diff options
author | Marian Sigler <m@qjym.de> | 2012-09-26 22:02:45 +0200 |
---|---|---|
committer | Marian Sigler <m@qjym.de> | 2012-09-26 22:02:45 +0200 |
commit | 4b4b8c4ef149ed0010397ce52954dc15ba95a10d (patch) | |
tree | 821ab0ea9850b0b572283f9ac027602119f9ec7e | |
parent | 5fb609c5988df09db1fc4b643832cf3733717de0 (diff) | |
download | web-4b4b8c4ef149ed0010397ce52954dc15ba95a10d.tar.gz web-4b4b8c4ef149ed0010397ce52954dc15ba95a10d.tar.bz2 web-4b4b8c4ef149ed0010397ce52954dc15ba95a10d.zip |
account: only update password as admin when explicitly requested
-rw-r--r-- | account.py | 16 |
1 files changed, 9 insertions, 7 deletions
@@ -173,7 +173,7 @@ class AccountService: attr = [(ldap.MOD_REPLACE, 'mail', account.mail)] dn = self._format_dn([('uid',account.uid),('ou','users')]) self.connection.modify_s(dn, attr) - self._alter_passwords(account) + self._alter_passwords(account, as_admin=as_admin) self._unbind() @@ -251,15 +251,17 @@ class AccountService: self.binded = False - def _alter_passwords(self, account): + def _alter_passwords(self, account, as_admin=False): if account.new_password_root: dn = self._format_dn([('uid',account.uid),('ou','users')]) old, new = account.new_password_root - if self.admin: - self.connection.passwd_s(dn, None, new) + if as_admin: + self.connection.passwd_s(dn, None, new) else: - try: self.connection.passwd_s(dn, old, new) - except: raise InvalidPasswordError() + try: + self.connection.passwd_s(dn, old, new) + except ldap.UNWILLING_TO_PERFORM: + raise InvalidPasswordError() account.password = new @@ -268,7 +270,7 @@ class AccountService: for service, passwords in account.new_password_services.items(): dn = self._format_dn([('uid',account.uid),('cn',service),('ou','services')]) old, new = passwords - if self.admin: + if as_admin: self.connection.passwd_s(dn, None, new) else: self.connection.passwd_s(dn, old, new) |