public bool SetUserAttribute(string uname, string attribute, string value)
{
string userDN = this.GetUserDN(uname);
try
{
DirectoryAttributeModification mod = new DirectoryAttributeModification
{
Name = attribute,
Operation = DirectoryAttributeOperation.Replace
};
mod.Add(value);
ModifyRequest req = new ModifyRequest(userDN);
req.Modifications.Add(mod);
m_conn.SendRequest(req);
}
catch (Exception e)
{
m_logger.FatalFormat("can't add attribute:{0} because of error:{1}", attribute, e.Message);
return(false);
}
if (attribute.ToLower().Equals("sambapwdlastset"))
{
Dictionary <string, List <string> > SearchResult = GetUserAttribValue(userDN, "(objectClass=*)", SearchScope.Subtree, new string[] { "shadowMax", "sambaPwdMustChange" });
if (SearchResult.ContainsKey("shadowmax") && SearchResult.ContainsKey("sambapwdmustchange"))
{
int shadowMax = 0;
try
{
shadowMax = Convert.ToInt32(SearchResult["shadowmax"].First());
}
catch (Exception e)
{
m_logger.FatalFormat("SetUserAttribute: Unable to convert return from GetUserAttribValue to int {0}", e.Message);
return(false);
}
if (shadowMax > 0)
{
TimeMethod time = TimeMethod.methods[Methods.Timestamps];
string t = time.time(new TimeSpan(shadowMax, 0, 0, 0));
if (!t.Equals("0"))
{
if (!SetUserAttribute(uname, "sambaPwdMustChange", t))
{
return(false);
}
}
}
}
}
return(true);
}
public BooleanResult ChangePassword(SessionProperties properties, ChangePasswordPluginActivityInfo pluginInfo)
{
////m_logger.Debug("ChangePassword()");
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
using (LdapServer serv = new LdapServer())
{
try
{
string[] hosts = Settings.Store.LdapHost;
// Authenticate using old password
BooleanResult result = serv.Authenticate(userInfo.Username, userInfo.oldPassword, properties);
if (!result.Success)
{
return(new BooleanResult {
Success = false, Message = "Password change failed: Invalid LDAP username or password."
});
}
// Set the password attributes
List <AttributeEntry> attribs = CPAttributeSettings.Load();
foreach (AttributeEntry entry in attribs)
{
if (entry.Method.HasFlag(Methods.ADPWD))
{
foreach (string server in hosts)
{
if (Abstractions.WindowsApi.pInvokes.UserChangePassword(server, userInfo.Username, userInfo.oldPassword, userInfo.Password) == "")
{
break;
}
}
continue;
}
if (entry.Method.HasFlag(Methods.Timestamps) || entry.Method.HasFlag(Methods.Timestampd) || entry.Method.HasFlag(Methods.Timestampt))
{
TimeMethod time = TimeMethod.methods[entry.Method];
////m_logger.DebugFormat("Setting attribute {0} using method {1}", entry.Name, time.Name);
if (!serv.SetUserAttribute(userInfo.Username, entry.Name, time.time()))
{
return new BooleanResult {
Success = false, Message = "LDAPplugin failed by setting an attribute\nFor more details please consult the log!"
}
}
;
}
else
{
AttribMethod hasher = AttribMethod.methods[entry.Method];
////m_logger.DebugFormat("Setting attribute {0} using method {1}", entry.Name, hasher.Name);
if (!serv.SetUserAttribute(userInfo.Username, entry.Name, hasher.hash(userInfo.Password)))
{
return new BooleanResult {
Success = false, Message = "LDAPplugin failed by setting an attribute\nFor more details please consult the log!"
}
}
;
}
}
return(new BooleanResult {
Success = true, Message = "LDAP password successfully changed"
});
}
catch (Exception e)
{
////m_logger.ErrorFormat("Exception in ChangePassword: {0}", e);
return(new BooleanResult()
{
Success = false, Message = "Error in LDAP plugin."
});
}
}
}