Exemplo n.º 1
0
/**
 * LDAP Password Driver
 *
 * Driver for passwords stored in LDAP
 * This driver use the PEAR Net_LDAP2 class (http://pear.php.net/package/Net_LDAP2).
 *
 * @version 1.1 (2010-04-07)
 * @author Edouard MOREAU <*****@*****.**>
 *
 * function hashPassword based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/).
 * function randomSalt based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/).
 *
 */
function password_save($curpass, $passwd)
{
    $rcmail = rcmail::get_instance();
    require_once 'Net/LDAP2.php';
    // Building user DN
    if ($userDN = $rcmail->config->get('password_ldap_userDN_mask')) {
        $userDN = substitute_vars($userDN);
    } else {
        $userDN = search_userdn($rcmail);
    }
    if (empty($userDN)) {
        return PASSWORD_CONNECT_ERROR;
    }
    // Connection Method
    switch ($rcmail->config->get('password_ldap_method')) {
        case 'admin':
            $binddn = $rcmail->config->get('password_ldap_adminDN');
            $bindpw = $rcmail->config->get('password_ldap_adminPW');
            break;
        case 'user':
        default:
            $binddn = $userDN;
            $bindpw = $curpass;
            break;
    }
    // Configuration array
    $ldapConfig = array('binddn' => $binddn, 'bindpw' => $bindpw, 'basedn' => $rcmail->config->get('password_ldap_basedn'), 'host' => $rcmail->config->get('password_ldap_host'), 'port' => $rcmail->config->get('password_ldap_port'), 'starttls' => $rcmail->config->get('password_ldap_starttls'), 'version' => $rcmail->config->get('password_ldap_version'));
    // Connecting using the configuration array
    $ldap = Net_LDAP2::connect($ldapConfig);
    // Checking for connection error
    if (PEAR::isError($ldap)) {
        return PASSWORD_CONNECT_ERROR;
    }
    // Crypting new password
    $newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage'));
    if (!$newCryptedPassword) {
        return PASSWORD_CRYPT_ERROR;
    }
    // Writing new crypted password to LDAP
    $userEntry = $ldap->getEntry($userDN);
    if (Net_LDAP2::isError($userEntry)) {
        return PASSWORD_CONNECT_ERROR;
    }
    $pwattr = $rcmail->config->get('password_ldap_pwattr');
    $force = $rcmail->config->get('password_ldap_force_replace');
    if (!$userEntry->replace(array($pwattr => $newCryptedPassword), $force)) {
        return PASSWORD_CONNECT_ERROR;
    }
    if (Net_LDAP2::isError($userEntry->update())) {
        return PASSWORD_CONNECT_ERROR;
    }
    // All done, no error
    return PASSWORD_SUCCESS;
}
Exemplo n.º 2
0
/**
 * LDAP Password Driver
 *
 * Driver for passwords stored in LDAP
 * This driver use the PEAR Net_LDAP2 class (http://pear.php.net/package/Net_LDAP2).
 *
 * @version 1.1 (2010-04-07)
 * @author Edouard MOREAU <*****@*****.**>
 *
 * function hashPassword based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/).
 * function randomSalt based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/).
 *
 */
function password_save($curpass, $passwd)
{
    $rcmail = rcmail::get_instance();
    require_once 'Net/LDAP2.php';
    // Building user DN
    if ($userDN = $rcmail->config->get('password_ldap_userDN_mask')) {
        $userDN = substitute_vars($userDN);
    } else {
        $userDN = search_userdn($rcmail);
    }
    if (empty($userDN)) {
        return PASSWORD_CONNECT_ERROR;
    }
    // Connection Method
    switch ($rcmail->config->get('password_ldap_method')) {
        case 'admin':
            $binddn = $rcmail->config->get('password_ldap_adminDN');
            $bindpw = $rcmail->config->get('password_ldap_adminPW');
            break;
        case 'user':
        default:
            $binddn = $userDN;
            $bindpw = $curpass;
            break;
    }
    // Configuration array
    $ldapConfig = array('binddn' => $binddn, 'bindpw' => $bindpw, 'basedn' => $rcmail->config->get('password_ldap_basedn'), 'host' => $rcmail->config->get('password_ldap_host'), 'port' => $rcmail->config->get('password_ldap_port'), 'starttls' => $rcmail->config->get('password_ldap_starttls'), 'version' => $rcmail->config->get('password_ldap_version'));
    // Connecting using the configuration array
    $ldap = Net_LDAP2::connect($ldapConfig);
    // Checking for connection error
    if (PEAR::isError($ldap)) {
        return PASSWORD_CONNECT_ERROR;
    }
    $crypted_pass = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage'));
    $force = $rcmail->config->get('password_ldap_force_replace');
    $pwattr = $rcmail->config->get('password_ldap_pwattr');
    $lchattr = $rcmail->config->get('password_ldap_lchattr');
    $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr');
    $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr');
    $samba = $rcmail->config->get('password_ldap_samba');
    // Support password_ldap_samba option for backward compat.
    if ($samba && !$smbpwattr) {
        $smbpwattr = 'sambaNTPassword';
        $smblchattr = 'sambaPwdLastSet';
    }
    // Crypt new password
    if (!$crypted_pass) {
        return PASSWORD_CRYPT_ERROR;
    }
    // Crypt new samba password
    if ($smbpwattr && !($samba_pass = hashPassword($passwd, 'samba'))) {
        return PASSWORD_CRYPT_ERROR;
    }
    // Writing new crypted password to LDAP
    $userEntry = $ldap->getEntry($userDN);
    if (Net_LDAP2::isError($userEntry)) {
        return PASSWORD_CONNECT_ERROR;
    }
    if (!$userEntry->replace(array($pwattr => $crypted_pass), $force)) {
        return PASSWORD_CONNECT_ERROR;
    }
    // Updating PasswordLastChange Attribute if desired
    if ($lchattr) {
        $current_day = (int) (time() / 86400);
        if (!$userEntry->replace(array($lchattr => $current_day), $force)) {
            return PASSWORD_CONNECT_ERROR;
        }
    }
    // Update Samba password and last change fields
    if ($smbpwattr) {
        $userEntry->replace(array($smbpwattr => $samba_pass), $force);
    }
    // Update Samba password last change field
    if ($smblchattr) {
        $userEntry->replace(array($smblchattr => time()), $force);
    }
    if (Net_LDAP2::isError($userEntry->update())) {
        return PASSWORD_CONNECT_ERROR;
    }
    // All done, no error
    return PASSWORD_SUCCESS;
}
Exemplo n.º 3
0
/**
 * LDAP Password Driver
 *
 * Driver for passwords stored in LDAP
 * This driver use the PEAR Net_LDAP2 class (http://pear.php.net/package/Net_LDAP2).
 *
 * @version 1.1 (2010-04-07)
 * @author Edouard MOREAU <*****@*****.**>
 *
 * function hashPassword based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/).
 * function randomSalt based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/).
 *
 */
function password_save($curpass, $passwd)
{
    $rcmail = rcmail::get_instance();
    require_once 'Net/LDAP2.php';
    // Building user DN
    if ($userDN = $rcmail->config->get('password_ldap_userDN_mask')) {
        $userDN = substitute_vars($userDN);
    } else {
        $userDN = search_userdn($rcmail);
    }
    if (empty($userDN)) {
        return PASSWORD_CONNECT_ERROR;
    }
    // Connection Method
    switch ($rcmail->config->get('password_ldap_method')) {
        case 'admin':
            $binddn = $rcmail->config->get('password_ldap_adminDN');
            $bindpw = $rcmail->config->get('password_ldap_adminPW');
            break;
        case 'user':
        default:
            $binddn = $userDN;
            $bindpw = $curpass;
            break;
    }
    // Configuration array
    $ldapConfig = array('binddn' => $binddn, 'bindpw' => $bindpw, 'basedn' => $rcmail->config->get('password_ldap_basedn'), 'host' => $rcmail->config->get('password_ldap_host'), 'port' => $rcmail->config->get('password_ldap_port'), 'starttls' => $rcmail->config->get('password_ldap_starttls'), 'version' => $rcmail->config->get('password_ldap_version'));
    // Connecting using the configuration array
    $ldap = Net_LDAP2::connect($ldapConfig);
    // Checking for connection error
    if (PEAR::isError($ldap)) {
        return PASSWORD_CONNECT_ERROR;
    }
    // Crypting new password
    $newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage'));
    if (!$newCryptedPassword) {
        return PASSWORD_CRYPT_ERROR;
    }
    // Writing new crypted password to LDAP
    $userEntry = $ldap->getEntry($userDN);
    if (Net_LDAP2::isError($userEntry)) {
        return PASSWORD_CONNECT_ERROR;
    }
    $pwattr = $rcmail->config->get('password_ldap_pwattr');
    $force = $rcmail->config->get('password_ldap_force_replace');
    if (!$userEntry->replace(array($pwattr => $newCryptedPassword), $force)) {
        return PASSWORD_CONNECT_ERROR;
    }
    // Updating PasswordLastChange Attribute if desired
    if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) {
        $current_day = (int) (time() / 86400);
        if (!$userEntry->replace(array($lchattr => $current_day), $force)) {
            return PASSWORD_CONNECT_ERROR;
        }
    }
    if (Net_LDAP2::isError($userEntry->update())) {
        return PASSWORD_CONNECT_ERROR;
    }
    // Update Samba password fields, ignore errors if attributes are not found
    if ($rcmail->config->get('password_ldap_samba')) {
        $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE'));
        $userEntry->replace(array('sambaNTPassword' => $sambaNTPassword), $force);
        $userEntry->replace(array('sambaPwdLastSet' => time()), $force);
        $userEntry->update();
    }
    // All done, no error
    return PASSWORD_SUCCESS;
}