Local users forced password change problem

[PBbreak]

Hello All,

We recently started to use LDAP to authenticate some users, but after activating LDAP, forced password change page is not displayed for local users, they directly login to their monitoring page.

Is there something we are missing or there is a bug on Cacti. Anybody have an idea?

PB

[phalek]

Forced Password Change as well as the genreal password change feature is not available when using LDAP authentication. Cacti does not offer any method/functionality to actually update the LDAP information, it only implements a Read-only access to LDAP

[PBbreak]

Thanks phalek but we do not want LDAP authenticated users to change their password using Cacti. We have two type of authentication now, LDAP for users to login with their own credentials, and some local accounts for groups. We only want locally created users(whom passwords are stored locally in Cacti db) to change their password. It was possible before activating LDAP.

[phalek]

Got it, then I assume this functionality has been disabled un-intentionally for local users, too. It's probably disabled globally when changing the auth mode from local to ldap ...

you can change this behaviour by editing the file auth_login.php: and change the lines 184 to 189 to this:

Code: Select all

/* handle "force change password" */
if (($user["must_change_password"] == "on") && ( (read_config_option("auth_method") == 1) || (get_request_var_post("realm") == "local") ) ) {
  $_SESSION["sess_change_password"] = true;
}

[PBbreak]

Phalek, thank you so much. Forced password change is now working as expected for local users and no problem at LDAP authentication.

PB