
}
/**
+ * Definition of the function modifyUser in order to modify the password
+ */
+
+ function modifyUser($user,$changes){
+
+ // open the connection to the ldap
+ if(!$this->_openLDAP()){
+ msg('LDAP cannot connect: '. htmlspecialchars(ldap_error($this->con)));
+ return false;
+ }
+
+ // find the information about the user, in particular the "dn"
+ $info = $this->getUserData($user,true);
+ if(empty($info['dn'])) {
+ msg('LDAP cannot find your user dn');
+ return false;
+ }
+ $dn = $info['dn'];
+
+ // find the old password of the user
+ list($loginuser,$loginsticky,$loginpass) = auth_getCookie();
+ if ($loginuser !== null) { // the user is currently logged in
+ $secret = auth_cookiesalt(!$loginsticky, true);
+ $pass = auth_decrypt($loginpass, $secret);
+
+ // bind with the ldap
+ if(!@ldap_bind($this->con, $dn, $pass)){
+ msg('LDAP user bind failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
+ return false;
+ }
+ } elseif ($this->getConf('binddn') && $this->getConf('bindpw')) {
+ // we are changing the password on behalf of the user (eg: forgotten password)
+ // bind with the superuser ldap
+ if (!@ldap_bind($this->con, $this->getConf('binddn'), $this->getConf('bindpw'))){
+ $this->_debug('LDAP bind as superuser: '.htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
+ return false;
+ }
+ }
+ else {
+ return false; // no otherway
+ }
+
+ // Generate the salted hashed password for LDAP
+ $phash = new PassHash();
+ $hash = $phash->hash_ssha($changes['pass']);
+
+ // change the password
+ if(!@ldap_mod_replace($this->con, $dn,array('userpassword' => $hash))){
+ msg('LDAP mod replace failed: '. htmlspecialchars($dn) .': '.htmlspecialchars(ldap_error($this->con)));
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
* Most values in LDAP are case-insensitive
*
* @return bool
diff --git a/lib/plugins/authldap/lang/es/settings.php b/lib/plugins/authldap/lang/es/settings.php
index f8c3ad014..6991546d3 100644
--- a/lib/plugins/authldap/lang/es/settings.php
+++ b/lib/plugins/authldap/lang/es/settings.php
@@ -4,8 +4,22 @@
* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
*
* @author Antonio Bueno <atnbueno@gmail.com>
+ * @author Eloy <ej.perezgomez@gmail.com>
*/
+$lang['server'] = 'Tu servidor LDAP. Puede ser el nombre del host (<code>localhost</code>) o una URL completa (<code>ldap://server.tld:389</code>)';
+$lang['port'] = 'Servidor LDAP en caso de que no se diera la URL completa anteriormente.';
+$lang['usertree'] = 'Donde encontrar cuentas de usuario. Ej. <code>ou=People, dc=server, dc=tld</code>';
+$lang['grouptree'] = 'Donde encontrar grupos de usuarios. Ej. <code>ou=Group, dc=server, dc=tld</code>';
+$lang['userfilter'] = 'Filtro LDAP para la busqueda de cuentas de usuario. P. E. <code>(&amp;(uid=%{user})(objectClass=posixAccount))</code>';
+$lang['groupfilter'] = 'Filtro LDAP para la busqueda de grupos. P. E. <code>(&amp;(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>';
+$lang['version'] = 'La versión del protocolo a usar. Puede que necesites poner esto a <code>3</code>';
$lang['starttls'] = 'Usar conexiones TLS?';
+$lang['referrals'] = '¿Deben ser seguidas las referencias?';
+$lang['deref'] = '¿Cómo desreferenciar los alias?';
+$lang['bindpw'] = 'Contraseña del usuario de arriba.';
+$lang['userscope'] = 'Limitar ámbito de búsqueda para búsqueda de usuarios';
+$lang['groupscope'] = 'Limitar ámbito de búsqueda para búsqueda de grupos';
+$lang['groupkey'] = 'Pertenencia al grupo desde cualquier atributo de usuario (en lugar de grupos AD estándar) p.e., grupo a partir departamento o número de teléfono';
$lang['debug'] = 'Mostrar información adicional para depuración de errores';
$lang['deref_o_0'] = 'LDAP_DEREF_NEVER';
$lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING';
diff --git a/lib/plugins/authldap/lang/et/settings.php b/lib/plugins/authldap/lang/et/settings.php
index 9bba85dda..f4933b6bf 100644
--- a/lib/plugins/authldap/lang/et/settings.php
+++ b/lib/plugins/authldap/lang/et/settings.php
@@ -5,5 +5,5 @@
*
* @author Janar Leas <janar.leas@eesti.ee>
*/
-$lang['grouptree'] = 'Kus kohast kasutaja rühmi otsida. Nt. <code>ou=Rühm, dc=server, dc=tld</code';
+$lang['grouptree'] = 'Kus kohast kasutaja rühmi otsida. Nt. <code>ou=Rühm, dc=server, dc=tld</code>';
$lang['groupscope'] = 'Piiritle otsingu ulatus rühma otsinguga';
diff --git a/lib/plugins/authldap/lang/it/settings.php b/lib/plugins/authldap/lang/it/settings.php
index eba7cde6e..858c694b8 100644
--- a/lib/plugins/authldap/lang/it/settings.php
+++ b/lib/plugins/authldap/lang/it/settings.php
@@ -5,6 +5,7 @@
*
* @author Edmondo Di Tucci <snarchio@gmail.com>
* @author Claudio Lanconelli <lancos@libero.it>
+ * @author Francesco <francesco.cavalli@hotmail.com>
*/
$lang['server'] = 'Il tuo server LDAP. Inserire o l\'hostname (<code>localhost</code>) oppure un URL completo (<code>ldap://server.tld:389</code>)';
$lang['port'] = 'Porta del server LDAP se non è stato fornito un URL completo più sopra.';
@@ -14,6 +15,11 @@ $lang['userfilter'] = 'Filtro per cercare l\'account utente LDAP. Eg.
$lang['groupfilter'] = 'Filtro per cercare i gruppi LDAP. Eg. <code>(&amp;(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>';
$lang['version'] = 'Versione protocollo da usare. Pu<code>3</code>';
$lang['starttls'] = 'Usare la connessione TSL?';
+$lang['deref'] = 'Come differenziare un alias?';
$lang['userscope'] = 'Limita il contesto di ricerca per la ricerca degli utenti';
$lang['groupscope'] = 'Limita il contesto di ricerca per la ricerca dei gruppi';
$lang['debug'] = 'In caso di errori mostra ulteriori informazioni di debug';
+$lang['deref_o_0'] = 'LDAP_DEREF_NEVER';
+$lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING';
+$lang['deref_o_2'] = 'LDAP_DEREF_FINDING';
+$lang['deref_o_3'] = 'LDAP_DEREF_ALWAYS';
diff --git a/lib/plugins/authldap/lang/ja/settings.php b/lib/plugins/authldap/lang/ja/settings.php
index 6dec9a576..6cff0ea67 100644
--- a/lib/plugins/authldap/lang/ja/settings.php
+++ b/lib/plugins/authldap/lang/ja/settings.php
@@ -6,8 +6,9 @@
* @author Satoshi Sahara <sahara.satoshi@gmail.com>
* @author Hideaki SAWADA <sawadakun@live.jp>
* @author Hideaki SAWADA <chuno@live.jp>
+ * @author PzF_X <jp_minecraft@yahoo.co.jp>
*/
-$lang['server'] = 'LDAPサーバー。ホスト名(<code>localhost</code)又は完全修飾URL(<code>ldap://server.tld:389</code>)';
+$lang['server'] = 'LDAPサーバー。ホスト名(<code>localhost</code>)又は完全修飾URL(<code>ldap://server.tld:389</code>)';
$lang['port'] = '上記が完全修飾URLでない場合、LDAPサーバーポート';
$lang['usertree'] = 'ユーザーアカウントを探す場所。例:<code>ou=People, dc=server, dc=tld</code>';
$lang['grouptree'] = 'ユーザーグループを探す場所。例:<code>ou=Group, dc=server, dc=tld</code>';
@@ -15,8 +16,14 @@ $lang['userfilter'] = 'ユーザーアカウントを探すためのL
$lang['groupfilter'] = 'グループを探すLDAP抽出条件。例:<code>(&amp;(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>';
$lang['version'] = '使用するプロトコルのバージョン。<code>3</code>を設定する必要がある場合があります。';
$lang['starttls'] = 'TLS接続を使用しますか?';
+$lang['referrals'] = '紹介に従いますか?';
+$lang['deref'] = 'どのように間接参照のエイリアスにしますか?';
$lang['binddn'] = '匿名バインドでは不十分な場合、オプションバインドユーザーのDN。例:<code>cn=admin, dc=my, dc=home</code>';
$lang['bindpw'] = '上記ユーザーのパスワード';
+$lang['userscope'] = 'ユーザー検索の範囲を限定させる';
+$lang['groupscope'] = 'グループ検索の範囲を限定させる';
+$lang['groupkey'] = 'ユーザー属性をグループのメンバーシップから設定します(代わりに標準のADグループ)。
+例えば、部署や電話番号などです。';
$lang['debug'] = 'エラーに関して追加のデバッグ情報を表示する。';
$lang['deref_o_0'] = 'LDAP_DEREF_NEVER';
$lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING';
diff --git a/lib/plugins/authldap/lang/ko/settings.php b/lib/plugins/authldap/lang/ko/settings.php
index ae8dc7ab6..e663ba063 100644
--- a/lib/plugins/authldap/lang/ko/settings.php
+++ b/lib/plugins/authldap/lang/ko/settings.php
@@ -13,8 +13,8 @@ $lang['userfilter'] = '사용자 계정을 찾을 LDAP 필터. 예를
$lang['groupfilter'] = '그룹을 찾을 LDAP 필터. 예를 들어 <code>(&amp;(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))</code>';
$lang['version'] = '사용할 프로토콜 버전. <code>3</code>으로 설정해야 할 수도 있습니다';
$lang['starttls'] = 'TLS 연결을 사용하겠습니까?';
-$lang['referrals'] = '참고(referrals)를 허용하겠습니까? ';
-$lang['deref'] = '어떻게 별명을 간접 참고하겠습니까?';
+$lang['referrals'] = '참조(referrals)를 허용하겠습니까? ';
+$lang['deref'] = '어떻게 별명을 간접 참조하겠습니까?';
$lang['binddn'] = '익명 바인드가 충분하지 않으면 선택적인 바인드 사용자의 DN. 예를 들어 <code>cn=admin, dc=my, dc=home</code>';
$lang['bindpw'] = '위 사용자의 비밀번호';
$lang['userscope'] = '사용자 검색에 대한 검색 범위 제한';
diff --git a/lib/plugins/authldap/lang/no/settings.php b/lib/plugins/authldap/lang/no/settings.php
new file mode 100644
index 000000000..6bedb2991
--- /dev/null
+++ b/lib/plugins/authldap/lang/no/settings.php
@@ -0,0 +1,9 @@
+<?php
+
+/**
+ * @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Christopher Schive <chschive@frisurf.no>
+ */
+$lang['port'] = 'LDAP serverport dersom ingen full URL var gitt over.';
+$lang['starttls'] = 'Bruke TLS-forbindelser?';
diff --git a/lib/plugins/authldap/lang/ru/settings.php b/lib/plugins/authldap/lang/ru/settings.php
index 04a3ee784..5677e06a3 100644
--- a/lib/plugins/authldap/lang/ru/settings.php
+++ b/lib/plugins/authldap/lang/ru/settings.php
@@ -7,9 +7,12 @@
* @author Aleksandr Selivanov <alexgearbox@gmail.com>
* @author Erli Moen <evseev.jr@gmail.com>
* @author Aleksandr Selivanov <alexgearbox@yandex.ru>
+ * @author Владимир <id37736@yandex.ru>
*/
+$lang['starttls'] = 'Использовать TLS подключения?';
$lang['deref'] = 'Как расшифровывать псевдонимы?';
$lang['bindpw'] = 'Пароль для указанного пользователя.';
+$lang['debug'] = 'Показывать дополнительную отладочную информацию при ошибках';
$lang['deref_o_0'] = 'LDAP_DEREF_NEVER';
$lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING';
$lang['deref_o_2'] = 'LDAP_DEREF_FINDING';
diff --git a/lib/plugins/authldap/lang/sl/settings.php b/lib/plugins/authldap/lang/sl/settings.php
index f180226fc..f63070390 100644
--- a/lib/plugins/authldap/lang/sl/settings.php
+++ b/lib/plugins/authldap/lang/sl/settings.php
@@ -4,5 +4,7 @@
* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
*
* @author matej <mateju@svn.gnome.org>
+ * @author Jernej Vidmar <jernej.vidmar@vidmarboehm.com>
*/
$lang['starttls'] = 'Ali naj se uporabijo povezave TLS?';
+$lang['bindpw'] = 'Geslo uporabnika zgoraj';
diff --git a/lib/plugins/authldap/lang/tr/settings.php b/lib/plugins/authldap/lang/tr/settings.php
new file mode 100644
index 000000000..843b7ef9c
--- /dev/null
+++ b/lib/plugins/authldap/lang/tr/settings.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author ilker rifat kapaç <irifat@gmail.com>
+ */
+$lang['bindpw'] = 'Üstteki kullanıcının şifresi';
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-12 06:15:56 +0000