示例#1
0
/**
 * Simple LDAP Password Driver
 *
 * Driver for passwords stored in LDAP
 * This driver is based on Edouard's LDAP Password Driver, but does not
 * require PEAR's Net_LDAP2 to be installed
 * 
 * @version 1.0 (2010-07-31)
 * @author Wout Decre <*****@*****.**>
 */
function password_save($curpass, $passwd)
{
    $rcmail = rcmail::get_instance();
    // Connect
    if (!($ds = ldap_connect($rcmail->config->get('password_ldap_host'), $rcmail->config->get('password_ldap_port')))) {
        ldap_unbind($ds);
        return PASSWORD_CONNECT_ERROR;
    }
    // Set protocol version
    if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $rcmail->config->get('password_ldap_version'))) {
        ldap_unbind($ds);
        return PASSWORD_CONNECT_ERROR;
    }
    // Start TLS
    if ($rcmail->config->get('password_ldap_starttls')) {
        if (!ldap_start_tls($ds)) {
            ldap_unbind($ds);
            return PASSWORD_CONNECT_ERROR;
        }
    }
    // Build user DN
    if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) {
        $user_dn = ldap_simple_substitute_vars($user_dn);
    } else {
        $user_dn = ldap_simple_search_userdn($rcmail, $ds);
    }
    if (empty($user_dn)) {
        ldap_unbind($ds);
        return PASSWORD_CONNECT_ERROR;
    }
    // Connection method
    switch ($rcmail->config->get('password_ldap_method')) {
        case 'admin':
            $binddn = $rcmail->config->get('password_ldap_adminDN');
            $bindpw = $rcmail->config->get('password_ldap_adminPW');
            break;
        case 'user':
        default:
            $binddn = $user_dn;
            $bindpw = $curpass;
            break;
    }
    $crypted_pass = ldap_simple_hash_password($passwd, $rcmail->config->get('password_ldap_encodage'));
    $lchattr = $rcmail->config->get('password_ldap_lchattr');
    $pwattr = $rcmail->config->get('password_ldap_pwattr');
    $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr');
    $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr');
    $samba = $rcmail->config->get('password_ldap_samba');
    // Support password_ldap_samba option for backward compat.
    if ($samba && !$smbpwattr) {
        $smbpwattr = 'sambaNTPassword';
        $smblchattr = 'sambaPwdLastSet';
    }
    // Crypt new password
    if (!$crypted_pass) {
        return PASSWORD_CRYPT_ERROR;
    }
    // Crypt new Samba password
    if ($smbpwattr && !($samba_pass = ldap_simple_hash_password($passwd, 'samba'))) {
        return PASSWORD_CRYPT_ERROR;
    }
    // Bind
    if (!ldap_bind($ds, $binddn, $bindpw)) {
        ldap_unbind($ds);
        return PASSWORD_CONNECT_ERROR;
    }
    $entree[$pwattr] = $crypted_pass;
    // Update PasswordLastChange Attribute if desired
    if ($lchattr) {
        $entree[$lchattr] = (int) (time() / 86400);
    }
    // Update Samba password
    if ($smbpwattr) {
        $entree[$smbpwattr] = $samba_pass;
    }
    // Update Samba password last change
    if ($smblchattr) {
        $entree[$smblchattr] = time();
    }
    if (!ldap_modify($ds, $user_dn, $entree)) {
        ldap_unbind($ds);
        return PASSWORD_CONNECT_ERROR;
    }
    // All done, no error
    ldap_unbind($ds);
    return PASSWORD_SUCCESS;
}
示例#2
0
/**
 * Simple LDAP Password Driver
 *
 * Driver for passwords stored in LDAP
 * This driver is based on Edouard's LDAP Password Driver, but does not
 * require PEAR's Net_LDAP2 to be installed
 * 
 * @version 1.0 (2010-07-31)
 * @author Wout Decre <*****@*****.**>
 */
function password_save($curpass, $passwd)
{
    $rcmail = rcmail::get_instance();
    /* Connect */
    if (!($ds = ldap_connect($rcmail->config->get('password_ldap_host'), $rcmail->config->get('password_ldap_port')))) {
        ldap_unbind($ds);
        return PASSWORD_CONNECT_ERROR;
    }
    /* Set protocol version */
    if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $rcmail->config->get('password_ldap_version'))) {
        ldap_unbind($ds);
        return PASSWORD_CONNECT_ERROR;
    }
    /* Start TLS */
    if ($rcmail->config->get('password_ldap_starttls')) {
        if (!ldap_start_tls($ds)) {
            ldap_unbind($ds);
            return PASSWORD_CONNECT_ERROR;
        }
    }
    /* Build user DN */
    if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) {
        $user_dn = ldap_simple_substitute_vars($user_dn);
    } else {
        $user_dn = ldap_simple_search_userdn($rcmail, $ds);
    }
    if (empty($user_dn)) {
        ldap_unbind($ds);
        return PASSWORD_CONNECT_ERROR;
    }
    /* Connection method */
    switch ($rcmail->config->get('password_ldap_method')) {
        case 'admin':
            $binddn = $rcmail->config->get('password_ldap_adminDN');
            $bindpw = $rcmail->config->get('password_ldap_adminPW');
            break;
        case 'user':
        default:
            $binddn = $user_dn;
            $bindpw = $curpass;
            break;
    }
    /* Bind */
    if (!ldap_bind($ds, $binddn, $bindpw)) {
        ldap_unbind($ds);
        return PASSWORD_CONNECT_ERROR;
    }
    /* Crypting new password */
    $crypted_pass = ldap_simple_hash_password($passwd, $rcmail->config->get('password_ldap_encodage'));
    if (!$crypted_pass) {
        ldap_unbind($ds);
        return PASSWORD_CRYPT_ERROR;
    }
    $entree[$rcmail->config->get('password_ldap_pwattr')] = $crypted_pass;
    /* Updating PasswordLastChange Attribute if desired */
    if ($lchattr = $rcmail->config->get('password_ldap_lchattr')) {
        $entree[$lchattr] = (int) (time() / 86400);
    }
    /* Update Samba password fields */
    if ($smbattr = $rcmail->config->get('password_ldap_samba')) {
        $sambaNTPassword = hash('md4', rcube_charset_convert($passwd, RCMAIL_CHARSET, 'UTF-16LE'));
        $entree['sambaNTPassword'] = $sambaNTPassword;
        $entree['sambaPwdLastSet'] = time();
    }
    if (!ldap_modify($ds, $user_dn, $entree)) {
        ldap_unbind($ds);
        return PASSWORD_CONNECT_ERROR;
    }
    /* All done, no error */
    ldap_unbind($ds);
    return PASSWORD_SUCCESS;
}