Opened 10 years ago

#3314 new enhancement

Ignoring userdn and binding for password changing

Reported by: memfis Owned by: Carlos López Pérez
Priority: normal Component: AccountLdapPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10


I made a fix in the Trac 0.10 version of the plugin to correctly compose a dn when the userdn setting is not used (i.e. it is empty). For the password operation to succeed without configuring LdapPlugin to bind to a specific user it also necessary to bind with the old password of the user. Below is my amateur patch.

--- accountldap/  2008-05-29 10:09:00.000000000 +0200
+++ accountldap.mod/      2008-07-02 19:39:52.000000000 +0200
@@ -66,11 +66,16 @@
             return template, None
         #dn = 'uid=%s,%s,%s' % (req.authname, self.userdn, self.basedn)
-            base = self.userdn + ',' + self.basedn
+            base = self.basedn
+            if self.userdn != '':
+                base = self.userdn + ',' + base
             ld_results = self.ldap.search_s(base, ldap.SCOPE_SUBTREE, 'uid=%s' % req.authname, ['dn'])
             # FIXME: Use only the first found DN. We should only have single DN here
             if ld_results :
                 dn = ld_results[0][0]
+                self.ldap.simple_bind(dn, old)
                 self.ldap.passwd_s(dn, old, p1)
             else :
                 raise LDAPError('Failed to find user in LDAP')

Attachments (0)

Change History (0)

Modify Ticket

Change Properties
Set your email in Preferences
as new The owner will remain Carlos López Pérez.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.