/plugins/change_password/backend/ldap.php

Description

Change password LDAP backend

Includes
include_once (SM_PATH.'functions/imap_general.php') (line 24)

sqimap_get_user_server() function

Variables
string $cpw_ldap_admindn (line 103)

BindDN that should be able to change password.

WARNING: sometimes user has enough privileges to change own password. If you leave default value, plugin will try to connect with DN that is detected in $cpw_ldap_username_attr=$username search and current user password will be used for authentication.

string $cpw_ldap_adminpw (line 110)

password used for $cpw_ldap_admindn

string $cpw_ldap_basedn; (line 59)

LDAP basedn that is used for binding to LDAP server.

this option must be set to correct value.

string $cpw_ldap_binddn (line 85)

BindDN that should be able to search LDAP directory and find DN used by user.

Uses anonymous bind if set to empty string. You should not use DN with write access to LDAP directory here. Write access is not required.

string $cpw_ldap_bindpw (line 92)

password used for $cpw_ldap_binddn

array $cpw_ldap_connect_opts (line 67)

LDAP connection options

string $cpw_ldap_default_crypto (line 126)

crypto that is used to encode new password

If set to empty string, system tries to keep same encoding/hashing algorithm

integer $cpw_ldap_port (line 51)

Port of LDAP server.

Used only when $cpw_ldap_server specifies IP address or DNS name.

string $cpw_ldap_server (line 43)

Address of LDAP server.

You can use any URL format that is supported by your LDAP extension. Examples:

  • 'ldap.example.com' - connect to server on ldap.example.com address
  • 'ldaps://ldap.example.com' - connect to server on ldap.example.com address and use SSL encrypted connection to default LDAPs port.
defaults to imap server address.

string $cpw_ldap_userid_attr (line 118)

LDAP attribute that stores username.

username entry should be unique for $cpw_ldap_basedn

boolean $cpw_ldap_use_tls (line 76)

Controls use of starttls on LDAP connection.

Requires PHP 4.2+, PHP LDAP extension with SSL support and PROTOCOL_VERSION => 3 setting in $cpw_ldap_connect_opts

Functions
cpw_ldap_compare_pass (line 664)

compares two passwords Code reuse. See phpldapadmin password_compare() function.

Some parts of code was rewritten to backend specifics.

boolean cpw_ldap_compare_pass (string $pass_hash, string $pass_clear,  &$msgs, array $msgs)
  • string $pass_hash: hashed password string with password type indicators
  • string $pass_clear: plain text password
  • array $msgs: error messages
  • &$msgs
cpw_ldap_dochange (line 190)

Changes password. Main function attached to hook

  • return: Array of error messages.
array cpw_ldap_dochange (array $data)
  • array $data: The username/curpw/newpw data.
cpw_ldap_encrypt_pass (line 502)

Encrypts LDAP password

if $cpw_ldap_default_crypto is set to empty string or $same_crypto is set, uses same crypto as in old password. See phpldapadmin password_hash() function

string cpw_ldap_encrypt_pass (string $pass, string $cur_pass_hash,  &$msgs, [string $curpass = ''], array $msgs)
  • string $pass: string that has to be encrypted/hashed
  • string $cur_pass_hash: old password hash
  • array $msgs: error message
  • string $curpass: current password. Used for plaintext password detection.
  • &$msgs
cpw_ldap_get_crypto (line 427)

returns crypto algorithm used in password.

  • return: lowercased crypto algorithm name
string cpw_ldap_get_crypto (string $pass, [ $curpass = ''])
  • string $pass: encrypted/hashed password
  • $curpass
cpw_ldap_init (line 159)

Makes sure that required functions and configuration options are set.

void cpw_ldap_init ()
cpw_ldap_password_hash (line 524)

create hashed password

  • return: password or false.
hashed cpw_ldap_password_hash (string $pass, string $crypto,  &$msgs, [string $forced_salt = ''], array $msgs)
  • string $pass: plain text password
  • string $crypto: used crypto algorithm
  • array $msgs: array used for error messages
  • string $forced_salt: salt that should be used during hashing. Is used only when is not set to empty string. Salt should be formated according to $crypto requirements.
  • &$msgs
cpw_ldap_specialchars (line 412)

Sanitizes LDAP query strings.

original code - ldapquery plugin. See rfc2254

string cpw_ldap_specialchars (string $string)
  • string $string
cpw_ldap_uid_search (line 463)

Search LDAP for user id.

  • return: false if connection failed.
boolean cpw_ldap_uid_search (object $ldap_con, string $ldap_basedn,  &$msgs,  &$results,  &$userdn, [boolean $onlyone = true], array $msgs, object $results, string $userdn)
  • object $ldap_con: ldap connection
  • string $ldap_basedn: ldap basedn
  • array $msgs: error messages
  • object $results: ldap search results
  • string $userdn: DN of found entry
  • boolean $onlyone: require unique search results
  • &$msgs
  • &$results
  • &$userdn

Documentation generated on Sat, 25 Oct 2014 04:18:32 +0200 by phpDocumentor 1.4.3