lemonldap-ng/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/PasswordDBLDAP.pm

##@file
# LDAP password backend file

##@class
# LDAP password backend class
package Lemonldap::NG::Portal::PasswordDBLDAP;

use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Portal::_LDAP 'ldap';    #link protected ldap
use Lemonldap::NG::Portal::UserDBLDAP;      #inherits

our $VERSION = '0.2';

*_formateFilter = *Lemonldap::NG::Portal::UserDBLDAP::formateFilter;
*_search        = *Lemonldap::NG::Portal::UserDBLDAP::search;

## @apmethod int passwordDBInit()
# Load Net::LDAP::Control::PasswordPolicy if needed
# @return Lemonldap::NG::Portal constant
sub passwordDBInit {
    PE_OK;
}

## @apmethod int modifyPassword()
# Modify the password by LDAP mechanism.
# @return Lemonldap::NG::Portal constant
sub modifyPassword {
    my $self = shift;

    # Exit method if no password change requested
    return PE_OK unless ( $self->{newpassword} );

    unless ( $self->ldap ) {
        return PE_LDAPCONNECTFAILED;
    }

    # Set the dn unless done before
    unless ( $self->{dn} ) {
        my $tmp = $self->_subProcess(qw(_formateFilter _search));
        return $tmp if ($tmp);
    }

    $self->lmLog( "Modify password request for " . $self->{dn}, 'debug' );

    # Call the modify password method
    return $self->ldap->userModifyPassword(
        $self->{dn},              $self->{newpassword},
        $self->{confirmpassword}, $self->{oldpassword}
    );
    PE_OK;
}

## @apmethod int resetPasswordByMail()
# Reset the password and send a mail.
# @return Lemonldap::NG::Portal constant
sub resetPasswordByMail {
    my $self = shift;

    # Exit method if no mail
    return PE_OK unless ( $self->{mail} );

    unless ( $self->ldap ) {
        return PE_LDAPCONNECTFAILED;
    }

    # Set the dn unless done before
    unless ( $self->{dn} ) {
        my $tmp = $self->_subProcess(qw(_formateFilter _search));
        return $tmp if ($tmp);
    }

    $self->lmLog( "Reset password request for " . $self->{dn}, 'debug' );

    # Check the required modules before changing password
    eval { require String::Random };
    if ($@) {
        $self->lmLog( "Module String::Random not found in @INC", 'error' );
        return PE_ERROR;
    }
    eval { require MIME::Lite };
    if ($@) {
        $self->lmLog( "Module MIME::Lite not found in @INC", 'error' );
        return PE_ERROR;
    }

    # Generate a complex password
    my $random   = new String::Random;
    my $password = $random->randregex( $self->{randomPasswordRegexp} );

    $self->lmLog( "Generated password: " . $password, 'debug' );

    # Call the modify password method
    my $pe_error =
      $self->ldap->userModifyPassword( $self->{dn}, $password, $password );

    return $pe_error unless ( $pe_error == PE_PASSWORD_OK );

    # If Password Policy, set the PwdReset flag
    if ( $self->{ldapPpolicyControl} ) {
        my $result =
          $self->ldap->modify( $self->{dn},
            replace => { 'pwdReset' => 'TRUE' } );

        unless ( $result->code == 0 ) {
            $self->lmLog( "LDAP modify pwdReset error: " . $result->code,
                'error' );
            return PE_LDAPERROR;
        }

        $self->lmLog( "pwdReset set to TRUE", 'debug' );
    }

    # Send new password by mail
    $self->{mailBody} =~ s/\$password/$password/g;
    $self->{mailBody} =~ s/\$(\w+)/$self->{sessionInfo}->{$1}/g;
    $self->lmLog( "SMTP From " . $self->{mailFrom},       'debug' );
    $self->lmLog( "SMTP To " . $self->{mail},             'debug' );
    $self->lmLog( "SMTP Subject " . $self->{mailSubject}, 'debug' );
    $self->lmLog( "SMTP Body " . $self->{mailBody},       'debug' );
    eval {
        my $message = MIME::Lite->new(
            From    => $self->{mailFrom},
            To      => $self->{mail},
            Subject => $self->{mailSubject},
            Type    => "TEXT",
            Data    => $self->{mailBody},
        );
        $self->{SMTPServer}
          ? $message->send( "smtp", $self->{SMTPServer} )
          : $message->send();
    };
    if ($@) {
        $self->lmLog( "Send message failed: $@", 'error' );
        return PE_ERROR;
    }

    PE_PASSWORD_OK;
}
1;
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+								##@file
 								# LDAP password backend file
 								##@class
 								# LDAP password backend class
 								package Lemonldap::NG::Portal::PasswordDBLDAP;
 								use Lemonldap::NG::Portal::Simple;
 								use Lemonldap::NG::Portal::_LDAP 'ldap';    #link protected ldap
 								use Lemonldap::NG::Portal::UserDBLDAP;      #inherits
-												Mail customization (plain text only) with parameter mailBody


											
										
										
											2009-06-03 18:40:41 +02:00
+								our $VERSION = '0.2';
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
 								*_formateFilter = *Lemonldap::NG::Portal::UserDBLDAP::formateFilter;
 								*_search        = *Lemonldap::NG::Portal::UserDBLDAP::search;
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								## @apmethod int passwordDBInit()
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+								# Load Net::LDAP::Control::PasswordPolicy if needed
 								# @return Lemonldap::NG::Portal constant
 								sub passwordDBInit {
 								    PE_OK;
 								}
 								## @apmethod int modifyPassword()
 								# Modify the password by LDAP mechanism.
 								# @return Lemonldap::NG::Portal constant
 								sub modifyPassword {
 								    my $self = shift;
 								    # Exit method if no password change requested
 								    return PE_OK unless ( $self->{newpassword} );
 								    unless ( $self->ldap ) {
 								        return PE_LDAPCONNECTFAILED;
 								    }
 								    # Set the dn unless done before
 								    unless ( $self->{dn} ) {
 								        my $tmp = $self->_subProcess(qw(_formateFilter _search));
 								        return $tmp if ($tmp);
 								    }
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    $self->lmLog( "Modify password request for " . $self->{dn}, 'debug' );
-												Use PasswordDBLDAP in Menu


											
										
										
											2009-06-02 17:34:13 +02:00
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+								    # Call the modify password method
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    return $self->ldap->userModifyPassword(
 								        $self->{dn},              $self->{newpassword},
 								        $self->{confirmpassword}, $self->{oldpassword}
 								    );
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+								    PE_OK;
 								}
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								## @apmethod int resetPasswordByMail()
 								# Reset the password and send a mail.
 								# @return Lemonldap::NG::Portal constant
 								sub resetPasswordByMail {
 								    my $self = shift;
 								    # Exit method if no mail
 								    return PE_OK unless ( $self->{mail} );
 								    unless ( $self->ldap ) {
 								        return PE_LDAPCONNECTFAILED;
 								    }
 								    # Set the dn unless done before
 								    unless ( $self->{dn} ) {
 								        my $tmp = $self->_subProcess(qw(_formateFilter _search));
 								        return $tmp if ($tmp);
 								    }
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    $self->lmLog( "Reset password request for " . $self->{dn}, 'debug' );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
 								    # Check the required modules before changing password
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    eval { require String::Random };
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								    if ($@) {
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								        $self->lmLog( "Module String::Random not found in @INC", 'error' );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								        return PE_ERROR;
 								    }
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    eval { require MIME::Lite };
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								    if ($@) {
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								        $self->lmLog( "Module MIME::Lite not found in @INC", 'error' );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								        return PE_ERROR;
 								    }
 								    # Generate a complex password
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    my $random   = new String::Random;
 								    my $password = $random->randregex( $self->{randomPasswordRegexp} );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    $self->lmLog( "Generated password: " . $password, 'debug' );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
 								    # Call the modify password method
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    my $pe_error =
 								      $self->ldap->userModifyPassword( $self->{dn}, $password, $password );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    return $pe_error unless ( $pe_error == PE_PASSWORD_OK );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
 								    # If Password Policy, set the PwdReset flag
 								    if ( $self->{ldapPpolicyControl} ) {
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								        my $result =
 								          $self->ldap->modify( $self->{dn},
 								            replace => { 'pwdReset' => 'TRUE' } );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								        unless ( $result->code == 0 ) {
 								            $self->lmLog( "LDAP modify pwdReset error: " . $result->code,
 								                'error' );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								            return PE_LDAPERROR;
 								        }
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								        $self->lmLog( "pwdReset set to TRUE", 'debug' );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								    }
 								    # Send new password by mail
-												Mail customization (plain text only) with parameter mailBody


											
										
										
											2009-06-03 18:40:41 +02:00
+								    $self->{mailBody} =~ s/\$password/$password/g;
 								    $self->{mailBody} =~ s/\$(\w+)/$self->{sessionInfo}->{$1}/g;
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    $self->lmLog( "SMTP From " . $self->{mailFrom},       'debug' );
 								    $self->lmLog( "SMTP To " . $self->{mail},             'debug' );
 								    $self->lmLog( "SMTP Subject " . $self->{mailSubject}, 'debug' );
 								    $self->lmLog( "SMTP Body " . $self->{mailBody},       'debug' );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								    eval {
 								        my $message = MIME::Lite->new(
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								            From    => $self->{mailFrom},
 								            To      => $self->{mail},
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								            Subject => $self->{mailSubject},
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								            Type    => "TEXT",
 								            Data    => $self->{mailBody},
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								        );
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								        $self->{SMTPServer}
 								          ? $message->send( "smtp", $self->{SMTPServer} )
 								          : $message->send();
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								    };
 								    if ($@) {
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								        $self->lmLog( "Send message failed: $@", 'error' );
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
+								        return PE_ERROR;
-												* perltidy
* LDAP: loadPP() is called now directly in ldap() to avoid to call it in authInit()



											
										
										
											2009-10-12 18:55:35 +02:00
+								    }
-												LEMONLDAP::NG : Reset password by mail (new functionnality)


											
										
										
											2009-05-28 18:31:39 +02:00
 								    PE_PASSWORD_OK;
 								}
-												LemonLDAP::NG :
* Create PasswordDBLDAP
* Force password modification when password is reset with ppolicy
* new parameter ldapSetPassword: set to 1 if you want to use the LDAP extended operation rather than LDAP modify
* TODO: update HTML templates


											
										
										
											2009-05-14 18:19:49 +02:00
+;