From 333fd8de054a6aaa3cb4ca0300b244036350073b Mon Sep 17 00:00:00 2001 From: Benjamin Renard Date: Wed, 13 Nov 2024 11:17:35 +0100 Subject: [PATCH] LSldap::updateUserPassword(): keep existing other enabled controls (authz for instance) --- src/includes/class/class.LSldap.php | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/src/includes/class/class.LSldap.php b/src/includes/class/class.LSldap.php index 6dbd8216..d4f7a9c7 100644 --- a/src/includes/class/class.LSldap.php +++ b/src/includes/class/class.LSldap.php @@ -51,6 +51,14 @@ class LSldap extends LSlog_staticLoggerClass { */ private static $cnx = NULL; + /** + * LDAP connection enabled controls + * @see LSldap::setAuthzProxyControl() + * @see LSldap::updateUserPassword() + * @var array + */ + private static $_controls = array(); + /** * Registered events * @see self::addEvent() @@ -155,16 +163,12 @@ class LSldap extends LSlog_staticLoggerClass { } if (!self :: fireEvent('setting_authz_proxy', array('dn' => $dn))) return false; - $result = self :: $cnx -> setOption( - 'LDAP_OPT_SERVER_CONTROLS', - array ( - array( - 'oid' => '2.16.840.1.113730.3.4.18', - 'value' => "dn:$dn", - 'iscritical' => true - ) - ) + self :: $_controls[] = array( + 'oid' => '2.16.840.1.113730.3.4.18', + 'value' => "dn:$dn", + 'iscritical' => true ); + $result = self :: $cnx -> setOption('LDAP_OPT_SERVER_CONTROLS', self :: $_controls); // Also check user exists to validate the connection with // authz proxy control. if ($result !== True || !self :: exists($dn)) { @@ -846,7 +850,7 @@ class LSldap extends LSlog_staticLoggerClass { return false; $ldap = self :: $cnx->getLink(); - $ctrlRequest = array(array('oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST)); + $ctrlRequest = array_merge(self :: $_controls, [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]]); $r = ldap_mod_replace_ext($ldap, $dn, $changes, $ctrlRequest); if ($r && ldap_parse_result($ldap, $r, $errcode, $matcheddn, $errmsg, $ref, $ctrlResponse)) { if ($errcode !== 0) {