Project

General

Profile

Actions

Patch #5690

open

Change LDAP password

Added by Oskar H almost 14 years ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
LDAP
Target version:
-
Start date:
2010-06-15
Due date:
% Done:

0%

Estimated time:

Description

Hello Guys i created a patch for changing userpassword that stored in LDAP.

i created a fork on github and develop the stuff and pushed to davis but i don't get any answer so i wrote a email and he doesn't answer so i thought i could post it here.

Here is my mail to davis:

Hello,

a few days ago i send you a pull request from my develop branch of redmine (http://github.com/bullshit/redmine/tree/develop)
i have made some changes to be able to change the password from you external auth source.

On the LDAP configuration page you could enable password changing for this auth sources and set the encryption type.

First it will try to login with the manager account to change the password if this doesn't work it will try to bind if the user as it self to change his password
For this the ldap server has to gave the user it self the access to change his user password

for example
access to attrs=userPassword,mail
by dn="cn=manager,dc=system" write
by anonymous auth
by self write
by * auth
by * none

access to *
by dn="cn=manger,dc=system" write
by * read

For the encryption type i used a "enum" plugin (http://enum-column.rubyforge.org/)

Patchfile can be found at http://github.com/downloads/bullshit/redmine/ldappassword.patch

Regards
- Oskar


Files

ldappassword.patch (47.8 KB) ldappassword.patch change user ldap password Oskar H, 2010-06-15 14:18
ldappassword.patch (8.91 KB) ldappassword.patch change user ldap password without enum plugin Oskar H, 2010-06-16 14:38
ldap_password_change_10084.diff (6.33 KB) ldap_password_change_10084.diff Kevin Wood, 2012-08-04 00:10
ldap_change_password_3.2.0.patch (7.55 KB) ldap_change_password_3.2.0.patch Hang Xie, 2015-12-09 05:04
redmine_3_2_stableLDAP_password_recovery_and_change.patch (11.7 KB) redmine_3_2_stableLDAP_password_recovery_and_change.patch Oleksandr Melnyk, 2016-06-24 18:17
red_3.2_stableLDAP_patch.JPG (48.2 KB) red_3.2_stableLDAP_patch.JPG Xavier Godon, 2016-10-25 10:56
redmine_ldap_passwd_patch_issue_5690.patch (7.21 KB) redmine_ldap_passwd_patch_issue_5690.patch Andrey Ivanov, 2024-01-08 08:30

Related issues

Has duplicate Redmine - Feature #18934: Support LDAP Password ChangingClosed

Actions
Actions #1

Updated by Oskar H almost 14 years ago

  • % Done changed from 100 to 0
Actions #2

Updated by Felix Schäfer almost 14 years ago

Hello Oskar, first of all, thanks for the interest and the help :-)

Oskar H wrote:

i created a fork on github and develop the stuff and pushed to davis but i don't get any answer so i wrote a email and he doesn't answer so i thought i could post it here.

Sadly we all have very little time, especially because we are trying to prepare for an upcoming major release. Long story short: though Eric is one of the people most likely to commit changes, he's also one of the most likely to take a long (long) time to respond to emails. Best thing to do if you have a patch is to post it here for all to see and review.

Regarding the proposed patch now: drop the enum plugin, it's not necessary at all here. Have a look at other classes having different states or stuff like that (the user class comes to mind) that simply use a "static" (dang, can't remember the proper name in english :-/ ) at the beginning of the file mapping to integers. Or even another way to do it: the settings options (e.g. the display settings in app/views/settings/_display.rhmtl) are only listed in the view file, which only gives the string of interest to be stored in the db and retrieved as-is by methods needing it.

Another remark: I can't say patches with tests have a big chance of getting integrated quickly, but those that don't have even worse odds. Please add tests to your patch :-)

Actions #3

Updated by Oskar H almost 14 years ago

Hallo Felix,

i don't want to flame anybody because he is to busy to answer :D it was only the reason why i added this "issue/patch" here. But thanks a lot for the response.

I will make the changes with the enum plugin and create another patch file.

Answer "Tests":
I will try to add tests there only 2 or 3 methods added by me. Other methods are only changed by me in a simple way (if statment)

Actions #4

Updated by Oskar H almost 14 years ago

Hello,

i follow your instructions and delete the enum plugin and made the changes.

my only problem are the testing methods. i have looked into ldap_authsource_controller_test.rb but i don't understand it how it works. Could you maybe help me?

Actions #5

Updated by Felix Schäfer almost 14 years ago

Oskar H wrote:

my only problem are the testing methods. i have looked into ldap_authsource_controller_test.rb but i don't understand it how it works. Could you maybe help me?

The little I know is more trial&error than real knowledge, I'm sorry I won't be able to help you much with that.

Actions #6

Updated by Ruben Kruiswijk about 13 years ago

Any chance this feature/patch is going to get integrated in redmine?

Actions #7

Updated by Oskar H almost 13 years ago

Hello Ruben, maybe i will try it with the new trunk version or maybe you could write some tests for the patch.

Regards

Actions #8

Updated by Kevin Wood over 12 years ago

Thank you for the patch, I was able to apply it to the current Ubuntu release of Redmine without too much trouble and it worked fine with one tweak. My LDAP directory would not take a direct modify to userPassword without extended permissions on the user. The appropriate method is to delete and re-add the attribute in a single LDAP modify operation:
dn:cn=megakwood,ou=Staff,o=example
changetype:modify
delete:userPassword
userPassword:ExampleOldPW
-
add: userPassword
userPassword:ExampleNewPW

This approach was successful on my LDAP directory (eDir 8.8).

I'd like to help by merging the patch into the lastest trunk, cleaning up the code a bit, and updating the English language translations. The part that will give me trouble is making the tests. Are there guidelines or instructions somewhere that I could follow? How exactly does one write tests against an external authentication mechanism?

Actions #9

Updated by Igal Baevsky about 12 years ago

Is there a version of the patch that works with v1.3?
Thanks.

Actions #10

Updated by Igal Baevsky almost 12 years ago

I'm struggling with trying to port the patch to version 1.3.
Does anybody have an insight? I would appreciate some help.
Thanks.

Actions #11

Updated by Kevin Wood over 11 years ago

I had to migrate this patch to Redmine 2.0, so I'm posting it here in the hopes that it will help someone else. This patch is against svn revision 10084, and works great with my directory (eDirectory). Each directory has slightly different password change methods; so the original patch did not work for mine. I left that password change method in the patch, commented out.

Again, I am willing to help get this patch ready for inclusion to Redmine.

Actions #12

Updated by Åke Holmlund over 11 years ago

I have applied this patch to Redmine 2.1.2 and have found a few of issues:

  • I had to add two columns (enabled_passwd, I used an tinyint(1), and password_encryption, I used an varchar(6)) to the auth_sources table in the Redmine database. Hope this is correct.
  • When changing the settings for the LDAP authenticator, these columns are NOT updated in the Redmine database. Still, Redmine reports success.
  • If I set them manually in the database the password changing works BUT the minimum password length set in Redmine is NOT adhered to. Instead there is an hardcoded minimun length of 4 for the LDAP password.

Still, with these limitations, I now have a working solution. Thank You!

Actions #13

Updated by Fernando Hartmann over 8 years ago

+1 Could be very useful.

Actions #14

Updated by Toshi MARUYAMA over 8 years ago

Actions #16

Updated by Péter Kiss almost 8 years ago

Patch for LDAP password change and lost password handling for Redmine 2.6.4:
https://github.com/KissPeter/redmine/commit/5c4571a8c4caa2a21fa8c6d184b78b6d5fa3099f.patch

Actions #18

Updated by Xavier Godon over 7 years ago

Oleksandr Melnyk wrote:

Here is lost & change ldap for 3.2-stable

I run redmine 3.2.0.stable on docker and could't managed to make this patch work.
i tried to change app/views/layouts/base.html.erb manually :

-  <div class="bgl"><div class="bgr">
+  <div class="bgl"><div class="bgr" style="display: none">

but it didn't work... I'm not familiar with patches, anyone can help me?

thanks

Actions #19

Updated by Dmitry Shumilin over 7 years ago

Complete it please!

Actions #20

Updated by Andrey Ivanov 3 months ago

Simplified version of patch for version 5.1

Actions

Also available in: Atom PDF