Allow override of userDB in Password::Combination (#714,#716)
This commit is contained in:
parent
f9ff8c2914
commit
6b24492e33
|
@ -207,23 +207,23 @@ Then you can configure the ``Combination`` password module to automatically
|
|||
send password changes to the LDAP server which was used during authentication.
|
||||
This module also enables password reset.
|
||||
|
||||
.. warning::
|
||||
|
||||
When using password reset with a combination of 2 or more LDAP servers, you
|
||||
need to make sure that there is no duplication of email addresses between
|
||||
all your servers. If an email exists in more than one server, the password
|
||||
will be reset on the first LDAP server that contains this email address
|
||||
|
||||
|
||||
.. note::
|
||||
|
||||
Combinations using the ``and`` boolean expression will not cause passwords
|
||||
to be changed in both backends for now
|
||||
You can set the ``_cmbPasswordDB`` session variable to manually select which
|
||||
backend will be called when changing the password. This is useful when using
|
||||
SASL delegation
|
||||
|
||||
.. note::
|
||||
Limitations
|
||||
~~~~~~~~~~~
|
||||
|
||||
Forcing the user to reset their password on next login is not currently
|
||||
supported by the combination module
|
||||
* When using password reset with a combination of 2 or more LDAP servers, you
|
||||
need to make sure that there is no duplication of email addresses between all
|
||||
your servers. If an email exists in more than one server, the password will
|
||||
be reset on the first LDAP server that contains this email address
|
||||
* Combinations using the ``and`` boolean expression will not cause passwords to
|
||||
be changed in both backends for now
|
||||
* Forcing the user to reset their password on next login is not currently
|
||||
supported by the combination module
|
||||
|
||||
Known problems
|
||||
--------------
|
||||
|
|
|
@ -50,7 +50,9 @@ sub init {
|
|||
|
||||
sub delegate {
|
||||
my ( $self, $req, $name, @args ) = @_;
|
||||
my $userDB = $req->sessionInfo->{_userDB};
|
||||
# The user might want to override which password DB is used with a macro
|
||||
# This is useful when using SASL delegation in OpenLDAP
|
||||
my $userDB = $req->sessionInfo->{_cmbPasswordDB} || $req->sessionInfo->{_userDB};
|
||||
unless ( $self->mods->{$userDB} ) {
|
||||
$self->logger->error("No Password module available for $userDB");
|
||||
return PE_ERROR;
|
||||
|
|
Loading…
Reference in New Issue
Block a user