users: Change LDAP user password.

actions/change-ldap-user-password

@@ -0,0 +1,34 @@
+#!/bin/bash
+#
+# This file is part of Plinth.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Must be run as root.
+
+username="$1"
+password="$2"
+
+cat <<EOF |ldapmodify -x -D 'cn=admin,dc=thisbox' -w $(cat /var/lib/plinth/ldap-admin)
+dn: uid=$username,ou=users,dc=thisbox
+changetype: modify
+replace: userPassword
+userPassword: $password
+EOF
+
+if [ $? -ne 0 ]; then
+    echo "Failed: could not set user password"
+    exit 1
+fi

plinth/modules/users/forms.py

@@ -144,4 +144,13 @@ class UserChangePasswordForm(SetPasswordForm):
                     self.request,
                     _('Changing POSIX system user password failed.'))
 
+            try:
+                actions.superuser_run(
+                    'change-ldap-user-password',
+                    [user.get_username(), self.cleaned_data['new_password1']])
+            except ActionError:
+                messages.error(
+                    self.request,
+                    _('Changing LDAP user password failed.'))
+
         return user

plinth/modules/users/templates/users_change_password.html

@@ -37,6 +37,12 @@
         </p>
         {% endif %}
 
+        {% if is_ldap_user %}
+        <p>This user is also an LDAP user and password for LDAP user will also
+          be updated.
+        </p>
+        {% endif %}
+
         <input type="submit" class="btn btn-primary" value="Save Password"/>
 
       </form>

plinth/modules/users/templates/users_delete.html

@@ -30,6 +30,10 @@
   </p>
   {% endif %}
 
+  {% if is_ldap_user %}
+  <p>This user is also an LDAP user. LDAP user will also be deleted.</p>
+  {% endif %}
+
   <p>Delete user permanently?</p>
 
   <form class="form" method="post">

plinth/modules/users/views.py

@@ -116,6 +116,8 @@ class UserDelete(ContextMixin, DeleteView):
         context = super(UserDelete, self).get_context_data(**kwargs)
         output = actions.run('check-user-exists', [self.kwargs['slug']])
         context['is_posix_user'] = 'User exists' in output
+        output = actions.run('check-ldap-user-exists', [self.kwargs['slug']])
+        context['is_ldap_user'] = 'User exists' in output
         return context
 
     def delete(self, *args, **kwargs):
@@ -163,6 +165,8 @@ class UserChangePassword(ContextMixin, SuccessMessageMixin, FormView):
         context = super(UserChangePassword, self).get_context_data(**kwargs)
         output = actions.run('check-user-exists', [self.kwargs['slug']])
         context['is_posix_user'] = 'User exists' in output
+        output = actions.run('check-ldap-user-exists', [self.kwargs['slug']])
+        context['is_ldap_user'] = 'User exists' in output
         return context
 
     def get_success_url(self):