Context Navigation

source: trunk/phpgwapi/inc/class.accounts_ldap.inc.php @ 7655

Revision 7655, 40.5 KB checked in by douglasz, 11 years ago (diff)
Ticket #3236 - Melhorias de performance no codigo do Expresso.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Accounts manager for LDAP *
4	* Written by Joseph Engo <jengo@phpgroupware.org> *
5	* and Lars Kneschke <lkneschke@phpgw.de> *
6	* and Miles Lott <milos@groupwhere.org> *
7	* and Bettina Gille <ceb@phpgroupware.org> *
8	* View and manipulate account records using LDAP *
9	* Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke *
10	* Copyright (C) 2003 Lars Kneschke, Bettina Gille *
11	* ------------------------------------------------------------------------ *
12	* This library is part of the eGroupWare API *
13	* http://www.egroupware.org *
14	* ------------------------------------------------------------------------ *
15	* This library is free software; you can redistribute it and/or modify it *
16	* under the terms of the GNU Lesser General Public License as published by *
17	* the Free Software Foundation; either version 2.1 of the License, *
18	* or any later version. *
19	* This library is distributed in the hope that it will be useful, but *
20	* WITHOUT ANY WARRANTY; without even the implied warranty of *
21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
22	* See the GNU Lesser General Public License for more details. *
23	* You should have received a copy of the GNU Lesser General Public License *
24	* along with this library; if not, write to the Free Software Foundation, *
25	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
26	\**************************************************************************/
27
28	class accounts_
29	{
30	var $db;
31	var $ds;
32	var $account_id;
33	var $data;
34	var $user_context = '';
35	var $group_context = '';
36	var $total;
37
38	function accounts_()
39	{
40	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
41	if(!$this->ds)
42	$this->ds = $GLOBALS['phpgw']->common->ldapConnect();
43	if(!@is_object($GLOBALS['phpgw']->translation))
44	{
45	$GLOBALS['phpgw']->translation = CreateObject('phpgwapi.translation');
46	}
47	$this->user_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
48	$this->group_context = $GLOBALS['phpgw_info']['server']['ldap_group_context'];
49	}
50
51	function read_repository()
52	{
53	$acct_type = $this->get_type($this->account_id);
54
55	/* search the dn for the given uid */
56	if(($acct_type == 'g') && $this->group_context)
57	{
58	/* jakjr: using justthese with ldap_search */
59	$justthese = array("gidnumber", "cn");
60	$sri = @ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"), $justthese);
61	}
62	else
63	{
64	/* jakjr: using justthese with ldap_search */
65	$justthese = array("uidnumber", "gidnumber", "uid", "cn", "givenname", "sn", "mail", "phpgwaccountstatus", "phpgwaccountexpires", "phpgwaccounttype", "phpgwlastpasswdchange","phpgwagreeterm","telephonenumber","mobile","homephone","datanascimento");
66	$sri = @ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))"), $justthese);
67	}
68	if(!$sri)
69	return null;
70	$allValues = ldap_get_entries($this->ds, $sri);
71
72	/* Now dump it into the array; take first entry found */
73	if($acct_type =='g')
74	{
75	$this->data['account_id'] = $allValues[0]['gidnumber'][0];
76	$this->data['account_lid'] = $allValues[0]['cn'][0];
77	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
78	$this->data['lastname'] = lang('Group');
79	}
80	else
81	{
82	$this->data['account_id'] = $allValues[0]['uidnumber'][0];
83	$this->data['account_primary_group'] = $allValues[0]['gidnumber'][0];
84	$this->data['account_lid'] = $allValues[0]['uid'][0];
85	$this->data['firstname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
86	$this->data['lastname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
87	if(isset($allValues[0]['mail'][0]))
88	{
89	$this->data['email'] = $allValues[0]['mail'][0];
90	}
91	$this->data['telephonenumber'] = $allValues[0]['telephonenumber'][0];
92	$this->data['mobile'] = $allValues[0]['mobile'][0];
93	$this->data['homephone'] = $allValues[0]['homephone'][0];
94	$this->data['datanascimento'] = $allValues[0]['datanascimento'][0];
95	/* jakjr: this is not used for expressoLivre */
96	/*
97	$this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0];
98	$this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0];
99	*/
100	$this->data['lastpasswd_change'] = @$allValues[0]['phpgwlastpasswdchange'][0];
101	$this->data['status'] = trim($allValues[0]['phpgwaccountstatus'][0]);
102	$this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0];
103	$this->data['type'] = $allValues[0]['phpgwaccounttype'][0];
104	$this->data['agree_terms'] = $allValues[0]['phpgwagreeterm'][0];
105	}
106	$this->data['account_dn'] = $allValues[0]['dn'];
107	$this->data['fullname'] = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
108
109	/* jakjr: this is not used for expressoLivre */
110	/*
111	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
112	{
113	$this->data['homedirectory'] = $allValues[0]['homedirectory'][0];
114	$this->data['loginshell'] = $allValues[0]['loginshell'][0];
115	}
116	*/
117	return $this->data;
118	}
119
120	function save_repository()
121	{
122	#_debug_array($this->data);
123	$acct_type = $this->get_type($this->account_id);
124
125	/* search the dn for the given u/gidnumber */
126	if(($acct_type == 'g') && $this->group_context)
127	{
128	$sri = ldap_search($this->ds, $this->group_context, ("(&(gidnumber=" . (int)$this->account_id.")(phpgwaccounttype=g))"));
129	}
130	else
131	{
132	$sri = ldap_search($this->ds, $this->user_context, ("(&(uidnumber=" . (int)$this->account_id.")(phpgwaccounttype=u))"));
133	}
134	$allValues = ldap_get_entries($this->ds, $sri);
135
136	$this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0];
137
138	if($acct_type == 'u')
139	{
140	// data for posixaccount
141	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(sprintf("%s %s",
142	$this->data['firstname'],
143	$this->data['lastname']),$GLOBALS['phpgw']->translation->charset(),'utf-8'
144	);
145	$newData['uid'] = $GLOBALS['phpgw']->translation->convert(
146	$this->data['account_lid'],
147	$GLOBALS['phpgw']->translation->charset(),'utf-8'
148	);
149	if($this->data['lastname'])
150	{
151	$newData['sn'] = $GLOBALS['phpgw']->translation->convert(
152	$this->data['lastname'],
153	$GLOBALS['phpgw']->translation->charset(),'utf-8'
154	);
155	}
156
157	if($this->data['firstname'])
158	{
159	$newData['givenname'] = $GLOBALS['phpgw']->translation->convert(
160	$this->data['firstname'],
161	$GLOBALS['phpgw']->translation->charset(),'utf-8'
162	);
163	}
164	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
165	{
166	$newData['homedirectory'] = $this->data['homedirectory'];
167	$newData['loginshell'] = $this->data['loginshell'];
168	}
169	else
170	{
171	// the posixaccount schema requires this
172	$entry['homedirectory'] = '/home/'.$this->data['account_lid'];
173	$entry['loginshell'] = '/bin/false';
174	}
175	if($this->data['account_primary_group'])
176	{
177	$newData['gidnumber'] = $this->data['account_primary_group'];
178	}
179	if($this->data['lastlogin'])
180	{
181	$newData['phpgwaccountlastlogin'] = $this->data['lastlogin'];
182	}
183	if($this->data['lastloginfrom'])
184	{
185	$newData['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom'];
186	}
187	if($this->data['lastpasswd_change'])
188	{
189	$newData['phpgwlastpasswdchange'] = $this->data['lastpasswd_change'];
190	}
191	if($this->data['status'])
192	{
193	$newData['phpgwaccountstatus'] = $this->data['status'];
194	}
195	else
196	{
197	$newData['phpgwaccountstatus'] = array();
198	}
199	if($this->data['expires'])
200	{
201	$newData['phpgwaccountexpires'] = $this->data['expires'];
202	}
203	if($this->data['email'])
204	{
205	$newData['mail'] = $this->data['email'];
206	}
207
208	$newAccountID = $newData['uid'];
209	$oldAccountID = $newData['uid'];
210	}
211	else
212	{
213	// data for posixgroup
214	$newData['cn'] = $GLOBALS['phpgw']->translation->convert(
215	$this->data['account_lid'],
216	$GLOBALS['phpgw']->translation->charset(), 'utf-8'
217	);
218	$newData['gidnumber'] = $this->account_id;
219	$newGroupID = $newData['cn'];
220	$oldGroupID = $newData['cn'];
221	}
222	if($this->data['type'])
223	{
224	$newData['phpgwaccounttype'] = $this->data['type'];
225	}
226
227	/*
228	Changing the uid: Need to delete and add new, since
229	PHP cannot change the dn for the entry.
230	*/
231	if ($acct_type == 'g')
232	{
233	$test = $allValues[0]['cn'][0];
234	}
235	else
236	{
237	$test = $allValues[0]['uid'][0];
238	}
239	if($GLOBALS['phpgw']->translation->convert($test,'utf-8') != $this->data['account_lid'])
240	{
241	$oldData = $allValues[0];
242	$oldDN = $oldData['dn'];
243	// remove all unneeded fields
244	unset($oldData['dn']);
245	unset($oldData['count']);
246	foreach($oldData as $key => $value)
247	{
248	if(is_numeric($key))
249	{
250	// remove the key, its no ldap key
251	unset($oldData[$key]);
252	}
253	else
254	{
255	// remove the count key
256	if($oldData[$key]['count'] == 1)
257	{
258	$oldData[$key] = $value[0];
259	}
260	else
261	{
262	unset($oldData[$key]['count']);
263	}
264	}
265	}
266
267	$oldAccountID = $oldData['uid'];
268	$oldGroupID = $oldData['cn'];
269
270	// merge the old data with the new one
271	$newData = array_merge($oldData, $newData);
272
273	/* Groups */
274	if($this->data['account_type'] == 'g' && $this->group_context )
275	{
276	$newDN = 'cn='.$this->data['account_lid'].','.$this->group_context;
277	$members = $this->member($this->account_id);
278	$newData['memberuid'] = array();
279	for($i=0;$i<count($members);++$i)
280	{
281	$currname = $this->id2name($members[$i]['account_id']);
282	if(!in_array($currname,$entry['memberuid']))
283	{
284	$newData['memberuid'][] = $currname;
285	}
286	}
287	}
288	/* Accounts */
289	else
290	{
291	$newDN = 'uid='.$this->data['account_lid'].','.$this->user_context;
292	}
293	// delete the old account
294	ldap_delete($this->ds,$oldDN);
295
296	// add the new account
297	#_debug_array($newData);
298	ldap_add($this->ds, $newDN, $newData);
299	}
300	/* Normal behavior for save_repository
301	update Account */
302	else
303	{
304	// add the list group members
305	if($this->data['account_type'] == 'g' && $this->group_context )
306	{
307	$members = $this->member($this->account_id);
308	#_debug_array($members);
309	$newData['memberuid'] = array();
310	for($i=0;$i<count($members);++$i)
311	{
312	$currname = $this->id2name($members[$i]['account_id']);
313	if(!in_array($currname,$newData['memberuid']))
314	{
315	$newData['memberuid'][] = $currname;
316	}
317	}
318	}
319	// modify the DN
320	ldap_modify($this->ds, $allValues[0]['dn'], $newData);
321	}
322
323	if ($this->data['account_type'] == 'u')
324	{
325	// lets check for groups, the user needs to be removed
326
327	// first lets search for the groups, the user is currently member of
328	// and from which he needs to be removed
329	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$oldAccountID . "))";
330	$justThese = array('memberuid','gidnumber');
331	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
332	if($sri)
333	{
334	$allValues = ldap_get_entries($this->ds, $sri);
335	if($allValues['count'] > 0)
336	{
337	unset($allValues['count']);
338	foreach($allValues as $key)
339	{
340	#_debug_array($key);
341	#_debug_array($this->data['account_groups']);
342	// delete the old accountid from any group
343	if($newAccountID != $oldAccountID)
344	{
345	$dn = $key['dn'];
346	$newData = array();
347	$newData['memberuid'] = $key['memberuid'];
348	unset($newData['memberuid']['count']);
349	// remove the uid from memberuid
350	$newData['memberuid'] = array_flip($newData['memberuid']);
351	unset($newData['memberuid'][$oldAccountID]);
352	# $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
353	$newData['memberuid'] = array_values(array_flip($newData['memberuid']));
354	ldap_mod_replace($this->ds, $dn, $newData);
355	#print ldap_error($this->ds);
356	}
357	else
358	{
359	if(!in_array($key['gidnumber'][0],$this->data['account_groups']))
360	{
361	$dn = $key['dn'];
362	$newData = array();
363	$newData['memberuid'] = $key['memberuid'];
364	unset($newData['memberuid']['count']);
365	// remove the uid from memberuid
366	$newData['memberuid'] = array_flip($newData['memberuid']);
367	unset($newData['memberuid'][$oldAccountID]);
368	$newData['memberuid'] = array_values(sort(array_flip($newData['memberuid'])));
369	ldap_mod_replace($this->ds, $dn, $newData);
370	#print ldap_error($this->ds);
371	}
372	}
373	}
374	}
375	}
376
377	// lets check group the user needs to be added
378	foreach($this->data['account_groups'] as $key => $value)
379	{
380	// search for the group
381	$filter = 'gidnumber=' . (int)$value;
382	$justThese = array('memberuid');
383	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
384	if($sri)
385	{
386	$allValues = ldap_get_entries($this->ds, $sri);
387	// if the user is not member of this group, add him
388	if(is_array($allValues[0]['memberuid']))
389	{
390	// this group has already some members
391	if(!in_array($newData['uid'],$allValues[0]['memberuid']))
392	{
393	$dn = $allValues[0]['dn'];
394	$newData = array();
395	$newData['memberuid'] = $allValues[0]['memberuid'];
396	unset($newData['memberuid']['count']);
397	$newData['memberuid'][] = $newAccountID;
398	$newData['memberuid'] = array_values(array_unique($newData['memberuid']));
399	ldap_mod_replace($this->ds, $dn, $newData);
400	}
401	}
402	else
403	{
404	// this group has no members
405	$dn = $allValues[0]['dn'];
406	$newData = array();
407	$newData['memberuid'][] = $newAccountID;
408	ldap_mod_replace($this->ds, $dn, $newData);
409	}
410	}
411	}
412	}
413	}
414
415	function delete($accountid = '')
416	{
417	$account_id = get_account_id($accountid);
418	$account_lid = $this->id2name((int)$account_id);
419
420	$filter = "(&(gidnumber=" . (int)$account_id.")(phpgwaccounttype=g))";
421	$sri = ldap_search($this->ds, $this->group_context, $filter);
422	if($sri)
423	{
424	$allValues = ldap_get_entries($this->ds, $sri);
425	}
426
427	if(!$allValues[0]['dn'])
428	{
429	$sri = ldap_search($this->ds, $this->user_context, "(&(uid=" . (string)$account_lid.")(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))");
430	if($sri)
431	{
432	$allValues = ldap_get_entries($this->ds, $sri);
433	$accountID = $allValues['0']['uid'][0];
434	$wasAccount = True;
435	}
436	}
437
438	if ($allValues[0]['dn'])
439	{
440	$del = ldap_delete($this->ds, $allValues[0]['dn']);
441	}
442
443	if($wasAccount)
444	{
445	// remove the user from any group he is member of
446	$filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$accountID . "))";
447	$justThese = array('memberuid','gidnumber');
448	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
449	if($sri)
450	{
451	$allValues = ldap_get_entries($this->ds, $sri);
452	if($allValues['count'] > 0)
453	{
454	unset($allValues['count']);
455	foreach($allValues as $key)
456	{
457	$dn = $key['dn'];
458	$newData = array();
459	$newData['memberuid'] = $key['memberuid'];
460	unset($newData['memberuid']['count']);
461	// remove the uid from memberuid
462	$newData['memberuid'] = array_flip($newData['memberuid']);
463	unset($newData['memberuid'][$accountID]);
464	$newData['memberuid'] = array_unique(array_flip($newData['memberuid']));
465	ldap_mod_replace($this->ds, $dn, $newData);
466	}
467	}
468	}
469	}
470	}
471
472	function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
473	{
474	//print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset, \$query_type=$query_type<br>";
475	$query = strtolower($query);
476
477	if($_type == 'accounts' \|\| $_type == 'both')
478	{
479	$filter = "(&(uidnumber=*)(\|(phpgwaccounttype=u)(phpgwaccounttype=s))";
480	if (!empty($query) && $query != '*')
481	{
482	switch($query_type)
483	{
484	case 'all':
485	default:
486	$query = '*'.$query;
487	// fall-through
488	case 'start':
489	$query .= '*';
490	// fall-through
491	case 'exact':
492	$filter .= "(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)(mail=$query))";
493	break;
494	case 'firstname':
495	case 'lastname':
496	case 'lid':
497	case 'email':
498	$to_ldap = array(
499	'firstname' => 'givenname',
500	'lastname' => 'sn',
501	'lid' => 'uid',
502	'email' => 'mail',
503	);
504	$filter .= '('.$to_ldap[$query_type].'='.$query.')';
505	break;
506	}
507	}
508	$filter .= ')';
509
510	$sri = ldap_search($this->ds, $this->user_context, $filter);
511	$allValues = ldap_get_entries($this->ds, $sri);
512	while (list($null,$allVals) = @each($allValues))
513	{
514	settype($allVals,'array');
515	$test = @$allVals['uid'][0];
516	if (!$GLOBALS['phpgw_info']['server']['global_denied_users'][$test] && $allVals['uid'][0])
517	{
518	$accounts[] = Array(
519	'account_id' => $allVals['uidnumber'][0],
520	'account_lid' => $allVals['uid'][0],
521	'account_type' => $allVals['phpgwaccounttype'][0],
522	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
523	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
524	'account_status' => $allVals['phpgwaccountstatus'][0],
525	'account_email' => $allVals['mail'][0],
526	);
527	}
528	}
529	}
530	if ($_type == 'groups' \|\| $_type == 'both')
531	{
532	if(empty($query) \|\| $query == '*')
533	{
534	$filter = '(&(gidnumber=*)(phpgwaccounttype=g))';
535	}
536	else
537	{
538	if ($_type == 'both')
539	$filter = "(&(gidnumber=*)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)))";
540	else
541	$filter = "(&(gidnumber=)(phpgwaccounttype=g)(\|(uid=$query)(sn=$query)(cn=$query)(givenname=$query*)))";
542	}
543	$sri = ldap_search($this->ds, $this->group_context, $filter);
544	$allValues = ldap_get_entries($this->ds, $sri);
545	while (list($null,$allVals) = @each($allValues))
546	{
547	settype($allVals,'array');
548	$test = $allVals['cn'][0];
549	if (!$GLOBALS['phpgw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0])
550	{
551	$accounts[] = Array(
552	'account_id' => $allVals['gidnumber'][0],
553	'account_lid' => $allVals['cn'][0],
554	'account_type' => $allVals['phpgwaccounttype'][0],
555	'account_firstname' => $GLOBALS['phpgw']->translation->convert($allVals['givenname'][0],'utf-8'),
556	'account_lastname' => $GLOBALS['phpgw']->translation->convert($allVals['sn'][0],'utf-8'),
557	'account_status' => $allVals['phpgwaccountstatus'][0],
558	'account_email' => $allVals['mail'][0],
559	);
560	}
561	}
562	}
563	// sort the array
564	$arrayFunctions = CreateObject('phpgwapi.arrayfunctions');
565	if(empty($order))
566	{
567	$order = 'account_lid';
568	}
569	$sortedAccounts = $arrayFunctions->arfsort($accounts,explode(',',$order),$sort);
570	$this->total = count($accounts);
571
572	// return only the wanted accounts
573
574	if (is_array($sortedAccounts))
575	{
576	reset($sortedAccounts);
577	if(is_int($start) && is_int($offset))
578	{
579	return array_slice($sortedAccounts, $start, $offset);
580	}
581	elseif(is_int($start))
582	{
583	return array_slice($sortedAccounts, $start, $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']);
584	}
585	else
586	{
587	return $sortedAccounts;
588	}
589	}
590	return False;
591	}
592
593	function name2id($name,$which='account_lid')
594	{
595	/* jakjr: change search position */
596	$to_ldap = array(
597	'account_lid' => 'uid',
598	'account_email' => 'mail',
599	);
600	if (!isset($to_ldap[$which])) return False;
601
602	$sri = ldap_search($this->ds, $this->user_context, '(&('.$to_ldap[$which].'=' . (string)$name . ')(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))', array("uidnumber"));
603	$allValues = ldap_get_entries($this->ds, $sri);
604
605	if (@$allValues[0]['uidnumber'][0])
606	{
607	return (int)$allValues[0]['uidnumber'][0];
608	}
609
610	if ($which == 'account_lid') // groups only support account_lid
611	{
612	$sri = ldap_search($this->ds, $this->group_context, '(&(cn=' . (string)$name . ')(phpgwaccounttype=g))', array("gidnumber"));
613	$allValues = ldap_get_entries($this->ds, $sri);
614
615	if (@$allValues[0]['gidnumber'][0])
616	{
617	return (int)$allValues[0]['gidnumber'][0];
618	}
619	}
620
621	return False;
622	}
623
624	function id2name($account_id,$which='account_lid')
625	{
626	if ($which == 'account_lid' \|\| $which == 'account_type') // groups only support account_lid and account_type
627	{
628	$allValues = array();
629	/* jakjr: using justthese with ldap_search */
630	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("cn"));
631	if(!$sri)
632	return False;
633	$allValues = ldap_get_entries($this->ds, $sri);
634
635	$attr = $which == 'account_lid' ? 'cn' : 'phpgwaccounttype';
636	if (@$allValues[0]['cn'][0])
637	{
638	return $allValues[0]['cn'][0];
639	}
640	}
641	$to_ldap = array(
642	'account_lid' => 'uid',
643	'account_email' => 'mail',
644	'account_firstname' => 'surname',
645	'account_lastname' => 'cn',
646	'account_type' => 'phpgwaccounttype',
647	);
648	if (!isset($to_ldap[$which])) return False;
649
650	$allValues = array();
651	/* jakjr: using justthese with ldap_search */
652	$justthese = array("uid","mail","surname","cn","phpgwaccounttype");
653	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))', $justthese);
654	if(!$sri)
655	return False;
656	$allValues = ldap_get_entries($this->ds, $sri);
657
658	if (@$allValues[0][$to_ldap[$which]][0])
659	{
660	return $allValues[0][$to_ldap[$which]][0];
661	}
662	return False;
663	}
664
665	function get_type($account_id)
666	{
667	$allValues = array();
668	/* jakjr: using justthese with ldap_search */
669	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))', array("phpgwaccounttype"));
670	if(!$sri)
671	return False;
672	$allValues = ldap_get_entries($this->ds, $sri);
673
674	if ($allValues[0]['phpgwaccounttype'][0])
675	{
676	return $allValues[0]['phpgwaccounttype'][0];
677	}
678
679	$allValues = array();
680	/* jakjr: using justthese with ldap_search */
681	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))', array("phpgwaccounttype"));
682	if(!$sri)
683	return False;
684	$allValues = ldap_get_entries($this->ds, $sri);
685
686	if ($allValues[0]['phpgwaccounttype'][0])
687	{
688	return $allValues[0]['phpgwaccounttype'][0];
689	}
690	return False;
691	}
692
693	/*
694	* returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both
695	* $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer')
696	*/
697	function exists($account)
698	{
699	/* This sets up internal caching variables for this functon */
700	static $by_id, $by_lid;
701	$users = array();
702	$groups = array();
703
704	if(is_int($account))
705	{
706	$ldapgroup = 'gidnumber';
707	$ldapacct = 'uidnumber';
708	$account = (int)$account;
709	/* If data is cached, use it. */
710	if(@isset($by_id[$account]) && @$by_id[$account])
711	{
712	return $by_id[$account];
713	}
714	}
715	else
716	{
717	$ldapgroup = 'cn';
718	$ldapacct = 'uid';
719	/* If data is cached, use it. */
720	if(@isset($by_lid[$account]) && @$by_lid[$account])
721	{
722	return $by_lid[$account];
723	}
724	}
725
726	$acct_type = $this->get_type($account);
727
728	if ($acct_type == 'g' && $this->group_context)
729	{
730	$sri = @ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . $account);
731	if(!$sri)
732	return False;
733	$groups = ldap_get_entries($this->ds, $sri);
734	}
735	$sri = @ldap_search($this->ds, $this->user_context, $ldapacct . '=' . $account);
736	if(!$sri)
737	return False;
738	$users = ldap_get_entries($this->ds, $sri);
739
740	if ($users[0]['dn'])
741	{
742	$in += 1;
743	}
744	if ($groups[0]['dn'])
745	{
746	$in += 2;
747	}
748	/* This sets up internal caching for this function */
749	if($ldapgroup == 'gidnumber')
750	{
751	$by_id[$account] = $in;
752	$by_lid[$this->id2name($account)] = $in;
753	}
754	else
755	{
756	$by_lid[$account] = $in;
757	$by_id[$this->name2id($account)] = $in;
758	}
759
760	return $in;
761	}
762
763	function create($account_info,$default_prefs=True)
764	{
765	/* echo '<br>in create for account_lid: "'.$account_lid.'"'; */
766	if (empty($account_info['account_id']) \|\| !$account_info['account_id'])
767	{
768	$account_id = $this->get_nextid($account_info['account_type']);
769	/* echo '<br>using'.$account_id;exit; */
770	}
771	else
772	{
773	$account_id = $account_info['account_id'];
774	}
775	$entry['userpassword'] = $account_info['account_passwd'];
776	$entry['phpgwaccounttype'] = $account_info['account_type'];
777	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
778
779	if($account_info['account_type'] == 'g')
780	{
781	$sri = @ldap_search($this->ds, $this->group_context, 'cn=' . (string)$account_info['account_lid']);
782	}
783	else
784	{
785	$sri = @ldap_search($this->ds, $this->user_context, 'uid=' . (string)$account_info['account_lid']);
786	}
787	if(!$sri)
788	return False;
789	$allValues = ldap_get_entries($this->ds, $sri);
790
791	if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g')
792	{
793	$entry['homedirectory'] = $account_info['homedirectory'] && $account_info['homedirectory'] != $GLOBALS['phpgw_info']['server']['ldap_account_home'] ? $account_info['homedirectory'] : $GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid'];
794	$entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['phpgw_info']['server']['ldap_account_shell'];
795	}
796	elseif($account_info['account_type'] != 'g')
797	{
798	$entry['homedirectory'] = '/home/'.$account_info['account_lid'];
799	$entry['loginshell'] = '/bin/false';
800	}
801
802	if ($allValues[0]['dn'])
803	{
804	/* This should keep the password from being overwritten here on ldap import */
805	unset($entry['userpassword']);
806	$entry['gidnumber'] = $account_id;
807
808	while (list($key,$val) = each($entry))
809	{
810	$tmpentry = '';
811	$tmpentry[$key] = trim($val); /* must trim! */
812	/* echo '<br>'.$key.' '.$val; */
813	if ($tmpentry[$key])
814	{
815	if (!$allValues[0][$key][0])
816	{
817	/* attribute was not in LDAP, add it */
818	ldap_mod_add($this->ds, $allValues[0]['dn'], $tmpentry);
819	}
820	else
821	{
822	/* attribute was in LDAP, modify it */
823	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
824	}
825	}
826	}
827
828	if ($account_info['account_type'] == 'g')
829	{
830	$tmpentry['objectclass'][0] = 'top';
831	$tmpentry['objectclass'][1] = 'posixGroup';
832	$tmpentry['objectclass'][2] = 'phpgwAccount';
833	}
834	else
835	{
836	$tmpentry['uidnumber'] = $account_id;
837	$tmpentry['objectclass'][0] = 'top';
838	$tmpentry['objectclass'][1] = 'person';
839	$tmpentry['objectclass'][2] = 'organizationalPerson';
840	$tmpentry['objectclass'][3] = 'inetOrgPerson';
841	$tmpentry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'],False);
842	/* $tmpentry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */
843	$tmpentry['objectclass'][4] = 'posixAccount';
844	$tmpentry['objectclass'][5] = 'shadowAccount';
845	$tmpentry['objectclass'][6] = 'phpgwAccount';
846	$tmpentry['phpgwaccountstatus'] = $account_info['account_status'];
847	$tmpentry['phpgwaccounttype'] = $account_info['account_type'];
848	$tmpentry['phpgwaccountexpires'] = $account_info['account_expires'];
849	}
850	ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry);
851	}
852	else
853	{
854	/* Not already there, we will add it */
855	if ($account_info['account_type'] == 'g')
856	{
857	$dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context;
858	unset($entry['homedirectory']);
859	unset($entry['loginshell']);
860	$entry['objectclass'][0] = 'top';
861	$entry['objectclass'][1] = 'posixGroup';
862	$entry['objectclass'][2] = 'phpgwAccount';
863	$entry['cn'] = $GLOBALS['phpgw']->translation->convert($account_info['account_lid'],$GLOBALS['phpgw']->translation->charset(),'utf-8');
864	$entry['gidnumber'] = $account_id;
865	#$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
866	$entry['description'] = 'phpgw-created group';
867	}
868	else
869	{
870	$dn = 'uid=' . $account_info['account_lid'] . ',' . $this->user_context;
871
872	$entry['cn'] = $GLOBALS['phpgw']->translation->convert(
873	sprintf(
874	"%s %s",
875	$account_info['account_firstname'],
876	$account_info['account_lastname']
877	),
878	$GLOBALS['phpgw']->translation->charset(),
879	'utf-8'
880	);
881
882	$entry['sn'] = $GLOBALS['phpgw']->translation->convert(
883	$account_info['account_lastname'],
884	$GLOBALS['phpgw']->translation->charset(),
885	'utf-8'
886	);
887
888	if($account_info['account_firstname'])
889	{
890	$entry['givenname'] = $GLOBALS['phpgw']->translation->convert(
891	$account_info['account_firstname'],
892	$GLOBALS['phpgw']->translation->charset(),
893	'utf-8'
894	);
895	}
896	if($account_info['account_email'])
897	{
898	$entry['mail'] = $GLOBALS['phpgw']->translation->convert(
899	$account_info['account_email'],
900	$GLOBALS['phpgw']->translation->charset(),
901	'utf-8'
902	);
903	}
904	$entry['uid'] = $account_info['account_lid'];
905	$entry['uidnumber'] = $account_id;
906	$entry['gidnumber'] = $account_info['account_primary_group'];
907	$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
908	$entry['objectclass'][0] = 'top';
909	$entry['objectclass'][1] = 'person';
910	$entry['objectclass'][2] = 'organizationalPerson';
911	$entry['objectclass'][3] = 'inetOrgPerson';
912	$entry['objectclass'][4] = 'posixAccount';
913	$entry['objectclass'][5] = 'shadowAccount';
914	$entry['objectclass'][6] = 'phpgwAccount';
915	if($account_info['account_status'])
916	{
917	$entry['phpgwaccountstatus'] = $account_info['account_status'];
918	}
919	$entry['phpgwaccounttype'] = $account_info['account_type'];
920	$entry['phpgwaccountexpires'] = $account_info['account_expires'];
921	}
922
923	#_debug_array($entry);
924
925	// stop processing if ldap_add fails
926	if(!ldap_add($this->ds, $dn, $entry))
927	{
928	return false;
929	}
930	}
931	// print ldap_error($this->ds);
932
933	// lets check group the user needs to be added
934	if($account_info['account_type'] == 'u')
935	{
936	@settype($account_info['account_groups'],'array');
937	foreach($account_info['account_groups'] as $key => $value)
938	{
939	// search for the group
940	$filter = 'gidnumber=' . (int)$value;
941	$justThese = array('memberuid');
942	$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
943	if($sri)
944	{
945	$allValues = ldap_get_entries($this->ds, $sri);
946	// if the user is not member of this group, add him
947	if(is_array($allValues[0]['memberuid']))
948	{
949	// this group has already some members
950	if(!in_array($account_info['account_lid'],$allValues[0]['memberuid']))
951	{
952	$dn = $allValues[0]['dn'];
953	$newData = array();
954	$newData['memberuid'] = $allValues[0]['memberuid'];
955	unset($newData['memberuid']['count']);
956	$newData['memberuid'][] = $account_info['account_lid'];
957	$newData['memberuid'] = array_unique($newData['memberuid']);
958	ldap_mod_replace($this->ds, $dn, $newData);
959	#print ldap_error($this->ds)."<br>";
960	}
961	}
962	else
963	{
964	// this group has no members
965	$dn = $allValues[0]['dn'];
966	$newData = array();
967	$newData['memberuid'][] = $account_info['account_lid'];
968	ldap_mod_replace($this->ds, $dn, $newData);
969	}
970	}
971	}
972	}
973
974	if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
975	{
976	$GLOBALS['phpgw']->preferences->create_defaults($account_id);
977	}
978
979	return $account_id;
980	}
981
982	function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
983	{
984	if ($expiredate == 0)
985	{
986	if(isset($GLOBALS['phpgw_info']['server']['auto_create_expire']) == True)
987	{
988	if($GLOBALS['phpgw_info']['server']['auto_create_expire'] == 'never')
989	{
990	$expires = -1;
991	}
992	else
993	{
994	$expiredate = time() + $GLOBALS['phpgw_info']['server']['auto_create_expire'];
995	}
996	}
997	}
998	else
999	{
1000	/* expire in 30 days by default */
1001	$expiredate = time() + ((60 * 60) * (30 * 24));
1002	}
1003
1004	if ($expires != -1)
1005	{
1006	$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
1007	}
1008
1009	$default_group_id = $this->name2id($GLOBALS['phpgw_info']['server']['default_group_lid']);
1010	if (!$default_group_id)
1011	{
1012	$default_group_id = (int) $this->name2id('Default');
1013	}
1014	$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
1015	$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
1016	(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
1017
1018	$acct_info = array(
1019	'account_lid' => $accountname,
1020	'account_type' => 'u',
1021	'account_passwd' => $passwd,
1022	'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New',
1023	'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User',
1024	'account_status' => $account_status,
1025	'account_expires' => $expires,
1026	'account_primary_group' => $primary_group,
1027	);
1028
1029	/* attempt to set an email address */
1030	if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '')
1031	{
1032	$acct_info['account_email'] = $GLOBALS['auto_create_acct']['email'];
1033	}
1034	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) == True && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1035	{
1036	$acct_info['account_email'] = $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix'];
1037	}
1038
1039	$this->db->transaction_begin();
1040
1041	$this->create($acct_info,$default_prefs); /* create the account */
1042
1043	$accountid = $this->name2id($accountname); /* grab the account id or an error code */
1044
1045	if ($accountid) /* begin account setup */
1046	{
1047	if($primary_group)
1048	{
1049	$this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) VALUES('phpgw_group', "
1050	. $primary_group . ", " . $accountid . ", 1)",__LINE__,__FILE__);
1051	}
1052
1053	/* FIXME - we are assuming the auth method is capable of password changing
1054	* $this->db->query("INSERT INTO phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)VALUES('preferences', 'changepassword', ".$accountid.", 1)",__LINE__,__FILE__);
1055	*/
1056
1057	/* if we have an mail address set it in the uesrs' email preference */
1058	if (isset($GLOBALS['auto_create_acct']['email']) && $GLOBALS['auto_create_acct']['email'] != '')
1059	{
1060	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1061	$GLOBALS['phpgw']->preferences->preferences($accountid);
1062	$GLOBALS['phpgw']->preferences->read_repository();
1063	$GLOBALS['phpgw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']);
1064	$GLOBALS['phpgw']->preferences->save_repository();
1065	}
1066	/* use the default mail domain to set the uesrs' email preference */
1067	elseif(isset($GLOBALS['phpgw_info']['server']['mail_suffix']) && $GLOBALS['phpgw_info']['server']['mail_suffix'] != '')
1068	{
1069	$GLOBALS['phpgw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */
1070	$GLOBALS['phpgw']->preferences->preferences($accountid);
1071	$GLOBALS['phpgw']->preferences->read_repository();
1072	$GLOBALS['phpgw']->preferences->add('email','address', $accountname . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix']);
1073	$GLOBALS['phpgw']->preferences->save_repository();
1074	}
1075
1076	/* commit the new account transaction */
1077	$this->db->transaction_commit();
1078
1079	/* does anyone know what the heck this is required for? */
1080	$GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid'];
1081	$GLOBALS['hook_values']['account_id'] = $accountid;
1082	$GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd'];
1083	$GLOBALS['hook_values']['account_status'] = $acct_info['account_status'];
1084	$GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname'];
1085	$GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname'];
1086	$GLOBALS['phpgw']->hooks->process($GLOBALS['hook_values']+array(
1087	'location' => 'addaccount'
1088	),False,True); // called for every app now, not only enabled ones
1089
1090	} /* end account setup */
1091	else /* if no account id abort the account creation */
1092	{
1093	$this->db->transaction_abort();
1094	}
1095
1096	/*
1097	* If we succeeded in creating the account (above), return the accountid, else,
1098	* return the error value from $this->name2id($accountname)
1099	*/
1100	return $accountid;
1101	} /* end auto_add() */
1102
1103	function get_account_name($account_id,&$lid,&$fname,&$lname)
1104	{
1105	$acct_type = $this->get_type($account_id);
1106
1107	/* jakjr: using justthese with ldap_search */
1108	$justthese = array("cn","uid","givenname","sn");
1109
1110	/* search the dn for the given uid */
1111	if(($acct_type == 'g') && $this->group_context)
1112	{
1113	$sri = @ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwAccountType=g))', $justthese);
1114	}
1115	else
1116	{
1117	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))', $justthese);
1118	}
1119	if(!$sri)
1120	return False;
1121	$allValues = ldap_get_entries($this->ds, $sri);
1122
1123	if($acct_type =='g')
1124	{
1125	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1126	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['cn'][0],'utf-8');
1127	$lname = lang('Group');
1128	}
1129	else
1130	{
1131	$lid = $GLOBALS['phpgw']->translation->convert($allValues[0]['uid'][0],'utf-8');
1132	$fname = $GLOBALS['phpgw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
1133	$lname = $GLOBALS['phpgw']->translation->convert($allValues[0]['sn'][0],'utf-8');
1134	}
1135	return !empty($lid);
1136	}
1137
1138	function getDNforID($_accountid = '')
1139	{
1140	$_account_id = get_account_id($_accountid);
1141
1142	$sri = @ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$_account_id);
1143	if(!$sri)
1144	return False;
1145	$allValues = ldap_get_entries($this->ds, $sri);
1146
1147	return $allValues[0]['dn'];
1148	}
1149
1150	//by JakJr, add organization support
1151	function get_context($dn)
1152	{
1153	return substr($dn, (strpos($dn, ',')+1));
1154	}
1155
1156	//by JakJr, add organization support
1157	function get_organization($dn)
1158	{
1159	$ldap_context = $GLOBALS['phpgw_info']['server']['ldap_context'];
1160	$end = (strpos($dn, $ldap_context)-1);
1161	$tmp = substr($dn, 0, $end);
1162	$begin = (strrpos($tmp, '=')+1);
1163	return substr($dn, $begin, ($end - $begin));
1164	}
1165
1166	//by JakJr, add organization support
1167	function get_sector($dn)
1168	{
1169	$context = $this->get_context($dn);
1170	$begin = (strpos($context, '=')+1);
1171	$end = (strpos($context, ',') - $begin);
1172	return substr($context, $begin, $end);
1173	}
1174
1175	function id2fullname($account_id)
1176	{
1177	$allValues = array();
1178	$sri = @ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))');
1179	if(!$sri)
1180	return False;
1181	$allValues = ldap_get_entries($this->ds, $sri);
1182	if (@$allValues[0]['cn'][0])
1183	{
1184	return $allValues[0]['cn'][0];
1185	}
1186	return False;
1187	}
1188
1189	function mail2fullname($mail)
1190	{
1191	$allValues = array();
1192	$sri = @ldap_search($this->ds, $this->user_context, '(&(mail=' . $mail . ')(\|(phpgwaccounttype=u)(phpgwaccounttype=s)))');
1193	if(!$sri)
1194	return False;
1195	$allValues = ldap_get_entries($this->ds, $sri);
1196	if (@$allValues[0]['cn'][0])
1197	{
1198	return $allValues[0]['cn'][0];
1199	}
1200	return False;
1201	}
1202	}
1203	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: