| [ Index ] |
|
Code source de eGroupWare 1.2.106-2 |
1 <?php 2 /**************************************************************************\ 3 * eGroupWare API - Accounts manager for LDAP * 4 * Written by Joseph Engo <jengo@phpgroupware.org> * 5 * and Lars Kneschke <lkneschke@phpgw.de> * 6 * and Miles Lott <milos@groupwhere.org> * 7 * and Bettina Gille <ceb@phpgroupware.org> * 8 * View and manipulate account records using LDAP * 9 * Copyright (C) 2000 - 2002 Joseph Engo, Lars Kneschke * 10 * Copyright (C) 2003 Lars Kneschke, Bettina Gille * 11 * ------------------------------------------------------------------------ * 12 * This library is part of the eGroupWare API * 13 * http://www.egroupware.org * 14 * ------------------------------------------------------------------------ * 15 * This library is free software; you can redistribute it and/or modify it * 16 * under the terms of the GNU Lesser General Public License as published by * 17 * the Free Software Foundation; either version 2.1 of the License, * 18 * or any later version. * 19 * This library is distributed in the hope that it will be useful, but * 20 * WITHOUT ANY WARRANTY; without even the implied warranty of * 21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * 22 * See the GNU Lesser General Public License for more details. * 23 * You should have received a copy of the GNU Lesser General Public License * 24 * along with this library; if not, write to the Free Software Foundation, * 25 * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * 26 \**************************************************************************/ 27 /* $Id: class.accounts_ldap.inc.php 22104 2006-07-12 22:00:30Z ralfbecker $ */ 28 29 class accounts_ 30 { 31 var $db; 32 var $ds; 33 var $account_id; 34 var $data; 35 var $user_context = ''; 36 var $group_context = ''; 37 var $total; 38 39 var $requiredObjectClasses = array( 40 'user' => array( 41 'top','person','organizationalperson','inetorgperson','posixaccount','shadowaccount','phpgwaccount' 42 ), 43 'group' => array( 44 'top','posixgroup','phpgwaccount', 45 // some newer ldap require namedObject here, as none of the above is a structural object there 46 // this gets now autodetected 47 //'namedObject' 48 ) 49 ); 50 51 function accounts_() 52 { 53 $this->ds = $GLOBALS['egw']->common->ldapConnect(); 54 if(!@is_object($GLOBALS['egw']->translation)) 55 { 56 $GLOBALS['egw']->translation =& CreateObject('phpgwapi.translation'); 57 } 58 $this->user_context = $GLOBALS['egw_info']['server']['ldap_context']; 59 $this->group_context = $GLOBALS['egw_info']['server']['ldap_group_context'] ? 60 $GLOBALS['egw_info']['server']['ldap_group_context'] : $GLOBALS['egw_info']['server']['ldap_context']; 61 } 62 63 function read_repository() 64 { 65 $acct_type = $this->get_type($this->account_id); 66 67 /* search the dn for the given uid */ 68 if(($acct_type == 'g') && $this->group_context) 69 { 70 $sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . abs((int)$this->account_id)); 71 } 72 else 73 { 74 $sri = ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$this->account_id); 75 } 76 $allValues = ldap_get_entries($this->ds, $sri); 77 78 /* Now dump it into the array; take first entry found */ 79 if($acct_type =='g') 80 { 81 $this->data['account_id'] = -$allValues[0]['gidnumber'][0]; 82 $this->data['account_lid'] = $allValues[0]['cn'][0]; 83 $this->data['firstname'] = $GLOBALS['egw']->translation->convert($allValues[0]['cn'][0],'utf-8'); 84 $this->data['lastname'] = lang('Group'); 85 } 86 else 87 { 88 $this->data['account_id'] = $allValues[0]['uidnumber'][0]; 89 $this->data['account_primary_group'] = -$allValues[0]['gidnumber'][0]; 90 $this->data['account_lid'] = $allValues[0]['uid'][0]; 91 $this->data['firstname'] = $GLOBALS['egw']->translation->convert($allValues[0]['givenname'][0],'utf-8'); 92 $this->data['lastname'] = $GLOBALS['egw']->translation->convert($allValues[0]['sn'][0],'utf-8'); 93 if(isset($allValues[0]['mail'][0])) 94 { 95 $this->data['email'] = $allValues[0]['mail'][0]; 96 } 97 } 98 $this->data['account_dn'] = $allValues[0]['dn']; 99 $this->data['fullname'] = $GLOBALS['egw']->translation->convert($allValues[0]['cn'][0],'utf-8'); 100 101 if ($GLOBALS['egw_info']['server']['ldap_extra_attributes']) 102 { 103 $this->data['homedirectory'] = $allValues[0]['homedirectory'][0]; 104 $this->data['loginshell'] = $allValues[0]['loginshell'][0]; 105 } 106 107 $this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0]; 108 $this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0]; 109 $this->data['lastpasswd_change'] = @$allValues[0]['phpgwlastpasswdchange'][0]; 110 $this->data['status'] = trim($allValues[0]['phpgwaccountstatus'][0]); 111 $this->data['type'] = $allValues[0]['phpgwaccounttype'][0]; 112 $this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0]; 113 114 return $this->data; 115 } 116 117 function save_repository() 118 { 119 $acct_type = $this->get_type($this->account_id); 120 121 /* search the dn for the given u/gidnumber */ 122 if(($acct_type == 'g') && $this->group_context) 123 { 124 $sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . abs((int)$this->account_id)); 125 } 126 else 127 { 128 $sri = ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$this->account_id); 129 } 130 $allValues = ldap_get_entries($this->ds, $sri); 131 132 $this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0]; 133 134 if($acct_type == 'u') 135 { 136 // data for posixaccount 137 $newData['cn'] = $GLOBALS['egw']->translation->convert(sprintf("%s %s", 138 $this->data['firstname'], 139 $this->data['lastname']),$GLOBALS['egw']->translation->charset(),'utf-8' 140 ); 141 $newData['uid'] = $GLOBALS['egw']->translation->convert( 142 $this->data['account_lid'], 143 $GLOBALS['egw']->translation->charset(),'utf-8' 144 ); 145 if($this->data['lastname']) 146 { 147 $newData['sn'] = $GLOBALS['egw']->translation->convert( 148 $this->data['lastname'], 149 $GLOBALS['egw']->translation->charset(),'utf-8' 150 ); 151 } 152 153 if($this->data['firstname']) 154 { 155 $newData['givenname'] = $GLOBALS['egw']->translation->convert( 156 $this->data['firstname'], 157 $GLOBALS['egw']->translation->charset(),'utf-8' 158 ); 159 } 160 if ($GLOBALS['egw_info']['server']['ldap_extra_attributes']) 161 { 162 $newData['homedirectory'] = $this->data['homedirectory']; 163 $newData['loginshell'] = $this->data['loginshell']; 164 } 165 else 166 { 167 // the posixaccount schema requires this 168 $entry['homedirectory'] = '/home/'.$this->data['account_lid']; 169 $entry['loginshell'] = '/bin/false'; 170 } 171 if($this->data['account_primary_group']) 172 { 173 $newData['gidnumber'] = abs($this->data['account_primary_group']); 174 } 175 if($this->data['lastlogin']) 176 { 177 $newData['phpgwaccountlastlogin'] = $this->data['lastlogin']; 178 } 179 if($this->data['lastloginfrom']) 180 { 181 $newData['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom']; 182 } 183 if($this->data['lastpasswd_change']) 184 { 185 $newData['phpgwlastpasswdchange'] = $this->data['lastpasswd_change']; 186 } 187 if($this->data['status']) 188 { 189 $newData['phpgwaccountstatus'] = $this->data['status']; 190 } 191 else 192 { 193 $newData['phpgwaccountstatus'] = array(); 194 } 195 if($this->data['expires']) 196 { 197 $newData['phpgwaccountexpires'] = $this->data['expires']; 198 } 199 if($this->data['email']) 200 { 201 $newData['mail'] = $this->data['email']; 202 } 203 204 // check that we have all required objectclasses 205 unset($allValues[0]['objectclass']['count']); 206 // convert all values to lowercase 207 $currentObjectClasses = array_flip(array_change_key_case(array_flip($allValues[0]['objectclass']))); 208 $missingObjectClasses = array_diff($this->requiredObjectClasses['user'],$currentObjectClasses); 209 if(count($missingObjectClasses) > 0) 210 { 211 $newData['objectclass'] = array_merge($currentObjectClasses, $missingObjectClasses); 212 } 213 $newAccountID = $newData['uid']; 214 $oldAccountID = $newData['uid']; 215 } 216 else 217 { 218 // data for posixgroup 219 $newData['cn'] = $GLOBALS['egw']->translation->convert( 220 $this->data['account_lid'], 221 $GLOBALS['egw']->translation->charset(), 'utf-8' 222 ); 223 $newData['gidnumber'] = abs($this->account_id); 224 $newGroupID = $newData['cn']; 225 $oldGroupID = $newData['cn']; 226 } 227 if($this->data['account_type']) 228 { 229 $newData['phpgwaccounttype'] = $this->data['account_type']; 230 } 231 232 /* 233 Changing the uid: Need to delete and add new, since 234 PHP cannot change the dn for the entry. 235 */ 236 if ($acct_type == 'g') 237 { 238 $test = $allValues[0]['cn'][0]; 239 } 240 else 241 { 242 $test = $allValues[0]['uid'][0]; 243 } 244 if($GLOBALS['egw']->translation->convert($test,'utf-8') != $this->data['account_lid']) 245 { 246 $oldData = $allValues[0]; 247 $oldDN = $oldData['dn']; 248 // remove all unneeded fields 249 unset($oldData['dn']); 250 unset($oldData['count']); 251 foreach($oldData as $key => $value) 252 { 253 if(is_numeric($key)) 254 { 255 // remove the key, its no ldap key 256 unset($oldData[$key]); 257 } 258 else 259 { 260 // remove the count key 261 if($oldData[$key]['count'] == 1) 262 { 263 $oldData[$key] = $value[0]; 264 } 265 else 266 { 267 unset($oldData[$key]['count']); 268 } 269 } 270 } 271 272 $oldAccountID = $oldData['uid']; 273 $oldGroupID = $oldData['cn']; 274 275 // merge the old data with the new one 276 $newData = array_merge($oldData, $newData); 277 278 /* Groups */ 279 if($this->data['account_type'] == 'g' && $this->group_context ) 280 { 281 $newDN = 'cn='.$this->data['account_lid'].','.$this->group_context; 282 $newData['memberuid'] = array(); 283 if (($members = $this->member($this->account_id))) 284 { 285 foreach($members as $member) 286 { 287 if (!in_array($member['account_name'],$newData['memberuid'])) 288 { 289 $newData['memberuid'][] = $member['account_name']; 290 } 291 } 292 } 293 } 294 /* Accounts */ 295 else 296 { 297 $newDN = 'uid='.$this->data['account_lid'].','.$this->user_context; 298 } 299 // delete the old account 300 ldap_delete($this->ds,$oldDN); 301 302 // add the new account 303 #_debug_array($newData); 304 if (!@ldap_add($this->ds, $newDN, $newData) && $this->data['account_type'] == 'g') 305 { 306 // try again with namedObject added, in case we have the newer schema which eg. SuSE uses 307 // in which our required objectclasses for a group, have no structural object 308 $newData['objectclass'][] = 'namedObject'; 309 ldap_add($this->ds, $newDN, $newData); 310 } 311 } 312 /* Normal behavior for save_repository update Account */ 313 else 314 { 315 // add the list group members 316 if($this->data['account_type'] == 'g' && ($members = $this->member($this->account_id))) 317 { 318 $newData['memberuid'] = array(); 319 foreach($members as $member) 320 { 321 if (!in_array($member['account_name'],$newData['memberuid'])) 322 { 323 $newData['memberuid'][] = $member['account_name']; 324 } 325 } 326 } 327 // modify the DN 328 //echo "<p>ldap_modify(,'{$allValues[0]['dn']}',".print_r($newData,true).")</p>\n"; 329 ldap_modify($this->ds, $allValues[0]['dn'], $newData); 330 } 331 332 if ($this->data['account_type'] == 'u') 333 { 334 // lets check for groups, the user needs to be removed 335 336 // first lets search for the groups, the user is currently member of 337 // and from which he needs to be removed 338 $filter = "(&(objectclass=posixgroup)(memberuid=" . (int)$oldAccountID . "))"; 339 $justThese = array('memberuid','gidnumber'); 340 $sri = ldap_search($this->ds, $this->group_context, $filter, $justThese); 341 if($sri) 342 { 343 $allValues = ldap_get_entries($this->ds, $sri); 344 if($allValues['count'] > 0) 345 { 346 unset($allValues['count']); 347 foreach($allValues as $key) 348 { 349 #_debug_array($key); 350 #_debug_array($this->data['account_groups']); 351 // delete the old accountid from any group 352 if($newAccountID != $oldAccountID) 353 { 354 $dn = $key['dn']; 355 $newData = array(); 356 $newData['memberuid'] = $key['memberuid']; 357 unset($newData['memberuid']['count']); 358 // remove the uid from memberuid 359 $newData['memberuid'] = array_flip($newData['memberuid']); 360 unset($newData['memberuid'][$oldAccountID]); 361 # $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid']))); 362 $newData['memberuid'] = array_values(array_flip($newData['memberuid'])); 363 ldap_mod_replace($this->ds, $dn, $newData); 364 #print ldap_error($this->ds); 365 } 366 else 367 { 368 if(!in_array($key['gidnumber'][0],$this->data['account_groups'])) 369 { 370 $dn = $key['dn']; 371 $newData = array(); 372 $newData['memberuid'] = $key['memberuid']; 373 unset($newData['memberuid']['count']); 374 // remove the uid from memberuid 375 $newData['memberuid'] = array_flip($newData['memberuid']); 376 unset($newData['memberuid'][$oldAccountID]); 377 $newData['memberuid'] = array_values(sort(array_flip($newData['memberuid']))); 378 ldap_mod_replace($this->ds, $dn, $newData); 379 #print ldap_error($this->ds); 380 } 381 } 382 } 383 } 384 } 385 386 // lets check group the user needs to be added 387 foreach($this->data['account_groups'] as $key => $value) 388 { 389 // search for the group 390 $filter = 'gidnumber=' . abs((int)$value); 391 $justThese = array('memberuid'); 392 $sri = ldap_search($this->ds, $this->group_context, $filter, $justThese); 393 if($sri) 394 { 395 $allValues = ldap_get_entries($this->ds, $sri); 396 // if the user is not member of this group, add him 397 if(is_array($allValues[0]['memberuid'])) 398 { 399 // this group has already some members 400 if(!in_array($newData['uid'],$allValues[0]['memberuid'])) 401 { 402 $dn = $allValues[0]['dn']; 403 $newData = array(); 404 $newData['memberuid'] = $allValues[0]['memberuid']; 405 unset($newData['memberuid']['count']); 406 $newData['memberuid'][] = $newAccountID; 407 $newData['memberuid'] = array_values(array_unique($newData['memberuid'])); 408 ldap_mod_replace($this->ds, $dn, $newData); 409 } 410 } 411 else 412 { 413 // this group has no members 414 $dn = $allValues[0]['dn']; 415 $newData = array(); 416 $newData['memberuid'][] = $newAccountID; 417 ldap_mod_replace($this->ds, $dn, $newData); 418 } 419 } 420 } 421 } 422 } 423 424 function delete($accountid = '') 425 { 426 $account_id = get_account_id($accountid); 427 $account_lid = $this->id2name((int)$account_id); 428 429 if ($account_id < 0) 430 { 431 $filter = 'gidnumber=' . abs((int)$account_id); 432 $context = $this->group_context; 433 } 434 else 435 { 436 $filter = 'uid=' . (string)$account_lid; 437 $context = $this->user_context; 438 $wasAccount = True; 439 } 440 441 $sri = ldap_search($this->ds, $context, $filter); 442 if($sri) 443 { 444 $allValues = ldap_get_entries($this->ds, $sri); 445 $accountID = $allValues['0']['uid'][0]; 446 } 447 448 if ($allValues[0]['dn']) 449 { 450 $del = ldap_delete($this->ds, $allValues[0]['dn']); 451 } 452 453 if($wasAccount) 454 { 455 // remove the user from any group he is member of 456 $filter = "(&(objectclass=posixgroup)(memberuid=" . $accountID . "))"; 457 $justThese = array('memberuid','gidnumber'); 458 $sri = ldap_search($this->ds, $this->group_context, $filter, $justThese); 459 if($sri) 460 { 461 $allValues = ldap_get_entries($this->ds, $sri); 462 if($allValues['count'] > 0) 463 { 464 unset($allValues['count']); 465 foreach($allValues as $key) 466 { 467 $dn = $key['dn']; 468 $newData = array(); 469 $newData['memberuid'] = $key['memberuid']; 470 unset($newData['memberuid']['count']); 471 // remove the uid from memberuid 472 $newData['memberuid'] = array_flip($newData['memberuid']); 473 unset($newData['memberuid'][$accountID]); 474 $newData['memberuid'] = array_unique(array_flip($newData['memberuid'])); 475 ldap_mod_replace($this->ds, $dn, $newData); 476 } 477 } 478 } 479 } 480 } 481 482 function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '', $query_type='') 483 { 484 //print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset, \$query_type=$query_type<br>"; 485 $query = strtolower($query); 486 487 if($_type != 'groups') 488 { 489 $filter = "(&(uidnumber=*)(phpgwaccounttype=u)"; 490 if (!empty($query) && $query != '*') 491 { 492 switch($query_type) 493 { 494 case 'all': 495 default: 496 $query = '*'.$query; 497 // fall-through 498 case 'start': 499 $query .= '*'; 500 // fall-through 501 case 'exact': 502 $filter .= "(|(uid=$query)(sn=$query)(cn=$query)(givenname=$query)(mail=$query))"; 503 break; 504 case 'firstname': 505 case 'lastname': 506 case 'lid': 507 case 'email': 508 $to_ldap = array( 509 'firstname' => 'givenname', 510 'lastname' => 'sn', 511 'lid' => 'uid', 512 'email' => 'mail', 513 ); 514 $filter .= '('.$to_ldap[$query_type].'=*'.$query.'*)'; 515 break; 516 } 517 } 518 $filter .= ')'; 519 520 $sri = ldap_search($this->ds, $this->user_context, $filter); 521 $allValues = ldap_get_entries($this->ds, $sri); 522 while (list($null,$allVals) = @each($allValues)) 523 { 524 settype($allVals,'array'); 525 $test = @$allVals['uid'][0]; 526 if (!$GLOBALS['egw_info']['server']['global_denied_users'][$test] && $allVals['uid'][0]) 527 { 528 $accounts[] = Array( 529 'account_id' => $allVals['uidnumber'][0], 530 'account_lid' => $allVals['uid'][0], 531 'account_type' => $allVals['phpgwaccounttype'][0], 532 'account_firstname' => $GLOBALS['egw']->translation->convert($allVals['givenname'][0],'utf-8'), 533 'account_lastname' => $GLOBALS['egw']->translation->convert($allVals['sn'][0],'utf-8'), 534 'account_status' => $allVals['phpgwaccountstatus'][0], 535 'account_email' => $allVals['mail'][0], 536 ); 537 } 538 } 539 } 540 if ($_type != 'accounts') 541 { 542 if(empty($query) || $query == '*') 543 { 544 $filter = '(&(gidnumber=*)(phpgwaccounttype=g))'; 545 } 546 else 547 { 548 $filter = "(&(gidnumber=*)(phpgwaccounttype=g)(|(uid=*$query*)(sn=*$query*)(cn=*$query*)(givenname=*$query*)))"; 549 } 550 $sri = ldap_search($this->ds, $this->group_context, $filter); 551 $allValues = ldap_get_entries($this->ds, $sri); 552 while (list($null,$allVals) = @each($allValues)) 553 { 554 settype($allVals,'array'); 555 $test = $allVals['cn'][0]; 556 if (!$GLOBALS['egw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0]) 557 { 558 $accounts[] = Array( 559 'account_id' => -$allVals['gidnumber'][0], 560 'account_lid' => $allVals['cn'][0], 561 'account_type' => $allVals['phpgwaccounttype'][0], 562 'account_firstname' => $GLOBALS['egw']->translation->convert($allVals['givenname'][0],'utf-8'), 563 'account_lastname' => $GLOBALS['egw']->translation->convert($allVals['sn'][0],'utf-8'), 564 'account_status' => $allVals['phpgwaccountstatus'][0], 565 'account_email' => $allVals['mail'][0], 566 ); 567 } 568 } 569 } 570 // sort the array 571 $arrayFunctions =& CreateObject('phpgwapi.arrayfunctions'); 572 if(empty($order)) 573 { 574 $order = 'account_lid'; 575 } 576 $sortedAccounts = $arrayFunctions->arfsort($accounts,explode(',',$order),$sort); 577 $this->total = count($accounts); 578 // return only the wanted accounts 579 if (is_array($sortedAccounts)) 580 { 581 reset($sortedAccounts); 582 if(is_numeric($start) && is_numeric($offset)) 583 { 584 return array_slice($sortedAccounts, $start, $offset); 585 } 586 elseif(is_numeric($start)) 587 { 588 if (!($maxmatchs = $GLOBALS['egw_info']['user']['preferences']['common']['maxmatchs'])) $maxmatchs = 15; 589 590 return array_slice($sortedAccounts, $start, $maxmatchs); 591 } 592 else 593 { 594 return $sortedAccounts; 595 } 596 } 597 return False; 598 } 599 600 function name2id($name,$which='account_lid') 601 { 602 if ($which == 'account_lid') // groups only support account_lid 603 { 604 $sri = ldap_search($this->ds, $this->group_context, '(&(cn=' . (string)$name . ')(phpgwaccounttype=g))'); 605 $allValues = ldap_get_entries($this->ds, $sri); 606 607 if (@$allValues[0]['gidnumber'][0]) 608 { 609 return -(int)$allValues[0]['gidnumber'][0]; 610 } 611 } 612 $to_ldap = array( 613 'account_lid' => 'uid', 614 'account_email' => 'mail', 615 ); 616 if (!isset($to_ldap[$which])) return False; 617 618 $sri = ldap_search($this->ds, $this->user_context, '(&('.$to_ldap[$which].'=' . (string)$name . ')(phpgwaccounttype=u))'); 619 620 $allValues = ldap_get_entries($this->ds, $sri); 621 622 if (@$allValues[0]['uidnumber'][0]) 623 { 624 return (int)$allValues[0]['uidnumber'][0]; 625 } 626 627 return False; 628 } 629 630 function id2name($account_id,$which='account_lid') 631 { 632 if (($which == 'account_lid' || $which == 'account_type') && $account_id < 0) // groups only support account_lid and account_type 633 { 634 $allValues = array(); 635 $sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . abs((int)$account_id) . ')(phpgwaccounttype=g))'); 636 $allValues = ldap_get_entries($this->ds, $sri); 637 638 $attr = $which == 'account_lid' ? 'cn' : 'phpgwaccounttype'; 639 if (@$allValues[0]['cn'][0]) 640 { 641 return $allValues[0]['cn'][0]; 642 } 643 } 644 $to_ldap = array( 645 'account_lid' => 'uid', 646 'account_email' => 'mail', 647 'account_firstname' => 'surname', 648 'account_lastname' => 'cn', 649 'account_type' => 'phpgwaccounttype', 650 ); 651 if (!isset($to_ldap[$which])) return False; 652 653 $allValues = array(); 654 $sri = ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))'); 655 $allValues = ldap_get_entries($this->ds, $sri); 656 657 if (@$allValues[0][$to_ldap[$which]][0]) 658 { 659 return $allValues[0][$to_ldap[$which]][0]; 660 } 661 return False; 662 } 663 664 /* 665 * returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both 666 * $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer') 667 */ 668 function exists($account) 669 { 670 /* This sets up internal caching variables for this functon */ 671 static $by_id, $by_lid; 672 $users = array(); 673 $groups = array(); 674 675 if(is_numeric($account)) 676 { 677 $ldapgroup = 'gidnumber'; 678 $ldapacct = 'uidnumber'; 679 /* If data is cached, use it. */ 680 if(isset($by_id[$account])) 681 { 682 return $by_id[$account]; 683 } 684 } 685 else 686 { 687 $ldapgroup = 'cn'; 688 $ldapacct = 'uid'; 689 /* If data is cached, use it. */ 690 if(@isset($by_lid[$account]) && @$by_lid[$account]) 691 { 692 return $by_lid[$account]; 693 } 694 } 695 696 $acct_type = $this->get_type($account) ? $this->get_type($account) : $this->account_type; 697 698 if ($acct_type == 'g' && $this->group_context) 699 { 700 $sri = ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . abs($account)); 701 $groups = ldap_get_entries($this->ds, $sri); 702 } 703 $sri = ldap_search($this->ds, $this->user_context, $ldapacct . '=' . $account); 704 $users = ldap_get_entries($this->ds, $sri); 705 706 if ($users[0]['dn']) 707 { 708 $in += 1; 709 } 710 if ($groups[0]['dn']) 711 { 712 $in += 2; 713 } 714 /* This sets up internal caching for this function */ 715 if($ldapgroup == 'gidnumber') 716 { 717 $by_id[$account] = $in; 718 $by_lid[$this->id2name($account)] = $in; 719 } 720 else 721 { 722 $by_lid[$account] = $in; 723 $by_id[$this->name2id($account)] = $in; 724 } 725 return $in; 726 } 727 728 function create($account_info,$default_prefs=True) 729 { 730 /* echo '<br>in create for account_lid: "'.$account_lid.'"'; */ 731 if (empty($account_info['account_id']) || !$account_info['account_id']) 732 { 733 $account_id = $this->get_nextid($account_info['account_type']); 734 /* echo '<br>using'.$account_id;exit; */ 735 } 736 else 737 { 738 $account_id = abs($account_info['account_id']); 739 } 740 $entry['userpassword'] = $account_info['account_passwd']; 741 $entry['phpgwaccounttype'] = $account_info['account_type']; 742 $entry['phpgwaccountexpires'] = $account_info['account_expires']; 743 744 if($account_info['account_type'] == 'g') 745 { 746 $sri = ldap_search($this->ds, $this->group_context, 'cn=' . (string)$account_info['account_lid']); 747 } 748 else 749 { 750 $sri = ldap_search($this->ds, $this->user_context, 'uid=' . (string)$account_info['account_lid']); 751 } 752 $allValues = ldap_get_entries($this->ds, $sri); 753 754 if ($GLOBALS['egw_info']['server']['ldap_extra_attributes'] && $account_info['account_type'] != 'g') 755 { 756 $entry['homedirectory'] = $account_info['homedirectory'] && $account_info['homedirectory'] != $GLOBALS['egw_info']['server']['ldap_account_home'] ? $account_info['homedirectory'] : $GLOBALS['egw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid']; 757 $entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['egw_info']['server']['ldap_account_shell']; 758 } 759 elseif($account_info['account_type'] != 'g') 760 { 761 $entry['homedirectory'] = '/home/'.$account_info['account_lid']; 762 $entry['loginshell'] = '/bin/false'; 763 } 764 765 if ($allValues[0]['dn']) 766 { 767 /* This should keep the password from being overwritten here on ldap import */ 768 unset($entry['userpassword']); 769 $entry['gidnumber'] = $account_id; 770 771 while (list($key,$val) = each($entry)) 772 { 773 $tmpentry = ''; 774 $tmpentry[$key] = trim($val); /* must trim! */ 775 /* echo '<br>'.$key.' '.$val; */ 776 if ($tmpentry[$key]) 777 { 778 if (!$allValues[0][$key][0]) 779 { 780 /* attribute was not in LDAP, add it */ 781 ldap_mod_add($this->ds, $allValues[0]['dn'], $tmpentry); 782 } 783 else 784 { 785 /* attribute was in LDAP, modify it */ 786 ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry); 787 } 788 } 789 } 790 791 if ($account_info['account_type'] == 'g') 792 { 793 $tmpentry['objectclass'] = $this->requiredObjectClasses['group']; 794 } 795 else 796 { 797 $tmpentry['objectclass'] = $this->requiredObjectClasses['user']; 798 $tmpentry['uidnumber'] = $account_id; 799 $tmpentry['userpassword'] = $GLOBALS['egw']->common->encrypt_password($account_info['account_passwd'],False); 800 $tmpentry['phpgwaccountstatus'] = $account_info['account_status']; 801 $tmpentry['phpgwaccounttype'] = $account_info['account_type']; 802 $tmpentry['phpgwaccountexpires'] = $account_info['account_expires']; 803 } 804 ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry); 805 } 806 else 807 { 808 /* Not already there, we will add it */ 809 if ($account_info['account_type'] == 'g') 810 { 811 $dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context; 812 unset($entry['homedirectory']); 813 unset($entry['loginshell']); 814 unset($entry['userpassword']); 815 $entry['objectclass'] = $this->requiredObjectClasses['group']; 816 $entry['cn'] = $GLOBALS['egw']->translation->convert($account_info['account_lid'],$GLOBALS['egw']->translation->charset(),'utf-8'); 817 $entry['gidnumber'] = $account_id; 818 $entry['description'] = 'eGW-created group'; 819 } 820 else 821 { 822 $dn = 'uid=' . $account_info['account_lid'] . ',' . $this->user_context; 823 824 $entry['cn'] = $GLOBALS['egw']->translation->convert( 825 sprintf( 826 "%s %s", 827 $account_info['account_firstname'], 828 $account_info['account_lastname'] 829 ), 830 $GLOBALS['egw']->translation->charset(), 831 'utf-8' 832 ); 833 834 $entry['sn'] = $GLOBALS['egw']->translation->convert( 835 $account_info['account_lastname'] ? $account_info['account_lastname'] : 'not set', 836 $GLOBALS['egw']->translation->charset(), 837 'utf-8' 838 ); 839 840 if($account_info['account_firstname']) 841 { 842 $entry['givenname'] = $GLOBALS['egw']->translation->convert( 843 $account_info['account_firstname'], 844 $GLOBALS['egw']->translation->charset(), 845 'utf-8' 846 ); 847 } 848 if($account_info['account_email']) 849 { 850 $entry['mail'] = $GLOBALS['egw']->translation->convert( 851 $account_info['account_email'], 852 $GLOBALS['egw']->translation->charset(), 853 'utf-8' 854 ); 855 } 856 $entry['uid'] = $account_info['account_lid']; 857 $entry['uidnumber'] = $account_id; 858 $entry['gidnumber'] = abs($account_info['account_primary_group']); 859 $entry['userpassword'] = $GLOBALS['egw']->common->encrypt_password($account_info['account_passwd']); 860 $entry['objectclass'] = $this->requiredObjectClasses['user']; 861 if($account_info['account_status']) 862 { 863 $entry['phpgwaccountstatus'] = $account_info['account_status']; 864 } 865 $entry['phpgwaccounttype'] = $account_info['account_type']; 866 $entry['phpgwaccountexpires'] = $account_info['account_expires']; 867 } 868 869 #_debug_array($entry); 870 871 // stop processing if ldap_add fails 872 if(!@ldap_add($this->ds, $dn, $entry)) 873 { 874 if ($account_info['account_type'] != 'g') 875 { 876 return false; 877 } 878 // try again with namedObject added, in case we have the newer schema which eg. SuSE uses 879 // in which our required objectclasses for a group, have no structural object 880 if ($account_info['account_type'] == 'g') 881 { 882 $entry['objectclass'][] = 'namedObject'; 883 884 if (!@ldap_add($this->ds, $dn, $entry)) 885 { 886 return false; 887 } 888 } 889 } 890 } 891 // print ldap_error($this->ds); 892 893 // lets check group the user needs to be added 894 if($account_info['account_type'] == 'u') 895 { 896 @settype($account_info['account_groups'],'array'); 897 foreach($account_info['account_groups'] as $key => $value) 898 { 899 // search for the group 900 $filter = 'gidnumber=' . abs($value); 901 $justThese = array('memberuid'); 902 $sri = ldap_search($this->ds, $this->group_context, $filter, $justThese); 903 if($sri) 904 { 905 $allValues = ldap_get_entries($this->ds, $sri); 906 // if the user is not member of this group, add him 907 if(is_array($allValues[0]['memberuid'])) 908 { 909 // this group has already some members 910 if(!in_array($account_info['account_lid'],$allValues[0]['memberuid'])) 911 { 912 $dn = $allValues[0]['dn']; 913 $newData = array(); 914 $newData['memberuid'] = $allValues[0]['memberuid']; 915 unset($newData['memberuid']['count']); 916 $newData['memberuid'][] = $account_info['account_lid']; 917 $newData['memberuid'] = array_unique($newData['memberuid']); 918 ldap_mod_replace($this->ds, $dn, $newData); 919 #print ldap_error($this->ds)."<br>"; 920 } 921 } 922 else 923 { 924 // this group has no members 925 $dn = $allValues[0]['dn']; 926 $newData = array(); 927 $newData['memberuid'][] = $account_info['account_lid']; 928 ldap_mod_replace($this->ds, $dn, $newData); 929 } 930 } 931 } 932 } 933 934 if($account_id && is_object($GLOBALS['egw']->preferences) && $default_prefs) 935 { 936 $GLOBALS['egw']->preferences->create_defaults($account_id); 937 } 938 939 if($account_info['account_type'] == 'g') 940 { 941 return -$account_id; 942 } 943 else 944 { 945 return $account_id; 946 } 947 } 948 949 function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A') 950 { 951 if ($expiredate == 0) 952 { 953 if(isset($GLOBALS['egw_info']['server']['auto_create_expire']) == True) 954 { 955 if($GLOBALS['egw_info']['server']['auto_create_expire'] == 'never') 956 { 957 $expires = -1; 958 } 959 else 960 { 961 $expiredate = time() + $GLOBALS['egw_info']['server']['auto_create_expire']; 962 } 963 } 964 } 965 else 966 { 967 /* expire in 30 days by default */ 968 $expiredate = time() + ((60 * 60) * (30 * 24)); 969 } 970 971 if ($expires != -1) 972 { 973 $expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate)); 974 } 975 976 $default_group_id = $this->name2id($GLOBALS['egw_info']['server']['default_group_lid']); 977 if (!$default_group_id) 978 { 979 $default_group_id = abs((int)$this->name2id('Default')); 980 } 981 $primary_group = $GLOBALS['auto_create_acct']['primary_group'] && 982 $this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ? 983 (int)$GLOBALS['auto_create_acct']['primary_group'] : $default_group_id; 984 985 $acct_info = array( 986 'account_lid' => $accountname, 987 'account_type' => 'u', 988 'account_passwd' => $passwd, 989 'account_firstname' => $GLOBALS['auto_create_acct']['firstname'] ? $GLOBALS['auto_create_acct']['firstname'] : 'New', 990 'account_lastname' => $GLOBALS['auto_create_acct']['lastname'] ? $GLOBALS['auto_create_acct']['lastname'] : 'User', 991 'account_status' => $account_status, 992 'account_expires' => $expires, 993 'account_primary_group' => $primary_group, 994 ); 995 996 /* attempt to set an email address */ 997 if (isset($GLOBALS['auto_create_acct']['email']) == True && $GLOBALS['auto_create_acct']['email'] != '') 998 { 999 $acct_info['account_email'] = $GLOBALS['auto_create_acct']['email']; 1000 } 1001 elseif(isset($GLOBALS['egw_info']['server']['mail_suffix']) == True && $GLOBALS['egw_info']['server']['mail_suffix'] != '') 1002 { 1003 $acct_info['account_email'] = $accountname . '@' . $GLOBALS['egw_info']['server']['mail_suffix']; 1004 } 1005 1006 $this->db->transaction_begin(); 1007 1008 $this->create($acct_info,$default_prefs); /* create the account */ 1009 1010 $accountid = $this->name2id($accountname); /* grab the account id or an error code */ 1011 1012 if ($accountid) /* begin account setup */ 1013 { 1014 if($primary_group) 1015 { 1016 $GLOBALS['egw']->acl->add_repository('phpgw_group', $primary_group,$accountid,1); 1017 } 1018 1019 /* if we have an mail address set it in the users' email preference */ 1020 if (isset($GLOBALS['auto_create_acct']['email']) && $GLOBALS['auto_create_acct']['email'] != '') 1021 { 1022 $GLOBALS['egw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */ 1023 $GLOBALS['egw']->preferences->preferences($accountid); 1024 $GLOBALS['egw']->preferences->read_repository(); 1025 $GLOBALS['egw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']); 1026 $GLOBALS['egw']->preferences->save_repository(); 1027 } 1028 /* use the default mail domain to set the uesrs' email preference */ 1029 elseif(isset($GLOBALS['egw_info']['server']['mail_suffix']) && $GLOBALS['egw_info']['server']['mail_suffix'] != '') 1030 { 1031 $GLOBALS['egw']->acl->acl($accountid); /* needed als preferences::save_repository calls acl */ 1032 $GLOBALS['egw']->preferences->preferences($accountid); 1033 $GLOBALS['egw']->preferences->read_repository(); 1034 $GLOBALS['egw']->preferences->add('email','address', $accountname . '@' . $GLOBALS['egw_info']['server']['mail_suffix']); 1035 $GLOBALS['egw']->preferences->save_repository(); 1036 } 1037 1038 /* commit the new account transaction */ 1039 $this->db->transaction_commit(); 1040 1041 // call hook to notify interested apps about the new account 1042 $GLOBALS['hook_values']['account_lid'] = $acct_info['account_lid']; 1043 $GLOBALS['hook_values']['account_id'] = $accountid; 1044 $GLOBALS['hook_values']['new_passwd'] = $acct_info['account_passwd']; 1045 $GLOBALS['hook_values']['account_status'] = $acct_info['account_status']; 1046 $GLOBALS['hook_values']['account_firstname'] = $acct_info['account_firstname']; 1047 $GLOBALS['hook_values']['account_lastname'] = $acct_info['account_lastname']; 1048 $GLOBALS['egw']->hooks->process($GLOBALS['hook_values']+array( 1049 'location' => 'addaccount', 1050 // at login-time only the hooks from the following apps will be called 1051 'order' => array('felamimail','fudforum'), 1052 ),False,True); // called for every app now, not only enabled ones 1053 } /* end account setup */ 1054 else /* if no account id abort the account creation */ 1055 { 1056 $this->db->transaction_abort(); 1057 } 1058 1059 /* 1060 * If we succeeded in creating the account (above), return the accountid, else, 1061 * return the error value from $this->name2id($accountname) 1062 */ 1063 return $accountid; 1064 } /* end auto_add() */ 1065 1066 function get_account_name($account_id,&$lid,&$fname,&$lname) 1067 { 1068 $acct_type = $this->get_type($account_id); 1069 1070 /* search the dn for the given uid */ 1071 if(($acct_type == 'g') && $this->group_context) 1072 { 1073 $sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . abs((int)$account_id)); 1074 } 1075 else 1076 { 1077 $sri = ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$account_id); 1078 } 1079 $allValues = ldap_get_entries($this->ds, $sri); 1080 1081 if($acct_type =='g') 1082 { 1083 $lid = $GLOBALS['egw']->translation->convert($allValues[0]['cn'][0],'utf-8'); 1084 $fname = $GLOBALS['egw']->translation->convert($allValues[0]['cn'][0],'utf-8'); 1085 $lname = lang('Group'); 1086 } 1087 else 1088 { 1089 $lid = $GLOBALS['egw']->translation->convert($allValues[0]['uid'][0],'utf-8'); 1090 $fname = $GLOBALS['egw']->translation->convert($allValues[0]['givenname'][0],'utf-8'); 1091 $lname = $GLOBALS['egw']->translation->convert($allValues[0]['sn'][0],'utf-8'); 1092 } 1093 return !empty($lid); 1094 } 1095 1096 function getDNforID($_accountid = '') 1097 { 1098 $_account_id = get_account_id($_accountid); 1099 1100 $sri = ldap_search($this->ds, $this->user_context, 'uidnumber=' . (int)$_account_id); 1101 $allValues = ldap_get_entries($this->ds, $sri); 1102 1103 return $allValues[0]['dn']; 1104 } 1105 1106 /** 1107 * Update the last login timestamps and the IP 1108 * 1109 * @param int $account_id 1110 * @param string $ip 1111 * @return int lastlogin time 1112 */ 1113 function update_lastlogin($_account_id, $ip) 1114 { 1115 $entry['phpgwaccountlastlogin'] = time(); 1116 $entry['phpgwaccountlastloginfrom'] = $ip; 1117 1118 $sri = ldap_search($this->ds, $GLOBALS['egw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id); 1119 $allValues = ldap_get_entries($this->ds, $sri); 1120 1121 $dn = $allValues[0]['dn']; 1122 @ldap_modify($this->ds, $dn, $entry); 1123 1124 return $allValues[0]['phpgwaccountlastlogin'][0]; 1125 } 1126 }
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 17:20:01 2007 | par Balluche grâce à PHPXref 0.7 |