fix(ldap): change password - don't bind automatically with user DN
parent
7c2c490005
commit
1fd9dba3f0
|
@ -418,9 +418,7 @@ static void freeMods(LDAPMod **mods) {
|
|||
}
|
||||
|
||||
//
|
||||
// No need to bind prior to calling this method. In fact,
|
||||
// if a bind() was issued prior calling this method, it
|
||||
// will fail.
|
||||
// Bind is required prior to calling this method.
|
||||
//
|
||||
- (BOOL) changePasswordAtDn: (NSString *) _dn
|
||||
oldPassword: (NSString *) _oldPassword
|
||||
|
@ -437,11 +435,7 @@ static void freeMods(LDAPMod **mods) {
|
|||
user = [_dn UTF8String];
|
||||
p = LDAPUseLatin1Creds ? (char *)[_oldPassword cString] : (char *)[_oldPassword UTF8String];
|
||||
|
||||
if (!self->flags.isBound)
|
||||
{
|
||||
rc = ldap_simple_bind_s(self->handle, user, p);
|
||||
|
||||
if (rc == LDAP_SUCCESS)
|
||||
if (self->flags.isBound)
|
||||
{
|
||||
struct berval newpw = { 0, NULL };
|
||||
struct berval oldpw = { 0, NULL };
|
||||
|
@ -459,7 +453,6 @@ static void freeMods(LDAPMod **mods) {
|
|||
char *matcheddn = NULL, *retoid = NULL, *text = NULL, **refs = NULL;
|
||||
int idd, grace, expire, code;
|
||||
|
||||
self->flags.isBound = YES;
|
||||
code = LDAP_OTHER;
|
||||
|
||||
newpw.bv_val = LDAPUseLatin1Creds ? (char *)[_newPassword cString] : (char *)[_newPassword UTF8String];
|
||||
|
@ -530,7 +523,7 @@ static void freeMods(LDAPMod **mods) {
|
|||
|
||||
rc = ldap_parse_result(self->handle, result, &code, &matcheddn, &text, &refs, &ctrls, 0);
|
||||
|
||||
if (rc != LDAP_SUCCESS)
|
||||
if (rc != LDAP_SUCCESS || code == LDAP_UNWILLING_TO_PERFORM)
|
||||
{
|
||||
[self logWithFormat: @"change password - ldap_parse_result call failed, rc = %d, code = %d, matcheddn = %s, text = %s", rc, code, matcheddn, text];
|
||||
ber_memfree(text);
|
||||
|
@ -592,7 +585,6 @@ static void freeMods(LDAPMod **mods) {
|
|||
|
||||
return YES;
|
||||
}
|
||||
}
|
||||
|
||||
return NO;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue