* * and Lars Kneschke * * View and manipulate account records using LDAP * * Copyright (C) 2000, 2001 Joseph Engo * * -------------------------------------------------------------------------* * This library is part of the phpGroupWare API * * http://www.phpgroupware.org/api * * ------------------------------------------------------------------------ * * This library is free software; you can redistribute it and/or modify it * * under the terms of the GNU Lesser General Public License as published by * * the Free Software Foundation; either version 2.1 of the License, * * or any later version. * * This library is distributed in the hope that it will be useful, but * * WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * * See the GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * * along with this library; if not, write to the Free Software Foundation, * * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * \**************************************************************************/ /* $Id$ */ // Dont know where to put this (seek3r) // This is where it belongs (jengo) // This is where it ended up (milosch) /* Since LDAP will return system accounts, there are a few we don't want to login. */ $phpgw_info["server"]["global_denied_users"] = array( 'root' => True, 'bin' => True, 'daemon' => True, 'adm' => True, 'lp' => True, 'sync' => True, 'shutdown' => True, 'halt' => True, 'ldap' => True, 'mail' => True, 'news' => True, 'uucp' => True, 'operator' => True, 'games' => True, 'gopher' => True, 'nobody' => True, 'xfs' => True, 'pgsql' => True, 'mysql' => True, 'postgres' => True, 'oracle' => True, 'ftp' => True, 'gdm' => True, 'named' => True, 'alias' => True, 'web' => True, 'sweep' => True, 'cvs' => True, 'qmaild' => True, 'qmaill' => True, 'qmaillog' => True, 'qmailp' => True, 'qmailq' => True, 'qmailr' => True, 'qmails' => True ); $phpgw_info["server"]["global_denied_groups"] = array( 'root' => True, 'bin' => True, 'daemon' => True, 'sys' => True, 'adm' => True, 'tty' => True, 'disk' => True, 'lp' => True, 'mem' => True, 'kmem' => True, 'wheel' => True, 'mail' => True, 'uucp' => True, 'man' => True, 'games' => True, 'dip' => True, 'ftp' => True, 'nobody' => True, 'floppy' => True, 'xfs' => True, 'console' => True, 'utmp' => True, 'pppusers' => True, 'popusers' => True, 'slipusers' => True, 'slocate' => True, 'mysql' => True, 'dnstools' => True, 'web' => True, 'named' => True, 'dba' => True, 'oinstall' => True, 'oracle' => True, 'gdm' => True, 'sweep' => True, 'cvs' => True, 'postgres' => True, 'qmail' => True, 'nofiles' => True, 'ldap' => True ); class accounts_ { var $db; var $account_id; var $acct_type = ''; var $data; function accounts_() { global $phpgw; $this->db = $phpgw->db; } function read_repository() { global $phpgw, $phpgw_info; // get a ldap connection handle $ds = $phpgw->common->ldapConnect(); $acct_type = $this->get_type($this->account_id); // search the dn for the given uid if ( ($acct_type == "g") && $phpgw_info["server"]["ldap_group_context"] ) { $sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "gidnumber=".$this->account_id); } else { $sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uidnumber=".$this->account_id); } $allValues = ldap_get_entries($ds, $sri); /* Now dump it into the array; take first entry found */ if($acct_type =='g') { $this->data["account_id"] = $allValues[0]["gidnumber"][0]; $this->data["account_lid"] = $allValues[0]["cn"][0]; } else { $this->data["account_id"] = $allValues[0]["uidnumber"][0]; $this->data["account_lid"] = $allValues[0]["uid"][0]; } $this->data["account_dn"] = $allValues[0]["dn"]; $this->data["firstname"] = $allValues[0]["givenname"][0]; $this->data["lastname"] = $allValues[0]["sn"][0]; $this->data["fullname"] = $allValues[0]["cn"][0]; if ($phpgw_info["server"]["ldap_extra_attributes"]) { $this->data["homedirectory"] = $allValues[0]["homedirectory"][0]; $this->data["loginshell"] = $allValues[0]["loginshell"][0]; } $this->db->query("select * from phpgw_accounts where account_id='" . $this->data["account_id"] . "'",__LINE__,__FILE__); $this->db->next_record(); $this->data["lastlogin"] = $this->db->f("account_lastlogin"); $this->data["lastloginfrom"] = $this->db->f("account_lastloginfrom"); $this->data["lastpasswd_change"] = $this->db->f("account_lastpwd_change"); $this->data["status"] = $this->db->f("account_status"); $this->data["account_type"] = $this->db->f("account_type"); return $this->data; } function save_repository() { global $phpgw_info, $phpgw; $ds = $phpgw->common->ldapConnect(); $acct_type = $this->get_type($this->account_id); // search the dn for the given u/gidnumber if ( ($acct_type == "g") && $phpgw_info["server"]["ldap_group_context"] ) { $sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "gidnumber=".$this->account_id); } else { $sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uidnumber=".$this->account_id); } $allValues = ldap_get_entries($ds, $sri); $entry["cn"] = sprintf("%s %s", $this->data["firstname"], $this->data["lastname"]); $entry["sn"] = $this->data["lastname"]; $entry["givenname"] = $this->data["firstname"]; if ($phpgw_info["server"]["ldap_extra_attributes"]) { $entry["homedirectory"] = $this->data["homedirectory"]; $entry["loginshell"] = $this->data["loginshell"]; } // Changing the uid: Need to delete and add new, since // PHP cannot change the dn for the entry. if ($acct_type == 'g') { $test = $allValues[0]["cn"][0]; } else { $test = $allValues[0]["uid"][0]; } if ($test != $this->data["account_lid"]) { ldap_delete($ds,$allValues[0]["dn"]); unset($allValues[0]["dn"]); while (list($key,$val) = each($allValues[0])) { // Don't include row count and headers if (gettype($key) == "string" && $key != "count") { if (is_array($val)) { if (count($val) == 1) { if($val[0]) { $entry[$key] = $val[0]; } } else { for ($i=0;$idata["account_type"] == "g" && $phpgw_info["server"]["ldap_group_context"] ) { $dn = 'cn='.$this->data["account_lid"].','.$phpgw_info["server"]["ldap_group_context"]; $entry["cn"] = $this->data["account_lid"]; $entry["gidnumber"] = $this->data["account_id"]; //$entry["objectclass"] = ""; $entry["objectclass"][0] = 'top'; $entry["objectclass"][1] = 'posixGroup'; $members = $this->members($this->data["account_id"]); $entry["memberuid"] = array(); for ($i=0;$iid2name($members[$i]['account_id']); if (!$this->isin_array($currname,$entry["memberuid"])) { $entry["memberuid"][] = $currname; } } } // Accounts else { $dn = 'uid='.$this->data["account_lid"].','.$phpgw_info["server"]["ldap_context"]; $entry["uidnumber"] = $this->data["account_id"]; $entry["cn"] = sprintf("%s %s", $this->data["firstname"], $this->data["lastname"]); $entry["uid"] = $this->data["account_lid"]; $entry["givenname"] = $this->data["firstname"]; $entry["sn"] = $this->data["lastname"]; $entry["objectclass"] = ""; $entry["objectclass"][0] = 'top'; $entry["objectclass"][1] = 'person'; $entry["objectclass"][2] = 'organizationalPerson'; $entry["objectclass"][3] = 'inetOrgPerson'; //$entry["objectclass"][4] = 'account'; Causes problems with some LDAP servers $entry["objectclass"][4] = 'posixAccount'; $entry["objectclass"][5] = 'shadowAccount'; if ($phpgw_info["server"]["ldap_extra_attributes"]) { $entry["homedirectory"] = $this->data["homedirectory"]; $entry["loginshell"] = $this->data["loginshell"]; } } /* echo '
dn: '.$dn; while (list($key,$val) = each($entry)) { if (is_array($val)) { for ($i=0;$i\n".$key.': '.$val[$i]; } } } else { if ($val) { echo '
'.$key.': '.$val; } } } exit;*/ ldap_add($ds, $dn, $entry); } // Normal behavior for save_repository else { if ($this->data["account_type"] == "g" && $phpgw_info["server"]["ldap_group_context"] ) { $members = $this->members($this->data["account_id"]); $entry["memberuid"] = array(); for ($i=0;$iid2name($members[$i]['account_id']); //$currname = "@@".$this->id2name($members[$i]['account_id'])."@@"; $currname = $this->id2name($members[$i]['account_id']); //if (!ereg($currname, "@@" . join("@@", $entry["memberuid"]) . "@@")) if (!$this->isin_array($currname,$entry["memberuid"])) { $entry["memberuid"][] = $currname; } } unset($entry["givenname"]); unset($entry["sn"]); } while (list($key,$val) = each($entry)) { $tmpentry = ''; if(is_array($val)) { $tmpentry[$key] = $val; } else { $tmpentry[$key] = trim($val); // must trim! } //echo '
'.$key.' '.$val; if ($tmpentry[$key] && $key) { if (!$allValues[0][$key][0]) { // attribute was not in LDAP, add it ldap_mod_add($ds, $allValues[0]["dn"], $tmpentry); } else { // attribute was in LDAP, modify it ldap_modify($ds, $allValues[0]["dn"], $tmpentry); } } } } $this->db->query("UPDATE phpgw_accounts SET account_lid='" . $this->data['account_lid'] . "', account_firstname='" . $this->data['firstname'] . "', account_lastname='" . $this->data['lastname'] . "', account_status='" . $this->data['status'] . "' where account_id='" . $this->account_id . "'",__LINE__,__FILE__); } function isin_array($needle,$haystack=array()) { for($i=0;$icreate($account_name, $account_type, $first_name, $last_name, $passwd); } function delete($accountid = '') { global $phpgw, $phpgw_info; $account_id = get_account_id($accountid); $account_lid = $this->id2name($account_id); $ds = $phpgw->common->ldapConnect(); $sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], 'uid='.$account_lid); $allValues = ldap_get_entries($ds, $sri); if ($allValues[0]['dn']) { $del = ldap_delete($ds, $allValues[0]['dn']); } else { $sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], 'cn='.$account_lid); $allValues = ldap_get_entries($ds, $sri); if ($allValues[0]['dn']) { $del = ldap_delete($ds, $allValues[0]['dn']); } } // Do this last since we are depending upon this record to get the account_lid above $tables_array = Array('phpgw_accounts'); $this->db->lock($tables_array); $this->db->query('DELETE FROM phpgw_accounts WHERE account_id='.$account_id); $this->db->unlock(); } function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '') { global $phpgw,$phpgw_info; if ($offset) { $limitclause = $phpgw->db->limit($start,$offset); } elseif ($start && !$offset) { $limitclause = $phpgw->db->limit($start); } if (! $sort) { $sort = "desc"; } if ($order) { $orderclause = "order by $order $sort"; } else { $orderclause = "order by account_lid,account_lastname,account_firstname asc"; } $ds = $phpgw->common->ldapConnect(); switch($_type) { case 'accounts': $whereclause = "where account_type = 'u'"; break; case 'groups': $whereclause = "where account_type = 'g'"; break; default: $whereclause = ""; } $sql = "select * from phpgw_accounts $whereclause $orderclause $limitclause"; $this->db->query($sql,__LINE__,__FILE__); while ($this->db->next_record()) { // get user information from ldap only, if it's a user, not a group if ($this->db->f("account_type") == 'u') { $sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uidnumber=".$this->db->f("account_id")); $allValues = ldap_get_entries($ds, $sri); $accounts[] = Array( "account_id" => $allValues[0]["uidnumber"][0], "account_lid" => $allValues[0]["uid"][0], "account_type" => $this->db->f("account_type"), "account_firstname" => $allValues[0]["givenname"][0], "account_lastname" => $allValues[0]["sn"][0], "account_status" => $this->db->f("account_status") ); } else { $sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "gidnumber=".$this->db->f("account_id")); $allValues = ldap_get_entries($ds, $sri); $accounts[] = Array( "account_id" => $allValues[0]["gidnumber"][0], "account_lid" => $allValues[0]["cn"][0], "account_type" => $this->db->f("account_type"), "account_firstname" => $this->db->f("account_firstname"), "account_lastname" => $this->db->f("account_lastname"), "account_status" => $this->db->f("account_status") ); } } return $accounts; } function name2id($account_lid) { global $phpgw, $phpgw_info; $this->db->query("SELECT account_id FROM phpgw_accounts WHERE account_lid='".$account_lid."'",__LINE__,__FILE__); if($this->db->num_rows()) { $this->db->next_record(); return intval($this->db->f('account_id')); } else { return False; } } function id2name($account_id) { global $phpgw, $phpgw_info; $this->db->query("SELECT account_lid FROM phpgw_accounts WHERE account_id='".$account_id."'",__LINE__,__FILE__); if($this->db->num_rows()) { $this->db->next_record(); return $this->db->f('account_lid'); } else { return False; } } function get_type($accountid = '') { global $phpgw, $phpgw_info; $account_id = get_account_id($accountid); $this->db->query("SELECT account_type FROM phpgw_accounts WHERE account_id='".$account_id."'",__LINE__,__FILE__); if ($this->db->num_rows()) { $this->db->next_record(); return $this->db->f("account_type"); } else { return False; } } function exists($account_lid) { global $phpgw, $phpgw_info; if(gettype($account_lid) == 'integer') { $account_id = $account_lid; settype($account_lid,'string'); $account_lid = $this->id2name($account_id); $searchlid = 0; } else { $searchlid = 1; $account_id = $this->name2id($account_lid); } if($searchlid) { //echo '
searching SQL for lid: '.$account_lid; $this->db->query("SELECT count(*) FROM phpgw_accounts WHERE account_lid='".$account_lid."'",__LINE__,__FILE__); } else { //echo '
searching SQL for id: '.$account_id; $this->db->query("SELECT count(*) FROM phpgw_accounts WHERE account_id=".$account_id,__LINE__,__FILE__); } $this->db->next_record(); if ($this->db->f(0)) { $insql = True; //echo ' - found in SQL'; } else { $insql = False; //echo ' - not found in SQL'; } $ds = $phpgw->common->ldapConnect(); $acct_type = $this->acct_type; if ($acct_type == 'g' && $phpgw_info["server"]["ldap_group_context"]) { if($searchlid) { //echo '
searching LDAP groups for lid: '.$account_lid; $sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "cn=".$account_lid); } else { //echo '
searching LDAP groups for id: '.$account_id; $sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "gidnumber=".$account_id); } } else { if($searchlid) { //echo '
searching LDAP accounts for lid: '.$account_lid; $sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uid=".$account_lid); } else { //echo '
searching LDAP accounts for id: '.$account_id; $sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uidnumber=".$account_id); } } $allValues = ldap_get_entries($ds, $sri); if ($allValues[0]["dn"]) { $inldap = True; //echo ' - found in LDAP'; } else { $inldap = False; //echo ' - not found in LDAP'; } $rtrn = $insql || $inldap; return $rtrn; } function create($account_type, $account_lid, $account_pwd, $account_firstname, $account_lastname, $account_status, $account_id='',$account_home='',$account_shell='') { global $phpgw_info, $phpgw; $ds = $phpgw->common->ldapConnect(); $this->acct_type = $account_type; //echo '
in create for account_lid: "'.$account_lid.'"'; if (empty($account_id) || !$account_id) { $account_id = $this->get_nextid(); //echo '
using'.$account_id;exit; } $this->db->query("insert into phpgw_accounts (account_id, account_lid, account_type, account_pwd, " . "account_firstname, account_lastname, account_status) values ('" . $account_id . "','" . $account_lid . "','" . $account_type . "','" . md5($account_pwd) . "', '" . $account_firstname . "','" . $account_lastname . "','" . $account_status . "')",__LINE__,__FILE__); if ($account_type == "g") { $sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "cn=$account_lid"); } else { $sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uid=$account_lid"); } $allValues = ldap_get_entries($ds, $sri); if ($phpgw_info["server"]["ldap_extra_attributes"] && $account_type != 'g') { if ($account_home) { $entry["homedirectory"] = $account_home; } else { $entry["homedirectory"] = $phpgw_info["server"]["ldap_account_home"].SEP.$account_lid; } if ($account_shell) { $entry["loginshell"] = $account_shell; } else { $entry["loginshell"] = $phpgw_info["server"]["ldap_account_shell"]; } } if ($allValues[0]["dn"]) { // This should keep the password from being overwritten here on ldap import unset($entry["userpassword"]); $entry["gidnumber"] = $account_id; while (list($key,$val) = each($entry)) { $tmpentry = ''; $tmpentry[$key] = trim($val); // must trim! //echo '
'.$key.' '.$val; if ($tmpentry[$key]) { if (!$allValues[0][$key][0]) { // attribute was not in LDAP, add it ldap_mod_add($ds, $allValues[0]["dn"], $tmpentry); } else { // attribute was in LDAP, modify it ldap_modify($ds, $allValues[0]["dn"], $tmpentry); } } } if ($account_type == "g") { $tmpentry["objectclass"][0] = 'top'; $tmpentry["objectclass"][1] = 'posixGroup'; } else { $tmpentry["uidnumber"] = $account_id; $tmpentry["objectclass"][0] = 'top'; $tmpentry["objectclass"][1] = 'person'; $tmpentry["objectclass"][2] = 'organizationalPerson'; $tmpentry["objectclass"][3] = 'inetOrgPerson'; $tmpentry["userpassword"] = $phpgw->common->encrypt_password($account_pwd); //$tmpentry["objectclass"][4] = 'account'; Causes problems with some LDAP servers $tmpentry["objectclass"][5] = 'posixAccount'; $tmpentry["objectclass"][6] = 'shadowAccount'; } ldap_modify($ds, $allValues[0]["dn"], $tmpentry); } else { // Not already there, we will add it if ($account_type == "g") { $dn = 'cn='.$account_lid.','.$phpgw_info["server"]["ldap_group_context"]; unset($entry["homedirectory"]); unset($entry["loginshell"]); $entry["objectclass"][0] = 'top'; $entry["objectclass"][1] = 'posixGroup'; $entry["cn"] = $account_lid; $entry["gidnumber"] = $account_id; $entry["userpassword"] = $phpgw->common->encrypt_password($account_pwd); $entry["description"] = 'phpgw-created group'; } else { $dn = 'uid=' . $account_lid . ',' . $phpgw_info["server"]["ldap_context"]; $entry["cn"] = sprintf("%s %s", $account_firstname, $account_lastname); $entry["sn"] = $account_lastname; $entry["givenname"] = $account_firstname; $entry["uid"] = $account_lid; $entry["uidnumber"] = $account_id; if ($phpgw_info["server"]["ldap_group_id"]) { $entry["gidnumber"] = $phpgw_info["server"]["ldap_group_id"]; } else { $entry["gidnumber"] = $account_id; } $entry["userpassword"] = $phpgw->common->encrypt_password($account_pwd); $entry["objectclass"][0] = 'top'; $entry["objectclass"][1] = 'person'; $entry["objectclass"][2] = 'organizationalPerson'; $entry["objectclass"][3] = 'inetOrgPerson'; //$entry["objectclass"][4] = 'account'; Causes problems with some LDAP servers $entry["objectclass"][4] = 'posixAccount'; $entry["objectclass"][5] = 'shadowAccount'; } /* echo '
dn: '.$dn; while (list($key,$val) = each($entry)) { if (is_array($val)) { for ($i=0;$i\nline ".$key.': '.$val[$i]; } } } else { if ($val) { echo '
line '.$key.': '.$val; } } } //exit; */ ldap_add($ds, $dn, $entry); } //print ldap_error($ds); } function auto_add($account_name, $passwd, $default_prefs=False, $default_acls= False) { print "not done yet auto_generate class.accounts_ldap.inc.php
"; exit(); global $phpgw, $phpgw_info; $accountid = $this->get_nextid(); if ($defaultprefs =="") { $defaultprefs = 'a:5:{s:6:"common";a:10:{s:9:"maxmatchs";s:2:"15";s:12:"template_set";s:8:"verdilak";s:5:"theme";s:6:"purple";s:13:"navbar_format";s:5:"icons";s:9:"tz_offset";N;s:10:"dateformat";s:5:"m/d/Y";s:10:"timeformat";s:2:"12";s:4:"lang";s:2:"en";s:11:"default_app";N;s:8:"currency";s:1:"$";}s:11:"addressbook";a:1:{s:0:"";s:4:"True";}:s:8:"calendar";a:4:{s:13:"workdaystarts";s:1:"7";s:11:"workdayends";s:2:"15";s:13:"weekdaystarts";s:6:"Monday";s:15:"defaultcalendar";s:9:"month.php";}}'; // $defaultprefs = 'a:5:{s:6:"common";a:1:{s:0:"";s:2:"en";}s:11:"addressbook";a:1:{s:0:"";s:4:"True";}s:8:"calendar";a:1:{s:0:"";s:13:"workdaystarts";}i:15;a:1:{s:0:"";s:11:"workdayends";}s:6:"Monday";a:1:{s:0:"";s:13:"weekdaystarts";}}'; } $sql = "insert into phpgw_accounts"; $sql .= "(account_id, account_lid, account_pwd, account_firstname, account_lastname, account_lastpwd_change, account_status, account_type)"; $sql .= "values (".$accountid.", '".$accountname."', '".md5($passwd)."', '".$accountname."', 'AutoCreated', ".time().", 'A','u')"; $this->db->query($sql); $this->db->query(" insert into phpgw_preferences (preference_owner, preference_value) values ('".$accountid."', '$defaultprefs')"); $this->db->query(" insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights) values('preferences', 'changepassword', ".$accountid.", 'u', 1)",__LINE__,__FILE__); $this->db->query(" insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights) values('phpgw_group', '1', ".$accountid.", 'u', 1)",__LINE__,__FILE__); $this->db->query(" insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights) values('addressbook', 'run', ".$accountid.", 'u', 1)",__LINE__,__FILE__); $this->db->query(" insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights) values('filemanager', 'run', ".$accountid.", 'u', 1)",__LINE__,__FILE__); $this->db->query(" insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights) values('calendar', 'run', ".$accountid.", 'u', 1)",__LINE__,__FILE__); $this->db->query(" insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights) values('email', 'run', ".$accountid.", 'u', 1)",__LINE__,__FILE__); $this->db->query(" insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights) values('notes', 'run', ".$accountid.", 'u', 1)",__LINE__,__FILE__); $this->db->query(" insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights) values('todo', 'run', ".$accountid.", 'u', 1)",__LINE__,__FILE__); return $accountid; } function getDNforID($_accountid = '') { global $phpgw; $_account_id = get_account_id($_accountid); $ds = $phpgw->common->ldapConnect(); $sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uidnumber=$_account_id"); $allValues = ldap_get_entries($ds, $sri); return $allValues[0]["dn"]; } }