Commit badc7a0c authored by Clément OUDOT's avatar Clément OUDOT

Add AD password module (#1530)

parent 58885295
......@@ -85,6 +85,7 @@ lib/Lemonldap/NG/Portal/Main/Process.pm
lib/Lemonldap/NG/Portal/Main/Request.pm
lib/Lemonldap/NG/Portal/Main/Run.pm
lib/Lemonldap/NG/Portal/Main/SecondFactor.pm
lib/Lemonldap/NG/Portal/Password/AD.pm
lib/Lemonldap/NG/Portal/Password/Base.pm
lib/Lemonldap/NG/Portal/Password/Choice.pm
lib/Lemonldap/NG/Portal/Password/Custom.pm
......@@ -463,6 +464,8 @@ t/60-Status.t
t/61-BruteForceProtection.t
t/61-ForceAuthn.t
t/61-GrantSession.t
t/61-Session-ActivityTimeout.t
t/61-Session-Timeout.t
t/62-SingleSession.t
t/63-History.t
t/64-StayConnected.t
......
package Lemonldap::NG::Portal::Password::AD;
use strict;
use Mouse;
use Lemonldap::NG::Portal::Main::Constants
qw(PE_PASSWORD_OK PE_LDAPERROR PE_ERROR);
extends 'Lemonldap::NG::Portal::Lib::LDAP',
'Lemonldap::NG::Portal::Password::Base';
our $VERSION = '2.0.0';
sub init {
my ($self) = @_;
$self->ldap
and $self->filter
and $self->Lemonldap::NG::Portal::Password::Base::init;
}
# Confirmation is done by Lib::Net::LDAP::userModifyPassword
sub confirm {
return 1;
}
sub modifyPassword {
my ( $self, $req, $pwd ) = @_;
my $dn = $req->userData->{_dn} || $req->sessionInfo->{_dn};
unless ($dn) {
$self->logger->error('"dn" is not set, aborting password modification');
return PE_ERROR;
}
# Call the modify password method
my $code =
$self->ldap->userModifyPassword( $dn, $pwd, $req->data->{oldpassword},
1 );
unless ( $code == PE_PASSWORD_OK ) {
$self->ldap->unbind;
$self->{flags}->{ldapActive} = 0;
return $code;
}
# If force reset, set reset flag
if ( $req->data->{forceReset} ) {
my $result = $self->ldap->modify(
$dn,
replace => {
'pwdLastSet' => '0'
}
);
unless ( $result->code == 0 ) {
$self->logger->error(
"LDAP modify pwdLastSet error: " . $result->code );
$self->ldap->unbind;
$self->{flags}->{ldapActive} = 0;
return PE_LDAPERROR;
}
$self->logger->debug("pwdLastSet set to 0");
}
return $code;
}
1;
......@@ -17,6 +17,7 @@ SKIP: {
useSafeJail => 1,
authentication => 'AD',
userDB => 'Same',
passwordDB => 'AD',
LDAPFilter => $ENV{ADFILTER} || '(cn=$user)',
ldapServer => $ENV{ADSERVER},
ldapBase => $ENV{ADBASE},
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment