password history
This commit is contained in:
parent
feaa741096
commit
7ba57d8161
|
@ -3405,6 +3405,40 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
|||
<para>LAM supports full Samba 3 user management including logon hours
|
||||
and terminal server options.</para>
|
||||
|
||||
<para>The module is enabled by adding "Samba 3 (sambaSamAccount)" to
|
||||
your user modules.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_samba3Config2.png" />
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para>In the configuration options you can enable password history
|
||||
checking. Depending on your LDAP server you might need ascending or
|
||||
descending order. Just switch the setting if the password history is
|
||||
not correctly updated.</para>
|
||||
|
||||
<para>In case you have no very old Windows clients (e.g. Windows 98)
|
||||
it is recommended to disable LM hashes. They are considered to be
|
||||
insecure.</para>
|
||||
|
||||
<para>You can also hide some input fields if you do not need
|
||||
them.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/mod_samba3Config1.png" />
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para>After configuring the module you will see the Samba 3 tab when
|
||||
you edit a user.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
|
@ -3413,6 +3447,8 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
|||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para>Logon hours can be changed.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
|
@ -3421,6 +3457,8 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
|||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<para>You can also setup terminal server settings.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
|
@ -8492,6 +8530,10 @@ OK (10 msec)</programlisting>
|
|||
<para>If you leave the field empty then no history and age checks will
|
||||
be done.</para>
|
||||
|
||||
<para>Password history: depending on your LDAP server you might need
|
||||
ascending or descending order. Just switch the setting if the password
|
||||
history is not correctly updated.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 25 KiB |
Binary file not shown.
After Width: | Height: | Size: 49 KiB |
Binary file not shown.
Before Width: | Height: | Size: 6.7 KiB After Width: | Height: | Size: 12 KiB |
|
@ -253,12 +253,6 @@ class sambaSamAccount extends baseModule implements passwordService {
|
|||
);
|
||||
// self service: fields that cannot be relabeled
|
||||
$return['selfServiceNoRelabelFields'] = array('syncNTPassword', 'syncLMPassword', 'syncSambaPwdLastSet');
|
||||
// self service options
|
||||
$selfServiceContainer = new htmlTable();
|
||||
$selfServiceDomainSuffix = new htmlTableExtendedInputField(_('Domain suffix'), 'sambaSamAccount_domainSuffix');
|
||||
$selfServiceContainer->addElement($selfServiceDomainSuffix);
|
||||
$selfServiceContainer->addElement(new htmlHelpLink('domainSuffix', get_class($this)), true);
|
||||
$return['selfServiceSettings'] = $selfServiceContainer;
|
||||
// help Entries
|
||||
$return['help'] = array (
|
||||
"displayName" => array(
|
||||
|
@ -413,7 +407,7 @@ class sambaSamAccount extends baseModule implements passwordService {
|
|||
"Text" => _("Please enter the LDAP suffix where your Samba domain entries are stored.")),
|
||||
'history' => array(
|
||||
"Headline" => _("Password history"),
|
||||
"Text" => _("Enables password history. Depending on your LDAP server you need to select the right server-side ordering (switch if old passwords are not removed from history).")),
|
||||
"Text" => _("Enables password history. Depending on your LDAP server you need to select the right server-side ordering (switch ordering here if old passwords are not removed from history).")),
|
||||
);
|
||||
// upload dependencies
|
||||
$return['upload_preDepends'] = array('posixAccount', 'inetOrgPerson');
|
||||
|
@ -2265,6 +2259,40 @@ class sambaSamAccount extends baseModule implements passwordService {
|
|||
return $errors;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of self service configuration settings.
|
||||
*
|
||||
* Calling this method does not require the existence of an enclosing {@link accountContainer}.<br>
|
||||
* <br>
|
||||
* The name attributes are used as keywords to load
|
||||
* and save settings. We recommend to use the module name as prefix for them
|
||||
* (e.g. posixAccount_homeDirectory) to avoid naming conflicts.
|
||||
*
|
||||
* @param selfServiceProfile $profile currently edited profile
|
||||
* @return htmlElement meta HTML object
|
||||
*
|
||||
* @see baseModule::get_metaData()
|
||||
* @see htmlElement
|
||||
*/
|
||||
public function getSelfServiceSettings($profile) {
|
||||
$selfServiceContainer = new htmlTable();
|
||||
// domain suffix
|
||||
$selfServiceDomainSuffix = new htmlTableExtendedInputField(_('Domain suffix'), 'sambaSamAccount_domainSuffix');
|
||||
$selfServiceContainer->addElement($selfServiceDomainSuffix);
|
||||
$selfServiceContainer->addElement(new htmlHelpLink('domainSuffix', get_class($this)), true);
|
||||
// password history
|
||||
$historyOptions = array(
|
||||
_('yes - ordered ascending') => 'yes_deleteLast',
|
||||
_('yes - ordered descending') => 'yes_deleteFirst',
|
||||
_('no') => 'no'
|
||||
);
|
||||
$historySelect = new htmlTableExtendedSelect('sambaSamAccount_history', $historyOptions, array('yes_deleteLast'), _("Password history"));
|
||||
$historySelect->setHasDescriptiveElements(true);
|
||||
$selfServiceContainer->addElement($historySelect);
|
||||
$selfServiceContainer->addElement(new htmlHelpLink('history', get_class($this)), true);
|
||||
return $selfServiceContainer;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the meta HTML code for each input field.
|
||||
* format: array(<field1> => array(<META HTML>), ...)
|
||||
|
@ -2423,11 +2451,22 @@ class sambaSamAccount extends baseModule implements passwordService {
|
|||
}
|
||||
else {
|
||||
// update password history
|
||||
if (sambaSamAccount::isPasswordHistoryEnabled($this->selfServiceSettings->moduleSettings)) {
|
||||
$sambaPasswordHistory = empty($attributes['sambaPasswordHistory']) ? null : $attributes['sambaPasswordHistory'];
|
||||
while (sizeof($sambaPasswordHistory) > ($sambaDomain->pwdHistoryLength - 1)) {
|
||||
if (empty($this->selfServiceSettings->moduleSettings['sambaSamAccount_history'][0]) || ($this->selfServiceSettings->moduleSettings['sambaSamAccount_history'][0] == 'yes_deleteLast')) {
|
||||
array_pop($sambaPasswordHistory);
|
||||
}
|
||||
else {
|
||||
array_shift($sambaPasswordHistory);
|
||||
}
|
||||
}
|
||||
if (empty($this->selfServiceSettings->moduleSettings['sambaSamAccount_history'][0]) || ($this->selfServiceSettings->moduleSettings['sambaSamAccount_history'][0] == 'yes_deleteLast')) {
|
||||
array_unshift($sambaPasswordHistory, sambaSamAccount::createHistoryEntry($return['info']['sambaUserPasswordClearText'][0]));
|
||||
}
|
||||
else {
|
||||
$sambaPasswordHistory[] = sambaSamAccount::createHistoryEntry($return['info']['sambaUserPasswordClearText'][0]);
|
||||
}
|
||||
$sambaPasswordHistory = array_values($sambaPasswordHistory);
|
||||
if (empty($attributes['sambaPasswordHistory'])) {
|
||||
$return['add']['sambaPasswordHistory'] = $sambaPasswordHistory;
|
||||
|
@ -2437,6 +2476,7 @@ class sambaSamAccount extends baseModule implements passwordService {
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// check min age
|
||||
if (!empty($sambaDomain->minPwdAge) && ($sambaDomain->minPwdAge > 0) && !empty($attributes['sambaPwdLastSet'][0])) {
|
||||
$timeVal = $attributes['sambaPwdLastSet'][0] + $sambaDomain->minPwdAge;
|
||||
|
|
Loading…
Reference in New Issue