diff --git a/inc/adLDAP.php b/inc/adLDAP.php
index a64096b85558463aff8437d4abcb032bb79d3b2c..24be6e475e18f7313f2413a695f4f0ce6134e9b0 100644
--- a/inc/adLDAP.php
+++ b/inc/adLDAP.php
@@ -1020,6 +1020,26 @@ class adLDAP {
return (false);
}
+ /**
+ * Return info about the domain itself
+ *
+ * @authot Andreas Gohr <gohr@cosmocode.de>
+ * @param array $fields The fields to query
+ * @return array
+ */
+ public function domain_info($fields){
+ if (!$this->_bind){ return (false); }
+
+ $sr = ldap_read($this->_conn, $this->_base_dn, 'objectclass=*', $fields);
+ if (!$sr) {
+ return false;
+ }
+ $info = ldap_get_entries($this->_conn, $sr);
+ if(count($info)) return $info[0];
+
+ return false;
+ }
+
/**
* Determine a user's password expiry date
*
diff --git a/inc/auth/ad.class.php b/inc/auth/ad.class.php
index 1fddad243ef59efc9898e7a0bd7b51409f448a75..cc080dc935d3ef6dfdfe28129e3c273f2bc27c23 100644
--- a/inc/auth/ad.class.php
+++ b/inc/auth/ad.class.php
@@ -26,6 +26,8 @@
* $conf['auth']['ad']['use_ssl'] = 1;
* $conf['auth']['ad']['use_tls'] = 1;
* $conf['auth']['ad']['debug'] = 1;
+ * // warn user about expiring password this many days in advance:
+ * $conf['auth']['ad']['expirywarn'] = 5;
*
* // get additional information to the userinfo array
* // add a list of comma separated ldap contact fields.
@@ -44,6 +46,7 @@ class auth_ad extends auth_basic {
var $opts = null;
var $adldap = null;
var $users = null;
+ var $msgshown = false;
/**
* Constructor
@@ -146,9 +149,13 @@ class auth_ad extends auth_basic {
*/
function getUserData($user){
global $conf;
+ global $lang;
+ global $ID;
if(!$this->_init()) return false;
- $fields = array('mail','displayname','samaccountname');
+ if($user == '') return array();
+
+ $fields = array('mail','displayname','samaccountname','lastpwd','pwdlastset','useraccountcontrol');
// add additional fields to read
$fields = array_merge($fields, $this->cnf['additional']);
@@ -156,11 +163,19 @@ class auth_ad extends auth_basic {
//get info for given user
$result = $this->adldap->user_info($user, $fields);
+ if($result == false){
+ return array();
+ }
+
//general user info
- $info['name'] = $result[0]['displayname'][0];
- $info['mail'] = $result[0]['mail'][0];
- $info['uid'] = $result[0]['samaccountname'][0];
- $info['dn'] = $result[0]['dn'];
+ $info['name'] = $result[0]['displayname'][0];
+ $info['mail'] = $result[0]['mail'][0];
+ $info['uid'] = $result[0]['samaccountname'][0];
+ $info['dn'] = $result[0]['dn'];
+ //last password set (Windows counts from January 1st 1601)
+ $info['lastpwd'] = $result[0]['pwdlastset'][0] / 10000000 - 11644473600;
+ //will it expire?
+ $info['expires'] = !($result[0]['useraccountcontrol'][0] & 0x10000); //ADS_UF_DONT_EXPIRE_PASSWD
// additional information
foreach ($this->cnf['additional'] as $field) {
@@ -183,6 +198,29 @@ class auth_ad extends auth_basic {
$info['grps'][] = $conf['defaultgroup'];
}
+ // check expiry time
+ if($info['expires'] && $this->cnf['expirywarn']){
+ $result = $this->adldap->domain_info(array('maxpwdage')); // maximum pass age
+ $maxage = -1 * $result['maxpwdage'][0] / 10000000; // negative 100 nanosecs
+ $timeleft = $maxage - (time() - $info['lastpwd']);
+ $timeleft = round($timeleft/(24*60*60));
+ $info['expiresin'] = $timeleft;
+
+ // if this is the current user, warn him (once per request only)
+ if( ($_SERVER['REMOTE_USER'] == $user) &&
+ ($timeleft <= $this->cnf['expirywarn']) &&
+ !$this->msgshown
+ ){
+ $msg = sprintf($lang['authpwdexpire'],$timeleft);
+ if($this->canDo('modPass')){
+ $url = wl($ID,array('do'=>'profile'));
+ $msg .= ' <a href="'.$url.'">'.$lang['btn_profile'].'</a>';
+ }
+ msg($msg);
+ $this->msgshown = true;
+ }
+ }
+
return $info;
}
diff --git a/inc/lang/de/lang.php b/inc/lang/de/lang.php
index a4360b2a4ca691a094b49f5d8f161f44bbdc399b..63ffd3008a6a5b92a0efcb07bbe6edb326415aba 100644
--- a/inc/lang/de/lang.php
+++ b/inc/lang/de/lang.php
@@ -273,6 +273,7 @@ $lang['subscr_style_digest'] = 'Zusammenfassung der Änderungen für jede ver
$lang['subscr_style_list'] = 'Liste der geänderten Seiten (Alle %.2f Tage)';
$lang['authmodfailed'] = 'Benutzerüberprüfung nicht möglich. Bitte wenden Sie sich an den Systembetreuer.';
$lang['authtempfail'] = 'Benutzerüberprüfung momentan nicht möglich. Falls das Problem andauert, wenden Sie sich an den Systembetreuer.';
+$lang['authpwdexpire'] = 'Ihr Passwort läuft in %d Tag(en) ab, Sie sollten es bald ändern.';
$lang['i_chooselang'] = 'Wählen Sie Ihre Sprache';
$lang['i_installer'] = 'DokuWiki Installation';
$lang['i_wikiname'] = 'Wiki-Name';
diff --git a/inc/lang/en/lang.php b/inc/lang/en/lang.php
index e0fe98b868df2db840dce03163b7f18b79ce98d0..2ba220e6408ce63a22a01f5cef1e8f75d3ff73a0 100644
--- a/inc/lang/en/lang.php
+++ b/inc/lang/en/lang.php
@@ -280,6 +280,7 @@ $lang['subscr_style_list'] = 'list of changed pages since last email (e
/* auth.class language support */
$lang['authmodfailed'] = 'Bad user authentication configuration. Please inform your Wiki Admin.';
$lang['authtempfail'] = 'User authentication is temporarily unavailable. If this situation persists, please inform your Wiki Admin.';
+$lang['authpwdexpire'] = 'Your password will expire in %d days, you should change it soon.';
/* installer strings */
$lang['i_chooselang'] = 'Choose your language';