/**
* Removes all members from the current group.
*
* @return bool
*/
public function removeMembers()
{
$modification = new BatchModification();
$modification->setAttribute($this->schema->member());
$modification->setType(LDAP_MODIFY_BATCH_REMOVE_ALL);
$this->addModification($modification);
return $this->save();
}
/**
* Change the password of the current user. This must be performed over SSL.
*
* @param string $oldPassword The new password
* @param string $newPassword The old password
* @param bool $replaceNotRemove Alternative password change method. Set to true if you're receiving 'CONSTRAINT'
* errors.
*
* @throws AdldapException
* @throws PasswordPolicyException
* @throws WrongPasswordException
*
* @return bool
*/
public function changePassword($oldPassword, $newPassword, $replaceNotRemove = false)
{
$connection = $this->query->getConnection();
if (!$connection->isUsingSSL() && !$connection->isUsingTLS()) {
$message = 'SSL or TLS must be configured on your web server and enabled to change passwords.';
throw new AdldapException($message);
}
$attribute = ActiveDirectory::UNICODE_PASSWORD;
if ($replaceNotRemove === true) {
$replace = new BatchModification();
$replace->setAttribute($attribute);
$replace->setType(LDAP_MODIFY_BATCH_REPLACE);
$replace->setValues([Utilities::encodePassword($newPassword)]);
$this->addModification($replace);
} else {
$remove = new BatchModification();
$remove->setAttribute($attribute);
$remove->setType(LDAP_MODIFY_BATCH_REMOVE);
$remove->setValues([Utilities::encodePassword($oldPassword)]);
$add = new BatchModification();
$add->setAttribute($attribute);
$add->setType(LDAP_MODIFY_BATCH_ADD);
$add->setValues([Utilities::encodePassword($newPassword)]);
$this->addModification($remove);
$this->addModification($add);
}
$result = $this->update();
if ($result === false) {
$error = $connection->getExtendedError();
if ($error) {
$errorCode = $connection->getExtendedErrorCode();
$message = 'Error: ' . $error;
if ($errorCode == '0000052D') {
$message = "Error: {$errorCode}. Your new password might not match the password policy.";
throw new PasswordPolicyException($message);
} elseif ($errorCode == '00000056') {
$message = "Error: {$errorCode}. Your old password might be wrong.";
throw new WrongPasswordException($message);
}
throw new AdldapException($message);
} else {
return false;
}
}
return $result;
}
/**
* Adds a modification to the models modifications array.
*
* @param BatchModification $modification
*
* @return $this
*/
public function addModification(BatchModification $modification)
{
$batch = $modification->get();
if (is_array($batch)) {
$this->modifications[] = $batch;
}
return $this;
}
/**
* Removes all members from the current group.
*
* @return bool
*/
public function removeMembers()
{
$modification = new BatchModification();
$modification->setAttribute(ActiveDirectory::MEMBER);
$modification->setType(LDAP_MODIFY_BATCH_REMOVE_ALL);
$this->addModification($modification);
return $this->save();
}
/**
* Change the password of the current user. This must be performed over SSL.
*
* @param string $oldPassword The new password
* @param string $newPassword The old password
*
* @throws AdldapException
* @throws PasswordPolicyException
* @throws WrongPasswordException
*
* @return bool
*/
public function changePassword($oldPassword, $newPassword)
{
$connection = $this->query->getConnection();
if (!$connection->isUsingSSL() && !$connection->isUsingTLS()) {
$message = 'SSL or TLS must be configured on your web server and enabled to change passwords.';
throw new AdldapException($message);
}
$attribute = $this->schema->unicodePassword();
// Create batch modification for removing the old password.
$remove = new BatchModification();
$remove->setAttribute($attribute);
$remove->setType(LDAP_MODIFY_BATCH_REMOVE);
$remove->setValues([Utilities::encodePassword($oldPassword)]);
// Create batch modification for adding the new password.
$add = new BatchModification();
$add->setAttribute($attribute);
$add->setType(LDAP_MODIFY_BATCH_ADD);
$add->setValues([Utilities::encodePassword($newPassword)]);
// Add the modifications.
$this->addModification($remove);
$this->addModification($add);
// Update the user.
$result = $this->update();
if ($result === false) {
// If the user failed to update, we'll see if we can
// figure out why by retrieving the extended error.
$error = $connection->getExtendedError();
if ($error) {
$errorCode = $connection->getExtendedErrorCode();
$message = "Error: {$error}";
if ($errorCode == '0000052D') {
$message = "Error: {$errorCode}. Your new password might not match the password policy.";
throw new PasswordPolicyException($message);
} elseif ($errorCode == '00000056') {
$message = "Error: {$errorCode}. Your old password might be wrong.";
throw new WrongPasswordException($message);
}
throw new AdldapException($message);
} else {
return false;
}
}
return $result;
}
