[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpgwapi/inc/class.accounts_ldap.inc.php, 1.115
From: |
nomail |
Subject: |
[Phpgroupware-cvs] phpgwapi/inc/class.accounts_ldap.inc.php, 1.115 |
Date: |
Fri, 30 Jul 2004 16:47:50 +0200 |
Update of /phpgwapi/inc
Modified Files:
Branch:
class.accounts_ldap.inc.php
date: 2004/07/30 14:47:50; author: fipsfuchs; state: Exp; lines: +1161 -591
Log Message:
merge with 0.9.16 - totally different to old class
=====================================================================
Index: phpgwapi/inc/class.accounts_ldap.inc.php
diff -u phpgwapi/inc/class.accounts_ldap.inc.php:1.114
phpgwapi/inc/class.accounts_ldap.inc.php:1.115
--- phpgwapi/inc/class.accounts_ldap.inc.php:1.114 Wed May 21 23:01:44 2003
+++ phpgwapi/inc/class.accounts_ldap.inc.php Fri Jul 30 14:47:50 2004
@@ -1,44 +1,61 @@
<?php
-
/**************************************************************************\
- * phpGroupWare API - Accounts manager for LDAP
*
- * Written by Joseph Engo <address@hidden> *
- * and Lars Kneschke <address@hidden> *
- * and Bettina Gille <address@hidden> *
- * View and manipulate account records using LDAP
*
- * Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke
*
- * Copyright (C) 2003 Lars Kneschke, Bettina Gille
*
- *
------------------------------------------------------------------------ *
- * This library is part of the phpGroupWare API
*
- * http://www.phpgroupware.org
*
- *
------------------------------------------------------------------------ *
- * This library is free software; you can redistribute it and/or modify
it *
- * under the terms of the GNU Lesser General Public License as published
by *
- * the Free Software Foundation; either version 2.1 of the License,
*
- * or any later version.
*
- * This library is distributed in the hope that it will be useful, but
*
- * WITHOUT ANY WARRANTY; without even the implied warranty of
*
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
- * See the GNU Lesser General Public License for more details.
*
- * You should have received a copy of the GNU Lesser General Public
License *
- * along with this library; if not, write to the Free Software
Foundation, *
- * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
-
\**************************************************************************/
- /* $Id$ */
-
- class accounts_
+ /**
+ * View and manipulate account records using LDAP
+ * @author Joseph Engo <address@hidden>
+ * @author Lars Kneschke <address@hidden>
+ * @author Bettina Gille <address@hidden>
+ * @author Philipp Kamps <address@hidden>
+ * @copyright Copyright (C) 2000-2002 Joseph Engo, Lars Kneschke
+ * @copyright Copyright (C) 2003 Lars Kneschke, Bettina Gille
+ * @copyright Portions Copyright (C) 2000-2004 Free Software Foundation,
Inc. http://www.fsf.org/
+ * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
+ * @package phpgwapi
+ * @subpackage accounts
+ * @version $Id$
+ */
+
+ /**
+ * View and manipulate account records using LDAP
+ *
+ * @package phpgwapi
+ * @subpackage accounts
+ */
+ class accounts extends accounts_
{
- var $db;
var $ds;
- var $account_id;
- var $data;
var $user_context = '';
var $group_context = '';
- var $total;
- var $account_type;
- function accounts_()
+ /**
+ * @internal Be Carefull to correctly set the following!
+ * @internal Need to be set in the setup system! (Caeies)
+ */
+ var $rdn_account = 'uid';
+ var $rdn_group = 'cn';
+ /**
+ * @internal Be secure by default (Caeies)
+ */
+ var $fallback_homedirectory = '/dev/null';
+ /**
+ * @internal Nothing allowed (Caeies)
+ */
+ var $fallback_loginshell = '/bin/false';
+ var $fallback_apps = array('addressbook',
+ 'calendar',
+ 'email',
+ 'notes',
+ 'todo'
+ );
+
+ function accounts($account_id = '', $account_type = '')
{
- /* This does not get called */
+
if($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
+ {
+ $this->ds =
$GLOBALS['phpgw']->common->ldapConnect();
+ $this->user_context =
$GLOBALS['phpgw_info']['server']['ldap_context'];
+ $this->group_context =
$GLOBALS['phpgw_info']['server']['ldap_group_context'];
+ }
+ parent::accounts_($account_id, $account_type);
}
function read_repository()
@@ -46,7 +63,7 @@
$acct_type = $this->get_type($this->account_id);
/* search the dn for the given uid */
- if( ($acct_type == 'g') && $this->group_context )
+ if ( ($acct_type == 'g') && $this->group_context )
{
$sri = ldap_search($this->ds,
$this->group_context, 'gidnumber='.$this->account_id);
}
@@ -57,36 +74,40 @@
$allValues = ldap_get_entries($this->ds, $sri);
/* Now dump it into the array; take first entry found */
- if($acct_type =='g')
+ if($acct_type == 'g')
{
- $this->data['account_id'] =
$allValues[0]['gidnumber'][0];
- $this->data['account_lid'] =
$allValues[0]['cn'][0];
- $this->data['firstname'] =
$allValues[0]['cn'][0];
- $this->data['lastname'] = 'Group';
+ $this->data['account_id'] =
$allValues[0]['gidnumber'][0];
+ $this->data['account_lid'] =
$allValues[0]['cn'][0];
+ $this->data['firstname'] =
utf8_decode($allValues[0]['cn'][0]);
+ $this->data['lastname'] = 'Group';
+ $this->data['type'] = 'g';
}
else
{
- $this->data['account_id'] =
$allValues[0]['uidnumber'][0];
- $this->data['account_lid'] =
$allValues[0]['uid'][0];
- $this->data['firstname'] =
$allValues[0]['givenname'][0];
- $this->data['lastname'] =
$allValues[0]['sn'][0];
+ $this->data['account_id'] =
$allValues[0]['uidnumber'][0];
+ $this->data['account_lid'] =
$allValues[0]['uid'][0];
+ $this->data['firstname'] =
utf8_decode($allValues[0]['givenname'][0]);
+ $this->data['lastname'] =
utf8_decode($allValues[0]['sn'][0]);
+ $this->data['type'] = 'u';
+ }
+ $this->data['account_dn'] =
$allValues[0]['dn'];
+ $this->data['fullname'] =
utf8_decode($allValues[0]['cn'][0]);
+
+ $this->data['homedirectory'] =
$allValues[0]['homedirectory'][0];
+ $this->data['loginshell'] =
$allValues[0]['loginshell'][0];
+
+ $this->data['expires'] =
$allValues[0]['phpgwaccountexpires'][0];
+ //$allValues[0]['description'][0] is not needed
+ if ($allValues[0]['phpgwaccountstatus'][0] == 'A')
+ {
+ $this->data['status'] = 'A';
}
- $this->data['account_dn'] = $allValues[0]['dn'];
- $this->data['fullname'] = $allValues[0]['cn'][0];
-
-
if($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
+
+ if ( $allValues[0]['phpgwcontactid'][0] )
{
- $this->data['homedirectory'] =
$allValues[0]['homedirectory'][0];
- $this->data['loginshell'] =
$allValues[0]['loginshell'][0];
+ $this->data['person_id']
= $allValues[0]['phpgwcontactid'][0];
+ $this->account_contact_id
=$this->data['person_id']; // Added By Caeies
}
-
- $this->data['lastlogin'] =
$allValues[0]['phpgwaccountlastlogin'][0];
- $this->data['lastloginfrom'] =
$allValues[0]['phpgwaccountlastloginfrom'][0];
- $this->data['lastpasswd_change'] =
@$allValues[0]['phpgwlastpasswdchange'][0];
- $this->data['status'] =
trim($allValues[0]['phpgwaccountstatus'][0]);
- $this->data['type'] =
$allValues[0]['phpgwaccounttype'][0];
- $this->data['expires'] =
$allValues[0]['phpgwaccountexpires'][0];
-
return $this->data;
}
@@ -94,365 +115,203 @@
{
$acct_type = $this->get_type($this->account_id);
- /* search the dn for the given u/gidnumber */
- if( ($acct_type == 'g') && $this->group_context )
- {
- $sri = ldap_search($this->ds,
$this->group_context, 'gidnumber='.$this->account_id);
- }
- else
- {
- $sri = ldap_search($this->ds,
$this->user_context, 'uidnumber='.$this->account_id);
- }
- $allValues = ldap_get_entries($this->ds, $sri);
-
- $this->data['account_type'] =
$allValues[0]['phpgwaccounttype'][0];
-
- if($acct_type == 'u')
+ if ($acct_type == 'g')
{
- $entry['cn'] = sprintf("%s %s",
$this->data['firstname'], $this->data['lastname']);
+ return $this->create_group($this->data, '');
}
else
{
- $entry['cn'] = $this->data['firstname'];
- }
-
- $entry['sn']
= $this->data['lastname'];
- $entry['givenname']
= $this->data['firstname'];
- $entry['phpgwaccountlastlogin'] =
$this->data['lastlogin'];
- $entry['phpgwaccountlastloginfrom'] =
$this->data['lastloginfrom'];
- $entry['phpgwlastpasswdchange'] =
$this->data['lastpasswd_change'];
- $entry['phpgwaccountstatus'] =
$this->data['status'];
- $entry['phpgwaccounttype'] =
$this->data['type'];
- $entry['phpgwaccountexpires'] =
$this->data['expires'];
-
-
if($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
- {
- $entry['homedirectory'] =
$this->data['homedirectory'];
- $entry['loginshell'] =
$this->data['loginshell'];
+ return $this->create_account($this->data, '');
}
+ }
+
+ /**
+ * Delete an account or group
+ *
+ * @param integer $id Id of group/account to delete
+ * @return boolean True on success otherwise false
+ */
+ function delete($id = '')
+ {
+ $id = get_account_id($id);
+ $type = $this->get_type($id);
- /*
- Changing the uid: Need to delete and add new, since
- PHP cannot change the dn for the entry.
- */
- if($acct_type == 'g')
+ if ($type == 'g')
{
- $test = $allValues[0]['cn'][0];
+ $sri = ldap_search($this->ds,
$this->group_context, '(&(objectclass=phpgwgroup)(gidnumber='.$id.'))');
+ $allValues = ldap_get_entries($this->ds, $sri);
}
else
{
- $test = $allValues[0]['uid'][0];
+ $sri = ldap_search($this->ds,
$this->user_context, '(&(objectclass=phpgwaccount)(uidnumber='.$id.'))');
+ $allValues = ldap_get_entries($this->ds, $sri);
}
- if($test != $this->data['account_lid'])
+
+ if ($allValues[0]['dn'])
{
- ldap_delete($this->ds,$allValues[0]['dn']);
- unset($allValues[0]['dn']);
- while(list($key,$val) = each($allValues[0]))
- {
- /* Don't include row count and headers
*/
- if(is_string($key) && $key != 'count')
- {
- if(is_array($val))
- {
- if(count($val) == 1)
- {
- if($val[0])
- {
-
$entry[$key] = $val[0];
- }
- }
- else
- {
-
for($i=0;$i<count($val);$i++)
- {
-
if($val[$i])
- {
-
$entry[$key][$i] = $val[$i];
- }
- }
- }
- }
- else
- {
- $entry[$key] = $val;
- }
- }
- }
-
- /* Groups */
- if($this->data['account_type'] == 'g' &&
$this->group_context )
- {
- $dn =
'cn='.$this->data['account_lid'].','.$this->group_context;
- $entry['cn'] =
$this->data['account_lid'];
- $entry['gidnumber'] =
$this->data['account_id'];
- /* $entry["objectclass"] = ''; */
- $entry['objectclass'][0] = 'top';
- $entry['objectclass'][1] = 'posixGroup';
- $members =
$this->member($this->data["account_id"]);
- $entry['memberuid'] = array();
- for($i=0;$i<count($members);$i++)
- {
- $currname =
$this->id2name($members[$i]['account_id']);
-
if(address@hidden($currname,$entry['memberuid']))
- {
- $entry['memberuid'][] =
$currname;
- }
- }
- }
- /* Accounts */
- else
- {
- $dn
= 'uid='.$this->data['account_lid'].','.$this->user_context;
- $entry['uidnumber']
= $this->data['account_id'];
- $entry['cn']
= sprintf("%s %s", $this->data['firstname'], $this->data['lastname']);
- $entry['uid']
= $this->data['account_lid'];
- $entry['givenname']
= $this->data['firstname'];
- $entry['sn']
= $this->data['lastname'];
- $entry['objectclass'] = '';
- $entry['objectclass'][0] = 'top';
- $entry['objectclass'][1] =
'person';
- $entry['objectclass'][2] =
'organizationalPerson';
- $entry['objectclass'][3] =
'inetOrgPerson';
- /* $entry['objectclass'][4] =
'account'; Causes problems with some LDAP servers */
- $entry['objectclass'][4] =
'posixAccount';
- $entry['objectclass'][5] =
'shadowAccount';
- $entry['objectclass'][6] =
'phpgwAccount';
-
-
if($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
- {
- $entry['homedirectory'] =
$this->data['homedirectory'];
- $entry['loginshell'] =
$this->data['loginshell'];
- }
- }
- /* print_r($entry); exit;*/
- ldap_add($this->ds, $dn, $entry);
+ $del = ldap_delete($this->ds,
$allValues[0]['dn']);
+ return $del;
}
- /* Normal behavior for save_repository */
else
{
- if($this->data['account_type'] == 'g' &&
$this->group_context )
- {
- $members =
$this->member($this->data['account_id']);
- $entry['memberuid'] = array();
- for($i=0;$i<count($members);$i++)
- {
- $currname =
$this->id2name($members[$i]['account_id']);
-
if(address@hidden($currname,$entry['memberuid']))
- {
- $entry['memberuid'][] =
$currname;
- }
- }
- unset($entry['givenname']);
- unset($entry['sn']);
- }
- while(list($key,$val) = each($entry))
- {
- $tmpentry = '';
- if(is_array($val))
- {
- $tmpentry[$key] = $val;
- }
- else
- {
- $tmpentry[$key] = trim($val);
/* must trim! */
- }
-
- if($tmpentry[$key] && $key)
- {
- if(!$allValues[0][$key][0])
- {
- /* attribute was not in
LDAP, add it */
- ldap_mod_add($this->ds,
$allValues[0]['dn'], $tmpentry);
- }
- else
- {
- /* attribute was in
LDAP, modify it */
- ldap_modify($this->ds,
$allValues[0]['dn'], $tmpentry);
- }
- }
- }
- /* If status is to be set inactive, insert a
space here. This is trimmed in read_repository. */
- if(!$entry['phpgwaccountstatus'])
- {
-
if(!$allValues[0]['phpgwaccountstatus'][0])
- {
- /* attribute was not in LDAP,
add it */
- ldap_mod_add($this->ds,
$allValues[0]['dn'], array('phpgwaccountstatus' => ' '));
- }
- else
- {
- /* attribute was in LDAP,
modify it */
- ldap_modify($this->ds,
$allValues[0]['dn'], array('phpgwaccountstatus' => ' '));
- }
- }
+ return false;
}
}
- function delete($accountid = '')
+ /**
+ * Read all accounts or groups
+ *
+ * @param string $_type Type of list 'accounts', 'groups' or
'both'
+ * @param integer $start Start position
+ * @param string $sort 'ASC'ending or 'DESC'ending sort order
+ * @param string $order Order by 'account_' Field. Defaults to
'account_lid'
+ * @param string $query LDAP query
+ * @param integer $offset Offset from start position (-1 == no
limit)
+ * @return array|boolean List with all accounts|groups or false
+ */
+ function get_list($_type='both', $start = null,$sort = '',
$order = '', $query = '', $offset = null)
{
- $account_id = get_account_id($accountid);
- $account_lid = $this->id2name($account_id);
-
- $sri = ldap_search($this->ds, $this->group_context,
'gidnumber='.$account_id);
- $allValues = ldap_get_entries($this->ds, $sri);
-
- if(!$allValues[0][dn])
+ //$sort not yet implemented - will be included with a
"usort( $array , 'mysortmethod')"
+ $query = strtolower($query);
+ if ($offset != null)
{
- $sri = ldap_search($this->ds,
$this->user_context, 'uid='.$account_lid);
- $allValues = ldap_get_entries($this->ds, $sri);
+ $limitclause = '';
}
-
- if($allValues[0]['dn'])
+ elseif ($start != null && $offset == null)
{
- $del = ldap_delete($this->ds,
$allValues[0]['dn']);
+ $limitclause = '';
}
- }
- function get_list($_type='both', $start = '',$sort = '', $order
= '', $query = '', $offset = '')
- {
- #print "\$_type=$_type, \$start=$start , \$sort=$sort,
\$order=$order, \$query=$query, \$offset=$offset<br>";
- $query = strtolower($query);
- if ($offset)
+ if ($_type == 'accounts')
{
- $limitclause =
'';//$phpgw->db->limit($start,$offset);
+ $listentries = $this->get_accountList($query,
$order);
}
- elseif ($start && !$offset)
+ elseif ($_type == 'groups')
{
- $limitclause = '';//$phpgw->db->limit($start);
+ $listentries = $this->get_groupList($query,
$order);
}
-
- if (! $sort)
+ else
{
- $sort = '';//"desc";
+ $listentries =
array_merge($this->get_accountList($query), $this->get_groupList($query));
}
- if ($_type == 'accounts')
+ if (is_array($listentries))
{
- if(empty($query) || $query == "*")
+ reset($listentries);
+ if($start != '' && $start != null &&
(int)$offset > 0)
{
- $filter =
"(&(uidnumber=*)(phpgwaccounttype=u))";
+ return array_slice($listentries,
$start, $offset);
}
- else
+ elseif($start != null)
{
- $filter =
"(&(uidnumber=*)(phpgwaccounttype=u)(|(uid=*$query*)(sn=*$query*)(cn=*$query*)(givenname=*$query*)))";
+ return array_slice($listentries,
$start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
}
- $sri = ldap_search($this->ds,
$this->user_context, $filter);
- $allValues = ldap_get_entries($this->ds, $sri);
- while (list($null,$allVals) = @each($allValues))
+ else
{
- settype($allVals,'array');
- $test = @$allVals['uid'][0];
- if
(!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] &&
$allVals['uid'][0])
- {
- $accounts[] = Array(
- 'account_id' =>
$allVals['uidnumber'][0],
- 'account_lid' =>
$allVals['uid'][0],
- 'account_type' =>
$allVals['phpgwaccounttype'][0],
- 'account_firstname' =>
$allVals['givenname'][0],
- 'account_lastname' =>
$allVals['sn'][0],
- 'account_status' =>
$allVals['phpgwaccountstatus'][0]
- );
- }
+ return $listentries;
}
}
- elseif ($_type == 'groups')
+ return false;
+ }
+
+ /**
+ * Read accounts into an array
+ *
+ * @param string $query LDAP filter
+ * @param string $order LDAP sort field
+ * @return array Array with account fields 'acount_id',
'account_lid', 'account_type', 'account_firstname', 'account_lastname',
'account_status'
+ */
+ function get_accountList($query, $order = null)
+ {
+ if(empty($query) || $query == '*')
{
- if(empty($query) || $query == "*")
- {
- $filter =
"(&(gidnumber=*)(phpgwaccounttype=g))";
- }
- else
- {
- $filter =
"(&(gidnumber=*)(phpgwaccounttype=g)(|(uid=*$query*)(sn=*$query*)(cn=*$query*)(givenname=*$query*)))";
- }
- $sri = ldap_search($this->ds,
$this->group_context, $filter);
- $allValues = ldap_get_entries($this->ds, $sri);
- while (list($null,$allVals) = @each($allValues))
- {
- settype($allVals,'array');
- $test = $allVals['cn'][0];
- if
(!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] &&
$allVals['cn'][0])
- {
- $accounts[] = Array(
- 'account_id' =>
$allVals['gidnumber'][0],
- 'account_lid' =>
$allVals['cn'][0],
- 'account_type' =>
$allVals['phpgwaccounttype'][0],
- 'account_firstname' =>
$allVals['givenname'][0],
- 'account_lastname' =>
$allVals['sn'][0],
- 'account_status' =>
$allVals['phpgwaccountstatus'][0]
- );
- }
- }
+ $filter =
'(&(uidnumber=*)(objectclass=posixaccount))';
}
else
{
- if(empty($query) || $query == "*")
- {
- $filter =
"(&(gidnumber=*)(phpgwaccounttype=*))";
- }
- else
- {
- $filter =
"(&(gidnumber=*)(phpgwaccounttype=*)(|(uid=*$query*)(sn=*$query*)(cn=*$query*)(givenname=*$query*)))";
- }
- $sri = ldap_search($this->ds,
$this->group_context, $filter);
- $allValues = ldap_get_entries($this->ds, $sri);
- while (list($null,$allVals) = @each($allValues))
- {
- settype($allVals,'array');
-
- if($allVals['phpgwaccounttype'][0] ==
'u')
- {
- $_uid = @$allVals['uid'][0];
- }
- else
- {
- $_uid = $allVals['cn'][0];
- }
-
- if
(!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$_uid] && $_uid)
- {
- $accounts[] = Array(
- 'account_id' =>
$allVals['gidnumber'][0],
- 'account_lid' =>
$_uid,
- 'account_type' =>
$allVals['phpgwaccounttype'][0],
- 'account_firstname' =>
$allVals['givenname'][0],
- 'account_lastname' =>
$allVals['sn'][0],
- 'account_status' =>
$allVals['phpgwaccountstatus'][0]
- );
- }
+ $filter =
"(&(uidnumber=*)(objectclass=posixaccount)(|(uid=*$query*)(sn=*$query*)(cn=*$query*)(givenname=*$query*)))";
+ }
+ switch ($order)
+ {
+ case 'account_lid':
+ $order = 'uid';
+ break;
+
+ case 'account_firstname':
+ $order = 'givenname';
+ break;
+
+ case 'account_lastname':
+ $order = 'sn';
+ break;
+
+ default:
+ $order = 'uid';
+ }
+
+ $sri = ldap_search($this->ds, $this->user_context,
$filter);
+ ldap_sort( $this->ds, $sri, $order );
+ $allValues = ldap_get_entries($this->ds, $sri);
+ while (list($null,$allVals) = @each($allValues))
+ {
+ settype($allVals,'array');
+ $test = @$allVals['uid'][0];
+ if
(!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] &&
$allVals['uid'][0])
+ {
+ $accounts[] = array($this->fields[0] =>
$allVals['uidnumber'][0],
+ $this->fields[1] =>
$allVals['uid'][0],
+ $this->fields[5] =>
'u',
+ $this->fields[2] =>
utf8_decode($allVals['givenname'][0]),
+ $this->fields[3] =>
utf8_decode($allVals['sn'][0]),
+ $this->fields[6] =>
$allVals['phpgwaccountstatus'][0]
+ );
}
}
+ return $accounts;
+ }
- // sort the array
- $arrayFunctions =
CreateObject('phpgwapi.arrayfunctions');
- if(empty($order))
+ /**
+ * Reads groups into an array
+ *
+ * @param string $query LDAP filter
+ * @param string $order LDAP sort field ( not yet needed for
groups )
+ * @return array Array with group fields 'account_id',
'account_lid', 'account_type'
+ */
+ function get_groupList($query, $order= null)
+ {
+ if(empty($query) || $query == "*")
{
- $order = 'account_lid';
+ $filter =
'(&(gidnumber=*)(objectclass=posixgroup))';
}
- $sortedAccounts =
$arrayFunctions->arfsort($accounts,array($order));
- $this->total = count($accounts);
-
- // return only the wanted accounts
-
- if (is_array($sortedAccounts))
+ else
{
- reset($sortedAccounts);
- if(is_int($start) && is_int($offset))
- {
- return array_slice($sortedAccounts,
$start, $offset);
- }
- elseif(is_int($start))
- {
- return array_slice($sortedAccounts,
$start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
- }
- else
+ $filter =
"(&(gidnumber=*)(objectclass=posixgroup)(|(uid=*$query*)(sn=*$query*)(cn=*$query*)(givenname=*$query*)))";
+ }
+ $sri = ldap_search($this->ds, $this->group_context,
$filter);
+ ldap_sort( $this->ds, $sri, 'cn' );
+ $allValues = ldap_get_entries($this->ds, $sri);
+ while (list($null,$allVals) = @each($allValues))
+ {
+ settype($allVals,'array');
+ $test = $allVals['cn'][0];
+ if
(!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] &&
$allVals['cn'][0])
{
- return $sortedAccounts;
+ $groups[] = Array(
+ 'account_id' =>
$allVals['gidnumber'][0],
+ 'account_lid' =>
$allVals['cn'][0],
+ 'account_type' => 'g'
+ );
}
}
- return False;
+ return $groups;
}
+ /**
+ * Convert id to the corresponding account (or group) name
+ *
+ * @param string $account_lid Account name or group name for
which you want the id
+ * @return integer|boolean Id of the account/group when found
otherwise false
+ */
function name2id($account_lid)
{
static $name_list;
@@ -462,307 +321,777 @@
return $name_list[$account_lid];
}
- $sri = ldap_search($this->ds, $this->group_context,
"(&(cn=$account_lid)(phpgwaccounttype=g))");
- $allValues = ldap_get_entries($this->ds, $sri);
+ $id = $this->groupName2id($account_lid);
+ $uid = $this->accountName2id($account_lid);
- if(@$allValues[0]['gidnumber'][0])
+ if ($uid)
{
- $name_list[$account_lid] =
intval($allValues[0]['gidnumber'][0]);
+ $id = $uid;
}
+ return $id;
+ }
- $sri = ldap_search($this->ds, $this->user_context,
"(&(uid=$account_lid)(phpgwaccounttype=u))");
-
+ /**
+ * Convert group name to the corresponding id
+ *
+ * @param string $name Group name for which you want the id
+ * @return integer|boolean Id of the group when found otherwise
false
+ */
+ function groupName2id($name)
+ {
+ $sri = ldap_search($this->ds, $this->group_context,
'(&(cn='. $name .')(objectclass=phpgwgroup))');
$allValues = ldap_get_entries($this->ds, $sri);
-
- if(@$allValues[0]['uidnumber'][0])
+
+ if (@$allValues[0]['gidnumber'][0])
+ {
+ return intval($allValues[0]['gidnumber'][0]);
+ }
+ else
{
- $name_list[$account_lid] =
intval($allValues[0]['uidnumber'][0]);
+ return false;
}
+ }
+
+ /**
+ * Convert account name into corresponding id
+ *
+ * @param string $name Account name
+ * @return integer|boolean Id of the account when found
otherwise false
+ */
+ function accountName2id($name)
+ {
+ $sri = ldap_search($this->ds, $this->user_context,
'(&(uid='. $name .')(objectclass=phpgwaccount))');
+ $allValues = ldap_get_entries($this->ds, $sri);
- return $name_list[$account_lid];
+ if (@$allValues[0]['uidnumber'][0])
+ {
+ return intval($allValues[0]['uidnumber'][0]);
+ }
+ else
+ {
+ return false;
+ }
}
- function id2name($account_id)
+ /**
+ * Convert an id into its corresponding account or group name
+ *
+ * @param integer $id Account or group id
+ * @return string|boolean Name of the account or the group when
found othwerwise false
+ */
+ function id2name($id)
{
static $id_list;
+ if(isset($id_list[$id]))
+ {
+ return $id_list[$id];
+ }
+
+ $type = $this->get_type($id);
+
+ if ($type == 'g')
+ {
+ $group = $this->group_exists($id);
+ $name = $group['cn'][0];
+ }
+ elseif ($type == 'u')
+ {
+ $account = $this->account_exists($id);
+ $name = $account['uid'][0];
+ }
+ else
+ {
+ return false;
+ }
+ return $name;
+ }
- if(isset($id_list[$account_id]))
+ function search_person($person_id)
+ {
+ static $person_list;
+ if(isset($person_list[$person_id]))
{
- return $id_list[$account_id];
+ return intval($person_list[$person_id]);
}
- $id_list[$account_id] = '';
$allValues = array();
- $sri = ldap_search($this->ds, $this->group_context,
"(&(gidnumber=$account_id)(phpgwaccounttype=g))");
+ // Groups are person? are you sure?
+ $sri = ldap_search($this->ds, $this->group_context,
"(&(person_id=$person_id)(phpgwaccounttype=g))");
$allValues = ldap_get_entries($this->ds, $sri);
- if(@$allValues[0]['cn'][0])
+ if (@$allValues[0]['gidnumber'][0])
{
- $id_list[$account_id] = $allValues[0]['cn'][0];
- return $id_list[$account_id];
+ $person_list[$person_id] =
intval($allValues[0]['gidnumber'][0]);
+ return $person_list[$person_id];
}
$allValues = array();
- $sri = ldap_search($this->ds, $this->user_context,
"(&(uidnumber=$account_id)(phpgwaccounttype=u))");
+ $sri = ldap_search($this->ds, $this->user_context,
"(&(person_id=$person_id)(phpgwaccounttype=u))");
$allValues = ldap_get_entries($this->ds, $sri);
- if(@$allValues[0]['uid'][0])
+ if (@$allValues[0]['uidnumber'][0])
{
- $id_list[$account_id] = $allValues[0]['uid'][0];
- return $id_list[$account_id];
+ $id_list[$person_id] =
intval($allValues[0]['uidnumber'][0]);
+ return $person_list[$person_id];
}
- return $id_list[$account_id];
+ return $person_list[$person_id];
}
- function get_type($accountid = '')
+ /**
+ * Get type (account or group) for an id
+ *
+ * @param integer $id Account or group id
+ * @return string|boolean 'u' : account (user); 'g' : group;
false for none existing id
+ */
+ function get_type($id = '') // get_type() without an id - what
do you expect me to return!?
{
- static $account_type;
- $account_id = get_account_id($accountid);
-
- if (isset($this->account_type) && $account_id ==
$this->account_id)
+ if ($this->account_exists($id))
{
- return $this->account_type;
+ $type = 'u';
}
-
- if(@isset($account_type[$account_id]) &&
@$account_type[$account_id])
+ if ($this->group_exists($id))
+ {
+ if ($type == 'u')
+ {
+ die('account/group id ('.$id.')conflict
- bad luck');
+ }
+ else
+ {
+ $type = 'g';
+ }
+ }
+ if ($type)
{
- return $account_type[$account_id];
+ return $type;
}
-
- $allValues = array();
- $sri = ldap_search($this->ds, $this->user_context,
"(&(uidnumber=$account_id)(phpgwaccounttype=u))");
- $allValues = ldap_get_entries($this->ds, $sri);
-
- if($allValues[0]['phpgwaccounttype'][0])
+ else
{
- $allValues[0]['phpgwaccounttype'][0];
- $account_type[$account_id] =
$allValues[0]['phpgwaccounttype'][0];
- return $account_type[$account_id];
+ return false;
}
+ }
- $allValues = array();
- $sri = ldap_search($this->ds, $this->group_context,
"(&(gidnumber=$account_id)(phpgwaccounttype=g))");
- $allValues = ldap_get_entries($this->ds, $sri);
+
+
+ /**
+ * Get new id for an account/group
+ *
+ * @param string $type 'u' : account (user); 'g' : group
+ * @return integer|boolean New id for an account/group or false
+ */
+ function get_nextid($type = 'u')
+ {
+ if ($type == 'u')
+ {
+ return $this->get_nextAccountID();
+ }
+ elseif ($type == 'g')
+ {
+ return $this->get_nextGroupID();
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ /**
+ * Get new id for an account
+ *
+ * @return integer|boolean New id for an account or false
+ */
+ function get_nextAccountID()
+ {
+ $filter =
'(|(objectclass=posixaccount)(objectclass=phpgwaccount))';
+ $result = ldap_search($this->ds, $this->user_context,
$filter, array('uidnumber'));
+ $allValues = ldap_get_entries($this->ds, $result);
- if($allValues[0]['phpgwaccounttype'][0])
+ // parse all LDAP uidnumbers in a single array '$IDs'
+ while (list($key,$val) = each($allValues))
{
- $account_type[$account_id] =
$allValues[0]['phpgwaccounttype'][0];
- return $account_type[$account_id];
+ if (is_int($key))
+ {
+ $IDs[] =
$allValues[$key]['uidnumber'][0];
+ }
}
+ return $this->idTester($IDs,
$GLOBALS['phpgw_info']['server']['account_min_id'],
$GLOBALS['phpgw_info']['server']['account_max_id'] );
+ }
+
+ /**
+ * Get new id for a group
+ *
+ * @return integer|boolean New id for a group or false
+ */
+ function get_nextGroupID()
+ {
+ $filter =
'(|(objectclass=posixgroup)(objectclass=phpgwgroup))';
+ $result = ldap_search($this->ds, $this->group_context,
$filter, array('gidnumber'));
+ $allValues = ldap_get_entries($this->ds, $result);
- return $account_type[$account_id];
+ while (list($key,$val) = each($allValues))
+ {
+ if (is_int($key))
+ {
+ $IDs[] =
$allValues[$key]['gidnumber'][0];
+ }
+ }
+ return $this->idTester($IDs,
$GLOBALS['phpgw_info']['server']['group_min_id'],
$GLOBALS['phpgw_info']['server']['group_max_id'] );
}
- /*
- * returns nonzero if $account exists in LDAP: 0: nowhere 1:
user accounts, 2: group accounts, 3: both
- * $account can be an account_id (LDAP: uidnumber) or an
account_lid (LDAP: uid) (is determinded by is_int($account))
- */
- function exists($account)
+ /**
+ * Test if group exists
+ *
+ * @param integer $id Group id
+ * @param string $dn LDAP distinguised name
+ * @return array|boolean Array with 'dn' infos or false
+ */
+ function group_exists($id, $dn = '')
+ {
+ if ($id)
+ {
+ $result = ldap_search($this->ds,
$this->group_context, '(&(gidnumber='.$id.')(objectclass=posixgroup))');
+ $allValues = ldap_get_entries($this->ds,
$result);
+ if ($allValues[0]['dn'])
+ {
+ return $allValues[0];
+ }
+ else
+ {
+ return $this->dn_exists($dn);
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Test if account exists
+ *
+ * @param integer $id Account id
+ * @param string $dn LDAP distinguised name
+ * @return array|boolean Array with 'dn' infos or false
+ */
+ function account_exists($id, $dn = null)
{
- /* This sets up internal caching variables for this
functon */
- static $by_id, $by_lid;
- $users = array();
- $groups = array();
+ if ($id)
+ {
+ $result = ldap_search($this->ds,
$this->user_context, '(&(uidnumber='.$id.')(objectclass=posixaccount))');
+ $allValues = ldap_get_entries($this->ds,
$result);
+ if ($allValues[0]['dn'])
+ {
+ return $allValues[0];
+ }
+ }
+ if($dn)
+ {
+ return $this->dn_exists($dn);
+ }
+ return false;
+ }
- if(is_int($account))
+ /**
+ * Test if contact exists
+ *
+ * @param integer $id Contact id
+ * @param string $dn LDAP distinguised name
+ * @return array|boolean Array with 'dn' infos or false
+ */
+ function person_exists($id, $dn = '')
+ {
+ if ($id)
{
- $ldapgroup = 'gidnumber';
- $ldapacct = 'uidnumber';
- /* If data is cached, use it. */
- if(@isset($by_id[$account]) &&
@$by_id[$account])
+ $result = ldap_search($this->ds,
$this->user_context, 'phpgwcontact=' . $id);
+ $allValues = ldap_get_entries($this->ds,
$result);
+ if ($allValues[0]['dn'])
+ {
+ return $allValues[0];
+ }
+ else
{
- return $by_id[$account];
+ return $this->dn_exists($dn);
}
}
- else
+ return false;
+ }
+
+
+ /**
+ * Test if the given dn exists
+ *
+ * @param string $dn LDAP distinguised name
+ * @return array|boolean Array with 'dn', 'count' and attributes
or false
+ */
+ function dn_exists($dn)
+ {
+ if ($dn != '')
{
- $ldapgroup = 'cn';
- $ldapacct = 'uid';
- /* If data is cached, use it. */
- if(@isset($by_lid[$account]) &&
@$by_lid[$account])
+ $result = @ldap_search($this->ds, $dn,
'objectclass=*');
+ if ($result)
{
- return $by_lid[$account];
+ $allValues =
ldap_get_entries($this->ds, $result);
+ if ($allValues[0]['dn'])
+ {
+ return $allValues[0];
+ }
}
}
+ return false;
+ }
- $acct_type = $this->get_type($account);
+ /**
+ * Test if a group or an account exists
+ *
+ * @param integer $id Account or group id
+ * @return integer|boolean 1 : account or group exist; 2 :
account and group exist; 0/false nothing exist
+ */
+ function exists($id)
+ {
+ if (!is_int($id) && $id != '')
+ {
+ $id = $this->name2id($id);
+ }
- if($acct_type == 'g' && $this->group_context)
+ if ($id)
+ {
+ $return = 0;
+ if ($this->account_exists($id))
+ {
+ $return++;
+ }
+ if ($this->group_exists($id));
+ {
+ $return++;
+ }
+ return $return;
+ }
+ else
{
- $sri = ldap_search($this->ds,
$this->group_context, $ldapgroup . '=' . $account);
- $groups = ldap_get_entries($this->ds, $sri);
+ return false;
}
- $sri = ldap_search($this->ds, $this->user_context,
$ldapacct . '=' . $account);
- $users = ldap_get_entries($this->ds, $sri);
+ }
- if($users[0]['dn'])
+ /**
+ * Create account or group
+ *
+ * @param array $account_info Account/group information
+ * @param string $default_prefs Unused
+ * @return array|boolean Id of the newly created account or
false
+ */
+ function create($account_info,$default_prefs = true)
+ {
+ if (empty($account_info[$this->fields[0]]) ||
!$account_info[$this->fields[0]])
{
- $in += 1;
+ $account_info[$this->fields[0]] =
$this->get_nextid($account_info[$this->fields[0]]);
}
- if($groups[0]['dn'])
+ if ($account_info[$this->fields[5]] == 'u')
{
- $in += 2;
+ $this->create_account($account_info,
$default_prefs);
}
- /* This sets up internal caching for this function */
- if($ldapgroup == 'gidnumber')
+ elseif($account_info[$this->fields[5]] == 'g')
{
- $by_id[$account] = $in;
- $by_lid[$this->id2name($account)] = $in;
+ $this->create_group($account_info,
$default_prefs);
}
else
{
- $by_lid[$account] = $in;
- $by_id[$this->name2id($account)] = $in;
+ return false;
}
-
- return $in;
+
+ if($account_info[$this->fields[0]] &&
is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
+ {
+
$GLOBALS['phpgw']->preferences->create_defaults($account_info[$this->fields[0]]);
+ }
+ return $account_info[$this->fields[0]];
}
- function create($account_info,$default_prefs=True)
+ /**
+ * Create new account
+ *
+ * @param array $account_info Account information: account_id,
account_expires, account_status, lastlogin, lastloginfrom, lastpasswd_change,
account_firstname, account_lastname, account_passwd, homedirectory, ...
+ * @param string $default_prefs Unused
+ */
+ function create_account($account_info, $default_prefs)
{
- /* echo '<br>in create for account_lid:
"'.$account_lid.'"'; */
- if(empty($account_info['account_id']) ||
!$account_info['account_id'])
+ $dn = $this->rdn_account .
+ '=' .
+
$this->get_leafName($account_info[$this->fields[2]],
$account_info[$this->fields[3]], $account_info[$this->fields[1]]) .
+ ',' .
+ $this->user_context;
+
+ // phpgw attributes
+ $entry['objectclass'][] = 'phpgwAccount';
+ $entry['phpgwaccountid'] =
$account_info[$this->fields[0]]; //Lowercase is needed in case
of changing structural class
+ $entry['phpgwaccountexpires'] =
$account_info[$this->fields[7]];
+ if ($account_info['account_status'])
{
- $account_id =
$this->get_nextid($account_info['account_type']);
- /* echo '<br>using'.$account_id;exit; */
+ $entry['phpgwaccountstatus'] =
$account_info[$this->fields[6]];
}
else
{
- $account_id = $account_info['account_id'];
+ $entry['phpgwaccountstatus'] = 'I'; // 'I' for
inactiv
}
- $entry['userpassword'] =
$account_info['account_passwd'];
- $entry['phpgwaccounttype'] =
$account_info['account_type'];
- $entry['phpgwaccountexpires'] =
$account_info['account_expires'];
-
- if($account_info['account_type'] == 'g')
+ if ($account_info['lastlogin'])
+ {
+ $entry['phpgwlastlogin'] =
$account_info['lastlogin'];
+ }
+ if ($account_info['lastloginfrom'])
{
- $sri = ldap_search($this->ds,
$this->group_context, 'cn=' . $account_info['account_lid']);
+ $entry['phpgwlastloginfrom'] =
$account_info['lastloginfrom'];
+ }
+ if ($account_info['lastpasswd_change'])
+ {
+ $entry['phpgwlastpasswordchange'] =
$account_info['lastpasswd_change'];
+ }
+
+ $structural_modification = false;
+ if((int) $account_info['person_id']) //alters the
structural objectclass in LDAP
+ {
+ $entry['objectclass'][] = 'phpgwContact'; //
shouldn't be structural
+ $entry['phpgwcontactid'] =
(int)$account_info['person_id'];
+ //$structural_modification = True; //XXX You
need to test this with the $oldEntry
}
else
{
- $sri = ldap_search($this->ds,
$this->user_context, 'uid=' . $account_info['account_lid']);
+ $entry['objectclass'][] = 'account';
}
- $allValues = ldap_get_entries($this->ds, $sri);
-
if($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] &&
$account_info['account_type'] != 'g')
+ // additional attributes from the phpgw for groups
+ $entry['objectclass'][] = 'posixAccount';
+ $entry['cn'] =
utf8_encode($this->get_fullname($account_info[$this->fields[2]],
$account_info[$this->fields[3]]));
+ $entry['uidnumber'] =
$account_info[$this->fields[0]];
+ $entry['uid'] =
$account_info[$this->fields[1]];
+ $entry['description'] =
utf8_encode(str_replace('*','',lang('phpgw-created account')));
+ if ( $account_info[$this->fields[2]] )
+ {
+ $entry['givenname'] =
utf8_encode($account_info[$this->fields[2]]);
+ }
+ if ( $account_info[$this->fields[3]] )
{
- $entry['homedirectory'] =
$account_info['homedirectory'] && $account_info['homedirectory'] !=
$GLOBALS['phpgw_info']['server']['ldap_account_home'] ?
$account_info['homedirectory'] :
$GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid'];
- $entry['loginshell'] =
$account_info['loginshell'] ? $account_info['loginshell'] :
$GLOBALS['phpgw_info']['server']['ldap_account_shell'];
+ $entry['sn'] =
utf8_encode($account_info[$this->fields[3]]);
+ }
+ else
+ {
+ $entry['sn'] = ' '; // must in LDAP
+ }
+ if ($account_info[$this->fields[4]])
+ {
+ $entry['userpassword'] =
$GLOBALS['phpgw']->common->encrypt_password($account_info[$this->fields[4]]);
}
- if($allValues[0]['dn'])
+ // Fields are must for LDAP - so we write them in any
case
+ $entry['homedirectory'] =
$this->get_homedirectory($account_info[$this->fields[8]],
$account_info[$this->fields[1]]);
+ // In fact the loginshell is not Required (Must) it's
only optional (May) in posixAccount (Caeies), so don't need it now
+ //$entry['loginshell'] =
$this->get_loginshell($account_info['loginshell']);
+
+
+ // special gidnumber handling
+ if ($GLOBALS['phpgw_info']['server']['ldap_group_id'])
+ {
+ $enty['gidnumber'] =
$GLOBALS['phpgw_info']['server']['ldap_group_id'];
+ }
+ else
{
- /* This should keep the password from being
overwritten here on ldap import */
- unset($entry['userpassword']);
- $entry['gidnumber'] = $account_id;
+ $entry['gidnumber'] =
$account_info['account_id'];
+ }
- while(list($key,$val) = each($entry))
+ $oldEntry =
$this->account_exists($account_info[$this->fields[0]], $dn);
+
+ if ($oldEntry) // found an existing entry in LDAP
+ {
+ if ($this->createMode == 'replace')
+ {
+ ldap_delete($this->ds, $oldEntry['dn']);
+ $this->add_LDAP_Entry($dn, $entry);
+ }
+ elseif ($this->createMode == 'extend')
+ {
+ /* not yet implemented */
+ }
+ else // createMode == 'modify'
{
- $tmpentry = '';
- $tmpentry[$key] = trim($val); /* must
trim! */
- /* echo '<br>'.$key.' '.$val; */
- if($tmpentry[$key])
+ while (list($key,$val) =
each($oldEntry))
{
- if(!$allValues[0][$key][0])
+ if (!is_int($key))
{
- /* attribute was not in
LDAP, add it */
- ldap_mod_add($this->ds,
$allValues[0]['dn'], $tmpentry);
- }
- else
+
unset($oldEntry[$key]['count']);
+ switch ($key)
+ {
+ case 'dn':
+ if
($oldEntry['dn'] != $dn) // new group name DN should renamed as well
+ {
+
$oldEntry['dn'] = $this->rename_LDAP_entry($oldEntry['dn'], $dn,
$this->user_context);
+
if (!$oldEntry['dn'])
+
{
+
die('ldap_rename FAILED: [' . ldap_errno($this->ds) . '] ' .
ldap_error($this->ds));
+
}
+ }
+ break;
+
+ case 'count':
+ case 'cn':
+ case
'description':
+ case
'phpgwaccountid':
+ case
'gidnumber':
+ case
'phpgwaccountstatus':
+ case
'phpgwaccountexpires':
+ case
'uidnumber':
+ case 'uid':
+ case
'userpassword':
+ case
'homedirectory':
+ case
'loginshell':
+ case
'givenname':
+ case 'sn':
+ case
'phpgwlastlogin':
+ case
'phpgwlastloginfrom':
+ case
'phpgwlastpasswordchange':
+ case
'phpgwcontactid':
+ break;
+
+ case
'objectclass':
+ if(
!in_array('phpgwAccount', $oldEntry[$key]) && !in_array('phpgwContact',
$oldEntry[$key]) )
+ {
+
$entry[$key] = $oldEntry[$key];
+
array_push($entry[$key], 'phpgwAccount');
+ }
+
elseif((in_array('phpgwContact',$entry[$key]) &&
!in_array('phpgwContact',$oldEntry[$key])))
+ {
+
$structural_modification = true;
+ }
+ else
+ {
+
$entry[$key] = $oldEntry[$key];
+ }
+ break;
+
+ default:
+
$entry[$key] = $oldEntry[$key];
+ }
+ }
+ }
+
+ //Caeies Bonification
+ //When a structural object is modified
you need to remove it then re add it ...
+ //So You need to add to entry all the
old stuff not modified in $entry .
+ if ( $structural_modification )
+ {
+ for( $i = 0; $i <
$oldEntry['count']; ++$i)
{
- /* attribute was in
LDAP, modify it */
- ldap_modify($this->ds,
$allValues[0]['dn'], $tmpentry);
+ if (
!empty($oldEntry[$i]) && !(array_key_exists($oldEntry[$i],$entry)) )
+ {
+ if (
count($oldEntry[$oldEntry[$i]]) == 1 )
+ {
+
$entry[$oldEntry[$i]] = $oldEntry[$oldEntry[$i]][0];
+ }
+ else
+ {
+
$entry[$oldEntry[$i]] = $oldEntry[$oldEntry[$i]];
+ }
+ }
}
- }
+ ldap_delete($this->ds,
$oldEntry['dn']);
+
$this->add_LDAP_Entry($oldEntry['dn'], $entry);
+ } else {
+
$this->modify_LDAP_Entry($oldEntry['dn'], $entry);
}
- if($account_info['account_type'] == 'g')
- {
- $tmpentry['objectclass'][0] = 'top';
- $tmpentry['objectclass'][1] =
'posixGroup';
- $tmpentry['objectclass'][2] =
'phpgwAccount';
+ $dn = $oldEntry['dn'];
}
- else
- {
- $tmpentry['uidnumber'] =
$account_id;
- $tmpentry['objectclass'][0] = 'top';
- $tmpentry['objectclass'][1] = 'person';
- $tmpentry['objectclass'][2] =
'organizationalPerson';
- $tmpentry['objectclass'][3] =
'inetOrgPerson';
- $tmpentry['userpassword'] =
$GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
- /* $tmpentry['objectclass'][4] =
'account'; Causes problems with some LDAP servers */
- $tmpentry['objectclass'][4] =
'posixAccount';
- $tmpentry['objectclass'][5] =
'shadowAccount';
- $tmpentry['objectclass'][6] =
'phpgwAccount';
- $tmpentry['phpgwaccountstatus'] =
$account_info['account_status'];
- $tmpentry['phpgwaccounttype'] =
$account_info['account_type'];
- $tmpentry['phpgwaccountexpires'] =
$account_info['account_expires'];
- }
- ldap_modify($this->ds, $allValues[0]['dn'],
$tmpentry);
}
- else
+ else // entry not yet in LDAP
+ {
+ $this->add_LDAP_Entry($dn, $entry);
+ }
+ }
+
+ /**
+ * Create new group
+ *
+ * @param array $account_info Group information: account_id,
account_lid, ...
+ * @param string $default_prefs Unused
+ */
+ function create_group($account_info, $default_prefs)
+ {
+ $dn = $this->rdn_group . '=' .
$account_info[$this->fields[1]] . ',' . $this->group_context;
+
+ // phpgw needed attributes
+
+ $entry['objectclass'][] = 'phpgwGroup';
+ $entry['phpgwgroupID'] =
$account_info[$this->fields[0]];
+ $entry['gidnumber'] =
$account_info[$this->fields[0]];
+
+ // additional attributes from the phpgw for groups
+ $entry['objectclass'][] = 'posixGroup';
+ $entry['cn'] =
$account_info[$this->fields[1]];
+ $entry['description'] = utf8_encode(str_replace('*',
'', lang('phpgw-created group')));
+ if (!$entry['memberuid'] =
$this->get_memberUIDs($account_info[$this->fields[0]]))
{
- /* Not already there, we will add it */
- if($account_info['account_type'] == 'g')
- {
- $dn =
'cn='.$account_info['account_lid'] . ',' . $this->group_context;
- unset($entry['homedirectory']);
- unset($entry['loginshell']);
- $entry['objectclass'][0] = 'top';
- $entry['objectclass'][1] = 'posixGroup';
- $entry['objectclass'][2] =
'phpgwAccount';
- $entry['cn'] =
$account_info['account_lid'];
- $entry['gidnumber'] = $account_id;
- $entry['userpassword'] =
$GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
- $entry['description'] =
'phpgw-created group';
+ unset ($entry['memberuid']);
+ }
+
+ $oldEntry =
$this->group_exists($account_info[$this->fields[0]], $dn);
+
+ if ($oldEntry) // found an existing entry in LDAP
+ {
+ if ($this->createMode == 'replace')
+ {
+ ldap_delete($this->ds, $oldEntry['dn']);
+ $this->add_LDAP_Entry($dn, $entry);
}
- else
+ elseif ($this->createMode == 'extend')
{
- $dn = 'uid=' .
$account_info['account_lid'] . ',' . $this->user_context;
- $entry['cn'] = sprintf("%s %s",
$account_info['account_firstname'], $account_info['account_lastname']);
- $entry['sn'] =
$account_info['account_lastname'];
- $entry['givenname'] =
$account_info['account_firstname'];
- $entry['uid'] =
$account_info['account_lid'];
- $entry['uidnumber'] = $account_id;
-
if($GLOBALS['phpgw_info']['server']['ldap_group_id'])
- {
- $entry['gidnumber'] =
$GLOBALS['phpgw_info']['server']['ldap_group_id'];
- }
- else
+ /* not yet implemented */
+ }
+ else // createMode == 'modify'
+ {
+ while (list($key,$val) =
each($oldEntry))
{
- $entry['gidnumber'] =
$account_id;
+ if (!is_int($key))
+ {
+
unset($oldEntry[$key]['count']);
+ switch ($key)
+ {
+ case 'dn':
+ if
($oldEntry['dn'] != $dn) // new group name DN should renamed as well
+ {
+
$oldEntry['dn'] = $this->rename_LDAP_entry($oldEntry['dn'], $dn,
$this->group_context);
+
if (!$oldEntry['dn'])
+
{
+
die('ldap_rename FAILED: [' . ldap_errno($this->ds) . '] ' .
ldap_error($this->ds));
+
}
+ }
+ break;
+ case 'count':
+ case 'cn':
+ case
'description':
+ case
'phpgwgroupid':
+ case
'gidnumber':
+ case
'memberuid':
+ break;
+
+ case
'objectclass':
+ if(
!in_array('phpgwGroup', $oldEntry[$key]) && !in_array('phpgwgroup',
$oldEntry[$key]) )
+ {
+
$entry[$key] = $oldEntry[$key];
+
array_push($entry[$key], 'phpgwGroup');
+ }
+ else
+ {
+
$entry[$key] = $oldEntry[$key];
+ }
+ break;
+
+ default:
+
$entry[$key] = $oldEntry[$key];
+ }
+ }
}
- $entry['userpassword'] =
$GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
- $entry['phpgwlastpasswdchange'] = 0;
- $entry['objectclass'][0] = 'top';
- $entry['objectclass'][1] = 'person';
- $entry['objectclass'][2] =
'organizationalPerson';
- $entry['objectclass'][3] =
'inetOrgPerson';
- /* $entry['objectclass'][4] =
'account'; Causes problems with some LDAP servers */
- $entry['objectclass'][4] =
'posixAccount';
- $entry['objectclass'][5] =
'shadowAccount';
- $entry['objectclass'][5] =
'phpgwAccount';
+
$this->modify_LDAP_Entry($oldEntry['dn'], $entry);
}
-
- /* _debug_array($entry);exit; */
-
- ldap_add($this->ds, $dn, $entry);
}
- /* print ldap_error($this->ds); */
-
- if($account_id &&
is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
+ else // entry not yet in LDAP
+ {
+ $this->add_LDAP_Entry($dn, $entry);
+ }
+ }
+
+ /**
+ * Add entry to LDAP
+ *
+ * @param string $dn The distinguised name which should be added
+ * @param array $entry Array of all LDAP attributes to be added
+ * @return boolean True when successful otherwise false (die for
now)
+ */
+ function add_LDAP_Entry($dn, $entry)
+ {
+ $success = ldap_add($this->ds, $dn, $entry);
+ if (!$success)
{
-
$GLOBALS['phpgw']->preferences->create_defaults($account_id);
+ echo 'ldap_add FAILED: [' .
ldap_errno($this->ds) . '] ' . ldap_error($this->ds).'<br /><br />';
+ echo "<strong>Adds: ".$dn."</strong><br />";
+ echo "<pre>";
+ print_r($entry);
+ echo "</pre>";
+ echo "<br />";
+ die('');
+ }
+ else
+ {
+ return true;
+ }
+ }
+
+ /**
+ * Modify an entry in LDAP
+ *
+ * @param string $dn the distinguised name which should be
modified
+ * @param array $entry Array of all LDAP attributes which are
going to be modified
+ * @return boolean True on success otherwise false (die for now)
+ */
+ function modify_LDAP_Entry($dn, $entry)
+ {
+ $success = ldap_modify($this->ds, $dn, $entry);
+ if (!$success)
+ {
+ echo 'ldap_modified FAILED: [' .
ldap_errno($this->ds) . '] ' . ldap_error($this->ds).'<br /><br />';
+ echo "<strong>Modifies: ".$dn."</strong><br />";
+ echo "<pre>";
+ print_r($entry);
+ echo "</pre>";
+ echo "<br />";
+ die('');
+ }
+ else
+ {
+ return true;
}
- return $account_id;
}
- function auto_add($accountname, $passwd, $default_prefs =
False, $default_acls = False, $expiredate = 0, $account_status = 'A')
+ /**
+ * Rename LDAP entry
+ *
+ * @param string $oldDN Old distinguised name that should be
renamed
+ * @param string $newDN New distinguised name to which the old
one should be renamed
+ * @param string $baseDN Base distinguised name for the rename
operation
+ * @return string|boolean The new distinguised name on success
otherwise false
+ */
+ function rename_LDAP_Entry($oldDN, $newDN, $baseDN)
{
- return False;
+ $newDN_array = (ldap_explode_dn($newDN, 0));
+ $oldDN_array = (ldap_explode_dn($oldDN, 0));
+
+ unset($newDN_array['count']);
+ unset($oldDN_array['count']);
+
+ $newDN_RDN = $newDN_array[0];
+ $oldDN_RDN = array_shift($oldDN_array);
+ $oldDN_base = implode(',', $oldDN_array);
+ if (($newDN_RDN != $oldDN_RDN) && ($oldDN_base ==
$baseDN))
+ {
+ $success = ldap_rename ( $this->ds, $oldDN,
$newDN_RDN, $baseDN, false);
+ if ($success)
+ {
+ return $newDN;
+ }
+ else
+ {
+ return false;
+ }
+ }
+ }
+
- if($expiredate)
+ /**
+ * Create a non existing but authorized user
+ *
+ * @param string $accountname User name
+ * @param string $passwd User password
+ * @param boolean $default_prefs Default preferences for this
new user
+ * @param boolean $default_acls Acls (modules) for this new user
+ * @param integer $expiredate Expire date of this account. '-1'
for never. Defaults to 'in 30 days'
+ * @param char $account_status Status for new user. 'A' for
active user.
+ * @return integer Account id
+ */
+ function auto_add($accountname, $passwd, $default_prefs =
false, $default_acls = false, $expiredate = 0, $account_status = 'A')
+ {
+ if ($expiredate)
{
$expires = mktime(2,0,0,date('n',$expiredate),
intval(date('d',$expiredate)), date('Y',$expiredate));
}
@@ -789,39 +1118,31 @@
}
$acct_info = array(
+ 'account_id' => $this->get_nextid('u'),
//'u' for account
'account_lid' => $accountname,
- 'account_type' => 'u',
'account_passwd' => $passwd,
'account_firstname' => 'New',
'account_lastname' => 'User',
'account_status' => $account_status,
'account_expires' => $expires
);
- $this->create($acct_info,$default_prefs);
- $accountid = $this->name2id($accountname);
+ $this->create_account($acct_info, $default_prefs);
+ $accountid = $this->accountName2id($accountname);
$this->db->transaction_begin();
- if($default_acls == False)
+ if ($default_acls == false)
{
- $apps = Array(
- 'addressbook',
- 'calendar',
- 'email',
- 'notes',
- 'todo',
- 'filemanager',
- 'manual'
- );
-
+ $apps = $this->fallback_apps;
+
$default_group_lid =
$GLOBALS['phpgw_info']['server']['default_group_lid'];
- $default_group_id =
$this->name2id($default_group_lid);
- $defaultgroupid = $default_group_id ?
$default_group_id : $this->name2id('Default');
+ $default_group_id =
$this->groupName2id($default_group_lid);
+ $defaultgroupid = $default_group_id ?
$default_group_id : $this->groupName2id('Default');
if($defaultgroupid)
{
- $this->db->query("insert into phpgw_acl
(acl_appname, acl_location, acl_account, acl_rights) values('phpgw_group', "
- . $defaultgroupid . ", " .
$accountid . ", 1)",__LINE__,__FILE__);
+ $this->db->query("INSERT INTO phpgw_acl
(acl_appname, acl_location, acl_account, acl_rights) values('phpgw_group', "
+ . $defaultgroupid . ', ' .
$accountid . ', 1)',__LINE__,__FILE__);
}
- $this->db->query("insert into phpgw_acl
(acl_appname, acl_location, acl_account, acl_rights)values('preferences',
'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
+ $this->db->query("INSERT INTO phpgw_acl
(acl_appname, acl_location, acl_account, acl_rights)values('preferences',
'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
@reset($apps);
while(list($key,$app) = each($apps))
{
@@ -847,7 +1168,7 @@
$acct_type = $this->get_type($account_id);
/* search the dn for the given uid */
- if( ($acct_type == 'g') && $this->group_context )
+ if ( ($acct_type == 'g') && $this->group_context )
{
$sri = ldap_search($this->ds,
$this->group_context, 'gidnumber='.$account_id);
}
@@ -860,14 +1181,14 @@
if($acct_type =='g')
{
$account_name[$account_id]['lid'] =
$allValues[0]['cn'][0];
- $account_name[$account_id]['fname'] =
$allValues[0]['cn'][0];
+ $account_name[$account_id]['fname'] =
utf8_decode($allValues[0]['cn'][0]);
$account_name[$account_id]['lname'] = 'Group';
}
else
{
$account_name[$account_id]['lid'] =
$allValues[0]['uid'][0];
- $account_name[$account_id]['fname'] =
$allValues[0]['givenname'][0];
- $account_name[$account_id]['lname'] =
$allValues[0]['sn'][0];
+ $account_name[$account_id]['fname'] =
utf8_decode($allValues[0]['givenname'][0]);
+ $account_name[$account_id]['lname'] =
utf8_decode($allValues[0]['sn'][0]);
}
$lid = $account_name[$account_id]['lid'];
$fname = $account_name[$account_id]['fname'];
@@ -875,27 +1196,276 @@
return;
}
- function get_account_data($account_id)
+ /**
+ * Get the DN for the given account id
+ *
+ * @param interger $id Account id
+ * @return string|boolean Distinguised name or false
+ */
+ function getDNforID($id = '')
{
- $this->account_id = $account_id;
- $this->read_repository();
+ return $this->getDNforAccountID($id);
+ }
- $data[$this->data['account_id']]['lid'] =
$this->data['account_lid'];
- $data[$this->data['account_id']]['firstname'] =
$this->data['firstname'];
- $data[$this->data['account_id']]['lastname'] =
$this->data['lastname'];
- $data[$this->data['account_id']]['fullname'] =
$this->data['fullname'];
- $data[$this->data['account_id']]['type'] =
$this->data['account_type'];
+ /**
+ * Get the DN for the account id
+ *
+ * @param integer $_accountid Account id
+ * @return string|boolean Distinguised name or false
+ */
+ function getDNforAccountID($id = '')
+ {
+ $_account_id = get_account_id($id);
- return $data;
+ $sri = ldap_search($this->ds, $this->user_context,
'uidnumber='.$id, array('dn'));
+ $allValues = ldap_get_entries($this->ds, $sri);
+ if ($allValues[0]['dn'])
+ {
+ return $allValues[0]['dn'];
+ }
+ else
+ {
+ return false;
+ }
}
- function getDNforID($_accountid = '')
+ function get_account_with_contact()
{
- $_account_id = get_account_id($_accountid);
+ $sri = ldap_search($this->ds, $this->user_context,
"(&(phpgwaccounttype=u)(phpgwpersonid=*))", array('uidnumber',
'phpgwpersonid'));
+ $allValues = ldap_get_entries($this->ds, $sri);
+ if(is_array($allValues))
+ {
+ $count = intval($allValues['count']);
+ for($i=0;$i<$count; $i++)
+ {
+ $value = &$allValue[$i];
+ $accounts[$value['uidnumber'][0]] =
$value['phpgwpersonid'][0];
+ }
+ }
+
+ return $accounts;
+ }
- $sri = ldap_search($this->ds, $this->user_context,
"uidnumber=$_account_id");
+ function get_account_without_contact()
+ {
+ $sri = ldap_search($this->ds, $this->user_context,
"(&(phpgwaccounttype=u)(!(phpgwpersonid=*)))", array('uidnumber'));
$allValues = ldap_get_entries($this->ds, $sri);
+ if(is_array($allValues))
+ {
+ $count = intval($allValues['count']);
+ for($i=0;$i<$count;$i++)
+ {
+ $value = &$allValue[$i];
+ $accounts[] = $value['uidnumber'][0];
+ }
+ }
+ return $accounts;
+ }
+
+ /**
+ * Distinguised name leaf name generation
+ *
+ * @param string $first Firstname
+ * @param string $last Lastname
+ * @param string $login Login name
+ * @return string Generated name of leaf of the distinguised name
+ */
+ function get_leafName($first, $last, $login)
+ {
+ //if ($first != '' && $last == '')
+ {
+ $return = $login;
+ }
+ //else
+ {
+ //$return = $first.' '.$last;
+ }
+ return $return;
+ }
+
+ /**
+ * Full name generation
+ *
+ * @param string $first Firstname
+ * @param string $last Lastname
+ * @return string Fullname
+ */
+ function get_fullname($first, $last)
+ {
+ return $first.' '.$last;
+ }
+
+ /**
+ * Test an array with ids for a free id in respect to a min and
max id
+ *
+ * @param array $IDs Array with existing id's
+ * @param integer $min Minimum for id number
+ * @param integer $max Maximum for id number
+ * @return integer New id that can be used
+ */
+ function idTester($IDs, $min = 1, $max = 0)
+ {
+
+ $interval = intval($max) - intval($min);
+ $base = intval($min) ? intval($min) : 1;
+ if ($interval > 0)
+ {
+ $pointer = $start =
$IDs[count($IDs)-1]%$interval;
+ }
+ else
+ {
+ $pointer = $IDs[count($IDs)-1];
+ }
+ if (is_array($IDs))
+ {
+ do
+ {
+ if ($interval > 0)
+ {
+ $pointer =
($pointer+1)%$interval;
+ if ($pointer == $start)
+ {
+ die('no free id found');
+ }
+ }
+ else
+ {
+ $pointer++;
+ }
+ }
+ while (in_array($base + $pointer, $IDs) &&
$pointer != $start);
+ }
+ else
+ {
+ $pointer = 0;
+ }
+ return $base + $pointer;
+ }
+
+ function get_homedirectory($newValue, $login)
+ {
+ if ($newValue != '' && $newValue !=
$GLOBALS['phpgw_info']['server']['ldap_account_home'])
+ {
+ $return = $newValue;
+ }
+ else
+ {
+ if
($GLOBALS['phpgw_info']['server']['ldap_account_home'] != '')
+ {
+ $return =
$GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$login;
+ }
+ else
+ {
+ $return = $this->fallback_homedirectory;
+ }
+ }
+ return $return;
+ }
+
+ function get_loginshell($newValue)
+ {
+ if ($newValue != '')
+ {
+ $return = $newValue;
+ }
+ else
+ {
+ if
($GLOBALS['phpgw_info']['server']['ldap_account_shell'] != '')
+ {
+ $return =
$GLOBALS['phpgw_info']['server']['ldap_account_shell'];
+ }
+ else
+ {
+ $return = $this->fallback_loginshell;
+ }
+ }
+ return $return;
+ }
+
+ function get_memberUIDs($account_id = '')
+ {
+ if ( !empty($account_id) )
+ {
+ $members = $this->member($account_id);
+ }
+ else
+ {
+ $members = $this->member($this->data['account_id']);
+ }
+ $return = array();
+ for ($i=0; $i<count($members); $i++)
+ {
+ $member =
$this->id2name($members[$i]['account_id']);
+ // function $this->member returns duplicated
entries and empty entries :-(
+ if (!in_array($member, $return) && $member !=
'')
+ {
+ $return[] = $member;
+ }
+ }
+ if (count($return))
+ {
+ return $return;
+ }
+ else
+ {
+ return false;
+ }
+ }
- return $allValues[0]['dn'];
+ /**
+ * Add an account to a group entry by adding the account name to
the memberuid attribute
+ *
+ * @param integer $accountID Account id
+ * @param integer $groupID Group id
+ * @return boolean True on success otherwise false
+ */
+ function add_account2Group($accountID, $groupID)
+ {
+ if ($accountID && $groupID)
+ {
+ $groupEntry = $this->group_exists($groupID);
+ $memberUID = $this->id2name($accountID);
+ if ($groupEntry && $memberUID)
+ {
+ if (!is_array($groupEntry['memberuid'])
|| !in_array($memberUID, $groupEntry['memberuid']))
+ {
+ $entry['memberuid'][] =
$memberUID;
+ return ldap_mod_add($this->ds,
$groupEntry['dn'], $entry);
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Delete an account for a group entry by removing the account
name from the memberuid attribute
+ *
+ * @param integer $accountID Account id
+ * @param integer $groupID Group id
+ * @return boolean True on success otherwise false
+ */
+ function delete_account4Group($accountID, $groupID)
+ {
+ if ($accountID && $groupID)
+ {
+ $groupEntry = $this->group_exists($groupID);
+ $memberUID = $this->id2name($accountID);
+ if ($groupEntry && $memberUID)
+ {
+ if (is_array($groupEntry['memberuid']))
+ {
+ for ($i=0; $i <
count($groupEntry['memberuid']); $i++)
+ {
+ if
($groupEntry['memberuid'][$i] == $memberUID)
+ {
+
$entry['memberuid'][] = $memberUID;
+ return
ldap_mod_del($this->ds, $groupEntry['dn'], $entry);
+ }
+ }
+ }
+ }
+ }
+ return false;
}
}
+?>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] phpgwapi/inc/class.accounts_ldap.inc.php, 1.115,
nomail <=