diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc
index e7191e26d631bbd06faee3663cb886d8a5104e53..67f6021bca54dadf832fb7c1d0b6b85b90a954c1 100644 (file)
$this->enforcePasswordChange = isset($_POST['new_password']) && isset($_POST['enforcePasswordChange']);
$smarty = get_smarty();
- $smarty->assign("proposal" , $this->proposal);
+ $smarty->assign("proposal" , set_post($this->proposal));
$smarty->assign("proposalEnabled" , $this->proposalEnabled);
$smarty->assign("proposalSelected" , $this->proposalSelected);
// Generate new proposal
$this->refreshProposal();
$this->proposalSelected = ($this->proposal != "");
- $smarty->assign("proposal" , $this->proposal);
- $smarty->assign("proposalEnabled" , $this->proposalEnabled);
- $smarty->assign("proposalSelected" , $this->proposalSelected);
-
$this->dn = array_pop($this->pwd_change_queue);
// Check if we are able to enforce a password change
$ldap->cat($this->dn);
$attrs = $ldap->fetch();
$this->passwordChangeForceable =
- in_array('sambaAccount', $attrs['objectClass']) ||
- in_array('posixAccount', $attrs['objectClass']);
-
+ in_array_strict('sambaAccount', $attrs['objectClass']) ||
+ (in_array_strict('posixAccount', $attrs['objectClass']) && isset($attrs['shadowMax']));
$smarty->assign("passwordChangeForceable" , $this->passwordChangeForceable);
$smarty->assign("enforcePasswordChange" , $this->enforcePasswordChange);
+ // Assign proposal variables
+ $smarty->assign("proposal" , set_post($this->proposal));
+ $smarty->assign("proposalEnabled" , $this->proposalEnabled);
+ $smarty->assign("proposalSelected" , $this->proposalSelected);
+
set_object_info($this->dn);
return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
}
}
}
+ // Call external check hook to validate the password change
+ if(!count($message)){
+ $attrs = array();
+ $attrs['current_password'] = '';
+ $attrs['new_password'] = $new_password;
+ $checkRes = password::callCheckHook($this->config,$this->dn,$attrs);
+ if(count($checkRes)){
+ $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"),
+ implode($checkRes));
+ }
+ }
+
// Display errors
if (count($message) != 0){
msg_dialog::displayChecks($message);
return($smarty->fetch(get_template_path('password.tpl', TRUE)));
}
- // Change cassword
+
+
+ // Change password
if(isset($this->force_hash_type[$this->dn])){
- if(!change_password ($this->dn, $new_password,0,$this->force_hash_type[$this->dn])){
+ if(!change_password ($this->dn, $new_password,0,$this->force_hash_type[$this->dn],'', $message)){
+ msg_dialog::displayChecks(array($message));
return($smarty->fetch(get_template_path('password.tpl', TRUE)));
}
}else{
- if(!change_password ($this->dn, $new_password)){
+ if(!change_password ($this->dn, $new_password,0,'','',$message)){
+ msg_dialog::displayChecks(array($message));
return($smarty->fetch(get_template_path('password.tpl', TRUE)));
}
}
- if ($this->config->get_cfg_value("core","passwordHook") != ""){
- exec($this->config->get_cfg_value("core","passwordHook")." ".$username." ".$new_password, $resarr);
+
+ // The user has to change his password on next login
+ // - We are going to update samba and posix attributes here, to enforce
+ // such a password change.
+ if($this->passwordChangeForceable && $this->enforcePasswordChange){
+
+ // Check if we are able to enforce a password change
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->cat($this->dn);
+ $attrs = $ldap->fetch();
+ $samba = in_array_strict('sambaSamAccount', $attrs['objectClass']);
+ $posix = in_array_strict('posixAccount', $attrs['objectClass']);
+
+ // Update the posix shadow flag...
+ if($posix){
+
+ $current= floor(date("U") /60 /60 /24);
+ $enforceDate = $current - $attrs['shadowMax'][0];
+ $new_attrs = array();
+ $new_attrs['shadowLastChange'] = $enforceDate;
+ $ldap->cd($this->dn);
+ $ldap->modify($new_attrs);
+
+# $posixAccount = new posixAccount($this->config, $this->dn);
+# $posixAccount->is_modified=TRUE;
+# $posixAccount->activate_shadowExpire=1;
+# $posixAccount->shadowExpire = date('d.m.Y', time() - (1 * 24 * 60 *60));
+# $posixAccount->save();
+ }
+
+ // Update the samba kickoff flag...
+ if($samba){
+ $sambaAccount = new sambaAccount($this->config, $this->dn);
+ $sambaAccount->is_modified=TRUE;
+ $sambaAccount->flag_enforcePasswordChange = TRUE;
+ $sambaAccount->flag_cannotChangePassword = FALSE;
+ $sambaAccount->save();
+ }
}
+
new log("modify","users/".get_class($this),$this->dn,array(),"Password has been changed");
$this->dn ="";
$smarty->assign("template", array_pop($target));
$smarty->assign("templates", $templates);
$smarty->assign("edit_uid", "");
+ $smarty->assign("allowUidProposalModification", $this->config->get_cfg_value("core","allowUidProposalModification"));
return($smarty->fetch(get_template_path('template.tpl', TRUE)));
// -> See 'templateContinue' for further handling!
$smarty->assign("template", "none");
$smarty->assign("templates", $templates);
$smarty->assign("edit_uid", "");
+ $smarty->assign("allowUidProposalModification", $this->config->get_cfg_value("core","allowUidProposalModification"));
return($smarty->fetch(get_template_path('template.tpl', TRUE)));
// -> See 'templateContinue' for further handling!
$smarty = get_smarty();
foreach(array("sn", "givenName", "uid", "template") as $attr){
if(isset($_POST[$attr])){
- $smarty->assign("$attr", get_post($attr));
+ $smarty->assign("$attr", set_post(get_post($attr)));
}else{
$smarty->assign("$attr", "");
}
$smarty->assign("templates",$templates);
$smarty->assign("got_uid", $this->got_uid);
$smarty->assign("edit_uid",false);
+ $smarty->assign("allowUidProposalModification", $this->config->get_cfg_value("core","allowUidProposalModification"));
return($smarty->fetch(get_template_path('template.tpl', TRUE)));
}
-
/********************
* 2 There was a template selected, now ask for the uid.
********************/
// Remember user input.
$smarty = get_smarty();
- $this->sn = $_POST['sn'];
- $this->givenName = $_POST['givenName'];
+ $this->sn = get_post('sn');
+ $this->givenName = get_post('givenName');
// Avoid duplicate entries, check if such a user already exists.
- $dn= preg_replace("/^[^,]+,/i", "", $_POST['template']);
+ $dn= preg_replace("/^[^,]+,/i", "", get_post('template'));
$ldap= $this->config->get_ldap_link();
$ldap->cd ($dn);
$ldap->search ("(&(sn=".normalizeLdap($this->sn).")(givenName=".normalizeLdap($this->givenName)."))", array("givenName"));
+
if ($ldap->count () != 0){
msg_dialog::displayChecks(array(msgPool::duplicated(_("Name"))));
+ $smarty->assign("edit_uid", "");
}else{
// Preset uid field by using the idGenerator
$attributes= array('sn' => $this->sn, 'givenName' => $this->givenName);
if ($this->config->get_cfg_value("core","idGenerator") != ""){
- $uids= gen_uids ($this->config->get_cfg_value("core","idGenerator"), $attributes);
- if (count($uids)){
- $smarty->assign("edit_uid", "false");
- $smarty->assign("uids", $uids);
- $this->uid= current($uids);
+ $genStr = $this->config->get_cfg_value("core","idGenerator");
+ $smarty->assign("edit_uid", "");
+ if(!empty($genStr)){
+ $uids= gen_uids($genStr, $attributes);
+ if (count($uids)){
+ $smarty->assign("edit_uid", "false");
+ $smarty->assign("uids", $uids);
+ $this->uid= current($uids);
+ }else{
+ msg_dialog::displayChecks(array(_("Cannot generate a unique id, please specify it manually!")));
+ }
}
} else {
$smarty->assign("edit_uid", "");
// Assign user input
foreach(array("sn", "givenName", "uid", "got_uid") as $attr){
- $smarty->assign("$attr", $this->$attr);
+ $smarty->assign("$attr", set_post($this->$attr));
}
if (isset($_POST['template'])){
- $smarty->assign("template", $_POST['template']);
+ $smarty->assign("template", get_post('template'));
}
$smarty->assign("templates",$templates);
+ $smarty->assign("allowUidProposalModification", $this->config->get_cfg_value("core","allowUidProposalModification"));
return($smarty->fetch(get_template_path('template.tpl', TRUE)));
}
/********************
* 3 No template - Ok. Lets fill the data into the user object and skip templating here.
********************/
- if ($_POST['template'] == 'none'){
+ if (get_post('template') == 'none'){
foreach(array("sn", "givenName", "uid") as $attr){
if (isset($_POST[$attr])){
- $this->tabObject->by_object['user']->$attr= $_POST[$attr];
+ $this->tabObject->by_object['user']->$attr= get_post($attr);
}
}
// Move user supplied data to sub plugins
foreach(array("uid","sn","givenName") as $attr){
- $this->$attr = $_POST[$attr];
+ $this->$attr = get_post($attr);
$this->tabObject->$attr = $this->$attr;
$this->tabObject->by_object['user']->$attr = $this->$attr;
}
// Adapt template values.
- $template_dn = $_POST['template'];
+ $template_dn = get_post('template');
$this->tabObject->adapt_from_template($template_dn, array("uid","cn","givenName","sn"));
$template_base = preg_replace("/^[^,]+,".preg_quote(get_people_ou(), '/i')."/", '', $template_dn);
$this->tabObject->by_object['user']->base= $template_base;
"apple-user" => array("image" => "plugins/netatalk/images/select_netatalk.png",
"plugin" => "netatalk",
"alt" => _("Netatalk"),
- "title" => _("Edit netatalk properties")),
+ "title" => _("Edit Netatalk properties")),
"gotoEnvironment" => array("image" => "plugins/users/images/small_environment.png",
"plugin" => "environment",
"alt" => _("Environment"),