diff --git a/controllers/user.go b/controllers/user.go index 7e19db8b..acee0f69 100644 --- a/controllers/user.go +++ b/controllers/user.go @@ -574,7 +574,11 @@ func (c *ApiController) SetPassword() { if user.Ldap == "" { _, err = object.UpdateUser(userId, targetUser, []string{"password", "need_update_password", "password_type", "last_change_password_time"}, false) } else { - err = object.ResetLdapPassword(targetUser, newPassword, c.GetAcceptLanguage()) + if isAdmin { + err = object.ResetLdapPassword(targetUser, "", newPassword, c.GetAcceptLanguage()) + } else { + err = object.ResetLdapPassword(targetUser, oldPassword, newPassword, c.GetAcceptLanguage()) + } } if err != nil { diff --git a/object/ldap_conn.go b/object/ldap_conn.go index ca19c2d2..352132c7 100644 --- a/object/ldap_conn.go +++ b/object/ldap_conn.go @@ -375,7 +375,7 @@ func GetExistUuids(owner string, uuids []string) ([]string, error) { return existUuids, nil } -func ResetLdapPassword(user *User, newPassword string, lang string) error { +func ResetLdapPassword(user *User, oldPassword string, newPassword string, lang string) error { ldaps, err := GetLdaps(user.Owner) if err != nil { return err @@ -418,6 +418,15 @@ func ResetLdapPassword(user *User, newPassword string, lang string) error { } modifyPasswordRequest.Replace("unicodePwd", []string{pwdEncoded}) modifyPasswordRequest.Replace("userAccountControl", []string{"512"}) + } else if oldPassword != "" { + modifyPasswordRequestWithOldPassword := goldap.NewPasswordModifyRequest(userDn, oldPassword, newPassword) + _, err = conn.Conn.PasswordModify(modifyPasswordRequestWithOldPassword) + if err != nil { + conn.Close() + return err + } + conn.Close() + return nil } else { switch ldapServer.PasswordType { case "SSHA": diff --git a/web/src/common/modal/PasswordModal.js b/web/src/common/modal/PasswordModal.js index cd3882d0..ffb9c314 100644 --- a/web/src/common/modal/PasswordModal.js +++ b/web/src/common/modal/PasswordModal.js @@ -105,7 +105,7 @@ export const PasswordModal = (props) => { }); }; - const hasOldPassword = user.password !== ""; + const hasOldPassword = (user.password !== "" || user.ldap !== ""); return (