holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ldap fixes again

Browse Source
This commit is contained in:
Lars Kneschke 2003-09-14 08:29:29 +00:00
parent 195d12e131
commit 78c74e5726
2 changed files with 112 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

241
phpgwapi/inc/class.accounts_ldap.inc.php
View File

@ -92,6 +92,7 @@
function save_repository() function save_repository()
{ {
#_debug_array($this->data);
$acct_type = $this->get_type($this->account_id); $acct_type = $this->get_type($this->account_id);
/* search the dn for the given u/gidnumber */ /* search the dn for the given u/gidnumber */
@ -107,47 +108,13 @@
$this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0]; $this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0];
// get a copy of the DN
$updatedValues = $allValues;
if($acct_type == 'u')
{
$entry['cn'] = utf8_encode(sprintf("%s %s", $this->data['firstname'], $this->data['lastname']));
}
else
{
$entry['cn'] = utf8_encode($this->data['firstname']);
}
$entry['sn'] = utf8_encode($this->data['lastname']);
$entry['givenname'] = utf8_encode($this->data['firstname']);
$entry['phpgwaccountlastlogin'] = $this->data['lastlogin'];
$entry['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom'];
$entry['phpgwlastpasswdchange'] = $this->data['lastpasswd_change'];
$entry['phpgwaccountstatus'] = $this->data['status'];
$entry['phpgwaccounttype'] = $this->data['type'];
$entry['phpgwaccountexpires'] = $this->data['expires'];
$entry['gid'] = $this->data['account_primary_group'];
if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
{
$entry['homedirectory'] = $this->data['homedirectory'];
$entry['loginshell'] = $this->data['loginshell'];
}
else
{
// the posixaccount schema requires this
$entry['homedirectory'] = '/home/'.$this->data['account_lid'];
$entry['loginshell'] = '/bin/false';
}
if($acct_type == 'u') if($acct_type == 'u')
{ {
// data for posixaccount // data for posixaccount
$newData['cn'] = utf8_encode(sprintf("%s %s", $newData['cn'] = utf8_encode(sprintf("%s %s",
$this->data['firstname'], $this->data['firstname'],
$this->data['lastname'])); $this->data['lastname']));
$newData['uid'] = $allValues[0]['uid'][0]; $newData['uid'] = utf8_encode($this->data['account_lid']);
if($this->data['lastname']) if($this->data['lastname'])
$newData['sn'] = utf8_encode($this->data['lastname']); $newData['sn'] = utf8_encode($this->data['lastname']);
if($this->data['firstname']) if($this->data['firstname'])
@ -164,7 +131,7 @@
$entry['loginshell'] = '/bin/false'; $entry['loginshell'] = '/bin/false';
} }
if($this->data['account_primary_group']) if($this->data['account_primary_group'])
$newData['gidNumber'] = $this->data['account_primary_group']; $newData['gidnumber'] = $this->data['account_primary_group'];
if($this->data['lastlogin']) if($this->data['lastlogin'])
$newData['phpgwaccountlastlogin'] = $this->data['lastlogin']; $newData['phpgwaccountlastlogin'] = $this->data['lastlogin'];
if($this->data['lastloginfrom']) if($this->data['lastloginfrom'])
@ -177,15 +144,23 @@
$newData['phpgwaccountstatus'] = array(); $newData['phpgwaccountstatus'] = array();
if($this->data['expires']) if($this->data['expires'])
$newData['phpgwaccountexpires'] = $this->data['expires']; $newData['phpgwaccountexpires'] = $this->data['expires'];
$newAccountID = $newData['uid'];
$oldAccountID = $newData['uid'];
} }
else else
{ {
// data for posixgroup // data for posixgroup
$newData['cn'] = utf8_encode($this->data['firstname']); $newData['cn'] = utf8_encode($this->data['account_lid']);
$newData['gidnumber'] = $this->data['account_id'];
$newGroupID = $newData['cn'];
$oldGroupID = $newData['cn'];
} }
if($this->data['type']) if($this->data['type'])
$newData['phpgwaccounttype'] = $this->data['type']; $newData['phpgwaccounttype'] = $this->data['type'];
/* /*
Changing the uid: Need to delete and add new, since Changing the uid: Need to delete and add new, since
PHP cannot change the dn for the entry. PHP cannot change the dn for the entry.
@ -198,95 +173,66 @@
{ {
$test = $allValues[0]['uid'][0]; $test = $allValues[0]['uid'][0];
} }
if ($test != $this->data['account_lid']) if (utf8_decode($test) != $this->data['account_lid'])
{ {
ldap_delete($this->ds,$allValues[0]['dn']); $oldData = $allValues[0];
unset($allValues[0]['dn']); $oldDN = $oldData['dn'];
while (list($key,$val) = each($allValues[0])) // remove all unneeded fields
unset($oldData['dn']);
unset($oldData['count']);
foreach($oldData as $key => $value)
{ {
/* Don't include row count and headers */ if(is_numeric($key))
if (is_string($key) && $key != 'count')
{ {
if (is_array($val)) // remove the key, its no ldap key
unset($oldData[$key]);
}
else
{
// remove the count key
if($oldData[$key]['count'] == 1)
{ {
if (count($val) == 1) $oldData[$key] = $value[0];
{
if($val[0])
{
$entry[$key] = $val[0];
}
}
else
{
for ($i=0;$i<count($val);$i++)
{
if($val[$i])
{
$entry[$key][$i] = $val[$i];
}
}
}
} }
else else
{ {
$entry[$key] = $val; unset($oldData[$key]['count']);
} }
} }
} }
$oldAccountID = $oldData['uid'];
$oldGroupID = $oldData['cn'];
// merge the old data with the new one
$newData = array_merge($oldData, $newData);
/* Groups */ /* Groups */
if ($this->data['account_type'] == 'g' && $this->group_context ) if ($this->data['account_type'] == 'g' && $this->group_context )
{ {
$dn = 'cn='.$this->data['account_lid'].','.$this->group_context; $newDN = 'cn='.$this->data['account_lid'].','.$this->group_context;
$entry['cn'] = utf8_encode($this->data['account_lid']);
$entry['gidnumber'] = $this->data['account_id'];
/* $entry["objectclass"] = ''; */
$entry['objectclass'][0] = 'top';
$entry['objectclass'][1] = 'posixGroup';
$members = $this->member($this->data['account_id']); $members = $this->member($this->data['account_id']);
$entry['memberuid'] = array(); $newData['memberuid'] = array();
for ($i=0;$i<count($members);$i++) for ($i=0;$i<count($members);$i++)
{ {
$currname = $this->id2name($members[$i]['account_id']); $currname = $this->id2name($members[$i]['account_id']);
if (!$this->isin_array($currname,$entry['memberuid'])) if (!$this->isin_array($currname,$entry['memberuid']))
{ {
$entry['memberuid'][] = $currname; $newData['memberuid'][] = $currname;
} }
} }
} }
/* Accounts */ /* Accounts */
else else
{ {
$dn = 'uid='.$this->data['account_lid'].','.$this->user_context; $newDN = 'uid='.$this->data['account_lid'].','.$this->user_context;
$entry['uidnumber'] = $this->data['account_id'];
$entry['cn'] = utf8_encode(sprintf("%s %s", $this->data['firstname'], $this->data['lastname']));
$entry['uid'] = $this->data['account_lid'];
$entry['gid'] = $this->data['account_primary_group'];
$entry['givenname'] = utf8_encode($this->data['firstname']);
$entry['sn'] = utf8_encode($this->data['lastname']);
$entry['objectclass'] = array();
$entry['objectclass'][0] = 'top';
$entry['objectclass'][1] = 'person';
$entry['objectclass'][2] = 'organizationalPerson';
$entry['objectclass'][3] = 'inetOrgPerson';
$entry['objectclass'][4] = 'posixAccount';
$entry['objectclass'][5] = 'shadowAccount';
$entry['objectclass'][6] = 'phpgwAccount';
if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes'])
{
$entry['homedirectory'] = $this->data['homedirectory'];
$entry['loginshell'] = $this->data['loginshell'];
}
else
{
// the posixaccount schema requires this
$entry['homedirectory'] = '/home/'.$this->data['account_lid'];
$entry['loginshell'] = '/bin/false';
}
} }
/* print_r($entry); exit;*/ // delete the old account
ldap_add($this->ds, $dn, $entry); ldap_delete($this->ds,$oldDN);
// add the new account
#_debug_array($newData);
ldap_add($this->ds, $newDN, $newData);
} }
/* Normal behavior for save_repository /* Normal behavior for save_repository
update Account */ update Account */
@ -310,12 +256,15 @@
// modify the DN // modify the DN
ldap_modify($this->ds, $allValues[0]['dn'], $newData); ldap_modify($this->ds, $allValues[0]['dn'], $newData);
}
if ($this->data['account_type'] == 'u')
{
// lets check for groups, the user needs to be removed // lets check for groups, the user needs to be removed
$accountID = $newData['uid'];
// first lets search for the groups, the user is currently member of // first lets search for the groups, the user is currently member of
// and from which he needs to be removed // and from which he needs to be removed
$filter = "(&(objectclass=posixgroup)(memberuid=$accountID))"; $filter = "(&(objectclass=posixgroup)(memberuid=$oldAccountID))";
$justThese = array('memberuid','gidnumber'); $justThese = array('memberuid','gidnumber');
$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese); $sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
if($sri) if($sri)
@ -328,7 +277,8 @@
{ {
#_debug_array($key); #_debug_array($key);
#_debug_array($this->data['account_groups']); #_debug_array($this->data['account_groups']);
if(!in_array($key['gidnumber'][0],$this->data['account_groups'])) // delete the old accountid from any group
if($newAccountID != $oldAccountID)
{ {
$dn = $key['dn']; $dn = $key['dn'];
$newData = array(); $newData = array();
@ -336,10 +286,27 @@
unset($newData['memberuid']['count']); unset($newData['memberuid']['count']);
// remove the uid from memberuid // remove the uid from memberuid
$newData['memberuid'] = array_flip($newData['memberuid']); $newData['memberuid'] = array_flip($newData['memberuid']);
unset($newData['memberuid'][$accountID]); unset($newData['memberuid'][$oldAccountID]);
$newData['memberuid'] = array_values(array_unique(array_flip($newData['memberuid']))); $newData['memberuid'] = array_values(array_unique(array_flip($newData['memberuid'])));
ldap_mod_replace($this->ds, $dn, $newData); ldap_mod_replace($this->ds, $dn, $newData);
#print ldap_error($this->ds); #print ldap_error($this->ds);
}
else
{
if(!in_array($key['gidnumber'][0],$this->data['account_groups']))
{
$dn = $key['dn'];
$newData = array();
$newData['memberuid'] = $key['memberuid'];
unset($newData['memberuid']['count']);
// remove the uid from memberuid
$newData['memberuid'] = array_flip($newData['memberuid']);
unset($newData['memberuid'][$oldAccountID]);
$newData['memberuid'] = array_values(array_unique(array_flip($newData['memberuid'])));
ldap_mod_replace($this->ds, $dn, $newData);
#print ldap_error($this->ds);
}
} }
} }
} }
@ -351,7 +318,7 @@
// search for the group // search for the group
$filter = 'gidnumber='.$value; $filter = 'gidnumber='.$value;
$justThese = array('memberuid'); $justThese = array('memberuid');
$sri = ldap_search($this->ds, $this->group_context, 'gidnumber='.$value, $justThese); $sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
if($sri) if($sri)
{ {
$allValues = ldap_get_entries($this->ds, $sri); $allValues = ldap_get_entries($this->ds, $sri);
@ -365,7 +332,7 @@
$newData = array(); $newData = array();
$newData['memberuid'] = $allValues[0]['memberuid']; $newData['memberuid'] = $allValues[0]['memberuid'];
unset($newData['memberuid']['count']); unset($newData['memberuid']['count']);
$newData['memberuid'][] = $accountID; $newData['memberuid'][] = $newAccountID;
$newData['memberuid'] = array_values(array_unique($newData['memberuid'])); $newData['memberuid'] = array_values(array_unique($newData['memberuid']));
ldap_mod_replace($this->ds, $dn, $newData); ldap_mod_replace($this->ds, $dn, $newData);
} }
@ -375,7 +342,7 @@
// this group has no members // this group has no members
$dn = $allValues[0]['dn']; $dn = $allValues[0]['dn'];
$newData = array(); $newData = array();
$newData['memberuid'][] = $accountID; $newData['memberuid'][] = $newAccountID;
ldap_mod_replace($this->ds, $dn, $newData); ldap_mod_replace($this->ds, $dn, $newData);
} }
} }
@ -398,13 +365,22 @@
$account_id = get_account_id($accountid); $account_id = get_account_id($accountid);
$account_lid = $this->id2name($account_id); $account_lid = $this->id2name($account_id);
$sri = ldap_search($this->ds, $this->group_context, 'gidnumber='.$account_id); $filter = 'gidnumber='.$account_id;
$sri = ldap_search($this->ds, $this->group_context, $filter);
if($sri)
{
$allValues = ldap_get_entries($this->ds, $sri);
}
if(!$allValues[0]['dn']) if(!$allValues[0]['dn'])
{ {
$sri = ldap_search($this->ds, $this->user_context, 'uid='.$account_lid); $sri = ldap_search($this->ds, $this->user_context, 'uid='.$account_lid);
$allValues = ldap_get_entries($this->ds, $sri); if($sri)
$accountID = $allValues['0']['uid'][0]; {
$allValues = ldap_get_entries($this->ds, $sri);
$accountID = $allValues['0']['uid'][0];
$wasAccount = True;
}
} }
if ($allValues[0]['dn']) if ($allValues[0]['dn'])
@ -412,27 +388,30 @@
$del = ldap_delete($this->ds, $allValues[0]['dn']); $del = ldap_delete($this->ds, $allValues[0]['dn']);
} }
// remove the user from any group he is member of if($wasAccount)
$filter = "(&(objectclass=posixgroup)(memberuid=$accountID))";
$justThese = array('memberuid','gidnumber');
$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
if($sri)
{ {
$allValues = ldap_get_entries($this->ds, $sri); // remove the user from any group he is member of
if($allValues['count'] > 0) $filter = "(&(objectclass=posixgroup)(memberuid=$accountID))";
$justThese = array('memberuid','gidnumber');
$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
if($sri)
{ {
unset($allValues['count']); $allValues = ldap_get_entries($this->ds, $sri);
foreach($allValues as $key) if($allValues['count'] > 0)
{ {
$dn = $key['dn']; unset($allValues['count']);
$newData = array(); foreach($allValues as $key)
$newData['memberuid'] = $key['memberuid']; {
unset($newData['memberuid']['count']); $dn = $key['dn'];
// remove the uid from memberuid $newData = array();
$newData['memberuid'] = array_flip($newData['memberuid']); $newData['memberuid'] = $key['memberuid'];
unset($newData['memberuid'][$accountID]); unset($newData['memberuid']['count']);
$newData['memberuid'] = array_unique(array_flip($newData['memberuid'])); // remove the uid from memberuid
ldap_mod_replace($this->ds, $dn, $newData); $newData['memberuid'] = array_flip($newData['memberuid']);
unset($newData['memberuid'][$accountID]);
$newData['memberuid'] = array_unique(array_flip($newData['memberuid']));
ldap_mod_replace($this->ds, $dn, $newData);
}
} }
} }
} }
@ -846,7 +825,7 @@
$entry['objectclass'][2] = 'phpgwAccount'; $entry['objectclass'][2] = 'phpgwAccount';
$entry['cn'] = utf8_encode($account_info['account_lid']); $entry['cn'] = utf8_encode($account_info['account_lid']);
$entry['gidnumber'] = $account_id; $entry['gidnumber'] = $account_id;
$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']); #$entry['userpassword'] = $GLOBALS['phpgw']->common->encrypt_password($account_info['account_passwd']);
$entry['description'] = 'phpgw-created group'; $entry['description'] = 'phpgw-created group';
} }
else else
@ -886,6 +865,8 @@
// print ldap_error($this->ds); // print ldap_error($this->ds);
// lets check group the user needs to be added // lets check group the user needs to be added
if($account_info['account_type'] == 'u')
{
foreach($account_info['account_groups'] as $key => $value) foreach($account_info['account_groups'] as $key => $value)
{ {
// search for the group // search for the group
@ -921,7 +902,7 @@
} }
} }
} }
}
if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs) if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs)
{ {
$GLOBALS['phpgw']->preferences->create_defaults($account_id); $GLOBALS['phpgw']->preferences->create_defaults($account_id);

5
phpgwapi/inc/class.common.inc.php
View File

@ -1936,10 +1936,7 @@
{ {
return False; return False;
} }
else return intval($id);
{
return intval($id);
}
} }
}//end common class }//end common class