Function to modify password

ltb-project · Jul 24, 2024 · 696a407 · 696a407
1 parent 9fdd564
commit 696a407
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 0 deletions.
diff --git a/src/Ltb/Directory.php b/src/Ltb/Directory.php
@@ -50,4 +50,9 @@ public function getPasswordMaxAge($ldap, $dn, $config) : ?int;
      * Date when password will be expired
      */
     public function getPasswordExpirationDate($ldap, $dn, $config) : ?DateTime;
+
+    /*
+     * Modify the password
+     */
+    public function modifyPassword($ldap, $dn, $password, $forceReset) : bool;
 }
diff --git a/src/Ltb/Directory/ActiveDirectory.php b/src/Ltb/Directory/ActiveDirectory.php
@@ -172,4 +172,24 @@ public function getPasswordMaxAge($ldap, $dn, $config) : ?int {
         return $config['pwdMaxAge'];
     }
 
+    public function modifyPassword($ldap, $dn, $password, $forceReset) : bool {
+
+        $adPassword = \Ltb\Password::make_ad_password($password);
+        $changes = array('unicodePwd' => $adPassword);
+
+        if ($forceReset) {
+            $changes['pwdLastSet'] = 0;
+        }
+
+        $update = \Ltb\PhpLDAP::ldap_mod_replace($ldap, $dn, $changes);
+        $errno = ldap_errno($ldap);
+
+        if ($errno) {
+            error_log("LDAP - Modify password error $errno  (".ldap_error($ldap).")");
+            return false;
+        } else {
+            return true;
+        }
+
+    }
 }
diff --git a/src/Ltb/Directory/OpenLDAP.php b/src/Ltb/Directory/OpenLDAP.php
@@ -243,4 +243,23 @@ public function getPasswordMaxAge($ldap, $dn, $config) : ?int {
 
         return $pwdMaxAge;
     }
+
+    public function modifyPassword($ldap, $dn, $password, $forceReset) : bool {
+
+        $changes = array('userPassword' => $password);
+
+        if ($forceReset) {
+            $changes['pwdReset'] = 'TRUE';
+        }
+
+        $update = \Ltb\PhpLDAP::ldap_mod_replace($ldap, $dn, $changes);
+        $errno = ldap_errno($ldap);
+
+        if ($errno) {
+            error_log("LDAP - Modify password error $errno  (".ldap_error($ldap).")");
+            return false;
+        } else {
+            return true;
+        }
+    }
 }