diff --git a/src/Ltb/Directory.php b/src/Ltb/Directory.php index 9aadf29..3465a52 100644 --- a/src/Ltb/Directory.php +++ b/src/Ltb/Directory.php @@ -55,4 +55,9 @@ public function getPasswordExpirationDate($ldap, $dn, $config) : ?DateTime; * Modify the password */ public function modifyPassword($ldap, $dn, $password, $forceReset) : bool; + + /* + * Should user reset password at next connection? + */ + public function resetAtNextConnection($ldap, $dn) : bool; } diff --git a/src/Ltb/Directory/ActiveDirectory.php b/src/Ltb/Directory/ActiveDirectory.php index 394ea67..15fdbd5 100644 --- a/src/Ltb/Directory/ActiveDirectory.php +++ b/src/Ltb/Directory/ActiveDirectory.php @@ -190,6 +190,25 @@ public function modifyPassword($ldap, $dn, $password, $forceReset) : bool { } else { return true; } + } + + public function resetAtNextConnection($ldap, $dn) : bool { + # Get entry + $search = \Ltb\PhpLDAP::ldap_read($ldap, $dn, "(objectClass=*)", array('pwdlastset')); + $errno = \Ltb\PhpLDAP::ldap_errno($ldap); + + if ( $errno ) { + error_log("LDAP - Search error $errno (".ldap_error($ldap).")"); + return $expirationDate; + } else { + $entry = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search); + } + + if ($entry[0]['pwdlastset'] and $entry[0]['pwdlastset'][0] == 0) { + return true; + } else { + return false; + } } } diff --git a/src/Ltb/Directory/OpenLDAP.php b/src/Ltb/Directory/OpenLDAP.php index 4aaf826..6330377 100644 --- a/src/Ltb/Directory/OpenLDAP.php +++ b/src/Ltb/Directory/OpenLDAP.php @@ -262,4 +262,24 @@ public function modifyPassword($ldap, $dn, $password, $forceReset) : bool { return true; } } + + public function resetAtNextConnection($ldap, $dn) : bool { + + # Get entry + $search = \Ltb\PhpLDAP::ldap_read($ldap, $dn, "(objectClass=*)", array('pwdreset')); + $errno = \Ltb\PhpLDAP::ldap_errno($ldap); + + if ( $errno ) { + error_log("LDAP - Search error $errno (".ldap_error($ldap).")"); + return $expirationDate; + } else { + $entry = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search); + } + + if ($entry[0]['pwdreset'] and $entry[0]['pwdreset'][0] === "TRUE") { + return true; + } else { + return false; + } + } }