I'm working on a patchset to be able to change the user password in LDAP, when a user is updating his profile.
Till now I've added a selection (atm only SSHA) for used Passwordhashed to the server admin and also a field, which is storing the attr of the user password.
For the authentication plugin I've craeted a field, which indicates if password change should be also done in LDAP and depending on this field the forms of the user profile are changeable (passwords).

My problem is now, that I cannot find anything about, what hooks, functions I need to override or programm to be able to change the user password also in ldap, when the submit is done.

It would be really nice, if someone could give me just some hints, where to search for the needed information.

CommentFileSizeAuthor
ldap_plugin_pw_change.patch16.68 KBmfulz

Comments

johnbarclay’s picture

Category: feature » support

See #1111000: LDAP User: add functions for modifying ldap user entries and passwords

Looks like this patch is against ldap authentication. It should probably be against ldap profile? Or how do you see the drupal 7 versions of the various ldap data modules?

mfulz’s picture

Could you explain, what you mean by ldap profile?

My problem is, that I'm very new to drupal.
I did the patch against ldap authentication, because there is the function "_ldap_authentication_from_user_profile_form_alter", which disables the password fields of the user.

johnbarclay’s picture

In drupal 7, its unclear which ldap module should deal with resetting passwords. My feeling is something like:

http://groups.drupal.org/node/159604
http://groups.drupal.org/node/167304

Password resetting is not in the scope of ldap_server, ldap_authentication, ldap_authorization, and ldap_feeds modules which are in the 7.x-1.x branch.

It may be within the scope of ldap profile in the 7.x-2.x branch (http://drupalcode.org/project/ldap.git/tree/refs/heads/7.x-2.x)

jbarwick’s picture

I get the following:

You may not reset your password here. You must reset your password via one of your organization's password management sites.

But, I want to use Drupal as the "organization's password management site" !!!!!!!

I know LDAP module isn't done...but...this feature should really be added.

johnbarclay’s picture

Category: support » feature

My feeling is this should go in 7.x-2.0 and that it should be part of an ldap_user module that deals with general ldap user to drupal user provisioning and synching of drupal user accounts and attributes. Including feeds integration and cron integration. This would replace ldap profile and the myriad of ldap_integration for drupal 6 modules that deal with drupal user data.

puddyglum’s picture

The reason I think this needs to be a part of ldap or ldap_authentication is because of the sheer importance of resetting or changing passwords. I'm surprised more people aren't talking about this missing feature.

puddyglum’s picture

Actually, this is very helpful: http://drupal.org/node/1111000
I'm creating a custom form that can use ldap_password_modify and it looks pretty good so far.

seworthi’s picture

I found an issue in the function _ldap_authentication_form_user_profile_form_alter(&$form, $form_state) [line 93ish in ldap_authentication.inc]. The ['#disabled'] = TRUE values should be changed to ['#access'] = FALSE to make them work.

Hope this helps.

johnbarclay’s picture

@jmonkfish. Feel free to write a patch for ldap_authentication for resetting ldap passwords. Two key features is that its configurable to be on or off and be able to pick the ldap server conf to use to reset passwords. The latter is for use cases where more specific service account is used for resetting passwords.

johnbarclay’s picture

Title: Change user profile (mainly password) in LDAP » LDAP User: Change user profile (mainly password) in LDAP
Version: 7.x-1.x-dev » 7.x-2.x-dev
Issue tags: +7.x-2.0 release blocker
johnbarclay’s picture

Assigned: Unassigned » johnbarclay
Status: Active » Fixed

This is in 7.x-2.x in ldap_user configuration. You can synch passwords from drupal to ldap.

Automatically closed -- issue fixed for 2 weeks with no activity.