MDL-3339 support md5 and sha1 in ldap when adding or changing passwords; merged from...

diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php
index 85c221e4b3bdd859cd7071e5cda608b189db80bb..8ec2bd7089bb8ac2d823a2c1b62ad6e665678cc6 100644 (file)
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@@ -232,6 +232,18 @@ class auth_plugin_ldap extends auth_plugin_base {
         $extusername = $textlib->convert(stripslashes($userobject->username), 'utf-8', $this->config->ldapencoding);
         $extpassword = $textlib->convert(stripslashes($plainpass), 'utf-8', $this->config->ldapencoding);
 
+        switch ($this->config->passtype) {
+            case 'md5':
+                $extpassword = '{MD5}' . base64_encode(pack('H*', md5($extpassword)));
+                break;
+            case 'sha1':
+                $extpassword = '{SHA}' . base64_encode(pack('H*', sha1($extpassword)));
+                break;
+            case 'plaintext':
+            default:
+                break; // plaintext
+        }
+
         $ldapconnection = $this->ldap_connect();
         $attrmap = $this->ldap_attributes();
 
@@ -974,6 +986,18 @@ class auth_plugin_ldap extends auth_plugin_base {
         $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->ldapencoding);
         $extpassword = $textlib->convert(stripslashes($newpassword), 'utf-8', $this->config->ldapencoding);
 
+        switch ($this->config->passtype) {
+            case 'md5':
+                $extpassword = '{MD5}' . base64_encode(pack('H*', md5($extpassword)));
+                break;
+            case 'sha1':
+                $extpassword = '{SHA}' . base64_encode(pack('H*', sha1($extpassword)));
+                break;
+            case 'plaintext':
+            default:
+                break; // plaintext
+        }
+
         $ldapconnection = $this->ldap_connect();
 
         $user_dn = $this->ldap_find_userdn($ldapconnection, $extusername);
@@ -1596,7 +1620,9 @@ class auth_plugin_ldap extends auth_plugin_base {
         if (!isset($config->forcechangepassword))
             {$config->forcechangepassword = 0; }
         if (!isset($config->stdchangepassword))
-            {$config->stdchangepassword = 0; }
+            {$config->forcechangepassword = 0; }
+        if (!isset($config->passtype))
+            {$config->passtype = 'plaintext'; }
         if (!isset($config->changepasswordurl))
             {$config->changepasswordurl = ''; }
         if (!isset($config->removeuser))
@@ -1628,6 +1654,7 @@ class auth_plugin_ldap extends auth_plugin_base {
         set_config('auth_user_create', $config->auth_user_create, 'auth/ldap');
         set_config('forcechangepassword', $config->forcechangepassword, 'auth/ldap');
         set_config('stdchangepassword', $config->stdchangepassword, 'auth/ldap');
+        set_config('passtype', $config->passtype, 'auth/ldap');
         set_config('changepasswordurl', $config->changepasswordurl, 'auth/ldap');
         set_config('removeuser', $config->removeuser, 'auth/ldap');
 

diff --git a/auth/ldap/config.html b/auth/ldap/config.html
index 4b729d463f21563cde44db08933465c6d23aff01..a1a1f24fe93974052ff30d673d37489f3ccf3d3a 100644 (file)
--- a/auth/ldap/config.html
+++ b/auth/ldap/config.html
@@ -49,6 +49,8 @@
         {$config->forcechangepassword = 0; }
     if (!isset($config->stdchangepassword))
         {$config->stdchangepassword = 0; }
+    if (!isset($config->passtype)) 
+        {$config->passtype = 'plaintext';}
     if (!isset($config->changepasswordurl))
         {$config->changepasswordurl = ''; }
     if (!isset($config->removeuser))
@@ -271,6 +273,21 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
     </td>
 </tr>
 
+<tr valign="top" class="required">
+    <td align="right"><label for="menupasstype"><?php print_string('auth_ldap_passtype_key', 'auth') ?></label></td>
+    <td>
+        <?php
+        $passtype = array();
+        $passtype['plaintext'] = get_string('plaintext', 'auth');
+        $passtype['md5']       = get_string('md5', 'auth');
+        $passtype['sha1']      = get_string('sha1', 'auth');
+        choose_from_menu($passtype, 'passtype', $config->passtype, '');
+
+        ?>
+    </td>
+    <td><?php print_string('auth_ldap_passtype', 'auth') ?></td>
+</tr>
+
 <tr valign="top">
     <td align="right"><label for="changepasswordurl"><?php print_string('auth_ldap_changepasswordurl_key','auth') ?></label></td>
     <td>

diff --git a/lang/en_utf8/auth.php b/lang/en_utf8/auth.php
index 6d3b7a8613b56475fdba31603d2aa393ac250046..dd85a3879bec165dc1a165983e08fef152d4ea27 100644 (file)
--- a/lang/en_utf8/auth.php
+++ b/lang/en_utf8/auth.php
@@ -159,6 +159,7 @@ $string['auth_ldap_memberattribute'] = 'Optional: Overrides user member attribut
 $string['auth_ldap_memberattribute_isdn'] = 'Optional: Overrides handling of member attribute values, either 0 or 1';
 $string['auth_ldap_objectclass'] = 'Optional: Overrides objectClass used to name/search users on ldap_user_type. Usually you dont need to chage this.';
 $string['auth_ldap_opt_deref'] = 'Determines how aliases are handled during search. Select one of the following values: \"No\" (LDAP_DEREF_NEVER) or \"Yes\" (LDAP_DEREF_ALWAYS)';
+$string['auth_ldap_passtype'] = 'Specify the format of new or changed passwords in LDAP server.';
 $string['auth_ldap_passwdexpire_settings'] = 'LDAP password expiration settings.';
 $string['auth_ldap_preventpassindb'] = 'Select yes to prevent passwords from being stored in Moodle\'s DB.';
 $string['auth_ldap_search_sub'] = 'Search users from subcontexts.';
@@ -191,6 +192,7 @@ $string['auth_ldap_user_attribute_key'] = 'User attribute';
 $string['auth_ldap_memberattribute_key'] = 'Member attribute';
 $string['auth_ldap_memberattribute_isdn_key'] = 'Member attribute uses dn';
 $string['auth_ldap_objectclass_key'] = 'Object class';
+$string['auth_ldap_passtype_key'] = 'Password format';
 $string['auth_ldap_changepasswordurl_key'] = 'Password-change URL';
 $string['auth_ldap_expiration_key'] = 'Expiration';
 $string['auth_ldap_expiration_warning_key'] = 'Expiration warning';