Context Navigation

source: trunk/phpgwapi/inc/class.accounts_ldap.inc.php @ 425

Revision 425, 39.8 KB checked in by niltonneto, 16 years ago (diff)
Correções na função get_account_name da classe AccountsLDAP da API. Atributo escrito de forma incorreta, e search com phpgwaccouttype errado.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Accounts manager for LDAP *
4	* Written by Joseph Engo <jengo@phpgroupware.org> *
5	* and Lars Kneschke <lkneschke@phpgw.de> *
6	* and Miles Lott <milos@groupwhere.org> *
7	* and Bettina Gille <ceb@phpgroupware.org> *
8	* View and manipulate account records using LDAP *
9	* Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke *
10	* Copyright (C) 2003 Lars Kneschke, Bettina Gille *
11	* ------------------------------------------------------------------------ *
12	* This library is part of the eGroupWare API *
13	* http://www.egroupware.org *
14	* ------------------------------------------------------------------------ *
15	* This library is free software; you can redistribute it and/or modify it *
16	* under the terms of the GNU Lesser General Public License as published by *
17	* the Free Software Foundation; either version 2.1 of the License, *
18	* or any later version. *
19	* This library is distributed in the hope that it will be useful, but *
20	* WITHOUT ANY WARRANTY; without even the implied warranty of *
21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
22	* See the GNU Lesser General Public License for more details. *
23	* You should have received a copy of the GNU Lesser General Public License *
24	* along with this library; if not, write to the Free Software Foundation, *
25	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
26	\**************************************************************************/
27
28	class accounts_
29	{
30	var $db;
31	var $ds;
32	var $account_id;
33	var $data;
34	var $user_context = '';
35	var $group_context = '';
36	var $total;
37
38	function accounts_()
39	{
40	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
41	if(!$this->ds)
42	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
43	if(!@is_object($GLOBALS['phpgw']->translation))
44	{
45	$GLOBALS['phpgw']->translation = CreateObject('phpgwapi.translation');
46	}
47	$this->user_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
48	$this->group_context = $GLOBALS['phpgw_info']['server']['ldap_group_context'];
49	}
50
51	function read_repository()
52	{
53	$acct_type = $this->get_type($this->account_id);
54
55	/* search the dn for the given uid */
56	if(($acct_type == 'g') && $this->group_context)
57	{
58	/* jakjr: using justthese with ldap_search */
59	$justthese = array("gidnumber", "cn");
60	$sri = @ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"), $justthese);
61	}
62	else
63	{
64	/* jakjr: using justthese with ldap_search */
65	$justthese = array("uidnumber", "gidnumber", "uid", "cn", "givenname", "sn", "mail", "phpgwaccountstatus", "phpgwaccountexpires", "phpgwaccounttype");
66	$sri = @ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"), $justthese);
67	}
68	if(!$sri)
69	return null;
70	$allValues = ldap_get_entries($this->ds, $sri);
71
72	/* Now dump it into the array; take first entry found */
73	if($acct_type =='g')
74	{
75	$this->data['account_id'] = $allValues[0]['gidnumber'][0];
76	$this->data['account_lid'] = $allValues[0]['cn'][0];
77	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
78	$this->data['lastname'] = lang('Group');
79	}
80	else
81	{
82	$this->data['account_id'] = $allValues[0]['uidnumber'][0];
83	$this->data['account_primary_group'] = $allValues[0]['gidnumber'][0];
84	$this->data['account_lid'] = $allValues[0]['uid'][0];
85	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
86	$this->data['lastname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
87	if(isset($allValues[0]['mail'][0]))
88	{
89	$this->data['email'] = $allValues[0]['mail'][0];
90	}
91	/* jakjr: this is not used for expressoLivre */
92	/*
93	$this->data['telephonenumber'] = $allValues[0]['telephonenumber'][0];
94	$this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0];
95	$this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0];
96	$this->data['lastpasswd_change'] = @$allValues[0]['phpgwlastpasswdchange'][0];
97	*/
98	$this->data['status'] = trim($allValues[0]['phpgwaccountstatus'][0]);
99	$this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0];
100	$this->data['type'] = $allValues[0]['phpgwaccounttype'][0];
101	}
102	$this->data['account_dn'] = $allValues[0]['dn'];
103	$this->data['fullname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
104
105	/* jakjr: this is not used for expressoLivre */
106	/*
107	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
108	{
109	$this->data['homedirectory'] = $allValues[0]['homedirectory'][0];
110	$this->data['loginshell'] = $allValues[0]['loginshell'][0];
111	}
112	*/
113	return $this->data;
114	}
115
116	function save_repository()
117	{
118	#_debug_array($this->data);
119	$acct_type = $this->get_type($this->account_id);
120
121	/* search the dn for the given u/gidnumber */
122	if(($acct_type == 'g') && $this->group_context)
123	{
124	$sri = ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
125	}
126	else
127	{
128	$sri = ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"));
129	}
130	$allValues = ldap_get_entries($this->ds, $sri);
131
132	$this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0];
133
134	if($acct_type == 'u')
135	{
136	// data for posixaccount
137	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(sprintf("%s %s",
138	$this->data['firstname'],
139	$this->data['lastname']),$GLOBALS['phpgw']->translation->charset(),'utf-8'
140	);
141	$newData['uid'] = $GLOBALS['phpgw']->translation->convert(
142	$this->data['account_lid'],
143	$GLOBALS['phpgw']->translation->charset(),'utf-8'
144	);
145	if($this->data['lastname'])
146	{
147	$newData['sn'] = $GLOBALS['phpgw']->translation->convert(
148	$this->data['lastname'],
149	$GLOBALS['phpgw']->translation->charset(),'utf-8'
150	);
151	}
152
153	if($this->data['firstname'])
154	{
155	$newData['givenname'] = $GLOBALS['phpgw']->translation->convert(
156	$this->data['firstname'],
157	$GLOBALS['phpgw']->translation->charset(),'utf-8'
158	);
159	}
160	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
161	{
162	$newData['homedirectory'] = $this->data['homedirectory'];
163	$newData['loginshell'] = $this->data['loginshell'];
164	}
165	else
166	{
167	// the posixaccount schema requires this
168	$entry['homedirectory'] = '/home/'.$this->data['account_lid'];
169	$entry['loginshell'] = '/bin/false';
170	}
171	if($this->data['account_primary_group'])
172	{
173	$newData['gidnumber'] = $this->data['account_primary_group'];
174	}
175	if($this->data['lastlogin'])
176	{
177	$newData['phpgwaccountlastlogin'] = $this->data['lastlogin'];
178	}
179	if($this->data['lastloginfrom'])
180	{
181	$newData['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom'];
182	}
183	if($this->data['lastpasswd_change'])
184	{
185	$newData['phpgwlastpasswdchange'] = $this->data['lastpasswd_change'];
186	}
187	if($this->data['status'])
188	{
189	$newData['phpgwaccountstatus'] = $this->data['status'];
190	}
191	else
192	{
193	$newData['phpgwaccountstatus'] = array();
194	}
195	if($this->data['expires'])
196	{
197	$newData['phpgwaccountexpires'] = $this->data['expires'];
198	}
199	if($this->data['email'])
200	{
201	$newData['mail'] = $this->data['email'];
202	}
203
204	$newAccountID = $newData['uid'];
205	$oldAccountID = $newData['uid'];
206	}
207	else
208	{
209	// data for posixgroup
210	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(
211	$this->data['account_lid'],
212	$GLOBALS['phpgw']->translation->charset(), 'utf-8'
213	);
214	$newData['gidnumber'] = $this->account_id;
215	$newGroupID = $newData['cn'];
216	$oldGroupID = $newData['cn'];
217	}
218	if($this->data['type'])
219	{
220	$newData['phpgwaccounttype'] = $this->data['type'];
221	}
222
223	/*
224	Changing the uid: Need to delete and add new, since
225	PHP cannot change the dn for the entry.
226	*/
227	if ($acct_type == 'g')
228	{
229	$test = $allValues[0]['cn'][0];
230	}
231	else
232	{
233	$test = $allValues[0]['uid'][0];
234	}
235	if($GLOBALS['phpgw']->translation->convert($test,'utf-8') != $this->data['account_lid'])
236	{
237	$oldData = $allValues[0];
238	$oldDN = $oldData['dn'];
239	// remove all unneeded fields
240	unset($oldData['dn']);
241	unset($oldData['count']);
242	foreach($oldData as $key => $value)
243	{
244	if(is_numeric($key))
245	{
246	// remove the key, its no ldap key
247	unset($oldData[$key]);
248	}
249	else
250	{
251	// remove the count key
252	if($oldData[$key]['count'] == 1)
253	{
254	$oldData[$key] = $value[0];
255	}
256	else
257	{
258	unset($oldData[$key]['count']);
259	}
260	}
261	}
262
263	$oldAccountID = $oldData['uid'];
264	$oldGroupID = $oldData['cn'];
265
266	// merge the old data with the new one
267	$newData = array_merge($oldData, $newData);
268
269	/* Groups */
270	if($this->data['account_type'] == 'g' && $this->group_context )
271	{
272	$newDN = 'cn='.$this->data['account_lid'].','.$this->group_context;
273	$members = $this->member($this->account_id);
274	$newData['memberuid'] = array();
275	for($i=0;$i<count($members);$i++)
276	{
277	$currname = $this->id2name($members[$i]['account_id']);
278	if(!in_array($currname,$entry['memberuid']))
279	{
280	$newData['memberuid'][] = $currname;
281	}
282	}
283	}
284	/* Accounts */
285	else
286	{
287	$newDN = 'uid='.$this->data['account_lid'].','.$this->user_context;
288	}
289	// delete the old account
290	ldap_delete($this->ds,$oldDN);
291
292	// add the new account
293	#_debug_array($newData);
294	ldap_add($this->ds, $newDN, $newData);
295	}
296	/* Normal behavior for save_repository
297	update Account */
298	else
299	{
300	// add the list group members
301	if($this->data['account_type'] == 'g' && $this->group_context )
302	{
303	$members = $this->member($this->account_id);
304	#_debug_array($members);
305	$newData['memberuid'] = array();
306	for($i=0;$i<count($members);$i++)
307	{
308	$currname = $this->id2name($members[$i]['account_id']);
309	if(!in_array($currname,$newData['memberuid']))
310	{
311	$newData['memberuid'][] = $currname;
312	}
313	}
314	}
315	// modify the DN
316	ldap_modify($this->ds, $allValues[0]['dn'], $newData);
317	}
318
319	if ($this->data['account_type'] == 'u')
320	{
321	// lets check for groups, the user needs to be removed
322
323	// first lets search for the groups, the user is currently member of
324	// and from which he needs to be removed
325	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$oldAccountID . "))";
326	$justThese = array('memberuid','gidnumber');
327	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
328	if($sri)
329	{
330	$allValues = ldap_get_entries($this->ds, $sri);
331	if($allValues['count'] > 0)
332	{
333	unset($allValues['count']);
334	foreach($allValues as $key)
335	{
336	#_debug_array($key);
337	#_debug_array($this->data['account_groups']);
338	// delete the old accountid from any group
339	if($newAccountID != $oldAccountID)
340	{
341	$dn = $key['dn'];
342	$newData = array();
343	$newData['memberuid'] = $key['memberuid'];
344	unset($newData['memberuid']['count']);
345	// remove the uid from memberuid
346	$newData['memberuid'] = array_flip($newData['memberuid']);
347	unset($newData['memberuid'][$oldAccountID]);
348	# $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
349	$newData['memberuid'] = array_values(array_flip($newData['memberuid']));
350	ldap_mod_replace($this->ds, $dn, $newData);
351	#print ldap_error($this->ds);
352	}
353	else
354	{
355	if(!in_array($key['gidnumber'][0],$this->data['account_groups']))
356	{
357	$dn = $key['dn'];
358	$newData = array();
359	$newData['memberuid'] = $key['memberuid'];
360	unset($newData['memberuid']['count']);
361	// remove the uid from memberuid
362	$newData['memberuid'] = array_flip($newData['memberuid']);
363	unset($newData['memberuid'][$oldAccountID]);
364	$newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
365	ldap_mod_replace($this->ds, $dn, $newData);
366	#print ldap_error($this->ds);
367	}
368	}
369	}
370	}
371	}
372
373	// lets check group the user needs to be added
374	foreach($this->data['account_groups'] as $key => $value)
375	{
376	// search for the group
377	$filter = 'gidnumber=' . (int)$value;
378	$justThese = array('memberuid');
379	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
380	if($sri)
381	{
382	$allValues = ldap_get_entries($this->ds, $sri);
383	// if the user is not member of this group, add him
384	if(is_array($allValues[0]['memberuid']))
385	{
386	// this group has already some members
387	if(!in_array($newData['uid'],$allValues[0]['memberuid']))
388	{
389	$dn = $allValues[0]['dn'];
390	$newData = array();
391	$newData['memberuid'] = $allValues[0]['memberuid'];
392	unset($newData['memberuid']['count']);
393	$newData['memberuid'][] = $newAccountID;
394	$newData['memberuid'] = array_values(array_unique($newData['memberuid']));
395	ldap_mod_replace($this->ds, $dn, $newData);
396	}
397	}
398	else
399	{
400	// this group has no members
401	$dn = $allValues[0]['dn'];
402	$newData = array();
403	$newData['memberuid'][] = $newAccountID;
404	ldap_mod_replace($this->ds, $dn, $newData);
405	}
406	}
407	}
408	}
409	}
410
411	function delete($accountid = '')
412	{
413	$account_id = get_account_id($accountid);
414	$account_lid = $this->id2name((int)$account_id);
415
416	$filter = "(&(gidnumber=" . (int)$account_id.")(phpgwaccounttype=g))";
417	$sri = ldap_search($this->ds, $this->group_context, $filter);
418	if($sri)
419	{
420	$allValues = ldap_get_entries($this->ds, $sri);
421	}
422
423	if(!$allValues[0]['dn'])
424	{
425	$sri = ldap_search($this->ds, $this->user_context, "(&(uid=" . (string)$account_lid.")(phpgwaccounttype=u))");
426	if($sri)
427	{
428	$allValues = ldap_get_entries($this->ds, $sri);
429	$accountID = $allValues['0']['uid'][0];
430	$wasAccount = True;
431	}
432	}
433
434	if ($allValues[0]['dn'])
435	{
436	$del = ldap_delete($this->ds, $allValues[0]['dn']);
437	}
438
439	if($wasAccount)
440	{
441	// remove the user from any group he is member of
442	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$accountID . "))";
443	$justThese = array('memberuid','gidnumber');
444	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
445	if($sri)
446	{
447	$allValues = ldap_get_entries($this->ds, $sri);
448	if($allValues['count'] > 0)
449	{
450	unset($allValues['count']);
451	foreach($allValues as $key)
452	{
453	$dn = $key['dn'];
454	$newData = array();
455	$newData['memberuid'] = $key['memberuid'];
456	unset($newData['memberuid']['count']);
457	// remove the uid from memberuid
458	$newData['memberuid'] = array_flip($newData['memberuid']);
459	unset($newData['memberuid'][$accountID]);
460	$newData['memberuid'] = array_unique(array_flip($newData['memberuid']));
461	ldap_mod_replace($this->ds, $dn, $newData);
462	}
463	}
464	}
465	}
466	}
467
468	function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
469	{
470	//print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset, \$query_type=$query_type<br>";
471	$query = strtolower($query);
472
473	if($_type == 'accounts' \|\| $_type == 'both')
474	{
475	$filter = "(&(uidnumber=*)(phpgwaccounttype=u)";
476	if (!empty($query) && $query != '*')
477	{
478	switch($query_type)
479	{
480	case 'all':
481	default:
482	$query = '*'.$query;
483	// fall-through
484	case 'start':
485	$query .= '*';
486	// fall-through
487	case 'exact':
488	$filter .= "(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)(mail=$query))";
489	break;
490	case 'firstname':
491	case 'lastname':
492	case 'lid':
493	case 'email':
494	$to_ldap = array(
495	'firstname' => 'givenname',
496	'lastname' => 'sn',
497	'lid' => 'uid',
498	'email' => 'mail',
499	);
500	$filter .= '('.$to_ldap[$query_type].'='.$query.')';
501	break;
502	}
503	}
504	$filter .= ')';
505
506	$sri = ldap_search($this->ds, $this->user_context, $filter);
507	$allValues = ldap_get_entries($this->ds, $sri);
508	while (list($null,$allVals) = @each($allValues))
509	{
510	settype($allVals,'array');
511	$test = @$allVals['uid'][0];
512	if (!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] && $allVals['uid'][0])
513	{
514	$accounts[] = Array(
515	'account_id' => $allVals['uidnumber'][0],
516	'account_lid' => $allVals['uid'][0],
517	'account_type' => $allVals['phpgwaccounttype'][0],
518	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
519	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
520	'account_status' => $allVals['phpgwaccountstatus'][0],
521	'account_email' => $allVals['mail'][0],
522	);
523	}
524	}
525	}
526	if ($_type == 'groups' \|\| $_type == 'both')
527	{
528	if(empty($query) \|\| $query == '*')
529	{
530	$filter = '(&(gidnumber=*)(phpgwaccounttype=g))';
531	}
532	else
533	{
534	$filter = "(&(gidnumber=)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query*)))";
535	}
536	$sri = ldap_search($this->ds, $this->group_context, $filter);
537	$allValues = ldap_get_entries($this->ds, $sri);
538	while (list($null,$allVals) = @each($allValues))
539	{
540	settype($allVals,'array');
541	$test = $allVals['cn'][0];
542	if (!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0])
543	{
544	$accounts[] = Array(
545	'account_id' => $allVals['gidnumber'][0],
546	'account_lid' => $allVals['cn'][0],
547	'account_type' => $allVals['phpgwaccounttype'][0],
548	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
549	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
550	'account_status' => $allVals['phpgwaccountstatus'][0],
551	'account_email' => $allVals['mail'][0],
552	);
553	}
554	}
555	}
556	// sort the array
557	$arrayFunctions = CreateObject('phpgwapi.arrayfunctions');
558	if(empty($order))
559	{
560	$order = 'account_lid';
561	}
562	$sortedAccounts = $arrayFunctions->arfsort($accounts,explode(',',$order),$sort);
563	$this->total = count($accounts);
564
565	// return only the wanted accounts
566
567	if (is_array($sortedAccounts))
568	{
569	reset($sortedAccounts);
570	if(is_int($start) && is_int($offset))
571	{
572	return array_slice($sortedAccounts, $start, $offset);
573	}
574	elseif(is_int($start))
575	{
576	return array_slice($sortedAccounts, $start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
577	}
578	else
579	{
580	return $sortedAccounts;
581	}
582	}
583	return False;
584	}
585
586	function name2id($name,$which='account_lid')
587	{
588	/* jakjr: change search position */
589	$to_ldap = array(
590	'account_lid' => 'uid',
591	'account_email' => 'mail',
592	);
593	if (!isset($to_ldap[$which])) return False;
594
595	$sri = ldap_search($this->ds, $this->user_context, '(&('.$to_ldap[$which].'=' . (string)$name . ')(phpgwaccounttype=u))', array("uidnumber"));
596	$allValues = ldap_get_entries($this->ds, $sri);
597
598	if (@$allValues[0]['uidnumber'][0])
599	{
600	return (int)$allValues[0]['uidnumber'][0];
601	}
602
603	if ($which == 'account_lid') // groups only support account_lid
604	{
605	$sri = ldap_search($this->ds, $this->group_context, '(&(cn=' . (string)$name . ')(phpgwaccounttype=g))', array("gidnumber"));
606	$allValues = ldap_get_entries($this->ds, $sri);
607
608	if (@$allValues[0]['gidnumber'][0])
609	{
610	return (int)$allValues[0]['gidnumber'][0];
611	}
612	}
613
614	return False;
615	}
616
617	function id2name($account_id,$which='account_lid')
618	{
619	if ($which == 'account_lid' \|\| $which == 'account_type') // groups only support account_lid and account_type
620	{
621	$allValues = array();
622	/* jakjr: using justthese with ldap_search */
623	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("cn"));
624	if(!$sri)
625	return False;
626	$allValues = ldap_get_entries($this->ds, $sri);
627
628	$attr = $which == 'account_lid' ? 'cn' : 'phpgwaccounttype';
629	if (@$allValues[0]['cn'][0])
630	{
631	return $allValues[0]['cn'][0];
632	}
633	}
634	$to_ldap = array(
635	'account_lid' => 'uid',
636	'account_email' => 'mail',
637	'account_firstname' => 'surname',
638	'account_lastname' => 'cn',
639	'account_type' => 'phpgwaccounttype',
640	);
641	if (!isset($to_ldap[$which])) return False;
642
643	$allValues = array();
644	/* jakjr: using justthese with ldap_search */
645	$justthese = array("uid","mail","surname","cn","phpgwaccounttype");
646	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))', $justthese);
647	if(!$sri)
648	return False;
649	$allValues = ldap_get_entries($this->ds, $sri);
650
651	if (@$allValues[0][$to_ldap[$which]][0])
652	{
653	return $allValues[0][$to_ldap[$which]][0];
654	}
655	return False;
656	}
657
658	function get_type($account_id)
659	{
660	$allValues = array();
661	/* jakjr: using justthese with ldap_search */
662	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))', array("phpgwaccounttype"));
663	if(!$sri)
664	return False;
665	$allValues = ldap_get_entries($this->ds, $sri);
666
667	if ($allValues[0]['phpgwaccounttype'][0])
668	{
669	return $allValues[0]['phpgwaccounttype'][0];
670	}
671
672	$allValues = array();
673	/* jakjr: using justthese with ldap_search */
674	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("phpgwaccounttype"));
675	if(!$sri)
676	return False;
677	$allValues = ldap_get_entries($this->ds, $sri);
678
679	if ($allValues[0]['phpgwaccounttype'][0])
680	{
681	return $allValues[0]['phpgwaccounttype'][0];
682	}
683	return False;
684	}
685
686	/*
687	* returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both
688	* $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer')
689	*/
690	function exists($account)
691	{
692	/* This sets up internal caching variables for this functon */
693	static $by_id, $by_lid;
694	$users = array();
695	$groups = array();
696
697	if(is_int($account))
698	{
699	$ldapgroup = 'gidnumber';
700	$ldapacct = 'uidnumber';
701	$account = (int)$account;
702	/* If data is cached, use it. */
703	if(@isset($by_id[$account]) && @$by_id[$account])
704	{
705	return $by_id[$account];
706	}
707	}
708	else
709	{
710	$ldapgroup = 'cn';
711	$ldapacct = 'uid';
712	/* If data is cached, use it. */
713	if(@isset($by_lid[$account]) && @$by_lid[$account])
714	{
715	return $by_lid[$account];
716	}
717	}
718
719	$acct_type = $this->get_type($account);
720
721	if ($acct_type == 'g' && $this->group_context)
722	{
723	$sri = @ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . $account);
724	if(!$sri)
725	return False;
726	$groups = ldap_get_entries($this->ds, $sri);
727	}
728	$sri = @ldap_search($this->ds, $this->user_context, $ldapacct . '=' . $account);
729	if(!$sri)
730	return False;
731	$users = ldap_get_entries($this->ds, $sri);
732
733	if ($users[0]['dn'])
734	{
735	$in += 1;
736	}
737	if ($groups[0]['dn'])
738	{
739	$in += 2;
740	}
741	/* This sets up internal caching for this function */
742	if($ldapgroup == 'gidnumber')
743	{
744	$by_id[$account] = $in;
745	$by_lid[$this->id2name($account)] = $in;
746	}
747	else
748	{
749	$by_lid[$account] = $in;
750	$by_id[$this->name2id($account)] = $in;
751	}
752
753	return $in;
754	}
755
756	function create($account_info,$default_prefs=True)
757	{
758	/* echo '<br>in create for account_lid: "'.$account_lid.'"'; */
759	if (empty($account_info['account_id']) \|\| !$account_info['account_id'])
760	{
761	$account_id = $this->get_nextid($account_info['account_type']);
762	/* echo '<br>using'.$account_id;exit; */
763	}
764	else
765	{
766	$account_id = $account_info['account_id'];
767	}
768	$entry['userpassword'] = $account_info['account_passwd'];
769	$entry['phpgwaccounttype'] = $account_info['account_type'];
770	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
771
772	if($account_info['account_type'] == 'g')
773	{
774	$sri = @ldap_search($this->ds, $this->group_context, 'cn=' . (string)$account_info['account_lid']);
775	}
776	else
777	{
778	$sri = @ldap_search($this->ds, $this->user_context, 'uid=' . (string)$account_info['account_lid']);
779	}
780	if(!$sri)
781	return False;
782	$allValues = ldap_get_entries($this->ds, $sri);
783
784	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g')
785	{
786	$entry['homedirectory'] = $account_info['homedirectory'] && $account_info['homedirectory'] != $GLOBALS['phpgw_info']['server']['ldap_account_home'] ? $account_info['homedirectory'] : $GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid'];
787	$entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['phpgw_info']['server']['ldap_account_shell'];
788	}
789	elseif($account_info['account_type'] != 'g')
790	{
791	$entry['homedirectory'] = '/home/'.$account_info['account_lid'];
792	$entry['loginshell'] = '/bin/false';
793	}
794
795	if ($allValues[0]['dn'])
796	{
797	/* This should keep the password from being overwritten here on ldap import */
798	unset($entry['userpassword']);
799	$entry['gidnumber'] = $account_id;
800
801	while (list($key,$val) = each($entry))
802	{
803	$tmpentry = '';
804	$tmpentry[$key] = trim($val); /* must trim! */
805	/* echo '<br>'.$key.' '.$val; */
806	if ($tmpentry[$key])
807	{
808	if (!$allValues[0][$key][0])
809	{
810	/* attribute was not in LDAP, add it */
811	ldap_mod_add($this->ds, $allValues[0]['dn'], $tmpentry);
812	}
813	else
814	{
815	/* attribute was in LDAP, modify it */
816	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
817	}
818	}
819	}
820
821	if ($account_info['account_type'] == 'g')
822	{
823	$tmpentry['objectclass'][0] = 'top';
824	$tmpentry['objectclass'][1] = 'posixGroup';
825	$tmpentry['objectclass'][2] = 'phpgwAccount';
826	}
827	else
828	{
829	$tmpentry['uidnumber'] = $account_id;
830	$tmpentry['objectclass'][0] = 'top';
831	$tmpentry['objectclass'][1] = 'person';
832	$tmpentry['objectclass'][2] = 'organizationalPerson';
833	$tmpentry['objectclass'][3] = 'inetOrgPerson';
834	$tmpentry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'],False);
835	/* $tmpentry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */
836	$tmpentry['objectclass'][4] = 'posixAccount';
837	$tmpentry['objectclass'][5] = 'shadowAccount';
838	$tmpentry['objectclass'][6] = 'phpgwAccount';
839	$tmpentry['phpgwaccountstatus'] = $account_info['account_status'];
840	$tmpentry['phpgwaccounttype'] = $account_info['account_type'];
841	$tmpentry['phpgwaccountexpires'] = $account_info['account_expires'];
842	}
843	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
844	}
845	else
846	{
847	/* Not already there, we will add it */
848	if ($account_info['account_type'] == 'g')
849	{
850	$dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context;
851	unset($entry['homedirectory']);
852	unset($entry['loginshell']);
853	$entry['objectclass'][0] = 'top';
854	$entry['objectclass'][1] = 'posixGroup';
855	$entry['objectclass'][2] = 'phpgwAccount';
856	$entry['cn'] = $GLOBALS['phpgw']->translation->convert($account_info['account_lid'],$GLOBALS['phpgw']->translation->charset(),'utf-8');
857	$entry['gidnumber'] = $account_id;
858	#$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
859	$entry['description'] = 'phpgw-created group';
860	}
861	else
862	{
863	$dn = 'uid=' . $account_info['account_lid'] . ',' . $this->user_context;
864
865	$entry['cn'] = $GLOBALS['phpgw']->translation->convert(
866	sprintf(
867	"%s %s",
868	$account_info['account_firstname'],
869	$account_info['account_lastname']
870	),
871	$GLOBALS['phpgw']->translation->charset(),
872	'utf-8'
873	);
874
875	$entry['sn'] = $GLOBALS['phpgw']->translation->convert(
876	$account_info['account_lastname'],
877	$GLOBALS['phpgw']->translation->charset(),
878	'utf-8'
879	);
880
881	if($account_info['account_firstname'])
882	{
883	$entry['givenname'] = $GLOBALS['phpgw']->translation->convert(
884	$account_info['account_firstname'],
885	$GLOBALS['phpgw']->translation->charset(),
886	'utf-8'
887	);
888	}
889	if($account_info['account_email'])
890	{
891	$entry['mail'] = $GLOBALS['phpgw']->translation->convert(
892	$account_info['account_email'],
893	$GLOBALS['phpgw']->translation->charset(),
894	'utf-8'
895	);
896	}
897	$entry['uid'] = $account_info['account_lid'];
898	$entry['uidnumber'] = $account_id;
899	$entry['gidnumber'] = $account_info['account_primary_group'];
900	$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
901	$entry['objectclass'][0] = 'top';
902	$entry['objectclass'][1] = 'person';
903	$entry['objectclass'][2] = 'organizationalPerson';
904	$entry['objectclass'][3] = 'inetOrgPerson';
905	$entry['objectclass'][4] = 'posixAccount';
906	$entry['objectclass'][5] = 'shadowAccount';
907	$entry['objectclass'][6] = 'phpgwAccount';
908	if($account_info['account_status'])
909	{
910	$entry['phpgwaccountstatus'] = $account_info['account_status'];
911	}
912	$entry['phpgwaccounttype'] = $account_info['account_type'];
913	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
914	}
915
916	#_debug_array($entry);
917
918	// stop processing if ldap_add fails
919	if(!ldap_add($this->ds, $dn, $entry))
920	{
921	return false;
922	}
923	}
924	// print ldap_error($this->ds);
925
926	// lets check group the user needs to be added
927	if($account_info['account_type'] == 'u')
928	{
929	@settype($account_info['account_groups'],'array');
930	foreach($account_info['account_groups'] as $key => $value)
931	{
932	// search for the group
933	$filter = 'gidnumber=' . (int)$value;
934	$justThese = array('memberuid');
935	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
936	if($sri)
937	{
938	$allValues = ldap_get_entries($this->ds, $sri);
939	// if the user is not member of this group, add him
940	if(is_array($allValues[0]['memberuid']))
941	{
942	// this group has already some members
943	if(!in_array($account_info['account_lid'],$allValues[0]['memberuid']))
944	{
945	$dn = $allValues[0]['dn'];
946	$newData = array();
947	$newData['memberuid'] = $allValues[0]['memberuid'];
948	unset($newData['memberuid']['count']);
949	$newData['memberuid'][] = $account_info['account_lid'];
950	$newData['memberuid'] = array_unique($newData['memberuid']);
951	ldap_mod_replace($this->ds, $dn, $newData);
952	#print ldap_error($this->ds)."<br>";
953	}
954	}
955	else
956	{
957	// this group has no members
958	$dn = $allValues[0]['dn'];
959	$newData = array();
960	$newData['memberuid'][] = $account_info['account_lid'];
961	ldap_mod_replace($this->ds, $dn, $newData);
962	}
963	}
964	}
965	}
966
967	if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
968	{
969	$GLOBALS['phpgw']->preferences->create_defaults($account_id);
970	}
971
972	return $account_id;
973	}
974
975	function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
976	{
977	if ($expiredate == 0)
978	{
979	if(isset($GLOBALS['phpgw_info']['server']['auto_create_expire']) == True)
980	{
981	if($GLOBALS['phpgw_info']['server']['auto_create_expire'] == 'never')
982	{
983	$expires = -1;
984	}
985	else
986	{
987	$expiredate = time() + $GLOBALS['phpgw_info']['server']['auto_create_expire'];
988	}
989	}
990	}
991	else
992	{
993	/* expire in 30 days by default */
994	$expiredate = time() + ((60 * 60) * (30 * 24));
995	}
996
997	if ($expires != -1)
998	{
999	$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
1000	}
1001
1002	$default_group_id = $this->name2id($GLOBALS['phpgw_info']['server']['default_group_lid']);
1003	if (!$default_group_id)
1004	{
1005	$default_group_id = (int) $this->name2id('Default');
1006	}
1007	$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
1008	$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
1009	(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
1010
1011	$acct_info = array(
1012	'account_lid' => $accountname,
1013	'account_type' => 'u',
1014	'account_passwd' => $passwd,
1015	'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New',
1016	'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User',
1017	'account_status' => $account_status,
1018	'account_expires' => $expires,
1019	'account_primary_group' => $primary_group,
1020	);
1021
1022	/* attempt to set an email address */
1023	if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '')
1024	{
1025	$acct_info['account_email'] = $GLOBALS['auto_create_acct']['email'];
1026	}
1027	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) == True && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1028	{
1029	$acct_info['account_email'] = $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix'];
1030	}
1031
1032	$this->db->transaction_begin();
1033
1034	$this->create($acct_info,$default_prefs); /* create the account */
1035
1036	$accountid = $this->name2id($accountname); /* grab the account id or an error code */
1037
1038	if ($accountid) /* begin account setup */
1039	{
1040	if($primary_group)
1041	{
1042	$this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) VALUES('phpgw_group', "
1043	. $primary_group . ", " . $accountid . ", 1)",__LINE__,__FILE__);
1044	}
1045
1046	/* FIXME - we are assuming the auth method is capable of password changing
1047	* $this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)VALUES('preferences', 'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
1048	*/
1049
1050	/* if we have an mail address set it in the uesrs' email preference */
1051	if (isset($GLOBALS['auto_create_acct']['email']) && $GLOBALS['auto_create_acct']['email'] != '')
1052	{
1053	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1054	$GLOBALS['phpgw']->preferences->preferences($accountid);
1055	$GLOBALS['phpgw']->preferences->read_repository();
1056	$GLOBALS['phpgw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']);
1057	$GLOBALS['phpgw']->preferences->save_repository();
1058	}
1059	/* use the default mail domain to set the uesrs' email preference */
1060	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1061	{
1062	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1063	$GLOBALS['phpgw']->preferences->preferences($accountid);
1064	$GLOBALS['phpgw']->preferences->read_repository();
1065	$GLOBALS['phpgw']->preferences->add('email','address', $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix']);
1066	$GLOBALS['phpgw']->preferences->save_repository();
1067	}
1068
1069	/* commit the new account transaction */
1070	$this->db->transaction_commit();
1071
1072	/* does anyone know what the heck this is required for? */
1073	$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
1074	$GLOBALS['hook_values']['account_id'] = $accountid;
1075	$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
1076	$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
1077	$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname'];
1078	$GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname'];
1079	$GLOBALS['phpgw']->hooks->process($GLOBALS['hook_values']+array(
1080	'location' => 'addaccount'
1081	),False,True); // called for every app now, not only enabled ones
1082
1083	} /* end account setup */
1084	else /* if no account id abort the account creation */
1085	{
1086	$this->db->transaction_abort();
1087	}
1088
1089	/*
1090	* If we succeeded in creating the account (above), return the accountid, else,
1091	* return the error value from $this->name2id($accountname)
1092	*/
1093	return $accountid;
1094	} /* end auto_add() */
1095
1096	function get_account_name($account_id,&$lid,&$fname,&$lname)
1097	{
1098	$acct_type = $this->get_type($account_id);
1099
1100	/* jakjr: using justthese with ldap_search */
1101	$justthese = array("cn","uid","givenname","sn");
1102
1103	/* search the dn for the given uid */
1104	if(($acct_type == 'g') && $this->group_context)
1105	{
1106	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwAccountType=g))', $justthese);
1107	}
1108	else
1109	{
1110	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwAccountType=u))', $justthese);
1111	}
1112	if(!$sri)
1113	return False;
1114	$allValues = ldap_get_entries($this->ds, $sri);
1115
1116	if($acct_type =='g')
1117	{
1118	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1119	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1120	$lname = lang('Group');
1121	}
1122	else
1123	{
1124	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['uid'][0],'utf-8');
1125	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
1126	$lname = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
1127	}
1128	return !empty($lid);
1129	}
1130
1131	function getDNforID($_accountid = '')
1132	{
1133	$_account_id = get_account_id($_accountid);
1134
1135	$sri = @ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$_account_id);
1136	if(!$sri)
1137	return False;
1138	$allValues = ldap_get_entries($this->ds, $sri);
1139
1140	return $allValues[0]['dn'];
1141	}
1142
1143	//by JakJr, add organization support
1144	function get_context($dn)
1145	{
1146	return substr($dn, (strpos($dn, ',')+1));
1147	}
1148
1149	//by JakJr, add organization support
1150	function get_organization($dn)
1151	{
1152	$ldap_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
1153	$end = (strpos($dn, $ldap_context)-1);
1154	$tmp = substr($dn, 0, $end);
1155	$begin = (strrpos($tmp, '=')+1);
1156	return substr($dn, $begin, ($end - $begin));
1157	}
1158
1159	//by JakJr, add organization support
1160	function get_sector($dn)
1161	{
1162	$context = $this->get_context($dn);
1163	$begin = (strpos($context, '=')+1);
1164	$end = (strpos($context, ',') - $begin);
1165	return substr($context, $begin, $end);
1166	}
1167
1168	function id2fullname($account_id)
1169	{
1170	$allValues = array();
1171	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
1172	if(!$sri)
1173	return False;
1174	$allValues = ldap_get_entries($this->ds, $sri);
1175	if (@$allValues[0]['cn'][0])
1176	{
1177	return $allValues[0]['cn'][0];
1178	}
1179	return False;
1180	}
1181
1182	function mail2fullname($mail)
1183	{
1184	$allValues = array();
1185	$sri = @ldap_search($this->ds, $this->user_context, '(&(mail=' . $mail . ')(phpgwaccounttype=u))');
1186	if(!$sri)
1187	return False;
1188	$allValues = ldap_get_entries($this->ds, $sri);
1189	if (@$allValues[0]['cn'][0])
1190	{
1191	return $allValues[0]['cn'][0];
1192	}
1193	return False;
1194	}
1195	}
1196	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: