password plugin: better error message on constraint violation (#5727)

If the password policy on the ldap server is violated when changing
password, report error as "constraint violation" instead of the
misleading "connection error".

Only tested with OpenLDAP (v2.4).
pull/5611/head
Torkel Bjørnson-Langen 8 years ago committed by Aleksander Machniak
parent 045cc38ebe
commit 278b46a99d

@ -165,8 +165,14 @@ class rcube_ldap_simple_password
if (!ldap_modify($ds, $user_dn, $entry)) {
$this->_debug("S: ".ldap_error($ds));
$errno = ldap_errno($ds);
ldap_unbind($ds);
if ($errno == 0x13) { // LDAP_CONSTRAINT_VIOLATION
return PASSWORD_CONSTRAINT_VIOLATION;
}
return PASSWORD_CONNECT_ERROR;
}

@ -39,4 +39,4 @@ $messages['passwinhistory'] = 'This password has already been used previously.';
$messages['samepasswd'] = 'New password have to be different from the old one.';
$messages['passwdexpirewarning'] = 'Warning! Your password will expire soon, change it before $expirationdatetime.';
$messages['passwdexpired'] = 'Your password has expired, you have to change it now!';
$messages['passwdconstraintviolation'] = 'Password constraint violation. Password probably to weak.';

@ -25,6 +25,7 @@ define('PASSWORD_CRYPT_ERROR', 1);
define('PASSWORD_ERROR', 2);
define('PASSWORD_CONNECT_ERROR', 3);
define('PASSWORD_IN_HISTORY', 4);
define('PASSWORD_CONSTRAINT_VIOLATION', 5);
define('PASSWORD_SUCCESS', 0);
/**
@ -351,6 +352,9 @@ class password extends rcube_plugin
case PASSWORD_IN_HISTORY:
$reason = $this->gettext('passwdinhistory');
break;
case PASSWORD_CONSTRAINT_VIOLATION:
$reason = $this->gettext('passwdconstraintviolation');
break;
case PASSWORD_ERROR:
default:
$reason = $this->gettext('internalerror');

Loading…
Cancel
Save