summaryrefslogtreecommitdiff
path: root/plugins/password/drivers/ldap_simple.php
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/password/drivers/ldap_simple.php')
-rw-r--r--plugins/password/drivers/ldap_simple.php70
1 files changed, 49 insertions, 21 deletions
diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php
index 67f53d091..482b7e56f 100644
--- a/plugins/password/drivers/ldap_simple.php
+++ b/plugins/password/drivers/ldap_simple.php
@@ -14,19 +14,19 @@ function password_save($curpass, $passwd)
{
$rcmail = rcmail::get_instance();
- /* Connect */
+ // Connect
if (!$ds = ldap_connect($rcmail->config->get('password_ldap_host'), $rcmail->config->get('password_ldap_port'))) {
ldap_unbind($ds);
return PASSWORD_CONNECT_ERROR;
}
- /* Set protocol version */
+ // Set protocol version
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $rcmail->config->get('password_ldap_version'))) {
ldap_unbind($ds);
return PASSWORD_CONNECT_ERROR;
}
- /* Start TLS */
+ // Start TLS
if ($rcmail->config->get('password_ldap_starttls')) {
if (!ldap_start_tls($ds)) {
ldap_unbind($ds);
@@ -34,7 +34,7 @@ function password_save($curpass, $passwd)
}
}
- /* Build user DN */
+ // Build user DN
if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) {
$user_dn = ldap_simple_substitute_vars($user_dn);
} else {
@@ -46,7 +46,7 @@ function password_save($curpass, $passwd)
return PASSWORD_CONNECT_ERROR;
}
- /* Connection method */
+ // Connection method
switch ($rcmail->config->get('password_ldap_method')) {
case 'admin':
$binddn = $rcmail->config->get('password_ldap_adminDN');
@@ -59,31 +59,51 @@ function password_save($curpass, $passwd)
break;
}
- /* Bind */
- if (!ldap_bind($ds, $binddn, $bindpw)) {
- ldap_unbind($ds);
- return PASSWORD_CONNECT_ERROR;
- }
- /* Crypting new password */
$crypted_pass = ldap_simple_hash_password($passwd, $rcmail->config->get('password_ldap_encodage'));
+ $lchattr = $rcmail->config->get('password_ldap_lchattr');
+ $pwattr = $rcmail->config->get('password_ldap_pwattr');
+ $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr');
+ $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr');
+ $samba = $rcmail->config->get('password_ldap_samba');
+
+ // Support password_ldap_samba option for backward compat.
+ if ($samba && !$smbpwattr) {
+ $smbpwattr = 'sambaNTPassword';
+ $smblchattr = 'sambaPwdLastSet';
+ }
+
+ // Crypt new password
if (!$crypted_pass) {
- ldap_unbind($ds);
return PASSWORD_CRYPT_ERROR;
}
- $entree[$rcmail->config->get('password_ldap_pwattr')] = $crypted_pass;
+ // Crypt new Samba password
+ if ($smbpwattr && !($samba_pass = ldap_simple_hash_password($passwd, 'samba'))) {
+ return PASSWORD_CRYPT_ERROR;
+ }
- /* Updating PasswordLastChange Attribute if desired */
- if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) {
+ // Bind
+ if (!ldap_bind($ds, $binddn, $bindpw)) {
+ ldap_unbind($ds);
+ return PASSWORD_CONNECT_ERROR;
+ }
+
+ $entree[$pwattr] = $crypted_pass;
+
+ // Update PasswordLastChange Attribute if desired
+ if ($lchattr) {
$entree[$lchattr] = (int)(time() / 86400);
}
- /* Update Samba password fields */
- if ($smbattr = $rcmail->config->get('password_ldap_samba')) {
- $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE'));
- $entree['sambaNTPassword'] = $sambaNTPassword;
- $entree['sambaPwdLastSet'] = time();
+ // Update Samba password
+ if ($smbpwattr) {
+ $entree[$smbpwattr] = $samba_pass;
+ }
+
+ // Update Samba password last change
+ if ($smblchattr) {
+ $entree[$smblchattr] = time();
}
if (!ldap_modify($ds, $user_dn, $entree)) {
@@ -91,7 +111,7 @@ function password_save($curpass, $passwd)
return PASSWORD_CONNECT_ERROR;
}
- /* All done, no error */
+ // All done, no error
ldap_unbind($ds);
return PASSWORD_SUCCESS;
}
@@ -215,6 +235,14 @@ function ldap_simple_hash_password($password_clear, $encodage_type)
return false;
}
break;
+ case 'samba':
+ if (function_exists('hash')) {
+ $crypted_password = hash('md4', rcube_charset_convert($password_clear, RCMAIL_CHARSET, 'UTF-16LE'));
+ } else {
+ /* Your PHP install does not have the hash() function */
+ return false;
+ }
+ break;
case 'clear':
default:
$crypted_password = $password_clear;