Docs for page ldap.php

Description

Change password LDAP backend

version: $Id: ldap.php 14845 2020-01-07 08:09:34Z pdontthink $
copyright: 2005-2020 The SquirrelMail Project Team
filesource: Source Code for this file
license: GNU Public License

Includes

include_once (SM_PATH.'functions/imap_general.php') (line 24)

sqimap_get_user_server() function

Variables

string $cpw_ldap_admindn (line 103)

BindDN that should be able to change password.

WARNING: sometimes user has enough privileges to change own password. If you leave default value, plugin will try to connect with DN that is detected in $cpw_ldap_username_attr=$username search and current user password will be used for authentication.

string $cpw_ldap_adminpw (line 110)

password used for $cpw_ldap_admindn

string $cpw_ldap_basedn; (line 59)

LDAP basedn that is used for binding to LDAP server.

this option must be set to correct value.

string $cpw_ldap_binddn (line 85)

BindDN that should be able to search LDAP directory and find DN used by user.

Uses anonymous bind if set to empty string. You should not use DN with write access to LDAP directory here. Write access is not required.

string $cpw_ldap_bindpw (line 92)

password used for $cpw_ldap_binddn

array $cpw_ldap_connect_opts (line 67)

LDAP connection options

link: http://www.php.net/ldap-set-option

string $cpw_ldap_default_crypto (line 126)

crypto that is used to encode new password

If set to empty string, system tries to keep same encoding/hashing algorithm

integer $cpw_ldap_port (line 51)

Port of LDAP server.

Used only when $cpw_ldap_server specifies IP address or DNS name.

string $cpw_ldap_server (line 43)

Address of LDAP server.

You can use any URL format that is supported by your LDAP extension. Examples:

'ldap.example.com' - connect to server on ldap.example.com address
'ldaps://ldap.example.com' - connect to server on ldap.example.com address and use SSL encrypted connection to default LDAPs port.

defaults to imap server address.

link: http://www.php.net/ldap-connect

string $cpw_ldap_userid_attr (line 118)

LDAP attribute that stores username.

username entry should be unique for $cpw_ldap_basedn

boolean $cpw_ldap_use_tls (line 76)

Controls use of starttls on LDAP connection.

Requires PHP 4.2+, PHP LDAP extension with SSL support and PROTOCOL_VERSION => 3 setting in $cpw_ldap_connect_opts

Functions

cpw_ldap_compare_pass (line 664)

compares two passwords Code reuse. See phpldapadmin password_compare() function.

Some parts of code was rewritten to backend specifics.

return: true, if passwords match
link: http://phpldapadmin.sf.net

boolean cpw_ldap_compare_pass (string $pass_hash, string $pass_clear, &$msgs, array $msgs)

string $pass_hash: hashed password string with password type indicators
string $pass_clear: plain text password
array $msgs: error messages
&$msgs

cpw_ldap_dochange (line 190)

Changes password. Main function attached to hook

return: Array of error messages.

array cpw_ldap_dochange (array $data)

array $data: The username/curpw/newpw data.

cpw_ldap_encrypt_pass (line 502)

Encrypts LDAP password

if $cpw_ldap_default_crypto is set to empty string or $same_crypto is set, uses same crypto as in old password. See phpldapadmin password_hash() function

return: encrypted/hashed password or false
link: http://phpldapadmin.sf.net

string cpw_ldap_encrypt_pass (string $pass, string $cur_pass_hash, &$msgs, [string $curpass = ''], array $msgs)

string $pass: string that has to be encrypted/hashed
string $cur_pass_hash: old password hash
array $msgs: error message
string $curpass: current password. Used for plaintext password detection.
&$msgs

cpw_ldap_get_crypto (line 427)

returns crypto algorithm used in password.

return: lowercased crypto algorithm name

string cpw_ldap_get_crypto (string $pass, [ $curpass = ''])

string $pass: encrypted/hashed password
$curpass

cpw_ldap_init (line 159)

Makes sure that required functions and configuration options are set.

void cpw_ldap_init ()

cpw_ldap_password_hash (line 524)

create hashed password

return: password or false.

hashed cpw_ldap_password_hash (string $pass, string $crypto, &$msgs, [string $forced_salt = ''], array $msgs)

string $pass: plain text password
string $crypto: used crypto algorithm
array $msgs: array used for error messages
string $forced_salt: salt that should be used during hashing. Is used only when is not set to empty string. Salt should be formated according to $crypto requirements.
&$msgs

cpw_ldap_specialchars (line 412)

Sanitizes LDAP query strings.

original code - ldapquery plugin. See rfc2254

return: sanitized string
link: http://www.faqs.org/rfcs/rfc2254.html

string cpw_ldap_specialchars (string $string)

string $string

cpw_ldap_uid_search (line 463)

Search LDAP for user id.

return: false if connection failed.

boolean cpw_ldap_uid_search (object $ldap_con, string $ldap_basedn, &$msgs, &$results, &$userdn, [boolean $onlyone = true], array $msgs, object $results, string $userdn)

object $ldap_con: ldap connection
string $ldap_basedn: ldap basedn
array $msgs: error messages
object $results: ldap search results
string $userdn: DN of found entry
boolean $onlyone: require unique search results
&$msgs
&$results
&$userdn

/plugins/change_password/backend/ldap.php