Patch #5690
open
Change LDAP password
0%
Description
Hello Guys i created a patch for changing userpassword that stored in LDAP.
i created a fork on github and develop the stuff and pushed to davis but i don't get any answer so i wrote a email and he doesn't answer so i thought i could post it here.
Here is my mail to davis:
Hello,
a few days ago i send you a pull request from my develop branch of redmine (http://github.com/bullshit/redmine/tree/develop)
i have made some changes to be able to change the password from you external auth source.
On the LDAP configuration page you could enable password changing for this auth sources and set the encryption type.
First it will try to login with the manager account to change the password if this doesn't work it will try to bind if the user as it self to change his password
For this the ldap server has to gave the user it self the access to change his user password
for example
access to attrs=userPassword,mail
by dn="cn=manager,dc=system" write
by anonymous auth
by self write
by * auth
by * none
access to *
by dn="cn=manger,dc=system" write
by * read
For the encryption type i used a "enum" plugin (http://enum-column.rubyforge.org/)
Patchfile can be found at http://github.com/downloads/bullshit/redmine/ldappassword.patch
Regards
- Oskar
Files
Related issues
Updated by Felix Schäfer over 14 years ago
Hello Oskar, first of all, thanks for the interest and the help :-)
Oskar H wrote:
i created a fork on github and develop the stuff and pushed to davis but i don't get any answer so i wrote a email and he doesn't answer so i thought i could post it here.
Sadly we all have very little time, especially because we are trying to prepare for an upcoming major release. Long story short: though Eric is one of the people most likely to commit changes, he's also one of the most likely to take a long (long) time to respond to emails. Best thing to do if you have a patch is to post it here for all to see and review.
Regarding the proposed patch now: drop the enum plugin, it's not necessary at all here. Have a look at other classes having different states or stuff like that (the user class comes to mind) that simply use a "static" (dang, can't remember the proper name in english :-/ ) at the beginning of the file mapping to integers. Or even another way to do it: the settings options (e.g. the display settings in app/views/settings/_display.rhmtl) are only listed in the view file, which only gives the string of interest to be stored in the db and retrieved as-is by methods needing it.
Another remark: I can't say patches with tests have a big chance of getting integrated quickly, but those that don't have even worse odds. Please add tests to your patch :-)
Updated by Oskar H over 14 years ago
Hallo Felix,
i don't want to flame anybody because he is to busy to answer :D it was only the reason why i added this "issue/patch" here. But thanks a lot for the response.
I will make the changes with the enum plugin and create another patch file.
Answer "Tests":
I will try to add tests there only 2 or 3 methods added by me. Other methods are only changed by me in a simple way (if statment)
Updated by Oskar H over 14 years ago
- File ldappassword.patch ldappassword.patch added
Hello,
i follow your instructions and delete the enum plugin and made the changes.
my only problem are the testing methods. i have looked into ldap_authsource_controller_test.rb but i don't understand it how it works. Could you maybe help me?
Updated by Felix Schäfer over 14 years ago
Oskar H wrote:
my only problem are the testing methods. i have looked into ldap_authsource_controller_test.rb but i don't understand it how it works. Could you maybe help me?
The little I know is more trial&error than real knowledge, I'm sorry I won't be able to help you much with that.
Updated by Ruben Kruiswijk almost 14 years ago
Any chance this feature/patch is going to get integrated in redmine?
Updated by Oskar H over 13 years ago
Hello Ruben, maybe i will try it with the new trunk version or maybe you could write some tests for the patch.
Regards
Updated by Kevin Wood almost 13 years ago
Thank you for the patch, I was able to apply it to the current Ubuntu release of Redmine without too much trouble and it worked fine with one tweak. My LDAP directory would not take a direct modify to userPassword without extended permissions on the user. The appropriate method is to delete and re-add the attribute in a single LDAP modify operation:dn:cn=megakwood,ou=Staff,o=example
changetype:modify
delete:userPassword
userPassword:ExampleOldPW
-
add: userPassword
userPassword:ExampleNewPW
This approach was successful on my LDAP directory (eDir 8.8).
I'd like to help by merging the patch into the lastest trunk, cleaning up the code a bit, and updating the English language translations. The part that will give me trouble is making the tests. Are there guidelines or instructions somewhere that I could follow? How exactly does one write tests against an external authentication mechanism?
Updated by Igal Baevsky over 12 years ago
Is there a version of the patch that works with v1.3?
Thanks.
Updated by Igal Baevsky over 12 years ago
I'm struggling with trying to port the patch to version 1.3.
Does anybody have an insight? I would appreciate some help.
Thanks.
Updated by Kevin Wood over 12 years ago
I had to migrate this patch to Redmine 2.0, so I'm posting it here in the hopes that it will help someone else. This patch is against svn revision 10084, and works great with my directory (eDirectory). Each directory has slightly different password change methods; so the original patch did not work for mine. I left that password change method in the patch, commented out.
Again, I am willing to help get this patch ready for inclusion to Redmine.
Updated by Åke Holmlund about 12 years ago
I have applied this patch to Redmine 2.1.2 and have found a few of issues:
- I had to add two columns (enabled_passwd, I used an tinyint(1), and password_encryption, I used an varchar(6)) to the auth_sources table in the Redmine database. Hope this is correct.
- When changing the settings for the LDAP authenticator, these columns are NOT updated in the Redmine database. Still, Redmine reports success.
- If I set them manually in the database the password changing works BUT the minimum password length set in Redmine is NOT adhered to. Instead there is an hardcoded minimun length of 4 for the LDAP password.
Still, with these limitations, I now have a working solution. Thank You!
Updated by
Updated by Toshi MARUYAMA almost 9 years ago
- Has duplicate Feature #18934: Support LDAP Password Changing added
Updated by Hang Xie almost 9 years ago
patch works with 3.2.0
Updated by Péter Kiss over 8 years ago
Patch for LDAP password change and lost password handling for Redmine 2.6.4:
https://github.com/KissPeter/redmine/commit/5c4571a8c4caa2a21fa8c6d184b78b6d5fa3099f.patch
Updated by Oleksandr Melnyk over 8 years ago
- File redmine_3_2_stableLDAP_password_recovery_and_change.patch redmine_3_2_stableLDAP_password_recovery_and_change.patch added
Here is lost & change ldap for 3.2-stable
Updated by Xavier Godon about 8 years ago
Oleksandr Melnyk wrote:
Here is lost & change ldap for 3.2-stable
I run redmine 3.2.0.stable on docker and could't managed to make this patch work.
i tried to change app/views/layouts/base.html.erb manually :
- <div class="bgl"><div class="bgr"> + <div class="bgl"><div class="bgr" style="display: none">
but it didn't work... I'm not familiar with patches, anyone can help me?
thanks
Updated by 
Updated by Andrey Ivanov 11 months ago
Simplified version of patch for version 5.1
Updated by Kenneth Schuetz 3 months ago
Andrey Ivanov wrote in #note-20:
Simplified version of patch for version 5.1
I was applying this to mine with ssha, currently in dev face before i launch it. when i try to change the password i get an error. Is there a work around or fix for this?