If the passwd exop is not supported allow setting unicodePwd for AD

susnux · susnux · commit 58e4fa78f116 · 2022-10-19T17:56:43.000+02:00
Signed-off-by: Ferdinand Thiessen &lt;rpm@fthiessen.de&gt;
diff --git a/lib/LDAPUserManager.php b/lib/LDAPUserManager.php
@@ -376,7 +376,11 @@ public function setPassword($uid, $password, $connection = null) {
 			} else {
 				// Fallback to `userPassword` in case the server does not support exop_passwd
 				$entry = [];
-					$entry['userPassword' => $password]
+				if ($this->configuration->useUnicodePassword()) {
+					$entry['unicodePwd'] = iconv('UTF-8', 'UTF-16LE', '"' . $password . '"');
+				} else {
+					$entry['userPassword'] = $password;
+				}
 				$ret = ldap_mod_replace($connection, $userDN, $entry);
 				if ($ret === false) {
 					$message = 'Failed to set password for user {dn} using ldap_mod_replace';
@@ -389,7 +393,11 @@ public function setPassword($uid, $password, $connection = null) {
 			}
 			return $ret;
 		} catch (\Exception $e) {
-			$this->logger->error($e, ['app' => Application::APP_ID]);
+			$this->logger->log(ILogger::ERROR, 'Exception occured while setting the password of user {dn}', [
+				'app' => Application::APP_ID,
+				'exception' => $e,
+				'dn' => $uid
+			]);
 			return false;
 		}
 	}
diff --git a/lib/Service/Configuration.php b/lib/Service/Configuration.php
@@ -52,6 +52,10 @@ public function hasPasswordPermission(): bool {
 		return $this->config->getAppValue('ldap_write_support', 'hasPasswordPermission', '1') === '1';
 	}
 
+	public function useUnicodePassword(): bool {
+		return $this->config->getAppValue('ldap_write_support', 'useUnicodePassword', '0') === '1';
+	}
+
 	public function getUserTemplate() {
 		return $this->config->getAppValue(
 			Application::APP_ID,
diff --git a/lib/Settings/Admin.php b/lib/Settings/Admin.php
@@ -64,6 +64,7 @@ public function getForm() {
 				'hasPasswordPermission' => $this->config->hasPasswordPermission(),
 				'newUserRequireEmail' => $this->config->isRequireEmail(),
 				'newUserGenerateUserID' => $this->config->isGenerateUserId(),
+				'useUnicodePassword' => $this->config->useUnicodePassword(),
 			]
 		);
 		return new TemplateResponse(Application::APP_ID, 'settings-admin');
diff --git a/src/components/AdminSettings.vue b/src/components/AdminSettings.vue
@@ -48,6 +48,11 @@
 				@change.stop.prevent="toggleSwitch('hasPasswordPermission', !switches.hasPasswordPermission)">
 				{{ t('ldap_write_support', 'Allow users to set their password') }}
 			</ActionCheckbox>
+			<ActionCheckbox :checked="switches.useUnicodePassword"
+				:title="t('ldap_write_support', 'If the server does not support the modify password extended operation use the `unicodePwd` instead of the `userPassword` attribute for setting the password')"
+				@change.stop.prevent="toggleSwitch('useUnicodePassword', !switches.useUnicodePassword)">
+				{{ t('ldap_write_support', 'Use the `unicodePwd` attribute for setting the user password') }}
+			</ActionCheckbox>
 		</ul>
 		<h3>{{ t('ldap_write_support', 'User template') }}</h3>
 		<p>{{ t('ldap_write_support', 'LDIF template for creating users. Following placeholders may be used') }}</p>

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,7 @@ public function getForm() {`
`64`	`64`	`'hasPasswordPermission' => $this->config->hasPasswordPermission(),`
`65`	`65`	`'newUserRequireEmail' => $this->config->isRequireEmail(),`
`66`	`66`	`'newUserGenerateUserID' => $this->config->isGenerateUserId(),`
	`67`	`+ 'useUnicodePassword' => $this->config->useUnicodePassword(),`
`67`	`68`	`]`
`68`	`69`	`);`
`69`	`70`	`return new TemplateResponse(Application::APP_ID, 'settings-admin');`