mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-14 09:58:16 +01:00
fixed and extended auto_create_accounts: the following information from ldap are now automaticaly stored in the sql-account:
- name & firstname - primary group (if a group with that numerical id exists in eGW, its added as primary group to the account and acl) - numerical account-id (if availible, no new one gets created, but the one from ldap is used) - email (as preference for the email-app)
This commit is contained in:
parent
3a42857913
commit
eed94133c3
@ -9,7 +9,7 @@
|
|||||||
* Copyright (C) 2003 Joseph Engo, Bettina Gille *
|
* Copyright (C) 2003 Joseph Engo, Bettina Gille *
|
||||||
* ------------------------------------------------------------------------ *
|
* ------------------------------------------------------------------------ *
|
||||||
* This library is part of the eGroupWare API *
|
* This library is part of the eGroupWare API *
|
||||||
* http://www.egroupware.org *
|
* http://www.egroupware.org *
|
||||||
* ------------------------------------------------------------------------ *
|
* ------------------------------------------------------------------------ *
|
||||||
* This library is free software; you can redistribute it and/or modify it *
|
* This library is free software; you can redistribute it and/or modify it *
|
||||||
* under the terms of the GNU Lesser General Public License as published by *
|
* under the terms of the GNU Lesser General Public License as published by *
|
||||||
@ -277,11 +277,19 @@
|
|||||||
return $ret_val;
|
return $ret_val;
|
||||||
}
|
}
|
||||||
|
|
||||||
function create($account_info,$default_prefs=True)
|
function create($account_info)
|
||||||
{
|
{
|
||||||
$this->db->query('INSERT INTO phpgw_accounts (account_lid,account_type,account_pwd,'
|
if (isset($account_info['account_id']) && (!(int)$account_info['account_id'] || $this->id2name($account_info['account_id'])))
|
||||||
|
{
|
||||||
|
// account_id already used => discard it
|
||||||
|
unset($account_info['account_id']);
|
||||||
|
}
|
||||||
|
$this->db->query('INSERT INTO phpgw_accounts ('.(isset($account_info['account_id'])?'account_id,':'')
|
||||||
|
. 'account_lid,account_type,account_pwd,'
|
||||||
. 'account_firstname,account_lastname,account_status,account_expires,person_id,'
|
. 'account_firstname,account_lastname,account_status,account_expires,person_id,'
|
||||||
. "account_primary_group) VALUES ('".$this->db->db_addslashes($account_info['account_lid'])
|
. 'account_primary_group) VALUES ('
|
||||||
|
. (isset($account_info['account_id'])?(int)$account_info['account_id'].',':'')
|
||||||
|
. "'" . $this->db->db_addslashes($account_info['account_lid'])
|
||||||
. "','" . $this->db->db_addslashes($account_info['account_type'])
|
. "','" . $this->db->db_addslashes($account_info['account_type'])
|
||||||
. "','" . $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'], True)
|
. "','" . $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd'], True)
|
||||||
. "', '" . $this->db->db_addslashes($account_info['account_firstname'])
|
. "', '" . $this->db->db_addslashes($account_info['account_firstname'])
|
||||||
@ -293,12 +301,6 @@
|
|||||||
|
|
||||||
$accountid = $this->db->get_last_insert_id('phpgw_accounts','account_id');
|
$accountid = $this->db->get_last_insert_id('phpgw_accounts','account_id');
|
||||||
|
|
||||||
/* default prefs dont need to be set anymore
|
|
||||||
if($accountid && is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
|
|
||||||
{
|
|
||||||
$GLOBALS['phpgw']->preferences->create_defaults($accountid);
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
return $accountid;
|
return $accountid;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -329,21 +331,40 @@
|
|||||||
$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
|
$expires = mktime(2,0,0,date('n',$expiredate), (int)date('d',$expiredate), date('Y',$expiredate));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
|
||||||
|
$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
|
||||||
|
(int) $GLOBALS['auto_create_acct']['primary_group'] : 0;
|
||||||
|
|
||||||
$acct_info = array(
|
$acct_info = array(
|
||||||
|
'account_id' => (int) $GLOBALS['auto_create_acct']['id'],
|
||||||
'account_lid' => $accountname,
|
'account_lid' => $accountname,
|
||||||
'account_type' => 'u',
|
'account_type' => 'u',
|
||||||
'account_passwd' => $passwd,
|
'account_passwd' => $passwd,
|
||||||
'account_firstname' => '',
|
'account_firstname' => $GLOBALS['auto_create_acct']['firstname'],
|
||||||
'account_lastname' => '',
|
'account_lastname' => $GLOBALS['auto_create_acct']['lastname'],
|
||||||
'account_status' => $account_status,
|
'account_status' => $account_status,
|
||||||
'account_expires' => $expires
|
'account_expires' => $expires,
|
||||||
|
'account_primary_group' => $primary_group,
|
||||||
);
|
);
|
||||||
|
|
||||||
$this->db->transaction_begin();
|
$this->db->transaction_begin();
|
||||||
$this->create($acct_info,$default_prefs);
|
$this->create($acct_info);
|
||||||
$accountid = $this->name2id($accountname);
|
$accountid = $this->name2id($accountname);
|
||||||
|
// if we have a primary_group, add it as "regular" eGW group (via ACL) too
|
||||||
|
if ($accountid && $primary_group)
|
||||||
|
{
|
||||||
|
$this->db->query("insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_rights) values('phpgw_group', "
|
||||||
|
. $primary_group . ', ' . $accountid . ', 1)',__LINE__,__FILE__);
|
||||||
|
}
|
||||||
|
// if we have an mail address set it as email pref
|
||||||
|
if ($accountid && @$GLOBALS['auto_create_acct']['email'])
|
||||||
|
{
|
||||||
|
$GLOBALS['phpgw']->acl->acl($accountid); // needed als preferences::save_repository calls acl
|
||||||
|
$GLOBALS['phpgw']->preferences->preferences($accountid);
|
||||||
|
$GLOBALS['phpgw']->preferences->read_repository();
|
||||||
|
$GLOBALS['phpgw']->preferences->add('email','address',$GLOBALS['auto_create_acct']['email']);
|
||||||
|
$GLOBALS['phpgw']->preferences->save_repository();
|
||||||
|
}
|
||||||
if ($default_acls == False)
|
if ($default_acls == False)
|
||||||
{
|
{
|
||||||
$default_group_lid = $GLOBALS['phpgw_info']['server']['default_group_lid'];
|
$default_group_lid = $GLOBALS['phpgw_info']['server']['default_group_lid'];
|
||||||
@ -365,9 +386,7 @@
|
|||||||
'addressbook',
|
'addressbook',
|
||||||
'calendar',
|
'calendar',
|
||||||
'email',
|
'email',
|
||||||
'notes',
|
'infolog',
|
||||||
'todo',
|
|
||||||
'phpwebhosting',
|
|
||||||
'manual'
|
'manual'
|
||||||
) as $app)
|
) as $app)
|
||||||
{
|
{
|
||||||
|
@ -31,12 +31,6 @@
|
|||||||
|
|
||||||
function authenticate($username, $passwd)
|
function authenticate($username, $passwd)
|
||||||
{
|
{
|
||||||
/*
|
|
||||||
error_reporting MUST be set to zero, otherwise you'll get nasty LDAP errors with a bad login/pass...
|
|
||||||
these are just "warnings" and can be ignored.....
|
|
||||||
*/
|
|
||||||
error_reporting(0);
|
|
||||||
|
|
||||||
if (ereg('[()|&=*,<>!~]',$username))
|
if (ereg('[()|&=*,<>!~]',$username))
|
||||||
{
|
{
|
||||||
return False;
|
return False;
|
||||||
@ -60,7 +54,7 @@
|
|||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
/* find the dn for this uid, the uid is not always in the dn */
|
/* find the dn for this uid, the uid is not always in the dn */
|
||||||
$attributes = array('uid', 'dn');
|
$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber');
|
||||||
if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
|
if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
|
||||||
{
|
{
|
||||||
$filter = "(&(uid=$username)(phpgwaccountstatus=A))";
|
$filter = "(&(uid=$username)(phpgwaccountstatus=A))";
|
||||||
@ -69,8 +63,10 @@
|
|||||||
{
|
{
|
||||||
$filter = "(uid=$username)";
|
$filter = "(uid=$username)";
|
||||||
}
|
}
|
||||||
|
|
||||||
$sri = ldap_search($ldap, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $attributes);
|
$sri = ldap_search($ldap, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $attributes);
|
||||||
$allValues = ldap_get_entries($ldap, $sri);
|
$allValues = ldap_get_entries($ldap, $sri);
|
||||||
|
|
||||||
if ($allValues['count'] > 0)
|
if ($allValues['count'] > 0)
|
||||||
{
|
{
|
||||||
if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
|
if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
|
||||||
@ -96,16 +92,29 @@
|
|||||||
if ($GLOBALS['phpgw_info']['server']['account_repository'] != 'ldap')
|
if ($GLOBALS['phpgw_info']['server']['account_repository'] != 'ldap')
|
||||||
{
|
{
|
||||||
$account = CreateObject('phpgwapi.accounts',$username,'u');
|
$account = CreateObject('phpgwapi.accounts',$username,'u');
|
||||||
|
if (!$account->account_id && $GLOBALS['phpgw_info']['server']['auto_create_acct'])
|
||||||
|
{
|
||||||
|
// create a global array with all availible info about that account
|
||||||
|
$GLOBALS['auto_create_acct'] = array();
|
||||||
|
foreach(array(
|
||||||
|
'givenname' => 'firstname',
|
||||||
|
'sn' => 'lastname',
|
||||||
|
'uidnumber' => 'id',
|
||||||
|
'mail' => 'email',
|
||||||
|
'gidnumber' => 'primary_group',
|
||||||
|
) as $ldap_name => $acct_name)
|
||||||
|
{
|
||||||
|
$GLOBALS['auto_create_acct'][$acct_name] =
|
||||||
|
$GLOBALS['phpgw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
|
||||||
|
}
|
||||||
|
return True;
|
||||||
|
}
|
||||||
$data = $account->read_repository();
|
$data = $account->read_repository();
|
||||||
return $data['status'] == 'A';
|
return $data['status'] == 'A';
|
||||||
}
|
}
|
||||||
return True;
|
return True;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Turn error reporting back to normal */
|
|
||||||
error_reporting(7);
|
|
||||||
|
|
||||||
/* dn not found or password wrong */
|
/* dn not found or password wrong */
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
@ -133,20 +142,6 @@
|
|||||||
return $entry['userpassword'];
|
return $entry['userpassword'];
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This data needs to be updated in LDAP, not SQL (jengo) */
|
|
||||||
function old_update_lastlogin($account_id, $ip)
|
|
||||||
{
|
|
||||||
$GLOBALS['phpgw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id='$account_id'",__LINE__,__FILE__);
|
|
||||||
$GLOBALS['phpgw']->db->next_record();
|
|
||||||
$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin');
|
|
||||||
|
|
||||||
$now = time();
|
|
||||||
|
|
||||||
$GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
|
|
||||||
. "$ip', account_lastlogin='" . $now
|
|
||||||
. "' WHERE account_id='$account_id'",__LINE__,__FILE__);
|
|
||||||
}
|
|
||||||
|
|
||||||
function update_lastlogin($_account_id, $ip)
|
function update_lastlogin($_account_id, $ip)
|
||||||
{
|
{
|
||||||
$entry['phpgwaccountlastlogin'] = time();
|
$entry['phpgwaccountlastlogin'] = time();
|
||||||
|
Loading…
Reference in New Issue
Block a user