1 | <?php |
---|
2 | /**************************************************************************\ |
---|
3 | * eGroupWare API - Accounts manager for LDAP * |
---|
4 | * Written by Joseph Engo <jengo@phpgroupware.org> * |
---|
5 | * and Lars Kneschke <lkneschke@phpgw.de> * |
---|
6 | * and Miles Lott <milos@groupwhere.org> * |
---|
7 | * and Bettina Gille <ceb@phpgroupware.org> * |
---|
8 | * View and manipulate account records using LDAP * |
---|
9 | * Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke * |
---|
10 | * Copyright (C) 2003 Lars Kneschke, Bettina Gille * |
---|
11 | * ------------------------------------------------------------------------ * |
---|
12 | * This library is part of the eGroupWare API * |
---|
13 | * http://www.egroupware.org * |
---|
14 | * ------------------------------------------------------------------------ * |
---|
15 | * This library is free software; you can redistribute it and/or modify it * |
---|
16 | * under the terms of the GNU Lesser General Public License as published by * |
---|
17 | * the Free Software Foundation; either version 2.1 of the License, * |
---|
18 | * or any later version. * |
---|
19 | * This library is distributed in the hope that it will be useful, but * |
---|
20 | * WITHOUT ANY WARRANTY; without even the implied warranty of * |
---|
21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * |
---|
22 | * See the GNU Lesser General Public License for more details. * |
---|
23 | * You should have received a copy of the GNU Lesser General Public License * |
---|
24 | * along with this library; if not, write to the Free Software Foundation, * |
---|
25 | * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * |
---|
26 | \**************************************************************************/ |
---|
27 | |
---|
28 | class accounts_ |
---|
29 | { |
---|
30 | var $db; |
---|
31 | var $ds; |
---|
32 | var $account_id; |
---|
33 | var $data; |
---|
34 | var $user_context = ''; |
---|
35 | var $group_context = ''; |
---|
36 | var $total; |
---|
37 | |
---|
38 | function accounts_() |
---|
39 | { |
---|
40 | $this->ds = $GLOBALS['phpgw']->common->ldapConnect(); |
---|
41 | if(!$this->ds) |
---|
42 | $this->ds = $GLOBALS['phpgw']->common->ldapConnect(); |
---|
43 | if(!@is_object($GLOBALS['phpgw']->translation)) |
---|
44 | { |
---|
45 | $GLOBALS['phpgw']->translation = CreateObject('phpgwapi.translation'); |
---|
46 | } |
---|
47 | $this->user_context = $GLOBALS['phpgw_info']['server']['ldap_context']; |
---|
48 | $this->group_context = $GLOBALS['phpgw_info']['server']['ldap_group_context']; |
---|
49 | } |
---|
50 | |
---|
51 | function read_repository() |
---|
52 | { |
---|
53 | $acct_type = $this->get_type($this->account_id); |
---|
54 | |
---|
55 | /* search the dn for the given uid */ |
---|
56 | if(($acct_type == 'g') && $this->group_context) |
---|
57 | { |
---|
58 | /* jakjr: using justthese with ldap_search */ |
---|
59 | $justthese = array("gidnumber", "cn"); |
---|
60 | $sri = @ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"), $justthese); |
---|
61 | } |
---|
62 | else |
---|
63 | { |
---|
64 | /* jakjr: using justthese with ldap_search */ |
---|
65 | $justthese = array("uidnumber", "gidnumber", "uid", "cn", "givenname", "sn", "mail", "phpgwaccountstatus", "phpgwaccountexpires", "phpgwaccounttype", "phpgwlastpasswdchange","phpgwagreeterm","telephonenumber","mobile","homephone","datanascimento"); |
---|
66 | $sri = @ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(|(phpgwaccounttype=u)(phpgwaccounttype=s)))"), $justthese); |
---|
67 | } |
---|
68 | if(!$sri) |
---|
69 | return null; |
---|
70 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
71 | |
---|
72 | /* Now dump it into the array; take first entry found */ |
---|
73 | if($acct_type =='g') |
---|
74 | { |
---|
75 | $this->data['account_id'] = $allValues[0]['gidnumber'][0]; |
---|
76 | $this->data['account_lid'] = $allValues[0]['cn'][0]; |
---|
77 | $this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8'); |
---|
78 | $this->data['lastname'] = lang('Group'); |
---|
79 | } |
---|
80 | else |
---|
81 | { |
---|
82 | $this->data['account_id'] = $allValues[0]['uidnumber'][0]; |
---|
83 | $this->data['account_primary_group'] = $allValues[0]['gidnumber'][0]; |
---|
84 | $this->data['account_lid'] = $allValues[0]['uid'][0]; |
---|
85 | $this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8'); |
---|
86 | $this->data['lastname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8'); |
---|
87 | if(isset($allValues[0]['mail'][0])) |
---|
88 | { |
---|
89 | $this->data['email'] = $allValues[0]['mail'][0]; |
---|
90 | } |
---|
91 | $this->data['telephonenumber'] = $allValues[0]['telephonenumber'][0]; |
---|
92 | $this->data['mobile'] = $allValues[0]['mobile'][0]; |
---|
93 | $this->data['homephone'] = $allValues[0]['homephone'][0]; |
---|
94 | $this->data['datanascimento'] = $allValues[0]['datanascimento'][0]; |
---|
95 | /* jakjr: this is not used for expressoLivre */ |
---|
96 | /* |
---|
97 | $this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0]; |
---|
98 | $this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0]; |
---|
99 | */ |
---|
100 | $this->data['lastpasswd_change'] = @$allValues[0]['phpgwlastpasswdchange'][0]; |
---|
101 | $this->data['status'] = trim($allValues[0]['phpgwaccountstatus'][0]); |
---|
102 | $this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0]; |
---|
103 | $this->data['type'] = $allValues[0]['phpgwaccounttype'][0]; |
---|
104 | $this->data['agree_terms'] = $allValues[0]['phpgwagreeterm'][0]; |
---|
105 | } |
---|
106 | $this->data['account_dn'] = $allValues[0]['dn']; |
---|
107 | $this->data['fullname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8'); |
---|
108 | |
---|
109 | /* jakjr: this is not used for expressoLivre */ |
---|
110 | /* |
---|
111 | if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes']) |
---|
112 | { |
---|
113 | $this->data['homedirectory'] = $allValues[0]['homedirectory'][0]; |
---|
114 | $this->data['loginshell'] = $allValues[0]['loginshell'][0]; |
---|
115 | } |
---|
116 | */ |
---|
117 | return $this->data; |
---|
118 | } |
---|
119 | |
---|
120 | function save_repository() |
---|
121 | { |
---|
122 | #_debug_array($this->data); |
---|
123 | $acct_type = $this->get_type($this->account_id); |
---|
124 | |
---|
125 | /* search the dn for the given u/gidnumber */ |
---|
126 | if(($acct_type == 'g') && $this->group_context) |
---|
127 | { |
---|
128 | $sri = ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))")); |
---|
129 | } |
---|
130 | else |
---|
131 | { |
---|
132 | $sri = ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))")); |
---|
133 | } |
---|
134 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
135 | |
---|
136 | $this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0]; |
---|
137 | |
---|
138 | if($acct_type == 'u') |
---|
139 | { |
---|
140 | // data for posixaccount |
---|
141 | $newData['cn'] = $GLOBALS['phpgw']->translation->convert(sprintf("%s %s", |
---|
142 | $this->data['firstname'], |
---|
143 | $this->data['lastname']),$GLOBALS['phpgw']->translation->charset(),'utf-8' |
---|
144 | ); |
---|
145 | $newData['uid'] = $GLOBALS['phpgw']->translation->convert( |
---|
146 | $this->data['account_lid'], |
---|
147 | $GLOBALS['phpgw']->translation->charset(),'utf-8' |
---|
148 | ); |
---|
149 | if($this->data['lastname']) |
---|
150 | { |
---|
151 | $newData['sn'] = $GLOBALS['phpgw']->translation->convert( |
---|
152 | $this->data['lastname'], |
---|
153 | $GLOBALS['phpgw']->translation->charset(),'utf-8' |
---|
154 | ); |
---|
155 | } |
---|
156 | |
---|
157 | if($this->data['firstname']) |
---|
158 | { |
---|
159 | $newData['givenname'] = $GLOBALS['phpgw']->translation->convert( |
---|
160 | $this->data['firstname'], |
---|
161 | $GLOBALS['phpgw']->translation->charset(),'utf-8' |
---|
162 | ); |
---|
163 | } |
---|
164 | if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes']) |
---|
165 | { |
---|
166 | $newData['homedirectory'] = $this->data['homedirectory']; |
---|
167 | $newData['loginshell'] = $this->data['loginshell']; |
---|
168 | } |
---|
169 | else |
---|
170 | { |
---|
171 | // the posixaccount schema requires this |
---|
172 | $entry['homedirectory'] = '/home/'.$this->data['account_lid']; |
---|
173 | $entry['loginshell'] = '/bin/false'; |
---|
174 | } |
---|
175 | if($this->data['account_primary_group']) |
---|
176 | { |
---|
177 | $newData['gidnumber'] = $this->data['account_primary_group']; |
---|
178 | } |
---|
179 | if($this->data['lastlogin']) |
---|
180 | { |
---|
181 | $newData['phpgwaccountlastlogin'] = $this->data['lastlogin']; |
---|
182 | } |
---|
183 | if($this->data['lastloginfrom']) |
---|
184 | { |
---|
185 | $newData['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom']; |
---|
186 | } |
---|
187 | if($this->data['lastpasswd_change']) |
---|
188 | { |
---|
189 | $newData['phpgwlastpasswdchange'] = $this->data['lastpasswd_change']; |
---|
190 | } |
---|
191 | if($this->data['status']) |
---|
192 | { |
---|
193 | $newData['phpgwaccountstatus'] = $this->data['status']; |
---|
194 | } |
---|
195 | else |
---|
196 | { |
---|
197 | $newData['phpgwaccountstatus'] = array(); |
---|
198 | } |
---|
199 | if($this->data['expires']) |
---|
200 | { |
---|
201 | $newData['phpgwaccountexpires'] = $this->data['expires']; |
---|
202 | } |
---|
203 | if($this->data['email']) |
---|
204 | { |
---|
205 | $newData['mail'] = $this->data['email']; |
---|
206 | } |
---|
207 | |
---|
208 | $newAccountID = $newData['uid']; |
---|
209 | $oldAccountID = $newData['uid']; |
---|
210 | } |
---|
211 | else |
---|
212 | { |
---|
213 | // data for posixgroup |
---|
214 | $newData['cn'] = $GLOBALS['phpgw']->translation->convert( |
---|
215 | $this->data['account_lid'], |
---|
216 | $GLOBALS['phpgw']->translation->charset(), 'utf-8' |
---|
217 | ); |
---|
218 | $newData['gidnumber'] = $this->account_id; |
---|
219 | $newGroupID = $newData['cn']; |
---|
220 | $oldGroupID = $newData['cn']; |
---|
221 | } |
---|
222 | if($this->data['type']) |
---|
223 | { |
---|
224 | $newData['phpgwaccounttype'] = $this->data['type']; |
---|
225 | } |
---|
226 | |
---|
227 | /* |
---|
228 | Changing the uid: Need to delete and add new, since |
---|
229 | PHP cannot change the dn for the entry. |
---|
230 | */ |
---|
231 | if ($acct_type == 'g') |
---|
232 | { |
---|
233 | $test = $allValues[0]['cn'][0]; |
---|
234 | } |
---|
235 | else |
---|
236 | { |
---|
237 | $test = $allValues[0]['uid'][0]; |
---|
238 | } |
---|
239 | if($GLOBALS['phpgw']->translation->convert($test,'utf-8') != $this->data['account_lid']) |
---|
240 | { |
---|
241 | $oldData = $allValues[0]; |
---|
242 | $oldDN = $oldData['dn']; |
---|
243 | // remove all unneeded fields |
---|
244 | unset($oldData['dn']); |
---|
245 | unset($oldData['count']); |
---|
246 | foreach($oldData as $key => $value) |
---|
247 | { |
---|
248 | if(is_numeric($key)) |
---|
249 | { |
---|
250 | // remove the key, its no ldap key |
---|
251 | unset($oldData[$key]); |
---|
252 | } |
---|
253 | else |
---|
254 | { |
---|
255 | // remove the count key |
---|
256 | if($oldData[$key]['count'] == 1) |
---|
257 | { |
---|
258 | $oldData[$key] = $value[0]; |
---|
259 | } |
---|
260 | else |
---|
261 | { |
---|
262 | unset($oldData[$key]['count']); |
---|
263 | } |
---|
264 | } |
---|
265 | } |
---|
266 | |
---|
267 | $oldAccountID = $oldData['uid']; |
---|
268 | $oldGroupID = $oldData['cn']; |
---|
269 | |
---|
270 | // merge the old data with the new one |
---|
271 | $newData = array_merge($oldData, $newData); |
---|
272 | |
---|
273 | /* Groups */ |
---|
274 | if($this->data['account_type'] == 'g' && $this->group_context ) |
---|
275 | { |
---|
276 | $newDN = 'cn='.$this->data['account_lid'].','.$this->group_context; |
---|
277 | $members = $this->member($this->account_id); |
---|
278 | $newData['memberuid'] = array(); |
---|
279 | for($i=0;$i<count($members);$i++) |
---|
280 | { |
---|
281 | $currname = $this->id2name($members[$i]['account_id']); |
---|
282 | if(!in_array($currname,$entry['memberuid'])) |
---|
283 | { |
---|
284 | $newData['memberuid'][] = $currname; |
---|
285 | } |
---|
286 | } |
---|
287 | } |
---|
288 | /* Accounts */ |
---|
289 | else |
---|
290 | { |
---|
291 | $newDN = 'uid='.$this->data['account_lid'].','.$this->user_context; |
---|
292 | } |
---|
293 | // delete the old account |
---|
294 | ldap_delete($this->ds,$oldDN); |
---|
295 | |
---|
296 | // add the new account |
---|
297 | #_debug_array($newData); |
---|
298 | ldap_add($this->ds, $newDN, $newData); |
---|
299 | } |
---|
300 | /* Normal behavior for save_repository |
---|
301 | update Account */ |
---|
302 | else |
---|
303 | { |
---|
304 | // add the list group members |
---|
305 | if($this->data['account_type'] == 'g' && $this->group_context ) |
---|
306 | { |
---|
307 | $members = $this->member($this->account_id); |
---|
308 | #_debug_array($members); |
---|
309 | $newData['memberuid'] = array(); |
---|
310 | for($i=0;$i<count($members);$i++) |
---|
311 | { |
---|
312 | $currname = $this->id2name($members[$i]['account_id']); |
---|
313 | if(!in_array($currname,$newData['memberuid'])) |
---|
314 | { |
---|
315 | $newData['memberuid'][] = $currname; |
---|
316 | } |
---|
317 | } |
---|
318 | } |
---|
319 | // modify the DN |
---|
320 | ldap_modify($this->ds, $allValues[0]['dn'], $newData); |
---|
321 | } |
---|
322 | |
---|
323 | if ($this->data['account_type'] == 'u') |
---|
324 | { |
---|
325 | // lets check for groups, the user needs to be removed |
---|
326 | |
---|
327 | // first lets search for the groups, the user is currently member of |
---|
328 | // and from which he needs to be removed |
---|
329 | $filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$oldAccountID . "))"; |
---|
330 | $justThese = array('memberuid','gidnumber'); |
---|
331 | $sri = ldap_search($this->ds, $this->group_context, $filter, $justThese); |
---|
332 | if($sri) |
---|
333 | { |
---|
334 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
335 | if($allValues['count'] > 0) |
---|
336 | { |
---|
337 | unset($allValues['count']); |
---|
338 | foreach($allValues as $key) |
---|
339 | { |
---|
340 | #_debug_array($key); |
---|
341 | #_debug_array($this->data['account_groups']); |
---|
342 | // delete the old accountid from any group |
---|
343 | if($newAccountID != $oldAccountID) |
---|
344 | { |
---|
345 | $dn = $key['dn']; |
---|
346 | $newData = array(); |
---|
347 | $newData['memberuid'] = $key['memberuid']; |
---|
348 | unset($newData['memberuid']['count']); |
---|
349 | // remove the uid from memberuid |
---|
350 | $newData['memberuid'] = array_flip($newData['memberuid']); |
---|
351 | unset($newData['memberuid'][$oldAccountID]); |
---|
352 | # $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid']))); |
---|
353 | $newData['memberuid'] = array_values(array_flip($newData['memberuid'])); |
---|
354 | ldap_mod_replace($this->ds, $dn, $newData); |
---|
355 | #print ldap_error($this->ds); |
---|
356 | } |
---|
357 | else |
---|
358 | { |
---|
359 | if(!in_array($key['gidnumber'][0],$this->data['account_groups'])) |
---|
360 | { |
---|
361 | $dn = $key['dn']; |
---|
362 | $newData = array(); |
---|
363 | $newData['memberuid'] = $key['memberuid']; |
---|
364 | unset($newData['memberuid']['count']); |
---|
365 | // remove the uid from memberuid |
---|
366 | $newData['memberuid'] = array_flip($newData['memberuid']); |
---|
367 | unset($newData['memberuid'][$oldAccountID]); |
---|
368 | $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid']))); |
---|
369 | ldap_mod_replace($this->ds, $dn, $newData); |
---|
370 | #print ldap_error($this->ds); |
---|
371 | } |
---|
372 | } |
---|
373 | } |
---|
374 | } |
---|
375 | } |
---|
376 | |
---|
377 | // lets check group the user needs to be added |
---|
378 | foreach($this->data['account_groups'] as $key => $value) |
---|
379 | { |
---|
380 | // search for the group |
---|
381 | $filter = 'gidnumber=' . (int)$value; |
---|
382 | $justThese = array('memberuid'); |
---|
383 | $sri = ldap_search($this->ds, $this->group_context, $filter, $justThese); |
---|
384 | if($sri) |
---|
385 | { |
---|
386 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
387 | // if the user is not member of this group, add him |
---|
388 | if(is_array($allValues[0]['memberuid'])) |
---|
389 | { |
---|
390 | // this group has already some members |
---|
391 | if(!in_array($newData['uid'],$allValues[0]['memberuid'])) |
---|
392 | { |
---|
393 | $dn = $allValues[0]['dn']; |
---|
394 | $newData = array(); |
---|
395 | $newData['memberuid'] = $allValues[0]['memberuid']; |
---|
396 | unset($newData['memberuid']['count']); |
---|
397 | $newData['memberuid'][] = $newAccountID; |
---|
398 | $newData['memberuid'] = array_values(array_unique($newData['memberuid'])); |
---|
399 | ldap_mod_replace($this->ds, $dn, $newData); |
---|
400 | } |
---|
401 | } |
---|
402 | else |
---|
403 | { |
---|
404 | // this group has no members |
---|
405 | $dn = $allValues[0]['dn']; |
---|
406 | $newData = array(); |
---|
407 | $newData['memberuid'][] = $newAccountID; |
---|
408 | ldap_mod_replace($this->ds, $dn, $newData); |
---|
409 | } |
---|
410 | } |
---|
411 | } |
---|
412 | } |
---|
413 | } |
---|
414 | |
---|
415 | function delete($accountid = '') |
---|
416 | { |
---|
417 | $account_id = get_account_id($accountid); |
---|
418 | $account_lid = $this->id2name((int)$account_id); |
---|
419 | |
---|
420 | $filter = "(&(gidnumber=" . (int)$account_id.")(phpgwaccounttype=g))"; |
---|
421 | $sri = ldap_search($this->ds, $this->group_context, $filter); |
---|
422 | if($sri) |
---|
423 | { |
---|
424 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
425 | } |
---|
426 | |
---|
427 | if(!$allValues[0]['dn']) |
---|
428 | { |
---|
429 | $sri = ldap_search($this->ds, $this->user_context, "(&(uid=" . (string)$account_lid.")(|(phpgwaccounttype=u)(phpgwaccounttype=s)))"); |
---|
430 | if($sri) |
---|
431 | { |
---|
432 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
433 | $accountID = $allValues['0']['uid'][0]; |
---|
434 | $wasAccount = True; |
---|
435 | } |
---|
436 | } |
---|
437 | |
---|
438 | if ($allValues[0]['dn']) |
---|
439 | { |
---|
440 | $del = ldap_delete($this->ds, $allValues[0]['dn']); |
---|
441 | } |
---|
442 | |
---|
443 | if($wasAccount) |
---|
444 | { |
---|
445 | // remove the user from any group he is member of |
---|
446 | $filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$accountID . "))"; |
---|
447 | $justThese = array('memberuid','gidnumber'); |
---|
448 | $sri = ldap_search($this->ds, $this->group_context, $filter, $justThese); |
---|
449 | if($sri) |
---|
450 | { |
---|
451 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
452 | if($allValues['count'] > 0) |
---|
453 | { |
---|
454 | unset($allValues['count']); |
---|
455 | foreach($allValues as $key) |
---|
456 | { |
---|
457 | $dn = $key['dn']; |
---|
458 | $newData = array(); |
---|
459 | $newData['memberuid'] = $key['memberuid']; |
---|
460 | unset($newData['memberuid']['count']); |
---|
461 | // remove the uid from memberuid |
---|
462 | $newData['memberuid'] = array_flip($newData['memberuid']); |
---|
463 | unset($newData['memberuid'][$accountID]); |
---|
464 | $newData['memberuid'] = array_unique(array_flip($newData['memberuid'])); |
---|
465 | ldap_mod_replace($this->ds, $dn, $newData); |
---|
466 | } |
---|
467 | } |
---|
468 | } |
---|
469 | } |
---|
470 | } |
---|
471 | |
---|
472 | function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='') |
---|
473 | { |
---|
474 | //print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset, \$query_type=$query_type<br>"; |
---|
475 | $query = strtolower($query); |
---|
476 | |
---|
477 | if($_type == 'accounts' || $_type == 'both') |
---|
478 | { |
---|
479 | $filter = "(&(uidnumber=*)(|(phpgwaccounttype=u)(phpgwaccounttype=s))"; |
---|
480 | if (!empty($query) && $query != '*') |
---|
481 | { |
---|
482 | switch($query_type) |
---|
483 | { |
---|
484 | case 'all': |
---|
485 | default: |
---|
486 | $query = '*'.$query; |
---|
487 | // fall-through |
---|
488 | case 'start': |
---|
489 | $query .= '*'; |
---|
490 | // fall-through |
---|
491 | case 'exact': |
---|
492 | $filter .= "(|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)(mail=$query))"; |
---|
493 | break; |
---|
494 | case 'firstname': |
---|
495 | case 'lastname': |
---|
496 | case 'lid': |
---|
497 | case 'email': |
---|
498 | $to_ldap = array( |
---|
499 | 'firstname' => 'givenname', |
---|
500 | 'lastname' => 'sn', |
---|
501 | 'lid' => 'uid', |
---|
502 | 'email' => 'mail', |
---|
503 | ); |
---|
504 | $filter .= '('.$to_ldap[$query_type].'=*'.$query.'*)'; |
---|
505 | break; |
---|
506 | } |
---|
507 | } |
---|
508 | $filter .= ')'; |
---|
509 | |
---|
510 | $sri = ldap_search($this->ds, $this->user_context, $filter); |
---|
511 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
512 | while (list($null,$allVals) = @each($allValues)) |
---|
513 | { |
---|
514 | settype($allVals,'array'); |
---|
515 | $test = @$allVals['uid'][0]; |
---|
516 | if (!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] && $allVals['uid'][0]) |
---|
517 | { |
---|
518 | $accounts[] = Array( |
---|
519 | 'account_id' => $allVals['uidnumber'][0], |
---|
520 | 'account_lid' => $allVals['uid'][0], |
---|
521 | 'account_type' => $allVals['phpgwaccounttype'][0], |
---|
522 | 'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'), |
---|
523 | 'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'), |
---|
524 | 'account_status' => $allVals['phpgwaccountstatus'][0], |
---|
525 | 'account_email' => $allVals['mail'][0], |
---|
526 | ); |
---|
527 | } |
---|
528 | } |
---|
529 | } |
---|
530 | if ($_type == 'groups' || $_type == 'both') |
---|
531 | { |
---|
532 | if(empty($query) || $query == '*') |
---|
533 | { |
---|
534 | $filter = '(&(gidnumber=*)(phpgwaccounttype=g))'; |
---|
535 | } |
---|
536 | else |
---|
537 | { |
---|
538 | if ($_type == 'both') |
---|
539 | $filter = "(&(gidnumber=*)(phpgwaccounttype=g)(|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)))"; |
---|
540 | else |
---|
541 | $filter = "(&(gidnumber=*)(phpgwaccounttype=g)(|(uid=*$query*)(sn=*$query*)(cn=*$query*)(givenname=*$query*)))"; |
---|
542 | } |
---|
543 | $sri = ldap_search($this->ds, $this->group_context, $filter); |
---|
544 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
545 | while (list($null,$allVals) = @each($allValues)) |
---|
546 | { |
---|
547 | settype($allVals,'array'); |
---|
548 | $test = $allVals['cn'][0]; |
---|
549 | if (!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0]) |
---|
550 | { |
---|
551 | $accounts[] = Array( |
---|
552 | 'account_id' => $allVals['gidnumber'][0], |
---|
553 | 'account_lid' => $allVals['cn'][0], |
---|
554 | 'account_type' => $allVals['phpgwaccounttype'][0], |
---|
555 | 'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'), |
---|
556 | 'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'), |
---|
557 | 'account_status' => $allVals['phpgwaccountstatus'][0], |
---|
558 | 'account_email' => $allVals['mail'][0], |
---|
559 | ); |
---|
560 | } |
---|
561 | } |
---|
562 | } |
---|
563 | // sort the array |
---|
564 | $arrayFunctions = CreateObject('phpgwapi.arrayfunctions'); |
---|
565 | if(empty($order)) |
---|
566 | { |
---|
567 | $order = 'account_lid'; |
---|
568 | } |
---|
569 | $sortedAccounts = $arrayFunctions->arfsort($accounts,explode(',',$order),$sort); |
---|
570 | $this->total = count($accounts); |
---|
571 | |
---|
572 | // return only the wanted accounts |
---|
573 | |
---|
574 | if (is_array($sortedAccounts)) |
---|
575 | { |
---|
576 | reset($sortedAccounts); |
---|
577 | if(is_int($start) && is_int($offset)) |
---|
578 | { |
---|
579 | return array_slice($sortedAccounts, $start, $offset); |
---|
580 | } |
---|
581 | elseif(is_int($start)) |
---|
582 | { |
---|
583 | return array_slice($sortedAccounts, $start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']); |
---|
584 | } |
---|
585 | else |
---|
586 | { |
---|
587 | return $sortedAccounts; |
---|
588 | } |
---|
589 | } |
---|
590 | return False; |
---|
591 | } |
---|
592 | |
---|
593 | function name2id($name,$which='account_lid') |
---|
594 | { |
---|
595 | /* jakjr: change search position */ |
---|
596 | $to_ldap = array( |
---|
597 | 'account_lid' => 'uid', |
---|
598 | 'account_email' => 'mail', |
---|
599 | ); |
---|
600 | if (!isset($to_ldap[$which])) return False; |
---|
601 | |
---|
602 | $sri = ldap_search($this->ds, $this->user_context, '(&('.$to_ldap[$which].'=' . (string)$name . ')(|(phpgwaccounttype=u)(phpgwaccounttype=s)))', array("uidnumber")); |
---|
603 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
604 | |
---|
605 | if (@$allValues[0]['uidnumber'][0]) |
---|
606 | { |
---|
607 | return (int)$allValues[0]['uidnumber'][0]; |
---|
608 | } |
---|
609 | |
---|
610 | if ($which == 'account_lid') // groups only support account_lid |
---|
611 | { |
---|
612 | $sri = ldap_search($this->ds, $this->group_context, '(&(cn=' . (string)$name . ')(phpgwaccounttype=g))', array("gidnumber")); |
---|
613 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
614 | |
---|
615 | if (@$allValues[0]['gidnumber'][0]) |
---|
616 | { |
---|
617 | return (int)$allValues[0]['gidnumber'][0]; |
---|
618 | } |
---|
619 | } |
---|
620 | |
---|
621 | return False; |
---|
622 | } |
---|
623 | |
---|
624 | function id2name($account_id,$which='account_lid') |
---|
625 | { |
---|
626 | if ($which == 'account_lid' || $which == 'account_type') // groups only support account_lid and account_type |
---|
627 | { |
---|
628 | $allValues = array(); |
---|
629 | /* jakjr: using justthese with ldap_search */ |
---|
630 | $sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("cn")); |
---|
631 | if(!$sri) |
---|
632 | return False; |
---|
633 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
634 | |
---|
635 | $attr = $which == 'account_lid' ? 'cn' : 'phpgwaccounttype'; |
---|
636 | if (@$allValues[0]['cn'][0]) |
---|
637 | { |
---|
638 | return $allValues[0]['cn'][0]; |
---|
639 | } |
---|
640 | } |
---|
641 | $to_ldap = array( |
---|
642 | 'account_lid' => 'uid', |
---|
643 | 'account_email' => 'mail', |
---|
644 | 'account_firstname' => 'surname', |
---|
645 | 'account_lastname' => 'cn', |
---|
646 | 'account_type' => 'phpgwaccounttype', |
---|
647 | ); |
---|
648 | if (!isset($to_ldap[$which])) return False; |
---|
649 | |
---|
650 | $allValues = array(); |
---|
651 | /* jakjr: using justthese with ldap_search */ |
---|
652 | $justthese = array("uid","mail","surname","cn","phpgwaccounttype"); |
---|
653 | $sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(|(phpgwaccounttype=u)(phpgwaccounttype=s)))', $justthese); |
---|
654 | if(!$sri) |
---|
655 | return False; |
---|
656 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
657 | |
---|
658 | if (@$allValues[0][$to_ldap[$which]][0]) |
---|
659 | { |
---|
660 | return $allValues[0][$to_ldap[$which]][0]; |
---|
661 | } |
---|
662 | return False; |
---|
663 | } |
---|
664 | |
---|
665 | function get_type($account_id) |
---|
666 | { |
---|
667 | $allValues = array(); |
---|
668 | /* jakjr: using justthese with ldap_search */ |
---|
669 | $sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(|(phpgwaccounttype=u)(phpgwaccounttype=s)))', array("phpgwaccounttype")); |
---|
670 | if(!$sri) |
---|
671 | return False; |
---|
672 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
673 | |
---|
674 | if ($allValues[0]['phpgwaccounttype'][0]) |
---|
675 | { |
---|
676 | return $allValues[0]['phpgwaccounttype'][0]; |
---|
677 | } |
---|
678 | |
---|
679 | $allValues = array(); |
---|
680 | /* jakjr: using justthese with ldap_search */ |
---|
681 | $sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("phpgwaccounttype")); |
---|
682 | if(!$sri) |
---|
683 | return False; |
---|
684 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
685 | |
---|
686 | if ($allValues[0]['phpgwaccounttype'][0]) |
---|
687 | { |
---|
688 | return $allValues[0]['phpgwaccounttype'][0]; |
---|
689 | } |
---|
690 | return False; |
---|
691 | } |
---|
692 | |
---|
693 | /* |
---|
694 | * returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both |
---|
695 | * $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer') |
---|
696 | */ |
---|
697 | function exists($account) |
---|
698 | { |
---|
699 | /* This sets up internal caching variables for this functon */ |
---|
700 | static $by_id, $by_lid; |
---|
701 | $users = array(); |
---|
702 | $groups = array(); |
---|
703 | |
---|
704 | if(is_int($account)) |
---|
705 | { |
---|
706 | $ldapgroup = 'gidnumber'; |
---|
707 | $ldapacct = 'uidnumber'; |
---|
708 | $account = (int)$account; |
---|
709 | /* If data is cached, use it. */ |
---|
710 | if(@isset($by_id[$account]) && @$by_id[$account]) |
---|
711 | { |
---|
712 | return $by_id[$account]; |
---|
713 | } |
---|
714 | } |
---|
715 | else |
---|
716 | { |
---|
717 | $ldapgroup = 'cn'; |
---|
718 | $ldapacct = 'uid'; |
---|
719 | /* If data is cached, use it. */ |
---|
720 | if(@isset($by_lid[$account]) && @$by_lid[$account]) |
---|
721 | { |
---|
722 | return $by_lid[$account]; |
---|
723 | } |
---|
724 | } |
---|
725 | |
---|
726 | $acct_type = $this->get_type($account); |
---|
727 | |
---|
728 | if ($acct_type == 'g' && $this->group_context) |
---|
729 | { |
---|
730 | $sri = @ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . $account); |
---|
731 | if(!$sri) |
---|
732 | return False; |
---|
733 | $groups = ldap_get_entries($this->ds, $sri); |
---|
734 | } |
---|
735 | $sri = @ldap_search($this->ds, $this->user_context, $ldapacct . '=' . $account); |
---|
736 | if(!$sri) |
---|
737 | return False; |
---|
738 | $users = ldap_get_entries($this->ds, $sri); |
---|
739 | |
---|
740 | if ($users[0]['dn']) |
---|
741 | { |
---|
742 | $in += 1; |
---|
743 | } |
---|
744 | if ($groups[0]['dn']) |
---|
745 | { |
---|
746 | $in += 2; |
---|
747 | } |
---|
748 | /* This sets up internal caching for this function */ |
---|
749 | if($ldapgroup == 'gidnumber') |
---|
750 | { |
---|
751 | $by_id[$account] = $in; |
---|
752 | $by_lid[$this->id2name($account)] = $in; |
---|
753 | } |
---|
754 | else |
---|
755 | { |
---|
756 | $by_lid[$account] = $in; |
---|
757 | $by_id[$this->name2id($account)] = $in; |
---|
758 | } |
---|
759 | |
---|
760 | return $in; |
---|
761 | } |
---|
762 | |
---|
763 | function create($account_info,$default_prefs=True) |
---|
764 | { |
---|
765 | /* echo '<br>in create for account_lid: "'.$account_lid.'"'; */ |
---|
766 | if (empty($account_info['account_id']) || !$account_info['account_id']) |
---|
767 | { |
---|
768 | $account_id = $this->get_nextid($account_info['account_type']); |
---|
769 | /* echo '<br>using'.$account_id;exit; */ |
---|
770 | } |
---|
771 | else |
---|
772 | { |
---|
773 | $account_id = $account_info['account_id']; |
---|
774 | } |
---|
775 | $entry['userpassword'] = $account_info['account_passwd']; |
---|
776 | $entry['phpgwaccounttype'] = $account_info['account_type']; |
---|
777 | $entry['phpgwaccountexpires'] = $account_info['account_expires']; |
---|
778 | |
---|
779 | if($account_info['account_type'] == 'g') |
---|
780 | { |
---|
781 | $sri = @ldap_search($this->ds, $this->group_context, 'cn=' . (string)$account_info['account_lid']); |
---|
782 | } |
---|
783 | else |
---|
784 | { |
---|
785 | $sri = @ldap_search($this->ds, $this->user_context, 'uid=' . (string)$account_info['account_lid']); |
---|
786 | } |
---|
787 | if(!$sri) |
---|
788 | return False; |
---|
789 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
790 | |
---|
791 | if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g') |
---|
792 | { |
---|
793 | $entry['homedirectory'] = $account_info['homedirectory'] && $account_info['homedirectory'] != $GLOBALS['phpgw_info']['server']['ldap_account_home'] ? $account_info['homedirectory'] : $GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid']; |
---|
794 | $entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['phpgw_info']['server']['ldap_account_shell']; |
---|
795 | } |
---|
796 | elseif($account_info['account_type'] != 'g') |
---|
797 | { |
---|
798 | $entry['homedirectory'] = '/home/'.$account_info['account_lid']; |
---|
799 | $entry['loginshell'] = '/bin/false'; |
---|
800 | } |
---|
801 | |
---|
802 | if ($allValues[0]['dn']) |
---|
803 | { |
---|
804 | /* This should keep the password from being overwritten here on ldap import */ |
---|
805 | unset($entry['userpassword']); |
---|
806 | $entry['gidnumber'] = $account_id; |
---|
807 | |
---|
808 | while (list($key,$val) = each($entry)) |
---|
809 | { |
---|
810 | $tmpentry = ''; |
---|
811 | $tmpentry[$key] = trim($val); /* must trim! */ |
---|
812 | /* echo '<br>'.$key.' '.$val; */ |
---|
813 | if ($tmpentry[$key]) |
---|
814 | { |
---|
815 | if (!$allValues[0][$key][0]) |
---|
816 | { |
---|
817 | /* attribute was not in LDAP, add it */ |
---|
818 | ldap_mod_add($this->ds, $allValues[0]['dn'], $tmpentry); |
---|
819 | } |
---|
820 | else |
---|
821 | { |
---|
822 | /* attribute was in LDAP, modify it */ |
---|
823 | ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry); |
---|
824 | } |
---|
825 | } |
---|
826 | } |
---|
827 | |
---|
828 | if ($account_info['account_type'] == 'g') |
---|
829 | { |
---|
830 | $tmpentry['objectclass'][0] = 'top'; |
---|
831 | $tmpentry['objectclass'][1] = 'posixGroup'; |
---|
832 | $tmpentry['objectclass'][2] = 'phpgwAccount'; |
---|
833 | } |
---|
834 | else |
---|
835 | { |
---|
836 | $tmpentry['uidnumber'] = $account_id; |
---|
837 | $tmpentry['objectclass'][0] = 'top'; |
---|
838 | $tmpentry['objectclass'][1] = 'person'; |
---|
839 | $tmpentry['objectclass'][2] = 'organizationalPerson'; |
---|
840 | $tmpentry['objectclass'][3] = 'inetOrgPerson'; |
---|
841 | $tmpentry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'],False); |
---|
842 | /* $tmpentry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */ |
---|
843 | $tmpentry['objectclass'][4] = 'posixAccount'; |
---|
844 | $tmpentry['objectclass'][5] = 'shadowAccount'; |
---|
845 | $tmpentry['objectclass'][6] = 'phpgwAccount'; |
---|
846 | $tmpentry['phpgwaccountstatus'] = $account_info['account_status']; |
---|
847 | $tmpentry['phpgwaccounttype'] = $account_info['account_type']; |
---|
848 | $tmpentry['phpgwaccountexpires'] = $account_info['account_expires']; |
---|
849 | } |
---|
850 | ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry); |
---|
851 | } |
---|
852 | else |
---|
853 | { |
---|
854 | /* Not already there, we will add it */ |
---|
855 | if ($account_info['account_type'] == 'g') |
---|
856 | { |
---|
857 | $dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context; |
---|
858 | unset($entry['homedirectory']); |
---|
859 | unset($entry['loginshell']); |
---|
860 | $entry['objectclass'][0] = 'top'; |
---|
861 | $entry['objectclass'][1] = 'posixGroup'; |
---|
862 | $entry['objectclass'][2] = 'phpgwAccount'; |
---|
863 | $entry['cn'] = $GLOBALS['phpgw']->translation->convert($account_info['account_lid'],$GLOBALS['phpgw']->translation->charset(),'utf-8'); |
---|
864 | $entry['gidnumber'] = $account_id; |
---|
865 | #$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']); |
---|
866 | $entry['description'] = 'phpgw-created group'; |
---|
867 | } |
---|
868 | else |
---|
869 | { |
---|
870 | $dn = 'uid=' . $account_info['account_lid'] . ',' . $this->user_context; |
---|
871 | |
---|
872 | $entry['cn'] = $GLOBALS['phpgw']->translation->convert( |
---|
873 | sprintf( |
---|
874 | "%s %s", |
---|
875 | $account_info['account_firstname'], |
---|
876 | $account_info['account_lastname'] |
---|
877 | ), |
---|
878 | $GLOBALS['phpgw']->translation->charset(), |
---|
879 | 'utf-8' |
---|
880 | ); |
---|
881 | |
---|
882 | $entry['sn'] = $GLOBALS['phpgw']->translation->convert( |
---|
883 | $account_info['account_lastname'], |
---|
884 | $GLOBALS['phpgw']->translation->charset(), |
---|
885 | 'utf-8' |
---|
886 | ); |
---|
887 | |
---|
888 | if($account_info['account_firstname']) |
---|
889 | { |
---|
890 | $entry['givenname'] = $GLOBALS['phpgw']->translation->convert( |
---|
891 | $account_info['account_firstname'], |
---|
892 | $GLOBALS['phpgw']->translation->charset(), |
---|
893 | 'utf-8' |
---|
894 | ); |
---|
895 | } |
---|
896 | if($account_info['account_email']) |
---|
897 | { |
---|
898 | $entry['mail'] = $GLOBALS['phpgw']->translation->convert( |
---|
899 | $account_info['account_email'], |
---|
900 | $GLOBALS['phpgw']->translation->charset(), |
---|
901 | 'utf-8' |
---|
902 | ); |
---|
903 | } |
---|
904 | $entry['uid'] = $account_info['account_lid']; |
---|
905 | $entry['uidnumber'] = $account_id; |
---|
906 | $entry['gidnumber'] = $account_info['account_primary_group']; |
---|
907 | $entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']); |
---|
908 | $entry['objectclass'][0] = 'top'; |
---|
909 | $entry['objectclass'][1] = 'person'; |
---|
910 | $entry['objectclass'][2] = 'organizationalPerson'; |
---|
911 | $entry['objectclass'][3] = 'inetOrgPerson'; |
---|
912 | $entry['objectclass'][4] = 'posixAccount'; |
---|
913 | $entry['objectclass'][5] = 'shadowAccount'; |
---|
914 | $entry['objectclass'][6] = 'phpgwAccount'; |
---|
915 | if($account_info['account_status']) |
---|
916 | { |
---|
917 | $entry['phpgwaccountstatus'] = $account_info['account_status']; |
---|
918 | } |
---|
919 | $entry['phpgwaccounttype'] = $account_info['account_type']; |
---|
920 | $entry['phpgwaccountexpires'] = $account_info['account_expires']; |
---|
921 | } |
---|
922 | |
---|
923 | #_debug_array($entry); |
---|
924 | |
---|
925 | // stop processing if ldap_add fails |
---|
926 | if(!ldap_add($this->ds, $dn, $entry)) |
---|
927 | { |
---|
928 | return false; |
---|
929 | } |
---|
930 | } |
---|
931 | // print ldap_error($this->ds); |
---|
932 | |
---|
933 | // lets check group the user needs to be added |
---|
934 | if($account_info['account_type'] == 'u') |
---|
935 | { |
---|
936 | @settype($account_info['account_groups'],'array'); |
---|
937 | foreach($account_info['account_groups'] as $key => $value) |
---|
938 | { |
---|
939 | // search for the group |
---|
940 | $filter = 'gidnumber=' . (int)$value; |
---|
941 | $justThese = array('memberuid'); |
---|
942 | $sri = ldap_search($this->ds, $this->group_context, $filter, $justThese); |
---|
943 | if($sri) |
---|
944 | { |
---|
945 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
946 | // if the user is not member of this group, add him |
---|
947 | if(is_array($allValues[0]['memberuid'])) |
---|
948 | { |
---|
949 | // this group has already some members |
---|
950 | if(!in_array($account_info['account_lid'],$allValues[0]['memberuid'])) |
---|
951 | { |
---|
952 | $dn = $allValues[0]['dn']; |
---|
953 | $newData = array(); |
---|
954 | $newData['memberuid'] = $allValues[0]['memberuid']; |
---|
955 | unset($newData['memberuid']['count']); |
---|
956 | $newData['memberuid'][] = $account_info['account_lid']; |
---|
957 | $newData['memberuid'] = array_unique($newData['memberuid']); |
---|
958 | ldap_mod_replace($this->ds, $dn, $newData); |
---|
959 | #print ldap_error($this->ds)."<br>"; |
---|
960 | } |
---|
961 | } |
---|
962 | else |
---|
963 | { |
---|
964 | // this group has no members |
---|
965 | $dn = $allValues[0]['dn']; |
---|
966 | $newData = array(); |
---|
967 | $newData['memberuid'][] = $account_info['account_lid']; |
---|
968 | ldap_mod_replace($this->ds, $dn, $newData); |
---|
969 | } |
---|
970 | } |
---|
971 | } |
---|
972 | } |
---|
973 | |
---|
974 | if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs) |
---|
975 | { |
---|
976 | $GLOBALS['phpgw']->preferences->create_defaults($account_id); |
---|
977 | } |
---|
978 | |
---|
979 | return $account_id; |
---|
980 | } |
---|
981 | |
---|
982 | function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A') |
---|
983 | { |
---|
984 | if ($expiredate == 0) |
---|
985 | { |
---|
986 | if(isset($GLOBALS['phpgw_info']['server']['auto_create_expire']) == True) |
---|
987 | { |
---|
988 | if($GLOBALS['phpgw_info']['server']['auto_create_expire'] == 'never') |
---|
989 | { |
---|
990 | $expires = -1; |
---|
991 | } |
---|
992 | else |
---|
993 | { |
---|
994 | $expiredate = time() + $GLOBALS['phpgw_info']['server']['auto_create_expire']; |
---|
995 | } |
---|
996 | } |
---|
997 | } |
---|
998 | else |
---|
999 | { |
---|
1000 | /* expire in 30 days by default */ |
---|
1001 | $expiredate = time() + ((60 * 60) * (30 * 24)); |
---|
1002 | } |
---|
1003 | |
---|
1004 | if ($expires != -1) |
---|
1005 | { |
---|
1006 | $expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate)); |
---|
1007 | } |
---|
1008 | |
---|
1009 | $default_group_id = $this->name2id($GLOBALS['phpgw_info']['server']['default_group_lid']); |
---|
1010 | if (!$default_group_id) |
---|
1011 | { |
---|
1012 | $default_group_id = (int) $this->name2id('Default'); |
---|
1013 | } |
---|
1014 | $primary_group = $GLOBALS['auto_create_acct']['primary_group'] && |
---|
1015 | $this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ? |
---|
1016 | (int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id; |
---|
1017 | |
---|
1018 | $acct_info = array( |
---|
1019 | 'account_lid' => $accountname, |
---|
1020 | 'account_type' => 'u', |
---|
1021 | 'account_passwd' => $passwd, |
---|
1022 | 'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New', |
---|
1023 | 'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User', |
---|
1024 | 'account_status' => $account_status, |
---|
1025 | 'account_expires' => $expires, |
---|
1026 | 'account_primary_group' => $primary_group, |
---|
1027 | ); |
---|
1028 | |
---|
1029 | /* attempt to set an email address */ |
---|
1030 | if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '') |
---|
1031 | { |
---|
1032 | $acct_info['account_email'] = $GLOBALS['auto_create_acct']['email']; |
---|
1033 | } |
---|
1034 | elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) == True && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '') |
---|
1035 | { |
---|
1036 | $acct_info['account_email'] = $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix']; |
---|
1037 | } |
---|
1038 | |
---|
1039 | $this->db->transaction_begin(); |
---|
1040 | |
---|
1041 | $this->create($acct_info,$default_prefs); /* create the account */ |
---|
1042 | |
---|
1043 | $accountid = $this->name2id($accountname); /* grab the account id or an error code */ |
---|
1044 | |
---|
1045 | if ($accountid) /* begin account setup */ |
---|
1046 | { |
---|
1047 | if($primary_group) |
---|
1048 | { |
---|
1049 | $this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) VALUES('phpgw_group', " |
---|
1050 | . $primary_group . ", " . $accountid . ", 1)",__LINE__,__FILE__); |
---|
1051 | } |
---|
1052 | |
---|
1053 | /* FIXME - we are assuming the auth method is capable of password changing |
---|
1054 | * $this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)VALUES('preferences', 'changepassword', ".$accountid.", 1)",__LINE__,__FILE__); |
---|
1055 | */ |
---|
1056 | |
---|
1057 | /* if we have an mail address set it in the uesrs' email preference */ |
---|
1058 | if (isset($GLOBALS['auto_create_acct']['email']) && $GLOBALS['auto_create_acct']['email'] != '') |
---|
1059 | { |
---|
1060 | $GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */ |
---|
1061 | $GLOBALS['phpgw']->preferences->preferences($accountid); |
---|
1062 | $GLOBALS['phpgw']->preferences->read_repository(); |
---|
1063 | $GLOBALS['phpgw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']); |
---|
1064 | $GLOBALS['phpgw']->preferences->save_repository(); |
---|
1065 | } |
---|
1066 | /* use the default mail domain to set the uesrs' email preference */ |
---|
1067 | elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '') |
---|
1068 | { |
---|
1069 | $GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */ |
---|
1070 | $GLOBALS['phpgw']->preferences->preferences($accountid); |
---|
1071 | $GLOBALS['phpgw']->preferences->read_repository(); |
---|
1072 | $GLOBALS['phpgw']->preferences->add('email','address', $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix']); |
---|
1073 | $GLOBALS['phpgw']->preferences->save_repository(); |
---|
1074 | } |
---|
1075 | |
---|
1076 | /* commit the new account transaction */ |
---|
1077 | $this->db->transaction_commit(); |
---|
1078 | |
---|
1079 | /* does anyone know what the heck this is required for? */ |
---|
1080 | $GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid']; |
---|
1081 | $GLOBALS['hook_values']['account_id'] = $accountid; |
---|
1082 | $GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd']; |
---|
1083 | $GLOBALS['hook_values']['account_status'] = $acct_info['account_status']; |
---|
1084 | $GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname']; |
---|
1085 | $GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname']; |
---|
1086 | $GLOBALS['phpgw']->hooks->process($GLOBALS['hook_values']+array( |
---|
1087 | 'location' => 'addaccount' |
---|
1088 | ),False,True); // called for every app now, not only enabled ones |
---|
1089 | |
---|
1090 | } /* end account setup */ |
---|
1091 | else /* if no account id abort the account creation */ |
---|
1092 | { |
---|
1093 | $this->db->transaction_abort(); |
---|
1094 | } |
---|
1095 | |
---|
1096 | /* |
---|
1097 | * If we succeeded in creating the account (above), return the accountid, else, |
---|
1098 | * return the error value from $this->name2id($accountname) |
---|
1099 | */ |
---|
1100 | return $accountid; |
---|
1101 | } /* end auto_add() */ |
---|
1102 | |
---|
1103 | function get_account_name($account_id,&$lid,&$fname,&$lname) |
---|
1104 | { |
---|
1105 | $acct_type = $this->get_type($account_id); |
---|
1106 | |
---|
1107 | /* jakjr: using justthese with ldap_search */ |
---|
1108 | $justthese = array("cn","uid","givenname","sn"); |
---|
1109 | |
---|
1110 | /* search the dn for the given uid */ |
---|
1111 | if(($acct_type == 'g') && $this->group_context) |
---|
1112 | { |
---|
1113 | $sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwAccountType=g))', $justthese); |
---|
1114 | } |
---|
1115 | else |
---|
1116 | { |
---|
1117 | $sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(|(phpgwaccounttype=u)(phpgwaccounttype=s)))', $justthese); |
---|
1118 | } |
---|
1119 | if(!$sri) |
---|
1120 | return False; |
---|
1121 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
1122 | |
---|
1123 | if($acct_type =='g') |
---|
1124 | { |
---|
1125 | $lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8'); |
---|
1126 | $fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8'); |
---|
1127 | $lname = lang('Group'); |
---|
1128 | } |
---|
1129 | else |
---|
1130 | { |
---|
1131 | $lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['uid'][0],'utf-8'); |
---|
1132 | $fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8'); |
---|
1133 | $lname = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8'); |
---|
1134 | } |
---|
1135 | return !empty($lid); |
---|
1136 | } |
---|
1137 | |
---|
1138 | function getDNforID($_accountid = '') |
---|
1139 | { |
---|
1140 | $_account_id = get_account_id($_accountid); |
---|
1141 | |
---|
1142 | $sri = @ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$_account_id); |
---|
1143 | if(!$sri) |
---|
1144 | return False; |
---|
1145 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
1146 | |
---|
1147 | return $allValues[0]['dn']; |
---|
1148 | } |
---|
1149 | |
---|
1150 | //by JakJr, add organization support |
---|
1151 | function get_context($dn) |
---|
1152 | { |
---|
1153 | return substr($dn, (strpos($dn, ',')+1)); |
---|
1154 | } |
---|
1155 | |
---|
1156 | //by JakJr, add organization support |
---|
1157 | function get_organization($dn) |
---|
1158 | { |
---|
1159 | $ldap_context = $GLOBALS['phpgw_info']['server']['ldap_context']; |
---|
1160 | $end = (strpos($dn, $ldap_context)-1); |
---|
1161 | $tmp = substr($dn, 0, $end); |
---|
1162 | $begin = (strrpos($tmp, '=')+1); |
---|
1163 | return substr($dn, $begin, ($end - $begin)); |
---|
1164 | } |
---|
1165 | |
---|
1166 | //by JakJr, add organization support |
---|
1167 | function get_sector($dn) |
---|
1168 | { |
---|
1169 | $context = $this->get_context($dn); |
---|
1170 | $begin = (strpos($context, '=')+1); |
---|
1171 | $end = (strpos($context, ',') - $begin); |
---|
1172 | return substr($context, $begin, $end); |
---|
1173 | } |
---|
1174 | |
---|
1175 | function id2fullname($account_id) |
---|
1176 | { |
---|
1177 | $allValues = array(); |
---|
1178 | $sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(|(phpgwaccounttype=u)(phpgwaccounttype=s)))'); |
---|
1179 | if(!$sri) |
---|
1180 | return False; |
---|
1181 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
1182 | if (@$allValues[0]['cn'][0]) |
---|
1183 | { |
---|
1184 | return $allValues[0]['cn'][0]; |
---|
1185 | } |
---|
1186 | return False; |
---|
1187 | } |
---|
1188 | |
---|
1189 | function mail2fullname($mail) |
---|
1190 | { |
---|
1191 | $allValues = array(); |
---|
1192 | $sri = @ldap_search($this->ds, $this->user_context, '(&(mail=' . $mail . ')(|(phpgwaccounttype=u)(phpgwaccounttype=s)))'); |
---|
1193 | if(!$sri) |
---|
1194 | return False; |
---|
1195 | $allValues = ldap_get_entries($this->ds, $sri); |
---|
1196 | if (@$allValues[0]['cn'][0]) |
---|
1197 | { |
---|
1198 | return $allValues[0]['cn'][0]; |
---|
1199 | } |
---|
1200 | return False; |
---|
1201 | } |
---|
1202 | } |
---|
1203 | ?> |
---|