Add an option to force getUser before LDAP password change (#714)

4 years ago · 6517718f26
parent 9d24e5f0d5
commit 6517718f26
2 changed files with 11 additions and 0 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/AD.pm
@ -30,6 +30,12 @@ sub confirm {

 sub modifyPassword {
    my ( $self, $req, $pwd, $useMail ) = @_;
+
+    # If the password change is done in a different backend,
+    # we need to reload the correct DN
+    $self->getUser( $req, useMail => $useMail )
+      if $self->conf->{ldapGetUserBeforePasswordChange};
+
    my $dn = $req->data->{dn} || $req->sessionInfo->{_dn};
    unless ($dn) {
        $self->logger->error('"dn" is not set, abort password modification');
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/LDAP.pm
@ -32,6 +32,11 @@ sub modifyPassword {
    my $dn;
    my $requireOldPassword;

+    # If the password change is done in a different backend,
+    # we need to reload the correct DN
+    $self->getUser( $req, useMail => $useMail )
+      if $self->conf->{ldapGetUserBeforePasswordChange};
+
    if ( $req->data->{dn} ) {
        $dn                 = $req->data->{dn};
        $requireOldPassword = $self->requireOldPwdRule->( $req, $req->userData );