140 lines
4.0 KiB
Perl
140 lines
4.0 KiB
Perl
##@file
|
||
# LDAP password backend file
|
||
|
||
##@class
|
||
# LDAP password backend class
|
||
package Lemonldap::NG::Portal::PasswordDBLDAP;
|
||
|
||
use Lemonldap::NG::Portal::Simple;
|
||
use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap
|
||
use Lemonldap::NG::Portal::UserDBLDAP; #inherits
|
||
|
||
our $VERSION = '0.2';
|
||
|
||
*_formateFilter = *Lemonldap::NG::Portal::UserDBLDAP::formateFilter;
|
||
*_search = *Lemonldap::NG::Portal::UserDBLDAP::search;
|
||
|
||
## @apmethod int passwordDBInit()
|
||
# Load Net::LDAP::Control::PasswordPolicy if needed
|
||
# @return Lemonldap::NG::Portal constant
|
||
sub passwordDBInit {
|
||
PE_OK;
|
||
}
|
||
|
||
## @apmethod int modifyPassword()
|
||
# Modify the password by LDAP mechanism.
|
||
# @return Lemonldap::NG::Portal constant
|
||
sub modifyPassword {
|
||
my $self = shift;
|
||
|
||
# Exit method if no password change requested
|
||
return PE_OK unless ( $self->{newpassword} );
|
||
|
||
unless ( $self->ldap ) {
|
||
return PE_LDAPCONNECTFAILED;
|
||
}
|
||
|
||
# Set the dn unless done before
|
||
unless ( $self->{dn} ) {
|
||
my $tmp = $self->_subProcess(qw(_formateFilter _search));
|
||
return $tmp if ($tmp);
|
||
}
|
||
|
||
$self->lmLog( "Modify password request for " . $self->{dn}, 'debug' );
|
||
|
||
# Call the modify password method
|
||
return $self->ldap->userModifyPassword(
|
||
$self->{dn}, $self->{newpassword},
|
||
$self->{confirmpassword}, $self->{oldpassword}
|
||
);
|
||
PE_OK;
|
||
}
|
||
|
||
## @apmethod int resetPasswordByMail()
|
||
# Reset the password and send a mail.
|
||
# @return Lemonldap::NG::Portal constant
|
||
sub resetPasswordByMail {
|
||
my $self = shift;
|
||
|
||
# Exit method if no mail
|
||
return PE_OK unless ( $self->{mail} );
|
||
|
||
unless ( $self->ldap ) {
|
||
return PE_LDAPCONNECTFAILED;
|
||
}
|
||
|
||
# Set the dn unless done before
|
||
unless ( $self->{dn} ) {
|
||
my $tmp = $self->_subProcess(qw(_formateFilter _search));
|
||
return $tmp if ($tmp);
|
||
}
|
||
|
||
$self->lmLog( "Reset password request for " . $self->{dn}, 'debug' );
|
||
|
||
# Check the required modules before changing password
|
||
eval { require String::Random };
|
||
if ($@) {
|
||
$self->lmLog( "Module String::Random not found in @INC", 'error' );
|
||
return PE_ERROR;
|
||
}
|
||
eval { require MIME::Lite };
|
||
if ($@) {
|
||
$self->lmLog( "Module MIME::Lite not found in @INC", 'error' );
|
||
return PE_ERROR;
|
||
}
|
||
|
||
# Generate a complex password
|
||
my $random = new String::Random;
|
||
my $password = $random->randregex( $self->{randomPasswordRegexp} );
|
||
|
||
$self->lmLog( "Generated password: " . $password, 'debug' );
|
||
|
||
# Call the modify password method
|
||
my $pe_error =
|
||
$self->ldap->userModifyPassword( $self->{dn}, $password, $password );
|
||
|
||
return $pe_error unless ( $pe_error == PE_PASSWORD_OK );
|
||
|
||
# If Password Policy, set the PwdReset flag
|
||
if ( $self->{ldapPpolicyControl} ) {
|
||
my $result =
|
||
$self->ldap->modify( $self->{dn},
|
||
replace => { 'pwdReset' => 'TRUE' } );
|
||
|
||
unless ( $result->code == 0 ) {
|
||
$self->lmLog( "LDAP modify pwdReset error: " . $result->code,
|
||
'error' );
|
||
return PE_LDAPERROR;
|
||
}
|
||
|
||
$self->lmLog( "pwdReset set to TRUE", 'debug' );
|
||
}
|
||
|
||
# Send new password by mail
|
||
$self->{mailBody} =~ s/\$password/$password/g;
|
||
$self->{mailBody} =~ s/\$(\w+)/$self->{sessionInfo}->{$1}/g;
|
||
$self->lmLog( "SMTP From " . $self->{mailFrom}, 'debug' );
|
||
$self->lmLog( "SMTP To " . $self->{mail}, 'debug' );
|
||
$self->lmLog( "SMTP Subject " . $self->{mailSubject}, 'debug' );
|
||
$self->lmLog( "SMTP Body " . $self->{mailBody}, 'debug' );
|
||
eval {
|
||
my $message = MIME::Lite->new(
|
||
From => $self->{mailFrom},
|
||
To => $self->{mail},
|
||
Subject => $self->{mailSubject},
|
||
Type => "TEXT",
|
||
Data => $self->{mailBody},
|
||
);
|
||
$self->{SMTPServer}
|
||
? $message->send( "smtp", $self->{SMTPServer} )
|
||
: $message->send();
|
||
};
|
||
if ($@) {
|
||
$self->lmLog( "Send message failed: $@", 'error' );
|
||
return PE_ERROR;
|
||
}
|
||
|
||
PE_PASSWORD_OK;
|
||
}
|
||
1;
|