Context Navigation

source: trunk/phpgwapi/inc/class.accounts_ldap.inc.php @ 1904

Revision 1904, 40.1 KB checked in by amuller, 14 years ago (diff)
Ticket #597 - Melhoria do FM. melhorias na interface, Compartilhamento de grupos
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Accounts manager for LDAP *
4	* Written by Joseph Engo <jengo@phpgroupware.org> *
5	* and Lars Kneschke <lkneschke@phpgw.de> *
6	* and Miles Lott <milos@groupwhere.org> *
7	* and Bettina Gille <ceb@phpgroupware.org> *
8	* View and manipulate account records using LDAP *
9	* Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke *
10	* Copyright (C) 2003 Lars Kneschke, Bettina Gille *
11	* ------------------------------------------------------------------------ *
12	* This library is part of the eGroupWare API *
13	* http://www.egroupware.org *
14	* ------------------------------------------------------------------------ *
15	* This library is free software; you can redistribute it and/or modify it *
16	* under the terms of the GNU Lesser General Public License as published by *
17	* the Free Software Foundation; either version 2.1 of the License, *
18	* or any later version. *
19	* This library is distributed in the hope that it will be useful, but *
20	* WITHOUT ANY WARRANTY; without even the implied warranty of *
21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
22	* See the GNU Lesser General Public License for more details. *
23	* You should have received a copy of the GNU Lesser General Public License *
24	* along with this library; if not, write to the Free Software Foundation, *
25	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
26	\**************************************************************************/
27
28	class accounts_
29	{
30	var $db;
31	var $ds;
32	var $account_id;
33	var $data;
34	var $user_context = '';
35	var $group_context = '';
36	var $total;
37
38	function accounts_()
39	{
40	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
41	if(!$this->ds)
42	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
43	if(!@is_object($GLOBALS['phpgw']->translation))
44	{
45	$GLOBALS['phpgw']->translation = CreateObject('phpgwapi.translation');
46	}
47	$this->user_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
48	$this->group_context = $GLOBALS['phpgw_info']['server']['ldap_group_context'];
49	}
50
51	function read_repository()
52	{
53	$acct_type = $this->get_type($this->account_id);
54
55	/* search the dn for the given uid */
56	if(($acct_type == 'g') && $this->group_context)
57	{
58	/* jakjr: using justthese with ldap_search */
59	$justthese = array("gidnumber", "cn");
60	$sri = @ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"), $justthese);
61	}
62	else
63	{
64	/* jakjr: using justthese with ldap_search */
65	$justthese = array("uidnumber", "gidnumber", "uid", "cn", "givenname", "sn", "mail", "phpgwaccountstatus", "phpgwaccountexpires", "phpgwaccounttype", "phpgwlastpasswdchange","phpgwagreeterm","telephonenumber");
66	$sri = @ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"), $justthese);
67	}
68	if(!$sri)
69	return null;
70	$allValues = ldap_get_entries($this->ds, $sri);
71
72	/* Now dump it into the array; take first entry found */
73	if($acct_type =='g')
74	{
75	$this->data['account_id'] = $allValues[0]['gidnumber'][0];
76	$this->data['account_lid'] = $allValues[0]['cn'][0];
77	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
78	$this->data['lastname'] = lang('Group');
79	}
80	else
81	{
82	$this->data['account_id'] = $allValues[0]['uidnumber'][0];
83	$this->data['account_primary_group'] = $allValues[0]['gidnumber'][0];
84	$this->data['account_lid'] = $allValues[0]['uid'][0];
85	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
86	$this->data['lastname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
87	if(isset($allValues[0]['mail'][0]))
88	{
89	$this->data['email'] = $allValues[0]['mail'][0];
90	}
91	$this->data['telephonenumber'] = $allValues[0]['telephonenumber'][0];
92	/* jakjr: this is not used for expressoLivre */
93	/*
94	$this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0];
95	$this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0];
96	*/
97	$this->data['lastpasswd_change'] = @$allValues[0]['phpgwlastpasswdchange'][0];
98	$this->data['status'] = trim($allValues[0]['phpgwaccountstatus'][0]);
99	$this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0];
100	$this->data['type'] = $allValues[0]['phpgwaccounttype'][0];
101	$this->data['agree_terms'] = $allValues[0]['phpgwagreeterm'][0];
102	}
103	$this->data['account_dn'] = $allValues[0]['dn'];
104	$this->data['fullname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
105
106	/* jakjr: this is not used for expressoLivre */
107	/*
108	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
109	{
110	$this->data['homedirectory'] = $allValues[0]['homedirectory'][0];
111	$this->data['loginshell'] = $allValues[0]['loginshell'][0];
112	}
113	*/
114	return $this->data;
115	}
116
117	function save_repository()
118	{
119	#_debug_array($this->data);
120	$acct_type = $this->get_type($this->account_id);
121
122	/* search the dn for the given u/gidnumber */
123	if(($acct_type == 'g') && $this->group_context)
124	{
125	$sri = ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
126	}
127	else
128	{
129	$sri = ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"));
130	}
131	$allValues = ldap_get_entries($this->ds, $sri);
132
133	$this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0];
134
135	if($acct_type == 'u')
136	{
137	// data for posixaccount
138	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(sprintf("%s %s",
139	$this->data['firstname'],
140	$this->data['lastname']),$GLOBALS['phpgw']->translation->charset(),'utf-8'
141	);
142	$newData['uid'] = $GLOBALS['phpgw']->translation->convert(
143	$this->data['account_lid'],
144	$GLOBALS['phpgw']->translation->charset(),'utf-8'
145	);
146	if($this->data['lastname'])
147	{
148	$newData['sn'] = $GLOBALS['phpgw']->translation->convert(
149	$this->data['lastname'],
150	$GLOBALS['phpgw']->translation->charset(),'utf-8'
151	);
152	}
153
154	if($this->data['firstname'])
155	{
156	$newData['givenname'] = $GLOBALS['phpgw']->translation->convert(
157	$this->data['firstname'],
158	$GLOBALS['phpgw']->translation->charset(),'utf-8'
159	);
160	}
161	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
162	{
163	$newData['homedirectory'] = $this->data['homedirectory'];
164	$newData['loginshell'] = $this->data['loginshell'];
165	}
166	else
167	{
168	// the posixaccount schema requires this
169	$entry['homedirectory'] = '/home/'.$this->data['account_lid'];
170	$entry['loginshell'] = '/bin/false';
171	}
172	if($this->data['account_primary_group'])
173	{
174	$newData['gidnumber'] = $this->data['account_primary_group'];
175	}
176	if($this->data['lastlogin'])
177	{
178	$newData['phpgwaccountlastlogin'] = $this->data['lastlogin'];
179	}
180	if($this->data['lastloginfrom'])
181	{
182	$newData['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom'];
183	}
184	if($this->data['lastpasswd_change'])
185	{
186	$newData['phpgwlastpasswdchange'] = $this->data['lastpasswd_change'];
187	}
188	if($this->data['status'])
189	{
190	$newData['phpgwaccountstatus'] = $this->data['status'];
191	}
192	else
193	{
194	$newData['phpgwaccountstatus'] = array();
195	}
196	if($this->data['expires'])
197	{
198	$newData['phpgwaccountexpires'] = $this->data['expires'];
199	}
200	if($this->data['email'])
201	{
202	$newData['mail'] = $this->data['email'];
203	}
204
205	$newAccountID = $newData['uid'];
206	$oldAccountID = $newData['uid'];
207	}
208	else
209	{
210	// data for posixgroup
211	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(
212	$this->data['account_lid'],
213	$GLOBALS['phpgw']->translation->charset(), 'utf-8'
214	);
215	$newData['gidnumber'] = $this->account_id;
216	$newGroupID = $newData['cn'];
217	$oldGroupID = $newData['cn'];
218	}
219	if($this->data['type'])
220	{
221	$newData['phpgwaccounttype'] = $this->data['type'];
222	}
223
224	/*
225	Changing the uid: Need to delete and add new, since
226	PHP cannot change the dn for the entry.
227	*/
228	if ($acct_type == 'g')
229	{
230	$test = $allValues[0]['cn'][0];
231	}
232	else
233	{
234	$test = $allValues[0]['uid'][0];
235	}
236	if($GLOBALS['phpgw']->translation->convert($test,'utf-8') != $this->data['account_lid'])
237	{
238	$oldData = $allValues[0];
239	$oldDN = $oldData['dn'];
240	// remove all unneeded fields
241	unset($oldData['dn']);
242	unset($oldData['count']);
243	foreach($oldData as $key => $value)
244	{
245	if(is_numeric($key))
246	{
247	// remove the key, its no ldap key
248	unset($oldData[$key]);
249	}
250	else
251	{
252	// remove the count key
253	if($oldData[$key]['count'] == 1)
254	{
255	$oldData[$key] = $value[0];
256	}
257	else
258	{
259	unset($oldData[$key]['count']);
260	}
261	}
262	}
263
264	$oldAccountID = $oldData['uid'];
265	$oldGroupID = $oldData['cn'];
266
267	// merge the old data with the new one
268	$newData = array_merge($oldData, $newData);
269
270	/* Groups */
271	if($this->data['account_type'] == 'g' && $this->group_context )
272	{
273	$newDN = 'cn='.$this->data['account_lid'].','.$this->group_context;
274	$members = $this->member($this->account_id);
275	$newData['memberuid'] = array();
276	for($i=0;$i<count($members);$i++)
277	{
278	$currname = $this->id2name($members[$i]['account_id']);
279	if(!in_array($currname,$entry['memberuid']))
280	{
281	$newData['memberuid'][] = $currname;
282	}
283	}
284	}
285	/* Accounts */
286	else
287	{
288	$newDN = 'uid='.$this->data['account_lid'].','.$this->user_context;
289	}
290	// delete the old account
291	ldap_delete($this->ds,$oldDN);
292
293	// add the new account
294	#_debug_array($newData);
295	ldap_add($this->ds, $newDN, $newData);
296	}
297	/* Normal behavior for save_repository
298	update Account */
299	else
300	{
301	// add the list group members
302	if($this->data['account_type'] == 'g' && $this->group_context )
303	{
304	$members = $this->member($this->account_id);
305	#_debug_array($members);
306	$newData['memberuid'] = array();
307	for($i=0;$i<count($members);$i++)
308	{
309	$currname = $this->id2name($members[$i]['account_id']);
310	if(!in_array($currname,$newData['memberuid']))
311	{
312	$newData['memberuid'][] = $currname;
313	}
314	}
315	}
316	// modify the DN
317	ldap_modify($this->ds, $allValues[0]['dn'], $newData);
318	}
319
320	if ($this->data['account_type'] == 'u')
321	{
322	// lets check for groups, the user needs to be removed
323
324	// first lets search for the groups, the user is currently member of
325	// and from which he needs to be removed
326	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$oldAccountID . "))";
327	$justThese = array('memberuid','gidnumber');
328	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
329	if($sri)
330	{
331	$allValues = ldap_get_entries($this->ds, $sri);
332	if($allValues['count'] > 0)
333	{
334	unset($allValues['count']);
335	foreach($allValues as $key)
336	{
337	#_debug_array($key);
338	#_debug_array($this->data['account_groups']);
339	// delete the old accountid from any group
340	if($newAccountID != $oldAccountID)
341	{
342	$dn = $key['dn'];
343	$newData = array();
344	$newData['memberuid'] = $key['memberuid'];
345	unset($newData['memberuid']['count']);
346	// remove the uid from memberuid
347	$newData['memberuid'] = array_flip($newData['memberuid']);
348	unset($newData['memberuid'][$oldAccountID]);
349	# $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
350	$newData['memberuid'] = array_values(array_flip($newData['memberuid']));
351	ldap_mod_replace($this->ds, $dn, $newData);
352	#print ldap_error($this->ds);
353	}
354	else
355	{
356	if(!in_array($key['gidnumber'][0],$this->data['account_groups']))
357	{
358	$dn = $key['dn'];
359	$newData = array();
360	$newData['memberuid'] = $key['memberuid'];
361	unset($newData['memberuid']['count']);
362	// remove the uid from memberuid
363	$newData['memberuid'] = array_flip($newData['memberuid']);
364	unset($newData['memberuid'][$oldAccountID]);
365	$newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
366	ldap_mod_replace($this->ds, $dn, $newData);
367	#print ldap_error($this->ds);
368	}
369	}
370	}
371	}
372	}
373
374	// lets check group the user needs to be added
375	foreach($this->data['account_groups'] as $key => $value)
376	{
377	// search for the group
378	$filter = 'gidnumber=' . (int)$value;
379	$justThese = array('memberuid');
380	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
381	if($sri)
382	{
383	$allValues = ldap_get_entries($this->ds, $sri);
384	// if the user is not member of this group, add him
385	if(is_array($allValues[0]['memberuid']))
386	{
387	// this group has already some members
388	if(!in_array($newData['uid'],$allValues[0]['memberuid']))
389	{
390	$dn = $allValues[0]['dn'];
391	$newData = array();
392	$newData['memberuid'] = $allValues[0]['memberuid'];
393	unset($newData['memberuid']['count']);
394	$newData['memberuid'][] = $newAccountID;
395	$newData['memberuid'] = array_values(array_unique($newData['memberuid']));
396	ldap_mod_replace($this->ds, $dn, $newData);
397	}
398	}
399	else
400	{
401	// this group has no members
402	$dn = $allValues[0]['dn'];
403	$newData = array();
404	$newData['memberuid'][] = $newAccountID;
405	ldap_mod_replace($this->ds, $dn, $newData);
406	}
407	}
408	}
409	}
410	}
411
412	function delete($accountid = '')
413	{
414	$account_id = get_account_id($accountid);
415	$account_lid = $this->id2name((int)$account_id);
416
417	$filter = "(&(gidnumber=" . (int)$account_id.")(phpgwaccounttype=g))";
418	$sri = ldap_search($this->ds, $this->group_context, $filter);
419	if($sri)
420	{
421	$allValues = ldap_get_entries($this->ds, $sri);
422	}
423
424	if(!$allValues[0]['dn'])
425	{
426	$sri = ldap_search($this->ds, $this->user_context, "(&(uid=" . (string)$account_lid.")(phpgwaccounttype=u))");
427	if($sri)
428	{
429	$allValues = ldap_get_entries($this->ds, $sri);
430	$accountID = $allValues['0']['uid'][0];
431	$wasAccount = True;
432	}
433	}
434
435	if ($allValues[0]['dn'])
436	{
437	$del = ldap_delete($this->ds, $allValues[0]['dn']);
438	}
439
440	if($wasAccount)
441	{
442	// remove the user from any group he is member of
443	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$accountID . "))";
444	$justThese = array('memberuid','gidnumber');
445	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
446	if($sri)
447	{
448	$allValues = ldap_get_entries($this->ds, $sri);
449	if($allValues['count'] > 0)
450	{
451	unset($allValues['count']);
452	foreach($allValues as $key)
453	{
454	$dn = $key['dn'];
455	$newData = array();
456	$newData['memberuid'] = $key['memberuid'];
457	unset($newData['memberuid']['count']);
458	// remove the uid from memberuid
459	$newData['memberuid'] = array_flip($newData['memberuid']);
460	unset($newData['memberuid'][$accountID]);
461	$newData['memberuid'] = array_unique(array_flip($newData['memberuid']));
462	ldap_mod_replace($this->ds, $dn, $newData);
463	}
464	}
465	}
466	}
467	}
468
469	function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
470	{
471	//print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset, \$query_type=$query_type<br>";
472	$query = strtolower($query);
473
474	if($_type == 'accounts' \|\| $_type == 'both')
475	{
476	$filter = "(&(uidnumber=*)(phpgwaccounttype=u)";
477	if (!empty($query) && $query != '*')
478	{
479	switch($query_type)
480	{
481	case 'all':
482	default:
483	$query = '*'.$query;
484	// fall-through
485	case 'start':
486	$query .= '*';
487	// fall-through
488	case 'exact':
489	$filter .= "(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)(mail=$query))";
490	break;
491	case 'firstname':
492	case 'lastname':
493	case 'lid':
494	case 'email':
495	$to_ldap = array(
496	'firstname' => 'givenname',
497	'lastname' => 'sn',
498	'lid' => 'uid',
499	'email' => 'mail',
500	);
501	$filter .= '('.$to_ldap[$query_type].'='.$query.')';
502	break;
503	}
504	}
505	$filter .= ')';
506
507	$sri = ldap_search($this->ds, $this->user_context, $filter);
508	$allValues = ldap_get_entries($this->ds, $sri);
509	while (list($null,$allVals) = @each($allValues))
510	{
511	settype($allVals,'array');
512	$test = @$allVals['uid'][0];
513	if (!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] && $allVals['uid'][0])
514	{
515	$accounts[] = Array(
516	'account_id' => $allVals['uidnumber'][0],
517	'account_lid' => $allVals['uid'][0],
518	'account_type' => $allVals['phpgwaccounttype'][0],
519	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
520	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
521	'account_status' => $allVals['phpgwaccountstatus'][0],
522	'account_email' => $allVals['mail'][0],
523	);
524	}
525	}
526	}
527	if ($_type == 'groups' \|\| $_type == 'both')
528	{
529	if(empty($query) \|\| $query == '*')
530	{
531	$filter = '(&(gidnumber=*)(phpgwaccounttype=g))';
532	}
533	else
534	{
535	if ($_type == 'both')
536	$filter = "(&(gidnumber=*)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)))";
537	else
538	$filter = "(&(gidnumber=)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query*)))";
539	}
540	$sri = ldap_search($this->ds, $this->group_context, $filter);
541	$allValues = ldap_get_entries($this->ds, $sri);
542	while (list($null,$allVals) = @each($allValues))
543	{
544	settype($allVals,'array');
545	$test = $allVals['cn'][0];
546	if (!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0])
547	{
548	$accounts[] = Array(
549	'account_id' => $allVals['gidnumber'][0],
550	'account_lid' => $allVals['cn'][0],
551	'account_type' => $allVals['phpgwaccounttype'][0],
552	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
553	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
554	'account_status' => $allVals['phpgwaccountstatus'][0],
555	'account_email' => $allVals['mail'][0],
556	);
557	}
558	}
559	}
560	// sort the array
561	$arrayFunctions = CreateObject('phpgwapi.arrayfunctions');
562	if(empty($order))
563	{
564	$order = 'account_lid';
565	}
566	$sortedAccounts = $arrayFunctions->arfsort($accounts,explode(',',$order),$sort);
567	$this->total = count($accounts);
568
569	// return only the wanted accounts
570
571	if (is_array($sortedAccounts))
572	{
573	reset($sortedAccounts);
574	if(is_int($start) && is_int($offset))
575	{
576	return array_slice($sortedAccounts, $start, $offset);
577	}
578	elseif(is_int($start))
579	{
580	return array_slice($sortedAccounts, $start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
581	}
582	else
583	{
584	return $sortedAccounts;
585	}
586	}
587	return False;
588	}
589
590	function name2id($name,$which='account_lid')
591	{
592	/* jakjr: change search position */
593	$to_ldap = array(
594	'account_lid' => 'uid',
595	'account_email' => 'mail',
596	);
597	if (!isset($to_ldap[$which])) return False;
598
599	$sri = ldap_search($this->ds, $this->user_context, '(&('.$to_ldap[$which].'=' . (string)$name . ')(phpgwaccounttype=u))', array("uidnumber"));
600	$allValues = ldap_get_entries($this->ds, $sri);
601
602	if (@$allValues[0]['uidnumber'][0])
603	{
604	return (int)$allValues[0]['uidnumber'][0];
605	}
606
607	if ($which == 'account_lid') // groups only support account_lid
608	{
609	$sri = ldap_search($this->ds, $this->group_context, '(&(cn=' . (string)$name . ')(phpgwaccounttype=g))', array("gidnumber"));
610	$allValues = ldap_get_entries($this->ds, $sri);
611
612	if (@$allValues[0]['gidnumber'][0])
613	{
614	return (int)$allValues[0]['gidnumber'][0];
615	}
616	}
617
618	return False;
619	}
620
621	function id2name($account_id,$which='account_lid')
622	{
623	if ($which == 'account_lid' \|\| $which == 'account_type') // groups only support account_lid and account_type
624	{
625	$allValues = array();
626	/* jakjr: using justthese with ldap_search */
627	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("cn"));
628	if(!$sri)
629	return False;
630	$allValues = ldap_get_entries($this->ds, $sri);
631
632	$attr = $which == 'account_lid' ? 'cn' : 'phpgwaccounttype';
633	if (@$allValues[0]['cn'][0])
634	{
635	return $allValues[0]['cn'][0];
636	}
637	}
638	$to_ldap = array(
639	'account_lid' => 'uid',
640	'account_email' => 'mail',
641	'account_firstname' => 'surname',
642	'account_lastname' => 'cn',
643	'account_type' => 'phpgwaccounttype',
644	);
645	if (!isset($to_ldap[$which])) return False;
646
647	$allValues = array();
648	/* jakjr: using justthese with ldap_search */
649	$justthese = array("uid","mail","surname","cn","phpgwaccounttype");
650	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))', $justthese);
651	if(!$sri)
652	return False;
653	$allValues = ldap_get_entries($this->ds, $sri);
654
655	if (@$allValues[0][$to_ldap[$which]][0])
656	{
657	return $allValues[0][$to_ldap[$which]][0];
658	}
659	return False;
660	}
661
662	function get_type($account_id)
663	{
664	$allValues = array();
665	/* jakjr: using justthese with ldap_search */
666	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))', array("phpgwaccounttype"));
667	if(!$sri)
668	return False;
669	$allValues = ldap_get_entries($this->ds, $sri);
670
671	if ($allValues[0]['phpgwaccounttype'][0])
672	{
673	return $allValues[0]['phpgwaccounttype'][0];
674	}
675
676	$allValues = array();
677	/* jakjr: using justthese with ldap_search */
678	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("phpgwaccounttype"));
679	if(!$sri)
680	return False;
681	$allValues = ldap_get_entries($this->ds, $sri);
682
683	if ($allValues[0]['phpgwaccounttype'][0])
684	{
685	return $allValues[0]['phpgwaccounttype'][0];
686	}
687	return False;
688	}
689
690	/*
691	* returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both
692	* $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer')
693	*/
694	function exists($account)
695	{
696	/* This sets up internal caching variables for this functon */
697	static $by_id, $by_lid;
698	$users = array();
699	$groups = array();
700
701	if(is_int($account))
702	{
703	$ldapgroup = 'gidnumber';
704	$ldapacct = 'uidnumber';
705	$account = (int)$account;
706	/* If data is cached, use it. */
707	if(@isset($by_id[$account]) && @$by_id[$account])
708	{
709	return $by_id[$account];
710	}
711	}
712	else
713	{
714	$ldapgroup = 'cn';
715	$ldapacct = 'uid';
716	/* If data is cached, use it. */
717	if(@isset($by_lid[$account]) && @$by_lid[$account])
718	{
719	return $by_lid[$account];
720	}
721	}
722
723	$acct_type = $this->get_type($account);
724
725	if ($acct_type == 'g' && $this->group_context)
726	{
727	$sri = @ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . $account);
728	if(!$sri)
729	return False;
730	$groups = ldap_get_entries($this->ds, $sri);
731	}
732	$sri = @ldap_search($this->ds, $this->user_context, $ldapacct . '=' . $account);
733	if(!$sri)
734	return False;
735	$users = ldap_get_entries($this->ds, $sri);
736
737	if ($users[0]['dn'])
738	{
739	$in += 1;
740	}
741	if ($groups[0]['dn'])
742	{
743	$in += 2;
744	}
745	/* This sets up internal caching for this function */
746	if($ldapgroup == 'gidnumber')
747	{
748	$by_id[$account] = $in;
749	$by_lid[$this->id2name($account)] = $in;
750	}
751	else
752	{
753	$by_lid[$account] = $in;
754	$by_id[$this->name2id($account)] = $in;
755	}
756
757	return $in;
758	}
759
760	function create($account_info,$default_prefs=True)
761	{
762	/* echo '<br>in create for account_lid: "'.$account_lid.'"'; */
763	if (empty($account_info['account_id']) \|\| !$account_info['account_id'])
764	{
765	$account_id = $this->get_nextid($account_info['account_type']);
766	/* echo '<br>using'.$account_id;exit; */
767	}
768	else
769	{
770	$account_id = $account_info['account_id'];
771	}
772	$entry['userpassword'] = $account_info['account_passwd'];
773	$entry['phpgwaccounttype'] = $account_info['account_type'];
774	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
775
776	if($account_info['account_type'] == 'g')
777	{
778	$sri = @ldap_search($this->ds, $this->group_context, 'cn=' . (string)$account_info['account_lid']);
779	}
780	else
781	{
782	$sri = @ldap_search($this->ds, $this->user_context, 'uid=' . (string)$account_info['account_lid']);
783	}
784	if(!$sri)
785	return False;
786	$allValues = ldap_get_entries($this->ds, $sri);
787
788	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g')
789	{
790	$entry['homedirectory'] = $account_info['homedirectory'] && $account_info['homedirectory'] != $GLOBALS['phpgw_info']['server']['ldap_account_home'] ? $account_info['homedirectory'] : $GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid'];
791	$entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['phpgw_info']['server']['ldap_account_shell'];
792	}
793	elseif($account_info['account_type'] != 'g')
794	{
795	$entry['homedirectory'] = '/home/'.$account_info['account_lid'];
796	$entry['loginshell'] = '/bin/false';
797	}
798
799	if ($allValues[0]['dn'])
800	{
801	/* This should keep the password from being overwritten here on ldap import */
802	unset($entry['userpassword']);
803	$entry['gidnumber'] = $account_id;
804
805	while (list($key,$val) = each($entry))
806	{
807	$tmpentry = '';
808	$tmpentry[$key] = trim($val); /* must trim! */
809	/* echo '<br>'.$key.' '.$val; */
810	if ($tmpentry[$key])
811	{
812	if (!$allValues[0][$key][0])
813	{
814	/* attribute was not in LDAP, add it */
815	ldap_mod_add($this->ds, $allValues[0]['dn'], $tmpentry);
816	}
817	else
818	{
819	/* attribute was in LDAP, modify it */
820	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
821	}
822	}
823	}
824
825	if ($account_info['account_type'] == 'g')
826	{
827	$tmpentry['objectclass'][0] = 'top';
828	$tmpentry['objectclass'][1] = 'posixGroup';
829	$tmpentry['objectclass'][2] = 'phpgwAccount';
830	}
831	else
832	{
833	$tmpentry['uidnumber'] = $account_id;
834	$tmpentry['objectclass'][0] = 'top';
835	$tmpentry['objectclass'][1] = 'person';
836	$tmpentry['objectclass'][2] = 'organizationalPerson';
837	$tmpentry['objectclass'][3] = 'inetOrgPerson';
838	$tmpentry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'],False);
839	/* $tmpentry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */
840	$tmpentry['objectclass'][4] = 'posixAccount';
841	$tmpentry['objectclass'][5] = 'shadowAccount';
842	$tmpentry['objectclass'][6] = 'phpgwAccount';
843	$tmpentry['phpgwaccountstatus'] = $account_info['account_status'];
844	$tmpentry['phpgwaccounttype'] = $account_info['account_type'];
845	$tmpentry['phpgwaccountexpires'] = $account_info['account_expires'];
846	}
847	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
848	}
849	else
850	{
851	/* Not already there, we will add it */
852	if ($account_info['account_type'] == 'g')
853	{
854	$dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context;
855	unset($entry['homedirectory']);
856	unset($entry['loginshell']);
857	$entry['objectclass'][0] = 'top';
858	$entry['objectclass'][1] = 'posixGroup';
859	$entry['objectclass'][2] = 'phpgwAccount';
860	$entry['cn'] = $GLOBALS['phpgw']->translation->convert($account_info['account_lid'],$GLOBALS['phpgw']->translation->charset(),'utf-8');
861	$entry['gidnumber'] = $account_id;
862	#$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
863	$entry['description'] = 'phpgw-created group';
864	}
865	else
866	{
867	$dn = 'uid=' . $account_info['account_lid'] . ',' . $this->user_context;
868
869	$entry['cn'] = $GLOBALS['phpgw']->translation->convert(
870	sprintf(
871	"%s %s",
872	$account_info['account_firstname'],
873	$account_info['account_lastname']
874	),
875	$GLOBALS['phpgw']->translation->charset(),
876	'utf-8'
877	);
878
879	$entry['sn'] = $GLOBALS['phpgw']->translation->convert(
880	$account_info['account_lastname'],
881	$GLOBALS['phpgw']->translation->charset(),
882	'utf-8'
883	);
884
885	if($account_info['account_firstname'])
886	{
887	$entry['givenname'] = $GLOBALS['phpgw']->translation->convert(
888	$account_info['account_firstname'],
889	$GLOBALS['phpgw']->translation->charset(),
890	'utf-8'
891	);
892	}
893	if($account_info['account_email'])
894	{
895	$entry['mail'] = $GLOBALS['phpgw']->translation->convert(
896	$account_info['account_email'],
897	$GLOBALS['phpgw']->translation->charset(),
898	'utf-8'
899	);
900	}
901	$entry['uid'] = $account_info['account_lid'];
902	$entry['uidnumber'] = $account_id;
903	$entry['gidnumber'] = $account_info['account_primary_group'];
904	$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
905	$entry['objectclass'][0] = 'top';
906	$entry['objectclass'][1] = 'person';
907	$entry['objectclass'][2] = 'organizationalPerson';
908	$entry['objectclass'][3] = 'inetOrgPerson';
909	$entry['objectclass'][4] = 'posixAccount';
910	$entry['objectclass'][5] = 'shadowAccount';
911	$entry['objectclass'][6] = 'phpgwAccount';
912	if($account_info['account_status'])
913	{
914	$entry['phpgwaccountstatus'] = $account_info['account_status'];
915	}
916	$entry['phpgwaccounttype'] = $account_info['account_type'];
917	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
918	}
919
920	#_debug_array($entry);
921
922	// stop processing if ldap_add fails
923	if(!ldap_add($this->ds, $dn, $entry))
924	{
925	return false;
926	}
927	}
928	// print ldap_error($this->ds);
929
930	// lets check group the user needs to be added
931	if($account_info['account_type'] == 'u')
932	{
933	@settype($account_info['account_groups'],'array');
934	foreach($account_info['account_groups'] as $key => $value)
935	{
936	// search for the group
937	$filter = 'gidnumber=' . (int)$value;
938	$justThese = array('memberuid');
939	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
940	if($sri)
941	{
942	$allValues = ldap_get_entries($this->ds, $sri);
943	// if the user is not member of this group, add him
944	if(is_array($allValues[0]['memberuid']))
945	{
946	// this group has already some members
947	if(!in_array($account_info['account_lid'],$allValues[0]['memberuid']))
948	{
949	$dn = $allValues[0]['dn'];
950	$newData = array();
951	$newData['memberuid'] = $allValues[0]['memberuid'];
952	unset($newData['memberuid']['count']);
953	$newData['memberuid'][] = $account_info['account_lid'];
954	$newData['memberuid'] = array_unique($newData['memberuid']);
955	ldap_mod_replace($this->ds, $dn, $newData);
956	#print ldap_error($this->ds)."<br>";
957	}
958	}
959	else
960	{
961	// this group has no members
962	$dn = $allValues[0]['dn'];
963	$newData = array();
964	$newData['memberuid'][] = $account_info['account_lid'];
965	ldap_mod_replace($this->ds, $dn, $newData);
966	}
967	}
968	}
969	}
970
971	if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
972	{
973	$GLOBALS['phpgw']->preferences->create_defaults($account_id);
974	}
975
976	return $account_id;
977	}
978
979	function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
980	{
981	if ($expiredate == 0)
982	{
983	if(isset($GLOBALS['phpgw_info']['server']['auto_create_expire']) == True)
984	{
985	if($GLOBALS['phpgw_info']['server']['auto_create_expire'] == 'never')
986	{
987	$expires = -1;
988	}
989	else
990	{
991	$expiredate = time() + $GLOBALS['phpgw_info']['server']['auto_create_expire'];
992	}
993	}
994	}
995	else
996	{
997	/* expire in 30 days by default */
998	$expiredate = time() + ((60 * 60) * (30 * 24));
999	}
1000
1001	if ($expires != -1)
1002	{
1003	$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
1004	}
1005
1006	$default_group_id = $this->name2id($GLOBALS['phpgw_info']['server']['default_group_lid']);
1007	if (!$default_group_id)
1008	{
1009	$default_group_id = (int) $this->name2id('Default');
1010	}
1011	$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
1012	$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
1013	(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
1014
1015	$acct_info = array(
1016	'account_lid' => $accountname,
1017	'account_type' => 'u',
1018	'account_passwd' => $passwd,
1019	'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New',
1020	'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User',
1021	'account_status' => $account_status,
1022	'account_expires' => $expires,
1023	'account_primary_group' => $primary_group,
1024	);
1025
1026	/* attempt to set an email address */
1027	if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '')
1028	{
1029	$acct_info['account_email'] = $GLOBALS['auto_create_acct']['email'];
1030	}
1031	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) == True && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1032	{
1033	$acct_info['account_email'] = $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix'];
1034	}
1035
1036	$this->db->transaction_begin();
1037
1038	$this->create($acct_info,$default_prefs); /* create the account */
1039
1040	$accountid = $this->name2id($accountname); /* grab the account id or an error code */
1041
1042	if ($accountid) /* begin account setup */
1043	{
1044	if($primary_group)
1045	{
1046	$this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) VALUES('phpgw_group', "
1047	. $primary_group . ", " . $accountid . ", 1)",__LINE__,__FILE__);
1048	}
1049
1050	/* FIXME - we are assuming the auth method is capable of password changing
1051	* $this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)VALUES('preferences', 'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
1052	*/
1053
1054	/* if we have an mail address set it in the uesrs' email preference */
1055	if (isset($GLOBALS['auto_create_acct']['email']) && $GLOBALS['auto_create_acct']['email'] != '')
1056	{
1057	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1058	$GLOBALS['phpgw']->preferences->preferences($accountid);
1059	$GLOBALS['phpgw']->preferences->read_repository();
1060	$GLOBALS['phpgw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']);
1061	$GLOBALS['phpgw']->preferences->save_repository();
1062	}
1063	/* use the default mail domain to set the uesrs' email preference */
1064	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1065	{
1066	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1067	$GLOBALS['phpgw']->preferences->preferences($accountid);
1068	$GLOBALS['phpgw']->preferences->read_repository();
1069	$GLOBALS['phpgw']->preferences->add('email','address', $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix']);
1070	$GLOBALS['phpgw']->preferences->save_repository();
1071	}
1072
1073	/* commit the new account transaction */
1074	$this->db->transaction_commit();
1075
1076	/* does anyone know what the heck this is required for? */
1077	$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
1078	$GLOBALS['hook_values']['account_id'] = $accountid;
1079	$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
1080	$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
1081	$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname'];
1082	$GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname'];
1083	$GLOBALS['phpgw']->hooks->process($GLOBALS['hook_values']+array(
1084	'location' => 'addaccount'
1085	),False,True); // called for every app now, not only enabled ones
1086
1087	} /* end account setup */
1088	else /* if no account id abort the account creation */
1089	{
1090	$this->db->transaction_abort();
1091	}
1092
1093	/*
1094	* If we succeeded in creating the account (above), return the accountid, else,
1095	* return the error value from $this->name2id($accountname)
1096	*/
1097	return $accountid;
1098	} /* end auto_add() */
1099
1100	function get_account_name($account_id,&$lid,&$fname,&$lname)
1101	{
1102	$acct_type = $this->get_type($account_id);
1103
1104	/* jakjr: using justthese with ldap_search */
1105	$justthese = array("cn","uid","givenname","sn");
1106
1107	/* search the dn for the given uid */
1108	if(($acct_type == 'g') && $this->group_context)
1109	{
1110	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwAccountType=g))', $justthese);
1111	}
1112	else
1113	{
1114	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwAccountType=u))', $justthese);
1115	}
1116	if(!$sri)
1117	return False;
1118	$allValues = ldap_get_entries($this->ds, $sri);
1119
1120	if($acct_type =='g')
1121	{
1122	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1123	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1124	$lname = lang('Group');
1125	}
1126	else
1127	{
1128	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['uid'][0],'utf-8');
1129	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
1130	$lname = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
1131	}
1132	return !empty($lid);
1133	}
1134
1135	function getDNforID($_accountid = '')
1136	{
1137	$_account_id = get_account_id($_accountid);
1138
1139	$sri = @ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$_account_id);
1140	if(!$sri)
1141	return False;
1142	$allValues = ldap_get_entries($this->ds, $sri);
1143
1144	return $allValues[0]['dn'];
1145	}
1146
1147	//by JakJr, add organization support
1148	function get_context($dn)
1149	{
1150	return substr($dn, (strpos($dn, ',')+1));
1151	}
1152
1153	//by JakJr, add organization support
1154	function get_organization($dn)
1155	{
1156	$ldap_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
1157	$end = (strpos($dn, $ldap_context)-1);
1158	$tmp = substr($dn, 0, $end);
1159	$begin = (strrpos($tmp, '=')+1);
1160	return substr($dn, $begin, ($end - $begin));
1161	}
1162
1163	//by JakJr, add organization support
1164	function get_sector($dn)
1165	{
1166	$context = $this->get_context($dn);
1167	$begin = (strpos($context, '=')+1);
1168	$end = (strpos($context, ',') - $begin);
1169	return substr($context, $begin, $end);
1170	}
1171
1172	function id2fullname($account_id)
1173	{
1174	$allValues = array();
1175	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
1176	if(!$sri)
1177	return False;
1178	$allValues = ldap_get_entries($this->ds, $sri);
1179	if (@$allValues[0]['cn'][0])
1180	{
1181	return $allValues[0]['cn'][0];
1182	}
1183	return False;
1184	}
1185
1186	function mail2fullname($mail)
1187	{
1188	$allValues = array();
1189	$sri = @ldap_search($this->ds, $this->user_context, '(&(mail=' . $mail . ')(phpgwaccounttype=u))');
1190	if(!$sri)
1191	return False;
1192	$allValues = ldap_get_entries($this->ds, $sri);
1193	if (@$allValues[0]['cn'][0])
1194	{
1195	return $allValues[0]['cn'][0];
1196	}
1197	return False;
1198	}
1199	}
1200	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: