diff --git a/contrib/openldap/core-fd-conf.schema b/contrib/openldap/core-fd-conf.schema
index c702ec94f78c1bc4ceb09dc1caf0cba312e9bd7a..592390eb7934afb2c708c633bbbfb7aa566acc8d 100644
--- a/contrib/openldap/core-fd-conf.schema
+++ b/contrib/openldap/core-fd-conf.schema
@@ -202,6 +202,12 @@ attributetype ( 1.3.6.1.4.1.38414.8.13.8 NAME 'fdForcePasswordDefaultHash'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
+attributetype ( 1.3.6.1.4.1.38414.8.13.9 NAME 'fdPasswordAllowedHashes'
+ DESC 'FusionDirectory - Allowed password hashes'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
# Core settings
attributetype ( 1.3.6.1.4.1.38414.8.14.2 NAME 'fdListSummary'
@@ -574,7 +580,7 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
fdAclRoleRDN $ fdCnPattern $ fdRestrictRoleMembers $ fdSplitPostalAddress $ fdPostalAddressPattern $
fdPasswordDefaultHash $ fdPasswordMinLength $ fdPasswordMinDiffer $
fdHandleExpiredAccounts $ fdSaslRealm $ fdSaslExop $
- fdForcePasswordDefaultHash $
+ fdForcePasswordDefaultHash $ fdPasswordAllowedHashes $
fdListSummary $
fdModificationDetectionAttribute $ fdLogging $ fdLdapSizeLimit $ fdWildcardForeignKeys $
fdLoginAttribute $ fdForceSSL $ fdWarnSSL $ fdStoreFilterSettings $ fdSessionLifeTime $
diff --git a/include/password-methods/class_passwordMethod.inc b/include/password-methods/class_passwordMethod.inc
index 28421f0f51d5ca831770a4433648d4f920b1a0e9..42abc4a33190e9a629ffac1fdf66ecf46fbb260e 100644
--- a/include/password-methods/class_passwordMethod.inc
+++ b/include/password-methods/class_passwordMethod.inc
@@ -238,20 +238,17 @@ abstract class passwordMethod
}
$cfg = $test->is_configurable();
- $desc = $test->get_description();
foreach ($plugs as $plugname) {
$ret['name'][$i] = $plugname;
$ret['class'][$i] = $class;
$ret['is_configurable'][$i] = $cfg;
$ret['object'][$i] = $test;
- $ret['desc'][$i] = $desc;
$ret[$i]['name'] = $plugname;
$ret[$i]['class'] = $class;
$ret[$i]['object'] = $test;
$ret[$i]['is_configurable'] = $cfg;
- $ret[$i]['desc'] = $desc;
$ret[$plugname] = $class;
$i++;
@@ -264,14 +261,6 @@ abstract class passwordMethod
return session::get('passwordMethod::get_available_methods');
}
- /*!
- * \brief Get desciption
- */
- function get_description (): string
- {
- return '';
- }
-
/*!
* \brief Method to check if a password matches a hash
*/
diff --git a/plugins/config/class_configInLdap.inc b/plugins/config/class_configInLdap.inc
index 1fb855e3df3d838cb89d144e47cf882d7d88b065..4d964f4004e73da3b1399571e3d2061a56edacd1 100644
--- a/plugins/config/class_configInLdap.inc
+++ b/plugins/config/class_configInLdap.inc
@@ -120,6 +120,13 @@ class configInLdap extends simplePlugin
'password' => [
'name' => _('Password settings'),
'attrs' => [
+ new SetAttribute(
+ new SelectAttribute(
+ _('Allowed password hashes'), _('Password hashes which may be used for user passwords'),
+ 'fdPasswordAllowedHashes', TRUE,
+ ['ssha']
+ )
+ ),
new SelectAttribute(
_('Password default hash'), _('Default hash to be used'),
'fdPasswordDefaultHash', TRUE,
@@ -381,7 +388,10 @@ class configInLdap extends simplePlugin
if (!in_array('sasl', $methods)) {
$methods[] = 'sasl';
}
- $attributesInfo['password']['attrs'][0]->setChoices($methods);
+ $attributesInfo['password']['attrs'][0]->attribute->setChoices($methods);
+ $attributesInfo['password']['attrs'][0]->setDefaultValue($methods);
+ $attributesInfo['password']['attrs'][0]->resetToDefault();
+ $attributesInfo['password']['attrs'][1]->setChoices($methods);
/* Login methods */
$methods = LoginMethod::getMethods();
$attributesInfo['login']['attrs'][4]->setChoices(array_keys($methods), array_values($methods));
@@ -496,6 +506,10 @@ class configInLdap extends simplePlugin
$this->fdLoginMethod = 'LoginHTTPHeader';
}
}
+
+ $this->attributesAccess['fdPasswordDefaultHash']->setChoices(
+ $this->attributesAccess['fdPasswordAllowedHashes']->getValue()
+ );
}
function compute_dn (): string
@@ -512,6 +526,15 @@ class configInLdap extends simplePlugin
return $messages;
}
+ function save_object ()
+ {
+ parent::save_object();
+
+ $this->attributesAccess['fdPasswordDefaultHash']->setChoices(
+ $this->attributesAccess['fdPasswordAllowedHashes']->getValue()
+ );
+ }
+
static function get_themes ()
{
$themesdir = '../ihtml/themes/';
diff --git a/plugins/personal/generic/class_UserPasswordAttribute.inc b/plugins/personal/generic/class_UserPasswordAttribute.inc
index a6177a9d95ec7695820289c1de7e6520be08c314..0fff1600c4514fa782b952a05372ef2b6036f494 100644
--- a/plugins/personal/generic/class_UserPasswordAttribute.inc
+++ b/plugins/personal/generic/class_UserPasswordAttribute.inc
@@ -26,17 +26,15 @@ class UserPasswordAttribute extends CompositeAttribute
function __construct ($label, $description, $ldapName, $required = FALSE, $defaultValue = "", $acl = "")
{
+ global $config;
+
$temp = passwordMethod::get_available_methods();
/* Create password methods array */
- $pwd_methods = [];
+ $pwd_methods = $config->get_cfg_value('PasswordAllowedHashes', $temp['name']);
$this->needPassword = [];
foreach ($temp['name'] as $id => $name) {
$this->needPassword[$name] = $temp[$id]['object']->need_password();
- $pwd_methods[$name] = $name;
- if (!empty($temp[$id]['desc'])) {
- $pwd_methods[$name] .= " (".$temp[$id]['desc'].")";
- }
}
parent::__construct(
@@ -45,7 +43,7 @@ class UserPasswordAttribute extends CompositeAttribute
new SelectAttribute(
_('Password method'), _('Password hash method to use'),
$ldapName.'_pwstorage', TRUE,
- array_keys($pwd_methods), '', array_values($pwd_methods)
+ $pwd_methods
),
new PasswordAttribute(
_('Password'), _('Password (Leave empty if you do not wish to change it)'),