From bc41f47ccccd824e80a96677f266755161ef8197 Mon Sep 17 00:00:00 2001
From: dipus <jacopo.ferrigno@gmail.com>
Date: Thu, 8 Sep 2022 10:07:19 +0200
Subject: [PATCH] Added config option and code to force the password change
 with user

changed option to be more clearly linked to AD envs

Added default option for ad_force_low_privileged_change
---
 conf/config.inc.php | 2 ++
 htdocs/change.php   | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/conf/config.inc.php b/conf/config.inc.php
index db1a7ccc..d09f2965 100644
--- a/conf/config.inc.php
+++ b/conf/config.inc.php
@@ -58,6 +58,8 @@
 $ad_options['force_pwd_change'] = false;
 # Allow user with expired password to change password
 $ad_options['change_expired_password'] = false;
+# Force who_change_password to be 'user', useful in AD environments
+$ad_force_low_privileged_change = false;
 
 # Samba mode
 # true: update sambaNTpassword and sambaPwdLastSet attributes too
diff --git a/htdocs/change.php b/htdocs/change.php
index 620fa385..6377d036 100644
--- a/htdocs/change.php
+++ b/htdocs/change.php
@@ -172,6 +172,10 @@
                     }
                 }
 
+                if ($ad_force_low_privileged_change){
+                    $who_change_password = "user";
+                }
+
             }
         }
     }