LSldap::updateUserPassword(): keep existing other enabled controls (authz for instance)

This commit is contained in:
Benjamin Renard 2024-11-13 11:17:35 +01:00
parent 4057300ba0
commit 333fd8de05
Signed by: bn8
GPG key ID: 3E2E1CE1907115BC

View file

@ -51,6 +51,14 @@ class LSldap extends LSlog_staticLoggerClass {
*/
private static $cnx = NULL;
/**
* LDAP connection enabled controls
* @see LSldap::setAuthzProxyControl()
* @see LSldap::updateUserPassword()
* @var array
*/
private static $_controls = array();
/**
* Registered events
* @see self::addEvent()
@ -155,16 +163,12 @@ class LSldap extends LSlog_staticLoggerClass {
}
if (!self :: fireEvent('setting_authz_proxy', array('dn' => $dn)))
return false;
$result = self :: $cnx -> setOption(
'LDAP_OPT_SERVER_CONTROLS',
array (
array(
self :: $_controls[] = array(
'oid' => '2.16.840.1.113730.3.4.18',
'value' => "dn:$dn",
'iscritical' => true
)
)
);
$result = self :: $cnx -> setOption('LDAP_OPT_SERVER_CONTROLS', self :: $_controls);
// Also check user exists to validate the connection with
// authz proxy control.
if ($result !== True || !self :: exists($dn)) {
@ -846,7 +850,7 @@ class LSldap extends LSlog_staticLoggerClass {
return false;
$ldap = self :: $cnx->getLink();
$ctrlRequest = array(array('oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST));
$ctrlRequest = array_merge(self :: $_controls, [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]]);
$r = ldap_mod_replace_ext($ldap, $dn, $changes, $ctrlRequest);
if ($r && ldap_parse_result($ldap, $r, $errcode, $matcheddn, $errmsg, $ref, $ctrlResponse)) {
if ($errcode !== 0) {