Added locking to prevent concurrent writes to the LDAP database, to prevent UID collisions.
---- Changes since 1.400 ----
By default, all new Unix users are given the person object class too, as this seems to be needed in most new LDAP schemas.
+Added support for LDAP SSHA passwords, thanks to Bill Moyers and John Gray.
line6=New user options,11
base_uid=Lowest UID for new users,3,From Users and Groups module
base_gid=Lowest GID for new groups,3,From Users and Groups module
-md5=Encryption method for passwords,1,3-LDAP MD5,1-Unix MD5,0-crypt,2-Plain text
+md5=Encryption method for passwords,1,3-LDAP MD5,1-Unix MD5,0-crypt,2-Plain text,4-LDAP SSHA
shells=Build list of shells from,2,fixed-Builtin list,passwd-System users,shells-/etc/shells
line7=New user defaults,11
exit;
}
}
-elsif ($config{'md5'} == 3) {
+elsif ($config{'md5'} == 3 || $config{'md5'} == 4) {
# Check if slappasswd is installed
if (!&has_command($config{'slappasswd'})) {
print &text('index_eslappasswd',
{
local ($pass, $salt) = @_;
&seed_random();
+if ($config{'md5'} == 4) {
+ # LDAP SSHA encryption
+ local $qp = quotemeta($pass);
+ local $out = `$config{'slappasswd'} -h '{ssha}' -s $qp 2>/dev/null`;
+ return $out;
+ }
if ($config{'md5'} == 3) {
# LDAP MD5 encryption
local $qp = quotemeta($pass);
{
local $pfx = $_[0]->{'pass'} =~ /^\{[a-z0-9]+\}/i ? undef :
$config{'md5'} == 1 || $config{'md5'} == 3 ? "{md5}" :
+ $config{'md5'} == 4 ? "{ssha}" :
$config{'md5'} == 0 ? "{crypt}" : "";
local $pass = $_[0]->{'pass'};
local $disabled;
if ($pass =~ s/^\!//) {
$disabled = "!";
}
-return ( "cn" => $_[0]->{'real'},
+$cn = $_[0]->{'real'} eq '' ? $_[0]->{'user'} : $_[0]->{'real'};
+return ( "cn" => $cn,
"uid" => $_[0]->{'user'},
"uidNumber" => $_[0]->{'uid'},
"loginShell" => $_[0]->{'shell'},
$_[0]->{'max'} eq '' ? ( ) :
( "shadowMax" => $_[0]->{'max'} ),
$_[0]->{'warn'} eq '' ? ( ) :
- ( "shadowWarn" => $_[0]->{'warn'} ),
+ ( "shadowWarning" => $_[0]->{'warn'} ),
$_[0]->{'inactive'} eq '' ? ( ) :
( "shadowInactive" => $_[0]->{'inactive'} )
);
}
$pfx = $config{'md5'} == 1 || $config{'md5'} == 3 ? "{md5}" :
+ $config{'md5'} == 4 ? "{ssha}" :
$config{'md5'} == 0 ? "{crypt}" : "";
if ($in{'passmode'} == 0) {
$pass = "";
}
local $pfx = $config{'md5'} == 1 || $config{'md5'} == 3 ? "{md5}" :
+ $config{'md5'} == 4 ? "{ssha}" :
$config{'md5'} == 0 ? "{crypt}" : "";
if ($in{'passmode'} == 0) {
# Password is blank