Commit 50de4b6b authored by Côme Bernigaud's avatar Côme Bernigaud Committed by Benoit Mortier
Browse files

Fixes #3397 Applying default ppolicy if no other

parent d911208c
...@@ -209,9 +209,21 @@ class password extends plugin ...@@ -209,9 +209,21 @@ class password extends plugin
$ldap = $config->get_ldap_link(); $ldap = $config->get_ldap_link();
$ldap->cat($user, array('pwdPolicySubentry', 'pwdHistory', 'pwdChangedTime')); $ldap->cat($user, array('pwdPolicySubentry', 'pwdHistory', 'pwdChangedTime'));
$attrs = $ldap->fetch(); $attrs = $ldap->fetch();
$ppolicydn = '';
if (isset($attrs['pwdPolicySubentry'])) { if (isset($attrs['pwdPolicySubentry'])) {
$ldap->cat($attrs['pwdPolicySubentry'], array('pwdAllowUserChange', 'pwdMinLength', 'pwdMinAge', 'pwdSafeModify')); $ppolicydn = $attrs['pwdPolicySubentry'];
} else {
$ppolicydn = $config->get_cfg_value('ppolicyDefaultCn', '');
if (!empty($ppolicydn)) {
$ppolicydn = 'cn='.$ppolicydn.','.get_ou('ppolicyRDN').$config->current['BASE'];
}
}
if (!empty($ppolicydn)) {
$ldap->cat($ppolicydn, array('pwdAllowUserChange', 'pwdMinLength', 'pwdMinAge', 'pwdSafeModify'));
$policy = $ldap->fetch(); $policy = $ldap->fetch();
if (!$policy) {
return sprintf(_('Ppolicy "%s" could not be found in the LDAP!'), $ppolicydn);
}
if (isset($policy['pwdAllowUserChange']) && ($policy['pwdAllowUserChange'] == 'FALSE') && ($ui->dn == $user)) { if (isset($policy['pwdAllowUserChange']) && ($policy['pwdAllowUserChange'] == 'FALSE') && ($ui->dn == $user)) {
return _('You are not allowed to change your own password'); return _('You are not allowed to change your own password');
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment