Patch #5690

Change LDAP password

Added by Oskar H over 7 years ago. Updated 12 months ago.

Status:NewStart date:2010-06-15
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:LDAP
Target version:-

Description

Hello Guys i created a patch for changing userpassword that stored in LDAP.

i created a fork on github and develop the stuff and pushed to davis but i don't get any answer so i wrote a email and he doesn't answer so i thought i could post it here.

Here is my mail to davis:

Hello,

a few days ago i send you a pull request from my develop branch of redmine (http://github.com/bullshit/redmine/tree/develop)
i have made some changes to be able to change the password from you external auth source.

On the LDAP configuration page you could enable password changing for this auth sources and set the encryption type.

First it will try to login with the manager account to change the password if this doesn't work it will try to bind if the user as it self to change his password
For this the ldap server has to gave the user it self the access to change his user password

for example
access to attrs=userPassword,mail
by dn="cn=manager,dc=system" write
by anonymous auth
by self write
by * auth
by * none

access to *
by dn="cn=manger,dc=system" write
by * read

For the encryption type i used a "enum" plugin (http://enum-column.rubyforge.org/)

Patchfile can be found at http://github.com/downloads/bullshit/redmine/ldappassword.patch

Regards
- Oskar

ldappassword.patch Magnifier - change user ldap password (47.8 KB) Oskar H, 2010-06-15 14:18

ldappassword.patch Magnifier - change user ldap password without enum plugin (8.91 KB) Oskar H, 2010-06-16 14:38

ldap_password_change_10084.diff Magnifier (6.33 KB) Kevin Wood, 2012-08-04 00:10

ldap_change_password_3.2.0.patch Magnifier (7.55 KB) Hang Xie, 2015-12-09 05:04

redmine_3_2_stableLDAP_password_recovery_and_change.patch Magnifier (11.7 KB) Oleksandr Melnyk, 2016-06-24 18:17

red_3.2_stableLDAP_patch.JPG (48.2 KB) Xavier Godon, 2016-10-25 10:56


Related issues

Duplicated by Redmine - Feature #18934: Support LDAP Password Changing Closed

History

#1 Updated by Oskar H over 7 years ago

  • % Done changed from 100 to 0

#2 Updated by Felix Schäfer over 7 years ago

Hello Oskar, first of all, thanks for the interest and the help :-)

Oskar H wrote:

i created a fork on github and develop the stuff and pushed to davis but i don't get any answer so i wrote a email and he doesn't answer so i thought i could post it here.

Sadly we all have very little time, especially because we are trying to prepare for an upcoming major release. Long story short: though Eric is one of the people most likely to commit changes, he's also one of the most likely to take a long (long) time to respond to emails. Best thing to do if you have a patch is to post it here for all to see and review.

Regarding the proposed patch now: drop the enum plugin, it's not necessary at all here. Have a look at other classes having different states or stuff like that (the user class comes to mind) that simply use a "static" (dang, can't remember the proper name in english :-/ ) at the beginning of the file mapping to integers. Or even another way to do it: the settings options (e.g. the display settings in app/views/settings/_display.rhmtl) are only listed in the view file, which only gives the string of interest to be stored in the db and retrieved as-is by methods needing it.

Another remark: I can't say patches with tests have a big chance of getting integrated quickly, but those that don't have even worse odds. Please add tests to your patch :-)

#3 Updated by Oskar H over 7 years ago

Hallo Felix,

i don't want to flame anybody because he is to busy to answer :D it was only the reason why i added this "issue/patch" here. But thanks a lot for the response.

I will make the changes with the enum plugin and create another patch file.

Answer "Tests":
I will try to add tests there only 2 or 3 methods added by me. Other methods are only changed by me in a simple way (if statment)

#4 Updated by Oskar H over 7 years ago

Hello,

i follow your instructions and delete the enum plugin and made the changes.

my only problem are the testing methods. i have looked into ldap_authsource_controller_test.rb but i don't understand it how it works. Could you maybe help me?

#5 Updated by Felix Schäfer over 7 years ago

Oskar H wrote:

my only problem are the testing methods. i have looked into ldap_authsource_controller_test.rb but i don't understand it how it works. Could you maybe help me?

The little I know is more trial&error than real knowledge, I'm sorry I won't be able to help you much with that.

#6 Updated by Ruben Kruiswijk almost 7 years ago

Any chance this feature/patch is going to get integrated in redmine?

#7 Updated by Oskar H over 6 years ago

Hello Ruben, maybe i will try it with the new trunk version or maybe you could write some tests for the patch.

Regards

#8 Updated by Kevin Wood almost 6 years ago

Thank you for the patch, I was able to apply it to the current Ubuntu release of Redmine without too much trouble and it worked fine with one tweak. My LDAP directory would not take a direct modify to userPassword without extended permissions on the user. The appropriate method is to delete and re-add the attribute in a single LDAP modify operation:
dn:cn=megakwood,ou=Staff,o=example
changetype:modify
delete:userPassword
userPassword:ExampleOldPW
-
add: userPassword
userPassword:ExampleNewPW

This approach was successful on my LDAP directory (eDir 8.8).

I'd like to help by merging the patch into the lastest trunk, cleaning up the code a bit, and updating the English language translations. The part that will give me trouble is making the tests. Are there guidelines or instructions somewhere that I could follow? How exactly does one write tests against an external authentication mechanism?

#9 Updated by Igal Baevsky over 5 years ago

Is there a version of the patch that works with v1.3?
Thanks.

#10 Updated by Igal Baevsky over 5 years ago

I'm struggling with trying to port the patch to version 1.3.
Does anybody have an insight? I would appreciate some help.
Thanks.

#11 Updated by Kevin Wood about 5 years ago

I had to migrate this patch to Redmine 2.0, so I'm posting it here in the hopes that it will help someone else. This patch is against svn revision 10084, and works great with my directory (eDirectory). Each directory has slightly different password change methods; so the original patch did not work for mine. I left that password change method in the patch, commented out.

Again, I am willing to help get this patch ready for inclusion to Redmine.

#12 Updated by Åke Holmlund almost 5 years ago

I have applied this patch to Redmine 2.1.2 and have found a few of issues:

  • I had to add two columns (enabled_passwd, I used an tinyint(1), and password_encryption, I used an varchar(6)) to the auth_sources table in the Redmine database. Hope this is correct.
  • When changing the settings for the LDAP authenticator, these columns are NOT updated in the Redmine database. Still, Redmine reports success.
  • If I set them manually in the database the password changing works BUT the minimum password length set in Redmine is NOT adhered to. Instead there is an hardcoded minimun length of 4 for the LDAP password.

Still, with these limitations, I now have a working solution. Thank You!

#13 Updated by Fernando Hartmann almost 2 years ago

+1 Could be very useful.

#14 Updated by Toshi MARUYAMA almost 2 years ago

#15 Updated by Hang Xie almost 2 years ago

patch works with 3.2.0

#16 Updated by Péter Kiss over 1 year ago

Patch for LDAP password change and lost password handling for Redmine 2.6.4:
https://github.com/KissPeter/redmine/commit/5c4571a8c4caa2a21fa8c6d184b78b6d5fa3099f.patch

#17 Updated by Oleksandr Melnyk over 1 year ago

Here is lost & change ldap for 3.2-stable

#18 Updated by Xavier Godon 12 months ago

Oleksandr Melnyk wrote:

Here is lost & change ldap for 3.2-stable

I run redmine 3.2.0.stable on docker and could't managed to make this patch work.
i tried to change app/views/layouts/base.html.erb manually :

-  <div class="bgl"><div class="bgr">
+  <div class="bgl"><div class="bgr" style="display: none">

but it didn't work... I'm not familiar with patches, anyone can help me?

thanks

#19 Updated by Dmitry Shumilin 12 months ago

Complete it please!

Also available in: Atom PDF