From 6517718f2656bc287b66766fe46522feb8778022 Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Fri, 8 Jan 2021 14:27:56 +0100
Subject: [PATCH] Add an option to force getUser before LDAP password change
 (#714)

---
 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm  | 6 ++++++
 .../lib/Lemonldap/NG/Portal/Password/LDAP.pm                | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm
index b4f959548..3f7e0631e 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm
@@ -30,6 +30,12 @@ sub confirm {
 
 sub modifyPassword {
     my ( $self, $req, $pwd, $useMail ) = @_;
+
+    # If the password change is done in a different backend,
+    # we need to reload the correct DN
+    $self->getUser( $req, useMail => $useMail )
+      if $self->conf->{ldapGetUserBeforePasswordChange};
+
     my $dn = $req->data->{dn} || $req->sessionInfo->{_dn};
     unless ($dn) {
         $self->logger->error('"dn" is not set, abort password modification');
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
index 476fc3fd3..c54aee646 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
@@ -32,6 +32,11 @@ sub modifyPassword {
     my $dn;
     my $requireOldPassword;
 
+    # If the password change is done in a different backend,
+    # we need to reload the correct DN
+    $self->getUser( $req, useMail => $useMail )
+      if $self->conf->{ldapGetUserBeforePasswordChange};
+
     if ( $req->data->{dn} ) {
         $dn                 = $req->data->{dn};
         $requireOldPassword = $self->requireOldPwdRule->( $req, $req->userData );