Function for reset at next connection

ltb-project · Jul 24, 2024 · e9bdceb · e9bdceb
1 parent 696a407
commit e9bdceb
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 0 deletions.
diff --git a/src/Ltb/Directory.php b/src/Ltb/Directory.php
@@ -55,4 +55,9 @@ public function getPasswordExpirationDate($ldap, $dn, $config) : ?DateTime;
      * Modify the password
      */
     public function modifyPassword($ldap, $dn, $password, $forceReset) : bool;
+
+    /*
+     * Should user reset password at next connection?
+     */
+    public function resetAtNextConnection($ldap, $dn) : bool;
 }
diff --git a/src/Ltb/Directory/ActiveDirectory.php b/src/Ltb/Directory/ActiveDirectory.php
@@ -190,6 +190,25 @@ public function modifyPassword($ldap, $dn, $password, $forceReset) : bool {
         } else {
             return true;
         }
+    }
+
+    public function resetAtNextConnection($ldap, $dn) : bool {
 
+        # Get entry
+        $search = \Ltb\PhpLDAP::ldap_read($ldap, $dn, "(objectClass=*)", array('pwdlastset'));
+        $errno = \Ltb\PhpLDAP::ldap_errno($ldap);
+
+        if ( $errno ) {
+            error_log("LDAP - Search error $errno  (".ldap_error($ldap).")");
+            return $expirationDate;
+        } else {
+            $entry = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search);
+        }
+
+        if ($entry[0]['pwdlastset'] and $entry[0]['pwdlastset'][0] == 0) {
+            return true;
+        } else {
+            return false;
+        }
     }
 }
diff --git a/src/Ltb/Directory/OpenLDAP.php b/src/Ltb/Directory/OpenLDAP.php
@@ -262,4 +262,24 @@ public function modifyPassword($ldap, $dn, $password, $forceReset) : bool {
             return true;
         }
     }
+
+    public function resetAtNextConnection($ldap, $dn) : bool {
+
+        # Get entry
+        $search = \Ltb\PhpLDAP::ldap_read($ldap, $dn, "(objectClass=*)", array('pwdreset'));
+        $errno = \Ltb\PhpLDAP::ldap_errno($ldap);
+
+        if ( $errno ) {
+            error_log("LDAP - Search error $errno  (".ldap_error($ldap).")");
+            return $expirationDate;
+        } else {
+            $entry = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search);
+        }
+
+        if ($entry[0]['pwdreset'] and $entry[0]['pwdreset'][0] === "TRUE") {
+            return true;
+        } else {
+            return false;
+        }
+    }
 }