Skip to content

Commit af6a815

Browse files
author
David Coutadeur
committed
add 2 functions for computing password change and changing password (#63)
1 parent dcf7bac commit af6a815

3 files changed

Lines changed: 91 additions & 0 deletions

File tree

src/Ltb/Directory.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,4 +110,15 @@ public function getStartDate($entry, $pwdPolicyConfiguration) : ?DateTime;
110110
* Get validity end date
111111
*/
112112
public function getEndDate($entry, $pwdPolicyConfiguration) : ?DateTime;
113+
114+
/*
115+
* Compute password
116+
*/
117+
public function computePassword($ldapInstance, $dn, $password, $hash, $hash_options, $use_exop_passwd) : string;
118+
119+
/*
120+
* Change password and depending attributes in LDAP directory
121+
*/
122+
public function changePasswordData($ldapInstance, $dn, $userdata, $password, $oldpassword, $who_change_password, $use_exop_passwd, $use_ppolicy_control, $custom_pwd_field_mode, $custom_pwd_attribute, $ad_options) : array;
123+
113124
}

src/Ltb/Directory/ActiveDirectory.php

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -341,4 +341,39 @@ public function getEndDate($entry, $pwdPolicyConfiguration) : ?DateTime {
341341
$enddate = \Ltb\Date::adDate2phpDate($entry['accountexpires'][0]);
342342
return $enddate ? $enddate : null;
343343
}
344+
345+
public function computePassword($ldapInstance, $dn, $password, $hash, $hash_options, $use_exop_passwd) : string {
346+
347+
$password = \Ltb\Password::make_ad_password($password);
348+
349+
return $password;
350+
}
351+
352+
public function changePasswordData($ldapInstance, $dn, $userdata, $password, $oldpassword, $who_change_password, $use_exop_passwd, $use_ppolicy_control, $custom_pwd_field_mode, $custom_pwd_attribute, $ad_options) : array {
353+
354+
list($error_code, $error_msg, $ppolicy_error_code) = array(null, null, null);
355+
356+
$userdata = \Ltb\Password::set_ad_data($userdata, $ad_options, $password);
357+
358+
# Special case: AD mode with password changed as user
359+
if ( $ad_mode and $who_change_password === "user" ) {
360+
list($error_code, $error_msg) = $ldapInstance->change_ad_password_as_user($dn, $oldpassword, $password);
361+
} elseif ($use_exop_passwd) {
362+
list($error_code, $error_msg, $ppolicy_error_code) = $ldapInstance->change_password_with_exop($dn, $oldpassword, $password, $use_ppolicy_control);
363+
if( $error_code == 0 )
364+
{
365+
list($error_code, $error_msg) = $ldapInstance->modify_attributes($dn, $userdata);
366+
}
367+
} else {
368+
# Else just replace with new password
369+
if ( $use_ppolicy_control ) {
370+
list($error_code, $error_msg, $ppolicy_error_code) = $ldapInstance->modify_attributes_using_ppolicy($dn, $userdata);
371+
} else {
372+
list($error_code, $error_msg) = $ldapInstance->modify_attributes($dn, $userdata);
373+
}
374+
}
375+
376+
return array( $error_code, $error_msg, $ppolicy_error_code );
377+
}
378+
344379
}

src/Ltb/Directory/OpenLDAP.php

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -398,4 +398,49 @@ public function getEndDate($entry, $pwdPolicyConfiguration) : ?DateTime {
398398
return $enddate ? $enddate : null;
399399
}
400400

401+
public function computePassword($ldapInstance, $dn, $password, $hash, $hash_options, $use_exop_passwd) : string {
402+
403+
# If using the password extended operation, compute the password
404+
if (!$use_exop_passwd) {
405+
if ($hash === "auto") {
406+
$old_password_hashed = $ldapInstance->get_password_value($dn, "userPassword");
407+
$hash = \Ltb\Password::get_hash_type($old_password_hashed);
408+
}
409+
$password = \Ltb\Password::make_password($password, $hash, $hash_options);
410+
}
411+
# If using the password extended operation, just send the cleartext password
412+
413+
return $password;
414+
}
415+
416+
public function changePasswordData($ldapInstance, $dn, $userdata, $password, $oldpassword, $who_change_password, $use_exop_passwd, $use_ppolicy_control, $custom_pwd_field_mode, $custom_pwd_attribute, $ad_options) : array {
417+
418+
list($error_code, $error_msg, $ppolicy_error_code) = array(null, null, null);
419+
420+
if ( $custom_pwd_field_mode ) {
421+
$pwd_attribute = $custom_pwd_attribute;
422+
} else {
423+
$pwd_attribute = "userPassword";
424+
}
425+
426+
if ($use_exop_passwd) {
427+
list($error_code, $error_msg, $ppolicy_error_code) = $ldapInstance->change_password_with_exop($dn, $oldpassword, $password, $use_ppolicy_control);
428+
if( $error_code == 0 )
429+
{
430+
list($error_code, $error_msg) = $ldapInstance->modify_attributes($dn, $userdata);
431+
}
432+
} else {
433+
# Else just replace with new password
434+
$userdata[$pwd_attribute] = $password;
435+
436+
if ( $use_ppolicy_control ) {
437+
list($error_code, $error_msg, $ppolicy_error_code) = $ldapInstance->modify_attributes_using_ppolicy($dn, $userdata);
438+
} else {
439+
list($error_code, $error_msg) = $ldapInstance->modify_attributes($dn, $userdata);
440+
}
441+
}
442+
443+
return array( $error_code, $error_msg, $ppolicy_error_code );
444+
}
445+
401446
}

0 commit comments

Comments
 (0)