Change LDAP Password plugin for SquirrelMail
----------------------------------------

This is a Squirrelmail plugin to change
a users password which is stored in an LDAP database
(in a posixAccount objectClass)
and optionally to syncronise the password change in
samba's smbpasswd (encrypted password) file.
For smbpasswd to be updated, you must supply the
path to the executable smbpasswd (usually in /usr/bin)

An LDAP databse can be used to keep user authentication and other descriptive
data for email and samba accounts (or any UNIX services requiring
authentication for that matter). On our site we keep Unix service
accounts in the traditional passwd/shadow files, but user accounts are stored
in LDAP. An extra 'ldap' entry in nsswitch.conf (in conjunction with the
nss/pam_ldap library) means you can authenticate imap and samba users against
the LDAP database. This becomes a single sign on db for all UNIX services used
by your users.
The only thing you can't store in LDAP (as of mid 2001) with the production
version of Samba is the encrypted passwords normally stored in /etc/smbpasswd.
These are manually synced using the smbpasswd client/server utility.

It is possible now to tell samba to store everything in LDAP. This code
does not yet support native changing of LM and NT password fields in an LDAP 
database, but, by using PAM, and pam_ldap.so in the samba PAM file it should
be possible to do this using the smbpasswd utility.

NEWS: COMPATIBILITY PLUGIN NOW REQUIRED DEPENDANCY. 

SHAMELESS SELF PROMOTION:  See also change_qldforward if your interested
in allowing users to change mailforwarding settings in ldap.

--CHANGE LOG----------------------------

Ver 1.5 May 11, 2003 - Fix Squirrelmail-1.4.0 compatibility, etc.
NEW MAINTAINOR: Ray Ferguson, foo@share-foo.com
Made minor changes for 1.4.0 compatiblity, now requires compatibility plugin.
Changed action on successful password change. 
  Now reports success without redirecting to options.
Merged internationalization from Georg Lehner
Minor bug fixes and documentation changes.


Simon Annetts, simon@ateb.co.uk
Ver 1.4, Jan 09 2002 - Fix a security vunerability with smbpasswd and added clear text
password support.


Simon Annetts, simon@ateb.co.uk
Ver 1.3, Oct 29 2002 - Changed autodetect to be extensible and fixed bugs.

Changed password detection to support salted DES, MD5 and BLOWFISH as well as 
unsalted MD5 and SHA. Unsalted MD5 and SHA are *untested* by me but based on other
users code. Please give me feedback on their fitness....
Fixed bugs pointed out by other people.
Improved binding techniques, - we bind anonymously to get the users dn, then bind
as the user.
Removed global variables for SQM 1.2.8

Simon Annetts, simon@ateb.co.uk
Ver 1.2, Apr 15 2002 - Added MD5 password support with autodetect.

Added code necessary to support MD5 passwords as well as original crypt passwords.
Autodetection is done by looking at the length of the password and the first three
characters (should always be $1$ for MD5).


Simon Annetts, simon@ateb.co.uk
Ver 1.1, Nov 16 2001 - Changed authentication options.

Added an option which selects whether to bind to the LDAP server as manager
or as the current user before attempting to change the password.


Simon Annetts, simon@ateb.co.uk
Ver 1.0, Feb 23 2001 - Initial Version
