Closed smithfarm closed 8 years ago
This is a bit more complicated than it looks at first glance, because even when DOCHAZKA_LDAP
is true, some users (such as root
) may be authenticating with password from internal database.
I think it makes more sense for the EMPL=... PROFILE
code to simply output the full profile (with password info) if the current user has admin privlevel, otherwise use the "minimal" output as we have it now.
This is just stupid.
If the server is not using LDAP authentication (
DOCHAZKA_LDAP
set to a false value) and the user is an administrator, the EMPL=... PROFILE code should get the entire employee object (i.e. includingpasshash
andsalt
) and display whether the password is set or not.