Fix LDAP Policy

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm

@@ -6,9 +6,17 @@ use Lemonldap::NG::Portal::Main::Constants qw(
   PE_OK
   PE_DONE
   PE_ERROR
+  PE_BADOLDPASSWORD
   PE_LDAPCONNECTFAILED
+  PE_PASSWORDFORMEMPTY
+  PE_PASSWORD_MISMATCH
   PE_PP_CHANGE_AFTER_RESET
   PE_PP_PASSWORD_EXPIRED
+  PE_PP_INSUFFICIENT_PASSWORD_QUALITY
+  PE_PP_PASSWORD_TOO_SHORT
+  PE_PP_PASSWORD_TOO_YOUNG
+  PE_PP_PASSWORD_IN_HISTORY
+  PE_PP_MUST_SUPPLY_OLD_PASSWORD
 );
 
 our $VERSION = '2.1.0';
@@ -93,6 +101,29 @@ sub authLogout {
     PE_OK;
 }
 
+sub getForm {
+    my ( $self, $req ) = @_;
+    if (
+           $req->{error} == PE_PP_CHANGE_AFTER_RESET
+        or $req->{error} == PE_PP_MUST_SUPPLY_OLD_PASSWORD
+        or $req->{error} == PE_PP_INSUFFICIENT_PASSWORD_QUALITY
+        or $req->{error} == PE_PP_PASSWORD_TOO_SHORT
+        or $req->{error} == PE_PP_PASSWORD_TOO_YOUNG
+        or $req->{error} == PE_PP_PASSWORD_IN_HISTORY
+        or $req->{error} == PE_PASSWORD_MISMATCH
+        or $req->{error} == PE_BADOLDPASSWORD
+        or $req->{error} == PE_PASSWORDFORMEMPTY
+        or (    $req->{error} == PE_PP_PASSWORD_EXPIRED
+            and $self->conf->{ldapAllowResetExpiredPassword} )
+      )
+    {
+        return 'password';
+    }
+    else {
+        return $self->SUPER::getForm($req);
+    }
+}
+
 # Test LDAP connection before trying to bind
 sub userBind {
     my $self = shift;

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm

@@ -292,6 +292,7 @@ sub display {
             REGISTER_URL          => $self->conf->{registerUrl},
             HIDDEN_INPUTS         => $self->buildHiddenForm($req),
             STAYCONNECTED         => $self->conf->{stayConnected},
+            REQUIRE_OLDPASSWORD   => $self->conf->{portalRequireOldPassword},
             SPOOFID               => $self->conf->{impersonationRule},
             (
                 $req->data->{customScript}