--- ldap_integration/ldapauth.module 2006-11-18 10:52:40.000000000 -0600 +++ ldap_integration_mod/ldapauth.module 2006-11-19 02:57:21.000000000 -0600 @@ -8,6 +8,8 @@ // Private constants. Do not touch define(LDAP_FIRST_DRUPAL, 0); define(LDAP_FIRST_LDAP, 1); +define(LDAP_FORGET_PASSWORD, 0); +define(LDAP_KEEP_PASSWORD, 1); // Private constants (default values). Do not touch either define(LDAP_DEFAULT_ORG, 'LDAP Directory'); @@ -192,6 +194,21 @@ function ldapauth_settings_login_procedu '#required' => true, ); + $options_keep_password = array( + LDAP_FORGET_PASSWORD => t('Do not store the user\'s password in any form'), + LDAP_KEEP_PASSWORD => t('Store the user\'s password in the database')); + + $form['ldap_keep_password'] = array( + '#type' => 'radios', + '#title' => t('If the above setting is set such that when a user logs in Drupal first looks for the user in Drupal\'s ' + .'database, the default is to store the user\'s password in the Drupal database (usually in encrypted form). ' + .'However, you may not want to store any form of the LDAP password in the database.'), + '#default_value' => variable_get('ldap_keep_password', LDAP_KEEP_PASSWORD), + '#options' => $options_keep_password, + '#description' => NULL, + '#required' => true, + ); + $form['ldap_base_dn'] = array( '#type' => 'textarea', '#title' => t('Base DNs'), @@ -423,9 +440,13 @@ function _ldapauth_ldap_login($login_str // Changes to this user_save(): // 1. 'pass' => in "LDAP then Drupal" mode, actual password // is written. In "LDAP only" mode, a random - // password is set + // password is set. A random password is also + // set if the user chooses to not store any + // form of the password if (variable_get('ldap_login_process', LDAP_FIRST_LDAP) == LDAP_FIRST_LDAP) { $pass = user_password(20); + } elseif (variable_get('ldap_keep_password', LDAP_KEEP_PASSWORD) == LDAP_FORGET_PASSWORD) { + $pass = user_password(20); } // 2. 'mail' => we cannot access the LDAP info from here, so