For admins, EMPL=... PROFILE should display password info (set/not set) if server has DOCHAZKA_LDAP set

smithfarm / dochazka-cli

Dochazka CLI client

BSD 3-Clause "New" or "Revised" License

0 stars 0 forks source link

For admins, EMPL=... PROFILE should display password info (set/not set) if server has DOCHAZKA_LDAP set #11

Closed smithfarm closed 8 years ago

smithfarm commented 9 years ago

If the server is not using LDAP authentication (DOCHAZKA_LDAP set to a false value) and the user is an administrator, the EMPL=... PROFILE code should get the entire employee object (i.e. including passhash and salt) and display whether the password is set or not.

smithfarm commented 9 years ago

This is a bit more complicated than it looks at first glance, because even when DOCHAZKA_LDAP is true, some users (such as root) may be authenticating with password from internal database.

I think it makes more sense for the EMPL=... PROFILE code to simply output the full profile (with password info) if the current user has admin privlevel, otherwise use the "minimal" output as we have it now.

smithfarm commented 8 years ago

This is just stupid.