%META:TOPICINFO{author="lcampos" date="1085143647" format="1.0" version="1.3"}%
---+ LDAP Password Changer TWiki Plugin

This plugin asks for and changes your password at an pre-configured LDAP server.

---++ Syntax Rules

There is only one command to apply, just use %<nop>LDAPPASSWORDCHANGER% and the Plugin will do the rest. 

---++ <nop>%TOPIC% Global Settings

	* One line description, shown in the %TWIKIWEB%.TextFormattingRules topic:
		* Set SHORTDESCRIPTION = LDAP Server user password automated changer.

	* The LDAP Server you will contact:
		* Set LDAP_SERVER = orelhao.integral.com.br
	* Base DN from where searches will start at your server
		* Set LDAP_BASE_DN = dc=integral,dc=com,dc=br
	* Filter to select the *current* user (maybe a lot trickier, suggestions are welcome!)
		* Set LDAP_FILTER = (&(objectClass=posixAccount)(uid=%s))

	* Debug plugin: (See output in =data/debug.txt=)
		* Set DEBUG = 1

---++ Plugin Installation Instructions

__Note:__ You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the server where TWiki is running.

	* Download the ZIP file from the Plugin web (see below)
	* Unzip ==%TOPIC%.zip== in your twiki installation directory. Content:
	  | *File:* | *Description:* |
	  | ==data/TWiki/%TOPIC%.txt== | Plugin topic |
	  | ==data/TWiki/%TOPIC%.txt,v== | Plugin topic repository |
	  | ==lib/TWiki/Plugins/%TOPIC%.pm== | Plugin Perl module |
	* Test if the plugin is correctly installed:
		* Create a topic and adds the %<nop>LDAPPASSWORDCHANGER<nop>% tag to it. Preview and Save the test topic. You will see a dialog box asking you your old and new passwords. If you're able to fill the fields and change your LDAP Server user password, everything is ok.

---++ Plugin Info

|  Plugin Author: | %TWIKIWEB%.LuisCampos |
|  Plugin Version: | 20 May 2004 (V1.000) |
|  Change History: | <!-- specify latest version first -->&nbsp; |
|  20 May 2004: | Initial version |
|  CPAN Dependencies: | [[http://search.cpan.org/~gbarr/perl-ldap-0.31/lib/Net/LDAP.pod][Net::LDAP]], [[http://search.cpan.org/author/LDS/CGI.pm-3.05/CGI.pm][CGI]] |
|  Other Dependencies: | Your TWiki should be running under LDAP-based authentication schema |
|  Perl Version: | 5.8.1 |
|  Plugin Home: | http://TWiki.org/cgi-bin/view/Plugins/%TOPIC% |
|  Feedback: | http://TWiki.org/cgi-bin/view/Plugins/%TOPIC%Dev |

__Related Topics:__ %TWIKIWEB%.TWikiPreferences, %TWIKIWEB%.TWikiPlugins, DefaultPlugin

-- %MAINWEB%.LuisCampos - 20 May 2004

##</code><code>##

# Plugin for TWiki Collaboration Platform, http://TWiki.org/
#
# Copyleft (C) 2004 Luis Campos, monsieur_champs@yahoo.com.br
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details, published at
# http://www.gnu.org/copyleft/gpl.html
#

# =========================
package TWiki::Plugins::LDAPPasswordChangerPlugin;

# =========================
use vars qw(
	    $web $topic $user $installWeb $VERSION $pluginName
	    $debug $ldap_server $base_dn $filter
	   );

$VERSION = '1.000';
$pluginName = 'LDAPPasswordChangerPlugin';

# =========================
sub initPlugin{
  ( $topic, $web, $user, $installWeb ) = @_;

  # check for Plugins.pm versions
  if( $TWiki::Plugins::VERSION < 1 ){
    TWiki::Func::writeWarning( "Version mismatch between $pluginName and Plugins.pm" );
    return 0;
  }

  # Get plugin debug flag
  $debug = TWiki::Func::getPreferencesFlag( "\U$pluginName\E_DEBUG" );

  # Get LDAP Server Domain Name or IP Address
  $ldap_server = &TWiki::Prefs::getPreferencesValue( "\U$pluginName\E_LDAP_SERVER" );
  $base_dn = &TWiki::Prefs::getPreferencesValue( "\U$pluginName\E_LDAP_BASE_DN" );
  $filter = sprintf( &TWiki::Prefs::getPreferencesValue( "\U$pluginName\E_LDAP_FILTER" ), $TWiki::userName );

  # Plugin correctly initialized
  TWiki::Func::writeDebug( "- TWiki::Plugins::${pluginName}::initPlugin( $web.$topic ) is OK" ) if $debug;
  return 1;
}

# =========================
sub commonTagsHandler{
  # do not uncomment, use $_[0], $_[1]... instead
  ### my ( $text, $topic, $web ) = @_;

  TWiki::Func::writeDebug( "- ${pluginName}::commonTagsHandler( $_[2].$_[1] )" )
      if $debug;

  $_[0] =~ s/%LDAPPASSWORDCHANGER%/&pwChanger()/ge;
}

# =========================
sub pwChanger{
  use CGI;

  my ( $cgi, $message ) = ( new CGI, undef );
  my ( $old, $new, $repeat, $change )
    = map $cgi->param( $_ ), qw( oldpwd newpwd1 newpwd2 change );

  if( $old ){
    # Got old password.
    if( $new ){
      # Got New Password.
      if( $repeat ){
	# Got new password repeat.
	if( $new == $repeat ){
	  # Same password entered twice: I can safely change.
	  $message = talkToLDAP( $old, $new )
	}else{
	  # User can't repeat new password: there is something wrong.
	  $message = q{%X% %RED%'New Password' and 'Repeat New Password' fields doesn't match.%ENDCOLOR%};
	}
      }else{
	# Error: New Password Repeat field is empty;
	$message = q{%X% %RED%Please fill in your new password twice.%ENDCOLOR%};
      }
    }else{
      # Error: New Password field is empty.
      $message = q{%X% %RED%Please fill in your new password.%ENDCOLOR%};
    }
  }else{
    # Error: Empty old password.
    $message = q{%X% %RED%Please fill in your old password.%ENDCOLOR%};
  }

  return genDialog( $change? $message : '&nbsp;' );
}

# =========================
sub talkToLDAP{
  use Net::LDAP;
  my( $old, $new, $ldap, $dn ) = ( shift, shift, new Net::LDAP( $ldap_server ), undef );
  return q{%X% %RED%Can't contact LDAP Server. Please review %MAINWEB%.LDAPPasswordChangerPlugin configuration.%ENDCOLOR%} unless $ldap;
  my $msg;
  $msg = $ldap->bind;
  return q{%X% %RED%LDAP Error:}.$msg->error.q{%ENDCOLOR%}
    if $msg->is_error;

  TWiki::Func::writeDebug( qq{calling ldap::search( base => '$base_dn', filter => '$filter' ) } )
      if $debug;
  $msg = $ldap->search( base => $base_dn, filter => $filter, attrs => [ '1.1' ] );
  return
    q{%X% %RED%LDAP doesn't return any users.<br />Please inform LDAP Administrator.%ENDCOLOR%}
      unless $dn = $msg->shift_entry();
  $msg = $ldap->bind( $dn, password => $old );
  return q{%X% %RED%LDAP Error:}.$msg->error.q{%ENDCOLOR%}
    if $msg->is_error;
  $msg = $ldap->modify( $dn, replace => { userPassword => $new } );
  return q{%X% %RED%LDAP Error:}.$msg->error.q{%ENDCOLOR%}
    if $msg->is_error;
  $ldap->unbind;
  return q{%Y% %GREEN%Password changed sucessfully%ENDCOLOR%};
}

# =========================
sub genDialog{
  my $message = shift;
  return q{
<form action="%TOPIC%" method="post">
  <table bgcolor="%WEBBGCOLOR%" align="center" border="0" cellpadding="1" cellspacing="1">
    <tr>
      <td height="25" colspan="2" valign="middle" align="center">
        <b> Altera&ccedil;&atilde;o de Senha </b>
      </td>
    </tr>
    <tr>
      <td>
        <table bgcolor="#FFFFFF" align="center" border="0" cellpadding="1" cellspacing="8">} . ($message ? qq{
          <tr>
            <td align="center" colspan="2"> $message </td>
          </tr> } : '' ) .q{
          <tr>
            <td align="right"> Senha Antiga: </td>
            <td> <input type="password" name="oldpwd"> </td>
          </tr>
          <tr>
            <td align="right"> Nova Senha: </td>
            <td> <input type="password" name="newpwd1"> </td>
          </tr>
          <tr>
            <td align="right"> Repita Senha: </td>
            <td> <input type="password" name="newpwd2"> </td>
          </tr>
        </table>
      </td>
    </tr>
    <tr>
      <td height="30" colspan="2" valign="middle" align="center">
        <input type="submit" name="change" value="                   Mudar Senha                   ">
      </td>
    </tr>
  </table>
</form>
};

} # end sub
1;