Context Navigation

source: branches/2.2/phpgwapi/inc/class.accounts_ldap.inc.php @ 3234

Revision 3234, 40.2 KB checked in by niltonneto, 14 years ago (diff)
Ticket #566 - Implementado bloqueio ao editar dados pessoais, conforme ACL.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Accounts manager for LDAP *
4	* Written by Joseph Engo <jengo@phpgroupware.org> *
5	* and Lars Kneschke <lkneschke@phpgw.de> *
6	* and Miles Lott <milos@groupwhere.org> *
7	* and Bettina Gille <ceb@phpgroupware.org> *
8	* View and manipulate account records using LDAP *
9	* Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke *
10	* Copyright (C) 2003 Lars Kneschke, Bettina Gille *
11	* ------------------------------------------------------------------------ *
12	* This library is part of the eGroupWare API *
13	* http://www.egroupware.org *
14	* ------------------------------------------------------------------------ *
15	* This library is free software; you can redistribute it and/or modify it *
16	* under the terms of the GNU Lesser General Public License as published by *
17	* the Free Software Foundation; either version 2.1 of the License, *
18	* or any later version. *
19	* This library is distributed in the hope that it will be useful, but *
20	* WITHOUT ANY WARRANTY; without even the implied warranty of *
21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
22	* See the GNU Lesser General Public License for more details. *
23	* You should have received a copy of the GNU Lesser General Public License *
24	* along with this library; if not, write to the Free Software Foundation, *
25	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
26	\**************************************************************************/
27
28	class accounts_
29	{
30	var $db;
31	var $ds;
32	var $account_id;
33	var $data;
34	var $user_context = '';
35	var $group_context = '';
36	var $total;
37
38	function accounts_()
39	{
40	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
41	if(!$this->ds)
42	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
43	if(!@is_object($GLOBALS['phpgw']->translation))
44	{
45	$GLOBALS['phpgw']->translation = CreateObject('phpgwapi.translation');
46	}
47	$this->user_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
48	$this->group_context = $GLOBALS['phpgw_info']['server']['ldap_group_context'];
49	}
50
51	function read_repository()
52	{
53	$acct_type = $this->get_type($this->account_id);
54
55	/* search the dn for the given uid */
56	if(($acct_type == 'g') && $this->group_context)
57	{
58	/* jakjr: using justthese with ldap_search */
59	$justthese = array("gidnumber", "cn");
60	$sri = @ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"), $justthese);
61	}
62	else
63	{
64	/* jakjr: using justthese with ldap_search */
65	$justthese = array("uidnumber", "gidnumber", "uid", "cn", "givenname", "sn", "mail", "phpgwaccountstatus", "phpgwaccountexpires", "phpgwaccounttype", "phpgwlastpasswdchange","phpgwagreeterm","telephonenumber","mobile");
66	$sri = @ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"), $justthese);
67	}
68	if(!$sri)
69	return null;
70	$allValues = ldap_get_entries($this->ds, $sri);
71
72	/* Now dump it into the array; take first entry found */
73	if($acct_type =='g')
74	{
75	$this->data['account_id'] = $allValues[0]['gidnumber'][0];
76	$this->data['account_lid'] = $allValues[0]['cn'][0];
77	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
78	$this->data['lastname'] = lang('Group');
79	}
80	else
81	{
82	$this->data['account_id'] = $allValues[0]['uidnumber'][0];
83	$this->data['account_primary_group'] = $allValues[0]['gidnumber'][0];
84	$this->data['account_lid'] = $allValues[0]['uid'][0];
85	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
86	$this->data['lastname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
87	if(isset($allValues[0]['mail'][0]))
88	{
89	$this->data['email'] = $allValues[0]['mail'][0];
90	}
91	$this->data['telephonenumber'] = $allValues[0]['telephonenumber'][0];
92	$this->data['mobile'] = $allValues[0]['mobile'][0];
93	/* jakjr: this is not used for expressoLivre */
94	/*
95	$this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0];
96	$this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0];
97	*/
98	$this->data['lastpasswd_change'] = @$allValues[0]['phpgwlastpasswdchange'][0];
99	$this->data['status'] = trim($allValues[0]['phpgwaccountstatus'][0]);
100	$this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0];
101	$this->data['type'] = $allValues[0]['phpgwaccounttype'][0];
102	$this->data['agree_terms'] = $allValues[0]['phpgwagreeterm'][0];
103	}
104	$this->data['account_dn'] = $allValues[0]['dn'];
105	$this->data['fullname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
106
107	/* jakjr: this is not used for expressoLivre */
108	/*
109	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
110	{
111	$this->data['homedirectory'] = $allValues[0]['homedirectory'][0];
112	$this->data['loginshell'] = $allValues[0]['loginshell'][0];
113	}
114	*/
115	return $this->data;
116	}
117
118	function save_repository()
119	{
120	#_debug_array($this->data);
121	$acct_type = $this->get_type($this->account_id);
122
123	/* search the dn for the given u/gidnumber */
124	if(($acct_type == 'g') && $this->group_context)
125	{
126	$sri = ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
127	}
128	else
129	{
130	$sri = ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"));
131	}
132	$allValues = ldap_get_entries($this->ds, $sri);
133
134	$this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0];
135
136	if($acct_type == 'u')
137	{
138	// data for posixaccount
139	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(sprintf("%s %s",
140	$this->data['firstname'],
141	$this->data['lastname']),$GLOBALS['phpgw']->translation->charset(),'utf-8'
142	);
143	$newData['uid'] = $GLOBALS['phpgw']->translation->convert(
144	$this->data['account_lid'],
145	$GLOBALS['phpgw']->translation->charset(),'utf-8'
146	);
147	if($this->data['lastname'])
148	{
149	$newData['sn'] = $GLOBALS['phpgw']->translation->convert(
150	$this->data['lastname'],
151	$GLOBALS['phpgw']->translation->charset(),'utf-8'
152	);
153	}
154
155	if($this->data['firstname'])
156	{
157	$newData['givenname'] = $GLOBALS['phpgw']->translation->convert(
158	$this->data['firstname'],
159	$GLOBALS['phpgw']->translation->charset(),'utf-8'
160	);
161	}
162	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
163	{
164	$newData['homedirectory'] = $this->data['homedirectory'];
165	$newData['loginshell'] = $this->data['loginshell'];
166	}
167	else
168	{
169	// the posixaccount schema requires this
170	$entry['homedirectory'] = '/home/'.$this->data['account_lid'];
171	$entry['loginshell'] = '/bin/false';
172	}
173	if($this->data['account_primary_group'])
174	{
175	$newData['gidnumber'] = $this->data['account_primary_group'];
176	}
177	if($this->data['lastlogin'])
178	{
179	$newData['phpgwaccountlastlogin'] = $this->data['lastlogin'];
180	}
181	if($this->data['lastloginfrom'])
182	{
183	$newData['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom'];
184	}
185	if($this->data['lastpasswd_change'])
186	{
187	$newData['phpgwlastpasswdchange'] = $this->data['lastpasswd_change'];
188	}
189	if($this->data['status'])
190	{
191	$newData['phpgwaccountstatus'] = $this->data['status'];
192	}
193	else
194	{
195	$newData['phpgwaccountstatus'] = array();
196	}
197	if($this->data['expires'])
198	{
199	$newData['phpgwaccountexpires'] = $this->data['expires'];
200	}
201	if($this->data['email'])
202	{
203	$newData['mail'] = $this->data['email'];
204	}
205
206	$newAccountID = $newData['uid'];
207	$oldAccountID = $newData['uid'];
208	}
209	else
210	{
211	// data for posixgroup
212	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(
213	$this->data['account_lid'],
214	$GLOBALS['phpgw']->translation->charset(), 'utf-8'
215	);
216	$newData['gidnumber'] = $this->account_id;
217	$newGroupID = $newData['cn'];
218	$oldGroupID = $newData['cn'];
219	}
220	if($this->data['type'])
221	{
222	$newData['phpgwaccounttype'] = $this->data['type'];
223	}
224
225	/*
226	Changing the uid: Need to delete and add new, since
227	PHP cannot change the dn for the entry.
228	*/
229	if ($acct_type == 'g')
230	{
231	$test = $allValues[0]['cn'][0];
232	}
233	else
234	{
235	$test = $allValues[0]['uid'][0];
236	}
237	if($GLOBALS['phpgw']->translation->convert($test,'utf-8') != $this->data['account_lid'])
238	{
239	$oldData = $allValues[0];
240	$oldDN = $oldData['dn'];
241	// remove all unneeded fields
242	unset($oldData['dn']);
243	unset($oldData['count']);
244	foreach($oldData as $key => $value)
245	{
246	if(is_numeric($key))
247	{
248	// remove the key, its no ldap key
249	unset($oldData[$key]);
250	}
251	else
252	{
253	// remove the count key
254	if($oldData[$key]['count'] == 1)
255	{
256	$oldData[$key] = $value[0];
257	}
258	else
259	{
260	unset($oldData[$key]['count']);
261	}
262	}
263	}
264
265	$oldAccountID = $oldData['uid'];
266	$oldGroupID = $oldData['cn'];
267
268	// merge the old data with the new one
269	$newData = array_merge($oldData, $newData);
270
271	/* Groups */
272	if($this->data['account_type'] == 'g' && $this->group_context )
273	{
274	$newDN = 'cn='.$this->data['account_lid'].','.$this->group_context;
275	$members = $this->member($this->account_id);
276	$newData['memberuid'] = array();
277	for($i=0;$i<count($members);$i++)
278	{
279	$currname = $this->id2name($members[$i]['account_id']);
280	if(!in_array($currname,$entry['memberuid']))
281	{
282	$newData['memberuid'][] = $currname;
283	}
284	}
285	}
286	/* Accounts */
287	else
288	{
289	$newDN = 'uid='.$this->data['account_lid'].','.$this->user_context;
290	}
291	// delete the old account
292	ldap_delete($this->ds,$oldDN);
293
294	// add the new account
295	#_debug_array($newData);
296	ldap_add($this->ds, $newDN, $newData);
297	}
298	/* Normal behavior for save_repository
299	update Account */
300	else
301	{
302	// add the list group members
303	if($this->data['account_type'] == 'g' && $this->group_context )
304	{
305	$members = $this->member($this->account_id);
306	#_debug_array($members);
307	$newData['memberuid'] = array();
308	for($i=0;$i<count($members);$i++)
309	{
310	$currname = $this->id2name($members[$i]['account_id']);
311	if(!in_array($currname,$newData['memberuid']))
312	{
313	$newData['memberuid'][] = $currname;
314	}
315	}
316	}
317	// modify the DN
318	ldap_modify($this->ds, $allValues[0]['dn'], $newData);
319	}
320
321	if ($this->data['account_type'] == 'u')
322	{
323	// lets check for groups, the user needs to be removed
324
325	// first lets search for the groups, the user is currently member of
326	// and from which he needs to be removed
327	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$oldAccountID . "))";
328	$justThese = array('memberuid','gidnumber');
329	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
330	if($sri)
331	{
332	$allValues = ldap_get_entries($this->ds, $sri);
333	if($allValues['count'] > 0)
334	{
335	unset($allValues['count']);
336	foreach($allValues as $key)
337	{
338	#_debug_array($key);
339	#_debug_array($this->data['account_groups']);
340	// delete the old accountid from any group
341	if($newAccountID != $oldAccountID)
342	{
343	$dn = $key['dn'];
344	$newData = array();
345	$newData['memberuid'] = $key['memberuid'];
346	unset($newData['memberuid']['count']);
347	// remove the uid from memberuid
348	$newData['memberuid'] = array_flip($newData['memberuid']);
349	unset($newData['memberuid'][$oldAccountID]);
350	# $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
351	$newData['memberuid'] = array_values(array_flip($newData['memberuid']));
352	ldap_mod_replace($this->ds, $dn, $newData);
353	#print ldap_error($this->ds);
354	}
355	else
356	{
357	if(!in_array($key['gidnumber'][0],$this->data['account_groups']))
358	{
359	$dn = $key['dn'];
360	$newData = array();
361	$newData['memberuid'] = $key['memberuid'];
362	unset($newData['memberuid']['count']);
363	// remove the uid from memberuid
364	$newData['memberuid'] = array_flip($newData['memberuid']);
365	unset($newData['memberuid'][$oldAccountID]);
366	$newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
367	ldap_mod_replace($this->ds, $dn, $newData);
368	#print ldap_error($this->ds);
369	}
370	}
371	}
372	}
373	}
374
375	// lets check group the user needs to be added
376	foreach($this->data['account_groups'] as $key => $value)
377	{
378	// search for the group
379	$filter = 'gidnumber=' . (int)$value;
380	$justThese = array('memberuid');
381	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
382	if($sri)
383	{
384	$allValues = ldap_get_entries($this->ds, $sri);
385	// if the user is not member of this group, add him
386	if(is_array($allValues[0]['memberuid']))
387	{
388	// this group has already some members
389	if(!in_array($newData['uid'],$allValues[0]['memberuid']))
390	{
391	$dn = $allValues[0]['dn'];
392	$newData = array();
393	$newData['memberuid'] = $allValues[0]['memberuid'];
394	unset($newData['memberuid']['count']);
395	$newData['memberuid'][] = $newAccountID;
396	$newData['memberuid'] = array_values(array_unique($newData['memberuid']));
397	ldap_mod_replace($this->ds, $dn, $newData);
398	}
399	}
400	else
401	{
402	// this group has no members
403	$dn = $allValues[0]['dn'];
404	$newData = array();
405	$newData['memberuid'][] = $newAccountID;
406	ldap_mod_replace($this->ds, $dn, $newData);
407	}
408	}
409	}
410	}
411	}
412
413	function delete($accountid = '')
414	{
415	$account_id = get_account_id($accountid);
416	$account_lid = $this->id2name((int)$account_id);
417
418	$filter = "(&(gidnumber=" . (int)$account_id.")(phpgwaccounttype=g))";
419	$sri = ldap_search($this->ds, $this->group_context, $filter);
420	if($sri)
421	{
422	$allValues = ldap_get_entries($this->ds, $sri);
423	}
424
425	if(!$allValues[0]['dn'])
426	{
427	$sri = ldap_search($this->ds, $this->user_context, "(&(uid=" . (string)$account_lid.")(phpgwaccounttype=u))");
428	if($sri)
429	{
430	$allValues = ldap_get_entries($this->ds, $sri);
431	$accountID = $allValues['0']['uid'][0];
432	$wasAccount = True;
433	}
434	}
435
436	if ($allValues[0]['dn'])
437	{
438	$del = ldap_delete($this->ds, $allValues[0]['dn']);
439	}
440
441	if($wasAccount)
442	{
443	// remove the user from any group he is member of
444	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$accountID . "))";
445	$justThese = array('memberuid','gidnumber');
446	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
447	if($sri)
448	{
449	$allValues = ldap_get_entries($this->ds, $sri);
450	if($allValues['count'] > 0)
451	{
452	unset($allValues['count']);
453	foreach($allValues as $key)
454	{
455	$dn = $key['dn'];
456	$newData = array();
457	$newData['memberuid'] = $key['memberuid'];
458	unset($newData['memberuid']['count']);
459	// remove the uid from memberuid
460	$newData['memberuid'] = array_flip($newData['memberuid']);
461	unset($newData['memberuid'][$accountID]);
462	$newData['memberuid'] = array_unique(array_flip($newData['memberuid']));
463	ldap_mod_replace($this->ds, $dn, $newData);
464	}
465	}
466	}
467	}
468	}
469
470	function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
471	{
472	//print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset, \$query_type=$query_type<br>";
473	$query = strtolower($query);
474
475	if($_type == 'accounts' \|\| $_type == 'both')
476	{
477	$filter = "(&(uidnumber=*)(phpgwaccounttype=u)";
478	if (!empty($query) && $query != '*')
479	{
480	switch($query_type)
481	{
482	case 'all':
483	default:
484	$query = '*'.$query;
485	// fall-through
486	case 'start':
487	$query .= '*';
488	// fall-through
489	case 'exact':
490	$filter .= "(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)(mail=$query))";
491	break;
492	case 'firstname':
493	case 'lastname':
494	case 'lid':
495	case 'email':
496	$to_ldap = array(
497	'firstname' => 'givenname',
498	'lastname' => 'sn',
499	'lid' => 'uid',
500	'email' => 'mail',
501	);
502	$filter .= '('.$to_ldap[$query_type].'='.$query.')';
503	break;
504	}
505	}
506	$filter .= ')';
507
508	$sri = ldap_search($this->ds, $this->user_context, $filter);
509	$allValues = ldap_get_entries($this->ds, $sri);
510	while (list($null,$allVals) = @each($allValues))
511	{
512	settype($allVals,'array');
513	$test = @$allVals['uid'][0];
514	if (!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] && $allVals['uid'][0])
515	{
516	$accounts[] = Array(
517	'account_id' => $allVals['uidnumber'][0],
518	'account_lid' => $allVals['uid'][0],
519	'account_type' => $allVals['phpgwaccounttype'][0],
520	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
521	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
522	'account_status' => $allVals['phpgwaccountstatus'][0],
523	'account_email' => $allVals['mail'][0],
524	);
525	}
526	}
527	}
528	if ($_type == 'groups' \|\| $_type == 'both')
529	{
530	if(empty($query) \|\| $query == '*')
531	{
532	$filter = '(&(gidnumber=*)(phpgwaccounttype=g))';
533	}
534	else
535	{
536	if ($_type == 'both')
537	$filter = "(&(gidnumber=*)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)))";
538	else
539	$filter = "(&(gidnumber=)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query*)))";
540	}
541	$sri = ldap_search($this->ds, $this->group_context, $filter);
542	$allValues = ldap_get_entries($this->ds, $sri);
543	while (list($null,$allVals) = @each($allValues))
544	{
545	settype($allVals,'array');
546	$test = $allVals['cn'][0];
547	if (!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0])
548	{
549	$accounts[] = Array(
550	'account_id' => $allVals['gidnumber'][0],
551	'account_lid' => $allVals['cn'][0],
552	'account_type' => $allVals['phpgwaccounttype'][0],
553	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
554	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
555	'account_status' => $allVals['phpgwaccountstatus'][0],
556	'account_email' => $allVals['mail'][0],
557	);
558	}
559	}
560	}
561	// sort the array
562	$arrayFunctions = CreateObject('phpgwapi.arrayfunctions');
563	if(empty($order))
564	{
565	$order = 'account_lid';
566	}
567	$sortedAccounts = $arrayFunctions->arfsort($accounts,explode(',',$order),$sort);
568	$this->total = count($accounts);
569
570	// return only the wanted accounts
571
572	if (is_array($sortedAccounts))
573	{
574	reset($sortedAccounts);
575	if(is_int($start) && is_int($offset))
576	{
577	return array_slice($sortedAccounts, $start, $offset);
578	}
579	elseif(is_int($start))
580	{
581	return array_slice($sortedAccounts, $start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
582	}
583	else
584	{
585	return $sortedAccounts;
586	}
587	}
588	return False;
589	}
590
591	function name2id($name,$which='account_lid')
592	{
593	/* jakjr: change search position */
594	$to_ldap = array(
595	'account_lid' => 'uid',
596	'account_email' => 'mail',
597	);
598	if (!isset($to_ldap[$which])) return False;
599
600	$sri = ldap_search($this->ds, $this->user_context, '(&('.$to_ldap[$which].'=' . (string)$name . ')(phpgwaccounttype=u))', array("uidnumber"));
601	$allValues = ldap_get_entries($this->ds, $sri);
602
603	if (@$allValues[0]['uidnumber'][0])
604	{
605	return (int)$allValues[0]['uidnumber'][0];
606	}
607
608	if ($which == 'account_lid') // groups only support account_lid
609	{
610	$sri = ldap_search($this->ds, $this->group_context, '(&(cn=' . (string)$name . ')(phpgwaccounttype=g))', array("gidnumber"));
611	$allValues = ldap_get_entries($this->ds, $sri);
612
613	if (@$allValues[0]['gidnumber'][0])
614	{
615	return (int)$allValues[0]['gidnumber'][0];
616	}
617	}
618
619	return False;
620	}
621
622	function id2name($account_id,$which='account_lid')
623	{
624	if ($which == 'account_lid' \|\| $which == 'account_type') // groups only support account_lid and account_type
625	{
626	$allValues = array();
627	/* jakjr: using justthese with ldap_search */
628	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("cn"));
629	if(!$sri)
630	return False;
631	$allValues = ldap_get_entries($this->ds, $sri);
632
633	$attr = $which == 'account_lid' ? 'cn' : 'phpgwaccounttype';
634	if (@$allValues[0]['cn'][0])
635	{
636	return $allValues[0]['cn'][0];
637	}
638	}
639	$to_ldap = array(
640	'account_lid' => 'uid',
641	'account_email' => 'mail',
642	'account_firstname' => 'surname',
643	'account_lastname' => 'cn',
644	'account_type' => 'phpgwaccounttype',
645	);
646	if (!isset($to_ldap[$which])) return False;
647
648	$allValues = array();
649	/* jakjr: using justthese with ldap_search */
650	$justthese = array("uid","mail","surname","cn","phpgwaccounttype");
651	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))', $justthese);
652	if(!$sri)
653	return False;
654	$allValues = ldap_get_entries($this->ds, $sri);
655
656	if (@$allValues[0][$to_ldap[$which]][0])
657	{
658	return $allValues[0][$to_ldap[$which]][0];
659	}
660	return False;
661	}
662
663	function get_type($account_id)
664	{
665	$allValues = array();
666	/* jakjr: using justthese with ldap_search */
667	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))', array("phpgwaccounttype"));
668	if(!$sri)
669	return False;
670	$allValues = ldap_get_entries($this->ds, $sri);
671
672	if ($allValues[0]['phpgwaccounttype'][0])
673	{
674	return $allValues[0]['phpgwaccounttype'][0];
675	}
676
677	$allValues = array();
678	/* jakjr: using justthese with ldap_search */
679	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("phpgwaccounttype"));
680	if(!$sri)
681	return False;
682	$allValues = ldap_get_entries($this->ds, $sri);
683
684	if ($allValues[0]['phpgwaccounttype'][0])
685	{
686	return $allValues[0]['phpgwaccounttype'][0];
687	}
688	return False;
689	}
690
691	/*
692	* returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both
693	* $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer')
694	*/
695	function exists($account)
696	{
697	/* This sets up internal caching variables for this functon */
698	static $by_id, $by_lid;
699	$users = array();
700	$groups = array();
701
702	if(is_int($account))
703	{
704	$ldapgroup = 'gidnumber';
705	$ldapacct = 'uidnumber';
706	$account = (int)$account;
707	/* If data is cached, use it. */
708	if(@isset($by_id[$account]) && @$by_id[$account])
709	{
710	return $by_id[$account];
711	}
712	}
713	else
714	{
715	$ldapgroup = 'cn';
716	$ldapacct = 'uid';
717	/* If data is cached, use it. */
718	if(@isset($by_lid[$account]) && @$by_lid[$account])
719	{
720	return $by_lid[$account];
721	}
722	}
723
724	$acct_type = $this->get_type($account);
725
726	if ($acct_type == 'g' && $this->group_context)
727	{
728	$sri = @ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . $account);
729	if(!$sri)
730	return False;
731	$groups = ldap_get_entries($this->ds, $sri);
732	}
733	$sri = @ldap_search($this->ds, $this->user_context, $ldapacct . '=' . $account);
734	if(!$sri)
735	return False;
736	$users = ldap_get_entries($this->ds, $sri);
737
738	if ($users[0]['dn'])
739	{
740	$in += 1;
741	}
742	if ($groups[0]['dn'])
743	{
744	$in += 2;
745	}
746	/* This sets up internal caching for this function */
747	if($ldapgroup == 'gidnumber')
748	{
749	$by_id[$account] = $in;
750	$by_lid[$this->id2name($account)] = $in;
751	}
752	else
753	{
754	$by_lid[$account] = $in;
755	$by_id[$this->name2id($account)] = $in;
756	}
757
758	return $in;
759	}
760
761	function create($account_info,$default_prefs=True)
762	{
763	/* echo '<br>in create for account_lid: "'.$account_lid.'"'; */
764	if (empty($account_info['account_id']) \|\| !$account_info['account_id'])
765	{
766	$account_id = $this->get_nextid($account_info['account_type']);
767	/* echo '<br>using'.$account_id;exit; */
768	}
769	else
770	{
771	$account_id = $account_info['account_id'];
772	}
773	$entry['userpassword'] = $account_info['account_passwd'];
774	$entry['phpgwaccounttype'] = $account_info['account_type'];
775	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
776
777	if($account_info['account_type'] == 'g')
778	{
779	$sri = @ldap_search($this->ds, $this->group_context, 'cn=' . (string)$account_info['account_lid']);
780	}
781	else
782	{
783	$sri = @ldap_search($this->ds, $this->user_context, 'uid=' . (string)$account_info['account_lid']);
784	}
785	if(!$sri)
786	return False;
787	$allValues = ldap_get_entries($this->ds, $sri);
788
789	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g')
790	{
791	$entry['homedirectory'] = $account_info['homedirectory'] && $account_info['homedirectory'] != $GLOBALS['phpgw_info']['server']['ldap_account_home'] ? $account_info['homedirectory'] : $GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid'];
792	$entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['phpgw_info']['server']['ldap_account_shell'];
793	}
794	elseif($account_info['account_type'] != 'g')
795	{
796	$entry['homedirectory'] = '/home/'.$account_info['account_lid'];
797	$entry['loginshell'] = '/bin/false';
798	}
799
800	if ($allValues[0]['dn'])
801	{
802	/* This should keep the password from being overwritten here on ldap import */
803	unset($entry['userpassword']);
804	$entry['gidnumber'] = $account_id;
805
806	while (list($key,$val) = each($entry))
807	{
808	$tmpentry = '';
809	$tmpentry[$key] = trim($val); /* must trim! */
810	/* echo '<br>'.$key.' '.$val; */
811	if ($tmpentry[$key])
812	{
813	if (!$allValues[0][$key][0])
814	{
815	/* attribute was not in LDAP, add it */
816	ldap_mod_add($this->ds, $allValues[0]['dn'], $tmpentry);
817	}
818	else
819	{
820	/* attribute was in LDAP, modify it */
821	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
822	}
823	}
824	}
825
826	if ($account_info['account_type'] == 'g')
827	{
828	$tmpentry['objectclass'][0] = 'top';
829	$tmpentry['objectclass'][1] = 'posixGroup';
830	$tmpentry['objectclass'][2] = 'phpgwAccount';
831	}
832	else
833	{
834	$tmpentry['uidnumber'] = $account_id;
835	$tmpentry['objectclass'][0] = 'top';
836	$tmpentry['objectclass'][1] = 'person';
837	$tmpentry['objectclass'][2] = 'organizationalPerson';
838	$tmpentry['objectclass'][3] = 'inetOrgPerson';
839	$tmpentry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'],False);
840	/* $tmpentry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */
841	$tmpentry['objectclass'][4] = 'posixAccount';
842	$tmpentry['objectclass'][5] = 'shadowAccount';
843	$tmpentry['objectclass'][6] = 'phpgwAccount';
844	$tmpentry['phpgwaccountstatus'] = $account_info['account_status'];
845	$tmpentry['phpgwaccounttype'] = $account_info['account_type'];
846	$tmpentry['phpgwaccountexpires'] = $account_info['account_expires'];
847	}
848	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
849	}
850	else
851	{
852	/* Not already there, we will add it */
853	if ($account_info['account_type'] == 'g')
854	{
855	$dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context;
856	unset($entry['homedirectory']);
857	unset($entry['loginshell']);
858	$entry['objectclass'][0] = 'top';
859	$entry['objectclass'][1] = 'posixGroup';
860	$entry['objectclass'][2] = 'phpgwAccount';
861	$entry['cn'] = $GLOBALS['phpgw']->translation->convert($account_info['account_lid'],$GLOBALS['phpgw']->translation->charset(),'utf-8');
862	$entry['gidnumber'] = $account_id;
863	#$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
864	$entry['description'] = 'phpgw-created group';
865	}
866	else
867	{
868	$dn = 'uid=' . $account_info['account_lid'] . ',' . $this->user_context;
869
870	$entry['cn'] = $GLOBALS['phpgw']->translation->convert(
871	sprintf(
872	"%s %s",
873	$account_info['account_firstname'],
874	$account_info['account_lastname']
875	),
876	$GLOBALS['phpgw']->translation->charset(),
877	'utf-8'
878	);
879
880	$entry['sn'] = $GLOBALS['phpgw']->translation->convert(
881	$account_info['account_lastname'],
882	$GLOBALS['phpgw']->translation->charset(),
883	'utf-8'
884	);
885
886	if($account_info['account_firstname'])
887	{
888	$entry['givenname'] = $GLOBALS['phpgw']->translation->convert(
889	$account_info['account_firstname'],
890	$GLOBALS['phpgw']->translation->charset(),
891	'utf-8'
892	);
893	}
894	if($account_info['account_email'])
895	{
896	$entry['mail'] = $GLOBALS['phpgw']->translation->convert(
897	$account_info['account_email'],
898	$GLOBALS['phpgw']->translation->charset(),
899	'utf-8'
900	);
901	}
902	$entry['uid'] = $account_info['account_lid'];
903	$entry['uidnumber'] = $account_id;
904	$entry['gidnumber'] = $account_info['account_primary_group'];
905	$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
906	$entry['objectclass'][0] = 'top';
907	$entry['objectclass'][1] = 'person';
908	$entry['objectclass'][2] = 'organizationalPerson';
909	$entry['objectclass'][3] = 'inetOrgPerson';
910	$entry['objectclass'][4] = 'posixAccount';
911	$entry['objectclass'][5] = 'shadowAccount';
912	$entry['objectclass'][6] = 'phpgwAccount';
913	if($account_info['account_status'])
914	{
915	$entry['phpgwaccountstatus'] = $account_info['account_status'];
916	}
917	$entry['phpgwaccounttype'] = $account_info['account_type'];
918	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
919	}
920
921	#_debug_array($entry);
922
923	// stop processing if ldap_add fails
924	if(!ldap_add($this->ds, $dn, $entry))
925	{
926	return false;
927	}
928	}
929	// print ldap_error($this->ds);
930
931	// lets check group the user needs to be added
932	if($account_info['account_type'] == 'u')
933	{
934	@settype($account_info['account_groups'],'array');
935	foreach($account_info['account_groups'] as $key => $value)
936	{
937	// search for the group
938	$filter = 'gidnumber=' . (int)$value;
939	$justThese = array('memberuid');
940	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
941	if($sri)
942	{
943	$allValues = ldap_get_entries($this->ds, $sri);
944	// if the user is not member of this group, add him
945	if(is_array($allValues[0]['memberuid']))
946	{
947	// this group has already some members
948	if(!in_array($account_info['account_lid'],$allValues[0]['memberuid']))
949	{
950	$dn = $allValues[0]['dn'];
951	$newData = array();
952	$newData['memberuid'] = $allValues[0]['memberuid'];
953	unset($newData['memberuid']['count']);
954	$newData['memberuid'][] = $account_info['account_lid'];
955	$newData['memberuid'] = array_unique($newData['memberuid']);
956	ldap_mod_replace($this->ds, $dn, $newData);
957	#print ldap_error($this->ds)."<br>";
958	}
959	}
960	else
961	{
962	// this group has no members
963	$dn = $allValues[0]['dn'];
964	$newData = array();
965	$newData['memberuid'][] = $account_info['account_lid'];
966	ldap_mod_replace($this->ds, $dn, $newData);
967	}
968	}
969	}
970	}
971
972	if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
973	{
974	$GLOBALS['phpgw']->preferences->create_defaults($account_id);
975	}
976
977	return $account_id;
978	}
979
980	function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
981	{
982	if ($expiredate == 0)
983	{
984	if(isset($GLOBALS['phpgw_info']['server']['auto_create_expire']) == True)
985	{
986	if($GLOBALS['phpgw_info']['server']['auto_create_expire'] == 'never')
987	{
988	$expires = -1;
989	}
990	else
991	{
992	$expiredate = time() + $GLOBALS['phpgw_info']['server']['auto_create_expire'];
993	}
994	}
995	}
996	else
997	{
998	/* expire in 30 days by default */
999	$expiredate = time() + ((60 * 60) * (30 * 24));
1000	}
1001
1002	if ($expires != -1)
1003	{
1004	$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
1005	}
1006
1007	$default_group_id = $this->name2id($GLOBALS['phpgw_info']['server']['default_group_lid']);
1008	if (!$default_group_id)
1009	{
1010	$default_group_id = (int) $this->name2id('Default');
1011	}
1012	$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
1013	$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
1014	(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
1015
1016	$acct_info = array(
1017	'account_lid' => $accountname,
1018	'account_type' => 'u',
1019	'account_passwd' => $passwd,
1020	'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New',
1021	'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User',
1022	'account_status' => $account_status,
1023	'account_expires' => $expires,
1024	'account_primary_group' => $primary_group,
1025	);
1026
1027	/* attempt to set an email address */
1028	if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '')
1029	{
1030	$acct_info['account_email'] = $GLOBALS['auto_create_acct']['email'];
1031	}
1032	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) == True && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1033	{
1034	$acct_info['account_email'] = $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix'];
1035	}
1036
1037	$this->db->transaction_begin();
1038
1039	$this->create($acct_info,$default_prefs); /* create the account */
1040
1041	$accountid = $this->name2id($accountname); /* grab the account id or an error code */
1042
1043	if ($accountid) /* begin account setup */
1044	{
1045	if($primary_group)
1046	{
1047	$this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) VALUES('phpgw_group', "
1048	. $primary_group . ", " . $accountid . ", 1)",__LINE__,__FILE__);
1049	}
1050
1051	/* FIXME - we are assuming the auth method is capable of password changing
1052	* $this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)VALUES('preferences', 'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
1053	*/
1054
1055	/* if we have an mail address set it in the uesrs' email preference */
1056	if (isset($GLOBALS['auto_create_acct']['email']) && $GLOBALS['auto_create_acct']['email'] != '')
1057	{
1058	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1059	$GLOBALS['phpgw']->preferences->preferences($accountid);
1060	$GLOBALS['phpgw']->preferences->read_repository();
1061	$GLOBALS['phpgw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']);
1062	$GLOBALS['phpgw']->preferences->save_repository();
1063	}
1064	/* use the default mail domain to set the uesrs' email preference */
1065	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1066	{
1067	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1068	$GLOBALS['phpgw']->preferences->preferences($accountid);
1069	$GLOBALS['phpgw']->preferences->read_repository();
1070	$GLOBALS['phpgw']->preferences->add('email','address', $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix']);
1071	$GLOBALS['phpgw']->preferences->save_repository();
1072	}
1073
1074	/* commit the new account transaction */
1075	$this->db->transaction_commit();
1076
1077	/* does anyone know what the heck this is required for? */
1078	$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
1079	$GLOBALS['hook_values']['account_id'] = $accountid;
1080	$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
1081	$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
1082	$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname'];
1083	$GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname'];
1084	$GLOBALS['phpgw']->hooks->process($GLOBALS['hook_values']+array(
1085	'location' => 'addaccount'
1086	),False,True); // called for every app now, not only enabled ones
1087
1088	} /* end account setup */
1089	else /* if no account id abort the account creation */
1090	{
1091	$this->db->transaction_abort();
1092	}
1093
1094	/*
1095	* If we succeeded in creating the account (above), return the accountid, else,
1096	* return the error value from $this->name2id($accountname)
1097	*/
1098	return $accountid;
1099	} /* end auto_add() */
1100
1101	function get_account_name($account_id,&$lid,&$fname,&$lname)
1102	{
1103	$acct_type = $this->get_type($account_id);
1104
1105	/* jakjr: using justthese with ldap_search */
1106	$justthese = array("cn","uid","givenname","sn");
1107
1108	/* search the dn for the given uid */
1109	if(($acct_type == 'g') && $this->group_context)
1110	{
1111	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwAccountType=g))', $justthese);
1112	}
1113	else
1114	{
1115	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwAccountType=u))', $justthese);
1116	}
1117	if(!$sri)
1118	return False;
1119	$allValues = ldap_get_entries($this->ds, $sri);
1120
1121	if($acct_type =='g')
1122	{
1123	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1124	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1125	$lname = lang('Group');
1126	}
1127	else
1128	{
1129	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['uid'][0],'utf-8');
1130	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
1131	$lname = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
1132	}
1133	return !empty($lid);
1134	}
1135
1136	function getDNforID($_accountid = '')
1137	{
1138	$_account_id = get_account_id($_accountid);
1139
1140	$sri = @ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$_account_id);
1141	if(!$sri)
1142	return False;
1143	$allValues = ldap_get_entries($this->ds, $sri);
1144
1145	return $allValues[0]['dn'];
1146	}
1147
1148	//by JakJr, add organization support
1149	function get_context($dn)
1150	{
1151	return substr($dn, (strpos($dn, ',')+1));
1152	}
1153
1154	//by JakJr, add organization support
1155	function get_organization($dn)
1156	{
1157	$ldap_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
1158	$end = (strpos($dn, $ldap_context)-1);
1159	$tmp = substr($dn, 0, $end);
1160	$begin = (strrpos($tmp, '=')+1);
1161	return substr($dn, $begin, ($end - $begin));
1162	}
1163
1164	//by JakJr, add organization support
1165	function get_sector($dn)
1166	{
1167	$context = $this->get_context($dn);
1168	$begin = (strpos($context, '=')+1);
1169	$end = (strpos($context, ',') - $begin);
1170	return substr($context, $begin, $end);
1171	}
1172
1173	function id2fullname($account_id)
1174	{
1175	$allValues = array();
1176	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
1177	if(!$sri)
1178	return False;
1179	$allValues = ldap_get_entries($this->ds, $sri);
1180	if (@$allValues[0]['cn'][0])
1181	{
1182	return $allValues[0]['cn'][0];
1183	}
1184	return False;
1185	}
1186
1187	function mail2fullname($mail)
1188	{
1189	$allValues = array();
1190	$sri = @ldap_search($this->ds, $this->user_context, '(&(mail=' . $mail . ')(phpgwaccounttype=u))');
1191	if(!$sri)
1192	return False;
1193	$allValues = ldap_get_entries($this->ds, $sri);
1194	if (@$allValues[0]['cn'][0])
1195	{
1196	return $allValues[0]['cn'][0];
1197	}
1198	return False;
1199	}
1200	}
1201	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: