Be able to change password as asdmin

merge-requests/6/head
meskio 5 years ago
parent 30d21af189
commit bb301140ce
Signed by: meskio
GPG Key ID: 52B8F5AC97A2DA86
  1. 36
      ldap/user.go
  2. 18
      ldap/user_test.go

@ -39,14 +39,27 @@ func (l Ldap) ChangePass(user string, oldpass string, newpass string) error {
return err
}
defer conn.Close()
return l.changePass(conn, user, oldpass, newpass)
}
// ChangePassAdmin changes user's password as admin
// (without knowing the old password)
func (l Ldap) ChangePassAdmin(user string, pass string) error {
conn, err := l.connect()
if err != nil {
return err
}
defer conn.Close()
return l.changePass(conn, user, "", pass)
}
func (l Ldap) changePass(conn *ldap.Conn, user, oldpass, newpass string) error {
if l.RO {
log.Println("Changing password in read only mode")
return nil
}
passwordModifyRequest := ldap.NewPasswordModifyRequest("", oldpass, newpass)
_, err = conn.PasswordModify(passwordModifyRequest)
passwordModifyRequest := ldap.NewPasswordModifyRequest(l.userDN(user), oldpass, newpass)
_, err := conn.PasswordModify(passwordModifyRequest)
return err
}
@ -111,14 +124,13 @@ func (l *Ldap) AddUser(user string, pass string, gid int) error {
}
uid++
userStr := ldap.EscapeFilter(user)
dn := fmt.Sprintf("cn=%s,ou=people,%s", userStr, l.DC)
dn := l.userDN(user)
addRequest := ldap.NewAddRequest(dn)
addRequest.Attribute("uid", []string{userStr})
addRequest.Attribute("cn", []string{userStr})
addRequest.Attribute("uid", []string{ldap.EscapeFilter(user)})
addRequest.Attribute("cn", []string{ldap.EscapeFilter(user)})
addRequest.Attribute("objectClass", []string{"account", "posixAccount"})
addRequest.Attribute("loginShell", []string{"/bin/false"})
addRequest.Attribute("homeDirectory", []string{l.HomePath + userStr})
addRequest.Attribute("homeDirectory", []string{l.HomePath + user})
addRequest.Attribute("uidNumber", []string{strconv.Itoa(uid)})
addRequest.Attribute("gidNumber", []string{strconv.Itoa(gid)})
err = conn.Add(addRequest)
@ -134,8 +146,12 @@ func (l *Ldap) AddUser(user string, pass string, gid int) error {
// DelUser removes the user from ldap
func (l Ldap) DelUser(user string) error {
dn := fmt.Sprintf("cn=%s,ou=people,%s", ldap.EscapeFilter(user), l.DC)
return l.del(dn)
return l.del(l.userDN(user))
}
func (l Ldap) userDN(user string) string {
userStr := ldap.EscapeFilter(user)
return fmt.Sprintf("uid=%s,ou=People,%s", userStr, l.DC)
}
func (l Ldap) login(user string, password string) (*ldap.Conn, error) {

@ -56,6 +56,24 @@ func TestChangePassRO(t *testing.T) {
}
}
func TestChangePassAdmin(t *testing.T) {
l := testLdap()
err := l.ChangePassAdmin(user, newPass)
if err != nil {
t.Fatalf("Error on ChangePassAdmin(): %v", err)
}
err = l.ValidateUser(user, newPass)
if err != nil {
t.Errorf("Error on ValidateUser(): %v", err)
}
err = l.ChangePassAdmin(user, userPass)
if err != nil {
t.Errorf("Error on the second ChangePassAdmin(): %v", err)
}
}
func TestGetUser(t *testing.T) {
l := testLdap()

Loading…
Cancel
Save