Context Navigation

source: branches/2.2/phpgwapi/inc/class.accounts_ldap.inc.php @ 3299

Revision 3299, 40.3 KB checked in by niltonneto, 14 years ago (diff)
Ticket #566 - Implementada opção para editar e bloquear fone residencial (homePhone).
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Accounts manager for LDAP *
4	* Written by Joseph Engo <jengo@phpgroupware.org> *
5	* and Lars Kneschke <lkneschke@phpgw.de> *
6	* and Miles Lott <milos@groupwhere.org> *
7	* and Bettina Gille <ceb@phpgroupware.org> *
8	* View and manipulate account records using LDAP *
9	* Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke *
10	* Copyright (C) 2003 Lars Kneschke, Bettina Gille *
11	* ------------------------------------------------------------------------ *
12	* This library is part of the eGroupWare API *
13	* http://www.egroupware.org *
14	* ------------------------------------------------------------------------ *
15	* This library is free software; you can redistribute it and/or modify it *
16	* under the terms of the GNU Lesser General Public License as published by *
17	* the Free Software Foundation; either version 2.1 of the License, *
18	* or any later version. *
19	* This library is distributed in the hope that it will be useful, but *
20	* WITHOUT ANY WARRANTY; without even the implied warranty of *
21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
22	* See the GNU Lesser General Public License for more details. *
23	* You should have received a copy of the GNU Lesser General Public License *
24	* along with this library; if not, write to the Free Software Foundation, *
25	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
26	\**************************************************************************/
27
28	class accounts_
29	{
30	var $db;
31	var $ds;
32	var $account_id;
33	var $data;
34	var $user_context = '';
35	var $group_context = '';
36	var $total;
37
38	function accounts_()
39	{
40	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
41	if(!$this->ds)
42	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
43	if(!@is_object($GLOBALS['phpgw']->translation))
44	{
45	$GLOBALS['phpgw']->translation = CreateObject('phpgwapi.translation');
46	}
47	$this->user_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
48	$this->group_context = $GLOBALS['phpgw_info']['server']['ldap_group_context'];
49	}
50
51	function read_repository()
52	{
53	$acct_type = $this->get_type($this->account_id);
54
55	/* search the dn for the given uid */
56	if(($acct_type == 'g') && $this->group_context)
57	{
58	/* jakjr: using justthese with ldap_search */
59	$justthese = array("gidnumber", "cn");
60	$sri = @ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"), $justthese);
61	}
62	else
63	{
64	/* jakjr: using justthese with ldap_search */
65	$justthese = array("uidnumber", "gidnumber", "uid", "cn", "givenname", "sn", "mail", "phpgwaccountstatus", "phpgwaccountexpires", "phpgwaccounttype", "phpgwlastpasswdchange","phpgwagreeterm","telephonenumber","mobile","homephone");
66	$sri = @ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"), $justthese);
67	}
68	if(!$sri)
69	return null;
70	$allValues = ldap_get_entries($this->ds, $sri);
71
72	/* Now dump it into the array; take first entry found */
73	if($acct_type =='g')
74	{
75	$this->data['account_id'] = $allValues[0]['gidnumber'][0];
76	$this->data['account_lid'] = $allValues[0]['cn'][0];
77	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
78	$this->data['lastname'] = lang('Group');
79	}
80	else
81	{
82	$this->data['account_id'] = $allValues[0]['uidnumber'][0];
83	$this->data['account_primary_group'] = $allValues[0]['gidnumber'][0];
84	$this->data['account_lid'] = $allValues[0]['uid'][0];
85	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
86	$this->data['lastname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
87	if(isset($allValues[0]['mail'][0]))
88	{
89	$this->data['email'] = $allValues[0]['mail'][0];
90	}
91	$this->data['telephonenumber'] = $allValues[0]['telephonenumber'][0];
92	$this->data['mobile'] = $allValues[0]['mobile'][0];
93	$this->data['homephone'] = $allValues[0]['homephone'][0];
94	/* jakjr: this is not used for expressoLivre */
95	/*
96	$this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0];
97	$this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0];
98	*/
99	$this->data['lastpasswd_change'] = @$allValues[0]['phpgwlastpasswdchange'][0];
100	$this->data['status'] = trim($allValues[0]['phpgwaccountstatus'][0]);
101	$this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0];
102	$this->data['type'] = $allValues[0]['phpgwaccounttype'][0];
103	$this->data['agree_terms'] = $allValues[0]['phpgwagreeterm'][0];
104	}
105	$this->data['account_dn'] = $allValues[0]['dn'];
106	$this->data['fullname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
107
108	/* jakjr: this is not used for expressoLivre */
109	/*
110	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
111	{
112	$this->data['homedirectory'] = $allValues[0]['homedirectory'][0];
113	$this->data['loginshell'] = $allValues[0]['loginshell'][0];
114	}
115	*/
116	return $this->data;
117	}
118
119	function save_repository()
120	{
121	#_debug_array($this->data);
122	$acct_type = $this->get_type($this->account_id);
123
124	/* search the dn for the given u/gidnumber */
125	if(($acct_type == 'g') && $this->group_context)
126	{
127	$sri = ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
128	}
129	else
130	{
131	$sri = ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"));
132	}
133	$allValues = ldap_get_entries($this->ds, $sri);
134
135	$this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0];
136
137	if($acct_type == 'u')
138	{
139	// data for posixaccount
140	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(sprintf("%s %s",
141	$this->data['firstname'],
142	$this->data['lastname']),$GLOBALS['phpgw']->translation->charset(),'utf-8'
143	);
144	$newData['uid'] = $GLOBALS['phpgw']->translation->convert(
145	$this->data['account_lid'],
146	$GLOBALS['phpgw']->translation->charset(),'utf-8'
147	);
148	if($this->data['lastname'])
149	{
150	$newData['sn'] = $GLOBALS['phpgw']->translation->convert(
151	$this->data['lastname'],
152	$GLOBALS['phpgw']->translation->charset(),'utf-8'
153	);
154	}
155
156	if($this->data['firstname'])
157	{
158	$newData['givenname'] = $GLOBALS['phpgw']->translation->convert(
159	$this->data['firstname'],
160	$GLOBALS['phpgw']->translation->charset(),'utf-8'
161	);
162	}
163	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
164	{
165	$newData['homedirectory'] = $this->data['homedirectory'];
166	$newData['loginshell'] = $this->data['loginshell'];
167	}
168	else
169	{
170	// the posixaccount schema requires this
171	$entry['homedirectory'] = '/home/'.$this->data['account_lid'];
172	$entry['loginshell'] = '/bin/false';
173	}
174	if($this->data['account_primary_group'])
175	{
176	$newData['gidnumber'] = $this->data['account_primary_group'];
177	}
178	if($this->data['lastlogin'])
179	{
180	$newData['phpgwaccountlastlogin'] = $this->data['lastlogin'];
181	}
182	if($this->data['lastloginfrom'])
183	{
184	$newData['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom'];
185	}
186	if($this->data['lastpasswd_change'])
187	{
188	$newData['phpgwlastpasswdchange'] = $this->data['lastpasswd_change'];
189	}
190	if($this->data['status'])
191	{
192	$newData['phpgwaccountstatus'] = $this->data['status'];
193	}
194	else
195	{
196	$newData['phpgwaccountstatus'] = array();
197	}
198	if($this->data['expires'])
199	{
200	$newData['phpgwaccountexpires'] = $this->data['expires'];
201	}
202	if($this->data['email'])
203	{
204	$newData['mail'] = $this->data['email'];
205	}
206
207	$newAccountID = $newData['uid'];
208	$oldAccountID = $newData['uid'];
209	}
210	else
211	{
212	// data for posixgroup
213	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(
214	$this->data['account_lid'],
215	$GLOBALS['phpgw']->translation->charset(), 'utf-8'
216	);
217	$newData['gidnumber'] = $this->account_id;
218	$newGroupID = $newData['cn'];
219	$oldGroupID = $newData['cn'];
220	}
221	if($this->data['type'])
222	{
223	$newData['phpgwaccounttype'] = $this->data['type'];
224	}
225
226	/*
227	Changing the uid: Need to delete and add new, since
228	PHP cannot change the dn for the entry.
229	*/
230	if ($acct_type == 'g')
231	{
232	$test = $allValues[0]['cn'][0];
233	}
234	else
235	{
236	$test = $allValues[0]['uid'][0];
237	}
238	if($GLOBALS['phpgw']->translation->convert($test,'utf-8') != $this->data['account_lid'])
239	{
240	$oldData = $allValues[0];
241	$oldDN = $oldData['dn'];
242	// remove all unneeded fields
243	unset($oldData['dn']);
244	unset($oldData['count']);
245	foreach($oldData as $key => $value)
246	{
247	if(is_numeric($key))
248	{
249	// remove the key, its no ldap key
250	unset($oldData[$key]);
251	}
252	else
253	{
254	// remove the count key
255	if($oldData[$key]['count'] == 1)
256	{
257	$oldData[$key] = $value[0];
258	}
259	else
260	{
261	unset($oldData[$key]['count']);
262	}
263	}
264	}
265
266	$oldAccountID = $oldData['uid'];
267	$oldGroupID = $oldData['cn'];
268
269	// merge the old data with the new one
270	$newData = array_merge($oldData, $newData);
271
272	/* Groups */
273	if($this->data['account_type'] == 'g' && $this->group_context )
274	{
275	$newDN = 'cn='.$this->data['account_lid'].','.$this->group_context;
276	$members = $this->member($this->account_id);
277	$newData['memberuid'] = array();
278	for($i=0;$i<count($members);$i++)
279	{
280	$currname = $this->id2name($members[$i]['account_id']);
281	if(!in_array($currname,$entry['memberuid']))
282	{
283	$newData['memberuid'][] = $currname;
284	}
285	}
286	}
287	/* Accounts */
288	else
289	{
290	$newDN = 'uid='.$this->data['account_lid'].','.$this->user_context;
291	}
292	// delete the old account
293	ldap_delete($this->ds,$oldDN);
294
295	// add the new account
296	#_debug_array($newData);
297	ldap_add($this->ds, $newDN, $newData);
298	}
299	/* Normal behavior for save_repository
300	update Account */
301	else
302	{
303	// add the list group members
304	if($this->data['account_type'] == 'g' && $this->group_context )
305	{
306	$members = $this->member($this->account_id);
307	#_debug_array($members);
308	$newData['memberuid'] = array();
309	for($i=0;$i<count($members);$i++)
310	{
311	$currname = $this->id2name($members[$i]['account_id']);
312	if(!in_array($currname,$newData['memberuid']))
313	{
314	$newData['memberuid'][] = $currname;
315	}
316	}
317	}
318	// modify the DN
319	ldap_modify($this->ds, $allValues[0]['dn'], $newData);
320	}
321
322	if ($this->data['account_type'] == 'u')
323	{
324	// lets check for groups, the user needs to be removed
325
326	// first lets search for the groups, the user is currently member of
327	// and from which he needs to be removed
328	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$oldAccountID . "))";
329	$justThese = array('memberuid','gidnumber');
330	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
331	if($sri)
332	{
333	$allValues = ldap_get_entries($this->ds, $sri);
334	if($allValues['count'] > 0)
335	{
336	unset($allValues['count']);
337	foreach($allValues as $key)
338	{
339	#_debug_array($key);
340	#_debug_array($this->data['account_groups']);
341	// delete the old accountid from any group
342	if($newAccountID != $oldAccountID)
343	{
344	$dn = $key['dn'];
345	$newData = array();
346	$newData['memberuid'] = $key['memberuid'];
347	unset($newData['memberuid']['count']);
348	// remove the uid from memberuid
349	$newData['memberuid'] = array_flip($newData['memberuid']);
350	unset($newData['memberuid'][$oldAccountID]);
351	# $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
352	$newData['memberuid'] = array_values(array_flip($newData['memberuid']));
353	ldap_mod_replace($this->ds, $dn, $newData);
354	#print ldap_error($this->ds);
355	}
356	else
357	{
358	if(!in_array($key['gidnumber'][0],$this->data['account_groups']))
359	{
360	$dn = $key['dn'];
361	$newData = array();
362	$newData['memberuid'] = $key['memberuid'];
363	unset($newData['memberuid']['count']);
364	// remove the uid from memberuid
365	$newData['memberuid'] = array_flip($newData['memberuid']);
366	unset($newData['memberuid'][$oldAccountID]);
367	$newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
368	ldap_mod_replace($this->ds, $dn, $newData);
369	#print ldap_error($this->ds);
370	}
371	}
372	}
373	}
374	}
375
376	// lets check group the user needs to be added
377	foreach($this->data['account_groups'] as $key => $value)
378	{
379	// search for the group
380	$filter = 'gidnumber=' . (int)$value;
381	$justThese = array('memberuid');
382	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
383	if($sri)
384	{
385	$allValues = ldap_get_entries($this->ds, $sri);
386	// if the user is not member of this group, add him
387	if(is_array($allValues[0]['memberuid']))
388	{
389	// this group has already some members
390	if(!in_array($newData['uid'],$allValues[0]['memberuid']))
391	{
392	$dn = $allValues[0]['dn'];
393	$newData = array();
394	$newData['memberuid'] = $allValues[0]['memberuid'];
395	unset($newData['memberuid']['count']);
396	$newData['memberuid'][] = $newAccountID;
397	$newData['memberuid'] = array_values(array_unique($newData['memberuid']));
398	ldap_mod_replace($this->ds, $dn, $newData);
399	}
400	}
401	else
402	{
403	// this group has no members
404	$dn = $allValues[0]['dn'];
405	$newData = array();
406	$newData['memberuid'][] = $newAccountID;
407	ldap_mod_replace($this->ds, $dn, $newData);
408	}
409	}
410	}
411	}
412	}
413
414	function delete($accountid = '')
415	{
416	$account_id = get_account_id($accountid);
417	$account_lid = $this->id2name((int)$account_id);
418
419	$filter = "(&(gidnumber=" . (int)$account_id.")(phpgwaccounttype=g))";
420	$sri = ldap_search($this->ds, $this->group_context, $filter);
421	if($sri)
422	{
423	$allValues = ldap_get_entries($this->ds, $sri);
424	}
425
426	if(!$allValues[0]['dn'])
427	{
428	$sri = ldap_search($this->ds, $this->user_context, "(&(uid=" . (string)$account_lid.")(phpgwaccounttype=u))");
429	if($sri)
430	{
431	$allValues = ldap_get_entries($this->ds, $sri);
432	$accountID = $allValues['0']['uid'][0];
433	$wasAccount = True;
434	}
435	}
436
437	if ($allValues[0]['dn'])
438	{
439	$del = ldap_delete($this->ds, $allValues[0]['dn']);
440	}
441
442	if($wasAccount)
443	{
444	// remove the user from any group he is member of
445	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$accountID . "))";
446	$justThese = array('memberuid','gidnumber');
447	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
448	if($sri)
449	{
450	$allValues = ldap_get_entries($this->ds, $sri);
451	if($allValues['count'] > 0)
452	{
453	unset($allValues['count']);
454	foreach($allValues as $key)
455	{
456	$dn = $key['dn'];
457	$newData = array();
458	$newData['memberuid'] = $key['memberuid'];
459	unset($newData['memberuid']['count']);
460	// remove the uid from memberuid
461	$newData['memberuid'] = array_flip($newData['memberuid']);
462	unset($newData['memberuid'][$accountID]);
463	$newData['memberuid'] = array_unique(array_flip($newData['memberuid']));
464	ldap_mod_replace($this->ds, $dn, $newData);
465	}
466	}
467	}
468	}
469	}
470
471	function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
472	{
473	//print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset, \$query_type=$query_type<br>";
474	$query = strtolower($query);
475
476	if($_type == 'accounts' \|\| $_type == 'both')
477	{
478	$filter = "(&(uidnumber=*)(phpgwaccounttype=u)";
479	if (!empty($query) && $query != '*')
480	{
481	switch($query_type)
482	{
483	case 'all':
484	default:
485	$query = '*'.$query;
486	// fall-through
487	case 'start':
488	$query .= '*';
489	// fall-through
490	case 'exact':
491	$filter .= "(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)(mail=$query))";
492	break;
493	case 'firstname':
494	case 'lastname':
495	case 'lid':
496	case 'email':
497	$to_ldap = array(
498	'firstname' => 'givenname',
499	'lastname' => 'sn',
500	'lid' => 'uid',
501	'email' => 'mail',
502	);
503	$filter .= '('.$to_ldap[$query_type].'='.$query.')';
504	break;
505	}
506	}
507	$filter .= ')';
508
509	$sri = ldap_search($this->ds, $this->user_context, $filter);
510	$allValues = ldap_get_entries($this->ds, $sri);
511	while (list($null,$allVals) = @each($allValues))
512	{
513	settype($allVals,'array');
514	$test = @$allVals['uid'][0];
515	if (!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] && $allVals['uid'][0])
516	{
517	$accounts[] = Array(
518	'account_id' => $allVals['uidnumber'][0],
519	'account_lid' => $allVals['uid'][0],
520	'account_type' => $allVals['phpgwaccounttype'][0],
521	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
522	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
523	'account_status' => $allVals['phpgwaccountstatus'][0],
524	'account_email' => $allVals['mail'][0],
525	);
526	}
527	}
528	}
529	if ($_type == 'groups' \|\| $_type == 'both')
530	{
531	if(empty($query) \|\| $query == '*')
532	{
533	$filter = '(&(gidnumber=*)(phpgwaccounttype=g))';
534	}
535	else
536	{
537	if ($_type == 'both')
538	$filter = "(&(gidnumber=*)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)))";
539	else
540	$filter = "(&(gidnumber=)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query*)))";
541	}
542	$sri = ldap_search($this->ds, $this->group_context, $filter);
543	$allValues = ldap_get_entries($this->ds, $sri);
544	while (list($null,$allVals) = @each($allValues))
545	{
546	settype($allVals,'array');
547	$test = $allVals['cn'][0];
548	if (!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0])
549	{
550	$accounts[] = Array(
551	'account_id' => $allVals['gidnumber'][0],
552	'account_lid' => $allVals['cn'][0],
553	'account_type' => $allVals['phpgwaccounttype'][0],
554	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
555	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
556	'account_status' => $allVals['phpgwaccountstatus'][0],
557	'account_email' => $allVals['mail'][0],
558	);
559	}
560	}
561	}
562	// sort the array
563	$arrayFunctions = CreateObject('phpgwapi.arrayfunctions');
564	if(empty($order))
565	{
566	$order = 'account_lid';
567	}
568	$sortedAccounts = $arrayFunctions->arfsort($accounts,explode(',',$order),$sort);
569	$this->total = count($accounts);
570
571	// return only the wanted accounts
572
573	if (is_array($sortedAccounts))
574	{
575	reset($sortedAccounts);
576	if(is_int($start) && is_int($offset))
577	{
578	return array_slice($sortedAccounts, $start, $offset);
579	}
580	elseif(is_int($start))
581	{
582	return array_slice($sortedAccounts, $start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
583	}
584	else
585	{
586	return $sortedAccounts;
587	}
588	}
589	return False;
590	}
591
592	function name2id($name,$which='account_lid')
593	{
594	/* jakjr: change search position */
595	$to_ldap = array(
596	'account_lid' => 'uid',
597	'account_email' => 'mail',
598	);
599	if (!isset($to_ldap[$which])) return False;
600
601	$sri = ldap_search($this->ds, $this->user_context, '(&('.$to_ldap[$which].'=' . (string)$name . ')(phpgwaccounttype=u))', array("uidnumber"));
602	$allValues = ldap_get_entries($this->ds, $sri);
603
604	if (@$allValues[0]['uidnumber'][0])
605	{
606	return (int)$allValues[0]['uidnumber'][0];
607	}
608
609	if ($which == 'account_lid') // groups only support account_lid
610	{
611	$sri = ldap_search($this->ds, $this->group_context, '(&(cn=' . (string)$name . ')(phpgwaccounttype=g))', array("gidnumber"));
612	$allValues = ldap_get_entries($this->ds, $sri);
613
614	if (@$allValues[0]['gidnumber'][0])
615	{
616	return (int)$allValues[0]['gidnumber'][0];
617	}
618	}
619
620	return False;
621	}
622
623	function id2name($account_id,$which='account_lid')
624	{
625	if ($which == 'account_lid' \|\| $which == 'account_type') // groups only support account_lid and account_type
626	{
627	$allValues = array();
628	/* jakjr: using justthese with ldap_search */
629	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("cn"));
630	if(!$sri)
631	return False;
632	$allValues = ldap_get_entries($this->ds, $sri);
633
634	$attr = $which == 'account_lid' ? 'cn' : 'phpgwaccounttype';
635	if (@$allValues[0]['cn'][0])
636	{
637	return $allValues[0]['cn'][0];
638	}
639	}
640	$to_ldap = array(
641	'account_lid' => 'uid',
642	'account_email' => 'mail',
643	'account_firstname' => 'surname',
644	'account_lastname' => 'cn',
645	'account_type' => 'phpgwaccounttype',
646	);
647	if (!isset($to_ldap[$which])) return False;
648
649	$allValues = array();
650	/* jakjr: using justthese with ldap_search */
651	$justthese = array("uid","mail","surname","cn","phpgwaccounttype");
652	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))', $justthese);
653	if(!$sri)
654	return False;
655	$allValues = ldap_get_entries($this->ds, $sri);
656
657	if (@$allValues[0][$to_ldap[$which]][0])
658	{
659	return $allValues[0][$to_ldap[$which]][0];
660	}
661	return False;
662	}
663
664	function get_type($account_id)
665	{
666	$allValues = array();
667	/* jakjr: using justthese with ldap_search */
668	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))', array("phpgwaccounttype"));
669	if(!$sri)
670	return False;
671	$allValues = ldap_get_entries($this->ds, $sri);
672
673	if ($allValues[0]['phpgwaccounttype'][0])
674	{
675	return $allValues[0]['phpgwaccounttype'][0];
676	}
677
678	$allValues = array();
679	/* jakjr: using justthese with ldap_search */
680	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("phpgwaccounttype"));
681	if(!$sri)
682	return False;
683	$allValues = ldap_get_entries($this->ds, $sri);
684
685	if ($allValues[0]['phpgwaccounttype'][0])
686	{
687	return $allValues[0]['phpgwaccounttype'][0];
688	}
689	return False;
690	}
691
692	/*
693	* returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both
694	* $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer')
695	*/
696	function exists($account)
697	{
698	/* This sets up internal caching variables for this functon */
699	static $by_id, $by_lid;
700	$users = array();
701	$groups = array();
702
703	if(is_int($account))
704	{
705	$ldapgroup = 'gidnumber';
706	$ldapacct = 'uidnumber';
707	$account = (int)$account;
708	/* If data is cached, use it. */
709	if(@isset($by_id[$account]) && @$by_id[$account])
710	{
711	return $by_id[$account];
712	}
713	}
714	else
715	{
716	$ldapgroup = 'cn';
717	$ldapacct = 'uid';
718	/* If data is cached, use it. */
719	if(@isset($by_lid[$account]) && @$by_lid[$account])
720	{
721	return $by_lid[$account];
722	}
723	}
724
725	$acct_type = $this->get_type($account);
726
727	if ($acct_type == 'g' && $this->group_context)
728	{
729	$sri = @ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . $account);
730	if(!$sri)
731	return False;
732	$groups = ldap_get_entries($this->ds, $sri);
733	}
734	$sri = @ldap_search($this->ds, $this->user_context, $ldapacct . '=' . $account);
735	if(!$sri)
736	return False;
737	$users = ldap_get_entries($this->ds, $sri);
738
739	if ($users[0]['dn'])
740	{
741	$in += 1;
742	}
743	if ($groups[0]['dn'])
744	{
745	$in += 2;
746	}
747	/* This sets up internal caching for this function */
748	if($ldapgroup == 'gidnumber')
749	{
750	$by_id[$account] = $in;
751	$by_lid[$this->id2name($account)] = $in;
752	}
753	else
754	{
755	$by_lid[$account] = $in;
756	$by_id[$this->name2id($account)] = $in;
757	}
758
759	return $in;
760	}
761
762	function create($account_info,$default_prefs=True)
763	{
764	/* echo '<br>in create for account_lid: "'.$account_lid.'"'; */
765	if (empty($account_info['account_id']) \|\| !$account_info['account_id'])
766	{
767	$account_id = $this->get_nextid($account_info['account_type']);
768	/* echo '<br>using'.$account_id;exit; */
769	}
770	else
771	{
772	$account_id = $account_info['account_id'];
773	}
774	$entry['userpassword'] = $account_info['account_passwd'];
775	$entry['phpgwaccounttype'] = $account_info['account_type'];
776	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
777
778	if($account_info['account_type'] == 'g')
779	{
780	$sri = @ldap_search($this->ds, $this->group_context, 'cn=' . (string)$account_info['account_lid']);
781	}
782	else
783	{
784	$sri = @ldap_search($this->ds, $this->user_context, 'uid=' . (string)$account_info['account_lid']);
785	}
786	if(!$sri)
787	return False;
788	$allValues = ldap_get_entries($this->ds, $sri);
789
790	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g')
791	{
792	$entry['homedirectory'] = $account_info['homedirectory'] && $account_info['homedirectory'] != $GLOBALS['phpgw_info']['server']['ldap_account_home'] ? $account_info['homedirectory'] : $GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid'];
793	$entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['phpgw_info']['server']['ldap_account_shell'];
794	}
795	elseif($account_info['account_type'] != 'g')
796	{
797	$entry['homedirectory'] = '/home/'.$account_info['account_lid'];
798	$entry['loginshell'] = '/bin/false';
799	}
800
801	if ($allValues[0]['dn'])
802	{
803	/* This should keep the password from being overwritten here on ldap import */
804	unset($entry['userpassword']);
805	$entry['gidnumber'] = $account_id;
806
807	while (list($key,$val) = each($entry))
808	{
809	$tmpentry = '';
810	$tmpentry[$key] = trim($val); /* must trim! */
811	/* echo '<br>'.$key.' '.$val; */
812	if ($tmpentry[$key])
813	{
814	if (!$allValues[0][$key][0])
815	{
816	/* attribute was not in LDAP, add it */
817	ldap_mod_add($this->ds, $allValues[0]['dn'], $tmpentry);
818	}
819	else
820	{
821	/* attribute was in LDAP, modify it */
822	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
823	}
824	}
825	}
826
827	if ($account_info['account_type'] == 'g')
828	{
829	$tmpentry['objectclass'][0] = 'top';
830	$tmpentry['objectclass'][1] = 'posixGroup';
831	$tmpentry['objectclass'][2] = 'phpgwAccount';
832	}
833	else
834	{
835	$tmpentry['uidnumber'] = $account_id;
836	$tmpentry['objectclass'][0] = 'top';
837	$tmpentry['objectclass'][1] = 'person';
838	$tmpentry['objectclass'][2] = 'organizationalPerson';
839	$tmpentry['objectclass'][3] = 'inetOrgPerson';
840	$tmpentry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'],False);
841	/* $tmpentry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */
842	$tmpentry['objectclass'][4] = 'posixAccount';
843	$tmpentry['objectclass'][5] = 'shadowAccount';
844	$tmpentry['objectclass'][6] = 'phpgwAccount';
845	$tmpentry['phpgwaccountstatus'] = $account_info['account_status'];
846	$tmpentry['phpgwaccounttype'] = $account_info['account_type'];
847	$tmpentry['phpgwaccountexpires'] = $account_info['account_expires'];
848	}
849	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
850	}
851	else
852	{
853	/* Not already there, we will add it */
854	if ($account_info['account_type'] == 'g')
855	{
856	$dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context;
857	unset($entry['homedirectory']);
858	unset($entry['loginshell']);
859	$entry['objectclass'][0] = 'top';
860	$entry['objectclass'][1] = 'posixGroup';
861	$entry['objectclass'][2] = 'phpgwAccount';
862	$entry['cn'] = $GLOBALS['phpgw']->translation->convert($account_info['account_lid'],$GLOBALS['phpgw']->translation->charset(),'utf-8');
863	$entry['gidnumber'] = $account_id;
864	#$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
865	$entry['description'] = 'phpgw-created group';
866	}
867	else
868	{
869	$dn = 'uid=' . $account_info['account_lid'] . ',' . $this->user_context;
870
871	$entry['cn'] = $GLOBALS['phpgw']->translation->convert(
872	sprintf(
873	"%s %s",
874	$account_info['account_firstname'],
875	$account_info['account_lastname']
876	),
877	$GLOBALS['phpgw']->translation->charset(),
878	'utf-8'
879	);
880
881	$entry['sn'] = $GLOBALS['phpgw']->translation->convert(
882	$account_info['account_lastname'],
883	$GLOBALS['phpgw']->translation->charset(),
884	'utf-8'
885	);
886
887	if($account_info['account_firstname'])
888	{
889	$entry['givenname'] = $GLOBALS['phpgw']->translation->convert(
890	$account_info['account_firstname'],
891	$GLOBALS['phpgw']->translation->charset(),
892	'utf-8'
893	);
894	}
895	if($account_info['account_email'])
896	{
897	$entry['mail'] = $GLOBALS['phpgw']->translation->convert(
898	$account_info['account_email'],
899	$GLOBALS['phpgw']->translation->charset(),
900	'utf-8'
901	);
902	}
903	$entry['uid'] = $account_info['account_lid'];
904	$entry['uidnumber'] = $account_id;
905	$entry['gidnumber'] = $account_info['account_primary_group'];
906	$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
907	$entry['objectclass'][0] = 'top';
908	$entry['objectclass'][1] = 'person';
909	$entry['objectclass'][2] = 'organizationalPerson';
910	$entry['objectclass'][3] = 'inetOrgPerson';
911	$entry['objectclass'][4] = 'posixAccount';
912	$entry['objectclass'][5] = 'shadowAccount';
913	$entry['objectclass'][6] = 'phpgwAccount';
914	if($account_info['account_status'])
915	{
916	$entry['phpgwaccountstatus'] = $account_info['account_status'];
917	}
918	$entry['phpgwaccounttype'] = $account_info['account_type'];
919	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
920	}
921
922	#_debug_array($entry);
923
924	// stop processing if ldap_add fails
925	if(!ldap_add($this->ds, $dn, $entry))
926	{
927	return false;
928	}
929	}
930	// print ldap_error($this->ds);
931
932	// lets check group the user needs to be added
933	if($account_info['account_type'] == 'u')
934	{
935	@settype($account_info['account_groups'],'array');
936	foreach($account_info['account_groups'] as $key => $value)
937	{
938	// search for the group
939	$filter = 'gidnumber=' . (int)$value;
940	$justThese = array('memberuid');
941	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
942	if($sri)
943	{
944	$allValues = ldap_get_entries($this->ds, $sri);
945	// if the user is not member of this group, add him
946	if(is_array($allValues[0]['memberuid']))
947	{
948	// this group has already some members
949	if(!in_array($account_info['account_lid'],$allValues[0]['memberuid']))
950	{
951	$dn = $allValues[0]['dn'];
952	$newData = array();
953	$newData['memberuid'] = $allValues[0]['memberuid'];
954	unset($newData['memberuid']['count']);
955	$newData['memberuid'][] = $account_info['account_lid'];
956	$newData['memberuid'] = array_unique($newData['memberuid']);
957	ldap_mod_replace($this->ds, $dn, $newData);
958	#print ldap_error($this->ds)."<br>";
959	}
960	}
961	else
962	{
963	// this group has no members
964	$dn = $allValues[0]['dn'];
965	$newData = array();
966	$newData['memberuid'][] = $account_info['account_lid'];
967	ldap_mod_replace($this->ds, $dn, $newData);
968	}
969	}
970	}
971	}
972
973	if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
974	{
975	$GLOBALS['phpgw']->preferences->create_defaults($account_id);
976	}
977
978	return $account_id;
979	}
980
981	function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
982	{
983	if ($expiredate == 0)
984	{
985	if(isset($GLOBALS['phpgw_info']['server']['auto_create_expire']) == True)
986	{
987	if($GLOBALS['phpgw_info']['server']['auto_create_expire'] == 'never')
988	{
989	$expires = -1;
990	}
991	else
992	{
993	$expiredate = time() + $GLOBALS['phpgw_info']['server']['auto_create_expire'];
994	}
995	}
996	}
997	else
998	{
999	/* expire in 30 days by default */
1000	$expiredate = time() + ((60 * 60) * (30 * 24));
1001	}
1002
1003	if ($expires != -1)
1004	{
1005	$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
1006	}
1007
1008	$default_group_id = $this->name2id($GLOBALS['phpgw_info']['server']['default_group_lid']);
1009	if (!$default_group_id)
1010	{
1011	$default_group_id = (int) $this->name2id('Default');
1012	}
1013	$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
1014	$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
1015	(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
1016
1017	$acct_info = array(
1018	'account_lid' => $accountname,
1019	'account_type' => 'u',
1020	'account_passwd' => $passwd,
1021	'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New',
1022	'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User',
1023	'account_status' => $account_status,
1024	'account_expires' => $expires,
1025	'account_primary_group' => $primary_group,
1026	);
1027
1028	/* attempt to set an email address */
1029	if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '')
1030	{
1031	$acct_info['account_email'] = $GLOBALS['auto_create_acct']['email'];
1032	}
1033	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) == True && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1034	{
1035	$acct_info['account_email'] = $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix'];
1036	}
1037
1038	$this->db->transaction_begin();
1039
1040	$this->create($acct_info,$default_prefs); /* create the account */
1041
1042	$accountid = $this->name2id($accountname); /* grab the account id or an error code */
1043
1044	if ($accountid) /* begin account setup */
1045	{
1046	if($primary_group)
1047	{
1048	$this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) VALUES('phpgw_group', "
1049	. $primary_group . ", " . $accountid . ", 1)",__LINE__,__FILE__);
1050	}
1051
1052	/* FIXME - we are assuming the auth method is capable of password changing
1053	* $this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)VALUES('preferences', 'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
1054	*/
1055
1056	/* if we have an mail address set it in the uesrs' email preference */
1057	if (isset($GLOBALS['auto_create_acct']['email']) && $GLOBALS['auto_create_acct']['email'] != '')
1058	{
1059	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1060	$GLOBALS['phpgw']->preferences->preferences($accountid);
1061	$GLOBALS['phpgw']->preferences->read_repository();
1062	$GLOBALS['phpgw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']);
1063	$GLOBALS['phpgw']->preferences->save_repository();
1064	}
1065	/* use the default mail domain to set the uesrs' email preference */
1066	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1067	{
1068	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1069	$GLOBALS['phpgw']->preferences->preferences($accountid);
1070	$GLOBALS['phpgw']->preferences->read_repository();
1071	$GLOBALS['phpgw']->preferences->add('email','address', $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix']);
1072	$GLOBALS['phpgw']->preferences->save_repository();
1073	}
1074
1075	/* commit the new account transaction */
1076	$this->db->transaction_commit();
1077
1078	/* does anyone know what the heck this is required for? */
1079	$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
1080	$GLOBALS['hook_values']['account_id'] = $accountid;
1081	$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
1082	$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
1083	$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname'];
1084	$GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname'];
1085	$GLOBALS['phpgw']->hooks->process($GLOBALS['hook_values']+array(
1086	'location' => 'addaccount'
1087	),False,True); // called for every app now, not only enabled ones
1088
1089	} /* end account setup */
1090	else /* if no account id abort the account creation */
1091	{
1092	$this->db->transaction_abort();
1093	}
1094
1095	/*
1096	* If we succeeded in creating the account (above), return the accountid, else,
1097	* return the error value from $this->name2id($accountname)
1098	*/
1099	return $accountid;
1100	} /* end auto_add() */
1101
1102	function get_account_name($account_id,&$lid,&$fname,&$lname)
1103	{
1104	$acct_type = $this->get_type($account_id);
1105
1106	/* jakjr: using justthese with ldap_search */
1107	$justthese = array("cn","uid","givenname","sn");
1108
1109	/* search the dn for the given uid */
1110	if(($acct_type == 'g') && $this->group_context)
1111	{
1112	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwAccountType=g))', $justthese);
1113	}
1114	else
1115	{
1116	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwAccountType=u))', $justthese);
1117	}
1118	if(!$sri)
1119	return False;
1120	$allValues = ldap_get_entries($this->ds, $sri);
1121
1122	if($acct_type =='g')
1123	{
1124	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1125	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1126	$lname = lang('Group');
1127	}
1128	else
1129	{
1130	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['uid'][0],'utf-8');
1131	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
1132	$lname = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
1133	}
1134	return !empty($lid);
1135	}
1136
1137	function getDNforID($_accountid = '')
1138	{
1139	$_account_id = get_account_id($_accountid);
1140
1141	$sri = @ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$_account_id);
1142	if(!$sri)
1143	return False;
1144	$allValues = ldap_get_entries($this->ds, $sri);
1145
1146	return $allValues[0]['dn'];
1147	}
1148
1149	//by JakJr, add organization support
1150	function get_context($dn)
1151	{
1152	return substr($dn, (strpos($dn, ',')+1));
1153	}
1154
1155	//by JakJr, add organization support
1156	function get_organization($dn)
1157	{
1158	$ldap_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
1159	$end = (strpos($dn, $ldap_context)-1);
1160	$tmp = substr($dn, 0, $end);
1161	$begin = (strrpos($tmp, '=')+1);
1162	return substr($dn, $begin, ($end - $begin));
1163	}
1164
1165	//by JakJr, add organization support
1166	function get_sector($dn)
1167	{
1168	$context = $this->get_context($dn);
1169	$begin = (strpos($context, '=')+1);
1170	$end = (strpos($context, ',') - $begin);
1171	return substr($context, $begin, $end);
1172	}
1173
1174	function id2fullname($account_id)
1175	{
1176	$allValues = array();
1177	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
1178	if(!$sri)
1179	return False;
1180	$allValues = ldap_get_entries($this->ds, $sri);
1181	if (@$allValues[0]['cn'][0])
1182	{
1183	return $allValues[0]['cn'][0];
1184	}
1185	return False;
1186	}
1187
1188	function mail2fullname($mail)
1189	{
1190	$allValues = array();
1191	$sri = @ldap_search($this->ds, $this->user_context, '(&(mail=' . $mail . ')(phpgwaccounttype=u))');
1192	if(!$sri)
1193	return False;
1194	$allValues = ldap_get_entries($this->ds, $sri);
1195	if (@$allValues[0]['cn'][0])
1196	{
1197	return $allValues[0]['cn'][0];
1198	}
1199	return False;
1200	}
1201	}
1202	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: