Context Navigation

source: trunk/phpgwapi/inc/class.accounts_ldap.inc.php @ 367

Revision 367, 38.8 KB checked in by niltonneto, 16 years ago (diff)
Verificação dos ldap_searches, para não gerar muito erro no log.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Accounts manager for LDAP *
4	* Written by Joseph Engo <jengo@phpgroupware.org> *
5	* and Lars Kneschke <lkneschke@phpgw.de> *
6	* and Miles Lott <milos@groupwhere.org> *
7	* and Bettina Gille <ceb@phpgroupware.org> *
8	* View and manipulate account records using LDAP *
9	* Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke *
10	* Copyright (C) 2003 Lars Kneschke, Bettina Gille *
11	* ------------------------------------------------------------------------ *
12	* This library is part of the eGroupWare API *
13	* http://www.egroupware.org *
14	* ------------------------------------------------------------------------ *
15	* This library is free software; you can redistribute it and/or modify it *
16	* under the terms of the GNU Lesser General Public License as published by *
17	* the Free Software Foundation; either version 2.1 of the License, *
18	* or any later version. *
19	* This library is distributed in the hope that it will be useful, but *
20	* WITHOUT ANY WARRANTY; without even the implied warranty of *
21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
22	* See the GNU Lesser General Public License for more details. *
23	* You should have received a copy of the GNU Lesser General Public License *
24	* along with this library; if not, write to the Free Software Foundation, *
25	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
26	\**************************************************************************/
27
28	class accounts_
29	{
30	var $db;
31	var $ds;
32	var $account_id;
33	var $data;
34	var $user_context = '';
35	var $group_context = '';
36	var $total;
37
38	function accounts_()
39	{
40	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
41	if(!$this->ds)
42	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
43	if(!@is_object($GLOBALS['phpgw']->translation))
44	{
45	$GLOBALS['phpgw']->translation = CreateObject('phpgwapi.translation');
46	}
47	$this->user_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
48	$this->group_context = $GLOBALS['phpgw_info']['server']['ldap_group_context'];
49	}
50
51	function read_repository()
52	{
53	$acct_type = $this->get_type($this->account_id);
54
55	/* search the dn for the given uid */
56	if(($acct_type == 'g') && $this->group_context)
57	{
58	$sri = @ldap_search($this->ds, $this->user_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
59	}
60	else
61	{
62	$sri = @ldap_search($this->ds, $this->group_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"));
63	}
64	if(!$sri)
65	return null;
66	$allValues = ldap_get_entries($this->ds, $sri);
67
68	/* Now dump it into the array; take first entry found */
69	if($acct_type =='g')
70	{
71	$this->data['account_id'] = $allValues[0]['gidnumber'][0];
72	$this->data['account_lid'] = $allValues[0]['cn'][0];
73	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
74	$this->data['lastname'] = lang('Group');
75	}
76	else
77	{
78	$this->data['account_id'] = $allValues[0]['uidnumber'][0];
79	$this->data['account_primary_group'] = $allValues[0]['gidnumber'][0];
80	$this->data['account_lid'] = $allValues[0]['uid'][0];
81	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
82	$this->data['lastname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
83	if(isset($allValues[0]['mail'][0]))
84	{
85	$this->data['email'] = $allValues[0]['mail'][0];
86	}
87	}
88	$this->data['account_dn'] = $allValues[0]['dn'];
89	$this->data['fullname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
90
91	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
92	{
93	$this->data['homedirectory'] = $allValues[0]['homedirectory'][0];
94	$this->data['loginshell'] = $allValues[0]['loginshell'][0];
95	}
96
97	$this->data['telephonenumber'] = $allValues[0]['telephonenumber'][0];
98	$this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0];
99	$this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0];
100	$this->data['lastpasswd_change'] = @$allValues[0]['phpgwlastpasswdchange'][0];
101	$this->data['status'] = trim($allValues[0]['phpgwaccountstatus'][0]);
102	$this->data['type'] = $allValues[0]['phpgwaccounttype'][0];
103	$this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0];
104
105	return $this->data;
106	}
107
108	function save_repository()
109	{
110	#_debug_array($this->data);
111	$acct_type = $this->get_type($this->account_id);
112
113	/* search the dn for the given u/gidnumber */
114	if(($acct_type == 'g') && $this->group_context)
115	{
116	$sri = ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
117	}
118	else
119	{
120	$sri = ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"));
121	}
122	$allValues = ldap_get_entries($this->ds, $sri);
123
124	$this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0];
125
126	if($acct_type == 'u')
127	{
128	// data for posixaccount
129	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(sprintf("%s %s",
130	$this->data['firstname'],
131	$this->data['lastname']),$GLOBALS['phpgw']->translation->charset(),'utf-8'
132	);
133	$newData['uid'] = $GLOBALS['phpgw']->translation->convert(
134	$this->data['account_lid'],
135	$GLOBALS['phpgw']->translation->charset(),'utf-8'
136	);
137	if($this->data['lastname'])
138	{
139	$newData['sn'] = $GLOBALS['phpgw']->translation->convert(
140	$this->data['lastname'],
141	$GLOBALS['phpgw']->translation->charset(),'utf-8'
142	);
143	}
144
145	if($this->data['firstname'])
146	{
147	$newData['givenname'] = $GLOBALS['phpgw']->translation->convert(
148	$this->data['firstname'],
149	$GLOBALS['phpgw']->translation->charset(),'utf-8'
150	);
151	}
152	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
153	{
154	$newData['homedirectory'] = $this->data['homedirectory'];
155	$newData['loginshell'] = $this->data['loginshell'];
156	}
157	else
158	{
159	// the posixaccount schema requires this
160	$entry['homedirectory'] = '/home/'.$this->data['account_lid'];
161	$entry['loginshell'] = '/bin/false';
162	}
163	if($this->data['account_primary_group'])
164	{
165	$newData['gidnumber'] = $this->data['account_primary_group'];
166	}
167	if($this->data['lastlogin'])
168	{
169	$newData['phpgwaccountlastlogin'] = $this->data['lastlogin'];
170	}
171	if($this->data['lastloginfrom'])
172	{
173	$newData['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom'];
174	}
175	if($this->data['lastpasswd_change'])
176	{
177	$newData['phpgwlastpasswdchange'] = $this->data['lastpasswd_change'];
178	}
179	if($this->data['status'])
180	{
181	$newData['phpgwaccountstatus'] = $this->data['status'];
182	}
183	else
184	{
185	$newData['phpgwaccountstatus'] = array();
186	}
187	if($this->data['expires'])
188	{
189	$newData['phpgwaccountexpires'] = $this->data['expires'];
190	}
191	if($this->data['email'])
192	{
193	$newData['mail'] = $this->data['email'];
194	}
195
196	$newAccountID = $newData['uid'];
197	$oldAccountID = $newData['uid'];
198	}
199	else
200	{
201	// data for posixgroup
202	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(
203	$this->data['account_lid'],
204	$GLOBALS['phpgw']->translation->charset(), 'utf-8'
205	);
206	$newData['gidnumber'] = $this->account_id;
207	$newGroupID = $newData['cn'];
208	$oldGroupID = $newData['cn'];
209	}
210	if($this->data['type'])
211	{
212	$newData['phpgwaccounttype'] = $this->data['type'];
213	}
214
215	/*
216	Changing the uid: Need to delete and add new, since
217	PHP cannot change the dn for the entry.
218	*/
219	if ($acct_type == 'g')
220	{
221	$test = $allValues[0]['cn'][0];
222	}
223	else
224	{
225	$test = $allValues[0]['uid'][0];
226	}
227	if($GLOBALS['phpgw']->translation->convert($test,'utf-8') != $this->data['account_lid'])
228	{
229	$oldData = $allValues[0];
230	$oldDN = $oldData['dn'];
231	// remove all unneeded fields
232	unset($oldData['dn']);
233	unset($oldData['count']);
234	foreach($oldData as $key => $value)
235	{
236	if(is_numeric($key))
237	{
238	// remove the key, its no ldap key
239	unset($oldData[$key]);
240	}
241	else
242	{
243	// remove the count key
244	if($oldData[$key]['count'] == 1)
245	{
246	$oldData[$key] = $value[0];
247	}
248	else
249	{
250	unset($oldData[$key]['count']);
251	}
252	}
253	}
254
255	$oldAccountID = $oldData['uid'];
256	$oldGroupID = $oldData['cn'];
257
258	// merge the old data with the new one
259	$newData = array_merge($oldData, $newData);
260
261	/* Groups */
262	if($this->data['account_type'] == 'g' && $this->group_context )
263	{
264	$newDN = 'cn='.$this->data['account_lid'].','.$this->group_context;
265	$members = $this->member($this->account_id);
266	$newData['memberuid'] = array();
267	for($i=0;$i<count($members);$i++)
268	{
269	$currname = $this->id2name($members[$i]['account_id']);
270	if(!in_array($currname,$entry['memberuid']))
271	{
272	$newData['memberuid'][] = $currname;
273	}
274	}
275	}
276	/* Accounts */
277	else
278	{
279	$newDN = 'uid='.$this->data['account_lid'].','.$this->user_context;
280	}
281	// delete the old account
282	ldap_delete($this->ds,$oldDN);
283
284	// add the new account
285	#_debug_array($newData);
286	ldap_add($this->ds, $newDN, $newData);
287	}
288	/* Normal behavior for save_repository
289	update Account */
290	else
291	{
292	// add the list group members
293	if($this->data['account_type'] == 'g' && $this->group_context )
294	{
295	$members = $this->member($this->account_id);
296	#_debug_array($members);
297	$newData['memberuid'] = array();
298	for($i=0;$i<count($members);$i++)
299	{
300	$currname = $this->id2name($members[$i]['account_id']);
301	if(!in_array($currname,$newData['memberuid']))
302	{
303	$newData['memberuid'][] = $currname;
304	}
305	}
306	}
307	// modify the DN
308	ldap_modify($this->ds, $allValues[0]['dn'], $newData);
309	}
310
311	if ($this->data['account_type'] == 'u')
312	{
313	// lets check for groups, the user needs to be removed
314
315	// first lets search for the groups, the user is currently member of
316	// and from which he needs to be removed
317	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$oldAccountID . "))";
318	$justThese = array('memberuid','gidnumber');
319	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
320	if($sri)
321	{
322	$allValues = ldap_get_entries($this->ds, $sri);
323	if($allValues['count'] > 0)
324	{
325	unset($allValues['count']);
326	foreach($allValues as $key)
327	{
328	#_debug_array($key);
329	#_debug_array($this->data['account_groups']);
330	// delete the old accountid from any group
331	if($newAccountID != $oldAccountID)
332	{
333	$dn = $key['dn'];
334	$newData = array();
335	$newData['memberuid'] = $key['memberuid'];
336	unset($newData['memberuid']['count']);
337	// remove the uid from memberuid
338	$newData['memberuid'] = array_flip($newData['memberuid']);
339	unset($newData['memberuid'][$oldAccountID]);
340	# $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
341	$newData['memberuid'] = array_values(array_flip($newData['memberuid']));
342	ldap_mod_replace($this->ds, $dn, $newData);
343	#print ldap_error($this->ds);
344	}
345	else
346	{
347	if(!in_array($key['gidnumber'][0],$this->data['account_groups']))
348	{
349	$dn = $key['dn'];
350	$newData = array();
351	$newData['memberuid'] = $key['memberuid'];
352	unset($newData['memberuid']['count']);
353	// remove the uid from memberuid
354	$newData['memberuid'] = array_flip($newData['memberuid']);
355	unset($newData['memberuid'][$oldAccountID]);
356	$newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
357	ldap_mod_replace($this->ds, $dn, $newData);
358	#print ldap_error($this->ds);
359	}
360	}
361	}
362	}
363	}
364
365	// lets check group the user needs to be added
366	foreach($this->data['account_groups'] as $key => $value)
367	{
368	// search for the group
369	$filter = 'gidnumber=' . (int)$value;
370	$justThese = array('memberuid');
371	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
372	if($sri)
373	{
374	$allValues = ldap_get_entries($this->ds, $sri);
375	// if the user is not member of this group, add him
376	if(is_array($allValues[0]['memberuid']))
377	{
378	// this group has already some members
379	if(!in_array($newData['uid'],$allValues[0]['memberuid']))
380	{
381	$dn = $allValues[0]['dn'];
382	$newData = array();
383	$newData['memberuid'] = $allValues[0]['memberuid'];
384	unset($newData['memberuid']['count']);
385	$newData['memberuid'][] = $newAccountID;
386	$newData['memberuid'] = array_values(array_unique($newData['memberuid']));
387	ldap_mod_replace($this->ds, $dn, $newData);
388	}
389	}
390	else
391	{
392	// this group has no members
393	$dn = $allValues[0]['dn'];
394	$newData = array();
395	$newData['memberuid'][] = $newAccountID;
396	ldap_mod_replace($this->ds, $dn, $newData);
397	}
398	}
399	}
400	}
401	}
402
403	function delete($accountid = '')
404	{
405	$account_id = get_account_id($accountid);
406	$account_lid = $this->id2name((int)$account_id);
407
408	$filter = "(&(gidnumber=" . (int)$account_id.")(phpgwaccounttype=g))";
409	$sri = ldap_search($this->ds, $this->group_context, $filter);
410	if($sri)
411	{
412	$allValues = ldap_get_entries($this->ds, $sri);
413	}
414
415	if(!$allValues[0]['dn'])
416	{
417	$sri = ldap_search($this->ds, $this->user_context, "(&(uid=" . (string)$account_lid.")(phpgwaccounttype=u))");
418	if($sri)
419	{
420	$allValues = ldap_get_entries($this->ds, $sri);
421	$accountID = $allValues['0']['uid'][0];
422	$wasAccount = True;
423	}
424	}
425
426	if ($allValues[0]['dn'])
427	{
428	$del = ldap_delete($this->ds, $allValues[0]['dn']);
429	}
430
431	if($wasAccount)
432	{
433	// remove the user from any group he is member of
434	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$accountID . "))";
435	$justThese = array('memberuid','gidnumber');
436	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
437	if($sri)
438	{
439	$allValues = ldap_get_entries($this->ds, $sri);
440	if($allValues['count'] > 0)
441	{
442	unset($allValues['count']);
443	foreach($allValues as $key)
444	{
445	$dn = $key['dn'];
446	$newData = array();
447	$newData['memberuid'] = $key['memberuid'];
448	unset($newData['memberuid']['count']);
449	// remove the uid from memberuid
450	$newData['memberuid'] = array_flip($newData['memberuid']);
451	unset($newData['memberuid'][$accountID]);
452	$newData['memberuid'] = array_unique(array_flip($newData['memberuid']));
453	ldap_mod_replace($this->ds, $dn, $newData);
454	}
455	}
456	}
457	}
458	}
459
460	function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
461	{
462	//print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset, \$query_type=$query_type<br>";
463	$query = strtolower($query);
464
465	if($_type == 'accounts' \|\| $_type == 'both')
466	{
467	$filter = "(&(uidnumber=*)(phpgwaccounttype=u)";
468	if (!empty($query) && $query != '*')
469	{
470	switch($query_type)
471	{
472	case 'all':
473	default:
474	$query = '*'.$query;
475	// fall-through
476	case 'start':
477	$query .= '*';
478	// fall-through
479	case 'exact':
480	$filter .= "(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)(mail=$query))";
481	break;
482	case 'firstname':
483	case 'lastname':
484	case 'lid':
485	case 'email':
486	$to_ldap = array(
487	'firstname' => 'givenname',
488	'lastname' => 'sn',
489	'lid' => 'uid',
490	'email' => 'mail',
491	);
492	$filter .= '('.$to_ldap[$query_type].'='.$query.')';
493	break;
494	}
495	}
496	$filter .= ')';
497
498	$sri = ldap_search($this->ds, $this->user_context, $filter);
499	$allValues = ldap_get_entries($this->ds, $sri);
500	while (list($null,$allVals) = @each($allValues))
501	{
502	settype($allVals,'array');
503	$test = @$allVals['uid'][0];
504	if (!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] && $allVals['uid'][0])
505	{
506	$accounts[] = Array(
507	'account_id' => $allVals['uidnumber'][0],
508	'account_lid' => $allVals['uid'][0],
509	'account_type' => $allVals['phpgwaccounttype'][0],
510	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
511	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
512	'account_status' => $allVals['phpgwaccountstatus'][0],
513	'account_email' => $allVals['mail'][0],
514	);
515	}
516	}
517	}
518	if ($_type == 'groups' \|\| $_type == 'both')
519	{
520	if(empty($query) \|\| $query == '*')
521	{
522	$filter = '(&(gidnumber=*)(phpgwaccounttype=g))';
523	}
524	else
525	{
526	$filter = "(&(gidnumber=)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query*)))";
527	}
528	$sri = ldap_search($this->ds, $this->group_context, $filter);
529	$allValues = ldap_get_entries($this->ds, $sri);
530	while (list($null,$allVals) = @each($allValues))
531	{
532	settype($allVals,'array');
533	$test = $allVals['cn'][0];
534	if (!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0])
535	{
536	$accounts[] = Array(
537	'account_id' => $allVals['gidnumber'][0],
538	'account_lid' => $allVals['cn'][0],
539	'account_type' => $allVals['phpgwaccounttype'][0],
540	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
541	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
542	'account_status' => $allVals['phpgwaccountstatus'][0],
543	'account_email' => $allVals['mail'][0],
544	);
545	}
546	}
547	}
548	// sort the array
549	$arrayFunctions = CreateObject('phpgwapi.arrayfunctions');
550	if(empty($order))
551	{
552	$order = 'account_lid';
553	}
554	$sortedAccounts = $arrayFunctions->arfsort($accounts,explode(',',$order),$sort);
555	$this->total = count($accounts);
556
557	// return only the wanted accounts
558
559	if (is_array($sortedAccounts))
560	{
561	reset($sortedAccounts);
562	if(is_int($start) && is_int($offset))
563	{
564	return array_slice($sortedAccounts, $start, $offset);
565	}
566	elseif(is_int($start))
567	{
568	return array_slice($sortedAccounts, $start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
569	}
570	else
571	{
572	return $sortedAccounts;
573	}
574	}
575	return False;
576	}
577
578	function name2id($name,$which='account_lid')
579	{
580	if ($which == 'account_lid') // groups only support account_lid
581	{
582	$sri = ldap_search($this->ds, $this->group_context, '(&(cn=' . (string)$name . ')(phpgwaccounttype=g))');
583	$allValues = ldap_get_entries($this->ds, $sri);
584
585	if (@$allValues[0]['gidnumber'][0])
586	{
587	return (int)$allValues[0]['gidnumber'][0];
588	}
589	}
590	$to_ldap = array(
591	'account_lid' => 'uid',
592	'account_email' => 'mail',
593	);
594	if (!isset($to_ldap[$which])) return False;
595
596	$sri = ldap_search($this->ds, $this->user_context, '(&('.$to_ldap[$which].'=' . (string)$name . ')(phpgwaccounttype=u))');
597
598	$allValues = ldap_get_entries($this->ds, $sri);
599
600	if (@$allValues[0]['uidnumber'][0])
601	{
602	return (int)$allValues[0]['uidnumber'][0];
603	}
604
605	return False;
606	}
607
608	function id2name($account_id,$which='account_lid')
609	{
610	if ($which == 'account_lid' \|\| $which == 'account_type') // groups only support account_lid and account_type
611	{
612	$allValues = array();
613	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
614	if(!$sri)
615	return False;
616	$allValues = ldap_get_entries($this->ds, $sri);
617
618	$attr = $which == 'account_lid' ? 'cn' : 'phpgwaccounttype';
619	if (@$allValues[0]['cn'][0])
620	{
621	return $allValues[0]['cn'][0];
622	}
623	}
624	$to_ldap = array(
625	'account_lid' => 'uid',
626	'account_email' => 'mail',
627	'account_firstname' => 'surname',
628	'account_lastname' => 'cn',
629	'account_type' => 'phpgwaccounttype',
630	);
631	if (!isset($to_ldap[$which])) return False;
632
633	$allValues = array();
634	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
635	if(!$sri)
636	return False;
637	$allValues = ldap_get_entries($this->ds, $sri);
638
639	if (@$allValues[0][$to_ldap[$which]][0])
640	{
641	return $allValues[0][$to_ldap[$which]][0];
642	}
643	return False;
644	}
645
646	function get_type($account_id)
647	{
648	$allValues = array();
649	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
650	if(!$sri)
651	return False;
652	$allValues = ldap_get_entries($this->ds, $sri);
653
654	if ($allValues[0]['phpgwaccounttype'][0])
655	{
656	return $allValues[0]['phpgwaccounttype'][0];
657	}
658
659	$allValues = array();
660	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
661	if(!$sri)
662	return False;
663	$allValues = ldap_get_entries($this->ds, $sri);
664
665	if ($allValues[0]['phpgwaccounttype'][0])
666	{
667	return $allValues[0]['phpgwaccounttype'][0];
668	}
669	return False;
670	}
671
672	/*
673	* returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both
674	* $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer')
675	*/
676	function exists($account)
677	{
678	/* This sets up internal caching variables for this functon */
679	static $by_id, $by_lid;
680	$users = array();
681	$groups = array();
682
683	if(is_int($account))
684	{
685	$ldapgroup = 'gidnumber';
686	$ldapacct = 'uidnumber';
687	$account = (int)$account;
688	/* If data is cached, use it. */
689	if(@isset($by_id[$account]) && @$by_id[$account])
690	{
691	return $by_id[$account];
692	}
693	}
694	else
695	{
696	$ldapgroup = 'cn';
697	$ldapacct = 'uid';
698	/* If data is cached, use it. */
699	if(@isset($by_lid[$account]) && @$by_lid[$account])
700	{
701	return $by_lid[$account];
702	}
703	}
704
705	$acct_type = $this->get_type($account);
706
707	if ($acct_type == 'g' && $this->group_context)
708	{
709	$sri = @ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . $account);
710	if(!$sri)
711	return False;
712	$groups = ldap_get_entries($this->ds, $sri);
713	}
714	$sri = @ldap_search($this->ds, $this->user_context, $ldapacct . '=' . $account);
715	if(!$sri)
716	return False;
717	$users = ldap_get_entries($this->ds, $sri);
718
719	if ($users[0]['dn'])
720	{
721	$in += 1;
722	}
723	if ($groups[0]['dn'])
724	{
725	$in += 2;
726	}
727	/* This sets up internal caching for this function */
728	if($ldapgroup == 'gidnumber')
729	{
730	$by_id[$account] = $in;
731	$by_lid[$this->id2name($account)] = $in;
732	}
733	else
734	{
735	$by_lid[$account] = $in;
736	$by_id[$this->name2id($account)] = $in;
737	}
738
739	return $in;
740	}
741
742	function create($account_info,$default_prefs=True)
743	{
744	/* echo '<br>in create for account_lid: "'.$account_lid.'"'; */
745	if (empty($account_info['account_id']) \|\| !$account_info['account_id'])
746	{
747	$account_id = $this->get_nextid($account_info['account_type']);
748	/* echo '<br>using'.$account_id;exit; */
749	}
750	else
751	{
752	$account_id = $account_info['account_id'];
753	}
754	$entry['userpassword'] = $account_info['account_passwd'];
755	$entry['phpgwaccounttype'] = $account_info['account_type'];
756	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
757
758	if($account_info['account_type'] == 'g')
759	{
760	$sri = @ldap_search($this->ds, $this->group_context, 'cn=' . (string)$account_info['account_lid']);
761	}
762	else
763	{
764	$sri = @ldap_search($this->ds, $this->user_context, 'uid=' . (string)$account_info['account_lid']);
765	}
766	if(!$sri)
767	return False;
768	$allValues = ldap_get_entries($this->ds, $sri);
769
770	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g')
771	{
772	$entry['homedirectory'] = $account_info['homedirectory'] && $account_info['homedirectory'] != $GLOBALS['phpgw_info']['server']['ldap_account_home'] ? $account_info['homedirectory'] : $GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid'];
773	$entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['phpgw_info']['server']['ldap_account_shell'];
774	}
775	elseif($account_info['account_type'] != 'g')
776	{
777	$entry['homedirectory'] = '/home/'.$account_info['account_lid'];
778	$entry['loginshell'] = '/bin/false';
779	}
780
781	if ($allValues[0]['dn'])
782	{
783	/* This should keep the password from being overwritten here on ldap import */
784	unset($entry['userpassword']);
785	$entry['gidnumber'] = $account_id;
786
787	while (list($key,$val) = each($entry))
788	{
789	$tmpentry = '';
790	$tmpentry[$key] = trim($val); /* must trim! */
791	/* echo '<br>'.$key.' '.$val; */
792	if ($tmpentry[$key])
793	{
794	if (!$allValues[0][$key][0])
795	{
796	/* attribute was not in LDAP, add it */
797	ldap_mod_add($this->ds, $allValues[0]['dn'], $tmpentry);
798	}
799	else
800	{
801	/* attribute was in LDAP, modify it */
802	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
803	}
804	}
805	}
806
807	if ($account_info['account_type'] == 'g')
808	{
809	$tmpentry['objectclass'][0] = 'top';
810	$tmpentry['objectclass'][1] = 'posixGroup';
811	$tmpentry['objectclass'][2] = 'phpgwAccount';
812	}
813	else
814	{
815	$tmpentry['uidnumber'] = $account_id;
816	$tmpentry['objectclass'][0] = 'top';
817	$tmpentry['objectclass'][1] = 'person';
818	$tmpentry['objectclass'][2] = 'organizationalPerson';
819	$tmpentry['objectclass'][3] = 'inetOrgPerson';
820	$tmpentry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'],False);
821	/* $tmpentry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */
822	$tmpentry['objectclass'][4] = 'posixAccount';
823	$tmpentry['objectclass'][5] = 'shadowAccount';
824	$tmpentry['objectclass'][6] = 'phpgwAccount';
825	$tmpentry['phpgwaccountstatus'] = $account_info['account_status'];
826	$tmpentry['phpgwaccounttype'] = $account_info['account_type'];
827	$tmpentry['phpgwaccountexpires'] = $account_info['account_expires'];
828	}
829	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
830	}
831	else
832	{
833	/* Not already there, we will add it */
834	if ($account_info['account_type'] == 'g')
835	{
836	$dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context;
837	unset($entry['homedirectory']);
838	unset($entry['loginshell']);
839	$entry['objectclass'][0] = 'top';
840	$entry['objectclass'][1] = 'posixGroup';
841	$entry['objectclass'][2] = 'phpgwAccount';
842	$entry['cn'] = $GLOBALS['phpgw']->translation->convert($account_info['account_lid'],$GLOBALS['phpgw']->translation->charset(),'utf-8');
843	$entry['gidnumber'] = $account_id;
844	#$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
845	$entry['description'] = 'phpgw-created group';
846	}
847	else
848	{
849	$dn = 'uid=' . $account_info['account_lid'] . ',' . $this->user_context;
850
851	$entry['cn'] = $GLOBALS['phpgw']->translation->convert(
852	sprintf(
853	"%s %s",
854	$account_info['account_firstname'],
855	$account_info['account_lastname']
856	),
857	$GLOBALS['phpgw']->translation->charset(),
858	'utf-8'
859	);
860
861	$entry['sn'] = $GLOBALS['phpgw']->translation->convert(
862	$account_info['account_lastname'],
863	$GLOBALS['phpgw']->translation->charset(),
864	'utf-8'
865	);
866
867	if($account_info['account_firstname'])
868	{
869	$entry['givenname'] = $GLOBALS['phpgw']->translation->convert(
870	$account_info['account_firstname'],
871	$GLOBALS['phpgw']->translation->charset(),
872	'utf-8'
873	);
874	}
875	if($account_info['account_email'])
876	{
877	$entry['mail'] = $GLOBALS['phpgw']->translation->convert(
878	$account_info['account_email'],
879	$GLOBALS['phpgw']->translation->charset(),
880	'utf-8'
881	);
882	}
883	$entry['uid'] = $account_info['account_lid'];
884	$entry['uidnumber'] = $account_id;
885	$entry['gidnumber'] = $account_info['account_primary_group'];
886	$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
887	$entry['objectclass'][0] = 'top';
888	$entry['objectclass'][1] = 'person';
889	$entry['objectclass'][2] = 'organizationalPerson';
890	$entry['objectclass'][3] = 'inetOrgPerson';
891	$entry['objectclass'][4] = 'posixAccount';
892	$entry['objectclass'][5] = 'shadowAccount';
893	$entry['objectclass'][6] = 'phpgwAccount';
894	if($account_info['account_status'])
895	{
896	$entry['phpgwaccountstatus'] = $account_info['account_status'];
897	}
898	$entry['phpgwaccounttype'] = $account_info['account_type'];
899	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
900	}
901
902	#_debug_array($entry);
903
904	// stop processing if ldap_add fails
905	if(!ldap_add($this->ds, $dn, $entry))
906	{
907	return false;
908	}
909	}
910	// print ldap_error($this->ds);
911
912	// lets check group the user needs to be added
913	if($account_info['account_type'] == 'u')
914	{
915	@settype($account_info['account_groups'],'array');
916	foreach($account_info['account_groups'] as $key => $value)
917	{
918	// search for the group
919	$filter = 'gidnumber=' . (int)$value;
920	$justThese = array('memberuid');
921	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
922	if($sri)
923	{
924	$allValues = ldap_get_entries($this->ds, $sri);
925	// if the user is not member of this group, add him
926	if(is_array($allValues[0]['memberuid']))
927	{
928	// this group has already some members
929	if(!in_array($account_info['account_lid'],$allValues[0]['memberuid']))
930	{
931	$dn = $allValues[0]['dn'];
932	$newData = array();
933	$newData['memberuid'] = $allValues[0]['memberuid'];
934	unset($newData['memberuid']['count']);
935	$newData['memberuid'][] = $account_info['account_lid'];
936	$newData['memberuid'] = array_unique($newData['memberuid']);
937	ldap_mod_replace($this->ds, $dn, $newData);
938	#print ldap_error($this->ds)."<br>";
939	}
940	}
941	else
942	{
943	// this group has no members
944	$dn = $allValues[0]['dn'];
945	$newData = array();
946	$newData['memberuid'][] = $account_info['account_lid'];
947	ldap_mod_replace($this->ds, $dn, $newData);
948	}
949	}
950	}
951	}
952
953	if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
954	{
955	$GLOBALS['phpgw']->preferences->create_defaults($account_id);
956	}
957
958	return $account_id;
959	}
960
961	function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
962	{
963	if ($expiredate == 0)
964	{
965	if(isset($GLOBALS['phpgw_info']['server']['auto_create_expire']) == True)
966	{
967	if($GLOBALS['phpgw_info']['server']['auto_create_expire'] == 'never')
968	{
969	$expires = -1;
970	}
971	else
972	{
973	$expiredate = time() + $GLOBALS['phpgw_info']['server']['auto_create_expire'];
974	}
975	}
976	}
977	else
978	{
979	/* expire in 30 days by default */
980	$expiredate = time() + ((60 * 60) * (30 * 24));
981	}
982
983	if ($expires != -1)
984	{
985	$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
986	}
987
988	$default_group_id = $this->name2id($GLOBALS['phpgw_info']['server']['default_group_lid']);
989	if (!$default_group_id)
990	{
991	$default_group_id = (int) $this->name2id('Default');
992	}
993	$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
994	$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
995	(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
996
997	$acct_info = array(
998	'account_lid' => $accountname,
999	'account_type' => 'u',
1000	'account_passwd' => $passwd,
1001	'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New',
1002	'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User',
1003	'account_status' => $account_status,
1004	'account_expires' => $expires,
1005	'account_primary_group' => $primary_group,
1006	);
1007
1008	/* attempt to set an email address */
1009	if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '')
1010	{
1011	$acct_info['account_email'] = $GLOBALS['auto_create_acct']['email'];
1012	}
1013	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) == True && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1014	{
1015	$acct_info['account_email'] = $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix'];
1016	}
1017
1018	$this->db->transaction_begin();
1019
1020	$this->create($acct_info,$default_prefs); /* create the account */
1021
1022	$accountid = $this->name2id($accountname); /* grab the account id or an error code */
1023
1024	if ($accountid) /* begin account setup */
1025	{
1026	if($primary_group)
1027	{
1028	$this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) VALUES('phpgw_group', "
1029	. $primary_group . ", " . $accountid . ", 1)",__LINE__,__FILE__);
1030	}
1031
1032	/* FIXME - we are assuming the auth method is capable of password changing
1033	* $this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)VALUES('preferences', 'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
1034	*/
1035
1036	/* if we have an mail address set it in the uesrs' email preference */
1037	if (isset($GLOBALS['auto_create_acct']['email']) && $GLOBALS['auto_create_acct']['email'] != '')
1038	{
1039	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1040	$GLOBALS['phpgw']->preferences->preferences($accountid);
1041	$GLOBALS['phpgw']->preferences->read_repository();
1042	$GLOBALS['phpgw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']);
1043	$GLOBALS['phpgw']->preferences->save_repository();
1044	}
1045	/* use the default mail domain to set the uesrs' email preference */
1046	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1047	{
1048	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1049	$GLOBALS['phpgw']->preferences->preferences($accountid);
1050	$GLOBALS['phpgw']->preferences->read_repository();
1051	$GLOBALS['phpgw']->preferences->add('email','address', $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix']);
1052	$GLOBALS['phpgw']->preferences->save_repository();
1053	}
1054
1055	/* commit the new account transaction */
1056	$this->db->transaction_commit();
1057
1058	/* does anyone know what the heck this is required for? */
1059	$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
1060	$GLOBALS['hook_values']['account_id'] = $accountid;
1061	$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
1062	$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
1063	$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname'];
1064	$GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname'];
1065	$GLOBALS['phpgw']->hooks->process($GLOBALS['hook_values']+array(
1066	'location' => 'addaccount'
1067	),False,True); // called for every app now, not only enabled ones
1068
1069	} /* end account setup */
1070	else /* if no account id abort the account creation */
1071	{
1072	$this->db->transaction_abort();
1073	}
1074
1075	/*
1076	* If we succeeded in creating the account (above), return the accountid, else,
1077	* return the error value from $this->name2id($accountname)
1078	*/
1079	return $accountid;
1080	} /* end auto_add() */
1081
1082	function get_account_name($account_id,&$lid,&$fname,&$lname)
1083	{
1084	$acct_type = $this->get_type($account_id);
1085
1086	/* search the dn for the given uid */
1087	if(($acct_type == 'g') && $this->group_context)
1088	{
1089	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwAccountType=g))');
1090	}
1091	else
1092	{
1093	$sri = @ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$account_id);
1094	}
1095	if(!$sri)
1096	return False;
1097	$allValues = ldap_get_entries($this->ds, $sri);
1098
1099	if($acct_type =='g')
1100	{
1101	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1102	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1103	$lname = lang('Group');
1104	}
1105	else
1106	{
1107	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['uid'][0],'utf-8');
1108	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
1109	$lname = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
1110	}
1111	return !empty($lid);
1112	}
1113
1114	function getDNforID($_accountid = '')
1115	{
1116	$_account_id = get_account_id($_accountid);
1117
1118	$sri = @ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$_account_id);
1119	if(!$sri)
1120	return False;
1121	$allValues = ldap_get_entries($this->ds, $sri);
1122
1123	return $allValues[0]['dn'];
1124	}
1125
1126	//by JakJr, add organization support
1127	function get_context($dn)
1128	{
1129	return substr($dn, (strpos($dn, ',')+1));
1130	}
1131
1132	//by JakJr, add organization support
1133	function get_organization($dn)
1134	{
1135	$ldap_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
1136	$end = (strpos($dn, $ldap_context)-1);
1137	$tmp = substr($dn, 0, $end);
1138	$begin = (strrpos($tmp, '=')+1);
1139	return substr($dn, $begin, ($end - $begin));
1140	}
1141
1142	//by JakJr, add organization support
1143	function get_sector($dn)
1144	{
1145	$context = $this->get_context($dn);
1146	$begin = (strpos($context, '=')+1);
1147	$end = (strpos($context, ',') - $begin);
1148	return substr($context, $begin, $end);
1149	}
1150
1151	function id2fullname($account_id)
1152	{
1153	$allValues = array();
1154	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
1155	if(!$sri)
1156	return False;
1157	$allValues = ldap_get_entries($this->ds, $sri);
1158	if (@$allValues[0]['cn'][0])
1159	{
1160	return $allValues[0]['cn'][0];
1161	}
1162	return False;
1163	}
1164
1165	function mail2fullname($mail)
1166	{
1167	$allValues = array();
1168	$sri = @ldap_search($this->ds, $this->user_context, '(&(mail=' . $mail . ')(phpgwaccounttype=u))');
1169	if(!$sri)
1170	return False;
1171	$allValues = ldap_get_entries($this->ds, $sri);
1172	if (@$allValues[0]['cn'][0])
1173	{
1174	return $allValues[0]['cn'][0];
1175	}
1176	return False;
1177	}
1178	}
1179	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: