From 4b4b8c4ef149ed0010397ce52954dc15ba95a10d Mon Sep 17 00:00:00 2001 From: Marian Sigler Date: Wed, 26 Sep 2012 22:02:45 +0200 Subject: account: only update password as admin when explicitly requested --- account.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'account.py') diff --git a/account.py b/account.py index 0340564..1361669 100644 --- a/account.py +++ b/account.py @@ -173,7 +173,7 @@ class AccountService: attr = [(ldap.MOD_REPLACE, 'mail', account.mail)] dn = self._format_dn([('uid',account.uid),('ou','users')]) self.connection.modify_s(dn, attr) - self._alter_passwords(account) + self._alter_passwords(account, as_admin=as_admin) self._unbind() @@ -251,15 +251,17 @@ class AccountService: self.binded = False - def _alter_passwords(self, account): + def _alter_passwords(self, account, as_admin=False): if account.new_password_root: dn = self._format_dn([('uid',account.uid),('ou','users')]) old, new = account.new_password_root - if self.admin: - self.connection.passwd_s(dn, None, new) + if as_admin: + self.connection.passwd_s(dn, None, new) else: - try: self.connection.passwd_s(dn, old, new) - except: raise InvalidPasswordError() + try: + self.connection.passwd_s(dn, old, new) + except ldap.UNWILLING_TO_PERFORM: + raise InvalidPasswordError() account.password = new @@ -268,7 +270,7 @@ class AccountService: for service, passwords in account.new_password_services.items(): dn = self._format_dn([('uid',account.uid),('cn',service),('ou','services')]) old, new = passwords - if self.admin: + if as_admin: self.connection.passwd_s(dn, None, new) else: self.connection.passwd_s(dn, old, new) -- cgit v1.2.3-1-g7c22