From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Tue, 6 Jul 2010 07:13:14 +0000 (+0000)
Subject: Updated password expiry handling
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=af683b8925e9711fddba357a88fd35470e3cbc3a;p=gosa.git

Updated password expiry handling
-Do not expire admin accounts
-Fixed class_password.inc to only use expiry if it is enabled.


git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@18939 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc
index 5052f921d..805acec79 100644
--- a/gosa-core/include/functions.inc
+++ b/gosa-core/include/functions.inc
@@ -677,13 +677,16 @@ function ldap_login_user ($username, $password)
  */
 function ldap_expired_account($config, $userdn, $uid)
 {
+
+    // Skip this for the admin account, we do not want to lock him out.
+    if($uid == 'admin') return(0);
+
     $ldap= $config->get_ldap_link();
     $ldap->cd($config->current['BASE']);
     $ldap->cat($userdn);
     $attrs= $ldap->fetch();
     $current= floor(date("U") /60 /60 /24);
 
-
     // Fetch required attributes 
     foreach(array('shadowExpire','shadowLastChange','shadowMax','shadowMin',
                 'shadowInactive','shadowWarning') as $attr){
@@ -759,7 +762,7 @@ function ldap_expired_account($config, $userdn, $uid)
         }
     }    
 
-    return(NULL);
+    return(0);
 }
 
 
diff --git a/gosa-core/plugins/personal/password/class_password.inc b/gosa-core/plugins/personal/password/class_password.inc
index 7006dc777..c8540ae22 100644
--- a/gosa-core/plugins/personal/password/class_password.inc
+++ b/gosa-core/plugins/personal/password/class_password.inc
@@ -68,8 +68,10 @@ class password extends plugin
     $smarty->assign("NotAllowed" , !preg_match("/w/i",$password_ACLS));
 
     /* Display expiration template */
+    $smarty->assign("passwordExpired", FALSE);
     if ($this->config->get_cfg_value("handleExpiredAccounts") == "true"){
       $expired= ldap_expired_account($this->config, $ui->dn, $ui->username);
+      $smarty->assign("passwordExpired", $expired & POSIX_FORCE_PASSWORD_CHANGE);
       if($expired == POSIX_DISALLOW_PASSWORD_CHANGE){
         return($smarty->fetch(get_template_path("nochange.tpl", TRUE)));
       }
@@ -82,7 +84,6 @@ class password extends plugin
     $smarty->assign("proposalEnabled" , $this->proposalEnabled);
     $smarty->assign("proposalSelected" , $this->proposalSelected);
 
-    $smarty->assign("passwordExpired", ldap_expired_account($this->config, $ui->dn, $ui->uid) & POSIX_FORCE_PASSWORD_CHANGE);
     
 
     if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1;