diff options
author | Markus Krogh <markus@nordu.net> | 2019-02-07 13:39:06 +0100 |
---|---|---|
committer | Markus Krogh <markus@nordu.net> | 2019-02-07 13:39:06 +0100 |
commit | ee7e9422674f449fd8571c8d359afbe862fa6676 (patch) | |
tree | d2f2ab07c06d8d63913a8752fb4b9d7fe6357294 | |
parent | 7f437db53b49339615bbad9813e8beee522de493 (diff) |
Set sasl password for SSO as well
-rw-r--r-- | ldap.go | 20 | ||||
-rw-r--r-- | views.go | 9 |
2 files changed, 28 insertions, 1 deletions
@@ -224,4 +224,22 @@ func calculateFingerprint(ssh_key string) string { //return fmt.Sprintf("SHA256:%x", fingerprint) } -//// set_nordunet_ldap_pw_sasl used on sso pw set if change pw fail? +func (i *LdapInfo) SetSASLPassword(username string) error { + l, err := i.LdapConnectBind() + if err != nil { + return err + } + defer l.Close() + + sasl := fmt.Sprintf("{SASL}%s@%s", username, pwman.Krb5Conf.Realm) + + change := ldap.NewModifyRequest(i.UserDN(username)) + change.Replace("userPassword", []string{sasl}) + + err = l.Modify(change) + if err != nil { + return err + } + log.Println("[INFO] changed ldap password to SASL for", username) + return nil +} @@ -90,6 +90,15 @@ func (v *views) ChangePassword(what string) http.Handler { } log.Println("AUDIT", "Changed", what, "password for", username) + if strings.ToUpper(what) == "SSO" { + // We need to make sure ldap password is set to sasl as well + err = pwman.LdapInfo.SetSASLPassword(username) + if err != nil { + redirectSameFlash(w, req, err.Error(), "error") + return + } + } + redirectSameFlash(w, req, fmt.Sprintf("Password %s successfully updated", what), "success") } }) |