/**
* Changes a user's password inside the LDAP
*
* @param CUser $user The user
* @param string $old_pass The user's old password
* @param string $new_pass The user's new password
* @param string $encryption Encryption type: Unicode or MD5 or SHA
*
* @return boolean Success
*/
static function changePassword(CUser $user, $old_pass, $new_pass, $encryption = "Unicode")
{
if (!in_array($encryption, array("Unicode", "MD5", "SHA"))) {
return false;
}
$source_ldap = CLDAP::connect();
if (!$source_ldap) {
return false;
}
if (!$source_ldap->secured) {
$source_ldap->start_tls();
}
$bound = $source_ldap->ldap_bind($source_ldap->_ldapconn, $user->user_username, $old_pass);
if (!$bound) {
return false;
}
$entry = array();
switch ($encryption) {
case "Unicode":
$entry["unicodePwd"][0] = self::encodeUnicodePassword($new_pass);
break;
case "MD5":
$new_pass = md5($new_pass);
$entry["userPassword"] = "******" . base64_encode(pack("H*", $new_pass));
break;
case "SHA":
$new_pass = sha1($new_pass);
$entry["userPassword"] = "******" . base64_encode(pack("H*", $new_pass));
break;
}
$dn = $source_ldap->get_dn($user->user_username);
return $source_ldap->ldap_mod_replace($source_ldap->_ldapconn, $dn, $entry);
}
