From c57977599932f1bd32b371eb117f8257841ccf7a Mon Sep 17 00:00:00 2001
From: Lars Kneschke <lkeschke@alumni.egroupware.org>
Date: Sun, 14 Sep 2003 06:02:25 +0000
Subject: [PATCH] again some ldap fixes

and

support for ldap version 3
---
 phpgwapi/inc/class.accounts_ldap.inc.php | 68 ++++++++++++++++--------
 phpgwapi/inc/class.common.inc.php        |  7 ++-
 2 files changed, 51 insertions(+), 24 deletions(-)

diff --git a/phpgwapi/inc/class.accounts_ldap.inc.php b/phpgwapi/inc/class.accounts_ldap.inc.php
index 96c48bd9d7..9003a72696 100644
--- a/phpgwapi/inc/class.accounts_ldap.inc.php
+++ b/phpgwapi/inc/class.accounts_ldap.inc.php
@@ -356,14 +356,26 @@
 					{
 						$allValues = ldap_get_entries($this->ds, $sri);
 						// if the user is not member of this group, add him
-						if(!in_array($newData['uid'],$allValues[0]['memberuid']))
+						if(is_array($allValues[0]['memberuid']))
 						{
+							// this group has already some members
+							if(!in_array($newData['uid'],$allValues[0]['memberuid']))
+							{
+								$dn = $allValues[0]['dn'];
+								$newData = array();
+								$newData['memberuid'] = $allValues[0]['memberuid'];
+								unset($newData['memberuid']['count']);
+								$newData['memberuid'][]	= $accountID;
+								$newData['memberuid'] = array_values(array_unique($newData['memberuid']));
+								ldap_mod_replace($this->ds, $dn, $newData);
+							}
+						}
+						else
+						{
+							// this group has no members
 							$dn = $allValues[0]['dn'];
 							$newData = array();
-							$newData['memberuid'] = $allValues[0]['memberuid'];
-							unset($newData['memberuid']['count']);
-							$newData['memberuid'][]	= $accountID;
-							$newData['memberuid'] = array_values(array_unique($newData['memberuid']));
+							$newData['memberuid'][] = $accountID;
 							ldap_mod_replace($this->ds, $dn, $newData);
 						}
 					}
@@ -765,6 +777,11 @@
 				$entry['homedirectory'] = $account_info['homedirectory'] && $account_info['homedirectory'] != $GLOBALS['phpgw_info']['server']['ldap_account_home'] ? $account_info['homedirectory'] : $GLOBALS['phpgw_info']['server']['ldap_account_home'].SEP.$account_info['account_lid'];
 				$entry['loginshell'] = $account_info['loginshell'] ? $account_info['loginshell'] : $GLOBALS['phpgw_info']['server']['ldap_account_shell'];
 			}
+			else
+			{
+				$entry['homedirectory'] = '/home/'.$account_info['account_lid'];
+				$entry['loginshell'] = '/bin/false';
+			}
 
 			if ($allValues[0]['dn'])
 			{
@@ -846,16 +863,9 @@
 					if($account_info['account_firstname'])
 						$entry['givenname']	= utf8_encode($account_info['account_firstname']);
 						
-					$entry['uid']       = $account_info['account_lid'];
-					$entry['uidnumber'] = $account_id;
-					if ($GLOBALS['phpgw_info']['server']['ldap_group_id'])
-					{
-						$entry['gidnumber'] = $GLOBALS['phpgw_info']['server']['ldap_group_id'];
-					}
-					else
-					{
-						$entry['gidnumber'] = $account_id;
-					}
+					$entry['uid']       	= $account_info['account_lid'];
+					$entry['uidnumber'] 	= $account_id;
+					$entry['gidnumber']	= $account_info['account_primary_group'];
 					$entry['userpassword']   = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
 					$entry['objectclass'][0] = 'top';
 					$entry['objectclass'][1] = 'person';
@@ -869,7 +879,7 @@
 					$entry['phpgwaccountexpires']   = $account_info['account_expires'];
 				}
 
-				/* _debug_array($entry);exit; */
+				#_debug_array($entry);exit;
 
 				ldap_add($this->ds, $dn, $entry);
 			}
@@ -881,21 +891,33 @@
 				// search for the group
 				$filter 	= 'gidnumber='.$value;
 				$justThese 	= array('memberuid');
-				$sri = ldap_search($this->ds, $this->group_context, 'gidnumber='.$value, $justThese);
+				$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
 				if($sri)
 				{
 					$allValues = ldap_get_entries($this->ds, $sri);
 					// if the user is not member of this group, add him
-					if(!in_array($account_info['account_lid'],$allValues[0]['memberuid']))
+					if(is_array($allValues[0]['memberuid']))
 					{
+						// this group has already some members
+						if(!in_array($account_info['account_lid'],$allValues[0]['memberuid']))
+						{
+							$dn = $allValues[0]['dn'];
+							$newData = array();
+							$newData['memberuid'] = $allValues[0]['memberuid'];
+							unset($newData['memberuid']['count']);
+							$newData['memberuid'][]	= $account_info['account_lid'];
+							$newData['memberuid'] = array_unique($newData['memberuid']);
+							ldap_mod_replace($this->ds, $dn, $newData);
+							#print ldap_error($this->ds)."<br>";
+						}
+					}
+					else
+					{
+						// this group has no members
 						$dn = $allValues[0]['dn'];
 						$newData = array();
-						$newData['memberuid'] = $allValues[0]['memberuid'];
-						unset($newData['memberuid']['count']);
-						$newData['memberuid'][]	= $account_info['account_lid'];
-						$newData['memberuid'] = array_unique($newData['memberuid']);
+						$newData['memberuid'][] = $account_info['account_lid'];
 						ldap_mod_replace($this->ds, $dn, $newData);
-						#print ldap_error($this->ds)."<br>";
 					}
 				}
 			}
diff --git a/phpgwapi/inc/class.common.inc.php b/phpgwapi/inc/class.common.inc.php
index d0684647b2..e6eb64ad01 100644
--- a/phpgwapi/inc/class.common.inc.php
+++ b/phpgwapi/inc/class.common.inc.php
@@ -259,7 +259,12 @@
 				printf("<b>Error: Can't connect to LDAP server %s!</b><br>",$host);
 				return False;
 			}
-
+			
+			if($GLOBALS['phpgw_info']['server']['ldap_version3'])
+			{	
+				ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
+			}
+			
 			// bind as admin, we not to able to do everything
 			if (! ldap_bind($ds,$dn,$passwd))
 			{