Opened 9 years ago

#3314 new enhancement

Ignoring userdn and binding for password changing

Reported by: memfis Owned by: Carlos López Pérez
Priority: normal Component: AccountLdapPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10


I made a fix in the Trac 0.10 version of the plugin to correctly compose a dn when the userdn setting is not used (i.e. it is empty). For the password operation to succeed without configuring LdapPlugin to bind to a specific user it also necessary to bind with the old password of the user. Below is my amateur patch.

--- accountldap/  2008-05-29 10:09:00.000000000 +0200
+++ accountldap.mod/      2008-07-02 19:39:52.000000000 +0200
@@ -66,11 +66,16 @@
             return template, None
         #dn = 'uid=%s,%s,%s' % (req.authname, self.userdn, self.basedn)
-            base = self.userdn + ',' + self.basedn
+            base = self.basedn
+            if self.userdn != '':
+                base = self.userdn + ',' + base
             ld_results = self.ldap.search_s(base, ldap.SCOPE_SUBTREE, 'uid=%s' % req.authname, ['dn'])
             # FIXME: Use only the first found DN. We should only have single DN here
             if ld_results :
                 dn = ld_results[0][0]
+                self.ldap.simple_bind(dn, old)
                 self.ldap.passwd_s(dn, old, p1)
             else :
                 raise LDAPError('Failed to find user in LDAP')

Attachments (0)

Change History (0)

Modify Ticket

as new The owner will remain Carlos López Pérez.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.