Send DN and newPassword with password_modify request

thriqon · Jonas Weber · commit 7a605f55adca · 2016-09-06T08:27:49.000Z
diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb
@@ -593,11 +593,11 @@ def password_modify(args)
 
     ext_seq = [Net::LDAP::PasswdModifyOid.to_ber_contextspecific(0)]
 
-    unless args[:old_password].nil?
-      pwd_seq = [args[:old_password].to_ber(0x81)]
-      pwd_seq << args[:new_password].to_ber(0x82) unless args[:new_password].nil?
-      ext_seq << pwd_seq.to_ber_sequence.to_ber(0x81)
-    end
+    pwd_seq = []
+    pwd_seq << dn.to_ber(0x80)
+    pwd_seq << args[:old_password].to_ber(0x81) unless args[:old_password].nil?
+    pwd_seq << args[:new_password].to_ber(0x82) unless args[:new_password].nil?
+    ext_seq << pwd_seq.to_ber_sequence.to_ber(0x81)
 
     request = ext_seq.to_ber_appsequence(Net::LDAP::PDU::ExtendedRequest)
 
diff --git a/test/integration/test_password_modify.rb b/test/integration/test_password_modify.rb
@@ -3,7 +3,8 @@
 class TestPasswordModifyIntegration < LDAPIntegrationTestCase
   def setup
     super
-    @ldap.authenticate 'cn=admin,dc=rubyldap,dc=com', 'passworD1'
+    @admin_account = {dn: 'cn=admin,dc=rubyldap,dc=com', password: 'passworD1', method: :simple}
+    @ldap.authenticate @admin_account[:dn], @admin_account[:password]
 
     @dn = 'uid=modify-password-user1,ou=People,dc=rubyldap,dc=com'
 
@@ -74,6 +75,18 @@ def test_password_modify_generate_no_old_password
       'New password should be valid'
   end
 
+  def test_password_modify_overwrite_old_password
+    assert @ldap.password_modify(dn: @dn,
+                                 auth: @admin_account,
+                                 new_password: 'passworD3')
+
+    refute @ldap.bind(username: @dn, password: 'passworD1', method: :simple),
+      'Old password should no longer be valid'
+
+    assert @ldap.bind(username: @dn, password: 'passworD3', method: :simple),
+      'New password should be valid'
+  end
+
   def teardown
     @ldap.delete dn: @dn
   end
