users: Change LDAP user password.

2026-01-28 08:03:36 +00:00 · 2015-05-27 20:57:41 -04:00 · 2015-05-27 20:57:41 -04:00 · 27e19b4373
commit 27e19b4373
parent f16ea84f1d
5 changed files with 57 additions and 0 deletions
--- a/actions/change-ldap-user-password
+++ b/actions/change-ldap-user-password
@ -0,0 +1,34 @@
+#!/bin/bash
+#
+# This file is part of Plinth.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Must be run as root.
+
+username="$1"
+password="$2"
+
+cat <<EOF |ldapmodify -x -D 'cn=admin,dc=thisbox' -w $(cat /var/lib/plinth/ldap-admin)
+dn: uid=$username,ou=users,dc=thisbox
+changetype: modify
+replace: userPassword
+userPassword: $password
+EOF
+
+if [ $? -ne 0 ]; then
+    echo "Failed: could not set user password"
+    exit 1
+fi
--- a/plinth/modules/users/forms.py
+++ b/plinth/modules/users/forms.py
@ -144,4 +144,13 @@ class UserChangePasswordForm(SetPasswordForm):
                    self.request,
                    _('Changing POSIX system user password failed.'))

+            try:
+                actions.superuser_run(
+                    'change-ldap-user-password',
+                    [user.get_username(), self.cleaned_data['new_password1']])
+            except ActionError:
+                messages.error(
+                    self.request,
+                    _('Changing LDAP user password failed.'))
+
        return user
--- a/plinth/modules/users/templates/users_change_password.html
+++ b/plinth/modules/users/templates/users_change_password.html
@ -37,6 +37,12 @@
        </p>
        {% endif %}

+        {% if is_ldap_user %}
+        <p>This user is also an LDAP user and password for LDAP user will also
+          be updated.
+        </p>
+        {% endif %}
+
        <input type="submit" class="btn btn-primary" value="Save Password"/>

      </form>
--- a/plinth/modules/users/templates/users_delete.html
+++ b/plinth/modules/users/templates/users_delete.html
@ -30,6 +30,10 @@
  </p>
  {% endif %}

+  {% if is_ldap_user %}
+  <p>This user is also an LDAP user. LDAP user will also be deleted.</p>
+  {% endif %}
+
  <p>Delete user permanently?</p>

  <form class="form" method="post">
--- a/plinth/modules/users/views.py
+++ b/plinth/modules/users/views.py
@ -116,6 +116,8 @@ class UserDelete(ContextMixin, DeleteView):
        context = super(UserDelete, self).get_context_data(**kwargs)
        output = actions.run('check-user-exists', [self.kwargs['slug']])
        context['is_posix_user'] = 'User exists' in output
+        output = actions.run('check-ldap-user-exists', [self.kwargs['slug']])
+        context['is_ldap_user'] = 'User exists' in output
        return context

    def delete(self, *args, **kwargs):
@ -163,6 +165,8 @@ class UserChangePassword(ContextMixin, SuccessMessageMixin, FormView):
        context = super(UserChangePassword, self).get_context_data(**kwargs)
        output = actions.run('check-user-exists', [self.kwargs['slug']])
        context['is_posix_user'] = 'User exists' in output
+        output = actions.run('check-ldap-user-exists', [self.kwargs['slug']])
+        context['is_ldap_user'] = 'User exists' in output
        return context

    def get_success_url(self):