Use functions to lock/unlock an account

ltb-project · Jul 24, 2024 · f072663 · f072663
1 parent e220b77
commit f072663
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 14 deletions.
diff --git a/htdocs/lockaccount.php b/htdocs/lockaccount.php
@@ -24,9 +24,7 @@
     $ldap = $ldap_connection[0];
     $result = $ldap_connection[1];
 
-
-    # Consider pwdLockout = false by default
-    $pwdLockout = false;
+    $pwdPolicy = NULL;
 
     # Search pwdLockout in associated ppolicy
     if ($ldap)
@@ -61,13 +59,11 @@
     }
 
     # apply the modification only if a password policy set with pwdLockout=TRUE is associated to the account
-    if ($ldap and $pwdLockout == true) {
-        $modification = ldap_mod_replace($ldap, $dn, array("pwdAccountLockedTime" => array("000001010000Z")));
-        $errno = ldap_errno($ldap);
-        if ( $errno ) {
-            $result = "ldaperror";
-        } else {
+    if ($ldap and $directory->canLockAccount($ldap, $dn, array('pwdPolicy' => $pwdPolicy))) {
+        if ( $directory->lockAccount($ldap, $dn) ) {
             $result = "accountlocked";
+        } else {
+            $result = "ldaperror";
         }
     }
 }

diff --git a/htdocs/unlockaccount.php b/htdocs/unlockaccount.php
@@ -32,12 +32,10 @@
     $result = $ldap_connection[1];
 
     if ($ldap) {
-        $modification = ldap_mod_del($ldap, $dn, array("pwdAccountLockedTime" => array()));
-        $errno = ldap_errno($ldap);
-        if ( $errno ) {
-            $result = "ldaperror";
-        } else {
+        if ( $directory->unlockAccount($ldap, $dn) ) {
             $result = "accountunlocked";
+        } else {
+            $result = "ldaperror";
         }
     }
 }