mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-24 17:04:14 +01:00
760 lines
26 KiB
PHP
760 lines
26 KiB
PHP
<?php
|
|
/**************************************************************************\
|
|
* phpGroupWare API - Accounts manager for LDAP *
|
|
* This file written by Joseph Engo <jengo@phpgroupware.org> *
|
|
* and Lars Kneschke <kneschke@phpgroupware.org> *
|
|
* View and manipulate account records using LDAP *
|
|
* Copyright (C) 2000, 2001 Joseph Engo *
|
|
* -------------------------------------------------------------------------*
|
|
* This library is part of the phpGroupWare API *
|
|
* http://www.phpgroupware.org/api *
|
|
* ------------------------------------------------------------------------ *
|
|
* This library is free software; you can redistribute it and/or modify it *
|
|
* under the terms of the GNU Lesser General Public License as published by *
|
|
* the Free Software Foundation; either version 2.1 of the License, *
|
|
* or any later version. *
|
|
* This library is distributed in the hope that it will be useful, but *
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
|
|
* See the GNU Lesser General Public License for more details. *
|
|
* You should have received a copy of the GNU Lesser General Public License *
|
|
* along with this library; if not, write to the Free Software Foundation, *
|
|
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
|
|
\**************************************************************************/
|
|
|
|
/* $Id$ */
|
|
|
|
// Dont know where to put this (seek3r)
|
|
// This is where it belongs (jengo)
|
|
// This is where it ended up (milosch)
|
|
/* Since LDAP will return system accounts, there are a few we don't want to login. */
|
|
$phpgw_info['server']['global_denied_users'] = array(
|
|
'root' => True, 'bin' => True, 'daemon' => True,
|
|
'adm' => True, 'lp' => True, 'sync' => True,
|
|
'shutdown' => True, 'halt' => True, 'ldap' => True,
|
|
'mail' => True, 'news' => True, 'uucp' => True,
|
|
'operator' => True, 'games' => True, 'gopher' => True,
|
|
'nobody' => True, 'xfs' => True, 'pgsql' => True,
|
|
'mysql' => True, 'postgres' => True, 'oracle' => True,
|
|
'ftp' => True, 'gdm' => True, 'named' => True,
|
|
'alias' => True, 'web' => True, 'sweep' => True,
|
|
'cvs' => True, 'qmaild' => True, 'qmaill' => True,
|
|
'qmaillog' => True, 'qmailp' => True, 'qmailq' => True,
|
|
'qmailr' => True, 'qmails' => True, 'nscd' => True,
|
|
'rpc' => True, 'rpcuser' => True, 'amanda' => True,
|
|
'apache' => True, 'pvm' => True, 'squid' => True,
|
|
'ident' => True, 'mailnull' => True
|
|
);
|
|
|
|
$phpgw_info['server']['global_denied_groups'] = array(
|
|
'root' => True, 'bin' => True, 'daemon' => True,
|
|
'sys' => True, 'adm' => True, 'tty' => True,
|
|
'disk' => True, 'lp' => True, 'mem' => True,
|
|
'kmem' => True, 'wheel' => True, 'mail' => True,
|
|
'uucp' => True, 'man' => True, 'games' => True,
|
|
'dip' => True, 'ftp' => True, 'nobody' => True,
|
|
'floppy' => True, 'xfs' => True, 'console' => True,
|
|
'utmp' => True, 'pppusers' => True, 'popusers' => True,
|
|
'slipusers' => True, 'slocate' => True, 'mysql' => True,
|
|
'dnstools' => True, 'web' => True, 'named' => True,
|
|
'dba' => True, 'oinstall' => True, 'oracle' => True,
|
|
'gdm' => True, 'sweep' => True, 'cvs' => True,
|
|
'postgres' => True, 'qmail' => True, 'nofiles' => True,
|
|
'ldap' => True
|
|
);
|
|
|
|
class accounts_
|
|
{
|
|
var $account_id;
|
|
var $acct_type = '';
|
|
var $data;
|
|
var $total;
|
|
|
|
function accounts_()
|
|
{
|
|
global $phpgw;
|
|
}
|
|
|
|
function read_repository()
|
|
{
|
|
global $phpgw, $phpgw_info;
|
|
|
|
// get a ldap connection handle
|
|
$ds = $phpgw->common->ldapConnect();
|
|
$acct_type = $this->get_type($this->account_id);
|
|
|
|
// search the dn for the given uid
|
|
if ( ($acct_type == "g") && $phpgw_info["server"]["ldap_group_context"] )
|
|
{
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "gidnumber=".$this->account_id);
|
|
}
|
|
else
|
|
{
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uidnumber=".$this->account_id);
|
|
}
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
/* Now dump it into the array; take first entry found */
|
|
if($acct_type =='g')
|
|
{
|
|
$this->data["account_id"] = $allValues[0]["gidnumber"][0];
|
|
$this->data["account_lid"] = $allValues[0]["cn"][0];
|
|
}
|
|
else
|
|
{
|
|
$this->data["account_id"] = $allValues[0]["uidnumber"][0];
|
|
$this->data["account_lid"] = $allValues[0]["uid"][0];
|
|
}
|
|
$this->data["account_dn"] = $allValues[0]["dn"];
|
|
$this->data["firstname"] = $allValues[0]["givenname"][0];
|
|
$this->data["lastname"] = $allValues[0]["sn"][0];
|
|
$this->data["fullname"] = $allValues[0]["cn"][0];
|
|
if ($phpgw_info["server"]["ldap_extra_attributes"])
|
|
{
|
|
$this->data["homedirectory"] = $allValues[0]["homedirectory"][0];
|
|
$this->data["loginshell"] = $allValues[0]["loginshell"][0];
|
|
}
|
|
|
|
$this->data['lastlogin'] = $allValues[0]['phpgwaccountlastlogin'][0];
|
|
$this->data['lastloginfrom'] = $allValues[0]['phpgwaccountlastloginfrom'][0];
|
|
$this->data['lastpasswd_change'] = $allValues[0]['phpgwlastpasswdchange'][0];
|
|
$this->data['status'] = $allValues[0]['phpgwaccountstatus'][0];
|
|
$this->data['type'] = $allValues[0]['phpgwaccounttype'][0];
|
|
$this->data['expires'] = $allValues[0]['phpgwaccountexpires'][0];
|
|
|
|
return $this->data;
|
|
}
|
|
|
|
function save_repository()
|
|
{
|
|
global $phpgw_info, $phpgw;
|
|
|
|
$ds = $phpgw->common->ldapConnect();
|
|
$acct_type = $this->get_type($this->account_id);
|
|
|
|
// search the dn for the given u/gidnumber
|
|
if ( ($acct_type == "g") && $phpgw_info["server"]["ldap_group_context"] )
|
|
{
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "gidnumber=".$this->account_id);
|
|
}
|
|
else
|
|
{
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uidnumber=".$this->account_id);
|
|
}
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
$entry['cn'] = sprintf("%s %s", $this->data['firstname'], $this->data['lastname']);
|
|
$entry['sn'] = $this->data['lastname'];
|
|
$entry['givenname'] = $this->data['firstname'];
|
|
$entry['phpgwaccountlastlogin'] = $this->data['lastlogin'];
|
|
$entry['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom'];
|
|
$entry['phpgwlastpasswdchange'] = $this->data['lastpasswd_change'];
|
|
$entry['phpgwaccountstatus'] = $this->data['status'];
|
|
$entry['phpgwaccounttype'] = $this->data['type'];
|
|
$entry['phpgwaccountexpires'] = $this->data['expires'];
|
|
|
|
if ($phpgw_info["server"]["ldap_extra_attributes"])
|
|
{
|
|
$entry["homedirectory"] = $this->data["homedirectory"];
|
|
$entry["loginshell"] = $this->data["loginshell"];
|
|
}
|
|
|
|
// Changing the uid: Need to delete and add new, since
|
|
// PHP cannot change the dn for the entry.
|
|
if ($acct_type == 'g') { $test = $allValues[0]["cn"][0]; }
|
|
else { $test = $allValues[0]["uid"][0]; }
|
|
if ($test != $this->data["account_lid"])
|
|
{
|
|
ldap_delete($ds,$allValues[0]["dn"]);
|
|
unset($allValues[0]["dn"]);
|
|
while (list($key,$val) = each($allValues[0]))
|
|
{
|
|
// Don't include row count and headers
|
|
if (gettype($key) == "string" && $key != "count")
|
|
{
|
|
if (is_array($val))
|
|
{
|
|
if (count($val) == 1)
|
|
{
|
|
if($val[0]) { $entry[$key] = $val[0]; }
|
|
}
|
|
else
|
|
{
|
|
for ($i=0;$i<count($val);$i++)
|
|
{
|
|
if($val[$i]) { $entry[$key][$i] = $val[$i]; }
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$entry[$key] = $val;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Groups
|
|
if ($this->data["account_type"] == "g" && $phpgw_info["server"]["ldap_group_context"] )
|
|
{
|
|
$dn = 'cn='.$this->data["account_lid"].','.$phpgw_info["server"]["ldap_group_context"];
|
|
$entry["cn"] = $this->data["account_lid"];
|
|
$entry["gidnumber"] = $this->data["account_id"];
|
|
//$entry["objectclass"] = "";
|
|
$entry["objectclass"][0] = 'top';
|
|
$entry["objectclass"][1] = 'posixGroup';
|
|
$members = $this->members($this->data["account_id"]);
|
|
$entry["memberuid"] = array();
|
|
for ($i=0;$i<count($members);$i++)
|
|
{
|
|
$currname = $this->id2name($members[$i]['account_id']);
|
|
if (!$this->isin_array($currname,$entry["memberuid"]))
|
|
{
|
|
$entry["memberuid"][] = $currname;
|
|
}
|
|
}
|
|
}
|
|
// Accounts
|
|
else
|
|
{
|
|
$dn = 'uid='.$this->data["account_lid"].','.$phpgw_info["server"]["ldap_context"];
|
|
$entry["uidnumber"] = $this->data["account_id"];
|
|
$entry["cn"] = sprintf("%s %s", $this->data["firstname"], $this->data["lastname"]);
|
|
$entry["uid"] = $this->data["account_lid"];
|
|
$entry["givenname"] = $this->data["firstname"];
|
|
$entry["sn"] = $this->data["lastname"];
|
|
$entry["objectclass"] = "";
|
|
$entry["objectclass"][0] = 'top';
|
|
$entry["objectclass"][1] = 'person';
|
|
$entry["objectclass"][2] = 'organizationalPerson';
|
|
$entry["objectclass"][3] = 'inetOrgPerson';
|
|
//$entry["objectclass"][4] = 'account'; Causes problems with some LDAP servers
|
|
$entry["objectclass"][4] = 'posixAccount';
|
|
$entry["objectclass"][5] = 'shadowAccount';
|
|
$entry["objectclass"][6] = 'phpgwAccount';
|
|
|
|
if ($phpgw_info["server"]["ldap_extra_attributes"])
|
|
{
|
|
$entry["homedirectory"] = $this->data["homedirectory"];
|
|
$entry["loginshell"] = $this->data["loginshell"];
|
|
}
|
|
}
|
|
/*
|
|
echo '<br>dn: '.$dn;
|
|
while (list($key,$val) = each($entry)) {
|
|
if (is_array($val)) {
|
|
for ($i=0;$i<count($val);$i++) {
|
|
if ($val[$i]) { echo "<br>\n".$key.': '.$val[$i]; }
|
|
}
|
|
} else {
|
|
if ($val) { echo '<br>'.$key.': '.$val; }
|
|
}
|
|
}
|
|
exit;*/
|
|
ldap_add($ds, $dn, $entry);
|
|
}
|
|
// Normal behavior for save_repository
|
|
else
|
|
{
|
|
if ($this->data["account_type"] == "g" && $phpgw_info["server"]["ldap_group_context"] )
|
|
{
|
|
$members = $this->members($this->data["account_id"]);
|
|
$entry["memberuid"] = array();
|
|
for ($i=0;$i<count($members);$i++)
|
|
{
|
|
//echo $this->id2name($members[$i]['account_id']);
|
|
//$currname = "@@".$this->id2name($members[$i]['account_id'])."@@";
|
|
$currname = $this->id2name($members[$i]['account_id']);
|
|
//if (!ereg($currname, "@@" . join("@@", $entry["memberuid"]) . "@@"))
|
|
if (!$this->isin_array($currname,$entry["memberuid"]))
|
|
{
|
|
$entry["memberuid"][] = $currname;
|
|
}
|
|
}
|
|
unset($entry["givenname"]);
|
|
unset($entry["sn"]);
|
|
}
|
|
while (list($key,$val) = each($entry))
|
|
{
|
|
$tmpentry = '';
|
|
if(is_array($val))
|
|
{
|
|
$tmpentry[$key] = $val;
|
|
}
|
|
else
|
|
{
|
|
$tmpentry[$key] = trim($val); // must trim!
|
|
}
|
|
|
|
//echo '<br>'.$key.' '.$val;
|
|
if ($tmpentry[$key] && $key)
|
|
{
|
|
if (!$allValues[0][$key][0])
|
|
{
|
|
// attribute was not in LDAP, add it
|
|
ldap_mod_add($ds, $allValues[0]["dn"], $tmpentry);
|
|
}
|
|
else
|
|
{
|
|
// attribute was in LDAP, modify it
|
|
ldap_modify($ds, $allValues[0]["dn"], $tmpentry);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
function isin_array($needle,$haystack=array())
|
|
{
|
|
for($i=0;$i<count($haystack) && $haystack[$i] !=$needle;$i++);
|
|
return ($i!=count($haystack));
|
|
}
|
|
|
|
function add($account_info)
|
|
{
|
|
$this->create($account_info);
|
|
}
|
|
|
|
function delete($accountid = '')
|
|
{
|
|
global $phpgw, $phpgw_info;
|
|
|
|
$account_id = get_account_id($accountid);
|
|
$account_lid = $this->id2name($account_id);
|
|
$ds = $phpgw->common->ldapConnect();
|
|
$sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], 'uid='.$account_lid);
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
if ($allValues[0]['dn'])
|
|
{
|
|
$del = ldap_delete($ds, $allValues[0]['dn']);
|
|
}
|
|
else
|
|
{
|
|
$sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], 'cn='.$account_lid);
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
if ($allValues[0]['dn'])
|
|
{
|
|
$del = ldap_delete($ds, $allValues[0]['dn']);
|
|
}
|
|
}
|
|
}
|
|
|
|
function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '')
|
|
{
|
|
global $phpgw,$phpgw_info;
|
|
|
|
if ($offset)
|
|
{
|
|
$limitclause = $phpgw->db->limit($start,$offset);
|
|
}
|
|
elseif ($start && !$offset)
|
|
{
|
|
$limitclause = $phpgw->db->limit($start);
|
|
}
|
|
|
|
if (! $sort)
|
|
{
|
|
$sort = "desc";
|
|
}
|
|
|
|
if ($order)
|
|
{
|
|
$orderclause = "order by $order $sort";
|
|
}
|
|
else
|
|
{
|
|
$orderclause = "order by account_lid,account_lastname,account_firstname asc";
|
|
}
|
|
|
|
$ds = $phpgw->common->ldapConnect();
|
|
|
|
if ($_type == 'both' || $_type == 'accounts')
|
|
{
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], '(&(uidnumber=*)(phpgwaccounttype=u))');
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
while (list($null,$allVals) = @each($allValues))
|
|
{
|
|
$test = $allVals['uid'][0];
|
|
if (!$phpgw_info['server']['global_denied_users'][$test])
|
|
{
|
|
$accounts[] = Array(
|
|
'account_id' => $allVals['uidnumber'][0],
|
|
'account_lid' => $allVals['uid'][0],
|
|
'account_type' => $allVals['phpgwaccounttype'],
|
|
'account_firstname' => $allVals['givenname'][0],
|
|
'account_lastname' => $allVals['sn'][0],
|
|
'account_status' => $allVals['phpgwaccountstatus'][0]
|
|
);
|
|
}
|
|
}
|
|
}
|
|
elseif ($_type == 'both' || $_type == 'groups')
|
|
{
|
|
$sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], '(|(gidnumber=*)(phpgwaccounttype=g))');
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
while (list($null,$allVals) = @each($allValues))
|
|
{
|
|
$test = $allVals['cn'][0];
|
|
if (!$phpgw_info['server']['global_denied_groups'][$test])
|
|
{
|
|
$accounts[] = Array(
|
|
'account_id' => $allVals['gidnumber'][0],
|
|
'account_lid' => $allVals['cn'][0],
|
|
'account_type' => $allVals['phpgwaccounttype'],
|
|
'account_firstname' => $allVals['givenname'][0],
|
|
'account_lastname' => $allVals['sn'][0],
|
|
'account_status' => $allVals['phpgwaccountstatus'][0]
|
|
);
|
|
}
|
|
}
|
|
}
|
|
$this->total = count($accounts);
|
|
return $accounts;
|
|
}
|
|
|
|
function name2id($account_lid)
|
|
{
|
|
global $phpgw, $phpgw_info;
|
|
|
|
$ds = $phpgw->common->ldapConnect();
|
|
$sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], "uid=$account_lid");
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
if ($allValues[0]['uidnumber'][0])
|
|
{
|
|
return $allValues[0]['uidnumber'][0];
|
|
}
|
|
|
|
$sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], "cn=$account_id");
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
if ($allValues[0]['gidnumber'][0])
|
|
{
|
|
return $allValues[0]['gidnumber'][0];
|
|
}
|
|
|
|
return False;
|
|
}
|
|
|
|
function id2name($account_id)
|
|
{
|
|
global $phpgw, $phpgw_info;
|
|
|
|
$ds = $phpgw->common->ldapConnect();
|
|
$sri = ldap_search($ds, $phpgw_info['server']['ldap_context'], "uidnumber=$account_id");
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
if ($allValues[0]['uid'][0])
|
|
{
|
|
return $allValues[0]['uid'][0];
|
|
}
|
|
|
|
$sri = ldap_search($ds, $phpgw_info['server']['ldap_group_context'], "gidnumber=$account_id");
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
if ($allValues[0]['uid'][0])
|
|
{
|
|
return $allValues[0]['uid'][0];
|
|
}
|
|
|
|
return False;
|
|
}
|
|
|
|
function get_type($accountid = '')
|
|
{
|
|
global $phpgw, $phpgw_info;
|
|
|
|
$account_id = get_account_id($accountid);
|
|
$ds = $phpgw->common->ldapConnect();
|
|
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uid=$account_id");
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
if ($allValues[0]['phpgwaccounttype'][0])
|
|
{
|
|
return $allValues[0]['phpgwaccounttype'][0];
|
|
}
|
|
|
|
$allValues = array*();
|
|
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "cn=$account_id");
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
if ($allValues[0]['phpgwaccounttype'][0])
|
|
{
|
|
return $allValues[0]['phpgwaccounttype'][0];
|
|
}
|
|
|
|
return False;
|
|
}
|
|
|
|
function exists($account_lid)
|
|
{
|
|
global $phpgw, $phpgw_info;
|
|
|
|
if(gettype($account_lid) == 'integer')
|
|
{
|
|
$account_id = $account_lid;
|
|
settype($account_lid,'string');
|
|
$account_lid = $this->id2name($account_id);
|
|
$searchlid = 0;
|
|
}
|
|
else
|
|
{
|
|
$searchlid = 1;
|
|
$account_id = $this->name2id($account_lid);
|
|
}
|
|
|
|
$ds = $phpgw->common->ldapConnect();
|
|
$acct_type = $this->acct_type;
|
|
|
|
if ($acct_type == 'g' && $phpgw_info["server"]["ldap_group_context"])
|
|
{
|
|
if($searchlid)
|
|
{
|
|
//echo '<br>searching LDAP groups for lid: '.$account_lid;
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "cn=".$account_lid);
|
|
}
|
|
else
|
|
{
|
|
//echo '<br>searching LDAP groups for id: '.$account_id;
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "gidnumber=".$account_id);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if($searchlid)
|
|
{
|
|
//echo '<br>searching LDAP accounts for lid: '.$account_lid;
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uid=".$account_lid);
|
|
}
|
|
else
|
|
{
|
|
//echo '<br>searching LDAP accounts for id: '.$account_id;
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uidnumber=".$account_id);
|
|
}
|
|
}
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
if ($allValues[0]["dn"])
|
|
{
|
|
return True;
|
|
}
|
|
else
|
|
{
|
|
return False;
|
|
}
|
|
}
|
|
|
|
function create($account_info)
|
|
{
|
|
global $phpgw_info, $phpgw;
|
|
|
|
$ds = $phpgw->common->ldapConnect();
|
|
$this->acct_type = $account_type;
|
|
|
|
//echo '<br>in create for account_lid: "'.$account_lid.'"';
|
|
if (empty($account_info['id']) || !$account_info['id'])
|
|
{
|
|
$account_id = $this->get_nextid();
|
|
//echo '<br>using'.$account_id;exit;
|
|
}
|
|
$entry['userpasswd'] = $account_info['passwd'];
|
|
$entry['phpgwaccountlastlogin'] = $account_info['lastlogin'];
|
|
$entry['phpgwaccountlastloginfrom'] = $account_info['lastloginfrom'];
|
|
$entry['phpgwlastpasswdchange'] = $account_info['lastpasswd_change'];
|
|
$entry['phpgwaccountstatus'] = $account_info['status'];
|
|
$entry['phpgwaccounttype'] = $account_info['type'];
|
|
$entry['phpgwaccountexpires'] = $account_info['expires'];
|
|
|
|
if ($account_type == "g")
|
|
{
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_group_context"], "cn=" . $account_info['account_lid']);
|
|
}
|
|
else
|
|
{
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uid=" . $account_info['account_lid']);
|
|
}
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
if ($phpgw_info["server"]["ldap_extra_attributes"] && $account_info['account_type'] != 'g')
|
|
{
|
|
if ($account_home)
|
|
{
|
|
$entry["homedirectory"] = $account_info['homedirectory'];
|
|
}
|
|
else
|
|
{
|
|
$entry["homedirectory"] = $phpgw_info["server"]["ldap_account_home"].SEP.$account_info['account_lid'];
|
|
}
|
|
|
|
if ($account_shell)
|
|
{
|
|
$entry["loginshell"] = $account_info['loginshell'];
|
|
}
|
|
else
|
|
{
|
|
$entry["loginshell"] = $phpgw_info["server"]["ldap_account_shell"];
|
|
}
|
|
}
|
|
|
|
if ($allValues[0]["dn"])
|
|
{
|
|
// This should keep the password from being overwritten here on ldap import
|
|
unset($entry["userpassword"]);
|
|
$entry["gidnumber"] = $account_id;
|
|
|
|
while (list($key,$val) = each($entry))
|
|
{
|
|
$tmpentry = '';
|
|
$tmpentry[$key] = trim($val); // must trim!
|
|
//echo '<br>'.$key.' '.$val;
|
|
if ($tmpentry[$key])
|
|
{
|
|
if (!$allValues[0][$key][0])
|
|
{
|
|
// attribute was not in LDAP, add it
|
|
ldap_mod_add($ds, $allValues[0]["dn"], $tmpentry);
|
|
}
|
|
else
|
|
{
|
|
// attribute was in LDAP, modify it
|
|
ldap_modify($ds, $allValues[0]["dn"], $tmpentry);
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($account_type == "g")
|
|
{
|
|
$tmpentry["objectclass"][0] = 'top';
|
|
$tmpentry["objectclass"][1] = 'posixGroup';
|
|
}
|
|
else
|
|
{
|
|
$tmpentry["uidnumber"] = $account_id;
|
|
$tmpentry["objectclass"][0] = 'top';
|
|
$tmpentry["objectclass"][1] = 'person';
|
|
$tmpentry["objectclass"][2] = 'organizationalPerson';
|
|
$tmpentry["objectclass"][3] = 'inetOrgPerson';
|
|
$tmpentry["userpassword"] = $phpgw->common->encrypt_password($account_info['passwd']);
|
|
//$tmpentry["objectclass"][4] = 'account'; Causes problems with some LDAP servers
|
|
$tmpentry["objectclass"][4] = 'posixAccount';
|
|
$tmpentry["objectclass"][5] = 'shadowAccount';
|
|
$tmpentry["objectclass"][6] = 'phpgwAccount';
|
|
$tmpentry['phpgwaccountlastlogin'] = $account_info['lastlogin'];
|
|
$tmpentry['phpgwaccountlastloginfrom'] = $account_info['lastloginfrom'];
|
|
$tmpentry['phpgwlastpasswdchange'] = $account_info['lastpasswd_change'];
|
|
$tmpentry['phpgwaccountstatus'] = $account_info['status'];
|
|
$tmpentry['phpgwaccounttype'] = $account_info['account_type'];
|
|
$tmpentry['phpgwaccountexpires'] = $account_info['expires'];
|
|
}
|
|
ldap_modify($ds, $allValues[0]["dn"], $tmpentry);
|
|
}
|
|
else
|
|
{
|
|
// Not already there, we will add it
|
|
if ($account_type == "g")
|
|
{
|
|
$dn = 'cn='.$account_info['account_lid'] . ',' . $phpgw_info["server"]["ldap_group_context"];
|
|
unset($entry["homedirectory"]);
|
|
unset($entry["loginshell"]);
|
|
$entry["objectclass"][0] = 'top';
|
|
$entry["objectclass"][1] = 'posixGroup';
|
|
$entry["cn"] = $account_info['account_lid'];
|
|
$entry["gidnumber"] = $account_id;
|
|
$entry["userpassword"] = $phpgw->common->encrypt_password($account_info['passwd']);
|
|
$entry["description"] = 'phpgw-created group';
|
|
}
|
|
else
|
|
{
|
|
$dn = 'uid=' . $account_info['account_lid'] . ',' . $phpgw_info["server"]["ldap_context"];
|
|
$entry["cn"] = sprintf("%s %s", $account_firstname, $account_lastname);
|
|
$entry["sn"] = $account_info['lastname'];
|
|
$entry["givenname"] = $account_info['firstname'];
|
|
$entry["uid"] = $account_info['account_lid'];
|
|
$entry["uidnumber"] = $account_id;
|
|
if ($phpgw_info["server"]["ldap_group_id"])
|
|
{
|
|
$entry["gidnumber"] = $phpgw_info["server"]["ldap_group_id"];
|
|
}
|
|
else
|
|
{
|
|
$entry["gidnumber"] = $account_id;
|
|
}
|
|
$entry["userpassword"] = $phpgw->common->encrypt_password($account_info['passwd']);
|
|
$entry["objectclass"][0] = 'top';
|
|
$entry["objectclass"][1] = 'person';
|
|
$entry["objectclass"][2] = 'organizationalPerson';
|
|
$entry["objectclass"][3] = 'inetOrgPerson';
|
|
//$entry["objectclass"][4] = 'account'; Causes problems with some LDAP servers
|
|
$entry["objectclass"][4] = 'posixAccount';
|
|
$entry["objectclass"][5] = 'shadowAccount';
|
|
$entry["objectclass"][5] = 'phpgwAccount';
|
|
}
|
|
|
|
ldap_add($ds, $dn, $entry);
|
|
}
|
|
//print ldap_error($ds);
|
|
}
|
|
|
|
function auto_add($account_name, $passwd, $default_prefs=False, $default_acls= False)
|
|
{
|
|
print "not done yet auto_generate class.accounts_ldap.inc.php<br>";
|
|
exit();
|
|
global $phpgw, $phpgw_info;
|
|
|
|
$accountid = $this->get_nextid();
|
|
|
|
if ($defaultprefs =="") {
|
|
$defaultprefs = 'a:5:{s:6:"common";a:10:{s:9:"maxmatchs";s:2:"15";s:12:"template_set";s:8:"verdilak";s:5:"theme";s:6:"purple";s:13:"navbar_format";s:5:"icons";s:9:"tz_offset";N;s:10:"dateformat";s:5:"m/d/Y";s:10:"timeformat";s:2:"12";s:4:"lang";s:2:"en";s:11:"default_app";N;s:8:"currency";s:1:"$";}s:11:"addressbook";a:1:{s:0:"";s:4:"True";}:s:8:"calendar";a:4:{s:13:"workdaystarts";s:1:"7";s:11:"workdayends";s:2:"15";s:13:"weekdaystarts";s:6:"Monday";s:15:"defaultcalendar";s:9:"month.php";}}';
|
|
// $defaultprefs = 'a:5:{s:6:"common";a:1:{s:0:"";s:2:"en";}s:11:"addressbook";a:1:{s:0:"";s:4:"True";}s:8:"calendar";a:1:{s:0:"";s:13:"workdaystarts";}i:15;a:1:{s:0:"";s:11:"workdayends";}s:6:"Monday";a:1:{s:0:"";s:13:"weekdaystarts";}}';
|
|
}
|
|
$sql = "insert into phpgw_accounts";
|
|
$sql .= "(account_id, account_lid, account_pwd, account_firstname, account_lastname, account_lastpwd_change, account_status, account_type)";
|
|
$sql .= "values (".$accountid.", '".$accountname."', '".md5($passwd)."', '".$accountname."', 'AutoCreated', ".time().", 'A','u')";
|
|
$this->db->query($sql);
|
|
$this->db->query("
|
|
insert into phpgw_preferences (preference_owner, preference_value)
|
|
values ('".$accountid."', '$defaultprefs')");
|
|
$this->db->query("
|
|
insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights)
|
|
values('preferences', 'changepassword', ".$accountid.", 'u', 1)",__LINE__,__FILE__);
|
|
$this->db->query("
|
|
insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights)
|
|
values('phpgw_group', '1', ".$accountid.", 'u', 1)",__LINE__,__FILE__);
|
|
$this->db->query("
|
|
insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights)
|
|
values('addressbook', 'run', ".$accountid.", 'u', 1)",__LINE__,__FILE__);
|
|
$this->db->query("
|
|
insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights)
|
|
values('filemanager', 'run', ".$accountid.", 'u', 1)",__LINE__,__FILE__);
|
|
$this->db->query("
|
|
insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights)
|
|
values('calendar', 'run', ".$accountid.", 'u', 1)",__LINE__,__FILE__);
|
|
$this->db->query("
|
|
insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights)
|
|
values('email', 'run', ".$accountid.", 'u', 1)",__LINE__,__FILE__);
|
|
$this->db->query("
|
|
insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights)
|
|
values('notes', 'run', ".$accountid.", 'u', 1)",__LINE__,__FILE__);
|
|
$this->db->query("
|
|
insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights)
|
|
values('todo', 'run', ".$accountid.", 'u', 1)",__LINE__,__FILE__);
|
|
return $accountid;
|
|
}
|
|
|
|
function getDNforID($_accountid = '')
|
|
{
|
|
global $phpgw;
|
|
|
|
$_account_id = get_account_id($_accountid);
|
|
$ds = $phpgw->common->ldapConnect();
|
|
|
|
$sri = ldap_search($ds, $phpgw_info["server"]["ldap_context"], "uidnumber=$_account_id");
|
|
$allValues = ldap_get_entries($ds, $sri);
|
|
|
|
return $allValues[0]["dn"];
|
|
}
|
|
}
|