--- ldapauth.module.orig 2007-02-01 10:48:56.000000000 -0500 +++ ldapauth.module 2007-02-04 01:20:56.413673787 -0500 @@ -8,6 +8,8 @@ // Private constants. Do not touch define(LDAP_FIRST_DRUPAL, 0); define(LDAP_FIRST_LDAP, 1); +define(LDAP_FORGET_PASSWORD, 0); +define(LDAP_KEEP_PASSWORD, 1); // Private constants (default values). Do not touch either define(LDAP_DEFAULT_ORG, 'LDAP Directory'); @@ -289,6 +291,25 @@ '#required' => true, ); + $options_keep_password = array( + LDAP_FORGET_PASSWORD => t('Do not store the user\'s password in any form'), + LDAP_KEEP_PASSWORD => t('Store the user\'s password in the database')); + + $form['login-procedure']['ldap_keep_password'] = array( + '#type' => 'radios', + '#title' => t('If the above setting is set such that when a user logs in Drupal first looks for the user in Drup +\'s ' + .'database, the default is to store the user\'s password in the Drupal database (usually in encryp +d form). ' + .'However, you may not want to store any form of the LDAP password in the database.'), + '#default_value' => variable_get('ldap_keep_password', LDAP_KEEP_PASSWORD), + '#options' => $options_keep_password, + '#description' => NULL, + '#required' => true, + ); + + + $form['login-procedure']['basedn'] = array( '#type' => 'textarea', '#title' => t('Base DNs'), @@ -726,9 +747,13 @@ // Changes to this user_save(): // 1. 'pass' => in "LDAP then Drupal" mode, actual password // is written. In "LDAP only" mode, a random - // password is set + // password is set. A random password is also + // set if the user chooses to not store any + // form of the password if (variable_get('ldap_login_process', LDAP_FIRST_LDAP) == LDAP_FIRST_LDAP) { $pass = user_password(20); + } elseif (variable_get('ldap_keep_password', LDAP_KEEP_PASSWORD) == LDAP_FORGET_PASSWORD) { + $pass = user_password(20); } // 2. 'mail' => we cannot access the LDAP info from here, so // we just write anything as e-mail address. If @@ -764,4 +789,4 @@ return $user; } -?> \ No newline at end of file +?>