Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP sambaNTPassword not set by password change #690

Open
klodner opened this issue Mar 22, 2024 · 2 comments
Open

LDAP sambaNTPassword not set by password change #690

klodner opened this issue Mar 22, 2024 · 2 comments
Labels
1. to develop enhancement New feature or request

Comments

@klodner
Copy link

klodner commented Mar 22, 2024

This plugin does not handle LDAP Samba extensions, when used by LDAP server (which is often used)

So I have to modify the code of the plugin to this to work:


 public function setPassword($uid, $password) {

                $possible = '0123456789'.
                'abcdefghijklmnopqrstuvwxyz'.
                'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.
                './';
                $salt = '';
                $userdata=array();
                while (strlen($salt) < 16)
                $salt .= substr($possible, (rand() % strlen($possible)), 1);
                // Convert the password from UTF8 to UTF16 (little endian)
                $MD4Hash=hash('md4',iconv('UTF-8','UTF-16LE',$password));
                // Make it uppercase, not necessary, but it's common to do so with NTLM hashes
                $NTLMHash=strtoupper($MD4Hash);
                $now = time();

                try {
                        $cr = $this->ldapProvider->getLDAPConnection($uid);
                        $userDN = $this->getUserDN($uid);

                        // TODO: check if LDAP contains sambaNTpassword
                        //$object = ldap_get_attributes($ldap, $entry);
                        //  if (isset($object['sambaNTPassword'])){

                        $userdata['userPassword'] = '{CRYPT}'.crypt($password, '$6$'.$salt.'$');
                        $userdata['sambaNTPassword'] = $NTLMHash;
                        $userdata['sambaPwdLastSet'] = "$now";
                        return ldap_modify($cr, $userDN, $userdata) !== false;
                } catch (\Exception $e) {
                        $this->logger->error($e->getMessage(), ['exception' => $e, 'app' => Application::APP_ID]);
                }
                return false;
        }
@susnux
Copy link
Contributor

susnux commented Mar 23, 2024

I really would not encourage using NTLM, instead Kerberos would be a more safer authentication. But nevertheless this would be a good follow up on #536

@susnux susnux added enhancement New feature or request 1. to develop labels Mar 23, 2024
@techadmin-localbit
Copy link

I would like to have this fixed as well. Our nextcloud users are not able to change their LDAP-SAMBA password over nextcloud.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@susnux @klodner @techadmin-localbit