dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use PasswordDBLDAP in Menu

Browse Source
This commit is contained in:
Clément Oudot 2009-06-02 15:34:13 +00:00
parent a782f5e6b2
commit 9d87ad8532
3 changed files with 17 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Menu.pm
View File

@ -13,10 +13,14 @@ use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap Object used to
use XML::LibXML;
use Lemonldap::NG::Common::Safelib; #link protected safe Safe object
use Safe;
use Lemonldap::NG::Portal::PasswordDBLDAP; #inherits
#inherits Net::LDAP::Control::PasswordPolicy
our $VERSION = '0.03';
*_modifyPassword = *Lemonldap::NG::Portal::PasswordDBLDAP::modifyPassword;
*_passwordDBInit = *Lemonldap::NG::Portal::PasswordDBLDAP::passwordDBInit;
our $VERSION = '0.04';
### ACCESS CONTROL DISPLAY SYSTEM
@ -95,17 +99,16 @@ sub new {
# Print Ppolicy warning messages
( $self->{error}, $self->{error_value} ) = $self->_ppolicyWarning;
# Gest POST data
my ( $newpassword, $confirmpassword, $oldpassword ) = (
$self->{portalObject}->param('newpassword'),
$self->{portalObject}->param('confirmpassword'),
$self->{portalObject}->param('oldpassword')
);
# Store POST data in $self->{portalObject}
$self->{portalObject}->{'newpassword'} = $self->{portalObject}->param('newpassword');
$self->{portalObject}->{'confirmpassword'} = $self->{portalObject}->param('confirmpassword');
$self->{portalObject}->{'oldpassword'} = $self->{portalObject}->param('oldpassword');
$self->{portalObject}->{'dn'} = $self->{portalObject}->{sessionInfo}->{'dn'};
$self->{portalObject}->{'user'} = $self->{portalObject}->{sessionInfo}->{'_user'};
# Change password (only if newpassword submitted)
$self->{error} =
$self->_changePassword( $newpassword, $confirmpassword, $oldpassword )
if $newpassword;
$self->{error} = &_passwordDBInit( $self->{portalObject} ) if $self->{portalObject}->{'newpassword'};
$self->{error} = &_modifyPassword( $self->{portalObject} ) if $self->{portalObject}->{'newpassword'};
return $self;
}
@ -388,111 +391,6 @@ sub _hideEmptyCategory {
return;
}
## @method private int _changePassword(string newpassword,string confirmpassword,string oldpassword)
# Change user's password.
# @param $newpassword New password
# @param $confirmpassword New password
# @param $oldpassword Current password
# @return Lemonldap::NG::Portal constant
sub _changePassword {
# TODO: Check used Auth module and change password for LDAP or DBI
my $self = shift;
my ( $newpassword, $confirmpassword, $oldpassword ) = @_;
my $err;
# Verify confirmation password matching
return PE_PASSWORD_MISMATCH unless ( $newpassword eq $confirmpassword );
# Connect to LDAP
unless ( $self->{portalObject}->ldap ) {
return PE_LDAPCONNECTFAILED;
}
my $ldap = $self->{portalObject}->{ldap};
my $dn = $self->{portalObject}->{sessionInfo}->{"dn"};
# First case: no ppolicy
if ( !$self->{portalObject}->{ldapPpolicyControl} ) {
my $mesg =
$ldap->modify( $dn, replace => { userPassword => $newpassword } );
return PE_WRONGMANAGERACCOUNT
if ( $mesg->code == 50 || $mesg->code == 8 );
return PE_LDAPERROR unless ( $mesg->code == 0 );
$self->_storePassword($newpassword);
return PE_PASSWORD_OK;
}
else {
# require Perl module
eval 'require Net::LDAP::Control::PasswordPolicy';
if ($@) {
$self->{portalObject}->lmLog(
"Module Net::LDAP::Control::PasswordPolicy not found in @INC",
'error' );
return PE_LDAPERROR;
}
no strict 'subs';
# Create Control object
my $pp = Net::LDAP::Control::PasswordPolicy->new;
my $mesg = $ldap->modify(
$dn,
replace => { userPassword => $newpassword },
control => [$pp]
);
# TODO: use setPassword with oldpassword if needed
# Get server control response
my ($resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
return PE_WRONGMANAGERACCOUNT
if ( $mesg->code == 50 || $mesg->code == 8 );
$self->_storePassword($newpassword) && return PE_PASSWORD_OK
if ( $mesg->code == 0 );
if ( defined $resp ) {
my $pp_error = $resp->pp_error;
if ( defined $pp_error ) {
return [
PE_PP_PASSWORD_EXPIRED,
PE_PP_ACCOUNT_LOCKED,
PE_PP_CHANGE_AFTER_RESET,
PE_PP_PASSWORD_MOD_NOT_ALLOWED,
PE_PP_MUST_SUPPLY_OLD_PASSWORD,
PE_PP_INSUFFICIENT_PASSWORD_QUALITY,
PE_PP_PASSWORD_TOO_SHORT,
PE_PP_PASSWORD_TOO_YOUNG,
PE_PP_PASSWORD_IN_HISTORY,
]->[$pp_error];
}
}
else {
return PE_LDAPERROR;
}
}
}
## @method private boolean _storePassword(string password)
# Store new password in session if storePassword parameter is set.
# @param $password Password used in form
# @return True
sub _storePassword {
my $self = shift;
my ($password) = @_;
if ( $self->{portalObject}->{storePassword} ) {
$self->{portalObject}->{sessionInfo}->{_password} = $password;
# Update session
$self->{portalObject}->updateSession( { _password => $password } );
}
return 1;
}
## @method private int function _ppolicyWarning()
# Return ppolicy warnings get in AuthLDAP.pm
# @return Lemonldap::NG::Portal constant

2
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/PasswordDBLDAP.pm
View File

@ -44,6 +44,8 @@ sub modifyPassword {
return $tmp if ($tmp);
}
$self->lmLog("Modify password request for ".$self->{dn},'debug');
# Call the modify password method
return $self->ldap->userModifyPassword( $self->{dn}, $self->{newpassword}, $self->{confirmpassword}, $self->{oldpassword} );
PE_OK;

3
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBLDAP.pm
View File

@ -62,7 +62,8 @@ sub search {
return PE_LDAPERROR;
}
unless ( $self->{entry} = $mesg->entry(0) ) {
$self->_sub('userError',"$self->{user} was not found in LDAP directory");
$user = $self->{mail} || $self->{user};
$self->_sub('userError',"$user was not found in LDAP directory");
return PE_BADCREDENTIALS;
}
$self->{dn} = $self->{entry}->dn();