diff --git a/api/user.go b/api/user.go
index c9bb99800..45869fb6c 100644
--- a/api/user.go
+++ b/api/user.go
@@ -187,7 +187,9 @@ func (ua *UserAPI) Delete() {
// ChangePassword handles PUT to /api/users/{}/password
func (ua *UserAPI) ChangePassword() {
- if !(ua.AuthMode == "db_auth") {
+ ldapAdminUser := (ua.AuthMode == "ldap_auth" && ua.userID == 1 && ua.userID == ua.currentUserID)
+
+ if !(ua.AuthMode == "db_auth" || ldapAdminUser) {
ua.CustomAbort(http.StatusForbidden, "")
}
diff --git a/controllers/base.go b/controllers/base.go
index e76abe4be..7d4b3e535 100644
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -41,6 +41,7 @@ type BaseController struct {
beego.Controller
i18n.Locale
SelfRegistration bool
+ IsLdapAdminUser bool
IsAdmin bool
AuthMode string
}
@@ -115,7 +116,11 @@ func (b *BaseController) Prepare() {
if sessionUserID != nil {
b.Data["Username"] = b.GetSession("username")
b.Data["UserId"] = sessionUserID.(int)
-
+
+ if (sessionUserID == 1 && b.AuthMode == "ldap_auth") {
+ b.IsLdapAdminUser = true
+ }
+
var err error
b.IsAdmin, err = dao.IsAdminRole(sessionUserID.(int))
if err != nil {
@@ -126,6 +131,7 @@ func (b *BaseController) Prepare() {
b.Data["IsAdmin"] = b.IsAdmin
b.Data["SelfRegistration"] = b.SelfRegistration
+ b.Data["IsLdapAdminUser"] = b.IsLdapAdminUser
}
diff --git a/views/segment/header-content.tpl b/views/segment/header-content.tpl
index 464cd09aa..368a64d8c 100644
--- a/views/segment/header-content.tpl
+++ b/views/segment/header-content.tpl
@@ -57,6 +57,10 @@
{{i18n .Lang "change_password"}}
{{ end }}
+ {{ if eq .IsLdapAdminUser true }}
+ {{i18n .Lang "change_password"}}
+
+ {{ end }}
{{ if eq .AuthMode "db_auth" }}
{{ if eq .IsAdmin true }}
{{i18n .Lang "add_user"}}