Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Annotate
Revision Log

class.accounts_ldap.inc.php-original @ 6779

Revision 6779, 40.3 KB checked in by rafaelraymundo, 12 years ago (diff)
Ticket #2946 - Liberado Expresso(branch 2.3) integrado ao MailArchiver?.

Line
1	<?php
2	/**************************************************************************\
3	* phpGroupWare API - Accounts manager for LDAP *
4	* Written by Joseph Engo <jengo@phpgroupware.org> *
5	* and Lars Kneschke <lkneschke@phpgw.de> *
6	* and Miles Lott <milos@groupwhere.org> *
7	* and Bettina Gille <ceb@phpgroupware.org> *
8	* View and manipulate account records using LDAP *
9	* Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke *
10	* Copyright (C) 2003 Lars Kneschke, Bettina Gille *
11	* ------------------------------------------------------------------------ *
12	* This library is part of the phpGroupWare API *
13	* http://www.phpgroupware.org *
14	* ------------------------------------------------------------------------ *
15	* This library is free software; you can redistribute it and/or modify it *
16	* under the terms of the GNU Lesser General Public License as published by *
17	* the Free Software Foundation; either version 2.1 of the License, *
18	* or any later version. *
19	* This library is distributed in the hope that it will be useful, but *
20	* WITHOUT ANY WARRANTY; without even the implied warranty of *
21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
22	* See the GNU Lesser General Public License for more details. *
23	* You should have received a copy of the GNU Lesser General Public License *
24	* along with this library; if not, write to the Free Software Foundation, *
25	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
26	\**************************************************************************/
27	/* $Id: class.accounts_ldap.inc.php,v 1.11 2004/10/08 19:16:51 jakjr Exp $ */
28
29	class accounts_
30	{
31	var $db;
32	var $ds;
33	var $account_id;
34	var $data;
35	var $user_context = '';
36	var $group_context = '';
37	var $total;
38
39	function accounts_()
40	{
41	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
42	if(!@is_object($GLOBALS['phpgw']->translation))
43	{
44	$GLOBALS['phpgw']->translation = CreateObject('phpgwapi.translation');
45	}
46	$this->user_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
47	$this->group_context = $GLOBALS['phpgw_info']['server']['ldap_group_context'];
48	}
49
50	function read_repository()
51	{
52	$acct_type = $this->get_type($this->account_id);
53
54	/* search the dn for the given uid */
55	if(($acct_type == 'g') && $this->group_context)
56	{
57	//$sri = ldap_search($this->ds, $this->group_context, "gidnumber=" . (int)$this->account_id);
58	$sri = ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
59	}
60	else
61	{
62	//$sri = ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$this->account_id);
63	$sri = ldap_search($this->ds, $this->group_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"));
64	}
65	$allValues = ldap_get_entries($this->ds, $sri);
66
67	/* Now dump it into the array; take first entry found */
68	if($acct_type =='g')
69	{
70	$this->data['account_id'] = $allValues[0]['gidnumber'][0];
71	$this->data['account_lid'] = $allValues[0]['cn'][0];
72	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
73	$this->data['lastname'] = lang('Group');
74	}
75	else
76	{
77	$this->data['account_id'] = $allValues[0]['uidnumber'][0];
78	$this->data['account_primary_group'] = $allValues[0]['gidnumber'][0];
79	$this->data['account_lid'] = $allValues[0]['uid'][0];
80	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
81	$this->data['lastname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
82	}
83	$this->data['account_dn'] = $allValues[0]['dn'];
84	$this->data['fullname'] = $allValues[0]['cn'][0];
85
86	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
87	{
88	$this->data['homedirectory'] = $allValues[0]['homedirectory'][0];
89	$this->data['loginshell'] = $allValues[0]['loginshell'][0];
90	}
91
92	$this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0];
93	$this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0];
94	$this->data['lastpasswd_change'] = @$allValues[0]['phpgwlastpasswdchange'][0];
95	$this->data['status'] = trim($allValues[0]['phpgwaccountstatus'][0]);
96	$this->data['type'] = $allValues[0]['phpgwaccounttype'][0];
97	$this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0];
98
99	return $this->data;
100	}
101
102	function save_repository()
103	{
104	#_debug_array($this->data);
105	$acct_type = $this->get_type($this->account_id);
106
107	/* search the dn for the given u/gidnumber */
108	if(($acct_type == 'g') && $this->group_context)
109	{
110	$sri = ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
111	}
112	else
113	{
114	$sri = ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"));
115	}
116	$allValues = ldap_get_entries($this->ds, $sri);
117
118	$this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0];
119
120	if($acct_type == 'u')
121	{
122	// data for posixaccount
123	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(sprintf("%s %s",
124	$this->data['firstname'],
125	$this->data['lastname']),$GLOBALS['phpgw']->translation->charset(),'utf-8'
126	);
127	$newData['uid'] = $GLOBALS['phpgw']->translation->convert(
128	$this->data['account_lid'],
129	$GLOBALS['phpgw']->translation->charset(),'utf-8'
130	);
131	if($this->data['lastname'])
132	{
133	$newData['sn'] = $GLOBALS['phpgw']->translation->convert(
134	$this->data['lastname'],
135	$GLOBALS['phpgw']->translation->charset(),'utf-8'
136	);
137	}
138
139	if($this->data['firstname'])
140	{
141	$newData['givenname'] = $GLOBALS['phpgw']->translation->convert(
142	$this->data['firstname'],
143	$GLOBALS['phpgw']->translation->charset(),'utf-8'
144	);
145	}
146	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
147	{
148	$newData['homedirectory'] = $this->data['homedirectory'];
149	$newData['loginshell'] = $this->data['loginshell'];
150	}
151	else
152	{
153	// the posixaccount schema requires this
154	$entry['homedirectory'] = '/home/'.$this->data['account_lid'];
155	$entry['loginshell'] = '/bin/false';
156	}
157	if($this->data['account_primary_group'])
158	{
159	$newData['gidnumber'] = $this->data['account_primary_group'];
160	}
161	if($this->data['lastlogin'])
162	{
163	$newData['phpgwaccountlastlogin'] = $this->data['lastlogin'];
164	}
165	if($this->data['lastloginfrom'])
166	{
167	$newData['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom'];
168	}
169	if($this->data['lastpasswd_change'])
170	{
171	$newData['phpgwlastpasswdchange'] = $this->data['lastpasswd_change'];
172	}
173	if($this->data['status'])
174	{
175	$newData['phpgwaccountstatus'] = $this->data['status'];
176	}
177	else
178	{
179	$newData['phpgwaccountstatus'] = array();
180	}
181	if($this->data['expires'])
182	{
183	$newData['phpgwaccountexpires'] = $this->data['expires'];
184	}
185
186	$newAccountID = $newData['uid'];
187	$oldAccountID = $newData['uid'];
188	}
189	else
190	{
191	// data for posixgroup
192	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(
193	$this->data['account_lid'],
194	$GLOBALS['phpgw']->translation->charset(), 'utf-8'
195	);
196	$newData['gidnumber'] = $this->data['account_id'];
197	$newGroupID = $newData['cn'];
198	$oldGroupID = $newData['cn'];
199	}
200	if($this->data['type'])
201	{
202	$newData['phpgwaccounttype'] = $this->data['type'];
203	}
204
205	/*
206	Changing the uid: Need to delete and add new, since
207	PHP cannot change the dn for the entry.
208	*/
209	if ($acct_type == 'g')
210	{
211	$test_context = $this->get_context($allValues[0]['dn']); //by JakJr, add organization support
212	$test = $allValues[0]['cn'][0];
213	}
214	else
215	{
216	$test_context = $this->get_context($allValues[0]['dn']); //by JakJr, add organization support
217	$test = $allValues[0]['uid'][0];
218	}
219	if(($GLOBALS['phpgw']->translation->convert($test,'utf-8') != $this->data['account_lid']) \|\| (strtolower($test_context) != strtolower($this->data['account_context']))) //by JakJr, add organization support
220	{
221	$oldData = $allValues[0];
222	$oldDN = $oldData['dn'];
223	// remove all unneeded fields
224	unset($oldData['dn']);
225	unset($oldData['count']);
226	foreach($oldData as $key => $value)
227	{
228	if(is_numeric($key))
229	{
230	// remove the key, its no ldap key
231	unset($oldData[$key]);
232	}
233	else
234	{
235	// remove the count key
236	if($oldData[$key]['count'] == 1)
237	{
238	$oldData[$key] = $value[0];
239	}
240	else
241	{
242	unset($oldData[$key]['count']);
243	}
244	}
245	}
246
247	$oldAccountID = $oldData['uid'];
248	$oldGroupID = $oldData['cn'];
249
250	// merge the old data with the new one
251	$newData = array_merge($oldData, $newData);
252
253	/* Groups */
254	if($this->data['account_type'] == 'g' && $this->group_context )
255	{
256	$newDN = 'cn='.$this->data['account_lid'].','.$this->data['account_context']; //by JakJr, add organization support
257	$members = $this->member($this->data['account_id']);
258	$newData['memberuid'] = array();
259	for($i=0;$i<count($members);$i++)
260	{
261	$currname = $this->id2name($members[$i]['account_id']);
262	if(!$this->isin_array($currname,$entry['memberuid']))
263	{
264	$newData['memberuid'][] = $currname;
265	}
266	}
267	}
268	/* Accounts */
269	else
270	{
271	$newDN = 'uid='.$this->data['account_lid'].','.$this->data['account_context']; //by JakJr, add organization support
272	}
273	// delete the old account
274	ldap_delete($this->ds,$oldDN);
275
276	// add the new account
277	#_debug_array($newData);
278	ldap_add($this->ds, $newDN, $newData);
279	}
280	/* Normal behavior for save_repository
281	update Account */
282	else
283	{
284	// add the list group members
285	if($this->data['account_type'] == 'g' && $this->group_context )
286	{
287	$members = $this->member($this->data['account_id']);
288	#_debug_array($members);
289	$newData['memberuid'] = array();
290	for($i=0;$i<count($members);$i++)
291	{
292	$currname = $this->id2name($members[$i]['account_id']);
293	if(!$this->isin_array($currname,$newData['memberuid']))
294	{
295	$newData['memberuid'][] = $currname;
296	}
297	}
298	}
299	// modify the DN
300	ldap_modify($this->ds, $allValues[0]['dn'], $newData);
301	}
302
303	if ($this->data['account_type'] == 'u')
304	{
305	// lets check for groups, the user needs to be removed
306
307	// first lets search for the groups, the user is currently member of
308	// and from which he needs to be removed
309	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$oldAccountID . "))";
310	$justThese = array('memberuid','gidnumber');
311	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
312	if($sri)
313	{
314	$allValues = ldap_get_entries($this->ds, $sri);
315	if($allValues['count'] > 0)
316	{
317	unset($allValues['count']);
318	foreach($allValues as $key)
319	{
320	#_debug_array($key);
321	#_debug_array($this->data['account_groups']);
322	// delete the old accountid from any group
323	if($newAccountID != $oldAccountID)
324	{
325	$dn = $key['dn'];
326	$newData = array();
327	$newData['memberuid'] = $key['memberuid'];
328	unset($newData['memberuid']['count']);
329	// remove the uid from memberuid
330	$newData['memberuid'] = array_flip($newData['memberuid']);
331	unset($newData['memberuid'][$oldAccountID]);
332	# $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
333	$newData['memberuid'] = array_values(array_flip($newData['memberuid']));
334	ldap_mod_replace($this->ds, $dn, $newData);
335	#print ldap_error($this->ds);
336	}
337	else
338	{
339	if(!in_array($key['gidnumber'][0],$this->data['account_groups']))
340	{
341	$dn = $key['dn'];
342	$newData = array();
343	$newData['memberuid'] = $key['memberuid'];
344	unset($newData['memberuid']['count']);
345	// remove the uid from memberuid
346	$newData['memberuid'] = array_flip($newData['memberuid']);
347	unset($newData['memberuid'][$oldAccountID]);
348	$newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
349	ldap_mod_replace($this->ds, $dn, $newData);
350	#print ldap_error($this->ds);
351	}
352	}
353	}
354	}
355	}
356
357	// lets check group the user needs to be added
358	$i = 0;
359	foreach($this->data['account_groups'] as $key => $value)
360	{
361	$account_groups_new[$i] = $value;
362	$i++;
363	// search for the group
364	$filter = '(&(gidnumber=' . (int)$value.')(objectClass=posixGroup))'; //melhorado a pesquisa para trazer somente grupos. Organization support
365	$justThese = array('memberuid');
366	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
367	if($sri)
368	{
369	$allValues = ldap_get_entries($this->ds, $sri);
370	// if the user is not member of this group, add him
371	if(is_array($allValues[0]['memberuid']))
372	{
373	// this group has already some members
374	if(!in_array($newData['uid'],$allValues[0]['memberuid']))
375	{
376	$dn = $allValues[0]['dn'];
377	$newData = array();
378	$newData['memberuid'] = $allValues[0]['memberuid'];
379	unset($newData['memberuid']['count']);
380	$newData['memberuid'][] = $newAccountID;
381	$newData['memberuid'] = array_values(array_unique($newData['memberuid']));
382	ldap_mod_replace($this->ds, $dn, $newData);
383	}
384	}
385	else
386	{
387	// this group has no members
388	$dn = $allValues[0]['dn'];
389	$newData = array();
390	$newData['memberuid'][] = $newAccountID;
391	ldap_mod_replace($this->ds, $dn, $newData);
392	}
393	}
394	}
395	// Begin JAKjR
396	// If the user need be deleted for a group ???
397	$filter = '(objectClass=posixGroup)';
398	$justThese = array('cn','gidnumber','memberuid');
399	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
400	if($sri)
401	{
402	$allValues = ldap_get_entries($this->ds, $sri);
403	for ($i=0; $i<$allValues['count']; $i++) //todos os grupos
404	{
405	if (!in_array($allValues[$i]['gidnumber'][0], $account_groups_new)) //todos menos os que o usuários esta
406	{
407	if (is_array($allValues[$i]['memberuid'])) //exista memberuid
408	{
409	if(in_array($newData['uid'],$allValues[$i]['memberuid']))
410	{
411	$dn = $allValues[$i]['dn'];
412	$ldap_info["memberUid"]=$newAccountID;
413	ldap_mod_del($this->ds, $dn, $ldap_info);
414	}
415	}
416	}
417	}
418	}
419	// End JAKjR
420	}
421	}
422
423	function isin_array($needle,$haystack='')
424	{
425	if(!@is_array($haystack))
426	{
427	return False;
428	}
429	for($i=0;$i<count($haystack) && $haystack[$i] !=$needle;$i++);
430	return ($i!=count($haystack));
431	}
432
433	function delete($accountid = '')
434	{
435	$account_id = get_account_id($accountid);
436	$account_lid = $this->id2name((int)$account_id);
437
438	$filter = "(&(gidnumber=" . (int)$account_id.")(phpgwaccounttype=g))";
439	//$sri = ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
440	$sri = ldap_search($this->ds, $this->group_context, $filter);
441	if($sri)
442	{
443	$allValues = ldap_get_entries($this->ds, $sri);
444	}
445
446	if(!$allValues[0]['dn'])
447	{
448	$sri = ldap_search($this->ds, $this->user_context, "(&(uid=" . (string)$account_lid.")(phpgwaccounttype=u))");
449	if($sri)
450	{
451	$allValues = ldap_get_entries($this->ds, $sri);
452	$accountID = $allValues['0']['uid'][0];
453	$wasAccount = True;
454	}
455	}
456
457	if ($allValues[0]['dn'])
458	{
459	$del = ldap_delete($this->ds, $allValues[0]['dn']);
460	}
461
462	if($wasAccount)
463	{
464	// remove the user from any group he is member of
465	$filter = "(&(objectclass=posixgroup)(memberuid=" . $account_lid . "))";
466	$justThese = array('memberuid','gidnumber','dn'); //by JakJr, add organization support
467	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
468	if($sri)
469	{
470	$allValues = ldap_get_entries($this->ds, $sri);
471
472	for ($i=0; $i<$allValues["count"]; $i++)
473	{
474	$ldap_group = $allValues[$i]["dn"];
475	//$ldap_group = 'cn=' . $this->id2name($allValues[$i]['gidnumber'][0]) . ',' . $allValues[$i]['phpgwaccountcontext'][0];// . $GLOBALS['phpgw_info']['server']['ldap_group_context']; //by JakJr, add organization support
476	$ldap_info["memberUid"]=$account_lid;
477	ldap_mod_del($this->ds, $ldap_group, $ldap_info);
478	}
479	}
480	}
481	}
482
483	function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '')
484	{
485	//print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset<br>";
486	$query = strtolower($query);
487	if($offset)
488	{
489	$limitclause = '';//$phpgw->db->limit($start,$offset);
490	}
491	elseif($start && !$offset)
492	{
493	$limitclause = '';//$phpgw->db->limit($start);
494	}
495
496	if(!$sort)
497	{
498	$sort = '';//"desc";
499	}
500
501	# dont follow the referal, by jakjr
502	ldap_set_option($this->ds, LDAP_OPT_REFERRALS, 0);
503
504	if($_type == 'accounts')
505	{
506	if(empty($query) \|\| $query == "*")
507	{
508	$filter = "(&(uidnumber=*)(phpgwaccounttype=u))";
509	}
510	else
511	{
512	$filter = "(&(uidnumber=)(phpgwaccounttype=u)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query*)))";
513	}
514	$sri = ldap_search($this->ds, $this->user_context, $filter);
515	$allValues = ldap_get_entries($this->ds, $sri);
516	while (list($null,$allVals) = @each($allValues))
517	{
518	settype($allVals,'array');
519	$test = @$allVals['uid'][0];
520	if (!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] && $allVals['uid'][0])
521	{
522	$accounts[] = Array(
523	'account_id' => $allVals['uidnumber'][0],
524	'account_lid' => $allVals['uid'][0],
525	'account_type' => $allVals['phpgwaccounttype'][0],
526	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
527	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
528	'account_status' => $allVals['phpgwaccountstatus'][0]
529	);
530	}
531	}
532	}
533	elseif ($_type == 'groups')
534	{
535	if(empty($query) \|\| $query == '*')
536	{
537	$filter = '(&(gidnumber=*)(phpgwaccounttype=g))';
538	}
539	else
540	{
541	$filter = "(&(gidnumber=)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query*)))";
542	}
543	$sri = ldap_search($this->ds, $this->group_context, $filter);
544	$allValues = ldap_get_entries($this->ds, $sri);
545	while (list($null,$allVals) = @each($allValues))
546	{
547	settype($allVals,'array');
548	$test = $allVals['cn'][0];
549	if (!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0])
550	{
551	$accounts[] = Array(
552	'account_id' => $allVals['gidnumber'][0],
553	'account_lid' => $allVals['cn'][0],
554	'account_type' => $allVals['phpgwaccounttype'][0],
555	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
556	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
557	'account_status' => $allVals['phpgwaccountstatus'][0]
558	);
559	}
560	}
561	}
562	else
563	{
564	if(empty($query) \|\| $query == "*")
565	{
566	$filter = "(&(gidnumber=*)(phpgwaccounttype=g))";
567	}
568	else
569	{
570	$filter = "(&(gidnumber=)(phpgwaccounttype=)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)))";
571	}
572	$sri = ldap_search($this->ds, $this->group_context, $filter);
573	$allValues = ldap_get_entries($this->ds, $sri);
574	while (list($null,$allVals) = @each($allValues))
575	{
576	settype($allVals,'array');
577
578	if($allVals['phpgwaccounttype'][0] == 'u')
579	{
580	$_uid = @$allVals['uid'][0];
581	}
582	else
583	{
584	$_uid = $allVals['cn'][0];
585	}
586
587	if (!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$_uid] && $_uid)
588	{
589	$accounts[] = Array(
590	'account_id' => $allVals['gidnumber'][0],
591	'account_lid' => $_uid,
592	'account_type' => $allVals['phpgwaccounttype'][0],
593	'account_firstname' => $allVals['givenname'][0],
594	'account_lastname' => $allVals['sn'][0],
595	'account_status' => $allVals['phpgwaccountstatus'][0]
596	);
597	}
598	}
599	}
600
601	// sort the array
602	$arrayFunctions = CreateObject('phpgwapi.arrayfunctions');
603	if(empty($order))
604	{
605	$order = 'account_lid';
606	}
607	$sortedAccounts = $arrayFunctions->arfsort($accounts,array($order),$sort);
608	$this->total = count($accounts);
609
610	// return only the wanted accounts
611
612	if (is_array($sortedAccounts))
613	{
614	reset($sortedAccounts);
615	if(is_int($start) && is_int($offset))
616	{
617	return array_slice($sortedAccounts, $start, $offset);
618	}
619	elseif(is_int($start))
620	{
621	return array_slice($sortedAccounts, $start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
622	}
623	else
624	{
625	return $sortedAccounts;
626	}
627	}
628	return False;
629	}
630
631	function name2id($account_lid)
632	{
633	//by JakJr, add organization support
634	/* procura em todo o diretorio */
635	$ldap_base_context = $GLOBALS['phpgw_info']['server']['ldap_base_context'];
636
637	$sri = ldap_search($this->ds, $this->group_context, '(&(cn=' . (string)$account_lid . ')(phpgwaccounttype=g))');
638	$allValues = ldap_get_entries($this->ds, $sri);
639
640	if (@$allValues[0]['gidnumber'][0])
641	{
642	return (int)$allValues[0]['gidnumber'][0];
643	}
644
645	$sri = ldap_search($this->ds, $ldap_base_context, '(&(uid=' . (string)$account_lid . ')(phpgwaccounttype=u))');//$ldap_base_context //by JakJr, add organization support
646
647	$allValues = ldap_get_entries($this->ds, $sri);
648
649	if (@$allValues[0]['uidnumber'][0])
650	{
651	return (int)$allValues[0]['uidnumber'][0];
652	}
653
654	return False;
655	}
656
657	function id2name($account_id)
658	{
659	$allValues = array();
660	$sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
661	$allValues = ldap_get_entries($this->ds, $sri);
662
663	if (@$allValues[0]['cn'][0])
664	{
665	return $allValues[0]['cn'][0];
666	}
667
668	$allValues = array();
669	$sri = ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
670	$allValues = ldap_get_entries($this->ds, $sri);
671
672	if (@$allValues[0]['uid'][0])
673	{
674	return $allValues[0]['uid'][0];
675	}
676	return False;
677	}
678
679	function get_type($account_id)
680	{
681	$allValues = array();
682	$sri = ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
683	$allValues = ldap_get_entries($this->ds, $sri);
684	if ($allValues[0]['phpgwaccounttype'][0])
685	{
686	return $allValues[0]['phpgwaccounttype'][0];
687	}
688
689	$allValues = array();
690	$sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
691	$allValues = ldap_get_entries($this->ds, $sri);
692
693	if ($allValues[0]['phpgwaccounttype'][0])
694	{
695	return $allValues[0]['phpgwaccounttype'][0];
696	}
697	return False;
698	}
699
700	/*
701	* returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both
702	* $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer')
703	*/
704	function exists($account)
705	{
706	/* This sets up internal caching variables for this functon */
707	static $by_id, $by_lid;
708	$users = array();
709	$groups = array();
710
711	if(is_int($account))
712	{
713	$ldapgroup = 'gidnumber';
714	$ldapacct = 'uidnumber';
715	$account = (int)$account;
716	/* If data is cached, use it. */
717	if(@isset($by_id[$account]) && @$by_id[$account])
718	{
719	return $by_id[$account];
720	}
721	}
722	else
723	{
724	$ldapgroup = 'cn';
725	$ldapacct = 'uid';
726	/* If data is cached, use it. */
727	if(@isset($by_lid[$account]) && @$by_lid[$account])
728	{
729	return $by_lid[$account];
730	}
731	}
732
733	$acct_type = $this->get_type($account);
734
735	if ($acct_type == 'g' && $this->group_context)
736	{
737
738	$sri = ldap_search($this->ds, $this->group_context, '(&('.$ldapgroup . '=' . $account . ')(phpgwaccounttype=g))');
739	//$sri = ldap_search($this->ds, $this->group_context, '(&('gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
740	$groups = ldap_get_entries($this->ds, $sri);
741	}
742	$sri = ldap_search($this->ds, $this->user_context, '(&('.$ldapacct . '=' . $account . ')(phpgwaccounttype=u))');
743	$users = ldap_get_entries($this->ds, $sri);
744
745	if ($users[0]['dn'])
746	{
747	$in += 1;
748	}
749	if ($groups[0]['dn'])
750	{
751	$in += 2;
752	}
753	/* This sets up internal caching for this function */
754	if($ldapgroup == 'gidnumber')
755	{
756	$by_id[$account] = $in;
757	$by_lid[$this->id2name($account)] = $in;
758	}
759	else
760	{
761	$by_lid[$account] = $in;
762	$by_id[$this->name2id($account)] = $in;
763	}
764
765	return $in;
766	}
767
768	function create($account_info,$default_prefs=True)
769	{
770	/* echo '<br>in create for account_lid: "'.$account_lid.'"'; */
771	if (empty($account_info['account_id']) \|\| !$account_info['account_id'])
772	{
773	$account_id = $this->get_nextid($account_info['account_type']);
774	/* echo '<br>using'.$account_id;exit; */
775	}
776	else
777	{
778	$account_id = $account_info['account_id'];
779	}
780	$entry['userpassword'] = $account_info['account_passwd'];
781	$entry['phpgwaccounttype'] = $account_info['account_type'];
782	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
783
784	if($account_info['account_type'] == 'g')
785	{
786	$sri = ldap_search($this->ds, $this->group_context, '(&(cn=' . (string)$account_info['account_lid'] . ')(phpgwaccounttype=g))');
787	//$sri = ldap_search($this->ds, $this->group_context, '(&('gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
788	}
789	else
790	{
791	$sri = ldap_search($this->ds, $account_info['account_context'], '(&(uid=' . (string)$account_info['account_lid'] . ')(phpgwaccounttype=u))'); //by JakJr, add organization support
792	}
793	$allValues = ldap_get_entries($this->ds, $sri);
794
795	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g')
796	{
797	$entry['homedirectory'] = $account_info['homedirectory'] && $account_info['homedirectory'] != $GLOBALS['phpgw_info']['server']['ldap_account_home'] ? $account_info['homedirectory'] : $GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid'];
798	$entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['phpgw_info']['server']['ldap_account_shell'];
799	}
800	elseif($account_info['account_type'] != 'g')
801	{
802	$entry['homedirectory'] = '/home/'.$account_info['account_lid'];
803	$entry['loginshell'] = '/bin/false';
804	}
805
806	if ($allValues[0]['dn'])
807	{
808	/* This should keep the password from being overwritten here on ldap import */
809	unset($entry['userpassword']);
810	$entry['gidnumber'] = $account_id;
811
812	while (list($key,$val) = each($entry))
813	{
814	$tmpentry = '';
815	$tmpentry[$key] = trim($val); /* must trim! */
816	/* echo '<br>'.$key.' '.$val; */
817	if ($tmpentry[$key])
818	{
819	if (!$allValues[0][$key][0])
820	{
821	/* attribute was not in LDAP, add it */
822	ldap_mod_add($this->ds, $allValues[0]['dn'], $tmpentry);
823	}
824	else
825	{
826	/* attribute was in LDAP, modify it */
827	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
828	}
829	}
830	}
831
832	if ($account_info['account_type'] == 'g')
833	{
834	$tmpentry['objectclass'][0] = 'top';
835	$tmpentry['objectclass'][1] = 'posixGroup';
836	$tmpentry['objectclass'][2] = 'phpgwAccount';
837	}
838	else
839	{
840	$tmpentry['uidnumber'] = $account_id;
841	$tmpentry['objectclass'][0] = 'top';
842	$tmpentry['objectclass'][1] = 'person';
843	$tmpentry['objectclass'][2] = 'organizationalPerson';
844	$tmpentry['objectclass'][3] = 'inetOrgPerson';
845	$tmpentry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'],False);
846	/* $tmpentry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */
847	$tmpentry['objectclass'][4] = 'posixAccount';
848	$tmpentry['objectclass'][5] = 'shadowAccount';
849	$tmpentry['objectclass'][6] = 'phpgwAccount';
850	$tmpentry['phpgwaccountstatus'] = $account_info['account_status'];
851	$tmpentry['phpgwaccounttype'] = $account_info['account_type'];
852	$tmpentry['phpgwaccountexpires'] = $account_info['account_expires'];
853	}
854	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
855	}
856	else
857	{
858	/* Not already there, we will add it */
859	if ($account_info['account_type'] == 'g')
860	{
861	$dn = 'cn='.$account_info['account_lid'] . ',' . $account_info['account_context']; //by JakJr, add organization support
862	unset($entry['homedirectory']);
863	unset($entry['loginshell']);
864	$entry['objectclass'][0] = 'top';
865	$entry['objectclass'][1] = 'posixGroup';
866	$entry['objectclass'][2] = 'phpgwAccount';
867	$entry['cn'] = $GLOBALS['phpgw']->translation->convert($account_info['account_lid'],$GLOBALS['phpgw']->translation->charset(),'utf-8');
868	$entry['gidnumber'] = $account_id;
869	#$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
870	$entry['description'] = 'phpgw-created group';
871	}
872	else
873	{
874	$dn = 'uid=' . $account_info['account_lid'] . ',' . $account_info['account_context']; //$this->user_context; //by JakJr, add organization support
875
876	$entry['cn'] = $GLOBALS['phpgw']->translation->convert(
877	sprintf(
878	"%s %s",
879	$account_info['account_firstname'],
880	$account_info['account_lastname']
881	),
882	$GLOBALS['phpgw']->translation->charset(),
883	'utf-8'
884	);
885
886	$entry['sn'] = $GLOBALS['phpgw']->translation->convert(
887	$account_info['account_lastname'],
888	$GLOBALS['phpgw']->translation->charset(),
889	'utf-8'
890	);
891
892	if($account_info['account_firstname'])
893	{
894	$entry['givenname'] = $GLOBALS['phpgw']->translation->convert(
895	$account_info['account_firstname'],
896	$GLOBALS['phpgw']->translation->charset(),
897	'utf-8'
898	);
899	}
900	$entry['uid'] = $account_info['account_lid'];
901	$entry['uidnumber'] = $account_id;
902	$entry['gidnumber'] = $account_info['account_primary_group'];
903	$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
904	$entry['objectclass'][0] = 'top';
905	$entry['objectclass'][1] = 'person';
906	$entry['objectclass'][2] = 'organizationalPerson';
907	$entry['objectclass'][3] = 'inetOrgPerson';
908	$entry['objectclass'][4] = 'posixAccount';
909	$entry['objectclass'][5] = 'shadowAccount';
910	$entry['objectclass'][6] = 'phpgwAccount';
911	if($account_info['account_status'])
912	{
913	$entry['phpgwaccountstatus'] = $account_info['account_status'];
914	}
915	$entry['phpgwaccounttype'] = $account_info['account_type'];
916	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
917	}
918
919	#_debug_array($entry);
920
921	// stop processing if ldap_add fails
922	if(!ldap_add($this->ds, $dn, $entry))
923	{
924	return false;
925	}
926	}
927	// print ldap_error($this->ds);
928
929	// lets check group the user needs to be added
930	if($account_info['account_type'] == 'u')
931	{
932	@settype($account_info['account_groups'],'array');
933	foreach($account_info['account_groups'] as $key => $value)
934	{
935	// search for the group
936	//$sri = ldap_search($this->ds, $this->group_context, '(&('gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
937	$filter = '(&(gidnumber=' . (int)$value . ')(phpgwaccounttype=g))';
938	$justThese = array('memberuid');
939	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
940	if($sri)
941	{
942	$allValues = ldap_get_entries($this->ds, $sri);
943	// if the user is not member of this group, add him
944	if(is_array($allValues[0]['memberuid']))
945	{
946	// this group has already some members
947	if(!in_array($account_info['account_lid'],$allValues[0]['memberuid']))
948	{
949	$dn = $allValues[0]['dn'];
950	$newData = array();
951	$newData['memberuid'] = $allValues[0]['memberuid'];
952	unset($newData['memberuid']['count']);
953	$newData['memberuid'][] = $account_info['account_lid'];
954	$newData['memberuid'] = array_unique($newData['memberuid']);
955	ldap_mod_replace($this->ds, $dn, $newData);
956	#print ldap_error($this->ds)."<br>";
957	}
958	}
959	else
960	{
961	// this group has no members
962	$dn = $allValues[0]['dn'];
963	$newData = array();
964	$newData['memberuid'][] = $account_info['account_lid'];
965	ldap_mod_replace($this->ds, $dn, $newData);
966	}
967	}
968	//begin-jakjr
969	$app_email = 'email';
970	$app_calendar = 'calendar';
971	$app_portal = 'portal_order';
972
973	$string_preference_email=
974	'a:13:{s:12:"account_name";s:8:"Expresso";s:9:"email_sig";s:0:"";s:15:"default_sorting";s:7:"new_old";s:6:"layout";s:1:"2";s:10:"icon_theme";s:5:"idots";s:9:"icon_size";s:2:"24";s:11:"button_type";s:4:"both";s:14:"show_addresses";s:4:"none";s:19:"mainscreen_showmail";s:3:"1";s:17:"trash_folder_name";s:5:"Trash";s:16:"sent_folder_name";s:4:"Sent";s:18:"addressbook_choice";s:4:"orig";s:25:"js_addressbook_screensize";s:3:"700";}';
975	$string_preference_portal =
976	'a:6:{i:1;s:1:"8";i:2;s:1:"8";i:3;s:1:"5";i:4;s:2:"35";i:5;s:1:"7";i:0;s:2:"11";}';
977	$string_preference_calendar =
978	'a:1:{s:21:"mainscreen_showevents";s:1:"1";}';
979
980	$this->db->query("INSERT INTO phpgw_preferences
981	(preference_owner, preference_app, preference_value)VALUES('$account_id',
982	'$app_email', '$string_preference_email')",__LINE__,__FILE__);
983
984	$this->db->query("INSERT INTO phpgw_preferences
985	(preference_owner, preference_app, preference_value)VALUES('$account_id',
986	'$app_calendar', '$string_preference_calendar')",__LINE__,__FILE__);
987
988	$this->db->query("INSERT INTO phpgw_preferences
989	(preference_owner, preference_app, preference_value)VALUES('$account_id',
990	'$app_portal', '$string_preference_portal')",__LINE__,__FILE__);
991	//end-jakjr
992	}
993	}
994
995	if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
996	{
997	$GLOBALS['phpgw']->preferences->create_defaults($account_id);
998	}
999
1000	return $account_id;
1001	}
1002
1003	function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
1004	{
1005	if ($expiredate)
1006	{
1007	$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
1008	}
1009	else
1010	{
1011	if($GLOBALS['phpgw_info']['server']['auto_create_expire'])
1012	{
1013	if($GLOBALS['phpgw_info']['server']['auto_create_expire'] == 'never')
1014	{
1015	$expires = -1;
1016	}
1017	else
1018	{
1019	$expiredate = time() + $GLOBALS['phpgw_info']['server']['auto_create_expire'];
1020	$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
1021	}
1022	}
1023	else
1024	{
1025	/* expire in 30 days by default */
1026	$expiredate = time() + ((60 * 60) * (30 * 24));
1027	$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
1028	}
1029	}
1030
1031	$acct_info = array(
1032	'account_lid' => $accountname,
1033	'account_type' => 'u',
1034	'account_passwd' => $passwd,
1035	'account_firstname' => 'New',
1036	'account_lastname' => 'User',
1037	'account_status' => $account_status,
1038	'account_expires' => $expires
1039	);
1040	$this->create($acct_info,$default_prefs);
1041	$accountid = $this->name2id($accountname);
1042
1043	$this->db->transaction_begin();
1044	if ($default_acls == False)
1045	{
1046	$apps = Array(
1047	'addressbook',
1048	'calendar',
1049	'email',
1050	'notes',
1051	'todo',
1052	'phpwebhosting',
1053	'manual'
1054	);
1055
1056	$default_group_lid = $GLOBALS['phpgw_info']['server']['default_group_lid'];
1057	$default_group_id = $this->name2id($default_group_lid);
1058	$defaultgroupid = $default_group_id ? $default_group_id : $this->name2id('Default');
1059	if($defaultgroupid)
1060	{
1061	$this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) VALUES('phpgw_group', "
1062	. $defaultgroupid . ", " . $accountid . ", 1)",__LINE__,__FILE__);
1063	}
1064	$this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)VALUES('preferences', 'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
1065	@reset($apps);
1066	while(list($key,$app) = each($apps))
1067	{
1068	$this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) VALUES ('".$app."', 'run', ".$accountid.", 1)",__LINE__,__FILE__);
1069	}
1070	}
1071	$this->db->transaction_commit();
1072
1073	$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
1074	$GLOBALS['hook_values']['account_id'] = $accountid;
1075	$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
1076	$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
1077	$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_lid'];
1078	$GLOBALS['hook_values']['account_lastname'] = 'eGW Account';
1079	$GLOBALS['phpgw']->hooks->process($GLOBALS['hook_values']+array(
1080	'location' => 'addaccount'
1081	),False,True); // called for every app now, not only enabled ones
1082
1083	return $accountid;
1084	}
1085
1086	function get_account_name($account_id,&$lid,&$fname,&$lname)
1087	{
1088	$acct_type = $this->get_type($account_id);
1089
1090	/* search the dn for the given uid */
1091	if(($acct_type == 'g') && $this->group_context)
1092	{
1093	//$sri = ldap_search($this->ds, $this->group_context, '(&('gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))')
1094	$sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id. ')(phpgwaccounttype=g))');
1095	}
1096	else
1097	{
1098	$sri = ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id. ')(phpgwaccounttype=u))');
1099	}
1100	$allValues = ldap_get_entries($this->ds, $sri);
1101
1102	if($acct_type =='g')
1103	{
1104	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1105	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1106	$lname = lang('Group');
1107	}
1108	else
1109	{
1110	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['uid'][0],'utf-8');
1111	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
1112	$lname = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
1113	}
1114	return !empty($lid);
1115	}
1116
1117	function getDNforID($_accountid = '')
1118	{
1119	$_account_id = get_account_id($_accountid);
1120	//$sri = ldap_search($this->ds, $this->group_context, '(&('gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
1121	$sri = ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$_account_id. ')(phpgwaccounttype=u))');
1122	$allValues = ldap_get_entries($this->ds, $sri);
1123
1124	return $allValues[0]['dn'];
1125	}
1126
1127	//by JakJr, add organization support
1128	function get_context($dn)
1129	{
1130	return substr($dn, (strpos($dn, ',')+1));
1131	}
1132
1133	//by JakJr, add organization support
1134	function get_organization($dn)
1135	{
1136	$ldap_base_context = $GLOBALS['phpgw_info']['server']['ldap_base_context'];
1137	$end = (strpos($dn, $ldap_base_context)-1);
1138	$tmp = substr($dn, 0, $end);
1139	$begin = (strrpos($tmp, '=')+1);
1140	return substr($dn, $begin, ($end - $begin));
1141	}
1142
1143	//by JakJr, add organization support
1144	function get_sector($dn)
1145	{
1146	$context = $this->get_context($dn);
1147	$begin = (strpos($context, '=')+1);
1148	$end = (strpos($context, ',') - $begin);
1149	return substr($context, $begin, $end);
1150	}
1151
1152	function id2fullname($account_id)
1153	{
1154	$allValues = array();
1155
1156	$sri = ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
1157	$allValues = ldap_get_entries($this->ds, $sri);
1158
1159	if (@$allValues[0]['cn'][0])
1160	{
1161	return $allValues[0]['cn'][0];
1162	}
1163	return False;
1164	}
1165
1166	function mail2fullname($mail)
1167	{
1168	$allValues = array();
1169	$sri = ldap_search($this->ds, $this->user_context, '(&(mail=' . $mail . ')(phpgwaccounttype=u))');
1170	$allValues = ldap_get_entries($this->ds, $sri);
1171	if (@$allValues[0]['cn'][0])
1172	{
1173	return $allValues[0]['cn'][0];
1174	}
1175	return False;
1176	}
1177	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format