Password manager that uses Net::LDAP to manage users and passwords.Subclass of
This class does not grant any write access to the ldap server for security reasons. So you need to use your ldap tools to create user accounts.Configuration: add the following variables to your LocalSite.cfg
return the last error during LDAP operations
Static method to write a debug messages.
this method is used most of the time to detect if a given login user is known to the database. the concrete (encrypted) password is of no interest: so better use userExists() for that
returns true if the login or wikiname exists in the database; that's performing better than fetching the password and then see what comes out of this
check passwd by binding to the ldap server
we can change passwords, so return false
we are managing emails, but don't allow setting emails. alas the core does not distinguish this case, e.g. by using readOnly()
emails might be stored in the ldap account as well if the record is of type possixAccount and inetOrgPerson. if this is not the case we fallback to twiki's default behavior
Complete processing after the client's HTTP request has been responded. i.e. destroy the ldap object.
LDAP users can't be removed from within the engine. So this will call the deleteUser interface of the secondary password manager only
Returns 1 on success, undef on failure.
TODO: API missmatch
This method can only change the LDAP password. It can not add the user to the LDAP directory. To change the password the old password must always be correct. There's no mode to force the change irrespective of the existing password.
In any other case the secondary password manager gets the job.
LDAP can't encrypt passwords. But maybe the secondary password manager can.
If the $oldPassU matches matches the user's password, then it will replace it with $newPassU.
If $oldPassU is not correct and not 1, will return 0.
If $oldPassU is 1, will force the change irrespective of the existing password, adding the user if necessary.
Otherwise returns 1 on success, undef on failure.
Set the email address(es) for the given username. The engine can't set the email stored in LDAP. But may be the secondary password manager can.
returns true, as we can fetch users