Skip to content

Commit

Permalink
Clean lock account code
Browse files Browse the repository at this point in the history
  • Loading branch information
@coudot
coudot committed Aug 23, 2024
1 parent 892ea3f commit 8120479
Showing 1 changed file with 1 addition and 19 deletions.
20 changes: 1 addition & 19 deletions htdocs/lockaccount.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,39 +30,21 @@

$pwdPolicy = NULL;

# Search pwdLockout in associated ppolicy
if ($ldap)
{
$search_ppolicysubentry = ldap_read($ldap, $dn, "(objectClass=*)", array('pwdpolicysubentry'));
$user_entry = ldap_get_entries($ldap, $search_ppolicysubentry);


# Search active password policy
$pwdPolicy = "";
if (isset($user_entry[0]['pwdpolicysubentry'][0])) {
$pwdPolicy = $user_entry[0]['pwdpolicysubentry'][0];
} elseif (isset($ldap_default_ppolicy)) {
$pwdPolicy = $ldap_default_ppolicy;
}

# Search pwdLockout attribute
if ($pwdPolicy) {
$search_ppolicy = ldap_read($ldap, $pwdPolicy, "(objectClass=pwdPolicy)", array('pwdlockout'));

if ( $errno ) {
error_log("LDAP - PPolicy search error $errno (".ldap_error($ldap).")");
} else {
$ppolicy_entry = ldap_get_entries($ldap, $search_ppolicy);
$pwdLockout = strtolower($ppolicy_entry[0]['pwdlockout'][0]) == "true" ? true : false;
if( $pwdLockout == false )
{
error_log("No pwdLockout or pwdLockout=FALSE in associated ppolicy: ".$pwdPolicy.". Account locking disabled");
}
}
}
}

apply the modification only if a password policy set with pwdLockout=TRUE is associated to the account
Apply the modification only the password can be locked
if ($ldap and $directory->canLockAccount($ldap, $dn, array('pwdPolicy' => $pwdPolicy))) {
if ( $directory->lockAccount($ldap, $dn) ) {
$result = "accountlocked";
Expand Down

0 comments on commit 8120479

Please sign in to comment.