Context Navigation

class.accounts_ldap.inc.php @ 7673

Revision 7673, 40.7 KB checked in by douglasz, 11 years ago (diff)
Ticket #3236 - Correcoes para Performance: Function Within Loop Declaration.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Accounts manager for LDAP *
4	* Written by Joseph Engo <jengo@phpgroupware.org> *
5	* and Lars Kneschke <lkneschke@phpgw.de> *
6	* and Miles Lott <milos@groupwhere.org> *
7	* and Bettina Gille <ceb@phpgroupware.org> *
8	* View and manipulate account records using LDAP *
9	* Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke *
10	* Copyright (C) 2003 Lars Kneschke, Bettina Gille *
11	* ------------------------------------------------------------------------ *
12	* This library is part of the eGroupWare API *
13	* http://www.egroupware.org *
14	* ------------------------------------------------------------------------ *
15	* This library is free software; you can redistribute it and/or modify it *
16	* under the terms of the GNU Lesser General Public License as published by *
17	* the Free Software Foundation; either version 2.1 of the License, *
18	* or any later version. *
19	* This library is distributed in the hope that it will be useful, but *
20	* WITHOUT ANY WARRANTY; without even the implied warranty of *
21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
22	* See the GNU Lesser General Public License for more details. *
23	* You should have received a copy of the GNU Lesser General Public License *
24	* along with this library; if not, write to the Free Software Foundation, *
25	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
26	\**************************************************************************/
27
28	class accounts_
29	{
30	var $db;
31	var $ds;
32	var $account_id;
33	var $data;
34	var $user_context = '';
35	var $group_context = '';
36	var $total;
37
38	function accounts_()
39	{
40	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
41	if(!$this->ds)
42	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
43	if(!@is_object($GLOBALS['phpgw']->translation))
44	{
45	$GLOBALS['phpgw']->translation = CreateObject('phpgwapi.translation');
46	}
47	$this->user_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
48	$this->group_context = $GLOBALS['phpgw_info']['server']['ldap_group_context'];
49	}
50
51	function read_repository()
52	{
53	$acct_type = $this->get_type($this->account_id);
54
55	/* search the dn for the given uid */
56	if(($acct_type == 'g') && $this->group_context)
57	{
58	/* jakjr: using justthese with ldap_search */
59	$justthese = array("gidnumber", "cn");
60	$sri = @ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"), $justthese);
61	}
62	else
63	{
64	/* jakjr: using justthese with ldap_search */
65	$justthese = array("uidnumber", "gidnumber", "uid", "cn", "givenname", "sn", "mail", "phpgwaccountstatus", "phpgwaccountexpires", "phpgwaccounttype", "phpgwlastpasswdchange","phpgwagreeterm","telephonenumber","mobile","homephone","datanascimento");
66	$sri = @ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))"), $justthese);
67	}
68	if(!$sri)
69	return null;
70	$allValues = ldap_get_entries($this->ds, $sri);
71
72	/* Now dump it into the array; take first entry found */
73	if($acct_type =='g')
74	{
75	$this->data['account_id'] = $allValues[0]['gidnumber'][0];
76	$this->data['account_lid'] = $allValues[0]['cn'][0];
77	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
78	$this->data['lastname'] = lang('Group');
79	}
80	else
81	{
82	$this->data['account_id'] = $allValues[0]['uidnumber'][0];
83	$this->data['account_primary_group'] = $allValues[0]['gidnumber'][0];
84	$this->data['account_lid'] = $allValues[0]['uid'][0];
85	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
86	$this->data['lastname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
87	if(isset($allValues[0]['mail'][0]))
88	{
89	$this->data['email'] = $allValues[0]['mail'][0];
90	}
91	$this->data['telephonenumber'] = $allValues[0]['telephonenumber'][0];
92	$this->data['mobile'] = $allValues[0]['mobile'][0];
93	$this->data['homephone'] = $allValues[0]['homephone'][0];
94	$this->data['datanascimento'] = $allValues[0]['datanascimento'][0];
95	/* jakjr: this is not used for expressoLivre */
96	/*
97	$this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0];
98	$this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0];
99	*/
100	$this->data['lastpasswd_change'] = @$allValues[0]['phpgwlastpasswdchange'][0];
101	$this->data['status'] = trim($allValues[0]['phpgwaccountstatus'][0]);
102	$this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0];
103	$this->data['type'] = $allValues[0]['phpgwaccounttype'][0];
104	$this->data['agree_terms'] = $allValues[0]['phpgwagreeterm'][0];
105	}
106	$this->data['account_dn'] = $allValues[0]['dn'];
107	$this->data['fullname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
108
109	/* jakjr: this is not used for expressoLivre */
110	/*
111	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
112	{
113	$this->data['homedirectory'] = $allValues[0]['homedirectory'][0];
114	$this->data['loginshell'] = $allValues[0]['loginshell'][0];
115	}
116	*/
117	return $this->data;
118	}
119
120	function save_repository()
121	{
122	#_debug_array($this->data);
123	$acct_type = $this->get_type($this->account_id);
124
125	/* search the dn for the given u/gidnumber */
126	if(($acct_type == 'g') && $this->group_context)
127	{
128	$sri = ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
129	}
130	else
131	{
132	$sri = ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"));
133	}
134	$allValues = ldap_get_entries($this->ds, $sri);
135
136	$this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0];
137
138	if($acct_type == 'u')
139	{
140	// data for posixaccount
141	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(sprintf("%s %s",
142	$this->data['firstname'],
143	$this->data['lastname']),$GLOBALS['phpgw']->translation->charset(),'utf-8'
144	);
145	$newData['uid'] = $GLOBALS['phpgw']->translation->convert(
146	$this->data['account_lid'],
147	$GLOBALS['phpgw']->translation->charset(),'utf-8'
148	);
149	if($this->data['lastname'])
150	{
151	$newData['sn'] = $GLOBALS['phpgw']->translation->convert(
152	$this->data['lastname'],
153	$GLOBALS['phpgw']->translation->charset(),'utf-8'
154	);
155	}
156
157	if($this->data['firstname'])
158	{
159	$newData['givenname'] = $GLOBALS['phpgw']->translation->convert(
160	$this->data['firstname'],
161	$GLOBALS['phpgw']->translation->charset(),'utf-8'
162	);
163	}
164	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
165	{
166	$newData['homedirectory'] = $this->data['homedirectory'];
167	$newData['loginshell'] = $this->data['loginshell'];
168	}
169	else
170	{
171	// the posixaccount schema requires this
172	$entry['homedirectory'] = '/home/'.$this->data['account_lid'];
173	$entry['loginshell'] = '/bin/false';
174	}
175	if($this->data['account_primary_group'])
176	{
177	$newData['gidnumber'] = $this->data['account_primary_group'];
178	}
179	if($this->data['lastlogin'])
180	{
181	$newData['phpgwaccountlastlogin'] = $this->data['lastlogin'];
182	}
183	if($this->data['lastloginfrom'])
184	{
185	$newData['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom'];
186	}
187	if($this->data['lastpasswd_change'])
188	{
189	$newData['phpgwlastpasswdchange'] = $this->data['lastpasswd_change'];
190	}
191	if($this->data['status'])
192	{
193	$newData['phpgwaccountstatus'] = $this->data['status'];
194	}
195	else
196	{
197	$newData['phpgwaccountstatus'] = array();
198	}
199	if($this->data['expires'])
200	{
201	$newData['phpgwaccountexpires'] = $this->data['expires'];
202	}
203	if($this->data['email'])
204	{
205	$newData['mail'] = $this->data['email'];
206	}
207
208	$newAccountID = $newData['uid'];
209	$oldAccountID = $newData['uid'];
210	}
211	else
212	{
213	// data for posixgroup
214	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(
215	$this->data['account_lid'],
216	$GLOBALS['phpgw']->translation->charset(), 'utf-8'
217	);
218	$newData['gidnumber'] = $this->account_id;
219	$newGroupID = $newData['cn'];
220	$oldGroupID = $newData['cn'];
221	}
222	if($this->data['type'])
223	{
224	$newData['phpgwaccounttype'] = $this->data['type'];
225	}
226
227	/*
228	Changing the uid: Need to delete and add new, since
229	PHP cannot change the dn for the entry.
230	*/
231	if ($acct_type == 'g')
232	{
233	$test = $allValues[0]['cn'][0];
234	}
235	else
236	{
237	$test = $allValues[0]['uid'][0];
238	}
239	if($GLOBALS['phpgw']->translation->convert($test,'utf-8') != $this->data['account_lid'])
240	{
241	$oldData = $allValues[0];
242	$oldDN = $oldData['dn'];
243	// remove all unneeded fields
244	unset($oldData['dn']);
245	unset($oldData['count']);
246	foreach($oldData as $key => $value)
247	{
248	if(is_numeric($key))
249	{
250	// remove the key, its no ldap key
251	unset($oldData[$key]);
252	}
253	else
254	{
255	// remove the count key
256	if($oldData[$key]['count'] == 1)
257	{
258	$oldData[$key] = $value[0];
259	}
260	else
261	{
262	unset($oldData[$key]['count']);
263	}
264	}
265	}
266
267	$oldAccountID = $oldData['uid'];
268	$oldGroupID = $oldData['cn'];
269
270	// merge the old data with the new one
271	$newData = array_merge($oldData, $newData);
272
273	/* Groups */
274	if($this->data['account_type'] == 'g' && $this->group_context )
275	{
276	$newDN = 'cn='.$this->data['account_lid'].','.$this->group_context;
277	$members = $this->member($this->account_id);
278	$newData['memberuid'] = array();
279	$members_count = count($members);
280	for($i=0;$i<$members_count;++$i)
281	{
282	$currname = $this->id2name($members[$i]['account_id']);
283	if(!in_array($currname,$entry['memberuid']))
284	{
285	$newData['memberuid'][] = $currname;
286	}
287	}
288	}
289	/* Accounts */
290	else
291	{
292	$newDN = 'uid='.$this->data['account_lid'].','.$this->user_context;
293	}
294	// delete the old account
295	ldap_delete($this->ds,$oldDN);
296
297	// add the new account
298	#_debug_array($newData);
299	ldap_add($this->ds, $newDN, $newData);
300	}
301	/* Normal behavior for save_repository
302	update Account */
303	else
304	{
305	// add the list group members
306	if($this->data['account_type'] == 'g' && $this->group_context )
307	{
308	$members = $this->member($this->account_id);
309	#_debug_array($members);
310	$newData['memberuid'] = array();
311	$members_count = count($members);
312	for($i=0;$i<$members_count;++$i)
313	{
314	$currname = $this->id2name($members[$i]['account_id']);
315	if(!in_array($currname,$newData['memberuid']))
316	{
317	$newData['memberuid'][] = $currname;
318	}
319	}
320	}
321	// modify the DN
322	ldap_modify($this->ds, $allValues[0]['dn'], $newData);
323	}
324
325	if ($this->data['account_type'] == 'u')
326	{
327	// lets check for groups, the user needs to be removed
328
329	// first lets search for the groups, the user is currently member of
330	// and from which he needs to be removed
331	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$oldAccountID . "))";
332	$justThese = array('memberuid','gidnumber');
333	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
334	if($sri)
335	{
336	$allValues = ldap_get_entries($this->ds, $sri);
337	if($allValues['count'] > 0)
338	{
339	unset($allValues['count']);
340	foreach($allValues as $key)
341	{
342	#_debug_array($key);
343	#_debug_array($this->data['account_groups']);
344	// delete the old accountid from any group
345	if($newAccountID != $oldAccountID)
346	{
347	$dn = $key['dn'];
348	$newData = array();
349	$newData['memberuid'] = $key['memberuid'];
350	unset($newData['memberuid']['count']);
351	// remove the uid from memberuid
352	$newData['memberuid'] = array_flip($newData['memberuid']);
353	unset($newData['memberuid'][$oldAccountID]);
354	# $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
355	$newData['memberuid'] = array_values(array_flip($newData['memberuid']));
356	ldap_mod_replace($this->ds, $dn, $newData);
357	#print ldap_error($this->ds);
358	}
359	else
360	{
361	if(!in_array($key['gidnumber'][0],$this->data['account_groups']))
362	{
363	$dn = $key['dn'];
364	$newData = array();
365	$newData['memberuid'] = $key['memberuid'];
366	unset($newData['memberuid']['count']);
367	// remove the uid from memberuid
368	$newData['memberuid'] = array_flip($newData['memberuid']);
369	unset($newData['memberuid'][$oldAccountID]);
370	$newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
371	ldap_mod_replace($this->ds, $dn, $newData);
372	#print ldap_error($this->ds);
373	}
374	}
375	}
376	}
377	}
378
379	// lets check group the user needs to be added
380	foreach($this->data['account_groups'] as $key => $value)
381	{
382	// search for the group
383	$filter = 'gidnumber=' . (int)$value;
384	$justThese = array('memberuid');
385	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
386	if($sri)
387	{
388	$allValues = ldap_get_entries($this->ds, $sri);
389	// if the user is not member of this group, add him
390	if(is_array($allValues[0]['memberuid']))
391	{
392	// this group has already some members
393	if(!in_array($newData['uid'],$allValues[0]['memberuid']))
394	{
395	$dn = $allValues[0]['dn'];
396	$newData = array();
397	$newData['memberuid'] = $allValues[0]['memberuid'];
398	unset($newData['memberuid']['count']);
399	$newData['memberuid'][] = $newAccountID;
400	$newData['memberuid'] = array_values(array_unique($newData['memberuid']));
401	ldap_mod_replace($this->ds, $dn, $newData);
402	}
403	}
404	else
405	{
406	// this group has no members
407	$dn = $allValues[0]['dn'];
408	$newData = array();
409	$newData['memberuid'][] = $newAccountID;
410	ldap_mod_replace($this->ds, $dn, $newData);
411	}
412	}
413	}
414	}
415	}
416
417	function delete($accountid = '')
418	{
419	$account_id = get_account_id($accountid);
420	$account_lid = $this->id2name((int)$account_id);
421
422	$filter = "(&(gidnumber=" . (int)$account_id.")(phpgwaccounttype=g))";
423	$sri = ldap_search($this->ds, $this->group_context, $filter);
424	if($sri)
425	{
426	$allValues = ldap_get_entries($this->ds, $sri);
427	}
428
429	if(!$allValues[0]['dn'])
430	{
431	$sri = ldap_search($this->ds, $this->user_context, "(&(uid=" . (string)$account_lid.")(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))");
432	if($sri)
433	{
434	$allValues = ldap_get_entries($this->ds, $sri);
435	$accountID = $allValues['0']['uid'][0];
436	$wasAccount = True;
437	}
438	}
439
440	if ($allValues[0]['dn'])
441	{
442	$del = ldap_delete($this->ds, $allValues[0]['dn']);
443	}
444
445	if($wasAccount)
446	{
447	// remove the user from any group he is member of
448	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$accountID . "))";
449	$justThese = array('memberuid','gidnumber');
450	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
451	if($sri)
452	{
453	$allValues = ldap_get_entries($this->ds, $sri);
454	if($allValues['count'] > 0)
455	{
456	unset($allValues['count']);
457	foreach($allValues as $key)
458	{
459	$dn = $key['dn'];
460	$newData = array();
461	$newData['memberuid'] = $key['memberuid'];
462	unset($newData['memberuid']['count']);
463	// remove the uid from memberuid
464	$newData['memberuid'] = array_flip($newData['memberuid']);
465	unset($newData['memberuid'][$accountID]);
466	$newData['memberuid'] = array_unique(array_flip($newData['memberuid']));
467	ldap_mod_replace($this->ds, $dn, $newData);
468	}
469	}
470	}
471	}
472	}
473
474	function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
475	{
476	//print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset, \$query_type=$query_type<br>";
477	$query = strtolower($query);
478
479	if($_type == 'accounts' \|\| $_type == 'both')
480	{
481	$filter = "(&(uidnumber=*)(\|(phpgwaccounttype=u)(phpgwaccounttype=s))";
482	if (!empty($query) && $query != '*')
483	{
484	switch($query_type)
485	{
486	case 'all':
487	default:
488	$query = '*'.$query;
489	// fall-through
490	case 'start':
491	$query .= '*';
492	// fall-through
493	case 'exact':
494	$filter .= "(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)(mail=$query))";
495	break;
496	case 'firstname':
497	case 'lastname':
498	case 'lid':
499	case 'email':
500	$to_ldap = array(
501	'firstname' => 'givenname',
502	'lastname' => 'sn',
503	'lid' => 'uid',
504	'email' => 'mail',
505	);
506	$filter .= '('.$to_ldap[$query_type].'='.$query.')';
507	break;
508	}
509	}
510	$filter .= ')';
511
512	$sri = ldap_search($this->ds, $this->user_context, $filter);
513	$allValues = ldap_get_entries($this->ds, $sri);
514	while (list($null,$allVals) = @each($allValues))
515	{
516	settype($allVals,'array');
517	$test = @$allVals['uid'][0];
518	if (!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] && $allVals['uid'][0])
519	{
520	$accounts[] = Array(
521	'account_id' => $allVals['uidnumber'][0],
522	'account_lid' => $allVals['uid'][0],
523	'account_type' => $allVals['phpgwaccounttype'][0],
524	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
525	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
526	'account_status' => $allVals['phpgwaccountstatus'][0],
527	'account_email' => $allVals['mail'][0],
528	);
529	}
530	}
531	}
532	if ($_type == 'groups' \|\| $_type == 'both')
533	{
534	if(empty($query) \|\| $query == '*')
535	{
536	$filter = '(&(gidnumber=*)(phpgwaccounttype=g))';
537	}
538	else
539	{
540	if ($_type == 'both')
541	$filter = "(&(gidnumber=*)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)))";
542	else
543	$filter = "(&(gidnumber=)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query*)))";
544	}
545	$sri = ldap_search($this->ds, $this->group_context, $filter);
546	$allValues = ldap_get_entries($this->ds, $sri);
547	while (list($null,$allVals) = @each($allValues))
548	{
549	settype($allVals,'array');
550	$test = $allVals['cn'][0];
551	if (!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0])
552	{
553	$accounts[] = Array(
554	'account_id' => $allVals['gidnumber'][0],
555	'account_lid' => $allVals['cn'][0],
556	'account_type' => $allVals['phpgwaccounttype'][0],
557	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
558	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
559	'account_status' => $allVals['phpgwaccountstatus'][0],
560	'account_email' => $allVals['mail'][0],
561	);
562	}
563	}
564	}
565	// sort the array
566	$arrayFunctions = CreateObject('phpgwapi.arrayfunctions');
567	if(empty($order))
568	{
569	$order = 'account_lid';
570	}
571	$sortedAccounts = $arrayFunctions->arfsort($accounts,explode(',',$order),$sort);
572	$this->total = count($accounts);
573
574	// return only the wanted accounts
575
576	if (is_array($sortedAccounts))
577	{
578	reset($sortedAccounts);
579	if(is_int($start) && is_int($offset))
580	{
581	return array_slice($sortedAccounts, $start, $offset);
582	}
583	elseif(is_int($start))
584	{
585	return array_slice($sortedAccounts, $start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
586	}
587	else
588	{
589	return $sortedAccounts;
590	}
591	}
592	return False;
593	}
594
595	function name2id($name,$which='account_lid')
596	{
597	/* jakjr: change search position */
598	$to_ldap = array(
599	'account_lid' => 'uid',
600	'account_email' => 'mail',
601	);
602	if (!isset($to_ldap[$which])) return False;
603
604	$sri = ldap_search($this->ds, $this->user_context, '(&('.$to_ldap[$which].'=' . (string)$name . ')(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))', array("uidnumber"));
605	$allValues = ldap_get_entries($this->ds, $sri);
606
607	if (@$allValues[0]['uidnumber'][0])
608	{
609	return (int)$allValues[0]['uidnumber'][0];
610	}
611
612	if ($which == 'account_lid') // groups only support account_lid
613	{
614	$sri = ldap_search($this->ds, $this->group_context, '(&(cn=' . (string)$name . ')(phpgwaccounttype=g))', array("gidnumber"));
615	$allValues = ldap_get_entries($this->ds, $sri);
616
617	if (@$allValues[0]['gidnumber'][0])
618	{
619	return (int)$allValues[0]['gidnumber'][0];
620	}
621	}
622
623	return False;
624	}
625
626	function id2name($account_id,$which='account_lid')
627	{
628	if ($which == 'account_lid' \|\| $which == 'account_type') // groups only support account_lid and account_type
629	{
630	$allValues = array();
631	/* jakjr: using justthese with ldap_search */
632	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("cn"));
633	if(!$sri)
634	return False;
635	$allValues = ldap_get_entries($this->ds, $sri);
636
637	$attr = $which == 'account_lid' ? 'cn' : 'phpgwaccounttype';
638	if (@$allValues[0]['cn'][0])
639	{
640	return $allValues[0]['cn'][0];
641	}
642	}
643	$to_ldap = array(
644	'account_lid' => 'uid',
645	'account_email' => 'mail',
646	'account_firstname' => 'surname',
647	'account_lastname' => 'cn',
648	'account_type' => 'phpgwaccounttype',
649	);
650	if (!isset($to_ldap[$which])) return False;
651
652	$allValues = array();
653	/* jakjr: using justthese with ldap_search */
654	$justthese = array("uid","mail","surname","cn","phpgwaccounttype");
655	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))', $justthese);
656	if(!$sri)
657	return False;
658	$allValues = ldap_get_entries($this->ds, $sri);
659
660	if (@$allValues[0][$to_ldap[$which]][0])
661	{
662	return $allValues[0][$to_ldap[$which]][0];
663	}
664	return False;
665	}
666
667	function get_type($account_id)
668	{
669	$allValues = array();
670	/* jakjr: using justthese with ldap_search */
671	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))', array("phpgwaccounttype"));
672	if(!$sri)
673	return False;
674	$allValues = ldap_get_entries($this->ds, $sri);
675
676	if ($allValues[0]['phpgwaccounttype'][0])
677	{
678	return $allValues[0]['phpgwaccounttype'][0];
679	}
680
681	$allValues = array();
682	/* jakjr: using justthese with ldap_search */
683	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("phpgwaccounttype"));
684	if(!$sri)
685	return False;
686	$allValues = ldap_get_entries($this->ds, $sri);
687
688	if ($allValues[0]['phpgwaccounttype'][0])
689	{
690	return $allValues[0]['phpgwaccounttype'][0];
691	}
692	return False;
693	}
694
695	/*
696	* returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both
697	* $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer')
698	*/
699	function exists($account)
700	{
701	/* This sets up internal caching variables for this functon */
702	static $by_id, $by_lid;
703	$users = array();
704	$groups = array();
705
706	if(is_int($account))
707	{
708	$ldapgroup = 'gidnumber';
709	$ldapacct = 'uidnumber';
710	$account = (int)$account;
711	/* If data is cached, use it. */
712	if(@isset($by_id[$account]) && @$by_id[$account])
713	{
714	return $by_id[$account];
715	}
716	}
717	else
718	{
719	$ldapgroup = 'cn';
720	$ldapacct = 'uid';
721	/* If data is cached, use it. */
722	if(@isset($by_lid[$account]) && @$by_lid[$account])
723	{
724	return $by_lid[$account];
725	}
726	}
727
728	$acct_type = $this->get_type($account);
729
730	if ($acct_type == 'g' && $this->group_context)
731	{
732	$sri = @ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . $account);
733	if(!$sri)
734	return False;
735	$groups = ldap_get_entries($this->ds, $sri);
736	}
737	$sri = @ldap_search($this->ds, $this->user_context, $ldapacct . '=' . $account);
738	if(!$sri)
739	return False;
740	$users = ldap_get_entries($this->ds, $sri);
741
742	if ($users[0]['dn'])
743	{
744	$in += 1;
745	}
746	if ($groups[0]['dn'])
747	{
748	$in += 2;
749	}
750	/* This sets up internal caching for this function */
751	if($ldapgroup == 'gidnumber')
752	{
753	$by_id[$account] = $in;
754	$by_lid[$this->id2name($account)] = $in;
755	}
756	else
757	{
758	$by_lid[$account] = $in;
759	$by_id[$this->name2id($account)] = $in;
760	}
761
762	return $in;
763	}
764
765	function create($account_info,$default_prefs=True)
766	{
767	/* echo '<br>in create for account_lid: "'.$account_lid.'"'; */
768	if (empty($account_info['account_id']) \|\| !$account_info['account_id'])
769	{
770	$account_id = $this->get_nextid($account_info['account_type']);
771	/* echo '<br>using'.$account_id;exit; */
772	}
773	else
774	{
775	$account_id = $account_info['account_id'];
776	}
777	$entry['userpassword'] = $account_info['account_passwd'];
778	$entry['phpgwaccounttype'] = $account_info['account_type'];
779	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
780
781	if($account_info['account_type'] == 'g')
782	{
783	$sri = @ldap_search($this->ds, $this->group_context, 'cn=' . (string)$account_info['account_lid']);
784	}
785	else
786	{
787	$sri = @ldap_search($this->ds, $this->user_context, 'uid=' . (string)$account_info['account_lid']);
788	}
789	if(!$sri)
790	return False;
791	$allValues = ldap_get_entries($this->ds, $sri);
792
793	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g')
794	{
795	$entry['homedirectory'] = $account_info['homedirectory'] && $account_info['homedirectory'] != $GLOBALS['phpgw_info']['server']['ldap_account_home'] ? $account_info['homedirectory'] : $GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid'];
796	$entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['phpgw_info']['server']['ldap_account_shell'];
797	}
798	elseif($account_info['account_type'] != 'g')
799	{
800	$entry['homedirectory'] = '/home/'.$account_info['account_lid'];
801	$entry['loginshell'] = '/bin/false';
802	}
803
804	if ($allValues[0]['dn'])
805	{
806	/* This should keep the password from being overwritten here on ldap import */
807	unset($entry['userpassword']);
808	$entry['gidnumber'] = $account_id;
809
810	while (list($key,$val) = each($entry))
811	{
812	$tmpentry = '';
813	$tmpentry[$key] = trim($val); /* must trim! */
814	/* echo '<br>'.$key.' '.$val; */
815	if ($tmpentry[$key])
816	{
817	if (!$allValues[0][$key][0])
818	{
819	/* attribute was not in LDAP, add it */
820	ldap_mod_add($this->ds, $allValues[0]['dn'], $tmpentry);
821	}
822	else
823	{
824	/* attribute was in LDAP, modify it */
825	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
826	}
827	}
828	}
829
830	if ($account_info['account_type'] == 'g')
831	{
832	$tmpentry['objectclass'][0] = 'top';
833	$tmpentry['objectclass'][1] = 'posixGroup';
834	$tmpentry['objectclass'][2] = 'phpgwAccount';
835	}
836	else
837	{
838	$tmpentry['uidnumber'] = $account_id;
839	$tmpentry['objectclass'][0] = 'top';
840	$tmpentry['objectclass'][1] = 'person';
841	$tmpentry['objectclass'][2] = 'organizationalPerson';
842	$tmpentry['objectclass'][3] = 'inetOrgPerson';
843	$tmpentry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'],False);
844	/* $tmpentry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */
845	$tmpentry['objectclass'][4] = 'posixAccount';
846	$tmpentry['objectclass'][5] = 'shadowAccount';
847	$tmpentry['objectclass'][6] = 'phpgwAccount';
848	$tmpentry['phpgwaccountstatus'] = $account_info['account_status'];
849	$tmpentry['phpgwaccounttype'] = $account_info['account_type'];
850	$tmpentry['phpgwaccountexpires'] = $account_info['account_expires'];
851	}
852	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
853	}
854	else
855	{
856	/* Not already there, we will add it */
857	if ($account_info['account_type'] == 'g')
858	{
859	$dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context;
860	unset($entry['homedirectory']);
861	unset($entry['loginshell']);
862	$entry['objectclass'][0] = 'top';
863	$entry['objectclass'][1] = 'posixGroup';
864	$entry['objectclass'][2] = 'phpgwAccount';
865	$entry['cn'] = $GLOBALS['phpgw']->translation->convert($account_info['account_lid'],$GLOBALS['phpgw']->translation->charset(),'utf-8');
866	$entry['gidnumber'] = $account_id;
867	#$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
868	$entry['description'] = 'phpgw-created group';
869	}
870	else
871	{
872	$dn = 'uid=' . $account_info['account_lid'] . ',' . $this->user_context;
873
874	$entry['cn'] = $GLOBALS['phpgw']->translation->convert(
875	sprintf(
876	"%s %s",
877	$account_info['account_firstname'],
878	$account_info['account_lastname']
879	),
880	$GLOBALS['phpgw']->translation->charset(),
881	'utf-8'
882	);
883
884	$entry['sn'] = $GLOBALS['phpgw']->translation->convert(
885	$account_info['account_lastname'],
886	$GLOBALS['phpgw']->translation->charset(),
887	'utf-8'
888	);
889
890	if($account_info['account_firstname'])
891	{
892	$entry['givenname'] = $GLOBALS['phpgw']->translation->convert(
893	$account_info['account_firstname'],
894	$GLOBALS['phpgw']->translation->charset(),
895	'utf-8'
896	);
897	}
898	if($account_info['account_email'])
899	{
900	$entry['mail'] = $GLOBALS['phpgw']->translation->convert(
901	$account_info['account_email'],
902	$GLOBALS['phpgw']->translation->charset(),
903	'utf-8'
904	);
905	}
906	$entry['uid'] = $account_info['account_lid'];
907	$entry['uidnumber'] = $account_id;
908	$entry['gidnumber'] = $account_info['account_primary_group'];
909	$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
910	$entry['objectclass'][0] = 'top';
911	$entry['objectclass'][1] = 'person';
912	$entry['objectclass'][2] = 'organizationalPerson';
913	$entry['objectclass'][3] = 'inetOrgPerson';
914	$entry['objectclass'][4] = 'posixAccount';
915	$entry['objectclass'][5] = 'shadowAccount';
916	$entry['objectclass'][6] = 'phpgwAccount';
917	if($account_info['account_status'])
918	{
919	$entry['phpgwaccountstatus'] = $account_info['account_status'];
920	}
921	$entry['phpgwaccounttype'] = $account_info['account_type'];
922	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
923	}
924
925	#_debug_array($entry);
926
927	// stop processing if ldap_add fails
928	if(!ldap_add($this->ds, $dn, $entry))
929	{
930	return false;
931	}
932	}
933	// print ldap_error($this->ds);
934
935	// lets check group the user needs to be added
936	if($account_info['account_type'] == 'u')
937	{
938	@settype($account_info['account_groups'],'array');
939	foreach($account_info['account_groups'] as $key => $value)
940	{
941	// search for the group
942	$filter = 'gidnumber=' . (int)$value;
943	$justThese = array('memberuid');
944	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
945	if($sri)
946	{
947	$allValues = ldap_get_entries($this->ds, $sri);
948	// if the user is not member of this group, add him
949	if(is_array($allValues[0]['memberuid']))
950	{
951	// this group has already some members
952	if(!in_array($account_info['account_lid'],$allValues[0]['memberuid']))
953	{
954	$dn = $allValues[0]['dn'];
955	$newData = array();
956	$newData['memberuid'] = $allValues[0]['memberuid'];
957	unset($newData['memberuid']['count']);
958	$newData['memberuid'][] = $account_info['account_lid'];
959	$newData['memberuid'] = array_unique($newData['memberuid']);
960	ldap_mod_replace($this->ds, $dn, $newData);
961	#print ldap_error($this->ds)."<br>";
962	}
963	}
964	else
965	{
966	// this group has no members
967	$dn = $allValues[0]['dn'];
968	$newData = array();
969	$newData['memberuid'][] = $account_info['account_lid'];
970	ldap_mod_replace($this->ds, $dn, $newData);
971	}
972	}
973	}
974	}
975
976	if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
977	{
978	$GLOBALS['phpgw']->preferences->create_defaults($account_id);
979	}
980
981	return $account_id;
982	}
983
984	function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
985	{
986	if ($expiredate == 0)
987	{
988	if(isset($GLOBALS['phpgw_info']['server']['auto_create_expire']) == True)
989	{
990	if($GLOBALS['phpgw_info']['server']['auto_create_expire'] == 'never')
991	{
992	$expires = -1;
993	}
994	else
995	{
996	$expiredate = time() + $GLOBALS['phpgw_info']['server']['auto_create_expire'];
997	}
998	}
999	}
1000	else
1001	{
1002	/* expire in 30 days by default */
1003	$expiredate = time() + ((60 * 60) * (30 * 24));
1004	}
1005
1006	if ($expires != -1)
1007	{
1008	$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
1009	}
1010
1011	$default_group_id = $this->name2id($GLOBALS['phpgw_info']['server']['default_group_lid']);
1012	if (!$default_group_id)
1013	{
1014	$default_group_id = (int) $this->name2id('Default');
1015	}
1016	$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
1017	$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
1018	(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
1019
1020	$acct_info = array(
1021	'account_lid' => $accountname,
1022	'account_type' => 'u',
1023	'account_passwd' => $passwd,
1024	'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New',
1025	'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User',
1026	'account_status' => $account_status,
1027	'account_expires' => $expires,
1028	'account_primary_group' => $primary_group,
1029	);
1030
1031	/* attempt to set an email address */
1032	if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '')
1033	{
1034	$acct_info['account_email'] = $GLOBALS['auto_create_acct']['email'];
1035	}
1036	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) == True && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1037	{
1038	$acct_info['account_email'] = $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix'];
1039	}
1040
1041	$this->db->transaction_begin();
1042
1043	$this->create($acct_info,$default_prefs); /* create the account */
1044
1045	$accountid = $this->name2id($accountname); /* grab the account id or an error code */
1046
1047	if ($accountid) /* begin account setup */
1048	{
1049	if($primary_group)
1050	{
1051	$this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) VALUES('phpgw_group', "
1052	. $primary_group . ", " . $accountid . ", 1)",__LINE__,__FILE__);
1053	}
1054
1055	/* FIXME - we are assuming the auth method is capable of password changing
1056	* $this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)VALUES('preferences', 'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
1057	*/
1058
1059	/* if we have an mail address set it in the uesrs' email preference */
1060	if (isset($GLOBALS['auto_create_acct']['email']) && $GLOBALS['auto_create_acct']['email'] != '')
1061	{
1062	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1063	$GLOBALS['phpgw']->preferences->preferences($accountid);
1064	$GLOBALS['phpgw']->preferences->read_repository();
1065	$GLOBALS['phpgw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']);
1066	$GLOBALS['phpgw']->preferences->save_repository();
1067	}
1068	/* use the default mail domain to set the uesrs' email preference */
1069	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1070	{
1071	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1072	$GLOBALS['phpgw']->preferences->preferences($accountid);
1073	$GLOBALS['phpgw']->preferences->read_repository();
1074	$GLOBALS['phpgw']->preferences->add('email','address', $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix']);
1075	$GLOBALS['phpgw']->preferences->save_repository();
1076	}
1077
1078	/* commit the new account transaction */
1079	$this->db->transaction_commit();
1080
1081	/* does anyone know what the heck this is required for? */
1082	$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
1083	$GLOBALS['hook_values']['account_id'] = $accountid;
1084	$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
1085	$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
1086	$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname'];
1087	$GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname'];
1088	$GLOBALS['phpgw']->hooks->process($GLOBALS['hook_values']+array(
1089	'location' => 'addaccount'
1090	),False,True); // called for every app now, not only enabled ones
1091
1092	} /* end account setup */
1093	else /* if no account id abort the account creation */
1094	{
1095	$this->db->transaction_abort();
1096	}
1097
1098	/*
1099	* If we succeeded in creating the account (above), return the accountid, else,
1100	* return the error value from $this->name2id($accountname)
1101	*/
1102	return $accountid;
1103	} /* end auto_add() */
1104
1105	function get_account_name($account_id,&$lid,&$fname,&$lname)
1106	{
1107	$acct_type = $this->get_type($account_id);
1108
1109	/* jakjr: using justthese with ldap_search */
1110	$justthese = array("cn","uid","givenname","sn");
1111
1112	/* search the dn for the given uid */
1113	if(($acct_type == 'g') && $this->group_context)
1114	{
1115	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwAccountType=g))', $justthese);
1116	}
1117	else
1118	{
1119	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))', $justthese);
1120	}
1121	if(!$sri)
1122	return False;
1123	$allValues = ldap_get_entries($this->ds, $sri);
1124
1125	if($acct_type =='g')
1126	{
1127	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1128	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1129	$lname = lang('Group');
1130	}
1131	else
1132	{
1133	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['uid'][0],'utf-8');
1134	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
1135	$lname = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
1136	}
1137	return !empty($lid);
1138	}
1139
1140	function getDNforID($_accountid = '')
1141	{
1142	$_account_id = get_account_id($_accountid);
1143
1144	$sri = @ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$_account_id);
1145	if(!$sri)
1146	return False;
1147	$allValues = ldap_get_entries($this->ds, $sri);
1148
1149	return $allValues[0]['dn'];
1150	}
1151
1152	//by JakJr, add organization support
1153	function get_context($dn)
1154	{
1155	return substr($dn, (strpos($dn, ',')+1));
1156	}
1157
1158	//by JakJr, add organization support
1159	function get_organization($dn)
1160	{
1161	$ldap_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
1162	$end = (strpos($dn, $ldap_context)-1);
1163	$tmp = substr($dn, 0, $end);
1164	$begin = (strrpos($tmp, '=')+1);
1165	return substr($dn, $begin, ($end - $begin));
1166	}
1167
1168	//by JakJr, add organization support
1169	function get_sector($dn)
1170	{
1171	$context = $this->get_context($dn);
1172	$begin = (strpos($context, '=')+1);
1173	$end = (strpos($context, ',') - $begin);
1174	return substr($context, $begin, $end);
1175	}
1176
1177	function id2fullname($account_id)
1178	{
1179	$allValues = array();
1180	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))');
1181	if(!$sri)
1182	return False;
1183	$allValues = ldap_get_entries($this->ds, $sri);
1184	if (@$allValues[0]['cn'][0])
1185	{
1186	return $allValues[0]['cn'][0];
1187	}
1188	return False;
1189	}
1190
1191	function mail2fullname($mail)
1192	{
1193	$allValues = array();
1194	$sri = @ldap_search($this->ds, $this->user_context, '(&(mail=' . $mail . ')(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))');
1195	if(!$sri)
1196	return False;
1197	$allValues = ldap_get_entries($this->ds, $sri);
1198	if (@$allValues[0]['cn'][0])
1199	{
1200	return $allValues[0]['cn'][0];
1201	}
1202	return False;
1203	}
1204	}
1205	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/phpgwapi/inc/class.accounts_ldap.inc.php @ 7673

Download in other formats: