Use PasswordDBLDAP in Menu
This commit is contained in:
parent
a782f5e6b2
commit
9d87ad8532
|
@ -13,10 +13,14 @@ use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap Object used to
|
|||
use XML::LibXML;
|
||||
use Lemonldap::NG::Common::Safelib; #link protected safe Safe object
|
||||
use Safe;
|
||||
use Lemonldap::NG::Portal::PasswordDBLDAP; #inherits
|
||||
|
||||
#inherits Net::LDAP::Control::PasswordPolicy
|
||||
|
||||
our $VERSION = '0.03';
|
||||
*_modifyPassword = *Lemonldap::NG::Portal::PasswordDBLDAP::modifyPassword;
|
||||
*_passwordDBInit = *Lemonldap::NG::Portal::PasswordDBLDAP::passwordDBInit;
|
||||
|
||||
our $VERSION = '0.04';
|
||||
|
||||
### ACCESS CONTROL DISPLAY SYSTEM
|
||||
|
||||
|
@ -95,17 +99,16 @@ sub new {
|
|||
# Print Ppolicy warning messages
|
||||
( $self->{error}, $self->{error_value} ) = $self->_ppolicyWarning;
|
||||
|
||||
# Gest POST data
|
||||
my ( $newpassword, $confirmpassword, $oldpassword ) = (
|
||||
$self->{portalObject}->param('newpassword'),
|
||||
$self->{portalObject}->param('confirmpassword'),
|
||||
$self->{portalObject}->param('oldpassword')
|
||||
);
|
||||
# Store POST data in $self->{portalObject}
|
||||
$self->{portalObject}->{'newpassword'} = $self->{portalObject}->param('newpassword');
|
||||
$self->{portalObject}->{'confirmpassword'} = $self->{portalObject}->param('confirmpassword');
|
||||
$self->{portalObject}->{'oldpassword'} = $self->{portalObject}->param('oldpassword');
|
||||
$self->{portalObject}->{'dn'} = $self->{portalObject}->{sessionInfo}->{'dn'};
|
||||
$self->{portalObject}->{'user'} = $self->{portalObject}->{sessionInfo}->{'_user'};
|
||||
|
||||
# Change password (only if newpassword submitted)
|
||||
$self->{error} =
|
||||
$self->_changePassword( $newpassword, $confirmpassword, $oldpassword )
|
||||
if $newpassword;
|
||||
$self->{error} = &_passwordDBInit( $self->{portalObject} ) if $self->{portalObject}->{'newpassword'};
|
||||
$self->{error} = &_modifyPassword( $self->{portalObject} ) if $self->{portalObject}->{'newpassword'};
|
||||
|
||||
return $self;
|
||||
}
|
||||
|
@ -388,111 +391,6 @@ sub _hideEmptyCategory {
|
|||
return;
|
||||
}
|
||||
|
||||
## @method private int _changePassword(string newpassword,string confirmpassword,string oldpassword)
|
||||
# Change user's password.
|
||||
# @param $newpassword New password
|
||||
# @param $confirmpassword New password
|
||||
# @param $oldpassword Current password
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
sub _changePassword {
|
||||
|
||||
# TODO: Check used Auth module and change password for LDAP or DBI
|
||||
my $self = shift;
|
||||
my ( $newpassword, $confirmpassword, $oldpassword ) = @_;
|
||||
my $err;
|
||||
|
||||
# Verify confirmation password matching
|
||||
return PE_PASSWORD_MISMATCH unless ( $newpassword eq $confirmpassword );
|
||||
|
||||
# Connect to LDAP
|
||||
unless ( $self->{portalObject}->ldap ) {
|
||||
return PE_LDAPCONNECTFAILED;
|
||||
}
|
||||
|
||||
my $ldap = $self->{portalObject}->{ldap};
|
||||
my $dn = $self->{portalObject}->{sessionInfo}->{"dn"};
|
||||
|
||||
# First case: no ppolicy
|
||||
if ( !$self->{portalObject}->{ldapPpolicyControl} ) {
|
||||
|
||||
my $mesg =
|
||||
$ldap->modify( $dn, replace => { userPassword => $newpassword } );
|
||||
|
||||
return PE_WRONGMANAGERACCOUNT
|
||||
if ( $mesg->code == 50 || $mesg->code == 8 );
|
||||
return PE_LDAPERROR unless ( $mesg->code == 0 );
|
||||
$self->_storePassword($newpassword);
|
||||
return PE_PASSWORD_OK;
|
||||
}
|
||||
else {
|
||||
|
||||
# require Perl module
|
||||
eval 'require Net::LDAP::Control::PasswordPolicy';
|
||||
if ($@) {
|
||||
$self->{portalObject}->lmLog(
|
||||
"Module Net::LDAP::Control::PasswordPolicy not found in @INC",
|
||||
'error' );
|
||||
return PE_LDAPERROR;
|
||||
}
|
||||
no strict 'subs';
|
||||
|
||||
# Create Control object
|
||||
my $pp = Net::LDAP::Control::PasswordPolicy->new;
|
||||
|
||||
my $mesg = $ldap->modify(
|
||||
$dn,
|
||||
replace => { userPassword => $newpassword },
|
||||
control => [$pp]
|
||||
);
|
||||
|
||||
# TODO: use setPassword with oldpassword if needed
|
||||
|
||||
# Get server control response
|
||||
my ($resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
|
||||
|
||||
return PE_WRONGMANAGERACCOUNT
|
||||
if ( $mesg->code == 50 || $mesg->code == 8 );
|
||||
$self->_storePassword($newpassword) && return PE_PASSWORD_OK
|
||||
if ( $mesg->code == 0 );
|
||||
|
||||
if ( defined $resp ) {
|
||||
my $pp_error = $resp->pp_error;
|
||||
if ( defined $pp_error ) {
|
||||
return [
|
||||
PE_PP_PASSWORD_EXPIRED,
|
||||
PE_PP_ACCOUNT_LOCKED,
|
||||
PE_PP_CHANGE_AFTER_RESET,
|
||||
PE_PP_PASSWORD_MOD_NOT_ALLOWED,
|
||||
PE_PP_MUST_SUPPLY_OLD_PASSWORD,
|
||||
PE_PP_INSUFFICIENT_PASSWORD_QUALITY,
|
||||
PE_PP_PASSWORD_TOO_SHORT,
|
||||
PE_PP_PASSWORD_TOO_YOUNG,
|
||||
PE_PP_PASSWORD_IN_HISTORY,
|
||||
]->[$pp_error];
|
||||
}
|
||||
}
|
||||
else {
|
||||
return PE_LDAPERROR;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
## @method private boolean _storePassword(string password)
|
||||
# Store new password in session if storePassword parameter is set.
|
||||
# @param $password Password used in form
|
||||
# @return True
|
||||
sub _storePassword {
|
||||
my $self = shift;
|
||||
my ($password) = @_;
|
||||
if ( $self->{portalObject}->{storePassword} ) {
|
||||
$self->{portalObject}->{sessionInfo}->{_password} = $password;
|
||||
|
||||
# Update session
|
||||
$self->{portalObject}->updateSession( { _password => $password } );
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
## @method private int function _ppolicyWarning()
|
||||
# Return ppolicy warnings get in AuthLDAP.pm
|
||||
# @return Lemonldap::NG::Portal constant
|
||||
|
|
|
@ -44,6 +44,8 @@ sub modifyPassword {
|
|||
return $tmp if ($tmp);
|
||||
}
|
||||
|
||||
$self->lmLog("Modify password request for ".$self->{dn},'debug');
|
||||
|
||||
# Call the modify password method
|
||||
return $self->ldap->userModifyPassword( $self->{dn}, $self->{newpassword}, $self->{confirmpassword}, $self->{oldpassword} );
|
||||
PE_OK;
|
||||
|
|
|
@ -62,7 +62,8 @@ sub search {
|
|||
return PE_LDAPERROR;
|
||||
}
|
||||
unless ( $self->{entry} = $mesg->entry(0) ) {
|
||||
$self->_sub('userError',"$self->{user} was not found in LDAP directory");
|
||||
$user = $self->{mail} || $self->{user};
|
||||
$self->_sub('userError',"$user was not found in LDAP directory");
|
||||
return PE_BADCREDENTIALS;
|
||||
}
|
||||
$self->{dn} = $self->{entry}->dn();
|
||||
|
|
Loading…
Reference in New Issue
Block a user