rewrite of the accounts classes:

- new cleaner AND documented interfaces
- old interfaces are still availible, but depricated
- LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema
- LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros)
- password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
This commit is contained in:
Ralf Becker 2006-06-06 23:44:50 +00:00
parent 6557128ec6
commit df3fb3b9ac
3 changed files with 46 additions and 6 deletions

View File

@ -192,8 +192,7 @@
$GLOBALS['egw_setup']->db->transaction_abort(); $GLOBALS['egw_setup']->db->transaction_abort();
exit; exit;
} }
$GLOBALS['egw_setup']->add_acl('phpgw_group',$admingroupid,$accountid); $GLOBALS['egw_setup']->set_memberships(array($admingroupid,$defaultgroupid),$accountid);
$GLOBALS['egw_setup']->add_acl('phpgw_group',$defaultgroupid,$accountid);
$GLOBALS['egw_setup']->db->transaction_commit(); $GLOBALS['egw_setup']->db->transaction_commit();

View File

@ -905,7 +905,7 @@
if(!($accountid = $GLOBALS['egw']->accounts->name2id($username))) if(!($accountid = $GLOBALS['egw']->accounts->name2id($username)))
{ {
$accountid = $accountid ? $accountid : $GLOBALS['egw']->accounts->create(array( if (!($accountid = $GLOBALS['egw']->accounts->create(array(
'account_type' => $group ? 'u' : 'g', 'account_type' => $group ? 'u' : 'g',
'account_lid' => $username, 'account_lid' => $username,
'account_passwd' => $passwd, 'account_passwd' => $passwd,
@ -915,18 +915,40 @@
'account_primary_group' => $groupid, 'account_primary_group' => $groupid,
'account_expires' => -1, 'account_expires' => -1,
'account_email' => $email, 'account_email' => $email,
)); ))))
{
return false;
}
$memberships = array();
}
else
{
$memberships = $GLOBALS['egw']->accounts->memberships($accountid);
} }
$accountid = (int)$accountid;
if($groupid) if($groupid)
{ {
$this->add_acl('phpgw_group',(int)$groupid,$accountid); $memberships[] = $groupid;
$GLOBALS['egw']->accounts->set_memberships($memberships,$accountid);
} }
$this->add_acl('preferences','changepassword',$accountid,(int)$changepw); $this->add_acl('preferences','changepassword',$accountid,(int)$changepw);
return $accountid; return $accountid;
} }
/**
* Set the memberships of an account
*
* @param array $groups array of group-id's
* @param int $user account_id
*/
function set_memberships($groups,$user)
{
$this->setup_account_object();
return $GLOBALS['egw']->accounts->set_memberships($groups,$user);
}
/** /**
* Check if accounts other then the automatically installed anonymous account exist * Check if accounts other then the automatically installed anonymous account exist
* *
@ -962,6 +984,8 @@
/** /**
* Add ACL rights * Add ACL rights
* *
* Dont use it to set group-membership, use set_memberships instead!
*
* @param $app string/array with app-names * @param $app string/array with app-names
* @param $locations string eg. run * @param $locations string eg. run
* @param $account int/string accountid or account_lid * @param $account int/string accountid or account_lid

View File

@ -51,6 +51,21 @@
'T_alert_msg' => 'msg_alert_msg.tpl' 'T_alert_msg' => 'msg_alert_msg.tpl'
)); ));
function hash_sql2ldap($hash)
{
switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type']))
{
case '': // not set sql_encryption_type
case 'md5':
$hash = '{md5}' . base64_encode(pack("H*",$hash));
break;
case 'crypt':
$hash = '{crypt}' . $hash;
break;
}
return $hash;
}
$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array( $GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array(
"config_name LIKE 'ldap%'", "config_name LIKE 'ldap%'",
),__LINE__,__FILE__); ),__LINE__,__FILE__);
@ -121,6 +136,8 @@
$account_info[$accountid]['homedirectory'] = $GLOBALS['egw_info']['server']['ldap_account_home'] . '/' . $account_info[$accountid]['account_lid']; $account_info[$accountid]['homedirectory'] = $GLOBALS['egw_info']['server']['ldap_account_home'] . '/' . $account_info[$accountid]['account_lid'];
$account_info[$accountid]['loginshell'] = $GLOBALS['egw_info']['server']['ldap_account_shell']; $account_info[$accountid]['loginshell'] = $GLOBALS['egw_info']['server']['ldap_account_shell'];
$account_info[$accountid]['account_passwd'] = hash_sql2ldap($account_info[$accountid]['account_passwd']);
if (!$accounts->create($account_info[$accountid])) if (!$accounts->create($account_info[$accountid]))
{ {
echo '<p>'.lang('Creation of %1 in LDAP failed !!!',lang('User')." $accountid ({$account_info[$accountid]['account_lid']})")."</p>\n"; echo '<p>'.lang('Creation of %1 in LDAP failed !!!',lang('User')." $accountid ({$account_info[$accountid]['account_lid']})")."</p>\n";