Password modification and password policy features for user_ldap#25114
Password modification and password policy features for user_ldap#25114GitHubUser4234 wants to merge 69 commits intoowncloud:masterfrom
Conversation
This reverts commit 91d8781.
|
Thanks a lot for your contribution! Alternatively you can add a comment here where you state that this contribution is MIT licensed. Some more details about out pull request workflow can be found here: http://owncloud.org/code-reviews-on-github/ |
|
Thanks a lot for your contribution! Alternatively you can add a comment here where you state that this contribution is MIT licensed. Some more details about out pull request workflow can be found here: http://owncloud.org/code-reviews-on-github/ |
|
Thanks a lot for your contribution! Alternatively you can add a comment here where you state that this contribution is MIT licensed. Some more details about out pull request workflow can be found here: http://owncloud.org/code-reviews-on-github/ |
|
Thanks a lot for your contribution! Alternatively you can add a comment here where you state that this contribution is MIT licensed. Some more details about out pull request workflow can be found here: http://owncloud.org/code-reviews-on-github/ |
|
I'm closing this because we have no signed cla and and future contribution of @GitHubUser4234 seem to flow into nextcloud. further contributions are still welcome anyhow. Please note that we continue the ldpa development in https://github.com/owncloud/user_ldap |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
5 participants
This is an enhancement I'm currently developing with mentorship from @blizzz 👍 , any suggestions for improvements or contributions are welcome.
Ability to change LDAP password
With the new features added to user_ldap in #23992, an app would be able to change a password in LDAP using a
pre_setPassword()hook, when an ownCloud admin is doing it.However there are issues:
setPassword()is not implemented by user_ldap. Therefore always false is returned to the Controller and a message "Unable to change password" appears, even though the password change was successful in the app'spre_setPassword()hooksetPassword()is not implementedBoth issues could be solved by implementing @blizzz 's suggestions mentioned in #3785 instead of using an app. So let's assume I'll do it, which place is most suitable in the UI for the checkBox for setting the "enabled" flag in the
setPassword()method?Password Policies
We discussed that it would be an option to implement support for password policies in user_ldap. Right now, I'm wondering what can be done to implement the detection of an expired password during login in user_ldap. It is not as easy as just parsing the bind result in
checkPassword(), as the PHP LDAP module is not able to parse password policy related results. Instead, it would be required to check password policy related user attributes during login. For example, when using OpenLDAP,checkPassword()(or ratherprocessAttributes())would check "pwdChangedTime" and "pwdMaxAge" (more details here). Would it be ok to implement this in user_ldap (as generic as possible), say in expert settings we could choose to check for password expiry and define the attribute names that are equivalent to the following:Of course, just offering a checkbox to indicate password expiry checking and hardcoding the attributes would be fine for me, too 😄
If the password expired, the user would have to be redirected to another page to change his password, not so sure how this could be done, maybe there is another module doing something similar? Or at least a way exists to popup a dialog with a link pointing to the change password page?
Your opinion is highly appreciated 😃