WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

check password minimum age for Samba 3

This commit is contained in:
Roland Gruber 2016-05-26 20:08:08 +02:00
parent 3a2580478d
commit 6089935a71
4 changed files with 35 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lam/HISTORY
View File

@ -4,6 +4,7 @@ June 2016 5.4
-> New module for 389ds unlocking and deactivation status -> New module for 389ds unlocking and deactivation status
-> Self registration: support for Google reCAPTCHA -> Self registration: support for Google reCAPTCHA
-> Password notification jobs support CC and BCC -> Password notification jobs support CC and BCC
-> Self Service: Samba 3 supports password history and minimum age check
21.03.2016 5.3 21.03.2016 5.3

21
lam/docs/manual-sources/howto.xml
View File

@ -997,7 +997,7 @@ Have fun!
<title>Version specific upgrade instructions</title> <title>Version specific upgrade instructions</title>
<section> <section>
<title>5.1 -&gt; 5.3</title> <title>5.1 -&gt; 5.4</title>
<para>No special actions needed.</para> <para>No special actions needed.</para>
</section> </section>
@ -8412,6 +8412,25 @@ OK (10 msec)</programlisting>
</screenshot> </screenshot>
</section> </section>
<section>
<title>Samba 3</title>
<para>LAM Pro can check the password history and minimum age for Samba
3 password changes. In this case please provide the LDAP suffix where
your Samba 3 domain(s) are stored.</para>
<para>If you leave the field empty then no history and age checks will
be done.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/selfServiceSambaDomains.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
<section id="PasswordSelfReset"> <section id="PasswordSelfReset">
<title>Password self reset</title> <title>Password self reset</title>

BIN
lam/docs/manual-sources/images/selfServiceSambaDomains.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.7 KiB

17
lam/lib/modules/sambaSamAccount.inc
View File

@ -2374,8 +2374,10 @@ class sambaSamAccount extends baseModule implements passwordService {
private function doSelfServicePasswordHistoryAndMinAge($attributes, &$return) { private function doSelfServicePasswordHistoryAndMinAge($attributes, &$return) {
if (!empty($this->selfServiceSettings->moduleSettings['sambaSamAccount_domainSuffix'][0])) { if (!empty($this->selfServiceSettings->moduleSettings['sambaSamAccount_domainSuffix'][0])) {
$sambaDomain = $this->getUserDomain($attributes, $_SESSION['ldapHandle'], $this->selfServiceSettings->moduleSettings['sambaSamAccount_domainSuffix'][0]); $sambaDomain = $this->getUserDomain($attributes, $_SESSION['ldapHandle'], $this->selfServiceSettings->moduleSettings['sambaSamAccount_domainSuffix'][0]);
if (($sambaDomain != null) if ($sambaDomain == null) {
&& !empty($sambaDomain->pwdHistoryLength) return;
}
if (!empty($sambaDomain->pwdHistoryLength)
&& is_numeric($sambaDomain->pwdHistoryLength) && is_numeric($sambaDomain->pwdHistoryLength)
&& ($sambaDomain->pwdHistoryLength > 0)) { && ($sambaDomain->pwdHistoryLength > 0)) {
if (sambaSamAccount::oldPasswordUsed($return['info']['sambaUserPasswordClearText'][0], $attributes, $sambaDomain)) { if (sambaSamAccount::oldPasswordUsed($return['info']['sambaUserPasswordClearText'][0], $attributes, $sambaDomain)) {
@ -2397,7 +2399,16 @@ class sambaSamAccount extends baseModule implements passwordService {
} }
} }
} }
// TODO check min age // check min age
if (!empty($sambaDomain->minPwdAge) && ($sambaDomain->minPwdAge > 0) && !empty($attributes['sambaPwdLastSet'][0])) {
$timeVal = $attributes['sambaPwdLastSet'][0] + $sambaDomain->minPwdAge;
$time = new DateTime('@' . $timeVal, new DateTimeZone('UTC'));
$time->setTimezone(getTimeZone());
$now = new DateTime(null, getTimeZone());
if ($time > $now) {
$return['messages'][] = array('ERROR', _('You are not yet allowed to change your password.'));
}
}
} }
} }