LupusNobilis
/
sope
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(ldap): change password - don't bind automatically with user DN

pull/43/merge
Francis Lachapelle 2021-05-06 16:38:41 -04:00
parent 7c2c490005
commit 1fd9dba3f0
1 changed files with 241 additions and 249 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sope-ldap/NGLdap/NGLdapConnection.m
View File

@ -418,9 +418,7 @@ static void freeMods(LDAPMod **mods) {
}
//
// No need to bind prior to calling this method. In fact,
// if a bind() was issued prior calling this method, it
// will fail.
// Bind is required prior to calling this method.
//
- (BOOL) changePasswordAtDn: (NSString *) _dn
oldPassword: (NSString *) _oldPassword
@ -437,11 +435,7 @@ static void freeMods(LDAPMod **mods) {
user = [_dn UTF8String];
p = LDAPUseLatin1Creds ? (char *)[_oldPassword cString] : (char *)[_oldPassword UTF8String];
if (!self->flags.isBound)
{
rc = ldap_simple_bind_s(self->handle, user, p);
if (rc == LDAP_SUCCESS)
if (self->flags.isBound)
{
struct berval newpw = { 0, NULL };
struct berval oldpw = { 0, NULL };
@ -459,7 +453,6 @@ static void freeMods(LDAPMod **mods) {
char *matcheddn = NULL, *retoid = NULL, *text = NULL, **refs = NULL;
int idd, grace, expire, code;
self->flags.isBound = YES;
code = LDAP_OTHER;
newpw.bv_val = LDAPUseLatin1Creds ? (char *)[_newPassword cString] : (char *)[_newPassword UTF8String];
@ -530,7 +523,7 @@ static void freeMods(LDAPMod **mods) {
rc = ldap_parse_result(self->handle, result, &code, &matcheddn, &text, &refs, &ctrls, 0);
if (rc != LDAP_SUCCESS)
if (rc != LDAP_SUCCESS || code == LDAP_UNWILLING_TO_PERFORM)
{
[self logWithFormat: @"change password - ldap_parse_result call failed, rc = %d, code = %d, matcheddn = %s, text = %s", rc, code, matcheddn, text];
ber_memfree(text);
@ -592,7 +585,6 @@ static void freeMods(LDAPMod **mods) {
return YES;
}
}
return NO;
}