- if(! isset($this->attributes['password']) || !isset($this->password_encoding)){
- //throw new Exception(_('Sorry, changing LDAP passwords is not supported at this time'));
- return false;
- }
- $entry = $this->ldap_get_user($username);
- if(!$entry){
- return false;
- }else{
- $config = $this->ldap_get_config();
- $config['binddn']=$entry->dn();
- $config['bindpw']=$oldpassword;
- if($ldap = $this->ldap_get_connection($config)){
- $entry = $this->ldap_get_user($username,array(),$ldap);
-
- $newCryptedPassword = $this->hashPassword($newpassword, $this->password_encoding);
- if ($newCryptedPassword===false) {
- return false;
- }
- if($this->password_encoding=='ad') {
- //TODO I believe this code will work once this bug is fixed: http://pear.php.net/bugs/bug.php?id=16796
- $oldCryptedPassword = $this->hashPassword($oldpassword, $this->password_encoding);
- $entry->delete( array($this->attributes['password'] => $oldCryptedPassword ));
- }
- $entry->replace( array($this->attributes['password'] => $newCryptedPassword ), true);
- if( Net_LDAP2::isError($entry->upate()) ) {
- return false;
- }
- return true;
- }else{
- return false;
- }
- }
-
- return false;
- }
-
- //---utility functions---//
- function ldap_get_config(){
- $config = array();
- $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope');
- foreach($keys as $key){
- $value = $this->$key;
- if($value!==null){
- $config[$key]=$value;
- }
- }
- return $config;
- }
-
- function ldap_get_connection($config = null){
- if($config == null && isset($this->default_ldap)){
- return $this->default_ldap;
- }
-
- //cannot use Net_LDAP2::connect() as StatusNet uses
- //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError');
- //PEAR handling can be overridden on instance objects, so we do that.
- $ldap = new Net_LDAP2(isset($config)?$config:$this->ldap_get_config());
- $ldap->setErrorHandling(PEAR_ERROR_RETURN);
- $err=$ldap->bind();
- if (Net_LDAP2::isError($err)) {
- common_log(LOG_WARNING, 'Could not connect to LDAP server: '.$err->getMessage());
- return false;
- }
- if($config == null) $this->default_ldap=$ldap;
-
- $c = common_memcache();
- if (!empty($c)) {
- $cacheObj = new MemcacheSchemaCache(
- array('c'=>$c,
- 'cacheKey' => common_cache_key('ldap_schema:' . crc32(serialize($config)))));
- $ldap->registerSchemaCache($cacheObj);
- }
- return $ldap;
- }
-
- /**
- * get an LDAP entry for a user with a given username
- *
- * @param string $username
- * $param array $attributes LDAP attributes to retrieve
- * @return string DN
- */
- function ldap_get_user($username,$attributes=array(),$ldap=null){
- if($ldap==null) {
- $ldap = $this->ldap_get_connection();
- }
- $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username);
- $options = array(
- 'attributes' => $attributes
- );
- $search = $ldap->search($this->basedn, $filter, $options);
-
- if (PEAR::isError($search)) {
- common_log(LOG_WARNING, 'Error while getting DN for user: '.$search->getMessage());
- return false;
- }
-
- $searchcount = $search->count();
- if($searchcount == 0) {
- return false;
- }else if($searchcount == 1) {
- $entry = $search->shiftEntry();
- return $entry;
- }else{
- common_log(LOG_WARNING, 'Found ' . $searchcount . ' ldap user with the username: ' . $username);
- return false;
- }