From: <ral...@us...> - 2012-07-31 12:28:31
|
Author: ralfbecker Date: Tue Jul 31 14:28:05 2012 New Revision: 39987 URL: http://svn.stylite.de/viewvc/egroupware?rev=39987&view=rev Log: * LDAP authentication: if changing password fails bind as user, try changing is with given admin-dn, to cater for all sorts of ldap configurations Modified: trunk/phpgwapi/inc/class.auth_ldap.inc.php Modified: trunk/phpgwapi/inc/class.auth_ldap.inc.php URL: http://svn.stylite.de/viewvc/egroupware/trunk/phpgwapi/inc/class.auth_ldap.inc.php?rev=39987&r1=39986&r2=39987&view=diff ============================================================================== --- trunk/phpgwapi/inc/class.auth_ldap.inc.php (original) +++ trunk/phpgwapi/inc/class.auth_ldap.inc.php Tue Jul 31 14:28:05 2012 @@ -288,7 +288,7 @@ $filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)'; $filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter); - $ds = common::ldapConnect(); + $ds = $ds_admin = common::ldapConnect(); $sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter); $allValues = ldap_get_entries($ds, $sri); @@ -302,9 +302,17 @@ if($old_passwd) // if old password given (not called by admin) --> bind as that user to change the pw { - $ds = common::ldapConnect('',$dn,$old_passwd); - } - if (!@ldap_modify($ds, $dn, $entry)) + $user_ds = new ldap(true); // true throw exceptions in case of error + try { + $ds = $user_ds->ldapConnect('',$dn,$old_passwd); + } + catch (egw_exception_no_permission $e) { + return false; // wrong old user password + } + } + // try changing password bind as user or as admin, to cater for all sorts of ldap configuration + // where either only user is allowed to change his password, or only admin user is allowed to + if (!@ldap_modify($ds, $dn, $entry) && (!$old_passwd || !@ldap_modify($ds_admin, $dn, $entry))) { return false; } |