moved message
This commit is contained in:
Roland Gruber
parent
d32d8d3a0d
commit
e03cd1f57c
|
|
@ -1521,6 +1521,36 @@ function getDefaultLDAPErrorString($server) {
|
|||
return $message;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tries to get additional information why invalid credentials was returned. E.g. account is locked.
|
||||
*
|
||||
* @param handle $ldap LDAP object to connect for getting extra data
|
||||
* @param string $userDn failed DN
|
||||
* @return string extra message
|
||||
*/
|
||||
function getExtraInvalidCredentialsMessage($ldap, $userDn) {
|
||||
$attributes = array('dn', 'pwdaccountlockedtime', 'krbprincipalexpiration',
|
||||
'krbpasswordexpiration', 'passwordexpirationtime');
|
||||
$userData = ldapGetDN($userDn, $attributes, $ldap);
|
||||
$now = new DateTime('now', getTimeZone());
|
||||
if (!empty($userData['pwdaccountlockedtime'][0])) {
|
||||
return _('Account is locked');
|
||||
}
|
||||
if (!empty($userData['krbprincipalexpiration'][0])) {
|
||||
$kerberosExpirationDate = parseLDAPTimestamp($userData['krbprincipalexpiration'][0]);
|
||||
if ($now >= $kerberosExpirationDate) {
|
||||
return _('Kerberos account is expired');
|
||||
}
|
||||
}
|
||||
if (!empty($userData['krbpasswordexpiration'][0])) {
|
||||
$kerberosExpirationDate = parseLDAPTimestamp($userData['krbpasswordexpiration'][0]);
|
||||
if ($now >= $kerberosExpirationDate) {
|
||||
return _('Kerberos password is expired');
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the URL under which the page was loaded.
|
||||
* This includes any GET parameters set.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
<?php
|
||||
namespace LAM\LOGIN;
|
||||
use DateTime;
|
||||
use LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
|
||||
use \LAMConfig;
|
||||
use \LAMCfgMain;
|
||||
|
|
@ -602,7 +601,7 @@ if(isset($_POST['checklogin'])) {
|
|||
catch (LAMException $e) {
|
||||
$extraMessage = null;
|
||||
if (($searchLDAP !== null) && ($e->getLdapErrorCode() == 49)) {
|
||||
$extraMessage = getExtraInvalidCredentialsMessage($searchLDAP, $username);
|
||||
$extraMessage = getExtraInvalidCredentialsMessage($searchLDAP->server(), $username);
|
||||
$searchLDAP->close();
|
||||
}
|
||||
display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage(), $extraMessage);
|
||||
|
|
@ -610,36 +609,6 @@ if(isset($_POST['checklogin'])) {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tries to get additional information why invalid credentials was returned. E.g. account is locked.
|
||||
*
|
||||
* @param Ldap $ldap LDAP object to connect for getting extra data
|
||||
* @param string $username failed DN
|
||||
* @return string extra message
|
||||
*/
|
||||
function getExtraInvalidCredentialsMessage($ldap, $username) {
|
||||
$attributes = array('dn', 'pwdaccountlockedtime', 'krbprincipalexpiration',
|
||||
'krbpasswordexpiration', 'passwordexpirationtime');
|
||||
$userData = ldapGetDN($username, $attributes, $ldap->server());
|
||||
$now = new DateTime('now', getTimeZone());
|
||||
if (!empty($userData['pwdaccountlockedtime'][0])) {
|
||||
return _('Account is locked');
|
||||
}
|
||||
if (!empty($userData['krbprincipalexpiration'][0])) {
|
||||
$kerberosExpirationDate = parseLDAPTimestamp($userData['krbprincipalexpiration'][0]);
|
||||
if ($now >= $kerberosExpirationDate) {
|
||||
return _('Kerberos account is expired');
|
||||
}
|
||||
}
|
||||
if (!empty($userData['krbpasswordexpiration'][0])) {
|
||||
$kerberosExpirationDate = parseLDAPTimestamp($userData['krbpasswordexpiration'][0]);
|
||||
if ($now >= $kerberosExpirationDate) {
|
||||
return _('Kerberos password is expired');
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
//displays the login window
|
||||
display_LoginPage($licenseValidator, $error_message);
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue