[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpgwapi/inc class.common.inc.php, 1.123.2.9.2.20 cla
|
From: |
skwashd |
|
Subject: |
[Phpgroupware-cvs] phpgwapi/inc class.common.inc.php, 1.123.2.9.2.20 class.auth_ldap.inc.php, 1.17.2.1.2.2 class.accounts_ldap.inc.php, 1.101.2.13.2.11 class.accounts.inc.php, 1.10.4.5 |
|
Date: |
Wed, 27 Apr 2005 07:47:33 -0000 |
Update of phpgwapi/inc
Modified Files:
Branch: Version-0_9_16-branch
class.common.inc.php lines: +3 -3
class.auth_ldap.inc.php lines: +46 -39
class.accounts_ldap.inc.php lines: +1019 -569
class.accounts.inc.php lines: +11 -1
Log Message:
ldap fixes from fips - don't blame me :)
====================================================
Index: phpgwapi/inc/class.common.inc.php
diff -u phpgwapi/inc/class.common.inc.php:1.123.2.9.2.19
phpgwapi/inc/class.common.inc.php:1.123.2.9.2.20
--- phpgwapi/inc/class.common.inc.php:1.123.2.9.2.19 Thu Jan 8 22:06:07 2004
+++ phpgwapi/inc/class.common.inc.php Fri Jan 9 01:33:57 2004
@@ -271,8 +271,8 @@
{
if(is_object($GLOBALS['phpgw']->log))
{
-
$GLOBALS['phpgw']->log->message('set_option(protocol v3) succeded using v3');
- $GLOBALS['phpgw']->log->commit();
+
//$GLOBALS['phpgw']->log->message('set_option(protocol v3) succeded using v3');
+ //$GLOBALS['phpgw']->log->commit();
}
}
// bind as admin, we not to able to do everything
====================================================
Index: phpgwapi/inc/class.auth_ldap.inc.php
diff -u phpgwapi/inc/class.auth_ldap.inc.php:1.17.2.1.2.1
phpgwapi/inc/class.auth_ldap.inc.php:1.17.2.1.2.2
--- phpgwapi/inc/class.auth_ldap.inc.php:1.17.2.1.2.1 Mon May 5 06:29:06 2003
+++ phpgwapi/inc/class.auth_ldap.inc.php Fri Jan 9 01:33:57 2004
@@ -49,27 +49,34 @@
return False;
}
/* find the dn for this uid, the uid is not always in
the dn */
- $attributes = array( "uid", "dn" );
- $sri = ldap_search($ldap,
$GLOBALS['phpgw_info']['server']['ldap_context'], "(uid=$username)",
$attributes);
+ $attributes = array( 'uid', 'dn', 'accountstatus' );
+ $sri = ldap_search($ldap,
$GLOBALS['phpgw_info']['server']['ldap_context'], "uid=$username", $attributes);
$allValues = ldap_get_entries($ldap, $sri);
if ($allValues['count'] > 0)
{
- /* we only care about the first dn */
- $userDN = $allValues[0]['dn'];
- /*
- generate a bogus password to pass if the user
doesn't give us one
- this gets around systems that are anonymous
search enabled
- */
- if (empty($passwd))
+ // let's check if its an inactive account
+ if($allValues[0]['accountstatus'][0] != 'I')
{
- $passwd = crypt(microtime());
- }
- /* try to bind as the user with user suplied
password */
- if (@ldap_bind($ldap, $userDN, $passwd))
- {
- return True;
+ /* we only care about the first dn */
+ $userDN = $allValues[0]['dn'];
+ /*
+ generate a bogus password to pass if
the user doesn't give us one
+ this gets around systems that are
anonymous search enabled
+ */
+ if (empty($passwd))
+ {
+ $passwd = crypt(microtime());
+ }
+ /* try to bind as the user with user
suplied password */
+ if (@ldap_bind($ldap, $userDN, $passwd))
+ {
+ return True;
+ }
}
}
+ else
+ {
+ }
/* Turn error reporting back to normal */
error_reporting(7);
@@ -86,12 +93,20 @@
}
$ds = $GLOBALS['phpgw']->common->ldapConnect();
- $sri = ldap_search($ds,
$GLOBALS['phpgw_info']['server']['ldap_context'], "uidnumber=$_account_id");
+ $sri = ldap_search($ds,
$GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber='.$_account_id);
$allValues = ldap_get_entries($ds, $sri);
-
- $entry['userpassword'] =
$GLOBALS['phpgw']->common->encrypt_password($new_passwd);
$dn = $allValues[0]['dn'];
-
+
+ $entry['userpassword'] =
$GLOBALS['phpgw']->common->encrypt_password($new_passwd);
+ if (is_array($allValues[0]['objectclass']) &&
+ ( in_array('phpgwAccount',
$allValues[0]['objectclass']) ||
+ in_array('phpgwaccount',
$allValues[0]['objectclass'])
+ )
+ )
+ {
+ $entry['lastpasswordchange'] = time();
+ }
+
if (address@hidden($ds, $dn, $entry))
{
return false;
@@ -101,33 +116,25 @@
return $encrypted_passwd;
}
- /* This data needs to be updated in LDAP, not SQL (jengo) */
- function old_update_lastlogin($account_id, $ip)
- {
- $GLOBALS['phpgw']->db->query("SELECT account_lastlogin
FROM phpgw_accounts WHERE account_id='$account_id'",__LINE__,__FILE__);
- $GLOBALS['phpgw']->db->next_record();
- $this->previous_login =
$GLOBALS['phpgw']->db->f('account_lastlogin');
-
- $now = time();
-
- $GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET
account_lastloginfrom='"
- . "$ip', account_lastlogin='" . $now
- . "' WHERE
account_id='$account_id'",__LINE__,__FILE__);
- }
-
function update_lastlogin($_account_id, $ip)
{
- $entry['phpgwaccountlastlogin'] = time();
- $entry['phpgwaccountlastloginfrom'] = $ip;
+ $entry['lastlogin'] = time();
+ $entry['lastloginfrom'] = $ip;
$ds = $GLOBALS['phpgw']->common->ldapConnect();
$sri = ldap_search($ds,
$GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber=' . $_account_id);
$allValues = ldap_get_entries($ds, $sri);
$dn = $allValues[0]['dn'];
- $this->previous_login =
$allValues[0]['phpgwaccountlastlogin'][0];
-
- @ldap_modify($ds, $dn, $entry);
+ $this->previous_login = $allValues[0]['lastlogin'][0];
+ if (is_array($allValues[0]['objectclass']) &&
+ ( in_array('phpgwAccount',
$allValues[0]['objectclass']) ||
+ in_array('phpgwaccount',
$allValues[0]['objectclass'])
+ )
+ )
+ {
+ ldap_modify($ds, $dn, $entry);
+ }
}
}
?>
====================================================
Index: phpgwapi/inc/class.accounts_ldap.inc.php
diff -u phpgwapi/inc/class.accounts_ldap.inc.php:1.101.2.13.2.10
phpgwapi/inc/class.accounts_ldap.inc.php:1.101.2.13.2.11
--- phpgwapi/inc/class.accounts_ldap.inc.php:1.101.2.13.2.10 Fri Oct 31
23:50:59 2003
+++ phpgwapi/inc/class.accounts_ldap.inc.php Fri Jan 9 01:33:57 2004
@@ -4,6 +4,7 @@
* Written by Joseph Engo <address@hidden> *
* and Lars Kneschke <address@hidden> *
* and Bettina Gille <address@hidden> *
+ * and Philipp Kamps <address@hidden> *
* View and manipulate account records using LDAP
*
* Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke
*
* Copyright (C) 2003 Lars Kneschke, Bettina Gille
*
@@ -30,6 +31,19 @@
var $ds;
var $user_context = '';
var $group_context = '';
+
+ var $rdn_account = 'uid';
+ var $rdn_group = 'cn';
+ var $fallback_homedirectory = '/tmp';
+ var $fallback_loginshell = '/bin/bash';
+ var $fallback_apps = array('addressbook',
+ 'calendar',
+ 'email',
+ 'notes',
+ 'todo',
+
'phpwebhosting',
+ 'manual'
+ );
function accounts($account_id = '', $account_type = '')
{
@@ -44,6 +58,7 @@
function read_repository()
{
+
$acct_type = $this->get_type($this->account_id);
/* search the dn for the given uid */
@@ -58,280 +73,97 @@
$allValues = ldap_get_entries($this->ds, $sri);
/* Now dump it into the array; take first entry found */
- if($acct_type =='g')
+ if($acct_type == 'g')
{
- $this->data['account_id'] =
$allValues[0]['gidnumber'][0];
- $this->data['account_lid'] =
$allValues[0]['cn'][0];
- $this->data['firstname'] =
utf8_decode($allValues[0]['cn'][0]);
- $this->data['lastname'] = 'Group';
+ $this->data['account_id'] =
$allValues[0]['gidnumber'][0];
+ $this->data['account_lid'] =
$allValues[0]['cn'][0];
+ $this->data['account_firstname'] =
utf8_decode($allValues[0]['cn'][0]);
+ $this->data['account_lastname'] = 'Group';
+ $this->data['type'] = 'g';
}
else
{
- $this->data['account_id'] =
$allValues[0]['uidnumber'][0];
- $this->data['account_lid'] =
$allValues[0]['uid'][0];
- $this->data['firstname'] =
utf8_decode($allValues[0]['givenname'][0]);
- $this->data['lastname'] =
utf8_decode($allValues[0]['sn'][0]);
- }
- $this->data['account_dn'] = $allValues[0]['dn'];
- $this->data['fullname'] = $allValues[0]['cn'][0];
+ $this->data['account_id'] =
$allValues[0]['uidnumber'][0];
+ $this->data['account_lid'] =
$allValues[0]['uid'][0];
+ $this->data['account_firstname'] =
utf8_decode($allValues[0]['givenname'][0]);
+ $this->data['account_lastname'] =
utf8_decode($allValues[0]['sn'][0]);
+ $this->data['type'] = 'u';
+ }
+ $this->data['account_dn'] =
$allValues[0]['dn'];
+ $this->data['fullname'] =
$allValues[0]['cn'][0];
- if
($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
+ $this->data['homedirectory'] =
$allValues[0]['homedirectory'][0];
+ $this->data['loginshell'] =
$allValues[0]['loginshell'][0];
+
+ $this->data['expires'] =
$allValues[0]['accountexpires'][0];
+ if ($allValues[0]['accountstatus'][0] == 'A')
{
- $this->data['homedirectory'] =
$allValues[0]['homedirectory'][0];
- $this->data['loginshell'] =
$allValues[0]['loginshell'][0];
+ $this->data['status'] = 'A';
}
-
- $this->data['lastlogin'] =
$allValues[0]['phpgwaccountlastlogin'][0];
- $this->data['lastloginfrom'] =
$allValues[0]['phpgwaccountlastloginfrom'][0];
- $this->data['lastpasswd_change'] =
@$allValues[0]['phpgwlastpasswdchange'][0];
- $this->data['status'] =
trim($allValues[0]['phpgwaccountstatus'][0]);
- $this->data['type'] =
$allValues[0]['phpgwaccounttype'][0];
- $this->data['expires'] =
$allValues[0]['phpgwaccountexpires'][0];
- $this->data['person_id'] =
$allValues[0]['phpgwpersonid'][0];
-
return $this->data;
}
+ /* ohne worte */
function save_repository()
{
$acct_type = $this->get_type($this->account_id);
- /* search the dn for the given u/gidnumber */
- if ( ($acct_type == 'g') && $this->group_context )
- {
- $sri = ldap_search($this->ds,
$this->group_context, 'gidnumber='.$this->account_id);
- }
- else
- {
- $sri = ldap_search($this->ds,
$this->user_context, 'uidnumber='.$this->account_id);
- }
- $allValues = ldap_get_entries($this->ds, $sri);
-
- $this->data['account_type'] =
$allValues[0]['phpgwaccounttype'][0];
-
- if($acct_type == 'u')
- {
- $entry['cn'] =
utf8_encode(sprintf("%s %s", $this->data['firstname'],
$this->data['lastname']));
- if($this->data['person_id'])
- {
- $entry['phpgwpersonid'] =
$this->data['person_id'];
- }
- }
- else
- {
- $entry['cn'] =
utf8_encode($this->data['firstname']);
- }
-
- $entry['sn'] =
utf8_encode($this->data['lastname']);
- $entry['givenname'] =
utf8_encode($this->data['firstname']);
- $entry['phpgwaccountlastlogin'] =
$this->data['lastlogin'];
- $entry['phpgwaccountlastloginfrom'] =
$this->data['lastloginfrom'];
- $entry['phpgwlastpasswdchange'] =
$this->data['lastpasswd_change'];
- $entry['phpgwaccountstatus'] = $this->data['status'];
- $entry['phpgwaccounttype'] = $this->data['type'];
- $entry['phpgwaccountexpires'] =
$this->data['expires'];
-
- if
($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
- {
- $entry['homedirectory'] =
$this->data['homedirectory'];
- $entry['loginshell'] =
$this->data['loginshell'];
- }
-
- /*
- Changing the uid: Need to delete and add new, since
- PHP cannot change the dn for the entry.
- */
if ($acct_type == 'g')
{
- $test = $allValues[0]['cn'][0];
+ return $this->create_group($this->data, '');
}
else
{
- $test = $allValues[0]['uid'][0];
- }
- if ($test != $this->data['account_lid'])
- {
- ldap_delete($this->ds,$allValues[0]['dn']);
- unset($allValues[0]['dn']);
- while (list($key,$val) = each($allValues[0]))
- {
- /* Don't include row count and headers
*/
- if (is_string($key) && $key != 'count')
- {
- if (is_array($val))
- {
- if (count($val) == 1)
- {
- if($val[0])
- {
-
$entry[$key] = $val[0];
- }
- }
- else
- {
- for
($i=0;$i<count($val);$i++)
- {
-
if($val[$i])
- {
-
$entry[$key][$i] = $val[$i];
- }
- }
- }
- }
- else
- {
- $entry[$key] = $val;
- }
- }
- }
-
- /* Groups */
- if ($this->data['account_type'] == 'g' &&
$this->group_context )
- {
- $dn =
'cn='.$this->data['account_lid'].','.$this->group_context;
- $entry['cn'] =
utf8_encode($this->data['account_lid']);
- $entry['gidnumber'] =
$this->data['account_id'];
- /* $entry["objectclass"] = ''; */
- $entry['objectclass'][0] = 'top';
- $entry['objectclass'][1] = 'posixGroup';
- $members =
$this->member($this->data['account_id']);
- $entry['memberuid'] = array();
- for ($i=0;$i<count($members);$i++)
- {
- $currname =
$this->id2name($members[$i]['account_id']);
- if
(!$this->isin_array($currname,$entry['memberuid']))
- {
- $entry['memberuid'][] =
$currname;
- }
- }
- }
- /* Accounts */
- else
- {
- $dn =
'uid='.$this->data['account_lid'].','.$this->user_context;
- $entry['uidnumber'] =
$this->data['account_id'];
- $entry['cn'] = utf8_encode(sprintf("%s
%s", $this->data['firstname'], $this->data['lastname']));
- $entry['uid'] =
$this->data['account_lid'];
- $entry['givenname'] =
utf8_encode($this->data['firstname']);
- $entry['sn'] =
utf8_encode($this->data['lastname']);
- $entry['objectclass'] = '';
- $entry['objectclass'][0] = 'top';
- $entry['objectclass'][1] = 'person';
- $entry['objectclass'][2] =
'organizationalPerson';
- $entry['objectclass'][3] =
'inetOrgPerson';
- /* $entry['objectclass'][4] =
'account'; Causes problems with some LDAP servers */
- $entry['objectclass'][4] =
'posixAccount';
- $entry['objectclass'][5] =
'shadowAccount';
- $entry['objectclass'][6] =
'phpgwAccount';
-
- if
($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
- {
- $entry['homedirectory'] =
$this->data['homedirectory'];
- $entry['loginshell'] =
$this->data['loginshell'];
- }
- if($this->data['person_id'])
- {
- $entry['phpgwpersonid']
= $this->data['person_id'];
- }
- }
- /* print_r($entry); exit;*/
- ldap_add($this->ds, $dn, $entry);
- }
- /* Normal behavior for save_repository */
- else
- {
- if ($this->data['account_type'] == 'g' &&
$this->group_context )
- {
- $members =
$this->member($this->data['account_id']);
- $entry['memberuid'] = array();
- for ($i=0;$i<count($members);$i++)
- {
- $currname =
$this->id2name($members[$i]['account_id']);
- if
(!$this->isin_array($currname,$entry['memberuid']))
- {
- $entry['memberuid'][] =
$currname;
- }
- }
- unset($entry['givenname']);
- unset($entry['sn']);
- }
- while (list($key,$val) = each($entry))
- {
- $tmpentry = '';
- if(is_array($val))
- {
- $tmpentry[$key] = $val;
- }
- else
- {
- $tmpentry[$key] = trim($val);
/* must trim! */
- }
-
- if ($tmpentry[$key] && $key)
- {
- if (!$allValues[0][$key][0])
- {
- print_r($tmpentry);
- /* attribute was not in
LDAP, add it */
- ldap_mod_add($this->ds,
$allValues[0]['dn'], $tmpentry);
- }
- else
- {
- /* attribute was in
LDAP, modify it */
- ldap_modify($this->ds,
$allValues[0]['dn'], $tmpentry);
- }
- }
- }
- /* If status is to be set inactive, insert a
space here. This is trimmed in read_repository. */
- if (!$entry['phpgwaccountstatus'])
- {
- if
(!$allValues[0]['phpgwaccountstatus'][0])
- {
- /* attribute was not in LDAP,
add it */
- ldap_mod_add($this->ds,
$allValues[0]['dn'], array('phpgwaccountstatus' => ' '));
- }
- else
- {
- /* attribute was in LDAP,
modify it */
- ldap_modify($this->ds,
$allValues[0]['dn'], array('phpgwaccountstatus' => ' '));
- }
- }
+ return $this->create_account($this->data, '');
}
}
-
- function isin_array($needle,$haystack='')
+
+ /**
+ * delete an account or group of the phpgw
+ *
+ * @param integer $id id of group/account to delete
+ * @return boolean success of delete
+ */
+ function delete($id = '')
{
- if(gettype($haystack) != 'array')
+ $id = get_account_id($id);
+ $type = $this->get_type($id);
+
+ if ($type == 'g')
{
- return False;
+ $sri = ldap_search($this->ds,
$this->group_context, '(&(objectclass=phpgwgroup)(gidnumber='.$id.'))');
+ $allValues = ldap_get_entries($this->ds, $sri);
}
- for($i=0;$i<count($haystack) && $haystack[$i]
!=$needle;$i++);
- return ($i!=count($haystack));
- }
-
- function delete($accountid = '')
- {
- $account_id = get_account_id($accountid);
- $account_lid = $this->id2name($account_id);
-
- $sri = ldap_search($this->ds, $this->group_context,
'gidnumber='.$account_id);
- $allValues = ldap_get_entries($this->ds, $sri);
-
- if(!$allValues[0]['dn'])
+ else
{
- $sri = ldap_search($this->ds,
$this->user_context, 'uid='.$account_lid);
+ $sri = ldap_search($this->ds,
$this->user_context, '(&(objectclass=phpgwaccount)(uidnumber='.$id.'))');
$allValues = ldap_get_entries($this->ds, $sri);
}
-
+
if ($allValues[0]['dn'])
{
$del = ldap_delete($this->ds,
$allValues[0]['dn']);
+ return $del;
+ }
+ else
+ {
+ return false;
}
}
+ /**
+ * reads all accounts or groups for the phpgw
+ *
+ * @param string
+ * @param string
+ * @param string
+ * @param string
+ * @param string
+ * @param string
+ * @return mixed
+ */
function get_list($_type='both', $start = '',$sort = '', $order
= '', $query = '', $offset = '')
{
- //print "\$_type=$_type, \$start=$start , \$sort=$sort,
\$order=$order, \$query=$query, \$offset=$offset<br>";
$query = strtolower($query);
if ($offset)
{
@@ -349,99 +181,15 @@
if ($_type == 'accounts')
{
- if(empty($query) || $query == "*")
- {
- $filter =
"(&(uidnumber=*)(phpgwaccounttype=u))";
- }
- else
- {
- $filter =
"(&(uidnumber=*)(phpgwaccounttype=u)(|(uid=*$query*)(sn=*$query*)(cn=*$query*)(givenname=*$query*)))";
- }
- $sri = ldap_search($this->ds,
$this->user_context, $filter);
- $allValues = ldap_get_entries($this->ds, $sri);
- while (list($null,$allVals) = @each($allValues))
- {
- settype($allVals,'array');
- $test = @$allVals['uid'][0];
- if
(!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] &&
$allVals['uid'][0])
- {
- $accounts[] = Array(
- 'account_id' =>
$allVals['uidnumber'][0],
- 'account_lid' =>
$allVals['uid'][0],
- 'account_type' =>
$allVals['phpgwaccounttype'][0],
- 'account_firstname' =>
utf8_decode($allVals['givenname'][0]),
- 'account_lastname' =>
utf8_decode($allVals['sn'][0]),
- 'account_status' =>
$allVals['phpgwaccountstatus'][0]
- );
- }
- }
+ $listentries = $this->get_accountList($query);
}
elseif ($_type == 'groups')
{
- if(empty($query) || $query == "*")
- {
- $filter =
"(&(gidnumber=*)(phpgwaccounttype=g))";
- }
- else
- {
- $filter =
"(&(gidnumber=*)(phpgwaccounttype=g)(|(uid=*$query*)(sn=*$query*)(cn=*$query*)(givenname=*$query*)))";
- }
- $sri = ldap_search($this->ds,
$this->group_context, $filter);
- $allValues = ldap_get_entries($this->ds, $sri);
- while (list($null,$allVals) = @each($allValues))
- {
- settype($allVals,'array');
- $test = $allVals['cn'][0];
- if
(!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] &&
$allVals['cn'][0])
- {
- $accounts[] = Array(
- 'account_id' =>
$allVals['gidnumber'][0],
- 'account_lid' =>
$allVals['cn'][0],
- 'account_type' =>
$allVals['phpgwaccounttype'][0],
- 'account_firstname' =>
utf8_decode($allVals['givenname'][0]),
- 'account_lastname' =>
utf8_decode($allVals['sn'][0]),
- 'account_status' =>
$allVals['phpgwaccountstatus'][0]
- );
- }
- }
+ $listentries = $this->get_groupList($query);
}
else
{
- if(empty($query) || $query == "*")
- {
- $filter =
"(&(gidnumber=*)(phpgwaccounttype=*))";
- }
- else
- {
- $filter =
"(&(gidnumber=*)(phpgwaccounttype=*)(|(uid=*$query*)(sn=*$query*)(cn=*$query*)(givenname=*$query*)))";
- }
- $sri = ldap_search($this->ds,
$this->group_context, $filter);
- $allValues = ldap_get_entries($this->ds, $sri);
- while (list($null,$allVals) = @each($allValues))
- {
- settype($allVals,'array');
-
- if($allVals['phpgwaccounttype'][0] ==
'u')
- {
- $_uid = @$allVals['uid'][0];
- }
- else
- {
- $_uid = $allVals['cn'][0];
- }
-
- if
(!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$_uid] && $_uid)
- {
- $accounts[] = Array(
- 'account_id'
=> $allVals['gidnumber'][0],
- 'account_lid'
=> $_uid,
- 'account_type'
=> $allVals['phpgwaccounttype'][0],
- 'account_firstname'
=> $allVals['givenname'][0],
- 'account_lastname'
=> $allVals['sn'][0],
- 'account_status'
=> $allVals['phpgwaccountstatus'][0]
- );
- }
- }
+ $listentries =
array_merge($this->get_accountList($query), $this->get_groupList($query));
}
// sort the array
@@ -450,30 +198,106 @@
{
$order = 'account_lid';
}
- $sortedAccounts =
$arrayFunctions->arfsort($accounts,array($order),$sort);
- $this->total = count($accounts);
+ $sortedlist =
$arrayFunctions->arfsort($listentries,array($order),$sort);
+ $this->total = count($listentries); // this shouldn't
be an obejct var for one account/group whatever
- // return only the wanted accounts
-
- if (is_array($sortedAccounts))
+ if (is_array($sortedlist))
{
- reset($sortedAccounts);
+ reset($sortedlist);
if(is_int($start) && is_int($offset))
{
- return array_slice($sortedAccounts,
$start, $offset);
+ return array_slice($sortedlist, $start,
$offset);
}
elseif(is_int($start))
{
- return array_slice($sortedAccounts,
$start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
+ return array_slice($sortedlist, $start,
$GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
}
else
{
- return $sortedAccounts;
+ return $sortedlist;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * reads all accounts for the phpgw
+ *
+ * @param string $query
+ * @return array Array of accounts
+ */
+ function get_accountList($query)
+ {
+ if(empty($query) || $query == "*")
+ {
+ $filter =
'(&(uidnumber=*)(objectclass=posixaccount))';
+ }
+ else
+ {
+ $filter =
"(&(uidnumber=*)(objectclass=posixaccount)(|(uid=*$query*)(sn=*$query*)(cn=*$query*)(givenname=*$query*)))";
+ }
+ $sri = ldap_search($this->ds, $this->user_context,
$filter);
+ $allValues = ldap_get_entries($this->ds, $sri);
+ while (list($null,$allVals) = @each($allValues))
+ {
+ settype($allVals,'array');
+ $test = @$allVals['uid'][0];
+ if
(!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] &&
$allVals['uid'][0])
+ {
+ $accounts[] = Array(
+ 'account_id' =>
$allVals['uidnumber'][0],
+ 'account_lid' =>
$allVals['uid'][0],
+ 'account_type' => 'u',
+ 'account_firstname' =>
utf8_decode($allVals['givenname'][0]),
+ 'account_lastname' =>
utf8_decode($allVals['sn'][0]),
+ 'account_status' =>
$allVals['accountstatus'][0]
+ );
+ }
+ }
+ return $accounts;
+ }
+
+ /**
+ * reads all groups for the phpgw
+ *
+ * @param string $query
+ * @return array Array of groups
+ */
+ function get_groupList($query)
+ {
+ if(empty($query) || $query == "*")
+ {
+ $filter =
'(&(gidnumber=*)(objectclass=posixgroup))';
+ }
+ else
+ {
+ $filter =
"(&(gidnumber=*)(objectclass=posixgroup)(|(uid=*$query*)(sn=*$query*)(cn=*$query*)(givenname=*$query*)))";
+ }
+ $sri = ldap_search($this->ds, $this->group_context,
$filter);
+ $allValues = ldap_get_entries($this->ds, $sri);
+ while (list($null,$allVals) = @each($allValues))
+ {
+ settype($allVals,'array');
+ $test = $allVals['cn'][0];
+ if
(!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] &&
$allVals['cn'][0])
+ {
+ $groups[] = Array(
+ 'account_id' =>
$allVals['gidnumber'][0],
+ 'account_lid' =>
$allVals['cn'][0],
+ 'account_type' => 'g',
+ );
}
}
- return False;
+ return $groups;
}
+ /**
+ * gets the id of a group or an account
+ *
+ * @param array $name group name or login name the method
search the id for
+ * @return mixed id of the group/account when found
+ * false when group/account name do not exist
+ */
function name2id($account_lid)
{
static $name_list;
@@ -483,64 +307,94 @@
return $name_list[$account_lid];
}
- $sri = ldap_search($this->ds, $this->group_context,
"(&(cn=$account_lid)(phpgwaccounttype=g))");
+ $id = $this->groupName2id($account_lid);
+ $uid = $this->accountName2id($account_lid);
+
+ if ($uid)
+ {
+ $id = $uid;
+ }
+ return $id;
+ }
+
+ /**
+ * gets the id to a group name
+ *
+ * @param array $name name of the group the method search the id
+ * @return mixed id of the group when found
+ * false when group name do not exist
+ */
+ function groupName2id ($name)
+ {
+ $sri = ldap_search($this->ds, $this->group_context,
'(&(cn='. $name .')(objectclass=phpgwgroup))');
$allValues = ldap_get_entries($this->ds, $sri);
if (@$allValues[0]['gidnumber'][0])
{
- $name_list[$account_lid] =
intval($allValues[0]['gidnumber'][0]);
+ return intval($allValues[0]['gidnumber'][0]);
}
-
- $sri = ldap_search($this->ds, $this->user_context,
"(&(uid=$account_lid)(phpgwaccounttype=u))");
-
+ else
+ {
+ return false;
+ }
+ }
+
+ /**
+ * gets the id to a account name
+ *
+ * @param array $name login name of the account the method
search the id
+ * @return mixed id of the account when found
+ * false when account name does not exist
+ */
+ function accountName2id($name)
+ {
+ $sri = ldap_search($this->ds, $this->user_context,
'(&(uid='. $name .')(objectclass=phpgwaccount))');
$allValues = ldap_get_entries($this->ds, $sri);
if (@$allValues[0]['uidnumber'][0])
{
- $name_list[$account_lid] =
intval($allValues[0]['uidnumber'][0]);
+ return intval($allValues[0]['uidnumber'][0]);
+ }
+ else
+ {
+ return false;
}
-
- return $name_list[$account_lid];
}
- function id2name($account_id)
+ /**
+ * gets the name to an account or group id
+ *
+ * @param integer $id id of the account or the group the method
search the name
+ * @return mixed name of the account or the group when found
+ * false when account or group name do not exist
+ */
+ function id2name($id)
{
static $id_list;
-
- if(isset($id_list[$account_id]))
+ if(isset($id_list[$id]))
{
- return $id_list[$account_id];
+ return $id_list[$id];
}
- $allValues = array();
- $sri = ldap_search($this->ds, $this->group_context,
"(&(gidnumber=$account_id)(phpgwaccounttype=g))");
- $allValues = ldap_get_entries($this->ds, $sri);
-
- if (@$allValues[0]['cn'][0])
+ $type = $this->get_type($id);
+
+ if ($type == 'g')
{
- $id_list[$account_id] = $allValues[0]['cn'][0];
- return $id_list[$account_id];
+ $group = $this->group_exists($id);
+ $name = $group['cn'][0];
}
-
- $allValues = array();
- $sri = ldap_search($this->ds, $this->user_context,
"(&(uidnumber=$account_id)(phpgwaccounttype=u))");
- $allValues = ldap_get_entries($this->ds, $sri);
-
- if (@$allValues[0]['uid'][0])
+ elseif ($type == 'u')
{
- $id_list[$account_id] = $allValues[0]['uid'][0];
- return $id_list[$account_id];
+ $account = $this->account_exists($id);
+ $name = $account['uid'][0];
}
-
- return $id_list[$account_id];
+ else
+ {
+ return false;
+ }
+ return $name;
}
- /**
- * Search by the person_id attribute on accounte entry
- *
- * based on id2name
- * @param integer $person_id The person_id to search
- */
function search_person($person_id)
{
static $person_list;
@@ -573,250 +427,623 @@
return $person_list[$person_id];
}
- function get_type($accountid = '')
+ /**
+ * tries to guess the if the given id is a group or an account
+ *
+ * @param integer $id
+ * @return mixed 'u' for account (user)
+ * 'g' for group
+ * 'false' for no existing id
+ */
+ function get_type($id = '') // get_type() without an id - what
do you expect me to return!?
{
- static $account_type;
- $account_id = get_account_id($accountid);
+ if ($this->account_exists($id))
+ {
+ $type = 'u';
+ }
+ if ($this->group_exists($id))
+ {
+ if ($type == 'u')
+ {
+ die('account/group id conflict - bad
luck');
+ }
+ else
+ {
+ $type = 'g';
+ }
+ }
+ if ($type)
+ {
+ return $type;
+ }
+ else
+ {
+ return false;
+ }
+ }
- if (isset($this->account_type) && $account_id ==
$this->account_id)
+
+
+ /**
+ * gets next free id for an account or for a group
+ *
+ * @param byte $type 'u' for account (user), 'g' for group
+ * @return mixed free id for an account or a group
+ * false when no free id is available
+ */
+ function get_nextid($type = 'u')
+ {
+ if ($type == 'u')
+ {
+ return $this->get_nextAccountID();
+ }
+ elseif ($type == 'g')
{
- return $this->account_type;
+ return $this->get_nextGroupID();
}
+ else
+ {
+ return false;
+ }
+ }
+
+ /**
+ * gets next free id for an account
+ *
+ * @return mixed free id for an account
+ * false when no free id is available
+ */
+ function get_nextAccountID()
+ {
+ $filter =
'(|(objectclass=posixaccount)(objectclass=phpgwaccount))';
+ $result = ldap_search($this->ds, $this->user_context,
$filter, array('uidnumber'));
+ $allValues = ldap_get_entries($this->ds, $result);
- if(@isset($account_type[$account_id]) &&
@$account_type[$account_id])
+ // parse all LDAP uidnumbers in a single array '$IDs'
+ while (list($key,$val) = each($allValues))
{
- return $account_type[$account_id];
+ if (is_int($key))
+ {
+ $IDs[] =
$allValues[$key]['uidnumber'][0];
+ }
}
- $allValues = array();
- $sri = ldap_search($this->ds, $this->user_context,
"(&(uidnumber=$account_id)(phpgwaccounttype=u))");
- $allValues = ldap_get_entries($this->ds, $sri);
+ return $this->idTester($IDs,
$GLOBALS['phpgw_info']['server']['account_min_id'],
$GLOBALS['phpgw_info']['server']['account_max_id'] );
+ }
+
+ /**
+ * gets next free id for a group
+ *
+ * @return mixed free id for a group
+ * false when no free id is available
+ */
+ function get_nextGroupID()
+ {
+ $filter =
'(|(objectclass=posixgroup)(objectclass=phpgwgroup))';
+ $result = ldap_search($this->ds, $this->group_context,
$filter, array('gidnumber'));
+ $allValues = ldap_get_entries($this->ds, $result);
+
+ while (list($key,$val) = each($allValues))
+ {
+ if (is_int($key))
+ {
+ $IDs[] =
$allValues[$key]['gidnumber'][0];
+ }
+ }
+ return $this->idTester($IDs,
$GLOBALS['phpgw_info']['server']['group_min_id'],
$GLOBALS['phpgw_info']['server']['group_max_id'] );
+ }
+
+ /**
+ * checks if a group exists
+ *
+ * @param integer $id
+ * @param string $dn
+ * @return mixed
+ */
+ function group_exists($id, $dn = '')
+ {
+ if ($id)
+ {
+ $result = ldap_search($this->ds,
$this->group_context, 'gidnumber=' . $id);
+ $allValues = ldap_get_entries($this->ds,
$result);
+ if ($allValues[0]['dn'])
+ {
+ return $allValues[0];
+ }
+ else
+ {
+ return $this->dn_exists($dn);
+ }
+ }
+ return false;
+ }
+
+ /**
+ * checks if an account exists
+ *
+ * @param integer $id
+ * @param string $dn
+ * @return mixed
+ */
+ function account_exists($id, $dn = '')
+ {
+ if ($id)
+ {
+ $result = ldap_search($this->ds,
$this->user_context, 'uidnumber=' . $id);
+ $allValues = ldap_get_entries($this->ds,
$result);
+ if ($allValues[0]['dn'])
+ {
+ return $allValues[0];
+ }
+ else
+ {
+ return $this->dn_exists($dn);
+ }
+ }
+ return false;
+ }
- if ($allValues[0]['phpgwaccounttype'][0])
+ /**
+ * checks if an phpgwcontact exists in LDAP
+ *
+ * @param integer $id
+ * @param string $dn
+ * @return mixed
+ */
+ function person_exists($id, $dn = '')
+ {
+ if ($id)
{
- $allValues[0]['phpgwaccounttype'][0];
- $account_type[$account_id] =
$allValues[0]['phpgwaccounttype'][0];
- return $account_type[$account_id];
+ $result = ldap_search($this->ds,
$this->user_context, 'phpgwcontact=' . $id);
+ $allValues = ldap_get_entries($this->ds,
$result);
+ if ($allValues[0]['dn'])
+ {
+ return $allValues[0];
+ }
+ else
+ {
+ return $this->dn_exists($dn);
+ }
}
+ return false;
+ }
- $allValues = array();
- $sri = ldap_search($this->ds, $this->group_context,
"(&(gidnumber=$account_id)(phpgwaccounttype=g))");
- $allValues = ldap_get_entries($this->ds, $sri);
-
- if ($allValues[0]['phpgwaccounttype'][0])
+
+ /**
+ * checks if the given dn exists
+ *
+ * @param string $dn
+ * @return mixed
+ */
+ function dn_exists($dn)
+ {
+ if ($dn != '')
{
- $account_type[$account_id] =
$allValues[0]['phpgwaccounttype'][0];
- return $account_type[$account_id];
+ $result = @ldap_search($this->ds, $dn,
'objectclass=*');
+ if ($result)
+ {
+ $allValues =
ldap_get_entries($this->ds, $result);
+ if ($allValues[0]['dn'])
+ {
+ return $allValues[0];
+ }
+ }
}
- return $account_type[$account_id];
+ return false;
}
- /*
- * returns nonzero if $account exists in LDAP: 0: nowhere 1:
user accounts, 2: group accounts, 3: both
- * $account can be an account_id (LDAP: uidnumber) or an
account_lid (LDAP: uid) (is determinded by gettype($account) == 'integer')
+ /**
+ * checks if a group or an account exists
+ *
+ * @param integer $id
*/
- function exists($account)
+ function exists($id)
{
- /* This sets up internal caching variables for this
functon */
- static $by_id, $by_lid;
- $users = array();
- $groups = array();
+ if (!is_int($id) && $id != '')
+ {
+ $id = $this->name2id($id);
+ }
- if(is_int($account))
+ if ($id)
{
- $ldapgroup = 'gidnumber';
- $ldapacct = 'uidnumber';
- /* If data is cached, use it. */
- if(@isset($by_id[$account]) &&
@$by_id[$account])
+ $return = 0;
+ if ($this->account_exists($id))
{
- return $by_id[$account];
+ $return++;
}
- }
- else
- {
- $ldapgroup = 'cn';
- $ldapacct = 'uid';
- /* If data is cached, use it. */
- if(@isset($by_lid[$account]) &&
@$by_lid[$account])
+ if ($this->group_exists($id));
{
- return $by_lid[$account];
+ $return++;
}
+ return $return;
}
-
- $acct_type = $this->get_type($account);
-
- if ($acct_type == 'g' && $this->group_context)
+ else
{
- $sri = ldap_search($this->ds,
$this->group_context, $ldapgroup . '=' . $account);
- $groups = ldap_get_entries($this->ds, $sri);
+ return false;
}
- $sri = ldap_search($this->ds, $this->user_context,
$ldapacct . '=' . $account);
- $users = ldap_get_entries($this->ds, $sri);
+ }
- if ($users[0]['dn'])
+ /**
+ * creates an account or group
+ *
+ * @param array $account_info
+ * @param string $default_prefs
+ * @return mixed
+ */
+ function create($account_info,$default_prefs = true)
+ {
+ if (empty($account_info['account_id']) ||
!$account_info['account_id'])
{
- $in += 1;
+ $account_info['account_id'] =
$this->get_nextid($account_info['account_type']);
}
- if ($groups[0]['dn'])
+ if ($account_info['account_type'] == 'u')
{
- $in += 2;
+ $this->create_account($account_info,
$default_prefs);
}
- /* This sets up internal caching for this function */
- if($ldapgroup == 'gidnumber')
+ elseif($account_info['account_type'] == 'g')
{
- $by_id[$account] = $in;
- $by_lid[$this->id2name($account)] = $in;
+ $this->create_group($account_info,
$default_prefs);
}
else
{
- $by_lid[$account] = $in;
- $by_id[$this->name2id($account)] = $in;
+ return false;
}
-
- return $in;
+
+ if($account_info[$account_id] &&
is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
+ {
+
$GLOBALS['phpgw']->preferences->create_defaults($account_info[$account_id]);
+ }
+ return $account_info[$account_id];
}
- function create($account_info,$default_prefs=True)
+ /**
+ * creates an account
+ *
+ * @param array $account_info
+ * @param string $default_prefs
+ * @return mixed
+ */
+ function create_account($account_info, $default_prefs)
{
- /* echo '<br>in create for account_lid:
"'.$account_lid.'"'; */
- if (empty($account_info['account_id']) ||
!$account_info['account_id'])
+ $dn = $this->rdn_account .
+ '=' .
+
$this->get_leafName($account_info['account_firstname'],
$account_info['account_lastname'], $account_info['account_lid']) .
+ ',' .
+ $this->user_context;
+
+ // phpgw attributes
+ $entry['objectclass'][] = 'phpgwAccount';
+ $entry['phpgwAccountID'] =
$account_info['account_id'];
+ $entry['accountexpires'] =
$account_info['account_expires'];
+ if ($account_info['account_status'])
{
- $account_id =
$this->get_nextid($account_info['account_type']);
- /* echo '<br>using'.$account_id;exit; */
+ $entry['accountstatus'] =
$account_info['account_status'];
}
else
{
- $account_id = $account_info['account_id'];
+ $entry['accountstatus'] = 'I'; // 'I' for
inactiv
}
- $entry['userpassword'] =
$account_info['account_passwd'];
- $entry['phpgwaccounttype'] =
$account_info['account_type'];
- $entry['phpgwaccountexpires'] =
$account_info['account_expires'];
-
- if ($account_info['account_type'] == 'g')
+ if ($account_info['lastlogin'])
{
- $sri = ldap_search($this->ds,
$this->group_context, 'cn=' . $account_info['account_lid']);
+ $entry['lastlogin'] =
$account_info['lastlogin'];
}
- else
+ if ($account_info['lastloginfrom'])
{
- $sri = ldap_search($this->ds,
$this->user_context, 'uid=' . $account_info['account_lid']);
+ $entry['lastloginfrom'] =
$account_info['lastloginfrom'];
}
- $allValues = ldap_get_entries($this->ds, $sri);
+ if ($account_info['lastpasswd_change'])
+ {
+ $entry['lastpasswdchange'] =
$account_info['lastpasswd_change'];
+ }
+
+ // additional attributes from the phpgw for groups
+ $entry['objectclass'][] = 'posixAccount';
+ $entry['cn'] =
utf8_encode($this->get_fullname($account_info['account_firstname'],
$account_info['account_lastname']));
+ $entry['uidnumber'] =
$account_info['account_id'];
+ $entry['uid'] =
$account_info['account_lid'];
+ $entry['description'] = lang('phpgw-created
account');
+ if ( $account_info['account_firstname'] )
+ {
+ $entry['givenname'] =
utf8_encode($account_info['account_firstname']);
+ }
+ if ( $account_info['account_lastname'] )
+ {
+ $entry['sn'] =
utf8_encode($account_info['account_lastname']);
+ }
+ if ($account_info['account_passwd'])
+ {
+ $entry['userpassword'] =
$GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
+ }
+
+ // Fields are must for LDAP - so we write them in any
case
+ $entry['homedirectory'] =
$this->get_homedirectory($account_info['homedirectory'],
$account_info['account_lid']);
+ $entry['loginshell'] =
$this->get_loginshell($account_info['loginshell']);
- if
($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] &&
$account_info['account_type'] != 'g')
+
+ // special gidnumber handling
+ if ($GLOBALS['phpgw_info']['server']['ldap_group_id'])
{
- $entry['homedirectory'] =
$account_info['homedirectory'] && $account_info['homedirectory'] !=
$GLOBALS['phpgw_info']['server']['ldap_account_home'] ?
$account_info['homedirectory'] :
$GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid'];
- $entry['loginshell'] =
$account_info['loginshell'] ? $account_info['loginshell'] :
$GLOBALS['phpgw_info']['server']['ldap_account_shell'];
+ $enty['gidnumber'] =
$GLOBALS['phpgw_info']['server']['ldap_group_id'];
+ }
+ else
+ {
+ $entry['gidnumber'] =
$account_info['account_id'];
}
- if ($allValues[0]['dn'])
+ $oldEntry =
$this->account_exists($account_info['account_id'], $dn);
+
+ if ($oldEntry) // found an existing entry in LDAP
{
- /* This should keep the password from being
overwritten here on ldap import */
- unset($entry['userpassword']);
- $entry['gidnumber'] = $account_id;
-
- while (list($key,$val) = each($entry))
- {
- $tmpentry = '';
- $tmpentry[$key] = trim($val); /* must
trim! */
- /* echo '<br>'.$key.' '.$val; */
- if ($tmpentry[$key])
+ if ($this->createMode == 'replace')
+ {
+ ldap_delete($this->ds, $oldEntry['dn']);
+ $this->add_LDAP_Entry($dn, $entry);
+ }
+ elseif ($this->createMode == 'extend')
+ {
+ /* not yet implemented */
+ }
+ else // createMode == 'modify'
+ {
+ while (list($key,$val) =
each($oldEntry))
{
- if (!$allValues[0][$key][0])
- {
- /* attribute was not in
LDAP, add it */
- ldap_mod_add($this->ds,
$allValues[0]['dn'], $tmpentry);
- }
- else
+ if (!is_int($key))
{
- /* attribute was in
LDAP, modify it */
- ldap_modify($this->ds,
$allValues[0]['dn'], $tmpentry);
- }
+
unset($oldEntry[$key]['count']);
+ switch ($key)
+ {
+ case 'dn':
+ if
($oldEntry['dn'] != $dn) // new group name DN should renamed as well
+ {
+
$oldEntry['dn'] = $this->rename_LDAP_entry($oldEntry['dn'], $dn,
$this->user_context);
+
if (!$oldEntry)
+
{
+
print ldap_error($this->ds);
+
die('<br><br>LDAP rename error');
+
}
+ }
+ break;
+
+ case 'count':
+ case 'cn':
+ case
'description':
+ case
'phpgwaccountid':
+ case
'gidnumber':
+ case
'accountstatus':
+ case
'accountexpires':
+ case
'uidnumber':
+ case 'uid':
+ case
'userpassword':
+ case
'homedirectory':
+ case
'loginshell':
+ case
'givenname':
+ case 'sn':
+ case
'lastlogin':
+ case
'lastloginfrom':
+ case
'lastpasswordchange':
+ break;
+
+ case
'objectclass':
+ if(
!in_array('phpgwAccount', $oldEntry[$key]) && !in_array('phpgwAccount',
$oldEntry[$key]) )
+ {
+
$entry[$key] = $oldEntry[$key];
+
array_push($entry[$key], 'phpgwAccount');
+ }
+ else
+ {
+
$entry[$key] = $oldEntry[$key];
+ }
+ break;
+
+ default:
+
$entry[$key] = $oldEntry[$key];
+ }
+ }
}
+
$this->modify_LDAP_Entry($oldEntry['dn'], $entry);
}
+ }
+ else // entry not yet in LDAP
+ {
+ $this->add_LDAP_Entry($dn, $entry);
+ }
+ }
+
+ /**
+ * creates a group
+ *
+ * @param array $account_info
+ * @param string $default_prefs
+ * @return mixed
+ */
+ function create_group($account_info, $default_prefs)
+ {
+ $dn = $this->rdn_group . '=' .
$account_info['account_lid'] . ',' . $this->group_context;
+
+ // phpgw needed attributes
+ $entry['objectclass'][] = 'phpgwGroup';
+ $entry['phpgwgroupID'] = $account_info['account_id'];
+ $entry['gidnumber'] = $account_info['account_id'];
- if ($account_info['account_type'] == 'g')
+ // additional attributes from the phpgw for groups
+ $entry['objectclass'][] = 'posixGroup';
+ $entry['cn'] = $account_info['account_lid'];
+ $entry['description'] = 'phpgw-created group';
+ $entry['memberuid'] =
$this->get_memberUIDs($account_info['account_id']);
+ if (!$entry['memberuid'])
+ {
+ unset ($entry['memberuid']);
+ }
+
+ $oldEntry =
$this->group_exists($account_info['account_id'], $dn);
+
+ if ($oldEntry) // found an existing entry in LDAP
+ {
+ if ($this->createMode == 'replace')
{
- $tmpentry['objectclass'][0] = 'top';
- $tmpentry['objectclass'][1] =
'posixGroup';
- $tmpentry['objectclass'][2] =
'phpgwAccount';
+ ldap_delete($this->ds, $oldEntry['dn']);
+ $this->add_LDAP_Entry($dn, $entry);
}
- else
+ elseif ($this->createMode == 'extend')
{
- $tmpentry['uidnumber'] =
$account_id;
- $tmpentry['objectclass'][0] = 'top';
- $tmpentry['objectclass'][1] = 'person';
- $tmpentry['objectclass'][2] =
'organizationalPerson';
- $tmpentry['objectclass'][3] =
'inetOrgPerson';
- $tmpentry['userpassword'] =
$GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
- /* $tmpentry['objectclass'][4] =
'account'; Causes problems with some LDAP servers */
- $tmpentry['objectclass'][4] =
'posixAccount';
- $tmpentry['objectclass'][5] =
'shadowAccount';
- $tmpentry['objectclass'][6] =
'phpgwAccount';
- $tmpentry['phpgwaccountstatus'] =
$account_info['account_status'];
- $tmpentry['phpgwaccounttype'] =
$account_info['account_type'];
- $tmpentry['phpgwaccountexpires'] =
$account_info['account_expires'];
- $tmpentry['phpgwpersonid'] =
$account_info['person_id'];
- }
- ldap_modify($this->ds, $allValues[0]['dn'],
$tmpentry);
- }
- else
- {
- /* Not already there, we will add it */
- if ($account_info['account_type'] == 'g')
- {
- $dn =
'cn='.$account_info['account_lid'] . ',' . $this->group_context;
- unset($entry['homedirectory']);
- unset($entry['loginshell']);
- $entry['objectclass'][0] = 'top';
- $entry['objectclass'][1] = 'posixGroup';
- $entry['objectclass'][2] =
'phpgwAccount';
- $entry['cn'] =
$account_info['account_lid'];
- $entry['gidnumber'] = $account_id;
- $entry['userpassword'] =
$GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
- $entry['description'] =
'phpgw-created group';
+ /* not yet implemented */
}
- else
- {
- $dn = 'uid=' .
$account_info['account_lid'] . ',' . $this->user_context;
- $entry['cn'] = sprintf("%s %s",
$account_info['account_firstname'], $account_info['account_lastname']);
- $entry['sn'] =
$account_info['account_lastname'];
- $entry['givenname'] =
$account_info['account_firstname'];
- $entry['uid'] =
$account_info['account_lid'];
- $entry['uidnumber'] = $account_id;
- if
($GLOBALS['phpgw_info']['server']['ldap_group_id'])
- {
- $entry['gidnumber'] =
$GLOBALS['phpgw_info']['server']['ldap_group_id'];
- }
- else
+ else // createMode == 'modify'
+ {
+ while (list($key,$val) =
each($oldEntry))
{
- $entry['gidnumber'] =
$account_id;
+ if (!is_int($key))
+ {
+
unset($oldEntry[$key]['count']);
+ switch ($key)
+ {
+ case 'dn':
+ if
($oldEntry['dn'] != $dn) // new group name DN should renamed as well
+ {
+
$oldEntry['dn'] = $this->rename_LDAP_entry($oldEntry['dn'], $dn,
$this->group_context);
+
if (!$oldEntry)
+
{
+
print ldap_error($this->ds);
+
die('<br><br>LDAP rename error');
+
}
+ }
+ break;
+ case 'count':
+ case 'cn':
+ case
'description':
+ case
'phpgwgroupid':
+ case
'gidnumber':
+ case
'memberuid':
+ break;
+
+ case
'objectclass':
+ if(
!in_array('phpgwGroup', $oldEntry[$key]) && !in_array('phpgwgroup',
$oldEntry[$key]) )
+ {
+
$entry[$key] = $oldEntry[$key];
+
array_push($entry[$key], 'phpgwGroup');
+ }
+ else
+ {
+
$entry[$key] = $oldEntry[$key];
+ }
+ break;
+
+ default:
+
$entry[$key] = $oldEntry[$key];
+ }
+ }
}
- $entry['userpassword'] =
$GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
- $entry['objectclass'][0] = 'top';
- $entry['objectclass'][1] = 'person';
- $entry['objectclass'][2] =
'organizationalPerson';
- $entry['objectclass'][3] =
'inetOrgPerson';
- $entry['objectclass'][4] =
'posixAccount';
- $entry['objectclass'][5] =
'shadowAccount';
- $entry['objectclass'][6] =
'phpgwAccount';
- $entry['phpgwaccountstatus'] =
$account_info['account_status'];
- $entry['phpgwaccounttype'] =
$account_info['account_type'];
- $entry['phpgwaccountexpires'] =
$account_info['account_expires'];
- $entry['phpgwpersonid'] =
$account_info['person_id'];
+
$this->modify_LDAP_Entry($oldEntry['dn'], $entry);
}
-
- /* _debug_array($entry);exit; */
- ldap_add($this->ds, $dn, $entry);
}
- /* print ldap_error($this->ds); */
+ else // entry not yet in LDAP
+ {
+ $this->add_LDAP_Entry($dn, $entry);
+ }
+ }
+
+ /**
+ * add an entry to LDAP
+ *
+ * @param string $dn
+ * @param array $entry
+ * @return boolean
+ */
+ function add_LDAP_Entry($dn, $entry)
+ {
+ /*
+ echo "<br><b>Adds: ".$dn."</b><br>";
+ echo "<pre>";
+ print_r($entry);
+ echo "</pre>";
+ echo "<br>";
+ */
+ $success = ldap_add($this->ds, $dn, $entry);
+ if (!$success)
+ {
+ print ldap_error($this->ds);
+ die('die cause of LDAP error while adding');
+ }
+ else
+ {
+ return true;
+ }
+ }
+
+ /**
+ * modify an entry in LDAP
+ *
+ * @param string $dn
+ * @param array $entry
+ * @return boolean
+ */
+ function modify_LDAP_Entry($dn, $entry)
+ {
+ /*
+ echo "<br><b>Modifies: ".$dn."</b><br>";
+ echo "<pre>";
+ print_r($entry);
+ echo "</pre>";
+ echo "<br>";
+ */
+
+ $success = ldap_modify($this->ds, $dn, $entry);
+ if (!$success)
+ {
+ print ldap_error($this->ds);
+ die('die cause of LDAP error while modifing');
+ }
+ else
+ {
+ return true;
+ }
+ }
+
+ /**
+ * renames a LDAP entry
+ *
+ * @param string $oldDN
+ * @param string $newDN
+ * @param string $baseDN
+ * @return boolean
+ */
+ function rename_LDAP_Entry($oldDN, $newDN, $baseDN)
+ {
+ $newDN_array = (ldap_explode_dn($newDN, 0));
+ $oldDN_array = (ldap_explode_dn($oldDN, 0));
- if($account_id &&
is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
+ unset($newDN_array['count']);
+ unset($oldDN_array['count']);
+
+ $newDN_RDN = $newDN_array[0];
+ $oldDN_RDN = array_shift($oldDN_array);
+ $oldDN_base = implode(',', $oldDN_array);
+ if ($newDN_RDN != $oldDN_RDN && $oldDN_base == $baseDN)
{
-
$GLOBALS['phpgw']->preferences->create_defaults($account_id);
+ $success = ldap_rename ( $this->ds, $oldDN,
$newDN_RDN, $baseDN, false);
+ if ($success)
+ {
+ return $newDN;
+ }
+ else
+ {
+ return false;
+ }
}
- return $account_id;
}
+
- function auto_add($accountname, $passwd, $default_prefs =
False, $default_acls = False, $expiredate = 0, $account_status = 'A')
+ /**
+ * this function creates a non existing but authorized user
+ *
+ * @param string $accountname user name
+ * @param string $passwd user password
+ * @param boolean $default_prefs given default preferences for
this new user
+ * @param boolean $default_acls given acls (modules) for this
new user
+ * @param integer $expiredate expire date of this account. '-1'
for never.
+ * @param char $account_status status for new user. 'A' for
active user.
+ * @return integer accountID
+ */
+ function auto_add($accountname, $passwd, $default_prefs =
false, $default_acls = false, $expiredate = 0, $account_status = 'A')
{
if ($expiredate)
{
@@ -845,39 +1072,31 @@
}
$acct_info = array(
+ 'account_id' => $this->get_nextid('u'),
//'u' for account
'account_lid' => $accountname,
- 'account_type' => 'u',
'account_passwd' => $passwd,
'account_firstname' => 'New',
'account_lastname' => 'User',
'account_status' => $account_status,
'account_expires' => $expires
);
- $this->create($acct_info,$default_prefs);
- $accountid = $this->name2id($accountname);
+ $this->create_account($acct_info, $default_prefs);
+ $accountid = $this->accountName2id($accountname);
$this->db->transaction_begin();
- if ($default_acls == False)
+ if ($default_acls == false)
{
- $apps = Array(
- 'addressbook',
- 'calendar',
- 'email',
- 'notes',
- 'todo',
- 'phpwebhosting',
- 'manual'
- );
-
+ $apps = $this->fallback_apps;
+
$default_group_lid =
$GLOBALS['phpgw_info']['server']['default_group_lid'];
- $default_group_id =
$this->name2id($default_group_lid);
- $defaultgroupid = $default_group_id ?
$default_group_id : $this->name2id('Default');
+ $default_group_id =
$this->groupName2id($default_group_lid);
+ $defaultgroupid = $default_group_id ?
$default_group_id : $this->groupName2id('Default');
if($defaultgroupid)
{
- $this->db->query("insert into phpgw_acl
(acl_appname, acl_location, acl_account, acl_rights) values('phpgw_group', "
- . $defaultgroupid . ", " .
$accountid . ", 1)",__LINE__,__FILE__);
+ $this->db->query("INSERT INTO phpgw_acl
(acl_appname, acl_location, acl_account, acl_rights) values('phpgw_group', "
+ . $defaultgroupid . ', ' .
$accountid . ', 1)',__LINE__,__FILE__);
}
- $this->db->query("insert into phpgw_acl
(acl_appname, acl_location, acl_account, acl_rights)values('preferences',
'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
+ $this->db->query("INSERT INTO phpgw_acl
(acl_appname, acl_location, acl_account, acl_rights)values('preferences',
'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
@reset($apps);
while(list($key,$app) = each($apps))
{
@@ -945,14 +1164,39 @@
return $data;
}
- function getDNforID($_accountid = '')
+ /**
+ * gets the DN for the given account id
+ *
+ * @param interger $id
+ * @return mixed DN string when DN exists
+ * false when DN doesn't exist
+ */
+ function getDNforID($id = '') // ;-) I love to see that $id is
optional
+ {
+ return $this->getDNforAccountID($_accountid);
+ }
+
+ /**
+ * gets the DN for the given account id
+ *
+ * @param interger $id
+ * @return mixed DN string when DN exists
+ * false when DN doesn't exist
+ */
+ function getDNforAccountID($_accountid = '')
{
- $_account_id = get_account_id($_accountid);
+ $_account_id = get_account_id($id);
- $sri = ldap_search($this->ds, $this->user_context,
"uidnumber=$_account_id");
+ $sri = ldap_search($this->ds, $this->user_context,
'uidnumber='.$id, array('dn'));
$allValues = ldap_get_entries($this->ds, $sri);
-
- return $allValues[0]['dn'];
+ if ($allValues[0]['dn'])
+ {
+ return $allValues[0]['dn'];
+ }
+ else
+ {
+ return false;
+ }
}
function get_account_with_contact()
@@ -983,4 +1227,210 @@
}
return $accounts;
}
+
+ /**
+ * dn leaf name generation
+ *
+ * @param string $first
+ * @param string $last
+ * @param string $login
+ * @return string generated name of leaf of the DN
+ */
+ function get_leafName($first, $last, $login)
+ {
+ //if ($first != '' && $last == '')
+ {
+ $return = $login;
+ }
+ //else
+ {
+ //$return = $first.' '.$last;
+ }
+ return $return;
+ }
+
+ /**
+ * full name generation
+ *
+ * @param string $first
+ * @param string $last
+ * @return string generated the fullname
+ */
+ function get_fullname($first, $last)
+ {
+ return $first.' '.$last;
+ }
+
+ /**
+ * test an array with ids to look for a free id in respect to a
min and max id
+ *
+ * @param array $IDs
+ * @param integer $min
+ ' @param max $max
+ * @return integer free id
+ */
+ function idTester($IDs, $min = 1, $max = 0)
+ {
+
+ $interval = intval($max) - intval($min);
+ $base = intval($min) ? intval($min) : 1;
+ if ($interval > 0)
+ {
+ $pointer = $start =
$IDs[count($IDs)-1]%$interval;
+ }
+ else
+ {
+ $pointer = $IDs[count($IDs)-1];
+ }
+ if (is_array($IDs))
+ {
+ do
+ {
+ if ($interval > 0)
+ {
+ $pointer =
($pointer+1)%$interval;
+ if ($pointer == $start)
+ {
+ die('no free id found');
+ }
+ }
+ else
+ {
+ $pointer++;
+ }
+ }
+ while (in_array($base + $pointer, $IDs) &&
$pointer != $start);
+ }
+ else
+ {
+ $pointer = 0;
+ }
+ return $base + $pointer;
+ }
+
+ function get_homedirectory($newValue, $login)
+ {
+ if ($newValue != '' && $newValue !=
$GLOBALS['phpgw_info']['server']['ldap_account_home'])
+ {
+ $return = $newValue;
+ }
+ else
+ {
+ if
($GLOBALS['phpgw_info']['server']['ldap_account_home'] != '')
+ {
+ $return =
$GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$login;
+ }
+ else
+ {
+ $return = $this->fallback_homedirectory;
+ }
+ }
+ return $return;
+ }
+
+ function get_loginshell($newValue)
+ {
+ if ($newValue != '')
+ {
+ $return = $newValue;
+ }
+ else
+ {
+ if
($GLOBALS['phpgw_info']['server']['ldap_account_shell'] != '')
+ {
+ $return =
$GLOBALS['phpgw_info']['server']['ldap_account_shell'];
+ }
+ else
+ {
+ $return = $this->fallback_loginshell;
+ }
+ }
+ return $return;
+ }
+
+ function get_memberUIDs($account_id = '')
+ {
+ if ( !empty($account_id) )
+ {
+ $members = $this->member($account_id);
+ }
+ else
+ {
+ $members = $this->member($this->data['account_id']);
+ }
+ $return = array();
+ for ($i=0; $i<count($members); $i++)
+ {
+ $member =
$this->id2name($members[$i]['account_id']);
+ // function $this->member returns duplicated
entries and empty entries :-(
+ if (!in_array($member, $return) && $member !=
'')
+ {
+ $return[] = $member;
+ }
+ }
+ if (count($return))
+ {
+ return $return;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ /**
+ * adds an account to a group entry by adding the account name
to the memberuid attribute
+ *
+ * @param integer $accountID
+ * @param integer $groupID
+ * @return boolean sucess
+ */
+ function add_account2Group($accountID, $groupID)
+ {
+ if ($accountID && $groupID)
+ {
+ $groupEntry = $this->group_exists($groupID);
+ $memberUID = $this->id2name($accountID);
+ if ($groupEntry && $memberUID)
+ {
+ if (!is_array($groupEntry['memberuid'])
|| !in_array($memberUID, $groupEntry['memberuid']))
+ {
+ $entry['memberuid'][] =
$memberUID;
+ return ldap_mod_add($this->ds,
$groupEntry['dn'], $entry);
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * deletes an account for a group entry by removing the account
name from the memberuid attribute
+ *
+ * @param integer $accountID
+ * @param integer $groupID
+ * @return boolean success
+ */
+ function delete_account4Group($accountID, $groupID)
+ {
+ if ($accountID && $groupID)
+ {
+ $groupEntry = $this->group_exists($groupID);
+ $memberUID = $this->id2name($accountID);
+ if ($groupEntry && $memberUID)
+ {
+ if (is_array($groupEntry['memberuid']))
+ {
+ for ($i=0; $i <
count($groupEntry['memberuid']); $i++)
+ {
+ if
($groupEntry['memberuid'][$i] == $memberUID)
+ {
+
$entry['memberuid'][] = $memberUID;
+ return
ldap_mod_del($this->ds, $groupEntry['dn'], $entry);
+ }
+ }
+ }
+ }
+ }
+ return false;
+ }
}
====================================================
Index: phpgwapi/inc/class.accounts.inc.php
diff -u phpgwapi/inc/class.accounts.inc.php:1.10.4.4
phpgwapi/inc/class.accounts.inc.php:1.10.4.5
--- phpgwapi/inc/class.accounts.inc.php:1.10.4.4 Wed Nov 5 11:10:20 2003
+++ phpgwapi/inc/class.accounts.inc.php Fri Jan 9 01:33:57 2004
@@ -648,6 +648,16 @@
$GLOBALS['phpgw']->template->pfp('out','accounts_list_t',True);
$GLOBALS['phpgw']->common->phpgw_exit();
}
+
+ // needed for LDAP support
+ function add_account2Group($groupID)
+ {
+ }
+
+ // needed for LDAP support
+ function delete_account4Group($groupID)
+ {
+ }
}
/*!
@class_end accounts
- [Phpgroupware-cvs] phpgwapi/inc class.common.inc.php, 1.123.2.9.2.20 class.auth_ldap.inc.php, 1.17.2.1.2.2 class.accounts_ldap.inc.php, 1.101.2.13.2.11 class.accounts.inc.php, 1.10.4.5, skwashd, 2005/04/27
- [Phpgroupware-cvs] phpgwapi/inc class.common.inc.php, 1.123.2.9.2.20 class.auth_ldap.inc.php, 1.17.2.1.2.2 class.accounts_ldap.inc.php, 1.101.2.13.2.11 class.accounts.inc.php, 1.10.4.5,
skwashd <=
- [Phpgroupware-cvs] phpgwapi/inc class.common.inc.php, 1.123.2.9.2.20 class.auth_ldap.inc.php, 1.17.2.1.2.2 class.accounts_ldap.inc.php, 1.101.2.13.2.11 class.accounts.inc.php, 1.10.4.5, skwashd, 2005/04/27
- Prev by Date:
[Phpgroupware-cvs] phpgwapi/templates/idots/css idots.css,1.1.2.3
- Next by Date:
[Phpgroupware-cvs] filemanager preferences.php,1.6.2.2.2.5
- Previous by thread:
[Phpgroupware-cvs] phpgwapi/inc class.common.inc.php, 1.123.2.9.2.20 class.auth_ldap.inc.php, 1.17.2.1.2.2 class.accounts_ldap.inc.php, 1.101.2.13.2.11 class.accounts.inc.php, 1.10.4.5
- Next by thread:
[Phpgroupware-cvs] phpgwapi/inc class.common.inc.php, 1.123.2.9.2.20 class.auth_ldap.inc.php, 1.17.2.1.2.2 class.accounts_ldap.inc.php, 1.101.2.13.2.11 class.accounts.inc.php, 1.10.4.5
- Index(es):