public function testChangePasswordWithUserAccountActiveDirectory()
{
if ($this->_getLdap()->getRootDse()->getServerType() !== Zend_Ldap_Node_RootDse::SERVER_TYPE_ACTIVEDIRECTORY) {
$this->markTestSkipped('Test can only be run on an ActiveDirectory server');
}
$options = $this->_getLdap()->getOptions();
if ($options['useSsl'] !== true && $options['useStartTls'] !== true) {
$this->markTestSkipped('Test can only be run on an SSL or TLS secured connection');
}
$dn = $this->_createDn('cn=New User,');
$data = array();
$password = '******';
Zend_Ldap_Attribute::setAttribute($data, 'cn', 'New User', false);
Zend_Ldap_Attribute::setAttribute($data, 'displayName', 'New User', false);
Zend_Ldap_Attribute::setAttribute($data, 'sAMAccountName', 'newuser', false);
Zend_Ldap_Attribute::setAttribute($data, 'userAccountControl', 512, false);
Zend_Ldap_Attribute::setAttribute($data, 'objectClass', 'person', true);
Zend_Ldap_Attribute::setAttribute($data, 'objectClass', 'organizationalPerson', true);
Zend_Ldap_Attribute::setAttribute($data, 'objectClass', 'user', true);
Zend_Ldap_Attribute::setPassword($data, $password, Zend_Ldap_Attribute::PASSWORD_UNICODEPWD, 'unicodePwd');
try {
$this->_getLdap()->add($dn, $data);
$this->_getLdap()->bind($dn, $password);
$newPasswd = 'newpasswd';
$newData = array();
Zend_Ldap_Attribute::setPassword($newData, $newPasswd, Zend_Ldap_Attribute::PASSWORD_UNICODEPWD);
$this->_getLdap()->update($dn, $newData);
try {
$this->_getLdap()->bind($dn, $password);
$this->fail('Expected exception not thrown');
} catch (Zend_Ldap_Exception $zle) {
$message = $zle->getMessage();
$this->assertTrue(strstr($message, 'Invalid credentials') || strstr($message, 'Server is unwilling to perform'));
}
$this->assertType('Zend_Ldap', $this->_getLdap()->bind($dn, $newPasswd));
$this->_getLdap()->bind();
$this->_getLdap()->delete($dn);
} catch (Zend_Ldap_Exception $e) {
$this->_getLdap()->bind();
if ($this->_getLdap()->exists($dn)) {
$this->_getLdap()->delete($dn);
}
$this->fail($e->getMessage());
}
}
public function testPasswordSettingCustomAttribute()
{
$data = array();
Zend_Ldap_Attribute::setPassword($data, 'pa$$w0rd', Zend_Ldap_Attribute::PASSWORD_HASH_SHA, 'myAttribute');
$password = Zend_Ldap_Attribute::getAttribute($data, 'myAttribute', 0);
$this->assertNotNull($password);
}
/**
* Sets a LDAP password.
*
* @param string $password
* @param string $hashType
* @param string $attribName
* @return Zend_Ldap_Node Provides a fluid interface
* @throws Zend_Ldap_Exception
*/
public function setPasswordAttribute($password, $hashType = Zend_Ldap_Attribute::PASSWORD_HASH_MD5, $attribName = 'userPassword')
{
$this->_assertChangeableAttribute($attribName);
Zend_Ldap_Attribute::setPassword($this->_currentData, $password, $hashType, $attribName);
return $this;
}
protected function _changePassLdap(\Core_Dto_Mapping $dtoPass, $userEntity, $recover = FALSE)
{
try {
$ldapUser = $userEntity->getSqPessoa()->getSqPessoaFisica()->getNuCpf();
$userPasswd = $dtoPass->getTxSenha();
$adminAuth = $this->_adminAuthLDAP();
if (!$recover) {
$adminAuth->bind($ldapUser, $userPasswd);
}
$userDn = current($adminAuth->search("samAccountName={$ldapUser}")->toArray());
if (!$userDn) {
throw new \Core_Exception_ServiceLayer_Verification("Usuário inexistente no LDAP");
}
$userData = array();
\Zend_Ldap_Attribute::setPassword($userData, $dtoPass->getTxSenhaNova(), \Zend_Ldap_Attribute::PASSWORD_UNICODEPWD);
$this->_adminAuthLDAP()->update($userDn['dn'], $userData);
} catch (\Zend_Ldap_Exception $exc) {
$message = sprintf('[SICA-e] LDAP Error in %s: "%s"', __METHOD__, $exc->getMessage());
error_log($message);
$this->getMessaging()->addErrorMessage($exc->getMessage());
$message = sprintf('[Erro no LDAP] %s', $exc->getMessage());
$ldapCode = $exc->getCode();
if ($ldapCode > 0) {
$message = sprintf('LDAP0x%x', $ldapCode);
}
throw new \Core_Exception_ServiceLayer_Verification($message);
}
}
