diff --git a/phpgwapi/inc/class.accounts_ldap_wip.inc.php b/phpgwapi/inc/class.accounts_ldap_wip.inc.php index 16eda8936f..46378569a0 100644 --- a/phpgwapi/inc/class.accounts_ldap_wip.inc.php +++ b/phpgwapi/inc/class.accounts_ldap_wip.inc.php @@ -28,7 +28,7 @@ // This is where it belongs (jengo) // This is where it ended up (milosch) /* Since LDAP will return system accounts, there are a few we don't want to login. */ - $phpgw_info["server"]["global_denied_users"] = array( + $phpgw_info['server']['global_denied_users'] = array( 'root' => True, 'bin' => True, 'daemon' => True, 'adm' => True, 'lp' => True, 'sync' => True, 'shutdown' => True, 'halt' => True, 'ldap' => True, @@ -46,7 +46,7 @@ 'ident' => True, 'mailnull' => True ); - $phpgw_info["server"]["global_denied_groups"] = array( + $phpgw_info['server']['global_denied_groups'] = array( 'root' => True, 'bin' => True, 'daemon' => True, 'sys' => True, 'adm' => True, 'tty' => True, 'disk' => True, 'lp' => True, 'mem' => True, @@ -68,6 +68,7 @@ var $account_id; var $acct_type = ''; var $data; + var $total; function accounts_() { @@ -114,12 +115,12 @@ $this->data["loginshell"] = $allValues[0]["loginshell"][0]; } - $this->data['lastlogin'] = $allValues[0]['phpgwlastlogin'][0]; - $this->data['lastloginfrom'] = $allValues[0]['phpgwlastloginfrom'][0]; + $this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0]; + $this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0]; $this->data['lastpasswd_change'] = $allValues[0]['phpgwlastpasswdchange'][0]; $this->data['status'] = $allValues[0]['phpgwaccountstatus'][0]; $this->data['type'] = $allValues[0]['phpgwaccounttype'][0]; - $this->data['expires'] = $allValues[0]['phpgwexpires'][0]; + $this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0]; return $this->data; } @@ -145,12 +146,12 @@ $entry['cn'] = sprintf("%s %s", $this->data['firstname'], $this->data['lastname']); $entry['sn'] = $this->data['lastname']; $entry['givenname'] = $this->data['firstname']; - $entry['phpgwlastlogin'] = $this->data['lastlogin']; - $entry['phpgwlastloginfrom'] = $this->data['lastloginfrom']; + $entry['phpgwaccountlastlogin'] = $this->data['lastlogin']; + $entry['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom']; $entry['phpgwlastpasswdchange'] = $this->data['lastpasswd_change']; $entry['phpgwaccountstatus'] = $this->data['status']; $entry['phpgwaccounttype'] = $this->data['type']; - $entry['phpgwexpires'] = $this->data['expires']; + $entry['phpgwaccountexpires'] = $this->data['expires']; if ($phpgw_info["server"]["ldap_extra_attributes"]) { @@ -229,6 +230,7 @@ //$entry["objectclass"][4] = 'account'; Causes problems with some LDAP servers $entry["objectclass"][4] = 'posixAccount'; $entry["objectclass"][5] = 'shadowAccount'; + $entry["objectclass"][6] = 'phpgwAccount'; if ($phpgw_info["server"]["ldap_extra_attributes"]) { @@ -369,37 +371,45 @@ if ($_type == 'both' || $_type == 'accounts') { - $sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], '|((uidnumber=*)(phpgwaccounttype=u))'); + $sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], '(&(uidnumber=*)(phpgwaccounttype=u))'); $allValues = ldap_get_entries($ds, $sri); - while ($allVals = @each($allValues)) + while (list($null,$allVals) = @each($allValues)) { - $accounts[] = Array( - 'account_id' => $allVals['uidnumber'][0], - 'account_lid' => $allVals['uid'][0], - 'account_type' => $allVals['phpgwaccounttype'], - 'account_firstname' => $allVals['givenname'][0], - 'account_lastname' => $allVals['sn'][0], - 'account_status' => $allVals['phpgwaccountstatus'][0] - ); + $test = $allVals['uid'][0]; + if (!$phpgw_info['server']['global_denied_users'][$test]) + { + $accounts[] = Array( + 'account_id' => $allVals['uidnumber'][0], + 'account_lid' => $allVals['uid'][0], + 'account_type' => $allVals['phpgwaccounttype'], + 'account_firstname' => $allVals['givenname'][0], + 'account_lastname' => $allVals['sn'][0], + 'account_status' => $allVals['phpgwaccountstatus'][0] + ); + } } } elseif ($_type == 'both' || $_type == 'groups') { - $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], '|((gidnumber=*)(phpgwaccounttype=g))'); + $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], '(|(gidnumber=*)(phpgwaccounttype=g))'); $allValues = ldap_get_entries($ds, $sri); - while ($allVals = @each($allValues)) + while (list($null,$allVals) = @each($allValues)) { - $accounts[] = Array( - 'account_id' => $allVals['gidnumber'][0], - 'account_lid' => $allVals['uid'][0], - 'account_type' => $allVals['phpgwaccounttype'], - 'account_firstname' => $allVals['givenname'][0], - 'account_lastname' => $allVals['sn'][0], - 'account_status' => $allVals['phpgwaccountstatus'][0] - ); + $test = $allVals['cn'][0]; + if (!$phpgw_info['server']['global_denied_groups'][$test]) + { + $accounts[] = Array( + 'account_id' => $allVals['gidnumber'][0], + 'account_lid' => $allVals['cn'][0], + 'account_type' => $allVals['phpgwaccounttype'], + 'account_firstname' => $allVals['givenname'][0], + 'account_lastname' => $allVals['sn'][0], + 'account_status' => $allVals['phpgwaccountstatus'][0] + ); + } } } - + $this->total = count($accounts); return $accounts; } @@ -407,33 +417,48 @@ { global $phpgw, $phpgw_info; - $this->db->query("SELECT account_id FROM phpgw_accounts WHERE account_lid='".$account_lid."'",__LINE__,__FILE__); - - if($this->db->num_rows()) + $ds = $phpgw->common->ldapConnect(); + $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], "uid=$account_lid"); + $allValues = ldap_get_entries($ds, $sri); + + if ($allValues[0]['uidnumber'][0]) { - $this->db->next_record(); - return intval($this->db->f('account_id')); - } - else + return $allValues[0]['uidnumber'][0]; + } + + $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], "cn=$account_id"); + $allValues = ldap_get_entries($ds, $sri); + + if ($allValues[0]['gidnumber'][0]) { - return False; + return $allValues[0]['gidnumber'][0]; } + + return False; } function id2name($account_id) { global $phpgw, $phpgw_info; - - $this->db->query("SELECT account_lid FROM phpgw_accounts WHERE account_id='".$account_id."'",__LINE__,__FILE__); - if($this->db->num_rows()) + + $ds = $phpgw->common->ldapConnect(); + $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], "uidnumber=$account_id"); + $allValues = ldap_get_entries($ds, $sri); + + if ($allValues[0]['uid'][0]) { - $this->db->next_record(); - return $this->db->f('account_lid'); + return $allValues[0]['uid'][0]; } - else + + $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], "gidnumber=$account_id"); + $allValues = ldap_get_entries($ds, $sri); + + if ($allValues[0]['uid'][0]) { - return False; + return $allValues[0]['uid'][0]; } + + return False; } function get_type($accountid = '') @@ -441,16 +466,27 @@ global $phpgw, $phpgw_info; $account_id = get_account_id($accountid); - $this->db->query("SELECT account_type FROM phpgw_accounts WHERE account_id='".$account_id."'",__LINE__,__FILE__); - if ($this->db->num_rows()) + $ds = $phpgw->common->ldapConnect(); + + $sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uid=$account_id"); + $allValues = ldap_get_entries($ds, $sri); + + if ($allValues[0]['phpgwaccounttype'][0]) { - $this->db->next_record(); - return $this->db->f("account_type"); + return $allValues[0]['phpgwaccounttype'][0]; } - else + + $allValues = array*(); + + $sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "cn=$account_id"); + $allValues = ldap_get_entries($ds, $sri); + + if ($allValues[0]['phpgwaccounttype'][0]) { - return False; + return $allValues[0]['phpgwaccounttype'][0]; } + + return False; } function exists($account_lid) @@ -525,12 +561,12 @@ //echo '
using'.$account_id;exit; } $entry['userpasswd'] = $account_info['passwd']; - $entry['phpgwlastlogin'] = $account_info['lastlogin']; - $entry['phpgwlastloginfrom'] = $account_info['lastloginfrom']; + $entry['phpgwaccountlastlogin'] = $account_info['lastlogin']; + $entry['phpgwaccountlastloginfrom'] = $account_info['lastloginfrom']; $entry['phpgwlastpasswdchange'] = $account_info['lastpasswd_change']; $entry['phpgwaccountstatus'] = $account_info['status']; $entry['phpgwaccounttype'] = $account_info['type']; - $entry['phpgwexpires'] = $account_info['expires']; + $entry['phpgwaccountexpires'] = $account_info['expires']; if ($account_type == "g") { @@ -603,14 +639,15 @@ $tmpentry["objectclass"][3] = 'inetOrgPerson'; $tmpentry["userpassword"] = $phpgw->common->encrypt_password($account_info['passwd']); //$tmpentry["objectclass"][4] = 'account'; Causes problems with some LDAP servers - $tmpentry["objectclass"][5] = 'posixAccount'; - $tmpentry["objectclass"][6] = 'shadowAccount'; - $tmpentry['phpgwlastlogin'] = $account_info['lastlogin']; - $tmpentry['phpgwlastloginfrom'] = $account_info['lastloginfrom']; + $tmpentry["objectclass"][4] = 'posixAccount'; + $tmpentry["objectclass"][5] = 'shadowAccount'; + $tmpentry["objectclass"][6] = 'phpgwAccount'; + $tmpentry['phpgwaccountlastlogin'] = $account_info['lastlogin']; + $tmpentry['phpgwaccountlastloginfrom'] = $account_info['lastloginfrom']; $tmpentry['phpgwlastpasswdchange'] = $account_info['lastpasswd_change']; $tmpentry['phpgwaccountstatus'] = $account_info['status']; $tmpentry['phpgwaccounttype'] = $account_info['account_type']; - $tmpentry['phpgwexpires'] = $account_info['expires']; + $tmpentry['phpgwaccountexpires'] = $account_info['expires']; } ldap_modify($ds, $allValues[0]["dn"], $tmpentry); } @@ -653,20 +690,9 @@ //$entry["objectclass"][4] = 'account'; Causes problems with some LDAP servers $entry["objectclass"][4] = 'posixAccount'; $entry["objectclass"][5] = 'shadowAccount'; + $entry["objectclass"][5] = 'phpgwAccount'; } -/* - echo '
dn: '.$dn; - while (list($key,$val) = each($entry)) { - if (is_array($val)) { - for ($i=0;$i\nline ".$key.': '.$val[$i]; } - } - } else { - if ($val) { echo '
line '.$key.': '.$val; } - } - } - //exit; -*/ + ldap_add($ds, $dn, $entry); } //print ldap_error($ds); diff --git a/phpgwapi/inc/class.auth_ldap_wip.inc.php b/phpgwapi/inc/class.auth_ldap_wip.inc.php new file mode 100644 index 0000000000..66c7424b51 --- /dev/null +++ b/phpgwapi/inc/class.auth_ldap_wip.inc.php @@ -0,0 +1,111 @@ + * + * and Joseph Engo * + * Authentication based on LDAP Server * + * Copyright (C) 2000, 2001 Joseph Engo * + * -------------------------------------------------------------------------* + * This library is part of the phpGroupWare API * + * http://www.phpgroupware.org/api * + * ------------------------------------------------------------------------ * + * This library is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as published by * + * the Free Software Foundation; either version 2.1 of the License, * + * or any later version. * + * This library is distributed in the hope that it will be useful, but * + * WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * + * See the GNU Lesser General Public License for more details. * + * You should have received a copy of the GNU Lesser General Public License * + * along with this library; if not, write to the Free Software Foundation, * + * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * + \**************************************************************************/ + + /* $Id$ */ + + class auth + { + var $previous_login = -1; + + function authenticate($username, $passwd) + { + global $phpgw_info, $phpgw; + // error_reporting MUST be set to zero, otherwise you'll get nasty LDAP errors with a bad login/pass... + // these are just "warnings" and can be ignored..... + error_reporting(0); + + $ldap = ldap_connect($phpgw_info['server']['ldap_host']); + + // find the dn for this uid, the uid is not always in the dn + $sri = ldap_search($ldap, $phpgw_info['server']['ldap_context'], 'uid='.$username); + $allValues = ldap_get_entries($ldap, $sri); + if ($allValues['count'] > 0) + { + // we only care about the first dn + $userDN = $allValues[0]['dn']; + + // generate a bogus password to pass if the user doesn't give us one + // this gets around systems that are anonymous search enabled + if (empty($passwd)) + { + $passwd = crypt(microtime()); + } + // try to bind as the user with user suplied password + if (ldap_bind($ldap,$userDN, $passwd)) + { + return True; + } + } + + // Turn error reporting back to normal + error_reporting(7); + + // dn not found or password wrong + return False; + } + + function change_password($old_passwd, $new_passwd, $_account_id='') + { + global $phpgw_info, $phpgw; + + if ($_account_id == '') + { + $_account_id = $phpgw_info['user']['account_id']; + } + + $ds = $phpgw->common->ldapConnect(); + $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], 'uidnumber=' . $_account_id); + $allValues = ldap_get_entries($ds, $sri); + + + $entry['userpassword'] = $phpgw->common->encrypt_password($new_passwd); + $dn = $allValues[0]["dn"]; + + if (!@ldap_modify($ds, $dn, $entry)) + { + return false; + } + $phpgw->session->appsession('password','phpgwapi',$new_passwd); + + return $encrypted_passwd; + } + + function update_lastlogin($_account_id, $ip) + { + global $phpgw_info, $phpgw; + + $entry['phpgwaccountlastlogin'] = time(); + $entry['phpgwaccountlastloginfrom'] = $ip; + + $ds = $phpgw->common->ldapConnect(); + $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], 'uidnumber=' . $_account_id); + $allValues = ldap_get_entries($ds, $sri); + + $dn = $allValues[0]['dn']; + $this->previous_login = $allValues[0]['phpgwaccountlastlogin'][0]; + + @ldap_modify($ds, $dn, $entry); + } + } +?>