forked from extern/egroupware
rewrite of the accounts classes:
- new cleaner AND documented interfaces - old interfaces are still availible, but depricated - LDAP backend stores now membership information in LDAP too, and does NO longer require the phpgwAccount schema - LDAP backend deals now well with LDAP schema in which posixGroup is no structural object (eg. newer SuSE distros) - password from users are done now binded as that user, so if you dont need/use our admin to manage accounts, you can give a root-dn which only allows to search&read accounts
This commit is contained in:
parent
6557128ec6
commit
df3fb3b9ac
@ -192,8 +192,7 @@
|
||||
$GLOBALS['egw_setup']->db->transaction_abort();
|
||||
exit;
|
||||
}
|
||||
$GLOBALS['egw_setup']->add_acl('phpgw_group',$admingroupid,$accountid);
|
||||
$GLOBALS['egw_setup']->add_acl('phpgw_group',$defaultgroupid,$accountid);
|
||||
$GLOBALS['egw_setup']->set_memberships(array($admingroupid,$defaultgroupid),$accountid);
|
||||
|
||||
$GLOBALS['egw_setup']->db->transaction_commit();
|
||||
|
||||
|
@ -905,7 +905,7 @@
|
||||
|
||||
if(!($accountid = $GLOBALS['egw']->accounts->name2id($username)))
|
||||
{
|
||||
$accountid = $accountid ? $accountid : $GLOBALS['egw']->accounts->create(array(
|
||||
if (!($accountid = $GLOBALS['egw']->accounts->create(array(
|
||||
'account_type' => $group ? 'u' : 'g',
|
||||
'account_lid' => $username,
|
||||
'account_passwd' => $passwd,
|
||||
@ -915,18 +915,40 @@
|
||||
'account_primary_group' => $groupid,
|
||||
'account_expires' => -1,
|
||||
'account_email' => $email,
|
||||
));
|
||||
))))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
$memberships = array();
|
||||
}
|
||||
else
|
||||
{
|
||||
$memberships = $GLOBALS['egw']->accounts->memberships($accountid);
|
||||
}
|
||||
$accountid = (int)$accountid;
|
||||
if($groupid)
|
||||
{
|
||||
$this->add_acl('phpgw_group',(int)$groupid,$accountid);
|
||||
$memberships[] = $groupid;
|
||||
|
||||
$GLOBALS['egw']->accounts->set_memberships($memberships,$accountid);
|
||||
}
|
||||
$this->add_acl('preferences','changepassword',$accountid,(int)$changepw);
|
||||
|
||||
return $accountid;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the memberships of an account
|
||||
*
|
||||
* @param array $groups array of group-id's
|
||||
* @param int $user account_id
|
||||
*/
|
||||
function set_memberships($groups,$user)
|
||||
{
|
||||
$this->setup_account_object();
|
||||
|
||||
return $GLOBALS['egw']->accounts->set_memberships($groups,$user);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if accounts other then the automatically installed anonymous account exist
|
||||
*
|
||||
@ -962,6 +984,8 @@
|
||||
/**
|
||||
* Add ACL rights
|
||||
*
|
||||
* Dont use it to set group-membership, use set_memberships instead!
|
||||
*
|
||||
* @param $app string/array with app-names
|
||||
* @param $locations string eg. run
|
||||
* @param $account int/string accountid or account_lid
|
||||
|
@ -51,6 +51,21 @@
|
||||
'T_alert_msg' => 'msg_alert_msg.tpl'
|
||||
));
|
||||
|
||||
function hash_sql2ldap($hash)
|
||||
{
|
||||
switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type']))
|
||||
{
|
||||
case '': // not set sql_encryption_type
|
||||
case 'md5':
|
||||
$hash = '{md5}' . base64_encode(pack("H*",$hash));
|
||||
break;
|
||||
case 'crypt':
|
||||
$hash = '{crypt}' . $hash;
|
||||
break;
|
||||
}
|
||||
return $hash;
|
||||
}
|
||||
|
||||
$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_name,config_value',array(
|
||||
"config_name LIKE 'ldap%'",
|
||||
),__LINE__,__FILE__);
|
||||
@ -120,6 +135,8 @@
|
||||
}
|
||||
$account_info[$accountid]['homedirectory'] = $GLOBALS['egw_info']['server']['ldap_account_home'] . '/' . $account_info[$accountid]['account_lid'];
|
||||
$account_info[$accountid]['loginshell'] = $GLOBALS['egw_info']['server']['ldap_account_shell'];
|
||||
|
||||
$account_info[$accountid]['account_passwd'] = hash_sql2ldap($account_info[$accountid]['account_passwd']);
|
||||
|
||||
if (!$accounts->create($account_info[$accountid]))
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user