Merge pull request dokuwiki#3634 from spike77453/feature_add-plaintext-password-update-option

Add option 'modPassPlain' to send plaintext password updates to LDAP server

Author: splitbrain

lib/plugins/authldap/auth.php

@@ -365,8 +365,12 @@ public function modifyUser($user, $changes)
         }
 
         // Generate the salted hashed password for LDAP
-        $phash = new PassHash();
-        $hash = $phash->hash_ssha($changes['pass']);
+        if ($this->getConf('modPassPlain')) {
+            $hash = $changes['pass'];
+        } else {
+            $phash = new PassHash();
+            $hash = $phash->hash_ssha($changes['pass']);
+        }
 
         // change the password
         if (!@ldap_mod_replace($this->con, $dn, ['userpassword' => $hash])) {

lib/plugins/authldap/conf/default.php

@@ -20,4 +20,5 @@
 $conf['groupkey']   = 'cn';
 $conf['debug']      = 0;
 $conf['modPass']    = 1;
+$conf['modPassPlain'] = 0;
 $conf['attributes'] = array();

lib/plugins/authldap/conf/metadata.php

@@ -21,3 +21,4 @@
 $meta['groupkey']    = array('string','_caution' => 'danger');
 $meta['debug']       = array('onoff','_caution' => 'security');
 $meta['modPass']     = array('onoff');
+$meta['modPassPlain']= array('onoff','_caution' => 'security');

lib/plugins/authldap/lang/en/settings.php

@@ -17,6 +17,7 @@
 $lang['userkey']     = 'Attribute denoting the username; must be consistent to userfilter.';
 $lang['groupkey']    = 'Group membership from any user attribute (instead of standard AD groups) e.g. group from department or telephone number';
 $lang['modPass']     = 'Can the LDAP password be changed via dokuwiki?';
+$lang['modPassPlain']= 'Send password updates in plain text to the LDAP server (rather than salt and hash them with the configured algorithm before transmission)?';
 $lang['debug']       = 'Display additional debug information on errors';