Context Navigation

source: trunk/phpgwapi/inc/class.accounts_ldap.inc.php @ 2

Revision 2, 38.4 KB checked in by niltonneto, 17 years ago (diff)
Removida todas as tags usadas pelo CVS ($Id, $Source). Primeira versão no CVS externo.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Accounts manager for LDAP *
4	* Written by Joseph Engo <jengo@phpgroupware.org> *
5	* and Lars Kneschke <lkneschke@phpgw.de> *
6	* and Miles Lott <milos@groupwhere.org> *
7	* and Bettina Gille <ceb@phpgroupware.org> *
8	* View and manipulate account records using LDAP *
9	* Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke *
10	* Copyright (C) 2003 Lars Kneschke, Bettina Gille *
11	* ------------------------------------------------------------------------ *
12	* This library is part of the eGroupWare API *
13	* http://www.egroupware.org *
14	* ------------------------------------------------------------------------ *
15	* This library is free software; you can redistribute it and/or modify it *
16	* under the terms of the GNU Lesser General Public License as published by *
17	* the Free Software Foundation; either version 2.1 of the License, *
18	* or any later version. *
19	* This library is distributed in the hope that it will be useful, but *
20	* WITHOUT ANY WARRANTY; without even the implied warranty of *
21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
22	* See the GNU Lesser General Public License for more details. *
23	* You should have received a copy of the GNU Lesser General Public License *
24	* along with this library; if not, write to the Free Software Foundation, *
25	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
26	\**************************************************************************/
27
28	class accounts_
29	{
30	var $db;
31	var $ds;
32	var $account_id;
33	var $data;
34	var $user_context = '';
35	var $group_context = '';
36	var $total;
37
38	function accounts_()
39	{
40	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
41	if(!@is_object($GLOBALS['phpgw']->translation))
42	{
43	$GLOBALS['phpgw']->translation = CreateObject('phpgwapi.translation');
44	}
45	$this->user_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
46	$this->group_context = $GLOBALS['phpgw_info']['server']['ldap_group_context'];
47	}
48
49	function read_repository()
50	{
51	$acct_type = $this->get_type($this->account_id);
52
53	/* search the dn for the given uid */
54	if(($acct_type == 'g') && $this->group_context)
55	{
56	$sri = ldap_search($this->ds, $this->user_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
57	}
58	else
59	{
60	$sri = ldap_search($this->ds, $this->group_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"));
61	}
62	$allValues = ldap_get_entries($this->ds, $sri);
63
64	/* Now dump it into the array; take first entry found */
65	if($acct_type =='g')
66	{
67	$this->data['account_id'] = $allValues[0]['gidnumber'][0];
68	$this->data['account_lid'] = $allValues[0]['cn'][0];
69	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
70	$this->data['lastname'] = lang('Group');
71	}
72	else
73	{
74	$this->data['account_id'] = $allValues[0]['uidnumber'][0];
75	$this->data['account_primary_group'] = $allValues[0]['gidnumber'][0];
76	$this->data['account_lid'] = $allValues[0]['uid'][0];
77	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
78	$this->data['lastname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
79	if(isset($allValues[0]['mail'][0]))
80	{
81	$this->data['email'] = $allValues[0]['mail'][0];
82	}
83	}
84	$this->data['account_dn'] = $allValues[0]['dn'];
85	$this->data['fullname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
86
87	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
88	{
89	$this->data['homedirectory'] = $allValues[0]['homedirectory'][0];
90	$this->data['loginshell'] = $allValues[0]['loginshell'][0];
91	}
92
93	$this->data['telephonenumber'] = $allValues[0]['telephonenumber'][0];
94	$this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0];
95	$this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0];
96	$this->data['lastpasswd_change'] = @$allValues[0]['phpgwlastpasswdchange'][0];
97	$this->data['status'] = trim($allValues[0]['phpgwaccountstatus'][0]);
98	$this->data['type'] = $allValues[0]['phpgwaccounttype'][0];
99	$this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0];
100
101	return $this->data;
102	}
103
104	function save_repository()
105	{
106	#_debug_array($this->data);
107	$acct_type = $this->get_type($this->account_id);
108
109	/* search the dn for the given u/gidnumber */
110	if(($acct_type == 'g') && $this->group_context)
111	{
112	$sri = ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
113	}
114	else
115	{
116	$sri = ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"));
117	}
118	$allValues = ldap_get_entries($this->ds, $sri);
119
120	$this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0];
121
122	if($acct_type == 'u')
123	{
124	// data for posixaccount
125	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(sprintf("%s %s",
126	$this->data['firstname'],
127	$this->data['lastname']),$GLOBALS['phpgw']->translation->charset(),'utf-8'
128	);
129	$newData['uid'] = $GLOBALS['phpgw']->translation->convert(
130	$this->data['account_lid'],
131	$GLOBALS['phpgw']->translation->charset(),'utf-8'
132	);
133	if($this->data['lastname'])
134	{
135	$newData['sn'] = $GLOBALS['phpgw']->translation->convert(
136	$this->data['lastname'],
137	$GLOBALS['phpgw']->translation->charset(),'utf-8'
138	);
139	}
140
141	if($this->data['firstname'])
142	{
143	$newData['givenname'] = $GLOBALS['phpgw']->translation->convert(
144	$this->data['firstname'],
145	$GLOBALS['phpgw']->translation->charset(),'utf-8'
146	);
147	}
148	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
149	{
150	$newData['homedirectory'] = $this->data['homedirectory'];
151	$newData['loginshell'] = $this->data['loginshell'];
152	}
153	else
154	{
155	// the posixaccount schema requires this
156	$entry['homedirectory'] = '/home/'.$this->data['account_lid'];
157	$entry['loginshell'] = '/bin/false';
158	}
159	if($this->data['account_primary_group'])
160	{
161	$newData['gidnumber'] = $this->data['account_primary_group'];
162	}
163	if($this->data['lastlogin'])
164	{
165	$newData['phpgwaccountlastlogin'] = $this->data['lastlogin'];
166	}
167	if($this->data['lastloginfrom'])
168	{
169	$newData['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom'];
170	}
171	if($this->data['lastpasswd_change'])
172	{
173	$newData['phpgwlastpasswdchange'] = $this->data['lastpasswd_change'];
174	}
175	if($this->data['status'])
176	{
177	$newData['phpgwaccountstatus'] = $this->data['status'];
178	}
179	else
180	{
181	$newData['phpgwaccountstatus'] = array();
182	}
183	if($this->data['expires'])
184	{
185	$newData['phpgwaccountexpires'] = $this->data['expires'];
186	}
187	if($this->data['email'])
188	{
189	$newData['mail'] = $this->data['email'];
190	}
191
192	$newAccountID = $newData['uid'];
193	$oldAccountID = $newData['uid'];
194	}
195	else
196	{
197	// data for posixgroup
198	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(
199	$this->data['account_lid'],
200	$GLOBALS['phpgw']->translation->charset(), 'utf-8'
201	);
202	$newData['gidnumber'] = $this->account_id;
203	$newGroupID = $newData['cn'];
204	$oldGroupID = $newData['cn'];
205	}
206	if($this->data['type'])
207	{
208	$newData['phpgwaccounttype'] = $this->data['type'];
209	}
210
211	/*
212	Changing the uid: Need to delete and add new, since
213	PHP cannot change the dn for the entry.
214	*/
215	if ($acct_type == 'g')
216	{
217	$test = $allValues[0]['cn'][0];
218	}
219	else
220	{
221	$test = $allValues[0]['uid'][0];
222	}
223	if($GLOBALS['phpgw']->translation->convert($test,'utf-8') != $this->data['account_lid'])
224	{
225	$oldData = $allValues[0];
226	$oldDN = $oldData['dn'];
227	// remove all unneeded fields
228	unset($oldData['dn']);
229	unset($oldData['count']);
230	foreach($oldData as $key => $value)
231	{
232	if(is_numeric($key))
233	{
234	// remove the key, its no ldap key
235	unset($oldData[$key]);
236	}
237	else
238	{
239	// remove the count key
240	if($oldData[$key]['count'] == 1)
241	{
242	$oldData[$key] = $value[0];
243	}
244	else
245	{
246	unset($oldData[$key]['count']);
247	}
248	}
249	}
250
251	$oldAccountID = $oldData['uid'];
252	$oldGroupID = $oldData['cn'];
253
254	// merge the old data with the new one
255	$newData = array_merge($oldData, $newData);
256
257	/* Groups */
258	if($this->data['account_type'] == 'g' && $this->group_context )
259	{
260	$newDN = 'cn='.$this->data['account_lid'].','.$this->group_context;
261	$members = $this->member($this->account_id);
262	$newData['memberuid'] = array();
263	for($i=0;$i<count($members);$i++)
264	{
265	$currname = $this->id2name($members[$i]['account_id']);
266	if(!in_array($currname,$entry['memberuid']))
267	{
268	$newData['memberuid'][] = $currname;
269	}
270	}
271	}
272	/* Accounts */
273	else
274	{
275	$newDN = 'uid='.$this->data['account_lid'].','.$this->user_context;
276	}
277	// delete the old account
278	ldap_delete($this->ds,$oldDN);
279
280	// add the new account
281	#_debug_array($newData);
282	ldap_add($this->ds, $newDN, $newData);
283	}
284	/* Normal behavior for save_repository
285	update Account */
286	else
287	{
288	// add the list group members
289	if($this->data['account_type'] == 'g' && $this->group_context )
290	{
291	$members = $this->member($this->account_id);
292	#_debug_array($members);
293	$newData['memberuid'] = array();
294	for($i=0;$i<count($members);$i++)
295	{
296	$currname = $this->id2name($members[$i]['account_id']);
297	if(!in_array($currname,$newData['memberuid']))
298	{
299	$newData['memberuid'][] = $currname;
300	}
301	}
302	}
303	// modify the DN
304	ldap_modify($this->ds, $allValues[0]['dn'], $newData);
305	}
306
307	if ($this->data['account_type'] == 'u')
308	{
309	// lets check for groups, the user needs to be removed
310
311	// first lets search for the groups, the user is currently member of
312	// and from which he needs to be removed
313	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$oldAccountID . "))";
314	$justThese = array('memberuid','gidnumber');
315	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
316	if($sri)
317	{
318	$allValues = ldap_get_entries($this->ds, $sri);
319	if($allValues['count'] > 0)
320	{
321	unset($allValues['count']);
322	foreach($allValues as $key)
323	{
324	#_debug_array($key);
325	#_debug_array($this->data['account_groups']);
326	// delete the old accountid from any group
327	if($newAccountID != $oldAccountID)
328	{
329	$dn = $key['dn'];
330	$newData = array();
331	$newData['memberuid'] = $key['memberuid'];
332	unset($newData['memberuid']['count']);
333	// remove the uid from memberuid
334	$newData['memberuid'] = array_flip($newData['memberuid']);
335	unset($newData['memberuid'][$oldAccountID]);
336	# $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
337	$newData['memberuid'] = array_values(array_flip($newData['memberuid']));
338	ldap_mod_replace($this->ds, $dn, $newData);
339	#print ldap_error($this->ds);
340	}
341	else
342	{
343	if(!in_array($key['gidnumber'][0],$this->data['account_groups']))
344	{
345	$dn = $key['dn'];
346	$newData = array();
347	$newData['memberuid'] = $key['memberuid'];
348	unset($newData['memberuid']['count']);
349	// remove the uid from memberuid
350	$newData['memberuid'] = array_flip($newData['memberuid']);
351	unset($newData['memberuid'][$oldAccountID]);
352	$newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
353	ldap_mod_replace($this->ds, $dn, $newData);
354	#print ldap_error($this->ds);
355	}
356	}
357	}
358	}
359	}
360
361	// lets check group the user needs to be added
362	foreach($this->data['account_groups'] as $key => $value)
363	{
364	// search for the group
365	$filter = 'gidnumber=' . (int)$value;
366	$justThese = array('memberuid');
367	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
368	if($sri)
369	{
370	$allValues = ldap_get_entries($this->ds, $sri);
371	// if the user is not member of this group, add him
372	if(is_array($allValues[0]['memberuid']))
373	{
374	// this group has already some members
375	if(!in_array($newData['uid'],$allValues[0]['memberuid']))
376	{
377	$dn = $allValues[0]['dn'];
378	$newData = array();
379	$newData['memberuid'] = $allValues[0]['memberuid'];
380	unset($newData['memberuid']['count']);
381	$newData['memberuid'][] = $newAccountID;
382	$newData['memberuid'] = array_values(array_unique($newData['memberuid']));
383	ldap_mod_replace($this->ds, $dn, $newData);
384	}
385	}
386	else
387	{
388	// this group has no members
389	$dn = $allValues[0]['dn'];
390	$newData = array();
391	$newData['memberuid'][] = $newAccountID;
392	ldap_mod_replace($this->ds, $dn, $newData);
393	}
394	}
395	}
396	}
397	}
398
399	function delete($accountid = '')
400	{
401	$account_id = get_account_id($accountid);
402	$account_lid = $this->id2name((int)$account_id);
403
404	$filter = "(&(gidnumber=" . (int)$account_id.")(phpgwaccounttype=g))";
405	$sri = ldap_search($this->ds, $this->group_context, $filter);
406	if($sri)
407	{
408	$allValues = ldap_get_entries($this->ds, $sri);
409	}
410
411	if(!$allValues[0]['dn'])
412	{
413	$sri = ldap_search($this->ds, $this->user_context, "(&(uid=" . (string)$account_lid.")(phpgwaccounttype=u))");
414	if($sri)
415	{
416	$allValues = ldap_get_entries($this->ds, $sri);
417	$accountID = $allValues['0']['uid'][0];
418	$wasAccount = True;
419	}
420	}
421
422	if ($allValues[0]['dn'])
423	{
424	$del = ldap_delete($this->ds, $allValues[0]['dn']);
425	}
426
427	if($wasAccount)
428	{
429	// remove the user from any group he is member of
430	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$accountID . "))";
431	$justThese = array('memberuid','gidnumber');
432	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
433	if($sri)
434	{
435	$allValues = ldap_get_entries($this->ds, $sri);
436	if($allValues['count'] > 0)
437	{
438	unset($allValues['count']);
439	foreach($allValues as $key)
440	{
441	$dn = $key['dn'];
442	$newData = array();
443	$newData['memberuid'] = $key['memberuid'];
444	unset($newData['memberuid']['count']);
445	// remove the uid from memberuid
446	$newData['memberuid'] = array_flip($newData['memberuid']);
447	unset($newData['memberuid'][$accountID]);
448	$newData['memberuid'] = array_unique(array_flip($newData['memberuid']));
449	ldap_mod_replace($this->ds, $dn, $newData);
450	}
451	}
452	}
453	}
454	}
455
456	function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
457	{
458	//print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset, \$query_type=$query_type<br>";
459	$query = strtolower($query);
460
461	if($_type == 'accounts' \|\| $_type == 'both')
462	{
463	$filter = "(&(uidnumber=*)(phpgwaccounttype=u)";
464	if (!empty($query) && $query != '*')
465	{
466	switch($query_type)
467	{
468	case 'all':
469	default:
470	$query = '*'.$query;
471	// fall-through
472	case 'start':
473	$query .= '*';
474	// fall-through
475	case 'exact':
476	$filter .= "(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)(mail=$query))";
477	break;
478	case 'firstname':
479	case 'lastname':
480	case 'lid':
481	case 'email':
482	$to_ldap = array(
483	'firstname' => 'givenname',
484	'lastname' => 'sn',
485	'lid' => 'uid',
486	'email' => 'mail',
487	);
488	$filter .= '('.$to_ldap[$query_type].'='.$query.')';
489	break;
490	}
491	}
492	$filter .= ')';
493
494	$sri = ldap_search($this->ds, $this->user_context, $filter);
495	$allValues = ldap_get_entries($this->ds, $sri);
496	while (list($null,$allVals) = @each($allValues))
497	{
498	settype($allVals,'array');
499	$test = @$allVals['uid'][0];
500	if (!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] && $allVals['uid'][0])
501	{
502	$accounts[] = Array(
503	'account_id' => $allVals['uidnumber'][0],
504	'account_lid' => $allVals['uid'][0],
505	'account_type' => $allVals['phpgwaccounttype'][0],
506	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
507	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
508	'account_status' => $allVals['phpgwaccountstatus'][0],
509	'account_email' => $allVals['mail'][0],
510	);
511	}
512	}
513	}
514	if ($_type == 'groups' \|\| $_type == 'both')
515	{
516	if(empty($query) \|\| $query == '*')
517	{
518	$filter = '(&(gidnumber=*)(phpgwaccounttype=g))';
519	}
520	else
521	{
522	$filter = "(&(gidnumber=)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query*)))";
523	}
524	$sri = ldap_search($this->ds, $this->group_context, $filter);
525	$allValues = ldap_get_entries($this->ds, $sri);
526	while (list($null,$allVals) = @each($allValues))
527	{
528	settype($allVals,'array');
529	$test = $allVals['cn'][0];
530	if (!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0])
531	{
532	$accounts[] = Array(
533	'account_id' => $allVals['gidnumber'][0],
534	'account_lid' => $allVals['cn'][0],
535	'account_type' => $allVals['phpgwaccounttype'][0],
536	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
537	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
538	'account_status' => $allVals['phpgwaccountstatus'][0],
539	'account_email' => $allVals['mail'][0],
540	);
541	}
542	}
543	}
544	// sort the array
545	$arrayFunctions = CreateObject('phpgwapi.arrayfunctions');
546	if(empty($order))
547	{
548	$order = 'account_lid';
549	}
550	$sortedAccounts = $arrayFunctions->arfsort($accounts,explode(',',$order),$sort);
551	$this->total = count($accounts);
552
553	// return only the wanted accounts
554
555	if (is_array($sortedAccounts))
556	{
557	reset($sortedAccounts);
558	if(is_int($start) && is_int($offset))
559	{
560	return array_slice($sortedAccounts, $start, $offset);
561	}
562	elseif(is_int($start))
563	{
564	return array_slice($sortedAccounts, $start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
565	}
566	else
567	{
568	return $sortedAccounts;
569	}
570	}
571	return False;
572	}
573
574	function name2id($name,$which='account_lid')
575	{
576	if ($which == 'account_lid') // groups only support account_lid
577	{
578	$sri = ldap_search($this->ds, $this->group_context, '(&(cn=' . (string)$name . ')(phpgwaccounttype=g))');
579	$allValues = ldap_get_entries($this->ds, $sri);
580
581	if (@$allValues[0]['gidnumber'][0])
582	{
583	return (int)$allValues[0]['gidnumber'][0];
584	}
585	}
586	$to_ldap = array(
587	'account_lid' => 'uid',
588	'account_email' => 'mail',
589	);
590	if (!isset($to_ldap[$which])) return False;
591
592	$sri = ldap_search($this->ds, $this->user_context, '(&('.$to_ldap[$which].'=' . (string)$name . ')(phpgwaccounttype=u))');
593
594	$allValues = ldap_get_entries($this->ds, $sri);
595
596	if (@$allValues[0]['uidnumber'][0])
597	{
598	return (int)$allValues[0]['uidnumber'][0];
599	}
600
601	return False;
602	}
603
604	function id2name($account_id,$which='account_lid')
605	{
606	if ($which == 'account_lid' \|\| $which == 'account_type') // groups only support account_lid and account_type
607	{
608	$allValues = array();
609	$sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
610	$allValues = ldap_get_entries($this->ds, $sri);
611
612	$attr = $which == 'account_lid' ? 'cn' : 'phpgwaccounttype';
613	if (@$allValues[0]['cn'][0])
614	{
615	return $allValues[0]['cn'][0];
616	}
617	}
618	$to_ldap = array(
619	'account_lid' => 'uid',
620	'account_email' => 'mail',
621	'account_firstname' => 'surname',
622	'account_lastname' => 'cn',
623	'account_type' => 'phpgwaccounttype',
624	);
625	if (!isset($to_ldap[$which])) return False;
626
627	$allValues = array();
628	$sri = ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
629	$allValues = ldap_get_entries($this->ds, $sri);
630
631	if (@$allValues[0][$to_ldap[$which]][0])
632	{
633	return $allValues[0][$to_ldap[$which]][0];
634	}
635	return False;
636	}
637
638	function get_type($account_id)
639	{
640	$allValues = array();
641	$sri = ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
642	$allValues = ldap_get_entries($this->ds, $sri);
643
644	if ($allValues[0]['phpgwaccounttype'][0])
645	{
646	return $allValues[0]['phpgwaccounttype'][0];
647	}
648
649	$allValues = array();
650	$sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
651	$allValues = ldap_get_entries($this->ds, $sri);
652
653	if ($allValues[0]['phpgwaccounttype'][0])
654	{
655	return $allValues[0]['phpgwaccounttype'][0];
656	}
657	return False;
658	}
659
660	/*
661	* returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both
662	* $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer')
663	*/
664	function exists($account)
665	{
666	/* This sets up internal caching variables for this functon */
667	static $by_id, $by_lid;
668	$users = array();
669	$groups = array();
670
671	if(is_int($account))
672	{
673	$ldapgroup = 'gidnumber';
674	$ldapacct = 'uidnumber';
675	$account = (int)$account;
676	/* If data is cached, use it. */
677	if(@isset($by_id[$account]) && @$by_id[$account])
678	{
679	return $by_id[$account];
680	}
681	}
682	else
683	{
684	$ldapgroup = 'cn';
685	$ldapacct = 'uid';
686	/* If data is cached, use it. */
687	if(@isset($by_lid[$account]) && @$by_lid[$account])
688	{
689	return $by_lid[$account];
690	}
691	}
692
693	$acct_type = $this->get_type($account);
694
695	if ($acct_type == 'g' && $this->group_context)
696	{
697	$sri = ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . $account);
698	$groups = ldap_get_entries($this->ds, $sri);
699	}
700	$sri = ldap_search($this->ds, $this->user_context, $ldapacct . '=' . $account);
701	$users = ldap_get_entries($this->ds, $sri);
702
703	if ($users[0]['dn'])
704	{
705	$in += 1;
706	}
707	if ($groups[0]['dn'])
708	{
709	$in += 2;
710	}
711	/* This sets up internal caching for this function */
712	if($ldapgroup == 'gidnumber')
713	{
714	$by_id[$account] = $in;
715	$by_lid[$this->id2name($account)] = $in;
716	}
717	else
718	{
719	$by_lid[$account] = $in;
720	$by_id[$this->name2id($account)] = $in;
721	}
722
723	return $in;
724	}
725
726	function create($account_info,$default_prefs=True)
727	{
728	/* echo '<br>in create for account_lid: "'.$account_lid.'"'; */
729	if (empty($account_info['account_id']) \|\| !$account_info['account_id'])
730	{
731	$account_id = $this->get_nextid($account_info['account_type']);
732	/* echo '<br>using'.$account_id;exit; */
733	}
734	else
735	{
736	$account_id = $account_info['account_id'];
737	}
738	$entry['userpassword'] = $account_info['account_passwd'];
739	$entry['phpgwaccounttype'] = $account_info['account_type'];
740	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
741
742	if($account_info['account_type'] == 'g')
743	{
744	$sri = ldap_search($this->ds, $this->group_context, 'cn=' . (string)$account_info['account_lid']);
745	}
746	else
747	{
748	$sri = ldap_search($this->ds, $this->user_context, 'uid=' . (string)$account_info['account_lid']);
749	}
750	$allValues = ldap_get_entries($this->ds, $sri);
751
752	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g')
753	{
754	$entry['homedirectory'] = $account_info['homedirectory'] && $account_info['homedirectory'] != $GLOBALS['phpgw_info']['server']['ldap_account_home'] ? $account_info['homedirectory'] : $GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid'];
755	$entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['phpgw_info']['server']['ldap_account_shell'];
756	}
757	elseif($account_info['account_type'] != 'g')
758	{
759	$entry['homedirectory'] = '/home/'.$account_info['account_lid'];
760	$entry['loginshell'] = '/bin/false';
761	}
762
763	if ($allValues[0]['dn'])
764	{
765	/* This should keep the password from being overwritten here on ldap import */
766	unset($entry['userpassword']);
767	$entry['gidnumber'] = $account_id;
768
769	while (list($key,$val) = each($entry))
770	{
771	$tmpentry = '';
772	$tmpentry[$key] = trim($val); /* must trim! */
773	/* echo '<br>'.$key.' '.$val; */
774	if ($tmpentry[$key])
775	{
776	if (!$allValues[0][$key][0])
777	{
778	/* attribute was not in LDAP, add it */
779	ldap_mod_add($this->ds, $allValues[0]['dn'], $tmpentry);
780	}
781	else
782	{
783	/* attribute was in LDAP, modify it */
784	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
785	}
786	}
787	}
788
789	if ($account_info['account_type'] == 'g')
790	{
791	$tmpentry['objectclass'][0] = 'top';
792	$tmpentry['objectclass'][1] = 'posixGroup';
793	$tmpentry['objectclass'][2] = 'phpgwAccount';
794	}
795	else
796	{
797	$tmpentry['uidnumber'] = $account_id;
798	$tmpentry['objectclass'][0] = 'top';
799	$tmpentry['objectclass'][1] = 'person';
800	$tmpentry['objectclass'][2] = 'organizationalPerson';
801	$tmpentry['objectclass'][3] = 'inetOrgPerson';
802	$tmpentry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'],False);
803	/* $tmpentry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */
804	$tmpentry['objectclass'][4] = 'posixAccount';
805	$tmpentry['objectclass'][5] = 'shadowAccount';
806	$tmpentry['objectclass'][6] = 'phpgwAccount';
807	$tmpentry['phpgwaccountstatus'] = $account_info['account_status'];
808	$tmpentry['phpgwaccounttype'] = $account_info['account_type'];
809	$tmpentry['phpgwaccountexpires'] = $account_info['account_expires'];
810	}
811	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
812	}
813	else
814	{
815	/* Not already there, we will add it */
816	if ($account_info['account_type'] == 'g')
817	{
818	$dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context;
819	unset($entry['homedirectory']);
820	unset($entry['loginshell']);
821	$entry['objectclass'][0] = 'top';
822	$entry['objectclass'][1] = 'posixGroup';
823	$entry['objectclass'][2] = 'phpgwAccount';
824	$entry['cn'] = $GLOBALS['phpgw']->translation->convert($account_info['account_lid'],$GLOBALS['phpgw']->translation->charset(),'utf-8');
825	$entry['gidnumber'] = $account_id;
826	#$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
827	$entry['description'] = 'phpgw-created group';
828	}
829	else
830	{
831	$dn = 'uid=' . $account_info['account_lid'] . ',' . $this->user_context;
832
833	$entry['cn'] = $GLOBALS['phpgw']->translation->convert(
834	sprintf(
835	"%s %s",
836	$account_info['account_firstname'],
837	$account_info['account_lastname']
838	),
839	$GLOBALS['phpgw']->translation->charset(),
840	'utf-8'
841	);
842
843	$entry['sn'] = $GLOBALS['phpgw']->translation->convert(
844	$account_info['account_lastname'],
845	$GLOBALS['phpgw']->translation->charset(),
846	'utf-8'
847	);
848
849	if($account_info['account_firstname'])
850	{
851	$entry['givenname'] = $GLOBALS['phpgw']->translation->convert(
852	$account_info['account_firstname'],
853	$GLOBALS['phpgw']->translation->charset(),
854	'utf-8'
855	);
856	}
857	if($account_info['account_email'])
858	{
859	$entry['mail'] = $GLOBALS['phpgw']->translation->convert(
860	$account_info['account_email'],
861	$GLOBALS['phpgw']->translation->charset(),
862	'utf-8'
863	);
864	}
865	$entry['uid'] = $account_info['account_lid'];
866	$entry['uidnumber'] = $account_id;
867	$entry['gidnumber'] = $account_info['account_primary_group'];
868	$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
869	$entry['objectclass'][0] = 'top';
870	$entry['objectclass'][1] = 'person';
871	$entry['objectclass'][2] = 'organizationalPerson';
872	$entry['objectclass'][3] = 'inetOrgPerson';
873	$entry['objectclass'][4] = 'posixAccount';
874	$entry['objectclass'][5] = 'shadowAccount';
875	$entry['objectclass'][6] = 'phpgwAccount';
876	if($account_info['account_status'])
877	{
878	$entry['phpgwaccountstatus'] = $account_info['account_status'];
879	}
880	$entry['phpgwaccounttype'] = $account_info['account_type'];
881	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
882	}
883
884	#_debug_array($entry);
885
886	// stop processing if ldap_add fails
887	if(!ldap_add($this->ds, $dn, $entry))
888	{
889	return false;
890	}
891	}
892	// print ldap_error($this->ds);
893
894	// lets check group the user needs to be added
895	if($account_info['account_type'] == 'u')
896	{
897	@settype($account_info['account_groups'],'array');
898	foreach($account_info['account_groups'] as $key => $value)
899	{
900	// search for the group
901	$filter = 'gidnumber=' . (int)$value;
902	$justThese = array('memberuid');
903	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
904	if($sri)
905	{
906	$allValues = ldap_get_entries($this->ds, $sri);
907	// if the user is not member of this group, add him
908	if(is_array($allValues[0]['memberuid']))
909	{
910	// this group has already some members
911	if(!in_array($account_info['account_lid'],$allValues[0]['memberuid']))
912	{
913	$dn = $allValues[0]['dn'];
914	$newData = array();
915	$newData['memberuid'] = $allValues[0]['memberuid'];
916	unset($newData['memberuid']['count']);
917	$newData['memberuid'][] = $account_info['account_lid'];
918	$newData['memberuid'] = array_unique($newData['memberuid']);
919	ldap_mod_replace($this->ds, $dn, $newData);
920	#print ldap_error($this->ds)."<br>";
921	}
922	}
923	else
924	{
925	// this group has no members
926	$dn = $allValues[0]['dn'];
927	$newData = array();
928	$newData['memberuid'][] = $account_info['account_lid'];
929	ldap_mod_replace($this->ds, $dn, $newData);
930	}
931	}
932	}
933	}
934
935	if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
936	{
937	$GLOBALS['phpgw']->preferences->create_defaults($account_id);
938	}
939
940	return $account_id;
941	}
942
943	function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
944	{
945	if ($expiredate == 0)
946	{
947	if(isset($GLOBALS['phpgw_info']['server']['auto_create_expire']) == True)
948	{
949	if($GLOBALS['phpgw_info']['server']['auto_create_expire'] == 'never')
950	{
951	$expires = -1;
952	}
953	else
954	{
955	$expiredate = time() + $GLOBALS['phpgw_info']['server']['auto_create_expire'];
956	}
957	}
958	}
959	else
960	{
961	/* expire in 30 days by default */
962	$expiredate = time() + ((60 * 60) * (30 * 24));
963	}
964
965	if ($expires != -1)
966	{
967	$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
968	}
969
970	$default_group_id = $this->name2id($GLOBALS['phpgw_info']['server']['default_group_lid']);
971	if (!$default_group_id)
972	{
973	$default_group_id = (int) $this->name2id('Default');
974	}
975	$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
976	$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
977	(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
978
979	$acct_info = array(
980	'account_lid' => $accountname,
981	'account_type' => 'u',
982	'account_passwd' => $passwd,
983	'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New',
984	'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User',
985	'account_status' => $account_status,
986	'account_expires' => $expires,
987	'account_primary_group' => $primary_group,
988	);
989
990	/* attempt to set an email address */
991	if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '')
992	{
993	$acct_info['account_email'] = $GLOBALS['auto_create_acct']['email'];
994	}
995	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) == True && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
996	{
997	$acct_info['account_email'] = $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix'];
998	}
999
1000	$this->db->transaction_begin();
1001
1002	$this->create($acct_info,$default_prefs); /* create the account */
1003
1004	$accountid = $this->name2id($accountname); /* grab the account id or an error code */
1005
1006	if ($accountid) /* begin account setup */
1007	{
1008	if($primary_group)
1009	{
1010	$this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) VALUES('phpgw_group', "
1011	. $primary_group . ", " . $accountid . ", 1)",__LINE__,__FILE__);
1012	}
1013
1014	/* FIXME - we are assuming the auth method is capable of password changing
1015	* $this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)VALUES('preferences', 'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
1016	*/
1017
1018	/* if we have an mail address set it in the uesrs' email preference */
1019	if (isset($GLOBALS['auto_create_acct']['email']) && $GLOBALS['auto_create_acct']['email'] != '')
1020	{
1021	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1022	$GLOBALS['phpgw']->preferences->preferences($accountid);
1023	$GLOBALS['phpgw']->preferences->read_repository();
1024	$GLOBALS['phpgw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']);
1025	$GLOBALS['phpgw']->preferences->save_repository();
1026	}
1027	/* use the default mail domain to set the uesrs' email preference */
1028	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1029	{
1030	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1031	$GLOBALS['phpgw']->preferences->preferences($accountid);
1032	$GLOBALS['phpgw']->preferences->read_repository();
1033	$GLOBALS['phpgw']->preferences->add('email','address', $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix']);
1034	$GLOBALS['phpgw']->preferences->save_repository();
1035	}
1036
1037	/* commit the new account transaction */
1038	$this->db->transaction_commit();
1039
1040	/* does anyone know what the heck this is required for? */
1041	$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
1042	$GLOBALS['hook_values']['account_id'] = $accountid;
1043	$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
1044	$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
1045	$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname'];
1046	$GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname'];
1047	$GLOBALS['phpgw']->hooks->process($GLOBALS['hook_values']+array(
1048	'location' => 'addaccount'
1049	),False,True); // called for every app now, not only enabled ones
1050
1051	} /* end account setup */
1052	else /* if no account id abort the account creation */
1053	{
1054	$this->db->transaction_abort();
1055	}
1056
1057	/*
1058	* If we succeeded in creating the account (above), return the accountid, else,
1059	* return the error value from $this->name2id($accountname)
1060	*/
1061	return $accountid;
1062	} /* end auto_add() */
1063
1064	function get_account_name($account_id,&$lid,&$fname,&$lname)
1065	{
1066	$acct_type = $this->get_type($account_id);
1067
1068	/* search the dn for the given uid */
1069	if(($acct_type == 'g') && $this->group_context)
1070	{
1071	$sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwAccountType=g))');
1072	}
1073	else
1074	{
1075	$sri = ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$account_id);
1076	}
1077	$allValues = ldap_get_entries($this->ds, $sri);
1078
1079	if($acct_type =='g')
1080	{
1081	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1082	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1083	$lname = lang('Group');
1084	}
1085	else
1086	{
1087	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['uid'][0],'utf-8');
1088	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
1089	$lname = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
1090	}
1091	return !empty($lid);
1092	}
1093
1094	function getDNforID($_accountid = '')
1095	{
1096	$_account_id = get_account_id($_accountid);
1097
1098	$sri = ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$_account_id);
1099	$allValues = ldap_get_entries($this->ds, $sri);
1100
1101	return $allValues[0]['dn'];
1102	}
1103
1104	//by JakJr, add organization support
1105	function get_context($dn)
1106	{
1107	return substr($dn, (strpos($dn, ',')+1));
1108	}
1109
1110	//by JakJr, add organization support
1111	function get_organization($dn)
1112	{
1113	$ldap_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
1114	$end = (strpos($dn, $ldap_context)-1);
1115	$tmp = substr($dn, 0, $end);
1116	$begin = (strrpos($tmp, '=')+1);
1117	return substr($dn, $begin, ($end - $begin));
1118	}
1119
1120	//by JakJr, add organization support
1121	function get_sector($dn)
1122	{
1123	$context = $this->get_context($dn);
1124	$begin = (strpos($context, '=')+1);
1125	$end = (strpos($context, ',') - $begin);
1126	return substr($context, $begin, $end);
1127	}
1128
1129	function id2fullname($account_id)
1130	{
1131	$allValues = array();
1132	$sri = ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
1133	$allValues = ldap_get_entries($this->ds, $sri);
1134	if (@$allValues[0]['cn'][0])
1135	{
1136	return $allValues[0]['cn'][0];
1137	}
1138	return False;
1139	}
1140
1141	function mail2fullname($mail)
1142	{
1143	$allValues = array();
1144	$sri = ldap_search($this->ds, $this->user_context, '(&(mail=' . $mail . ')(phpgwaccounttype=u))');
1145	$allValues = ldap_get_entries($this->ds, $sri);
1146	if (@$allValues[0]['cn'][0])
1147	{
1148	return $allValues[0]['cn'][0];
1149	}
1150	return False;
1151	}
1152	}
1153	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: