2003-04-23 15:47:00 +00:00
< ?
/*
$Id $
This code is part of LDAP Account Manager ( http :// www . sourceforge . net / projects / lam )
Copyright ( C ) 2003 Tilo Lutz
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
LDAP Account Manager functions used by account . php
*/
class account { // This class keeps all needed values for any account
// General Settings
var $general_username ;
var $general_uidNumber ;
var $general_surname ;
var $general_givenname ;
var $general_dn ;
var $general_group ;
var $general_groupadd ;
var $general_homedir ;
var $general_shell ;
var $general_gecos ;
var $general_memberUid ;
// Unix Password Settings
var $unix_password ;
2003-04-24 11:59:26 +00:00
var $unix_password_no ;
2003-04-23 15:47:00 +00:00
var $unix_pwdwarn ;
var $unix_pwdallowlogin ;
var $unix_pwdmaxage ;
var $unix_pwdminage ;
var $unix_pwdexpire_day ;
var $unix_pwdexpire_mon ;
var $unix_pwdexpire_yea ;
var $unix_deactivated ;
var $unix_shadowLastChange ;
// Samba Account
var $smb_password ;
2003-04-24 11:59:26 +00:00
var $smb_password_no ;
2003-04-23 15:47:00 +00:00
var $smb_useunixpwd ;
var $smb_pwdcanchange ;
var $smb_pwdmustchange ;
var $smb_homedrive ;
var $smb_scriptpath ;
var $smb_profilePath ;
var $smb_smbuserworkstations ;
var $smb_smbhome ;
var $smb_domain ;
var $smb_flagsW ;
var $smb_flagsD ;
var $smb_flagsX ;
// Personal Settings
var $personal_title ;
var $personal_mail ;
var $personal_telephoneNumber ;
var $personal_mobileTelephoneNumber ;
var $personal_facsimileTelephoneNumber ;
var $personal_street ;
var $personal_postalCode ;
var $personal_postalAddress ;
var $personal_employeeType ;
}
function registervars () { // This function registers all needes session-varibales needed by account.php
// if session was started previos, the existing session will be continued
session_save_path ( '../sess' );
@ session_start ();
if ( ! session_is_registered ( " type2 " )) session_register ( " type2 " ); // $type2 stores the kind of account (User|GRoup|Host)
2003-05-01 17:02:57 +00:00
if ( ! session_is_registered ( " shelllist " )) session_register ( " shelllist " ); // $shelllist contains all shells defined in /etc/shells
2003-04-23 15:47:00 +00:00
if ( ! session_is_registered ( " modify " )) session_register ( " modify " ); // if an existing account should be modified modify is true
if ( ! session_is_registered ( " account " )) session_register ( " account " ); // The new Accout properties are stored here
if ( ! session_is_registered ( " account_temp " )) session_register ( " account_temp " ); // Tempoprary account properties. If values are OK they will be moved to var account
if ( ! session_is_registered ( " account_old " )) session_register ( " account_old " ); // Only valid if an account should be modified. It'll contains the existing account properties
if ( ! is_object ( $account )) $account = new account ();
if ( ! is_object ( $account_temp )) $account_temp = new account ();
if ( ! is_object ( $account_old )) $account = new account ();
}
2003-05-01 17:02:57 +00:00
function getshells () { // Return a list of all shells listed in /etc/shells
$shells = file ( '/etc/shells' );
foreach ( $shells as $shell ) chop ( $shell );
return $shells ;
}
2003-04-23 15:47:00 +00:00
function checkglobal () { // This functions checks all global account parameters
// Check if username has been entered
$error = " 0 " ;
switch ( $_SESSION [ 'type2' ] ) {
case 'user' :
// Check if Username-length is OK. minLength=3, maxLength=20
if ( ! ereg ( '.{3,20}' , $_SESSION [ 'account_temp' ] -> general_username )) $error = _ ( 'Username must content between 3 and 20 characters.' );
// Check if Username starts with letter
if ( ! ereg ( '^[a-z].*$' , $_SESSION [ 'account_temp' ] -> general_username )) $error = _ ( 'Username contents invalid characters. First character must be a letter' );
// Check if Username contents only valid characters
if ( ! ereg ( '^([a-z]|[0-9]|[.]|[-]|[_])*$' , $_SESSION [ 'account_temp' ] -> general_username )) $error = _ ( 'Username contents invalid characters. Valid characters are: a-z, 0-9 and .-_ !' );
// Check if user already exists
$temp = ldapexists ();
if ( $temp ) $error = $temp ;
// Check if surname is valid
if ( ! ereg ( '^([a-z]|[A-Z])*$' , $_SESSION [ 'account_temp' ] -> surname )) $error = _ ( 'Surname contents invalid characters' );
// Check if givenname is valid
if ( ! ereg ( '^([a-z]|[A-Z])*$' , $_SESSION [ 'account_temp' ] -> givenname )) $error = _ ( 'Givenname contents invalid characters' );
// Check if Homedir is valid
$_SESSION [ 'account_temp' ] -> general_homedir = str_replace ( '$user' , $_SESSION [ 'account_temp' ] -> general_username , $_SESSION [ 'account_temp' ] -> general_homedir );
$_SESSION [ 'account_temp' ] -> general_homedir = str_replace ( '$group' , $_SESSION [ 'account_temp' ] -> general_group , $_SESSION [ 'account_temp' ] -> general_homedir );
if ( ! ereg ( '^[/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*)*$' , $_SESSION [ 'account_temp' ] -> general_homedir )) $error = _ ( 'Homedirectory contents invalid characters.' );
if ( $_SESSION [ 'account_temp' ] -> general_gecos == '' ) $_SESSION [ 'account_temp' ] -> general_gecos = $_SESSION [ 'account_temp' ] -> general_givenname . " " . $_SESSION [ 'account_temp' ] -> general_surname ;
// Check if UID is valid. If none value was entered, the next useable value will be inserted
$temp = checkid ();
if ( $temp ) $error = $temp ;
break ;
case 'group' :
// Check if Groupname-length is OK. minLength=3, maxLength=20
if ( ! ereg ( '.{3,20}' , $_SESSION [ 'account_temp' ] -> general_username )) $error = _ ( 'Groupname must content between 3 and 20 characters.' );
// Check if Groupname starts with letter
if ( ! ereg ( '^[a-z].*$' , $_SESSION [ 'account_temp' ] -> general_username )) $error = _ ( 'Groupname contents invalid characters. First character must be a letter' );
// Check if Groupname contents only valid characters
if ( ! ereg ( '^([a-z]|[0-9]|[.]|[-]|[_])*$' , $_SESSION [ 'account_temp' ] -> general_username )) $error = _ ( 'Groupname contents invalid characters. Valid characters are: a-z, 0-9 and .-_ !' );
// Check if group already exists
$temp = ldapexists ();
if ( $temp ) $error = $temp ;
// Check if GID is valid. If none value was entered, the next useable value will be inserted
$temp = checkid ();
if ( $temp ) $error = $temp ;
if ( $_SESSION [ 'account_temp' ] -> general_gecos == '' ) $_SESSION [ 'account_temp' ] -> general_gecos = $_SESSION [ 'account_temp' ] -> general_username ;
break ;
case 'host' :
if ( substr ( $_SESSION [ 'account_temp' ] -> general_username , strlen ( $_SESSION [ 'account_temp' ] -> general_username ) - 1 , strlen ( $_SESSION [ 'account_temp' ] -> general_username )) != '$' ) $_SESSION [ 'account_temp' ] -> general_username = $_SESSION [ 'account_temp' ] -> general_username . '$' ;
// Check if Hostname-length is OK. minLength=3, maxLength=20
if ( ! ereg ( '.{3,20}' , $_SESSION [ 'account_temp' ] -> general_username )) $error = _ ( 'Hostname must content between 3 and 20 characters.' );
// Check if Hostname starts with letter
if ( ! ereg ( '^[a-z].*$' , $_SESSION [ 'account_temp' ] -> general_username )) $error = _ ( 'Hostname contents invalid characters. First character must be a letter' );
// Check if Hostname contents only valid characters
if ( ! ereg ( '^([a-z]|[0-9]|[.]|[-]|[$])*$' , $_SESSION [ 'account_temp' ] -> general_username )) $error = _ ( 'Hostname contents invalid characters. Valid characters are: a-z, 0-9 and .-_ !' );
// Check if Hostname already exists
$temp = ldapexists ();
if ( $temp ) $error = $temp ;
$_SESSION [ 'account_temp' ] -> general_homedir = '/dev/null' ;
$_SESSION [ 'account_temp' ] -> general_shell = '/bin/false' ;
// Check if UID is valid. If none value was entered, the next useable value will be inserted
$temp = checkid ();
if ( $temp ) $error = $temp ;
if ( $_SESSION [ 'account_temp' ] -> general_gecos == '' ) $_SESSION [ 'account_temp' ] -> general_gecos = $_SESSION [ 'account_temp' ] -> general_username ;
break ;
}
if ( $_SESSION [ 'account_temp' ] -> general_username ) $_SESSION [ 'account' ] -> general_username = $_SESSION [ 'account_temp' ] -> general_username ;
if ( $_SESSION [ 'account_temp' ] -> general_surname ) $_SESSION [ 'account' ] -> general_surname = $_SESSION [ 'account_temp' ] -> general_surname ;
if ( $_SESSION [ 'account_temp' ] -> general_givenname ) $_SESSION [ 'account' ] -> general_givenname = $_SESSION [ 'account_temp' ] -> general_givenname ;
if ( $_SESSION [ 'account_temp' ] -> general_uidNumber ) $_SESSION [ 'account' ] -> general_uidNumber = $_SESSION [ 'account_temp' ] -> general_uidNumber ;
if ( $_SESSION [ 'account_temp' ] -> general_group ) $_SESSION [ 'account' ] -> general_group = $_SESSION [ 'account_temp' ] -> general_group ;
if ( $_SESSION [ 'account_temp' ] -> general_groupadd ) $_SESSION [ 'account' ] -> general_groupadd = $_SESSION [ 'account_temp' ] -> general_groupadd ;
if ( $_SESSION [ 'account_temp' ] -> general_homedir ) $_SESSION [ 'account' ] -> general_homedir = $_SESSION [ 'account_temp' ] -> general_homedir ;
if ( $_SESSION [ 'account_temp' ] -> general_shell ) $_SESSION [ 'account' ] -> general_shell = $_SESSION [ 'account_temp' ] -> general_shell ;
if ( $_SESSION [ 'account_temp' ] -> general_dn ) $_SESSION [ 'account' ] -> general_dn = $_SESSION [ 'account_temp' ] -> general_dn ;
if ( $_SESSION [ 'account_temp' ] -> general_gecos ) $_SESSION [ 'account' ] -> general_gecos = $_SESSION [ 'account_temp' ] -> general_gecos ;
return $error ;
}
function checkunix () { // This function checks all unix account paramters
$error = " 0 " ;
switch ( $_SESSION [ 'type2' ] ) {
case 'user' :
// Sonderzeichen |#*,.;:_-+!$%&/|?{[()]} ****************************************************
if ( ! ereg ( '^([a-z]|[A-Z]|[0-9])*$' , $_SESSION [ 'account_temp' ] -> unix_password )) $error = _ ( 'Password contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !' );
if ( $_SESSION [ 'account_temp' ] -> unix_pwdwarn == '' ) $error = _ ( 'No value for Password Warn.' );
if ( ! ereg ( '^([1-9]+)([0-9]*)$' , $_SESSION [ 'account_temp' ] -> unix_pwdwarn )) $error = _ ( 'Password Warn must be are natural number.' );
if ( $_SESSION [ 'account_temp' ] -> unix_pwdallowlogin == '' ) $error = _ ( 'No value for Password Expire.' );
if ( ! ereg ( '^(([-][1])|([0-9]*))$' , $_SESSION [ 'account_temp' ] -> unix_pwdallowlogin )) $error = _ ( 'Password Expire must be are natural number or -1.' );
if ( $_SESSION [ 'account_temp' ] -> unix_pwdmaxage == '' ) $error = _ ( 'No value for Password Maxage.' );
if ( ! ereg ( '^([1-9]+)([0-9]*)$' , $_SESSION [ 'account_temp' ] -> unix_pwdmaxage )) $error = _ ( 'Password Maxage must be are natural number.' );
if ( $_SESSION [ 'account_temp' ] -> unix_pwdminage == '' ) $error = _ ( 'No value for Password Minage.' );
if ( ! ereg ( '^([0-9]*)$' , $_SESSION [ 'account_temp' ] -> unix_pwdminage )) $error = _ ( 'Password Minage must be are natural number.' );
if ( $_SESSION [ 'account_temp' ] -> unix_pwdminage > $_SESSION [ 'account_temp' ] -> unix_pwdmaxage ) $error = _ ( 'Password Maxage must bigger as Password Minage.' );
break ;
case 'host' :
// Sonderzeichen |#*,.;:_-+!$%&/|?{[()]} ****************************************************
if ( ! ereg ( '^([a-z]|[A-Z]|[0-9])*$' , $_SESSION [ 'account_temp' ] -> unix_password )) $error = _ ( 'Password contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !' );
if ( $_SESSION [ 'account_temp' ] -> unix_pwdwarn == '' ) $error = _ ( 'No value for Password Warn.' );
if ( ! ereg ( '^([1-9]+)([0-9]*)$' , $_SESSION [ 'account_temp' ] -> unix_pwdwarn )) $error = _ ( 'Password Warn must be are natural number.' );
if ( $_SESSION [ 'account_temp' ] -> unix_pwdallowlogin == '' ) $error = _ ( 'No value for Password Expire.' );
if ( ! ereg ( '^(([-][1])|([0-9]*))$' , $_SESSION [ 'account_temp' ] -> unix_pwdallowlogin )) $error = _ ( 'Password Expire must be are natural number or -1.' );
if ( $_SESSION [ 'account_temp' ] -> unix_pwdmaxage == '' ) $error = _ ( 'No value for Password Maxage.' );
if ( ! ereg ( '^([1-9]+)([0-9]*)$' , $_SESSION [ 'account_temp' ] -> unix_pwdmaxage )) $error = _ ( 'Password Maxage must be are natural number.' );
if ( $_SESSION [ 'account_temp' ] -> unix_pwdminage == '' ) $error = _ ( 'No value for Password Minage.' );
if ( ! ereg ( '^([0-9]*)$' , $_SESSION [ 'account_temp' ] -> unix_pwdminage )) $error = _ ( 'Password Minage must be are natural number.' );
if ( $_SESSION [ 'account_temp' ] -> unix_pwdminage > $_SESSION [ 'account_temp' ] -> unix_pwdmaxage ) $error = _ ( 'Password Maxage must bigger as Password Minage.' );
break ;
}
// Write Values from Webpage to Session-Variables
$_SESSION [ 'account' ] -> unix_password = $_SESSION [ 'account_temp' ] -> unix_password ;
2003-04-24 11:59:26 +00:00
$_SESSION [ 'account' ] -> unix_password_no = $_SESSION [ 'account_temp' ] -> unix_password_no ;
2003-04-23 15:47:00 +00:00
$_SESSION [ 'account' ] -> unix_pwdwarn = $_SESSION [ 'account_temp' ] -> unix_pwdwarn ;
$_SESSION [ 'account' ] -> unix_pwdallowlogin = $_SESSION [ 'account_temp' ] -> unix_pwdallowlogin ;
$_SESSION [ 'account' ] -> unix_pwdmaxage = $_SESSION [ 'account_temp' ] -> unix_pwdmaxage ;
$_SESSION [ 'account' ] -> unix_pwdminage = $_SESSION [ 'account_temp' ] -> unix_pwdminage ;
$_SESSION [ 'account' ] -> unix_pwdexpire_day = $_SESSION [ 'account_temp' ] -> unix_pwdexpire_day ;
$_SESSION [ 'account' ] -> unix_pwdexpire_mon = $_SESSION [ 'account_temp' ] -> unix_pwdexpire_mon ;
$_SESSION [ 'account' ] -> unix_pwdexpire_yea = $_SESSION [ 'account_temp' ] -> unix_pwdexpire_yea ;
if ( $_SESSION [ 'account_temp' ] -> unix_deactivated ) $_SESSION [ 'account' ] -> unix_deactivated = 1 ; else $_SESSION [ 'account' ] -> unix_deactivated = 0 ;
return $error ;
}
function checksamba () { // This function checks all samba account paramters
$error = " 0 " ;
if ( $_SESSION [ 'account_temp' ] -> smb_useunixpwd ) $_SESSION [ 'account_temp' ] -> smb_password = $_SESSION [ 'account_temp' ] -> unix_password ;
switch ( $_SESSION [ 'type2' ] ) {
case 'user' :
$_SESSION [ 'account_temp' ] -> smb_scriptpath = str_replace ( '$user' , $_SESSION [ 'account_temp' ] -> general_username , $_SESSION [ 'account_temp' ] -> smb_scriptpath );
$_SESSION [ 'account_temp' ] -> smb_scriptpath = str_replace ( '$group' , $_SESSION [ 'account_temp' ] -> general_group , $_SESSION [ 'account_temp' ] -> smb_scriptpath );
$_SESSION [ 'account_temp' ] -> smb_profilePath = str_replace ( '$user' , $_SESSION [ 'account_temp' ] -> general_username , $_SESSION [ 'account_temp' ] -> smb_profilePath );
$_SESSION [ 'account_temp' ] -> smb_profilePath = str_replace ( '$group' , $_SESSION [ 'account_temp' ] -> general_group , $_SESSION [ 'account_temp' ] -> smb_profilePath );
$_SESSION [ 'account_temp' ] -> smb_smbHome = str_replace ( '$user' , $_SESSION [ 'account_temp' ] -> general_username , $_SESSION [ 'account_temp' ] -> smb_smbHome );
$_SESSION [ 'account_temp' ] -> smb_smbHome = str_replace ( '$group' , $_SESSION [ 'account_temp' ] -> general_group , $_SESSION [ 'account_temp' ] -> smb_smbHome );
// Sonderzeichen |#*,.;:_-+!$%&/|?{[()]} ****************************************************
if ( ! ereg ( '^([a-z]|[A-Z]|[0-9])*$' , $_SESSION [ 'account_temp' ] -> smb_password )) $error = _ ( 'Password contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !' );
if ( ( ! $_SESSION [ 'account_temp' ] -> smb_scriptpath == '' ) && ( ! ereg ( '^([/])*[a-z]([a-z]|[0-9]|[.]|[-]|[_])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*)*$' , $_SESSION [ 'account_temp' ] -> smb_scriptpath ))) $error = _ ( 'Scriptpath is invalid' );
if ( ( ! $_SESSION [ 'account_temp' ] -> smb_profilePath == '' ) && ( ! ereg ( '^[/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*)*$' , $_SESSION [ 'account_temp' ] -> smb_profilePath )) && ( ! ereg ( '^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-])+)+$' , $_SESSION [ 'account_temp' ] -> smb_profilePath ))) $error = _ ( 'ProfilePath is invalid.' );
if ( ( ! $_SESSION [ 'account_temp' ] -> smb_smbHome == '' ) && ! ereg ( '^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-])+)+$' , $_SESSION [ 'account_temp' ] -> smb_smbhome )) $error = _ ( 'smbHome is invalid.' );
if ( (( ! $_SESSION [ 'account_temp' ] -> smb_smbuseerworkstations == '' ) && $_SESSION [ 'account_temp' ] -> smb_smbuserworkstations != '*' ) && ( ! ereg ( '^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([ ])+([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$' , $_SESSION [ 'account_temp' ] -> smb_smbuserworkstations ))) $error = _ ( 'User Workstations is invalid.' );
if ( ( ! $_SESSION [ 'account_temp' ] -> smb_domain == '' ) && ! ereg ( '^([a-z]|[A-Z]|[0-9]|[-])+$' , $_SESSION [ 'account_temp' ] -> smb_domain )) $error = _ ( 'Domain Name contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and -.' );
$_SESSION [ 'account_temp' ] -> smb_flagsW = 0 ;
break ;
case 'host' :
// Sonderzeichen |#*,.;:_-+!$%&/|?{[()]} ****************************************************
if ( ! ereg ( '^([a-z]|[A-Z]|[0-9])*$' , $_SESSION [ 'account_temp' ] -> smb_password )) $error = _ ( 'Password contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !' );
if ( ( ! $_SESSION [ 'account_temp' ] -> smb_domain == '' ) && ! ereg ( '^([a-z]|[A-Z]|[0-9]|[-])+$' , $_SESSION [ 'account_temp' ] -> smb_domain )) $error = _ ( 'Domain Name contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and -.' );
$_SESSION [ 'account_temp' ] -> smb_flagsW = 1 ;
break ;
}
// Write Values from Webpage to Session-Variables
$_SESSION [ 'account' ] -> smb_password = $_SESSION [ 'account_temp' ] -> smb_password ;
2003-04-24 11:59:26 +00:00
$_SESSION [ 'account' ] -> smb_password_no = $_SESSION [ 'account_temp' ] -> smb_password_no ;
2003-04-23 15:47:00 +00:00
if ( $_SESSION [ 'account_temp' ] -> smb_useunixpwd ) $_SESSION [ 'account' ] -> smb_useunixpwd = 1 ; else $_SESSION [ 'account' ] -> smb_useunixpwd = 0 ;
if ( $_SESSION [ 'account_temp' ] -> smb_pwdcanchange ) $_SESSION [ 'account' ] -> smb_pwdcanchange = 1 ; else $_SESSION [ 'account' ] -> smb_pwdcanchange = 0 ;
if ( $_SESSION [ 'account_temp' ] -> smb_pwdmustchange ) $_SESSION [ 'account' ] -> smb_pwdmustchange = 1 ; else $_SESSION [ 'account' ] -> smb_pwdmustchange = 0 ;
$_SESSION [ 'account' ] -> smb_homedrive = $_SESSION [ 'account_temp' ] -> smb_homedrive ;
$_SESSION [ 'account' ] -> smb_profilePath = $_SESSION [ 'account_temp' ] -> smb_profilePath ;
$_SESSION [ 'account' ] -> smb_scriptpath = $_SESSION [ 'account_temp' ] -> smb_scriptpath ;
$_SESSION [ 'account' ] -> smb_smbuserworkstations = $_SESSION [ 'account_temp' ] -> smb_smbuserworkstations ;
$_SESSION [ 'account' ] -> smb_smbhome = $_SESSION [ 'account_temp' ] -> smb_smbhome ;
$_SESSION [ 'account' ] -> smb_domain = $_SESSION [ 'account_temp' ] -> smb_domain ;
if ( $_SESSION [ 'account_temp' ] -> smb_flagsW ) $_SESSION [ 'account' ] -> smb_flagsW = 1 ; else $_SESSION [ 'account' ] -> smb_flagsW = 0 ;
if ( $_SESSION [ 'account_temp' ] -> smb_flagsD ) $_SESSION [ 'account' ] -> smb_flagsD = 1 ; else $_SESSION [ 'account' ] -> smb_flagsD = 0 ;
if ( $_SESSION [ 'account_temp' ] -> smb_flagsX ) $_SESSION [ 'account' ] -> smb_flagsX = 1 ; else $_SESSION [ 'account' ] -> smb_flagsX = 0 ;
return $error ;
}
function checkpersonal () {
$error = " 0 " ;
if ( $_SESSION [ 'account_temp' ] -> personal_title ) $_SESSION [ 'account' ] -> personal_title = $_SESSION [ 'account_temp' ] -> personal_title ;
if ( $_SESSION [ 'account_temp' ] -> personal_mail ) $_SESSION [ 'account' ] -> personal_mail = $_SESSION [ 'account_temp' ] -> personal_mail ;
if ( $_SESSION [ 'account_temp' ] -> personal_telephoneNumber ) $_SESSION [ 'account' ] -> personal_telephoneNumber = $_SESSION [ 'account_temp' ] -> personal_telephoneNumber ;
if ( $_SESSION [ 'account_temp' ] -> personal_mobileTelephoneNumber ) $_SESSION [ 'account' ] -> personal_mobileTelephoneNumber = $_SESSION [ 'account_temp' ] -> personal_mobileTelephoneNumber ;
if ( $_SESSION [ 'account_temp' ] -> personal_facsimileTelephoneNumber ) $_SESSION [ 'account' ] -> personal_facsimileTelephoneNumber = $_SESSION [ 'account_temp' ] -> personal_facsimileTelephoneNumber ;
if ( $_SESSION [ 'account_temp' ] -> personal_street ) $_SESSION [ 'account' ] -> personal_street = $_SESSION [ 'account_temp' ] -> personal_street ;
if ( $_SESSION [ 'account_temp' ] -> personal_postalCode ) $_SESSION [ 'account' ] -> personal_postalCode = $_SESSION [ 'account_temp' ] -> personal_postalCode ;
if ( $_SESSION [ 'account_temp' ] -> personal_postalAddress ) $_SESSION [ 'account' ] -> personal_postalAddress = $_SESSION [ 'account_temp' ] -> personal_postalAddress ;
if ( $_SESSION [ 'account_temp' ] -> personal_employeeType ) $_SESSION [ 'account' ] -> personal_employeeType = $_SESSION [ 'account_temp' ] -> personal_employeeType ;
return $error ;
}
function genpasswd () { // This function will return a password with max. 8 characters
// Allowed Characters to generate passwords
$LCase = 'abcdefghjkmnpqrstuvwxyz' ;
$UCase = 'ABCDEFGHJKLMNPQRSTUVWXYZ' ;
$Integer = '23456789' ;
// DEFINE CONSTANTS FOR ALGORTTHM
define ( " LEN " , '1' );
/* THIS FUNCTION GENERATES A RANDOM NUMBER THAT WILL BE USED TO
* RANDOMLY SELECT CHARACTERS FROM THE STRINGS ABOVE
*/
function RndInt ( $Format ){
switch ( $Format ){
case 'letter' :
$Rnd = rand ( 0 , 25 );
if ( $Rnd > 25 ){
$Rnd = $Rnd - 1 ;
}
break ;
case 'number' :
$Rnd = rand ( 0 , 9 );
if ( $Rnd > 9 ){
$Rnd = $Rnd - 1 ;
}
break ;
}
return $Rnd ;
} // END RndInt() FUNCTION
/* RUN THE FUNCTION TO GENERATE RANDOM INTEGERS FOR EACH OF THE
* 8 CHARACTERS IN THE PASSWORD PRODUCED .
*/
$a = RndInt ( 'letter' );
$b = RndInt ( 'letter' );
$c = RndInt ( 'letter' );
$d = RndInt ( 'letter' );
$e = RndInt ( 'number' );
$f = RndInt ( 'number' );
$g = RndInt ( 'letter' );
$h = RndInt ( 'letter' );
// EXTRACT 8 CHARACTERS RANDOMLY FROM TH // E DEFINITION STRINGS
$L1 = substr ( $LCase , $a , LEN );
$L2 = substr ( $LCase , $b , LEN );
$L3 = substr ( $LCase , $h , LEN );
$U1 = substr ( $UCase , $c , LEN );
$U2 = substr ( $UCase , $d , LEN );
$U3 = substr ( $UCase , $g , LEN );
$I1 = substr ( $Integer , $e , LEN );
$I2 = substr ( $Integer , $f , LEN );
// COMBINE THE CHARACTERS AND DISPLAY TH // E NEW PASSWORD
$PW = $L1 . $U2 . $I1 . $L2 . $I2 . $U1 . $U3 . $L3 ;
return $PW ;
}
function ldapexists () { // This function will search if the DN allready exists
switch ( $_SESSION [ 'type2' ]) {
case 'user' : $searchbase = $_SESSION [ 'config' ] -> get_UserSuffix (); break ;
case 'group' : $searchbase = $_SESSION [ 'config' ] -> get_GroupSuffix (); break ;
case 'host' : $searchbase = $_SESSION [ 'config' ] -> get_HostSuffix (); break ;
}
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $searchbase , 'cn=' . $_SESSION [ 'account_temp' ] -> general_username );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
if ( $entry ) $dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
if ( $dn ) {
if ( $_SESSION [ 'modify' ] == 1 && $_SESSION [ 'account_temp' ] -> general_username != $_SESSION [ 'account_old' ] -> general_username ) return _ ( $_SESSION [ 'type2' ] . ' already exists!' );
if ( $_SESSION [ 'modify' ] == 0 ) return _ ( $_SESSION [ 'type2' ] . ' already exists!' );
}
return 0 ;
}
function findgroups () { // Will return an array with all Groupnames found in LDAP
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), 'ObjectClass=PosixGroup' );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$group [] = strtok ( ldap_dn2ufn ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry )), ',' );
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
return $group ;
}
function getgid ( $groupname ) { // Will return the the gid to an existing Groupname
// Check if group already exists
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), 'cn=' . $groupname );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
return $attr [ 'gidNumber' ][ 0 ];
}
function checkid () { // if value is empty will return an unused id from all ids found in LDAP else check existing value
switch ( $_SESSION [ 'type2' ]) {
case 'user' :
$ObjectClass = 'PosixAccount' ;
$search = 'uidNumber' ;
$minID = $_SESSION [ 'config' ] -> get_minUID ();
$maxID = $_SESSION [ 'config' ] -> get_maxUID ();
$suffix = $_SESSION [ 'config' ] -> get_UserSuffix ();
break ;
case 'group' :
$ObjectClass = 'PosixGroup' ;
$search = 'gidNumber' ;
$minID = $_SESSION [ 'config' ] -> get_MinGID ();
$maxID = $_SESSION [ 'config' ] -> get_MaxGID ();
$suffix = $_SESSION [ 'config' ] -> get_GroupSuffix ();
break ;
case 'host' :
$ObjectClass = 'PosixAccount' ;
$search = 'uidNumber' ;
$minID = $_SESSION [ 'config' ] -> get_MinMachine ();
$maxID = $_SESSION [ 'config' ] -> get_MaxMachine ();
$suffix = $_SESSION [ 'config' ] -> get_HostSuffix ();
break ;
}
if (( $_SESSION [ 'account_temp' ] -> general_uidNumber == '' ) && $_SESSION [ 'modify' ] == 0 ) {
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $suffix , 'ObjectClass=' . $ObjectClass );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$vals = ldap_get_values ( $_SESSION [ 'ldap' ] -> server (), $entry , $search );
$ids [] = $vals [ 0 ];
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
sort ( $ids , SORT_NUMERIC );
if ( $ids [ count ( $ids ) - 1 ] < $maxID ) {
if ( $minID > $ids [ count ( $ids ) - 1 ]) $useID = $minID ;
else $useID = $ids [ count ( $ids ) - 1 ] + 1 ;
}
else {
$i = $minID ;
foreach ( $ids as $id ) if ( $id == $i ) $i ++ ;
$useID = $i ;
}
$_SESSION [ 'account_temp' ] -> general_uidNumber = $useID ;
}
if ( $_SESSION [ 'modify' ] == 0 ) {
if (( $_SESSION [ 'account_temp' ] -> general_uidNumber == '' ) && $_SESSION [ 'modify' ] == 1 ) $_SESSION [ 'account_temp' ] -> general_uidNumber = $_SESSION [ 'account_old' ] -> general_uidNumber ;
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $suffix , $search . '=' . $_SESSION [ 'account_temp' ] -> general_uidNumber );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
if ( $entry ) $dn = ( ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ));
if ( $dn && $_SESSION [ 'modify' ] == 0 ) return _ ( 'ID is used from group' . $dn . ' !' );
if ( $_SESSION [ 'account_temp' ] -> general_uidNumber < $minID || $_SESSION [ 'account_temp' ] -> general_uidNumber > $maxID ) return _ ( 'Please enter a value between ' . $minID . ' and ' . $maxID . '!' );
if ( $dn && ( $dn != $_SESSION [ 'account_old' ] -> general_dn ) && $_SESSION [ 'modify' ] == 1 ) return _ ( 'ID is used from user ' . $dn . ' !' );
}
return 0 ;
}
function getdays () { // will return the days from 1.1.1970 until now
$days = time () / 86400 ;
settype ( $days , 'integer' );
return $days ;
}
function smbflag () { // Creates te attribute attrFlags
$flag = " [ " ;
if ( $_SESSION [ 'account' ] -> smb_flagsW ) $flag = $flag . " W " ; else $flag = $flag . " U " ;
if ( $_SESSION [ 'account' ] -> smb_flagsD ) $flag = $flag . " D " ;
2003-04-24 11:59:26 +00:00
if ( $_SESSION [ 'account' ] -> smb_flagsX ) $flag = $flag . " X " ;
2003-04-23 15:47:00 +00:00
$flag = $flag . " ] " ;
return $flag ;
}
function loaduser ( $dn ) { // Will load all needed values from an existing account
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $dn , " objectclass=* " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $attr [ 'uid' ][ 0 ]) $_SESSION [ 'account' ] -> general_username = $attr [ 'uid' ][ 0 ];
if ( $attr [ 'uidNumber' ][ 0 ]) $_SESSION [ 'account' ] -> general_uidNumber = $attr [ 'uidNumber' ][ 0 ];
if ( $attr [ 'homeDirectory' ][ 0 ]) $_SESSION [ 'account' ] -> general_homedir = $attr [ 'homeDirectory' ][ 0 ];
if ( $attr [ 'shadowLastChange' ][ 0 ]) $_SESSION [ 'account' ] -> unix_shadowLastChange = $attr [ 'shadowLastChange' ][ 0 ];
if ( $attr [ 'loginShell' ][ 0 ]) $_SESSION [ 'account' ] -> general_shell = $attr [ 'loginShell' ][ 0 ];
if ( $attr [ 'gecos' ][ 0 ]) $_SESSION [ 'account' ] -> general_gecos = $attr [ 'gecos' ][ 0 ];
if ( $attr [ 'description' ][ 0 ]) $_SESSION [ 'account' ] -> general_gecos = $attr [ 'description' ][ 0 ];
if ( $attr [ 'gidNumber' ][ 0 ]) {
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), " objectclass=PosixGroup " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$attr2 = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $attr2 [ 'gidNumber' ][ 0 ] == $attr [ 'gidNumber' ][ 0 ]) $_SESSION [ 'account' ] -> general_group = $attr2 [ 'cn' ][ 0 ];
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
}
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), " objectclass=PosixGroup " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$attr2 = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $attr2 [ 'memberUid' ]) foreach ( $attr2 [ 'memberUid' ] as $id )
if (( $id == $_SESSION [ 'account' ] -> general_username ) && ( $attr2 [ 'cn' ][ 0 ] != $_SESSION [ 'account' ] -> general_group )) $_SESSION [ 'account' ] -> general_groupadd [] = $attr2 [ 'cn' ][ 0 ];
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
if ( $attr [ 'shadowMin' ][ 0 ]) $_SESSION [ 'account' ] -> unix_pwdminage = $attr [ 'shadowMin' ][ 0 ];
if ( $attr [ 'shadowMax' ][ 0 ]) $_SESSION [ 'account' ] -> unix_pwdmaxage = $attr [ 'shadowMax' ][ 0 ];
if ( $attr [ 'shadowWarning' ][ 0 ]) $_SESSION [ 'account' ] -> unix_pwdwarn = $attr [ 'shadowWarning' ][ 0 ];
if ( $attr [ 'shadowInactive' ][ 0 ]) $_SESSION [ 'account' ] -> unix_pwdallowlogin = $attr [ 'shadowInactive' ][ 0 ];
if ( $attr [ 'shadowExpire' ][ 0 ]) {
$date = getdate ( $attr [ 'shadowExpire' ][ 0 ] * 86400 );
$_SESSION [ 'account' ] -> unix_pwdexpire_day = $date [ 'mday' ];
2003-04-24 16:19:52 +00:00
$_SESSION [ 'account' ] -> unix_pwdexpire_mon = $date [ 'mon' ];
2003-04-23 15:47:00 +00:00
$_SESSION [ 'account' ] -> unix_pwdexpire_yea = $date [ 'year' ];
}
if ( $attr [ 'pwdCanChange' ][ 0 ]) $_SESSION [ 'account' ] -> smb_pwdcanchange = $attr [ 'pwdCanChange' ][ 0 ];
if ( $attr [ 'acctFlags' ][ 0 ]) {
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'W' )) $_SESSION [ 'account' ] -> smb_flagsW = true ;
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'D' )) $_SESSION [ 'account' ] -> smb_flagsD = true ;
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'X' )) $_SESSION [ 'account' ] -> smb_flagsX = true ;
}
if ( $attr [ 'smbHome' ][ 0 ]) $_SESSION [ 'account' ] -> smb_smbhome = $attr [ 'smbHome' ][ 0 ];
if ( $attr [ 'homeDrive' ][ 0 ]) $_SESSION [ 'account' ] -> smb_homedrive = $attr [ 'homeDrive' ][ 0 ];
if ( $attr [ 'scriptPath' ][ 0 ]) $_SESSION [ 'account' ] -> smb_scriptpath = $attr [ 'scriptPath' ][ 0 ];
if ( $attr [ 'profilePath' ][ 0 ]) $_SESSION [ 'account' ] -> smb_profilePath = $attr [ 'profilePath' ][ 0 ];
if ( $attr [ 'userWorkstations' ][ 0 ]) $_SESSION [ 'account' ] -> smb_smbuserworkstations = $attr [ 'userWorkstations' ][ 0 ];
if ( $attr [ 'domain' ][ 0 ]) $_SESSION [ 'account' ] -> smb_domain = $attr [ 'domain' ][ 0 ];
if ( $attr [ 'givenName' ][ 0 ]) $_SESSION [ 'account' ] -> general_givenname = $attr [ 'givenName' ][ 0 ];
if ( $attr [ 'sn' ][ 0 ]) $_SESSION [ 'account' ] -> general_surname = $attr [ 'sn' ][ 0 ];
if ( $attr [ 'title' ][ 0 ]) $_SESSION [ 'account_temp' ] -> personal_title = $attr [ 'title' ][ 0 ];
if ( $attr [ 'mail' ][ 0 ]) $_SESSION [ 'account_temp' ] -> personal_mail = $attr [ 'mail' ][ 0 ];
if ( $attr [ 'telephoneNumber' ][ 0 ]) $_SESSION [ 'account_temp' ] -> personal_telephoneNumber = $attr [ 'telephoneNumber' ][ 0 ];
if ( $attr [ 'mobileTelephoneNumber' ][ 0 ]) $_SESSION [ 'account_temp' ] -> personal_mobileTelephoneNumber = $attr [ 'mobileTelephoneNumber' ][ 0 ];
if ( $attr [ 'facsimileTelephoneNumber' ][ 0 ]) $_SESSION [ 'account_temp' ] -> personal_facsimileTelephoneNumber = $attr [ 'facsimileTelephoneNumber' ][ 0 ];
if ( $attr [ 'street' ][ 0 ]) $_SESSION [ 'account_temp' ] -> personal_street = $attr [ 'street' ][ 0 ];
if ( $attr [ 'postalCode' ][ 0 ]) $_SESSION [ 'account_temp' ] -> personal_postalCode = $attr [ 'postalCode' ][ 0 ];
if ( $attr [ 'postalAddress' ][ 0 ]) $_SESSION [ 'account_temp' ] -> personal_postalAddress = $attr [ 'postalAddress' ][ 0 ];
if ( $attr [ 'employeeType' ][ 0 ]) $_SESSION [ 'account_temp' ] -> personal_employeeType = $attr [ 'employeeType' ][ 0 ];
if ( substr ( str_replace ( '{CRYPT}' , '' , $attr [ 'userPassword' ][ 0 ]), 0 , 1 ) == '!' ) $_SESSION [ 'account' ] -> unix_deactivated = true ;
$_SESSION [ 'account_old' ] = $_SESSION [ 'account' ];
if ( $attr [ 'userPassword' ][ 0 ]) $_SESSION [ 'account_old' ] -> unix_password = $attr [ 'userPassword' ][ 0 ];
if ( $attr [ 'ntPassword' ][ 0 ]) $_SESSION [ 'account_old' ] -> smb_password = $attr [ 'ntPassword' ][ 0 ];
}
function loadhost ( $dn ) { // Will load all needed values from an existing account
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $dn , " objectclass=* " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $attr [ 'uid' ][ 0 ]) $_SESSION [ 'account' ] -> general_username = $attr [ 'uid' ][ 0 ];
if ( $attr [ 'uidNumber' ][ 0 ]) $_SESSION [ 'account' ] -> general_uidNumber = $attr [ 'uidNumber' ][ 0 ];
if ( $attr [ 'shadowLastChange' ][ 0 ]) $_SESSION [ 'account' ] -> unix_shadowLastChange = $attr [ 'shadowLastChange' ][ 0 ];
if ( $attr [ 'gecos' ][ 0 ]) $_SESSION [ 'account' ] -> general_gecos = $attr [ 'gecos' ][ 0 ];
if ( $attr [ 'description' ][ 0 ]) $_SESSION [ 'account' ] -> general_gecos = $attr [ 'description' ][ 0 ];
if ( $attr [ 'gidNumber' ][ 0 ]) {
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), " objectclass=PosixGroup " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$attr2 = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $attr2 [ 'gidNumber' ][ 0 ] == $attr [ 'gidNumber' ][ 0 ]) $_SESSION [ 'account' ] -> general_group = $attr2 [ 'cn' ][ 0 ];
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
}
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), " objectclass=PosixGroup " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$attr2 = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $attr2 [ 'memberUid' ]) foreach ( $attr2 [ 'memberUid' ] as $id )
if (( $id == $_SESSION [ 'account' ] -> general_username ) && ( $attr2 [ 'cn' ][ 0 ] != $_SESSION [ 'account' ] -> general_group )) $_SESSION [ 'account' ] -> general_groupadd [] = $attr2 [ 'cn' ][ 0 ];
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
if ( $attr [ 'shadowMin' ][ 0 ]) $_SESSION [ 'account' ] -> unix_pwdminage = $attr [ 'shadowMin' ][ 0 ];
if ( $attr [ 'shadowMax' ][ 0 ]) $_SESSION [ 'account' ] -> unix_pwdmaxage = $attr [ 'shadowMax' ][ 0 ];
if ( $attr [ 'shadowWarning' ][ 0 ]) $_SESSION [ 'account' ] -> unix_pwdwarn = $attr [ 'shadowWarning' ][ 0 ];
if ( $attr [ 'shadowInactive' ][ 0 ]) $_SESSION [ 'account' ] -> unix_pwdallowlogin = $attr [ 'shadowInactive' ][ 0 ];
if ( $attr [ 'shadowExpire' ][ 0 ]) {
$date = getdate ( $attr [ 'shadowExpire' ][ 0 ] * 86400 );
$_SESSION [ 'account' ] -> unix_pwdexpire_day = $date [ 'mday' ];
2003-04-24 16:19:52 +00:00
$_SESSION [ 'account' ] -> unix_pwdexpire_mon = $date [ 'mon' ];
2003-04-23 15:47:00 +00:00
$_SESSION [ 'account' ] -> unix_pwdexpire_yea = $date [ 'year' ];
}
if ( $attr [ 'pwdCanChange' ][ 0 ]) $_SESSION [ 'account' ] -> smb_pwdcanchange = $attr [ 'pwdCanChange' ][ 0 ];
if ( $attr [ 'acctFlags' ][ 0 ]) {
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'W' )) $_SESSION [ 'account' ] -> smb_flagsW = true ;
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'D' )) $_SESSION [ 'account' ] -> smb_flagsD = true ;
if ( strrpos ( $attr [ 'acctFlags' ][ 0 ], 'X' )) $_SESSION [ 'account' ] -> smb_flagsX = true ;
}
if ( $attr [ 'domain' ][ 0 ]) $_SESSION [ 'account' ] -> smb_domain = $attr [ 'domain' ][ 0 ];
if ( $attr [ 'givenName' ][ 0 ]) $_SESSION [ 'account' ] -> general_givenname = $attr [ 'givenName' ][ 0 ];
if ( $attr [ 'sn' ][ 0 ]) $_SESSION [ 'account' ] -> general_surname = $attr [ 'sn' ][ 0 ];
if ( substr ( str_replace ( '{CRYPT}' , '' , $attr [ 'userPassword' ][ 0 ]), 0 , 1 ) == '!' ) $_SESSION [ 'account' ] -> unix_deactivated = true ;
$_SESSION [ 'account_old' ] = $_SESSION [ 'account' ];
if ( $attr [ 'userPassword' ][ 0 ]) $_SESSION [ 'account_old' ] -> unix_password = $attr [ 'userPassword' ][ 0 ];
if ( $attr [ 'ntPassword' ][ 0 ]) $_SESSION [ 'account_old' ] -> smb_password = $attr [ 'ntPassword' ][ 0 ];
}
function loadgroup ( $dn ) { // Will load all needed values from an existing group
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $dn , " objectclass=* " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$attr = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $attr [ 'gidNumber' ][ 0 ]) $_SESSION [ 'account' ] -> general_uidNumber = $attr [ 'gidNumber' ][ 0 ];
if ( $attr [ 'description' ][ 0 ]) $_SESSION [ 'account' ] -> general_gecos = $attr [ 'description' ][ 0 ];
if ( $attr [ 'cn' ][ 0 ]) $_SESSION [ 'account' ] -> general_username = $attr [ 'cn' ][ 0 ];
if ( $attr [ 'description' ][ 0 ]) $_SESSION [ 'account' ] -> general_gecos = $attr [ 'description' ][ 0 ];
if ( $attr [ 'memberUid' ]) $_SESSION [ 'account' ] -> general_memberUid = $attr [ 'memberUid' ];
if ( is_array ( $_SESSION [ 'account' ] -> general_memberUid )) array_shift ( $_SESSION [ 'account' ] -> general_memberUid );
$_SESSION [ 'account' ] -> general_dn = $dn ;
$_SESSION [ 'account_old' ] = $_SESSION [ 'account' ];
}
function createuser () { // Will create the LDAP-Account
// 2 == Account allready exists at different location
// 1 == Account has been created
// 3 == Account has been modified
// 4 == Error while creating Account
// 5 == Error while modifying Account
// Value stored in shadowExpire, days since 1.1.1970
$date = mktime ( 0 , 0 , 0 , $_SESSION [ 'account' ] -> unix_pwdexpire_day , $_SESSION [ 'account' ] -> unix_pwdexpire_mon , $_SESSION [ 'account' ] -> unix_pwdexpire_yea ) / 86400 ;
settype ( $date , 'integer' );
$_SESSION [ 'account' ] -> general_dn = 'cn=' . $_SESSION [ 'account' ] -> general_username . ',' . $_SESSION [ 'config' ] -> get_UserSuffix ();
// All Values need for an user-account
// General Objectclasses
$attr [ 'objectClass' ][ 0 ] = 'inetOrgPerson' ;
$attr [ 'objectClass' ][ 1 ] = 'posixAccount' ;
$attr [ 'objectClass' ][ 2 ] = 'shadowAccount' ;
$attr [ 'objectClass' ][ 3 ] = 'sambaAccount' ;
$attr [ 'cn' ] = $_SESSION [ 'account' ] -> general_username ; // posixAccount_req shadowAccount_req sambaAccount_may
$attr [ 'uid' ] = $_SESSION [ 'account' ] -> general_username ; // posixAccount_req
$attr [ 'uidNumber' ] = $_SESSION [ 'account' ] -> general_uidNumber ; // posixAccount_req
$attr [ 'gidNumber' ] = getgid ( $_SESSION [ 'account' ] -> general_group ); // posixAccount_req
$attr [ 'homeDirectory' ] = $_SESSION [ 'account' ] -> general_homedir ; // posixAccount_req
if ( $_SESSION [ 'account' ] -> personal_title != '' ) $attr [ 'title' ] = $_SESSION [ 'account' ] -> personal_title ;
if ( $_SESSION [ 'account' ] -> personal_mail != '' ) $attr [ 'mail' ] = $_SESSION [ 'account' ] -> personal_mail ;
if ( $_SESSION [ 'account' ] -> personal_telephoneNumber != '' ) $attr [ 'telephoneNumber' ] = $_SESSION [ 'account' ] -> personal_telephoneNumber ;
if ( $_SESSION [ 'account' ] -> personal_mobileTelephoneNumber != '' ) $attr [ 'mobileTelephoneNumber' ] = $_SESSION [ 'account' ] -> personal_mobileTelephoneNumber ;
if ( $_SESSION [ 'account' ] -> personal_facsimileTelephoneNumber != '' ) $attr [ 'facsimileTelephoneNumber' ] = $_SESSION [ 'account' ] -> personal_facsimileTelephoneNumber ;
if ( $_SESSION [ 'account' ] -> personal_street != '' ) $attr [ 'street' ] = $_SESSION [ 'account' ] -> personal_street ;
if ( $_SESSION [ 'account' ] -> personal_postalCode != '' ) $attr [ 'postalCode' ] = $_SESSION [ 'account' ] -> personal_postalCode ;
if ( $_SESSION [ 'account' ] -> personal_postalAddress != '' ) $attr [ 'postalAddress' ] = $_SESSION [ 'account' ] -> personal_postalAddress ;
if ( $_SESSION [ 'account' ] -> personal_employeeType != '' ) $attr [ 'employeeType' ] = $_SESSION [ 'account' ] -> personal_employeeType ;
// posixAccount_may shadowAccount_may
if ( $_SESSION [ 'modify' ] == 1 ) {
$password_old = str_replace ( '{CRYPT}' , '' , $_SESSION [ 'account_old' ] -> unix_password );
if ( substr ( $password_old , 0 , 1 ) == '!' ) $password_old = substr ( $password_old , 1 , strlen ( $password_old ));
if ( $_SESSION [ 'account' ] -> unix_password == '' ) {
2003-04-24 11:59:26 +00:00
if ( $_SESSION [ 'account' ] -> unix_password_no ) $password_old = '' ;
2003-04-23 15:47:00 +00:00
if ( $_SESSION [ 'account' ] -> unix_deactivated ) $attr [ 'userPassword' ] = '{CRYPT}!' . $password_old ;
else $attr [ 'userPassword' ] = '{CRYPT}' . $password_old ;
$attr [ 'shadowLastChange' ] = $_SESSION [ 'account_old' ] -> unix_shadowLastChange ; // shadowAccunt_may
}
else {
if ( $_SESSION [ 'account' ] -> unix_deactivated ) $attr [ 'userPassword' ] = '{CRYPT}!' . crypt ( $_SESSION [ 'account' ] -> unix_password );
else $attr [ 'userPassword' ] = '{CRYPT}' . crypt ( $_SESSION [ 'account' ] -> unix_password );
$attr [ 'shadowLastChange' ] = getdays (); // shadowAccunt_may
}
2003-04-24 11:59:26 +00:00
if ( $_SESSION [ 'account' ] -> smb_password != '' ) {
2003-04-25 11:07:28 +00:00
$attr [ 'ntPassword' ] = exec ( '../lib/createntlm.pl nt ' . $_SESSION [ 'account' ] -> smb_password );
$attr [ 'lmPassword' ] = exec ( '../lib/createntlm.pl lm ' . $_SESSION [ 'account' ] -> smb_password );
2003-04-24 11:59:26 +00:00
$attr [ 'pwdLastSet' ] = time (); // sambaAccount_may
}
2003-04-23 15:47:00 +00:00
}
else {
2003-04-24 11:59:26 +00:00
if ( $_SESSION [ 'account' ] -> unix_password_no ) $_SESSION [ 'account' ] -> unix_password = '' ;
2003-04-23 15:47:00 +00:00
if ( $_SESSION [ 'account' ] -> unix_deactivated ) $attr [ 'userPassword' ] = '{CRYPT}!' . crypt ( $_SESSION [ 'account' ] -> unix_password );
else $attr [ 'userPassword' ] = '{CRYPT}' . crypt ( $_SESSION [ 'account' ] -> unix_password );
$attr [ 'shadowLastChange' ] = getdays (); // shadowAccunt_may
2003-04-25 11:07:28 +00:00
$attr [ 'ntPassword' ] = exec ( '../lib/createntlm.pl nt ' . $_SESSION [ 'account' ] -> smb_password );
$attr [ 'lmPassword' ] = exec ( '../lib/createntlm.pl lm ' . $_SESSION [ 'account' ] -> smb_password );
2003-04-24 11:59:26 +00:00
$attr [ 'pwdLastSet' ] = time (); // sambaAccount_may
}
if ( $_SESSION [ 'account' ] -> smb_password_no ) {
$attr [ 'ntPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'lmPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'pwdLastSet' ] = time (); // sambaAccount_may
2003-04-23 15:47:00 +00:00
}
$attr [ 'loginShell' ] = $_SESSION [ 'account' ] -> general_shell ; // posixAccount_may
$attr [ 'gecos' ] = $_SESSION [ 'account' ] -> general_gecos ; // posixAccount_may
$attr [ 'description' ] = $_SESSION [ 'account' ] -> general_gecos ; // posixAccount_may sambaAccount_may
$attr [ 'shadowMin' ] = $_SESSION [ 'account' ] -> unix_pwdminage ; // shadowAccunt_may
$attr [ 'shadowMax' ] = $_SESSION [ 'account' ] -> unix_pwdmaxage ; // shadowAccunt_may
$attr [ 'shadowWarning' ] = $_SESSION [ 'account' ] -> unix_pwdwarn ; // shadowAccunt_may
$attr [ 'shadowInactive' ] = $_SESSION [ 'account' ] -> unix_pwdallowlogin ; // shadowAccunt_may
$attr [ 'shadowExpire' ] = $date ; // shadowAccunt_may
$attr [ 'rid' ] = ( 2 * $_SESSION [ 'account' ] -> general_uidNumber + 1000 ); // sambaAccount_may
$attr [ 'PrimaryGroupID' ] = ( 2 * getgid ( $_SESSION [ 'account' ] -> general_group ) + 1001 ); // sambaAccount_req
if ( $_SESSION [ 'account' ] -> smb_pwdcanchange ) $attr [ 'pwdCanChange' ] = " 1 " ; else $attr [ 'pwdCanChange' ] = " 0 " ; // sambaAccount_may
if ( $_SESSION [ 'account' ] -> smb_pwdmustchange ) $attr [ 'pwdMustChange' ] = " 1 " ; else $attr [ 'pwdMustChange' ] = " 0 " ; // sambaAccount_may
$attr [ 'acctFlags' ] = smbflag (); // sambaAccount_may
$attr [ 'displayName' ] = $_SESSION [ 'account' ] -> general_gecos ; // sambaAccount_may
if ( $_SESSION [ 'account' ] -> smb_smbhome != '' ) $attr [ 'smbHome' ] = $_SESSION [ 'account' ] -> smb_smbhome ; // sambaAccount_may
if ( $_SESSION [ 'account' ] -> smb_homedrive != '' ) $attr [ 'homeDrive' ] = $_SESSION [ 'account' ] -> smb_homedrive ; // sambaAccount_may
if ( $_SESSION [ 'account' ] -> smb_scriptpath != '' ) $attr [ 'scriptPath' ] = $_SESSION [ 'account' ] -> smb_scriptpath ; // sambaAccount_may
if ( $_SESSION [ 'account' ] -> smb_profilePath != '' ) $attr [ 'profilePath' ] = $_SESSION [ 'account' ] -> smb_profilePath ; // sambaAccount_may
if ( $_SESSION [ 'account' ] -> smb_smbuserworkstations != '' ) $attr [ 'userWorkstations' ] = $_SESSION [ 'account' ] -> smb_smbuserworkstations ; // sambaAccount_may
if ( $_SESSION [ 'account' ] -> smb_domain != '' ) $attr [ 'domain' ] = $_SESSION [ 'account' ] -> smb_domain ; // sambaAccount_may
if ( $_SESSION [ 'account' ] -> general_givenname != '' ) $attr [ 'givenName' ] = $_SESSION [ 'account' ] -> general_givenname ;
if ( $_SESSION [ 'account' ] -> general_surname != '' ) $attr [ 'sn' ] = $_SESSION [ 'account' ] -> general_surname ;
if ( $_SESSION [ 'modify' ] == 1 ) {
if ( $_SESSION [ 'account' ] -> general_username == $_SESSION [ 'account_old' ] -> general_username ) // Username hasn't changed
$success = ldap_modify ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'account' ] -> general_dn , $attr );
else {
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'account' ] -> general_dn , $attr );
if ( $success ) ldap_delete ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'account_old' ] -> general_dn );
}
if ( ! $success ) return 5 ;
// Write Groupmemberchips
$allgroups = $_SESSION [ 'account' ] -> general_groupadd ;
if ( ! in_array ( $_SESSION [ 'account' ] -> general_group , $allgroups )) $allgroups [] = $_SESSION [ 'account' ] -> general_group ;
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), 'objectClass=PosixGroup' );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$modifygroup = 0 ;
$attr2 = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $attr2 [ 'memberUid' ]) {
array_shift ( $attr2 [ 'memberUid' ]);
foreach ( $attr2 [ 'memberUid' ] as $nam ) {
if ( ( $attr2 [ 'memberUid' ][ $nam ] == $_SESSION [ 'account' ] -> general_username ) && ! in_array ( $attr2 [ 'memberUid' ][ $nam ], $allgroups )) {
$todelete [ 'memberUid' ] = $attr2 [ 'memberUid' ][ $nam ];
$success = ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ) , $todelete );
}
}
if ( ! in_array ( $_SESSION [ 'account' ] -> general_username , $attr2 [ 'memberUid' ]) && in_array ( $attr2 [ 'cn' ][ 0 ], $allgroups )) {
$toadd [ 'memberUid' ] = $attr2 [ 'memberUid' ];
$toadd [ 'memberUid' ][] = $_SESSION [ 'account' ] -> general_username ;
$success = ldap_mod_replace ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ), $toadd );
}
}
else {
if ( in_array ( $attr2 [ 'cn' ][ 0 ], $allgroups )) {
$toadd [ 'memberUid' ] = $_SESSION [ 'account' ] -> general_username ;
$success = ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ), $toadd );
}
}
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
if ( ! $success ) return 5 ;
return 3 ;
}
else {
// Write a new entry if user doesn't exists
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'account' ] -> general_dn , $attr );
if ( ! $success ) return 4 ;
// Add user to groups
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), 'cn=' . $_SESSION [ 'account' ] -> general_group . ',' . $_SESSION [ 'config' ] -> get_GroupSuffix (), " objectclass=posixGroup " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$group = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $group [ 'memberUid' ]) array_shift ( $group [ 'memberUid' ]);
if ( ! in_array ( $_SESSION [ 'account' ] -> general_username , $group [ 'memberUid' ])) {
$toadd [ 'memberUid' ] = $_SESSION [ 'account' ] -> general_username ;
$success = ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), 'cn=' . $_SESSION [ 'account' ] -> general_group . ',' . $_SESSION [ 'config' ] -> get_GroupSuffix (), $toadd );
}
if ( ! $success ) return 4 ;
// Add User to Additional Groups
if ( $_SESSION [ 'account' ] -> general_groupadd )
foreach ( $_SESSION [ 'account' ] -> general_groupadd as $group2 ) {
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), 'cn=' . $group2 . ',' . $_SESSION [ 'config' ] -> get_GroupSuffix (), " objectclass=posixGroup " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$group = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $group [ 'memberUid' ]) array_shift ( $group [ 'memberUid' ]);
if ( ! in_array ( $_SESSION [ 'account' ] -> general_username , $group [ 'memberUid' ])) {
$toadd [ 'memberUid' ] = $_SESSION [ 'account' ] -> general_username ;
$success = ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), 'cn=' . $group2 . ',' . $_SESSION [ 'config' ] -> get_GroupSuffix (), $toadd );
}
if ( ! $success ) return 4 ;
}
return 1 ;
}
}
function createhost () { // Will create the LDAP-Host
// 2 == Host allready exists at different location
// 1 == Host has been created
// 3 == Host has been modified
// 4 == Error while creating Host
// 5 == Error while modifying Host
// Value stored in shadowExpire, days since 1.1.1970
$date = mktime ( 0 , 0 , 0 , $_SESSION [ 'account' ] -> unix_pwdexpire_day , $_SESSION [ 'account' ] -> unix_pwdexpire_mon , $_SESSION [ 'account' ] -> unix_pwdexpire_yea ) / 86400 ;
settype ( $date , 'integer' );
$_SESSION [ 'account' ] -> general_dn = 'cn=' . $_SESSION [ 'account' ] -> general_username . ',' . $_SESSION [ 'config' ] -> get_HostSuffix ();
// All Values need for an user-account
// General Objectclasses
$attr [ 'objectClass' ][ 0 ] = 'top' ;
$attr [ 'objectClass' ][ 1 ] = 'posixAccount' ;
$attr [ 'objectClass' ][ 2 ] = 'shadowAccount' ;
$attr [ 'objectClass' ][ 3 ] = 'sambaAccount' ;
$attr [ 'cn' ] = $_SESSION [ 'account' ] -> general_username ; // posixAccount_req shadowAccount_req sambaAccount_may
$attr [ 'uid' ] = $_SESSION [ 'account' ] -> general_username ; // posixAccount_req
$attr [ 'uidNumber' ] = $_SESSION [ 'account' ] -> general_uidNumber ; // posixAccount_req
$attr [ 'gidNumber' ] = getgid ( $_SESSION [ 'account' ] -> general_group ); // posixAccount_req
$attr [ 'homeDirectory' ] = $_SESSION [ 'account' ] -> general_homedir ; // posixAccount_req
// posixAccount_may shadowAccount_may
if ( $_SESSION [ 'modify' ] == 1 ) {
$password_old = str_replace ( '{CRYPT}' , '' , $_SESSION [ 'account_old' ] -> unix_password );
if ( substr ( $password_old , 0 , 1 ) == '!' ) $password_old = substr ( $password_old , 1 , strlen ( $password_old ));
2003-04-24 11:59:26 +00:00
if ( $_SESSION [ 'account' ] -> unix_password == '' ) {
if ( $_SESSION [ 'account' ] -> unix_password_no ) $password_old = '' ;
2003-04-23 15:47:00 +00:00
if ( $_SESSION [ 'account' ] -> unix_deactivated ) $attr [ 'userPassword' ] = '{CRYPT}!' . $password_old ;
else $attr [ 'userPassword' ] = '{CRYPT}' . $password_old ;
$attr [ 'shadowLastChange' ] = $_SESSION [ 'account_old' ] -> unix_shadowLastChange ; // shadowAccunt_may
}
else {
if ( $_SESSION [ 'account' ] -> unix_deactivated ) $attr [ 'userPassword' ] = '{CRYPT}!' . crypt ( $_SESSION [ 'account' ] -> unix_password );
else $attr [ 'userPassword' ] = '{CRYPT}' . crypt ( $_SESSION [ 'account' ] -> unix_password );
$attr [ 'shadowLastChange' ] = getdays (); // shadowAccunt_may
}
2003-04-24 11:59:26 +00:00
if ( $_SESSION [ 'account' ] -> smb_password != '' ) {
$attr [ 'ntPassword' ] = exec ( '../lib/createntlm.pl nt' . $_SESSION [ 'account' ] -> smb_password );
$attr [ 'lmPassword' ] = exec ( '../lib/createntlm.pl lm' . $_SESSION [ 'account' ] -> smb_password );
$attr [ 'pwdLastSet' ] = time (); // sambaAccount_may
}
2003-04-23 15:47:00 +00:00
}
else {
2003-04-24 11:59:26 +00:00
if ( $_SESSION [ 'account' ] -> unix_password_no ) $_SESSION [ 'account' ] -> unix_password = '' ;
2003-04-23 15:47:00 +00:00
if ( $_SESSION [ 'account' ] -> unix_deactivated ) $attr [ 'userPassword' ] = '{CRYPT}!' . crypt ( $_SESSION [ 'account' ] -> unix_password );
else $attr [ 'userPassword' ] = '{CRYPT}' . crypt ( $_SESSION [ 'account' ] -> unix_password );
$attr [ 'shadowLastChange' ] = getdays (); // shadowAccunt_may
2003-04-24 11:59:26 +00:00
$attr [ 'ntPassword' ] = exec ( '../lib/createntlm.pl nt' . $_SESSION [ 'account' ] -> smb_password );
$attr [ 'lmPassword' ] = exec ( '../lib/createntlm.pl lm' . $_SESSION [ 'account' ] -> smb_password );
$attr [ 'pwdLastSet' ] = time (); // sambaAccount_may
}
if ( $_SESSION [ 'account' ] -> smb_password_no ) {
$attr [ 'ntPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'lmPassword' ] = 'NO PASSWORD*****' ;
$attr [ 'pwdLastSet' ] = time (); // sambaAccount_may
2003-04-23 15:47:00 +00:00
}
$attr [ 'loginShell' ] = $_SESSION [ 'account' ] -> general_shell ; // posixAccount_may
$attr [ 'gecos' ] = $_SESSION [ 'account' ] -> general_gecos ; // posixAccount_may
$attr [ 'description' ] = $_SESSION [ 'account' ] -> general_gecos ; // posixAccount_may sambaAccount_may
$attr [ 'shadowMin' ] = $_SESSION [ 'account' ] -> unix_pwdminage ; // shadowAccunt_may
$attr [ 'shadowMax' ] = $_SESSION [ 'account' ] -> unix_pwdmaxage ; // shadowAccunt_may
$attr [ 'shadowWarning' ] = $_SESSION [ 'account' ] -> unix_pwdwarn ; // shadowAccunt_may
$attr [ 'shadowInactive' ] = $_SESSION [ 'account' ] -> unix_pwdallowlogin ; // shadowAccunt_may
$attr [ 'shadowExpire' ] = $date ; // shadowAccunt_may
$attr [ 'rid' ] = ( 2 * $_SESSION [ 'account' ] -> general_uidNumber + 1000 ); // sambaAccount_may
$attr [ 'PrimaryGroupID' ] = ( 2 * getgid ( $_SESSION [ 'account' ] -> general_group ) + 1001 ); // sambaAccount_req
if ( $_SESSION [ 'account' ] -> smb_pwdcanchange ) $attr [ 'pwdCanChange' ] = " 1 " ; else $attr [ 'pwdCanChange' ] = " 0 " ; // sambaAccount_may
if ( $_SESSION [ 'account' ] -> smb_pwdmustchange ) $attr [ 'pwdMustChange' ] = " 1 " ; else $attr [ 'pwdMustChange' ] = " 0 " ; // sambaAccount_may
$attr [ 'acctFlags' ] = smbflag (); // sambaAccount_may
$attr [ 'displayName' ] = $_SESSION [ 'account' ] -> general_gecos ; // sambaAccount_may
$attr [ 'domain' ] = $_SESSION [ 'account' ] -> smb_domain ; // sambaAccount_may
if ( $_SESSION [ 'modify' ] == 1 ) {
if ( $_SESSION [ 'account' ] -> general_username == $_SESSION [ 'account_old' ] -> general_username ) // Username hasn't changed
$success = ldap_modify ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'account' ] -> general_dn , $attr );
else {
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'account' ] -> general_dn , $attr );
if ( $success ) ldap_delete ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'account_old' ] -> general_dn );
}
if ( ! $success ) return 5 ;
if ( $attr [ 'uidNumber' ] != $_SESSION [ 'account_old' ] -> general_uidNumber ) echo ( 'find / -uid ' . $_SESSION [ 'account_old' ] -> general_uidNumber . ' -exec chown ' . $_SESSION [ 'account' ] -> general_uidNumber . ' {} \;' );
// Write Groupmemberchips
$allgroups = $_SESSION [ 'account' ] -> general_groupadd ;
if ( ! in_array ( $_SESSION [ 'account' ] -> general_group , $allgroups )) $allgroups [] = $_SESSION [ 'account' ] -> general_group ;
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_GroupSuffix (), 'objectClass=PosixGroup' );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$modifygroup = 0 ;
$attr2 = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $attr2 [ 'memberUid' ]) {
array_shift ( $attr2 [ 'memberUid' ]);
foreach ( $attr2 [ 'memberUid' ] as $nam ) {
if ( ( $attr2 [ 'memberUid' ][ $nam ] == $_SESSION [ 'account' ] -> general_username ) && ! in_array ( $attr2 [ 'memberUid' ][ $nam ], $allgroups )) {
$todelete [ 'memberUid' ] = $attr2 [ 'memberUid' ][ $nam ];
$success = ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ) , $todelete );
}
}
if ( ! in_array ( $_SESSION [ 'account' ] -> general_username , $attr2 [ 'memberUid' ]) && in_array ( $attr2 [ 'cn' ][ 0 ], $allgroups )) {
$toadd [ 'memberUid' ] = $attr2 [ 'memberUid' ];
$toadd [ 'memberUid' ][] = $_SESSION [ 'account' ] -> general_username ;
$success = ldap_mod_replace ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ), $toadd );
}
}
else {
if ( in_array ( $attr2 [ 'cn' ][ 0 ], $allgroups )) {
$toadd [ 'memberUid' ] = $_SESSION [ 'account' ] -> general_username ;
$success = ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ), $toadd );
}
}
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
if ( ! $success ) return 5 ;
return 3 ;
}
else {
// Write a new entry if user doesn't exists
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'account' ] -> general_dn , $attr );
if ( ! $success ) return 4 ;
// Add Host to groups
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), 'cn=' . $_SESSION [ 'account' ] -> general_group . ',' . $_SESSION [ 'config' ] -> get_GroupSuffix (), " objectclass=posixGroup " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$group = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $group [ 'memberUid' ]) array_shift ( $group [ 'memberUid' ]);
if ( ! in_array ( $_SESSION [ 'account' ] -> general_username , $group [ 'memberUid' ])) {
$toadd [ 'memberUid' ] = $_SESSION [ 'account' ] -> general_username ;
$success = ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), 'cn=' . $_SESSION [ 'account' ] -> general_group . ',' . $_SESSION [ 'config' ] -> get_GroupSuffix (), $toadd );
}
if ( ! $success ) return 4 ;
// Add Host to Additional Groups
if ( $_SESSION [ 'account' ] -> general_groupadd )
foreach ( $_SESSION [ 'account' ] -> general_groupadd as $group2 ) {
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), 'cn=' . $group2 . ',' . $_SESSION [ 'config' ] -> get_GroupSuffix (), " objectclass=posixGroup " );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
$group = ldap_get_attributes ( $_SESSION [ 'ldap' ] -> server (), $entry );
if ( $group [ 'memberUid' ]) array_shift ( $group [ 'memberUid' ]);
if ( ! in_array ( $_SESSION [ 'account' ] -> general_username , $group [ 'memberUid' ])) {
$toadd [ 'memberUid' ] = $_SESSION [ 'account' ] -> general_username ;
$success = ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), 'cn=' . $group2 . ',' . $_SESSION [ 'config' ] -> get_GroupSuffix (), $toadd );
}
if ( ! $success ) return 4 ;
}
return 1 ;
}
}
function creategroup () { // Will create the LDAP-Group
// 2 == Group allready exists at different location
// 1 == Group has been created
// 3 == Group has been modified
// 4 == Error while creating Group
// 5 == Error while modifying Group
$_SESSION [ 'account' ] -> general_dn = 'cn=' . $_SESSION [ 'account' ] -> general_username . ',' . $_SESSION [ 'config' ] -> get_GroupSuffix ();
$attr [ 'objectClass' ] = 'posixGroup' ;
$attr [ 'cn' ] = $_SESSION [ 'account' ] -> general_username ;
$attr [ 'gidNumber' ] = $_SESSION [ 'account' ] -> general_uidNumber ;
$attr [ 'description' ] = $_SESSION [ 'account' ] -> general_gecos ;
if ( $_SESSION [ 'account' ] -> general_memeberUid ) $attr [ 'memberUid' ] = $_SESSION [ 'account' ] -> general_memberUid ;
if ( $_SESSION [ 'modify' ] == 0 ) { // Write a new entry if group doesn't exists
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'account' ] -> general_dn , $attr );
if ( $success ) return 1 ;
else return 4 ;
}
else { // Modify an Existing entry
if ( $_SESSION [ 'account' ] -> general_username == $_SESSION [ 'account_old' ] -> general_username ) // Groupname hasn't changed
$success = ldap_modify ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'account' ] -> general_dn , $attr );
else {
$success = ldap_add ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'account' ] -> general_dn , $attr );
if ( $success ) ldap_delete ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'account_old' ] -> general_dn );
}
// Fragen, ob bei ge<67> nderter gid die gids der Beutzer in der Gruppe ge<67> ndert werden sollen. *********************************
if ( $_SESSION [ 'account' ] -> final_changegids == true ) {
$result = ldap_search ( $_SESSION [ 'ldap' ] -> server (), $_SESSION [ 'config' ] -> get_UserSuffix (), 'gidNumber=' . $_SESSION [ 'account_old' ] -> general_uidNumber );
$entry = ldap_first_entry ( $_SESSION [ 'ldap' ] -> server (), $result );
while ( $entry ) {
$user [ 'gidNumber' ][ 0 ] = $_SESSION [ 'account' ] -> general_uidNumber ;
ldap_modify ( $_SESSION [ 'ldap' ] -> server (), ldap_get_dn ( $_SESSION [ 'ldap' ] -> server (), $entry ), $user );
$entry = ldap_next_entry ( $_SESSION [ 'ldap' ] -> server (), $entry );
}
}
if ( $success ) return 3 ;
else return 5 ;
}
}
?>