Docs for page ldap.php

Description

Change password LDAP backend

version: $Id: ldap.php 1254 2008-04-06 06:13:51Z tokul $
copyright: (c) 2005-2006 The SquirrelMail Project Team
copyright: (c) 2006-2007 The NaSMail Project
license: GNU Public License

Includes

include_once (SM_PATH.'functions/display_messages.php') (line 23)

error_box() function

include_once (SM_PATH.'functions/imap_general.php') (line 25)

sqimap_get_user_server() function

Variables

string $cpw_ldap_admindn (line 104)

BindDN that should be able to change password.

WARNING: sometimes user has enough privileges to change own password. If you leave default value, plugin will try to connect with DN that is detected in $cpw_ldap_username_attr=$username search and current user password will be used for authentication.

string $cpw_ldap_adminpw (line 111)

password used for $cpw_ldap_admindn

string $cpw_ldap_basedn; (line 60)

LDAP basedn that is used for binding to LDAP server.

this option must be set to correct value.

string $cpw_ldap_binddn (line 86)

BindDN that should be able to search LDAP directory and find DN used by user.

Uses anonymous bind if set to empty string. You should not use DN with write access to LDAP directory here. Write access is not required.

string $cpw_ldap_bindpw (line 93)

password used for $cpw_ldap_binddn

array $cpw_ldap_connect_opts (line 68)

LDAP connection options

link: http://www.php.net/ldap-set-option

string $cpw_ldap_default_crypto (line 127)

crypto that is used to encode new password

If set to empty string, system tries to keep same encoding/hashing algorithm

string $cpw_ldap_filter (line 135)

Additional LDAP filters

since: 0.3

integer $cpw_ldap_port (line 52)

Port of LDAP server.

Used only when $cpw_ldap_server specifies IP address or DNS name.

string $cpw_ldap_server (line 44)

Address of LDAP server.

You can use any URL format that is supported by your LDAP extension. Examples:

'ldap.example.com' - connect to server on ldap.example.com address
'ldaps://ldap.example.com' - connect to server on ldap.example.com address and use SSL encrypted connection to default LDAPs port.

defaults to imap server address.

link: http://www.php.net/ldap-connect

string $cpw_ldap_userid_attr (line 119)

LDAP attribute that stores username.

username entry should be unique for $cpw_ldap_basedn

boolean $cpw_ldap_use_tls (line 77)

Controls use of starttls on LDAP connection.

Requires PHP 4.2+, PHP LDAP extension with SSL support and PROTOCOL_VERSION => 3 setting in $cpw_ldap_connect_opts

Functions

cpw_ldap_compare_pass (line 687)

compares two passwords Code reuse. See phpldapadmin password_compare() function.

Some parts of code was rewritten to backend specifics.

return: true, if passwords match
link: http://phpldapadmin.sf.net

boolean cpw_ldap_compare_pass (string $pass_hash, string $pass_clear, &$msgs, array $msgs)

string $pass_hash: hashed password string with password type indicators
string $pass_clear: plain text password
array $msgs: error messages
&$msgs

cpw_ldap_dochange (line 201)

Changes password. Main function attached to hook

return: Array of error messages.

array cpw_ldap_dochange (array $data)

array $data: The username/curpw/newpw data.

cpw_ldap_encrypt_pass (line 523)

Encrypts LDAP password

if $cpw_ldap_default_crypto is set to empty string or $same_crypto is set, uses same crypto as in old password. See phpldapadmin password_hash() function

return: encrypted/hashed password or false
link: http://phpldapadmin.sf.net

string cpw_ldap_encrypt_pass (string $pass, string $cur_pass_hash, &$msgs, [string $curpass = ''], array $msgs)

string $pass: string that has to be encrypted/hashed
string $cur_pass_hash: old password hash
array $msgs: error message
string $curpass: current password. Used for plaintext password detection.
&$msgs

cpw_ldap_get_crypto (line 438)

returns crypto algorithm used in password.

return: lowercased crypto algorithm name

string cpw_ldap_get_crypto (string $pass, [ $curpass = ''])

string $pass: encrypted/hashed password
$curpass

cpw_ldap_init (line 169)

Makes sure that required functions and configuration options are set.

void cpw_ldap_init ()

cpw_ldap_password_hash (line 545)

create hashed password

return: password or false.

hashed cpw_ldap_password_hash (string $pass, string $crypto, &$msgs, [string $forced_salt = ''], array $msgs)

string $pass: plain text password
string $crypto: used crypto algorithm
array $msgs: array used for error messages
string $forced_salt: salt that should be used during hashing. Is used only when is not set to empty string. Salt should be formated according to $crypto requirements.
&$msgs

cpw_ldap_specialchars (line 423)

Sanitizes LDAP query strings.

original code - ldapquery plugin. See rfc2254

return: sanitized string
link: http://www.faqs.org/rfcs/rfc2254.html

string cpw_ldap_specialchars (string $string)

string $string

cpw_ldap_uid_search (line 474)

Search LDAP for user id.

return: false if connection failed.

boolean cpw_ldap_uid_search (object $ldap_con, string $ldap_basedn, &$msgs, &$results, &$userdn, [boolean $onlyone = true], array $msgs, object $results, string $userdn)

object $ldap_con: ldap connection
string $ldap_basedn: ldap basedn
array $msgs: error messages
object $results: ldap search results
string $userdn: DN of found entry
boolean $onlyone: require unique search results
&$msgs
&$results
&$userdn

/plugins/change_password/backend/ldap.php