Activer la possibilité de changer son mot de passe depuis LemonLDAP

ref #31347
This commit is contained in:
Philippe Caseiro 2020-12-07 11:58:50 +01:00
parent bf94e74916
commit 87818bd6f0
4 changed files with 27 additions and 9 deletions

View File

@ -92,7 +92,10 @@
<variable name='llCheckLogins' type='oui/non' description="Permettre aux utilisateurs d'afficher l'historique de connection"> <variable name='llCheckLogins' type='oui/non' description="Permettre aux utilisateurs d'afficher l'historique de connection">
<value>non</value> <value>non</value>
</variable> </variable>
<variable name='llResetPassword' type='oui/non' description="Permettre aux utilisateurs de réinitialiser leurs mots de passe"> <variable name='llResetPassword' type='oui/non' description="Permettre aux utilisateurs de réinitialiser leurs mots de passe par mail">
<value>oui</value>
</variable>
<variable name='llChangePassword' type='oui/non' description="Permettre aux utilisateurs de changer leurs mots de passe depuis LemonLDAP">
<value>oui</value> <value>oui</value>
</variable> </variable>
<variable name='llResetExpiredPassword' type='oui/non' description="Autoriser le renouvellement des mots de passe expirés"> <variable name='llResetExpiredPassword' type='oui/non' description="Autoriser le renouvellement des mots de passe expirés">
@ -148,7 +151,7 @@
</check> </check>
<check name="valid_enum" target="llRegisterDB"> <check name="valid_enum" target="llRegisterDB">
<param>['LDAP','Demo','Custom']</param> <param>['LDAP','AD','Demo','Custom']</param>
</check> </check>
<group master="casAttribute"> <group master="casAttribute">
<slave>casLDAPAttribute</slave> <slave>casLDAPAttribute</slave>

View File

@ -55,6 +55,10 @@
<param>AD</param> <param>AD</param>
</auto> </auto>
<auto name='calc_val' target='llRegisterDB'>
<param>AD</param>
</auto>
<auto name='calc_val' target='ldapBindUserDN'> <auto name='calc_val' target='ldapBindUserDN'>
<param type='eole'>sasl_ldap_reader</param> <param type='eole'>sasl_ldap_reader</param>
</auto> </auto>

View File

@ -197,11 +197,11 @@ portalSkin = %%llSkin
; Modules displayed ; Modules displayed
;portalDisplayLogout = 1 ;portalDisplayLogout = 1
portalDisplayResetPassword = %%boolean[%%llResetPassword] portalDisplayResetPassword = %%boolean[%%llResetPassword]
;portalDisplayChangePassword = 1 portalDisplayChangePassword = %%boolean[%%llChangePassword]
;portalDisplayAppslist = 1 ;portalDisplayAppslist = 1
;portalDisplayLoginHistory = 1 ;portalDisplayLoginHistory = 1
; Require the old password when changing password ; Require the old password when changing password
;portalRequireOldPassword = 1 portalRequireOldPassword = %%boolean[%%llChangePassword]
; Attribute displayed as connected user ; Attribute displayed as connected user
;portalUserAttr = mail ;portalUserAttr = mail
; Old menu HTML code ; Old menu HTML code

View File

@ -160,19 +160,29 @@
"ldapPpolicyControl": 1, "ldapPpolicyControl": 1,
%end if %end if
"ldapAllowResetExpiredPassword": 1, "ldapAllowResetExpiredPassword": 1,
"ldapChangePasswordAsUser": 1,
%else %else
"ldapPpolicyControl": 0, "ldapPpolicyControl": 0,
"ldapAllowResetExpiredPassword": 0, "ldapAllowResetExpiredPassword": 0,
"ldapChangePasswordAsUser": 1,
%end if %end if
%end if %end if
"ldapChangePasswordAsUser": 1,
"ldapAuthnLevel": 2, "ldapAuthnLevel": 2,
"ldapSearchDeref": "find",
%if %%eole_module == "scribe" %if %%eole_module == "scribe"
"ldapBase": "cn=Users,dc=%echo ",dc=".join(%%ad_domain.split('.')) + '",' "ldapBase": "cn=Users,dc=%echo ",dc=".join(%%ad_domain.split('.')) + '",'
"ldapExportedVars": {
"cn": "cn",
"mail": "mail",
"uid": "cn"
},
"ldapGroupAttributeName": "memberUid",
"ldapGroupAttributeNameGroup": "dn",
"ldapGroupAttributeNameSearch": "cn",
"ldapGroupAttributeNameUser": "cn",
"ldapGroupObjectClass": "group",
%else %else
"ldapBase": "%%ldapUserBaseDN", "ldapBase": "%%ldapUserBaseDN",
%end if
"ldapSearchDeref": "find",
"ldapExportedVars": { "ldapExportedVars": {
"cn": "cn", "cn": "cn",
"mail": "mail", "mail": "mail",
@ -183,6 +193,7 @@
"ldapGroupAttributeNameSearch": "cn", "ldapGroupAttributeNameSearch": "cn",
"ldapGroupAttributeNameUser": "uid", "ldapGroupAttributeNameUser": "uid",
"ldapGroupObjectClass": "eolegroupe", "ldapGroupObjectClass": "eolegroupe",
%end if
"ldapGroupRecursive": 0, "ldapGroupRecursive": 0,
"ldapPasswordResetAttribute": "pwdReset", "ldapPasswordResetAttribute": "pwdReset",
"ldapPasswordResetAttributeValue": "TRUE", "ldapPasswordResetAttributeValue": "TRUE",
@ -228,7 +239,7 @@
"mailTimeout": 0, "mailTimeout": 0,
%if %%llResetPassword == "oui" %if %%llResetPassword == "oui"
%if %%is_empty(%%llResetUrl) %if %%is_empty(%%llResetUrl)
"mailUrl": "https://%%authWebName/mail.pl", "mailUrl": "https://%%authWebName/resetpwd",
%else %else
"mailUrl": "%%llResetUrl", "mailUrl": "%%llResetUrl",
%end if %end if
@ -281,7 +292,7 @@
"portalAntiFrame": 1, "portalAntiFrame": 1,
"portalCheckLogins": %%boolean[%%llCheckLogins], "portalCheckLogins": %%boolean[%%llCheckLogins],
"portalDisplayAppslist": 1, "portalDisplayAppslist": 1,
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/", "portalDisplayChangePassword": "$_auth =~ /^(AD|LDAP|DBI|Demo)$/",
"portalDisplayLoginHistory": 1, "portalDisplayLoginHistory": 1,
"portalDisplayLogout": 1, "portalDisplayLogout": 1,
"portalDisplayRegister": 1, "portalDisplayRegister": 1,