LDAP Password Modify Extended Operation support

Signed-off-by: Peter Kubica <peter@kubica.ch>

2 files changed, 14 insertions, 1 deletions

diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index 1044938446e..095b5d17f63 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -366,7 +366,9 @@ class Access extends LDAPUtility {
 			return false;
 		}
 		try {
-			return @$this->invokeLDAPMethod('modReplace', $cr, $userDN, $password);
+			// try PASSWD extended operation first
+			return @$this->invokeLDAPMethod('exopPasswd', $cr, $userDN, '', $password) ||
+						@$this->invokeLDAPMethod('modReplace', $cr, $userDN, $password);
 		} catch(ConstraintViolationException $e) {
 			throw new HintException('Password change rejected.', \OC::$server->getL10N('user_ldap')->t('Password change rejected. Hint: ').$e->getMessage(), $e->getCode());
 		}
diff --git a/apps/user_ldap/lib/LDAP.php b/apps/user_ldap/lib/LDAP.php
index e6039c77d12..083d77d645d 100644
--- a/apps/user_ldap/lib/LDAP.php
+++ b/apps/user_ldap/lib/LDAP.php
@@ -221,6 +221,17 @@ class LDAP implements ILDAPWrapper {
 
 	/**
 	 * @param LDAP $link
+	 * @param string $userDN
+	 * @param string $oldPassword
+	 * @param string $password
+	 * @return bool
+	 */
+	public function exopPasswd($link, $userDN, $oldPassword, $password) {
+		return $this->invokeLDAPMethod('exop_passwd', $link, $userDN, $oldPassword, $password);
+	}
+
+	/**
+	 * @param LDAP $link
 	 * @param string $option
 	 * @param int $value
 	 * @return bool|mixed