Merge pull request #2286 from nextcloud/ldap_password_pr-1

LDAP PR with tests

1 files changed, 29 insertions, 0 deletions

diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index e7facd80ae0..d88378c1888 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -40,6 +40,8 @@
 
 namespace OCA\User_LDAP;
 
+use OC\HintException;
+use OCA\User_LDAP\Exceptions\ConstraintViolationException;
 use OCA\User_LDAP\User\IUserTools;
 use OCA\User_LDAP\User\Manager;
 use OCA\User_LDAP\User\OfflineUser;
@@ -221,6 +223,33 @@ class Access extends LDAPUtility implements IUserTools {
 		\OCP\Util::writeLog('user_ldap', 'Requested attribute '.$attr.' not found for '.$dn, \OCP\Util::DEBUG);
 		return false;
 	}
+	
+	/**
+	 * Set password for an LDAP user identified by a DN
+	 *
+	 * @param string $userDN the user in question
+	 * @param string $password the new password
+	 * @return bool
+	 * @throws HintException
+	 * @throws \Exception
+	 */
+	public function setPassword($userDN, $password) {
+		if(intval($this->connection->turnOnPasswordChange) !== 1) {
+			throw new \Exception('LDAP password changes are disabled.');
+		}
+		$cr = $this->connection->getConnectionResource();
+		if(!$this->ldap->isResource($cr)) {
+			//LDAP not available
+			\OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', \OCP\Util::DEBUG);
+			return false;
+		}
+		
+		try {
+			return $this->ldap->modReplace($cr, $userDN, $password);
+		} catch(ConstraintViolationException $e) {
+			throw new HintException('Password change rejected.', \OC::$server->getL10N('user_ldap')->t('Password change rejected. Hint: ').$e->getMessage(), $e->getCode());
+		}
+	}
 
 	/**
 	 * checks whether the given attributes value is probably a DN