bn8/ldapsaisie
1
0
Fork 0
mirror of https://gitlab.easter-eggs.com/ee/ldapsaisie.git synced 2024-11-18 00:09:06 +01:00
Code Issues Projects Releases Wiki Activity

LSldap::updateUserPassword(): keep existing other enabled controls (authz for instance)

Browse source
This commit is contained in:
Benjamin Renard 2024-11-13 11:17:35 +01:00
parent 4057300ba0
commit 333fd8de05
Signed by: bn8
GPG key ID: 3E2E1CE1907115BC
1 changed files with 14 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/includes/class/class.LSldap.php
View file

@ -51,6 +51,14 @@ class LSldap extends LSlog_staticLoggerClass {
*/ */
private static $cnx = NULL; private static $cnx = NULL;
/**
* LDAP connection enabled controls
* @see LSldap::setAuthzProxyControl()
* @see LSldap::updateUserPassword()
* @var array
*/
private static $_controls = array();
/** /**
* Registered events * Registered events
* @see self::addEvent() * @see self::addEvent()
@ -155,16 +163,12 @@ class LSldap extends LSlog_staticLoggerClass {
} }
if (!self :: fireEvent('setting_authz_proxy', array('dn' => $dn))) if (!self :: fireEvent('setting_authz_proxy', array('dn' => $dn)))
return false; return false;
$result = self :: $cnx -> setOption( self :: $_controls[] = array(
'LDAP_OPT_SERVER_CONTROLS',
array (
array(
'oid' => '2.16.840.1.113730.3.4.18', 'oid' => '2.16.840.1.113730.3.4.18',
'value' => "dn:$dn", 'value' => "dn:$dn",
'iscritical' => true 'iscritical' => true
)
)
); );
$result = self :: $cnx -> setOption('LDAP_OPT_SERVER_CONTROLS', self :: $_controls);
// Also check user exists to validate the connection with // Also check user exists to validate the connection with
// authz proxy control. // authz proxy control.
if ($result !== True || !self :: exists($dn)) { if ($result !== True || !self :: exists($dn)) {
@ -846,7 +850,7 @@ class LSldap extends LSlog_staticLoggerClass {
return false; return false;
$ldap = self :: $cnx->getLink(); $ldap = self :: $cnx->getLink();
$ctrlRequest = array(array('oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST)); $ctrlRequest = array_merge(self :: $_controls, [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]]);
$r = ldap_mod_replace_ext($ldap, $dn, $changes, $ctrlRequest); $r = ldap_mod_replace_ext($ldap, $dn, $changes, $ctrlRequest);
if ($r && ldap_parse_result($ldap, $r, $errcode, $matcheddn, $errmsg, $ref, $ctrlResponse)) { if ($r && ldap_parse_result($ldap, $r, $errcode, $matcheddn, $errmsg, $ref, $ctrlResponse)) {
if ($errcode !== 0) { if ($errcode !== 0) {