dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow override of userDB in Password::Combination (#714,#716)

Browse Source
This commit is contained in:
Maxime Besson 2021-01-04 11:40:07 +01:00
parent f9ff8c2914
commit 6b24492e33
2 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
doc/sources/admin/authcombination.rst
View File

@ -207,23 +207,23 @@ Then you can configure the ``Combination`` password module to automatically
send password changes to the LDAP server which was used during authentication.
This module also enables password reset.
.. warning::
When using password reset with a combination of 2 or more LDAP servers, you
need to make sure that there is no duplication of email addresses between
all your servers. If an email exists in more than one server, the password
will be reset on the first LDAP server that contains this email address
.. note::
Combinations using the ``and`` boolean expression will not cause passwords
to be changed in both backends for now
You can set the ``_cmbPasswordDB`` session variable to manually select which
backend will be called when changing the password. This is useful when using
SASL delegation
.. note::
Limitations
~~~~~~~~~~~
Forcing the user to reset their password on next login is not currently
supported by the combination module
* When using password reset with a combination of 2 or more LDAP servers, you
need to make sure that there is no duplication of email addresses between all
your servers. If an email exists in more than one server, the password will
be reset on the first LDAP server that contains this email address
* Combinations using the ``and`` boolean expression will not cause passwords to
be changed in both backends for now
* Forcing the user to reset their password on next login is not currently
supported by the combination module
Known problems
--------------

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Combination.pm
View File

@ -50,7 +50,9 @@ sub init {
sub delegate {
my ( $self, $req, $name, @args ) = @_;
my $userDB = $req->sessionInfo->{_userDB};
# The user might want to override which password DB is used with a macro
# This is useful when using SASL delegation in OpenLDAP
my $userDB = $req->sessionInfo->{_cmbPasswordDB} || $req->sessionInfo->{_userDB};
unless ( $self->mods->{$userDB} ) {
$self->logger->error("No Password module available for $userDB");
return PE_ERROR;