check password minimum age for Samba 3
This commit is contained in:
Roland Gruber
parent
3a2580478d
commit
6089935a71
|
|
@ -4,6 +4,7 @@ June 2016 5.4
|
|||
-> New module for 389ds unlocking and deactivation status
|
||||
-> Self registration: support for Google reCAPTCHA
|
||||
-> Password notification jobs support CC and BCC
|
||||
-> Self Service: Samba 3 supports password history and minimum age check
|
||||
|
||||
|
||||
21.03.2016 5.3
|
||||
|
|
|
|||
|
|
@ -997,7 +997,7 @@ Have fun!
|
|||
<title>Version specific upgrade instructions</title>
|
||||
|
||||
<section>
|
||||
<title>5.1 -> 5.3</title>
|
||||
<title>5.1 -> 5.4</title>
|
||||
|
||||
<para>No special actions needed.</para>
|
||||
</section>
|
||||
|
|
@ -8412,6 +8412,25 @@ OK (10 msec)</programlisting>
|
|||
</screenshot>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Samba 3</title>
|
||||
|
||||
<para>LAM Pro can check the password history and minimum age for Samba
|
||||
3 password changes. In this case please provide the LDAP suffix where
|
||||
your Samba 3 domain(s) are stored.</para>
|
||||
|
||||
<para>If you leave the field empty then no history and age checks will
|
||||
be done.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/selfServiceSambaDomains.png" />
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
</section>
|
||||
|
||||
<section id="PasswordSelfReset">
|
||||
<title>Password self reset</title>
|
||||
|
||||
|
|
|
|||
Binary file not shown.
|
After Width: | Height: | Size: 6.7 KiB |
|
|
@ -2374,8 +2374,10 @@ class sambaSamAccount extends baseModule implements passwordService {
|
|||
private function doSelfServicePasswordHistoryAndMinAge($attributes, &$return) {
|
||||
if (!empty($this->selfServiceSettings->moduleSettings['sambaSamAccount_domainSuffix'][0])) {
|
||||
$sambaDomain = $this->getUserDomain($attributes, $_SESSION['ldapHandle'], $this->selfServiceSettings->moduleSettings['sambaSamAccount_domainSuffix'][0]);
|
||||
if (($sambaDomain != null)
|
||||
&& !empty($sambaDomain->pwdHistoryLength)
|
||||
if ($sambaDomain == null) {
|
||||
return;
|
||||
}
|
||||
if (!empty($sambaDomain->pwdHistoryLength)
|
||||
&& is_numeric($sambaDomain->pwdHistoryLength)
|
||||
&& ($sambaDomain->pwdHistoryLength > 0)) {
|
||||
if (sambaSamAccount::oldPasswordUsed($return['info']['sambaUserPasswordClearText'][0], $attributes, $sambaDomain)) {
|
||||
|
|
@ -2397,7 +2399,16 @@ class sambaSamAccount extends baseModule implements passwordService {
|
|||
}
|
||||
}
|
||||
}
|
||||
// TODO check min age
|
||||
// check min age
|
||||
if (!empty($sambaDomain->minPwdAge) && ($sambaDomain->minPwdAge > 0) && !empty($attributes['sambaPwdLastSet'][0])) {
|
||||
$timeVal = $attributes['sambaPwdLastSet'][0] + $sambaDomain->minPwdAge;
|
||||
$time = new DateTime('@' . $timeVal, new DateTimeZone('UTC'));
|
||||
$time->setTimezone(getTimeZone());
|
||||
$now = new DateTime(null, getTimeZone());
|
||||
if ($time > $now) {
|
||||
$return['messages'][] = array('ERROR', _('You are not yet allowed to change your password.'));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue