From 48176364390fb988f2194074842d84d8a0b8b73e Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 26 Jan 2011 09:46:24 +0100 Subject: AD auth: allow users to modify their profile data --- inc/auth/ad.class.php | 54 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) (limited to 'inc/auth') diff --git a/inc/auth/ad.class.php b/inc/auth/ad.class.php index 5478d64b9..7c4f69c67 100644 --- a/inc/auth/ad.class.php +++ b/inc/auth/ad.class.php @@ -51,6 +51,13 @@ class auth_ad extends auth_basic { global $conf; $this->cnf = $conf['auth']['ad']; + // we can change the password if SSL is set + if($this->cnf['use_ssl']){ + $this->cando['modPass'] = true; + } + $this->cando['modName'] = true; + $this->cando['modMail'] = true; + // additional information fields if (isset($this->cnf['additional'])) { $this->cnf['additional'] = str_replace(' ', '', $this->cnf['additional']); @@ -60,7 +67,7 @@ class auth_ad extends auth_basic { // ldap extension is needed if (!function_exists('ldap_connect')) { if ($this->cnf['debug']) - msg("LDAP err: PHP LDAP extension not found.",-1); + msg("AD Auth: PHP LDAP extension not found.",-1); $this->success = false; return; } @@ -246,6 +253,49 @@ class auth_ad extends auth_basic { return $result; } + /** + * Modify user data + * + * @param $user nick of the user to be changed + * @param $changes array of field/value pairs to be changed + * @return bool + */ + function modifyUser($user, $changes) { + $return = true; + + // password changing + if(isset($changes['pass'])){ + try { + $return = $this->adldap->user_password($user,$changes['pass']); + } catch (adLDAPException $e) { + if ($this->cnf['debug']) msg('AD Auth: '.$e->getMessage(), -1); + $return = false; + } + if(!$return) msg('AD Auth: failed to change the password. Maybe the password policy was not met?',-1); + } + + // changing user data + $adchanges = array(); + if(isset($changes['name'])){ + // get first and last name + $parts = explode(' ',$changes['name']); + $adchanges['surname'] = array_pop($parts); + $adchanges['firstname'] = join(' ',$parts); + $adchanges['display_name'] = $changes['name']; + } + if(isset($changes['mail'])){ + $adchanges['email'] = $changes['mail']; + } + try { + $return = $return & $this->adldap->user_modify($user,$adchanges); + } catch (adLDAPException $e) { + if ($this->cnf['debug']) msg('AD Auth: '.$e->getMessage(), -1); + $return = false; + } + + return $return; + } + /** * Initialize the AdLDAP library and connect to the server */ @@ -261,7 +311,7 @@ class auth_ad extends auth_basic { return true; } catch (adLDAPException $e) { if ($this->cnf['debug']) { - msg($e->getMessage(), -1); + msg('AD Auth: '.$e->getMessage(), -1); } $this->success = false; $this->adldap = null; -- cgit v1.2.3 From 6c3ec20e45addc534ed8337b9b4733df1d51ff02 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 26 Jan 2011 09:49:50 +0100 Subject: AD auth: password changing works via TLS as well --- inc/auth/ad.class.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'inc/auth') diff --git a/inc/auth/ad.class.php b/inc/auth/ad.class.php index 7c4f69c67..93186d9a1 100644 --- a/inc/auth/ad.class.php +++ b/inc/auth/ad.class.php @@ -24,6 +24,7 @@ * $conf['auth']['ad']['ad_password'] = 'pass'; * $conf['auth']['ad']['real_primarygroup'] = 1; * $conf['auth']['ad']['use_ssl'] = 1; + * $conf['auth']['ad']['use_tls'] = 1; * $conf['auth']['ad']['debug'] = 1; * * // get additional information to the userinfo array @@ -52,7 +53,7 @@ class auth_ad extends auth_basic { $this->cnf = $conf['auth']['ad']; // we can change the password if SSL is set - if($this->cnf['use_ssl']){ + if($this->cnf['use_ssl'] || $this->cnf['use_tls']){ $this->cando['modPass'] = true; } $this->cando['modName'] = true; -- cgit v1.2.3 From 267e765e7f9433997a7e31ccaca5d8b3bfa49fe1 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 26 Jan 2011 09:54:49 +0100 Subject: AD auth: set capabilities after handling multi domain setups --- inc/auth/ad.class.php | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'inc/auth') diff --git a/inc/auth/ad.class.php b/inc/auth/ad.class.php index 93186d9a1..9ffd3e18b 100644 --- a/inc/auth/ad.class.php +++ b/inc/auth/ad.class.php @@ -52,12 +52,6 @@ class auth_ad extends auth_basic { global $conf; $this->cnf = $conf['auth']['ad']; - // we can change the password if SSL is set - if($this->cnf['use_ssl'] || $this->cnf['use_tls']){ - $this->cando['modPass'] = true; - } - $this->cando['modName'] = true; - $this->cando['modMail'] = true; // additional information fields if (isset($this->cnf['additional'])) { @@ -105,7 +99,12 @@ class auth_ad extends auth_basic { $this->opts['domain_controllers'] = array_map('trim',$this->opts['domain_controllers']); $this->opts['domain_controllers'] = array_filter($this->opts['domain_controllers']); - // we currently just handle authentication, so no capabilities are set + // we can change the password if SSL is set + if($this->opts['use_ssl'] || $this->opts['use_tls']){ + $this->cando['modPass'] = true; + } + $this->cando['modName'] = true; + $this->cando['modMail'] = true; } /** -- cgit v1.2.3 From e7327938e66f43615da3ec05a7f9a89d8dfc0c31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Je=CC=81ro=CC=82me=20Tamarelle?= Date: Tue, 15 Feb 2011 00:10:41 +0100 Subject: Accept empty MySQL password for database auth. --- inc/auth/mysql.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth') diff --git a/inc/auth/mysql.class.php b/inc/auth/mysql.class.php index dbdfe5fda..653c725a3 100644 --- a/inc/auth/mysql.class.php +++ b/inc/auth/mysql.class.php @@ -46,7 +46,7 @@ class auth_mysql extends auth_basic { // set capabilities based upon config strings set if (empty($this->cnf['server']) || empty($this->cnf['user']) || - empty($this->cnf['password']) || empty($this->cnf['database'])){ + !isset($this->cnf['password']) || empty($this->cnf['database'])){ if ($this->cnf['debug']) msg("MySQL err: insufficient configuration.",-1,__LINE__,__FILE__); $this->success = false; -- cgit v1.2.3