2009-05-14 18:19:49 +02:00
|
|
|
|
##@file
|
|
|
|
|
# LDAP password backend file
|
|
|
|
|
|
|
|
|
|
##@class
|
|
|
|
|
# LDAP password backend class
|
|
|
|
|
package Lemonldap::NG::Portal::PasswordDBLDAP;
|
|
|
|
|
|
2009-12-21 23:28:38 +01:00
|
|
|
|
use strict;
|
2009-05-14 18:19:49 +02:00
|
|
|
|
use Lemonldap::NG::Portal::Simple;
|
|
|
|
|
use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap
|
|
|
|
|
use Lemonldap::NG::Portal::UserDBLDAP; #inherits
|
2010-01-21 18:38:55 +01:00
|
|
|
|
|
2009-12-21 23:28:38 +01:00
|
|
|
|
#use Lemonldap::NG::Portal::_SMTP; #inherits
|
2009-05-14 18:19:49 +02:00
|
|
|
|
|
2009-12-21 23:28:38 +01:00
|
|
|
|
our $VERSION = '0.3';
|
2009-05-14 18:19:49 +02:00
|
|
|
|
|
|
|
|
|
*_formateFilter = *Lemonldap::NG::Portal::UserDBLDAP::formateFilter;
|
|
|
|
|
*_search = *Lemonldap::NG::Portal::UserDBLDAP::search;
|
|
|
|
|
|
2009-10-12 18:55:35 +02:00
|
|
|
|
## @apmethod int passwordDBInit()
|
2009-12-21 23:28:38 +01:00
|
|
|
|
# Load SMTP functions
|
2009-05-14 18:19:49 +02:00
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
|
sub passwordDBInit {
|
2009-12-21 23:28:38 +01:00
|
|
|
|
my $self = shift;
|
|
|
|
|
eval { use base qw(Lemonldap::NG::Portal::_SMTP) };
|
|
|
|
|
if ($@) {
|
|
|
|
|
$self->lmLog( "Unable to load SMTP functions ($@)", 'error' );
|
|
|
|
|
return PE_ERROR;
|
|
|
|
|
}
|
2009-05-14 18:19:49 +02:00
|
|
|
|
PE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
## @apmethod int modifyPassword()
|
|
|
|
|
# Modify the password by LDAP mechanism.
|
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
|
sub modifyPassword {
|
|
|
|
|
my $self = shift;
|
|
|
|
|
|
|
|
|
|
# Exit method if no password change requested
|
|
|
|
|
return PE_OK unless ( $self->{newpassword} );
|
|
|
|
|
|
|
|
|
|
unless ( $self->ldap ) {
|
|
|
|
|
return PE_LDAPCONNECTFAILED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Set the dn unless done before
|
|
|
|
|
unless ( $self->{dn} ) {
|
|
|
|
|
my $tmp = $self->_subProcess(qw(_formateFilter _search));
|
|
|
|
|
return $tmp if ($tmp);
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-12 18:55:35 +02:00
|
|
|
|
$self->lmLog( "Modify password request for " . $self->{dn}, 'debug' );
|
2009-06-02 17:34:13 +02:00
|
|
|
|
|
2009-05-14 18:19:49 +02:00
|
|
|
|
# Call the modify password method
|
2010-01-22 22:54:58 +01:00
|
|
|
|
my $code = $self->ldap->userModifyPassword(
|
2009-10-12 18:55:35 +02:00
|
|
|
|
$self->{dn}, $self->{newpassword},
|
|
|
|
|
$self->{confirmpassword}, $self->{oldpassword}
|
|
|
|
|
);
|
2010-01-22 22:54:58 +01:00
|
|
|
|
|
|
|
|
|
# Update password in session if needed
|
|
|
|
|
my $infos;
|
|
|
|
|
$infos->{_password} = $self->{newpassword};
|
|
|
|
|
$self->updateSession($infos)
|
|
|
|
|
if ( $self->{storePassword} and $code == PE_PASSWORD_OK );
|
|
|
|
|
|
|
|
|
|
return $code;
|
2009-05-14 18:19:49 +02:00
|
|
|
|
}
|
|
|
|
|
|
2010-01-21 18:38:55 +01:00
|
|
|
|
## @apmethod int resetPassword()
|
|
|
|
|
# Reset the password
|
2009-05-28 18:31:39 +02:00
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
2010-01-21 18:38:55 +01:00
|
|
|
|
sub resetPassword {
|
2009-05-28 18:31:39 +02:00
|
|
|
|
my $self = shift;
|
|
|
|
|
|
2010-01-21 18:38:55 +01:00
|
|
|
|
# Exit method if no mail and mail_token
|
|
|
|
|
return PE_OK unless ( $self->{mail} && $self->{mail_token} );
|
2009-05-28 18:31:39 +02:00
|
|
|
|
|
|
|
|
|
unless ( $self->ldap ) {
|
|
|
|
|
return PE_LDAPCONNECTFAILED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Set the dn unless done before
|
|
|
|
|
unless ( $self->{dn} ) {
|
|
|
|
|
my $tmp = $self->_subProcess(qw(_formateFilter _search));
|
|
|
|
|
return $tmp if ($tmp);
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-12 18:55:35 +02:00
|
|
|
|
$self->lmLog( "Reset password request for " . $self->{dn}, 'debug' );
|
2009-05-28 18:31:39 +02:00
|
|
|
|
|
|
|
|
|
# Generate a complex password
|
2009-12-21 23:28:38 +01:00
|
|
|
|
my $password = $self->gen_password( $self->{randomPasswordRegexp} );
|
2009-05-28 18:31:39 +02:00
|
|
|
|
|
2009-10-12 18:55:35 +02:00
|
|
|
|
$self->lmLog( "Generated password: " . $password, 'debug' );
|
2009-05-28 18:31:39 +02:00
|
|
|
|
|
|
|
|
|
# Call the modify password method
|
2009-10-12 18:55:35 +02:00
|
|
|
|
my $pe_error =
|
|
|
|
|
$self->ldap->userModifyPassword( $self->{dn}, $password, $password );
|
2009-05-28 18:31:39 +02:00
|
|
|
|
|
2009-10-12 18:55:35 +02:00
|
|
|
|
return $pe_error unless ( $pe_error == PE_PASSWORD_OK );
|
2009-05-28 18:31:39 +02:00
|
|
|
|
|
|
|
|
|
# If Password Policy, set the PwdReset flag
|
|
|
|
|
if ( $self->{ldapPpolicyControl} ) {
|
2009-10-12 18:55:35 +02:00
|
|
|
|
my $result =
|
|
|
|
|
$self->ldap->modify( $self->{dn},
|
|
|
|
|
replace => { 'pwdReset' => 'TRUE' } );
|
2009-05-28 18:31:39 +02:00
|
|
|
|
|
2009-10-12 18:55:35 +02:00
|
|
|
|
unless ( $result->code == 0 ) {
|
|
|
|
|
$self->lmLog( "LDAP modify pwdReset error: " . $result->code,
|
|
|
|
|
'error' );
|
2009-05-28 18:31:39 +02:00
|
|
|
|
return PE_LDAPERROR;
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-12 18:55:35 +02:00
|
|
|
|
$self->lmLog( "pwdReset set to TRUE", 'debug' );
|
2009-05-28 18:31:39 +02:00
|
|
|
|
}
|
|
|
|
|
|
2010-01-22 12:25:37 +01:00
|
|
|
|
# Store password to forward it to the user
|
2010-01-21 18:38:55 +01:00
|
|
|
|
$self->{reset_password} = $password;
|
2009-05-28 18:31:39 +02:00
|
|
|
|
|
2010-01-22 12:25:37 +01:00
|
|
|
|
PE_OK;
|
2009-05-28 18:31:39 +02:00
|
|
|
|
}
|
2009-12-21 23:28:38 +01:00
|
|
|
|
|
2009-05-14 18:19:49 +02:00
|
|
|
|
1;
|