2003-06-01 10:02:44 +00:00
|
|
|
|
<?php
|
2003-04-23 15:47:00 +00:00
|
|
|
|
/*
|
|
|
|
|
$Id$
|
|
|
|
|
|
|
|
|
|
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
|
|
|
|
|
Copyright (C) 2003 Tilo Lutz
|
|
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LDAP Account Manager functions used by account.php
|
|
|
|
|
*/
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// This class keeps all needed values for any account
|
|
|
|
|
class account {
|
2003-08-16 09:38:17 +00:00
|
|
|
|
// Type : user | group | host
|
|
|
|
|
var $type;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
// General Settings
|
2003-08-12 19:45:24 +00:00
|
|
|
|
var $general_objectClass; // Array, contains old objectclasses of loaded account
|
2003-06-08 12:12:42 +00:00
|
|
|
|
var $general_username; // string Username, Hostname or Groupname
|
|
|
|
|
var $general_uidNumber; // string UIDNumber(user|host) GIDNumber(group) only natural numbers allowed
|
|
|
|
|
var $general_surname; // string Surname (user)
|
|
|
|
|
var $general_givenname; // string Givenname (user)
|
|
|
|
|
var $general_dn; // string DN
|
|
|
|
|
var $general_group; // string Primary group (user|host)
|
2003-10-19 17:04:49 +00:00
|
|
|
|
var $general_groupadd; // array(string) Addititional Groups (user) is member of
|
2003-06-08 12:12:42 +00:00
|
|
|
|
var $general_homedir; // atring Homedirectoy (user) For host it's hardcoded to/dev/null
|
|
|
|
|
var $general_shell; // array(string) list off all valid shells (user) hosts are hard-wired to /bin/false
|
2003-10-19 17:04:49 +00:00
|
|
|
|
var $general_gecos; // string, gecos-field (user|group|host)
|
2003-04-23 15:47:00 +00:00
|
|
|
|
// Unix Password Settings
|
2003-09-11 16:55:57 +00:00
|
|
|
|
var $unix_memberUid; // array Stores all users which are member of group but is not primary group (group)
|
2003-06-08 12:12:42 +00:00
|
|
|
|
var $unix_password; // string for unix-password (user|host)
|
|
|
|
|
var $unix_password_no; // string (0|1) set unix-password to none (user|host)
|
|
|
|
|
var $unix_pwdwarn; // string number of days a user is warned before password expires (user|host) value must be a natural number (user|host)
|
|
|
|
|
var $unix_pwdallowlogin; // string number of days a user can login even his password has expired (user) muste be a natural number or 0 or -1 (user|host)
|
|
|
|
|
var $unix_pwdmaxage; // string Number of days after a user has to change his password again Value must be 0<. (user|host)
|
|
|
|
|
var $unix_pwdminage; // string Number of days a user has to wait until he\'s allowed to change his password again. Value must be 0<. (user|host)
|
2003-07-11 14:42:28 +00:00
|
|
|
|
var $unix_pwdexpire; // string days since 1.1.1970 the account expires (user|host)
|
2003-06-08 12:12:42 +00:00
|
|
|
|
var $unix_deactivated; // string (1|0) account deactivated? (user|host)
|
|
|
|
|
var $unix_shadowLastChange; // string, contains the days since 1.1.1970 the password has been changed last time (user|host)
|
2003-08-03 14:04:18 +00:00
|
|
|
|
var $unix_host; // list of unix hosts the user is allowed to log in
|
2003-04-23 15:47:00 +00:00
|
|
|
|
// Samba Account
|
2003-06-08 12:12:42 +00:00
|
|
|
|
var $smb_password; // string for samba-password (user|host)
|
|
|
|
|
var $smb_password_no; // string (1|0) set samba-password to none (user|host)
|
|
|
|
|
var $smb_useunixpwd; // string (1|0) use unix-password as samba-password (user|host)
|
2003-07-13 12:31:12 +00:00
|
|
|
|
var $smb_pwdcanchange; // string unix-timestamp user/host is able to change password (user|host)
|
|
|
|
|
var $smb_pwdmustchange; // string unix-timestamp user/host has to change password at next login (user|host)
|
2003-06-08 12:12:42 +00:00
|
|
|
|
var $smb_homedrive; // string Homedrive (C:, D:, ...) (user)
|
|
|
|
|
var $smb_scriptPath; // string ScriptPath (\\server\loginscript) (user)
|
|
|
|
|
var $smb_profilePath; // string profilePAth (\\server\profilepath) (user)
|
|
|
|
|
var $smb_smbuserworkstations; // string comma-separated list of workstations (user)
|
|
|
|
|
var $smb_smbhome; // string Home-Share (\\server\home) (user)
|
2003-08-10 19:46:21 +00:00
|
|
|
|
var $smb_domain; // string Domain of (user|host) or samba3domain-Object
|
2003-06-08 12:12:42 +00:00
|
|
|
|
var $smb_flagsW; // string (1|0) account is host? (user|host)
|
|
|
|
|
var $smb_flagsD; // string (1|0) account is disabled? (user|host)
|
2003-10-19 17:04:49 +00:00
|
|
|
|
var $smb_flagsX; // string (1|0) password doesn't expire (user|host)
|
2003-06-30 12:06:44 +00:00
|
|
|
|
var $smb_mapgroup; // decimal ID for groups
|
2003-09-16 12:44:28 +00:00
|
|
|
|
var $smb_displayName; // string, description, similar to gecos-field.
|
2003-05-07 16:53:03 +00:00
|
|
|
|
// Quota Settins
|
2003-06-08 12:12:42 +00:00
|
|
|
|
var $quota; // array[][] First array is an index for every chare with active quotas
|
|
|
|
|
// second array Contains values for every share:
|
2003-08-18 18:46:33 +00:00
|
|
|
|
// mountpoint, used blocks, soft block limit, hard block limit, grace block period, used inodes,
|
2003-06-08 12:12:42 +00:00
|
|
|
|
// soft inode limit, hard inode limit, grace inode period
|
2003-04-23 15:47:00 +00:00
|
|
|
|
// Personal Settings
|
2003-06-08 12:12:42 +00:00
|
|
|
|
var $personal_title; // string title of user
|
|
|
|
|
var $personal_mail; // string mailaddress of user
|
|
|
|
|
var $personal_telephoneNumber; // string telephonenumber of user
|
|
|
|
|
var $personal_mobileTelephoneNumber; // string mobile umber of user
|
|
|
|
|
var $personal_facsimileTelephoneNumber; // strinf fax-number of user
|
|
|
|
|
var $personal_street; // stirng streetname of user
|
|
|
|
|
var $personal_postalCode; // string postal code of user
|
|
|
|
|
var $personal_postalAddress; // string postal Address of user
|
|
|
|
|
var $personal_employeeType; // string employe type of user
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-06-08 12:12:42 +00:00
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* Return a list of all shells listed in ../config/shells
|
|
|
|
|
* Normally ../config/shells is a symbolic link to /etc/shells
|
|
|
|
|
*/
|
|
|
|
|
function getshells() {
|
|
|
|
|
// Load shells from file
|
2003-09-28 13:30:31 +00:00
|
|
|
|
$shells = file($_SESSION['lampath'].'config/shells');
|
2003-05-14 21:12:17 +00:00
|
|
|
|
$i=0;
|
2003-10-17 07:58:43 +00:00
|
|
|
|
while (count($shells) > $i) {
|
|
|
|
|
// remove whitespaces
|
2003-05-14 21:12:17 +00:00
|
|
|
|
trim($shells[$i]);
|
2003-10-17 07:58:43 +00:00
|
|
|
|
// remove lineend
|
|
|
|
|
$shells[$i] = substr($shells[$i], 0, strpos($shells[$i], "\n"));
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// remove comments
|
2003-10-17 07:58:43 +00:00
|
|
|
|
if ($shells[$i]{0}=='#') unset ($shells[$i]);
|
2003-05-16 20:00:45 +00:00
|
|
|
|
else $i++;
|
2003-05-14 21:12:17 +00:00
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// $shells is array with all valid shells
|
2003-05-02 15:32:44 +00:00
|
|
|
|
return $shells;
|
2003-05-01 17:02:57 +00:00
|
|
|
|
}
|
2003-04-23 15:47:00 +00:00
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
|
|
|
|
|
/* This function will replace umlates with ascci-chars
|
|
|
|
|
* fixme
|
|
|
|
|
* In order to map all non-ascii characters this function should be changed
|
|
|
|
|
*/
|
|
|
|
|
function replace_umlaut($text) {
|
2003-08-14 12:49:11 +00:00
|
|
|
|
$aTranslate = array("<EFBFBD>"=>"ae", "<EFBFBD>"=>"Ae",
|
|
|
|
|
"<EFBFBD>"=>"oe", "<EFBFBD>"=>"Oe",
|
|
|
|
|
"<EFBFBD>"=>"ue", "<EFBFBD>"=>"Ue",
|
|
|
|
|
"<EFBFBD>"=>"ss"
|
|
|
|
|
);
|
|
|
|
|
return strtr($text, $aTranslate);
|
|
|
|
|
}
|
|
|
|
|
|
2003-09-11 16:55:57 +00:00
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* This function will return all values from $array without values of $values
|
|
|
|
|
* $values, $array and $return are arrays
|
|
|
|
|
*/
|
|
|
|
|
function array_delete($values, $array) {
|
|
|
|
|
// Loop for every entry and check if it should be removed
|
|
|
|
|
if (is_array($array)) {
|
|
|
|
|
foreach ($array as $array_value)
|
|
|
|
|
if (!@in_array($array_value, $values))
|
|
|
|
|
$return[] = $array_value;
|
|
|
|
|
return $return;
|
|
|
|
|
}
|
|
|
|
|
else return 0;
|
|
|
|
|
}
|
2003-09-11 16:55:57 +00:00
|
|
|
|
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// This function will return a password with max. 8 characters
|
|
|
|
|
function genpasswd() {
|
2003-04-23 15:47:00 +00:00
|
|
|
|
// Allowed Characters to generate passwords
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// I'Ve removed characters like l and 1 because they are too similar
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$LCase = 'abcdefghjkmnpqrstuvwxyz';
|
2003-05-02 15:32:44 +00:00
|
|
|
|
$UCase = 'ABCDEFGHJKMNPQRSTUVWXYZ';
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$Integer = '23456789';
|
|
|
|
|
// DEFINE CONSTANTS FOR ALGORTTHM
|
|
|
|
|
define("LEN", '1');
|
|
|
|
|
$a = RndInt('letter');
|
|
|
|
|
$b = RndInt('letter');
|
|
|
|
|
$c = RndInt('letter');
|
|
|
|
|
$d = RndInt('letter');
|
|
|
|
|
$e = RndInt('number');
|
|
|
|
|
$f = RndInt('number');
|
|
|
|
|
$g = RndInt('letter');
|
|
|
|
|
$h = RndInt('letter');
|
|
|
|
|
// EXTRACT 8 CHARACTERS RANDOMLY FROM TH // E DEFINITION STRINGS
|
|
|
|
|
$L1 = substr($LCase, $a, LEN);
|
|
|
|
|
$L2 = substr($LCase, $b, LEN);
|
|
|
|
|
$L3 = substr($LCase, $h, LEN);
|
|
|
|
|
$U1 = substr($UCase, $c, LEN);
|
|
|
|
|
$U2 = substr($UCase, $d, LEN);
|
|
|
|
|
$U3 = substr($UCase, $g, LEN);
|
|
|
|
|
$I1 = substr($Integer, $e, LEN);
|
|
|
|
|
$I2 = substr($Integer, $f, LEN);
|
|
|
|
|
// COMBINE THE CHARACTERS AND DISPLAY TH // E NEW PASSWORD
|
|
|
|
|
$PW = $L1 . $U2 . $I1 . $L2 . $I2 . $U1 . $U3 . $L3;
|
|
|
|
|
return $PW;
|
|
|
|
|
}
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
|
2003-05-02 16:18:05 +00:00
|
|
|
|
/* THIS FUNCTION GENERATES A RANDOM NUMBER THAT WILL BE USED TO
|
|
|
|
|
* RANDOMLY SELECT CHARACTERS FROM THE STRINGS ABOVE
|
|
|
|
|
*/
|
|
|
|
|
function RndInt($Format){
|
|
|
|
|
switch ($Format){
|
|
|
|
|
case 'letter':
|
|
|
|
|
$Rnd = rand(0,23);
|
|
|
|
|
if ($Rnd > 23){
|
|
|
|
|
$Rnd = $Rnd - 1;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case 'number':
|
|
|
|
|
$Rnd = rand(2,9);
|
|
|
|
|
if ($Rnd > 8){
|
|
|
|
|
$Rnd = $Rnd - 1;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return $Rnd;
|
|
|
|
|
} // END RndInt() FUNCTION
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
|
|
|
|
|
/* Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned
|
|
|
|
|
* $type = 'user' or 'group'
|
|
|
|
|
* $user = user or groupname. If no user or groupname is defined,
|
|
|
|
|
* an array with all quota-enabled partitions will be returned in this case all returned values are 0 exept mointpoint[x][0]
|
|
|
|
|
*/
|
|
|
|
|
function getquotas($type,$user='+') {
|
|
|
|
|
// define new object
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$return = new account();
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// get username and password of the current lam-admin
|
2003-05-13 10:54:53 +00:00
|
|
|
|
$ldap_q = $_SESSION['ldap']->decrypt();
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* $towrite has the following syntax:
|
|
|
|
|
* admin-username, admin-password, account with quotas, 'quota', operation='get', type=user|group
|
|
|
|
|
*/
|
2003-05-16 20:06:12 +00:00
|
|
|
|
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota get ';
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($type=='user') $towrite = $towrite.'u';
|
2003-05-07 16:53:03 +00:00
|
|
|
|
else $towrite = $towrite.'g';
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
|
|
|
|
* scriptPath is Path to lamdaemon.pl on remote system
|
|
|
|
|
*/
|
|
|
|
|
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals, $status);
|
|
|
|
|
/* $vals is a string which contains a two dimensional array.
|
|
|
|
|
* We have to recreate it with explode
|
|
|
|
|
*
|
|
|
|
|
* $return->quota[][] First array is an index for every chare with active quotas
|
|
|
|
|
* second array Contains values for every share:
|
|
|
|
|
* mountpoint, used blocks, soft block limit, hard block limit, grace block period, used inodes,
|
|
|
|
|
* soft inode limit, hard inode limit, grace inode period
|
|
|
|
|
*/
|
2003-05-14 21:12:17 +00:00
|
|
|
|
$vals = explode(':', $vals[0]);
|
|
|
|
|
for ($i=0; $i<sizeof($vals); $i++) {
|
2003-05-07 16:53:03 +00:00
|
|
|
|
$vals2 = explode(',', $vals[$i]);
|
2003-05-14 21:12:17 +00:00
|
|
|
|
for ($j=0; $j<sizeof($vals2); $j++) {
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$return->quota[$i][$j] = $vals2[$j];
|
2003-05-07 16:53:03 +00:00
|
|
|
|
}
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($return->quota[$i][4]<$time) $return->quota[$i][4] = '';
|
2003-08-03 13:22:12 +00:00
|
|
|
|
else $return->quota[$i][4] = strval(($return->quota[$i][4]-$time)/3600) .' '. _('hours');
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($return->quota[$i][8]<$time) $return->quota[$i][8] = '';
|
2003-08-03 13:22:12 +00:00
|
|
|
|
else $return->quota[$i][8] = strval(($return->quota[$i][8]-$time)/3600) .' '. _('hours');
|
2003-05-07 16:53:03 +00:00
|
|
|
|
}
|
2003-06-01 10:02:44 +00:00
|
|
|
|
return $return;
|
2003-05-07 16:53:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
|
|
|
|
|
/* Whis function will set the quotas from the specified user.
|
|
|
|
|
* $values = object account with quotas which should be set
|
|
|
|
|
* $values_old = object account if set values and values_old will be compared. Quota will only be changed
|
|
|
|
|
* if values differ
|
|
|
|
|
*/
|
|
|
|
|
function setquotas($values,$values_old=false) {
|
|
|
|
|
// get username and password of the current lam-admin
|
2003-05-13 10:54:53 +00:00
|
|
|
|
$ldap_q = $_SESSION['ldap']->decrypt();
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* $towrite has the following syntax:
|
|
|
|
|
* admin-username, admin-password, account with quotas, 'quota', operation='set', type=user|group
|
|
|
|
|
*/
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$values->general_username.' quota set ';
|
2003-10-19 17:04:49 +00:00
|
|
|
|
if ($values->type=='user') $towrite = $towrite.'u ';
|
2003-05-13 10:54:53 +00:00
|
|
|
|
else $towrite = $towrite.'g ';
|
|
|
|
|
$i=0;
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* Check wich quotas have changed
|
|
|
|
|
* Because we can not send an array to lamdaemon.pl we have to put all
|
|
|
|
|
* values in a string. ':' sepraeates the first array, ',' the second
|
|
|
|
|
*
|
|
|
|
|
* $values->quota[][] First array is an index for every chare with active quotas
|
|
|
|
|
* second array Contains values for every share:
|
|
|
|
|
* mountpoint, used blocks, soft block limit, hard block limit, grace block period, used inodes,
|
|
|
|
|
* soft inode limit, hard inode limit, grace inode period
|
|
|
|
|
*/
|
2003-06-01 10:02:44 +00:00
|
|
|
|
while ($values->quota[$i][0]) {
|
|
|
|
|
if ($values->quota[$i] != $values_old->quota[$i]) {
|
|
|
|
|
$towrite = $towrite. $values->quota[$i][0] .','.$values->quota[$i][2] .','.$values->quota[$i][3]
|
|
|
|
|
.','.$values->quota[$i][6] .','. $values->quota[$i][7] .':';
|
2003-05-13 10:54:53 +00:00
|
|
|
|
}
|
2003-05-15 20:59:26 +00:00
|
|
|
|
$i++;
|
2003-05-13 10:54:53 +00:00
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
|
|
|
|
* scriptPath is Path to lamdaemon.pl on remote system
|
|
|
|
|
* only run lamdaemon.pl if quotas are really set, $i!=0
|
|
|
|
|
*/
|
|
|
|
|
if ($i!=0) exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
|
2003-05-13 10:54:53 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
|
|
|
|
|
/* Whis function will remove the quotas from the specified user.
|
|
|
|
|
* $user = username of which quta should be deleted
|
|
|
|
|
* $type = user or group
|
|
|
|
|
* Delteing quotas means settings all values to 0 which means no quotas
|
|
|
|
|
*/
|
|
|
|
|
function remquotas($user, $type) {
|
|
|
|
|
// get username and password of the current lam-admin
|
2003-05-15 20:59:26 +00:00
|
|
|
|
$ldap_q = $_SESSION['ldap']->decrypt();
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* $towrite has the following syntax:
|
|
|
|
|
* admin-username, admin-password, account with quotas, 'quota', operation='rem', type=user|group
|
|
|
|
|
*/
|
|
|
|
|
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota rem ';
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($type=='user') $towrite = $towrite.'u ';
|
2003-05-15 20:59:26 +00:00
|
|
|
|
else $towrite = $towrite.'g ';
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
|
|
|
|
* scriptPath is Path to lamdaemon.pl on remote system
|
|
|
|
|
*/
|
|
|
|
|
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
|
2003-05-15 20:59:26 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-05-13 10:54:53 +00:00
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* Create Homedirectory
|
|
|
|
|
* lamdaemon.pl uses getpwnam on remote system to get homedir path.
|
|
|
|
|
* Therefore ldap have to be used on remote system for user accounts
|
|
|
|
|
* $user = username
|
|
|
|
|
*/
|
|
|
|
|
function addhomedir($user) {
|
|
|
|
|
// get username and password of the current lam-admin
|
2003-05-13 10:54:53 +00:00
|
|
|
|
$ldap_q = $_SESSION['ldap']->decrypt();
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* $towrite has the following syntax:
|
|
|
|
|
* admin-username, admin-password, owner of homedir, 'home', operation='add'
|
|
|
|
|
*/
|
2003-05-16 20:06:12 +00:00
|
|
|
|
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home add';
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
|
|
|
|
* scriptPath is Path to lamdaemon.pl on remote system
|
|
|
|
|
*/
|
|
|
|
|
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
|
2003-05-13 10:54:53 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
|
|
|
|
|
/* Remove Homedirectory
|
|
|
|
|
* lamdaemon.pl uses getpwnam on remote system to get homedir path.
|
|
|
|
|
* Therefore ldap have to be used on remote system for user accounts
|
|
|
|
|
* This also means you have to remove the homedirectory before the
|
|
|
|
|
* account is removed from ldap
|
|
|
|
|
* $user = username
|
|
|
|
|
*/
|
|
|
|
|
function remhomedir($user) {
|
|
|
|
|
// get username and password of the current lam-admin
|
2003-05-13 10:54:53 +00:00
|
|
|
|
$ldap_q = $_SESSION['ldap']->decrypt();
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* $towrite has the following syntax:
|
|
|
|
|
* admin-username, admin-password, owner of homedir, 'home', operation='rem'
|
|
|
|
|
*/
|
2003-06-05 16:37:13 +00:00
|
|
|
|
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem';
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* scriptServer is the IP to remote-host to which lam should connect via ssh
|
|
|
|
|
* scriptPath is Path to lamdaemon.pl on remote system
|
|
|
|
|
*/
|
|
|
|
|
exec(("perl ".$_SESSION['lampath']."lib/lamdaemon.pl ".$_SESSION['config']->scriptServer ." ".$_SESSION['config']->scriptPath." ".$towrite), $vals);
|
2003-05-13 10:54:53 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
|
|
|
|
|
/* This function maintains the ldap-cache which is used to reduce ldap requests
|
|
|
|
|
* If the array is older than $_SESSION['config']->get_cacheTimeoutSec() it will
|
|
|
|
|
* be recreated
|
|
|
|
|
*
|
|
|
|
|
* $type can be user|group|host.
|
|
|
|
|
*
|
|
|
|
|
* $_SESSION['xxxxDN'] contains all attributes which are needed very often from
|
|
|
|
|
* more than one function
|
|
|
|
|
* $_SESSION['xxxx'DN'][0] contains the creation time of the array as unix timestamp.
|
|
|
|
|
* All other entries have the following syntax:
|
|
|
|
|
* $_SESSION['xxxx'DN'][$dn][$attributes]
|
|
|
|
|
* $dn = DN of cached entry
|
|
|
|
|
* $attributes = All cached attributes of DN
|
|
|
|
|
* The cache contains the following attributes:
|
|
|
|
|
* user: cn, uidNumber
|
|
|
|
|
* group: cn, gidNumber
|
|
|
|
|
* host: cn, uidNumber
|
|
|
|
|
*/
|
|
|
|
|
function ldapreload($type) {
|
2003-08-18 11:16:37 +00:00
|
|
|
|
switch ($type) {
|
|
|
|
|
case 'user':
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Do we have to recreate array?
|
2003-08-18 17:41:34 +00:00
|
|
|
|
if ((!isset($_SESSION['userDN'])) || ($_SESSION['userDN'][0] < time()-$_SESSION['config']->get_cacheTimeoutSec())) {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Remove old array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
if (isset($_SESSION['userDN'])) unset($_SESSION['userDN']);
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// insert timestamp in array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
$_SESSION['userDN'][0] = time();
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Search 4 values which should be cached
|
2003-08-18 11:16:37 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(),
|
2003-10-19 17:04:49 +00:00
|
|
|
|
'objectClass=posixAccount', array('cn', 'uidNumber'), 0);
|
|
|
|
|
// Write search result in array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
while ($entry) {
|
|
|
|
|
$dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
|
|
|
|
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
if (isset($attr['cn'][0]))
|
|
|
|
|
$_SESSION['userDN'][$dn]['cn'] = $attr['cn'][0];
|
|
|
|
|
if (isset($attr['uidNumber'][0]))
|
|
|
|
|
$_SESSION['userDN'][$dn]['uidNumber'] = $attr['uidNumber'][0];
|
|
|
|
|
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case 'group':
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Do we have to recreate array?
|
2003-08-18 17:41:34 +00:00
|
|
|
|
if ((!isset($_SESSION['groupDN'])) || ($_SESSION['groupDN'][0] < time()-$_SESSION['config']->get_cacheTimeoutSec())) {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Remove old array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
if (isset($_SESSION['groupDN'])) unset($_SESSION['groupDN']);
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// insert timestamp in array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
$_SESSION['groupDN'][0] = time();
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Search 4 values which should be cached
|
2003-08-18 11:16:37 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(),
|
2003-10-19 17:04:49 +00:00
|
|
|
|
'objectClass=posixGroup', array('gidNumber', 'cn'), 0);
|
|
|
|
|
// Write search result in array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
while ($entry) {
|
|
|
|
|
$dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
|
|
|
|
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
if (isset($attr['gidNumber'][0]))
|
2003-08-18 17:41:34 +00:00
|
|
|
|
$_SESSION['groupDN'][$dn]['uidNumber'] = $attr['gidNumber'][0];
|
2003-08-18 11:16:37 +00:00
|
|
|
|
if (isset($attr['cn'][0]))
|
|
|
|
|
$_SESSION['groupDN'][$dn]['cn'] = $attr['cn'][0];
|
|
|
|
|
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case 'host':
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Do we have to recreate array?
|
2003-08-18 17:41:34 +00:00
|
|
|
|
if ((!isset($_SESSION['hostDN'])) || ($_SESSION['hostDN'][0] < time()-$_SESSION['config']->get_cacheTimeoutSec())) {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Remove old array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
if (isset($_SESSION['hostDN'])) unset($_SESSION['hostDN']);
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// insert timestamp in array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
$_SESSION['hostDN'][0] = time();
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Search 4 values which should be cached
|
2003-08-18 11:16:37 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_HostSuffix(),
|
2003-10-19 17:04:49 +00:00
|
|
|
|
'objectClass=posixAccount', array('cn', 'uidNumber'), 0);
|
|
|
|
|
// Write search result in array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
while ($entry) {
|
|
|
|
|
$dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
|
|
|
|
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
if (isset($attr['cn'][0]))
|
|
|
|
|
$_SESSION['hostDN'][$dn]['cn'] = $attr['cn'][0];
|
|
|
|
|
if (isset($attr['uidNumber'][0]))
|
|
|
|
|
$_SESSION['hostDN'][$dn]['uidNumber'] = $attr['uidNumber'][0];
|
|
|
|
|
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* This function will search in cache if the DN already exists
|
|
|
|
|
* $values is an account-object
|
|
|
|
|
* $values_old is an account-object
|
|
|
|
|
* $values_old is needed because we don't want to raise
|
|
|
|
|
* an error if the DN allredy exists but is the original DN
|
|
|
|
|
*/
|
|
|
|
|
function ldapexists($values, $values_old=false) {
|
|
|
|
|
switch ($values->type) {
|
2003-05-16 20:00:45 +00:00
|
|
|
|
case 'user':
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Validate cache-array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
ldapreload('user');
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Entry which we search in ldap ',' is needed to ensure the complete username is checked
|
|
|
|
|
$search = 'uid='.$values->general_username.',';
|
|
|
|
|
// Get copy of cache-array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
$keys = array_keys($_SESSION['userDN']);
|
2003-05-16 20:00:45 +00:00
|
|
|
|
break;
|
|
|
|
|
case 'group':
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Validate cache-array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
ldapreload('group');
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Entry which we search in ldap ',' is needed to ensure the complete username is checked
|
|
|
|
|
$search = 'cn='.$values->general_username.',';
|
|
|
|
|
// Get copy of cache-array and
|
2003-08-18 11:16:37 +00:00
|
|
|
|
$keys = array_keys($_SESSION['groupDN']);
|
2003-05-16 20:00:45 +00:00
|
|
|
|
break;
|
|
|
|
|
case 'host':
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Validate cache-array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
ldapreload('host');
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Entry which we search in ldap ',' is needed to ensure the complete username is checked
|
|
|
|
|
$search = 'uid='.$values->general_username.',';
|
|
|
|
|
// Get copy of cache-array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
$keys = array_keys($_SESSION['hostDN']);
|
2003-05-16 20:00:45 +00:00
|
|
|
|
break;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Remove timestamp stored in [0]
|
|
|
|
|
unset ($keys[0]);
|
|
|
|
|
$keys = array_values($keys);
|
|
|
|
|
if (!$values_old) {
|
|
|
|
|
// Create new account
|
|
|
|
|
// Check if entry allready exists
|
|
|
|
|
foreach ($keys as $key)
|
|
|
|
|
if (strstr($key, $search)) return sprintf (_('%s already exists!'), $values->type);
|
|
|
|
|
}
|
|
|
|
|
// edit existing account and don't create a new one
|
|
|
|
|
else if ($values_old->general_username != $values->general_username) {
|
|
|
|
|
foreach ($keys as $key)
|
|
|
|
|
if (strstr($key, $search)) return sprintf (_('%s already exists!'), $values->type);
|
|
|
|
|
}
|
2003-04-23 15:47:00 +00:00
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* This function will return an array with all groupnames
|
|
|
|
|
* found in ldap. Groupnames are taken from cache-array.
|
|
|
|
|
*/
|
|
|
|
|
function findgroups() {
|
|
|
|
|
// Validate cache-array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
ldapreload('group');
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Get copy of cache-array
|
2003-08-18 18:46:33 +00:00
|
|
|
|
$groups = $_SESSION['groupDN'];
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Remove timestamp stored in [0]
|
2003-08-18 18:46:33 +00:00
|
|
|
|
unset ($groups[0]);
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Create and sort array
|
2003-08-18 18:46:33 +00:00
|
|
|
|
foreach ($groups as $group) {
|
|
|
|
|
$return[] = $group['cn'];
|
|
|
|
|
}
|
|
|
|
|
sort ($return, SORT_STRING);
|
|
|
|
|
return $return;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* This function will return the gidNumber to an existing groupname
|
|
|
|
|
* gidNumbers are taken from cache-array
|
|
|
|
|
*/
|
|
|
|
|
function getgid($groupname) {
|
|
|
|
|
// Validate cache-array
|
2003-08-18 11:16:37 +00:00
|
|
|
|
ldapreload('group');
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Get copy of cache-array
|
2003-08-18 18:46:33 +00:00
|
|
|
|
$keys = $_SESSION['groupDN'];
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Remove timestamp stored in [0]
|
2003-08-18 11:16:37 +00:00
|
|
|
|
unset ($keys[0]);
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Return gidNumber as soon as it's found
|
2003-08-18 18:46:33 +00:00
|
|
|
|
foreach ($keys as $key) {
|
|
|
|
|
if ($key['cn']==$groupname) return $key['uidNumber'];
|
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// return -1 if groupname isn't found
|
2003-07-10 12:25:29 +00:00
|
|
|
|
return -1;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* This function will return an unuesed id-number if $values->general_uidNumber is not set and $values_old is false
|
|
|
|
|
* If values_old is true and $values->general_uidNumber is not set the original id-number is returned
|
|
|
|
|
* If $values->general_uidNumber is set id-number is checked. If it's allready in use an error will be reported
|
|
|
|
|
* id-numbers are taken from cache-array
|
|
|
|
|
* $values and $values_old are account objects
|
|
|
|
|
* Return-Values is an integer id-number or an string-error
|
|
|
|
|
*/
|
|
|
|
|
function checkid($values, $values_old=false) {
|
|
|
|
|
switch ($values->type) {
|
2003-04-23 15:47:00 +00:00
|
|
|
|
case 'user':
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* Validate cache-array
|
|
|
|
|
* Because users and hosts are using the same id-numbers we have to merge
|
|
|
|
|
* both cache-arrays
|
|
|
|
|
*/
|
2003-09-12 07:16:23 +00:00
|
|
|
|
ldapreload('user');
|
2003-10-17 07:58:43 +00:00
|
|
|
|
ldapreload('host');
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Load all needed variables from session
|
2003-06-05 17:25:52 +00:00
|
|
|
|
$minID = intval($_SESSION['config']->get_minUID());
|
|
|
|
|
$maxID = intval($_SESSION['config']->get_maxUID());
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$suffix = $_SESSION['config']->get_UserSuffix();
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// load and merge arrays
|
|
|
|
|
|
|
|
|
|
$temp = $_SESSION['userDN'];
|
|
|
|
|
// Remove timestamp stored in [0]
|
|
|
|
|
unset ($temp[0]);
|
|
|
|
|
// put only uidNumbers in array
|
|
|
|
|
foreach ($temp as $key) $uids[] = $key['uidNumber'];
|
|
|
|
|
$temp = $_SESSION['hostDN'];
|
2003-04-23 15:47:00 +00:00
|
|
|
|
break;
|
|
|
|
|
case 'group':
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Validate cache-array
|
2003-09-12 07:16:23 +00:00
|
|
|
|
ldapreload('group');
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Load all needed variables from session
|
2003-06-05 17:25:52 +00:00
|
|
|
|
$minID = intval($_SESSION['config']->get_MinGID());
|
|
|
|
|
$maxID = intval($_SESSION['config']->get_MaxGID());
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$suffix = $_SESSION['config']->get_GroupSuffix();
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Get copy of cache-array
|
|
|
|
|
$temp = $_SESSION['groupDN'];
|
2003-04-23 15:47:00 +00:00
|
|
|
|
break;
|
|
|
|
|
case 'host':
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* Validate cache-array
|
|
|
|
|
* Because users and hosts are using the same id-numbers we have to merge
|
|
|
|
|
* both cache-arrays
|
|
|
|
|
*/
|
2003-10-17 07:58:43 +00:00
|
|
|
|
ldapreload('user');
|
2003-09-12 07:16:23 +00:00
|
|
|
|
ldapreload('host');
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Load all needed variables from session
|
|
|
|
|
$minID = intval($_SESSION['config']->get_minUID());
|
|
|
|
|
$maxID = intval($_SESSION['config']->get_maxUID());
|
|
|
|
|
$suffix = $_SESSION['config']->get_UserSuffix();
|
|
|
|
|
// load and merge arrays
|
|
|
|
|
|
|
|
|
|
$temp = $_SESSION['userDN'];
|
|
|
|
|
// Remove timestamp stored in [0]
|
|
|
|
|
unset ($temp[0]);
|
|
|
|
|
// put only uidNumbers in array
|
|
|
|
|
foreach ($temp as $key) $uids[] = $key['uidNumber'];
|
|
|
|
|
$temp = $_SESSION['hostDN'];
|
2003-04-23 15:47:00 +00:00
|
|
|
|
break;
|
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Remove timestamp stored in [0]
|
|
|
|
|
unset ($temp[0]);
|
|
|
|
|
// put only uidNumbers in array
|
|
|
|
|
foreach ($temp as $key) $uids[] = $key['uidNumber'];
|
|
|
|
|
// sort array with uids
|
|
|
|
|
if(is_array($uids)) sort ($uids, SORT_NUMERIC);
|
|
|
|
|
|
2003-09-11 16:55:57 +00:00
|
|
|
|
if ($values->general_uidNumber=='') {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// No id-number given
|
2003-09-12 07:16:23 +00:00
|
|
|
|
if (!isset($values_old->general_uidNumber)) {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// new account -> we have to find a free id-number
|
|
|
|
|
if (count($uids)!=0) {
|
|
|
|
|
// There are some uids
|
|
|
|
|
// Store highest id-number
|
|
|
|
|
$id = $uids[count($uids)-1];
|
|
|
|
|
// Return higesht used id-number + 1 if it's still in valid range
|
|
|
|
|
if ($id < $maxID) return intval($id)+1;
|
|
|
|
|
// Return minimum allowed id-number if all found id-numbers are too low
|
|
|
|
|
if ($id < $minID) return intval($minID);
|
|
|
|
|
/* If this function is still running we have to fid a free id-number between
|
|
|
|
|
* the used id-numbers
|
|
|
|
|
*/
|
2003-10-17 16:04:57 +00:00
|
|
|
|
$i = intval($minID);
|
2003-10-19 17:04:49 +00:00
|
|
|
|
while (in_array($i, $uids)) $i++;
|
2003-10-17 16:04:57 +00:00
|
|
|
|
if ($i>$maxID) return _('No free ID-Number!');
|
|
|
|
|
else return $i;
|
2003-05-20 21:12:15 +00:00
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
else return intval($minID);
|
|
|
|
|
// return minimum allowed id-number if no id-numbers are found
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
else return intval($values_old->general_uidNumber);
|
|
|
|
|
// old account -> return id-number which has been used
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
// Check manual ID
|
|
|
|
|
// id-number is out of valid range
|
|
|
|
|
if ( $values->general_uidNumber < $minID || $values->general_uidNumber > $maxID) return sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID);
|
|
|
|
|
// $uids is allways an array but not if no entries were found
|
|
|
|
|
if (is_array($uids)) {
|
|
|
|
|
// id-number is in use and account is a new account
|
|
|
|
|
if ((in_array($values->general_uidNumber, $uids)) && !$values_old) return _('ID is already in use');
|
|
|
|
|
// id-number is in use, account is existing account and id-number is not used by itself
|
|
|
|
|
if ((in_array($values->general_uidNumber, $uids)) && $values_old && ($values_old->general_uidNumber != $values->general_uidNumber) )
|
|
|
|
|
return _('ID is already in use');
|
2003-09-11 16:55:57 +00:00
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// return id-number if everything is OK
|
|
|
|
|
return intval($values->general_uidNumber);
|
2003-09-11 16:55:57 +00:00
|
|
|
|
}
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
|
|
|
|
|
// This function will return the days from 1.1.1970 until now
|
|
|
|
|
function getdays() {
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$days = time() / 86400;
|
|
|
|
|
settype($days, 'integer');
|
|
|
|
|
return $days;
|
|
|
|
|
}
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
|
|
|
|
|
/* This function creates all attributes stored in attrFlags. It's the same
|
|
|
|
|
* syntax used in smbpasswd
|
|
|
|
|
* $values is an account-object
|
|
|
|
|
* Return value is a string
|
|
|
|
|
*/
|
|
|
|
|
function smbflag($values) {
|
|
|
|
|
// Start character
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$flag = "[";
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Add Options
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($values->smb_flagsW) $flag = $flag . "W"; else $flag = $flag . "U";
|
|
|
|
|
if ($values->smb_flagsD) $flag = $flag . "D";
|
|
|
|
|
if ($values->smb_flagsX) $flag = $flag . "X";
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Expand string to fixed length
|
2003-05-18 09:45:56 +00:00
|
|
|
|
$flag = str_pad($flag, 12);
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// End character
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$flag = $flag. "]";
|
|
|
|
|
return $flag;
|
|
|
|
|
}
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
|
|
|
|
|
/* This function will load all needed values from an existing account
|
|
|
|
|
* $dn is the dn(string) of the user which should be loaded
|
|
|
|
|
* return-value is an account-object
|
|
|
|
|
*/
|
|
|
|
|
function loaduser($dn) {
|
|
|
|
|
// Create new object
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$return = new account();
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Set type of account
|
2003-09-18 13:54:02 +00:00
|
|
|
|
$return->type='user';
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Load userattributes from ldap
|
2003-05-02 15:32:44 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
2003-06-28 13:14:45 +00:00
|
|
|
|
$return->general_dn = ldap_get_dn($_SESSION['ldap']->server(), $entry);
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* Write attributes into $return.
|
|
|
|
|
* Some values don't have to be set. These are only loaded if they are set
|
|
|
|
|
*/
|
|
|
|
|
$return->general_username = $attr['uid'][0];
|
|
|
|
|
$return->general_uidNumber = $attr['uidNumber'][0];
|
|
|
|
|
$return->general_homedir = $attr['homeDirectory'][0];
|
2003-07-14 12:27:52 +00:00
|
|
|
|
if (isset($attr['shadowLastChange'][0])) $return->unix_shadowLastChange = $attr['shadowLastChange'][0];
|
|
|
|
|
if (isset($attr['loginShell'][0])) $return->general_shell = $attr['loginShell'][0];
|
2003-10-19 17:04:49 +00:00
|
|
|
|
if (isset($attr['gecos'][0])) $return->general_gecos = utf8_decode($attr['gecos'][0]);
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
|
|
|
|
// get groupname
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Validate cache-array
|
|
|
|
|
ldapreload('group');
|
|
|
|
|
// Get copy of cache-array
|
|
|
|
|
$groupDN_local = $_SESSION['groupDN'];
|
|
|
|
|
// Remove timestamp stored in [0]
|
|
|
|
|
unset ($groupDN_local[0]);
|
|
|
|
|
// Now we only have an array with DNs
|
|
|
|
|
$groupDN_local = array_keys($groupDN_local);
|
|
|
|
|
$i=0;
|
|
|
|
|
// Loop until we've found the right uidNumber
|
|
|
|
|
while (!isset($return->general_group) && isset($_SESSION['groupDN'][$groupDN_local[$i]]['uidNumber'])) {
|
|
|
|
|
if ($_SESSION['groupDN'][$groupDN_local[$i]]['uidNumber'] == $attr['gidNumber'][0]) {
|
|
|
|
|
// We've found the correct entry. Now we need the groupname
|
|
|
|
|
// Get end position (',')
|
|
|
|
|
$end = strpos($groupDN_local[$i], ',');
|
|
|
|
|
// start position is allways 3 (cn=...)
|
|
|
|
|
// Get groupname from dn
|
|
|
|
|
$return->general_group = substr($groupDN_local[$i], 3, $end-3);
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Increase loop-variable if entry wasn't found
|
|
|
|
|
else $i++;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
|
|
|
|
// get all additional groupmemberships
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// load all groups which have memberUid set to the username which should be loaded
|
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), "memberUid=".$attr['uid'][0], array('cn'));
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// loop for every group
|
2003-04-23 15:47:00 +00:00
|
|
|
|
while ($entry) {
|
|
|
|
|
$attr2 = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// Add groupnames to array
|
|
|
|
|
if ($attr2['cn'][0]!=$return->general_group) $return->general_groupadd[]=$attr2['cn'][0];
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* Write attributes into $return.
|
|
|
|
|
* Some values don't have to be set. These are only loaded if they are set
|
|
|
|
|
*/
|
2003-07-14 12:27:52 +00:00
|
|
|
|
if (isset($attr['shadowMin'][0])) $return->unix_pwdminage = $attr['shadowMin'][0];
|
|
|
|
|
if (isset($attr['shadowMax'][0])) $return->unix_pwdmaxage = $attr['shadowMax'][0];
|
|
|
|
|
if (isset($attr['shadowWarning'][0])) $return->unix_pwdwarn = $attr['shadowWarning'][0];
|
|
|
|
|
if (isset($attr['shadowInactive'][0])) $return->unix_pwdallowlogin = $attr['shadowInactive'][0];
|
|
|
|
|
if (isset($attr['shadowExpire'][0])) $return->unix_pwdexpire = $attr['shadowExpire'][0]*86400;
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// load hosts attributes if set
|
2003-08-11 12:40:06 +00:00
|
|
|
|
$i=0;
|
|
|
|
|
while (isset($attr['host'][$i])) {
|
|
|
|
|
if ($i==0) $return->unix_host = $attr['host'][$i];
|
|
|
|
|
else $return->unix_host = $return->unix_host . ', ' . $attr['host'][$i];
|
|
|
|
|
$i++;
|
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// load objectclasses
|
|
|
|
|
$i=0;
|
2003-08-12 19:45:24 +00:00
|
|
|
|
while (isset($attr['objectClass'][$i])) {
|
|
|
|
|
$return->general_objectClass[$i] = $attr['objectClass'][$i];
|
|
|
|
|
$i++;
|
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
|
|
|
|
// load personal settings
|
|
|
|
|
if (isset($attr['givenName'][0])) $return->general_givenname = utf8_decode($attr['givenName'][0]);
|
|
|
|
|
if (isset($attr['sn'][0])) $return->general_surname = utf8_decode($attr['sn'][0]);
|
|
|
|
|
if (isset($attr['title'][0])) $return->personal_title = utf8_decode($attr['title'][0]);
|
|
|
|
|
if (isset($attr['mail'][0])) $return->personal_mail = utf8_decode($attr['mail'][0]);
|
|
|
|
|
if (isset($attr['telephoneNumber'][0])) $return->personal_telephoneNumber = utf8_decode($attr['telephoneNumber'][0]);
|
|
|
|
|
if (isset($attr['mobilemobileTelephoneNumber'][0])) $return->personal_mobileTelephoneNumber = utf8_decode($attr['mobilemobileTelephoneNumber'][0]);
|
|
|
|
|
else if (isset($attr['mobile'][0])) $return->personal_mobileTelephoneNumber = utf8_decode($attr['mobile'][0]);
|
|
|
|
|
if (isset($attr['facsimileTelephoneNumber'][0])) $return->personal_facsimileTelephoneNumber = utf8_decode($attr['facsimileTelephoneNumber'][0]);
|
|
|
|
|
if (isset($attr['street'][0])) $return->personal_street = utf8_decode($attr['street'][0]);
|
|
|
|
|
if (isset($attr['postalCode'][0])) $return->personal_postalCode = utf8_decode($attr['postalCode'][0]);
|
|
|
|
|
if (isset($attr['postalAddress'][0])) $return->personal_postalAddress = utf8_decode($attr['postalAddress'][0]);
|
|
|
|
|
if (isset($attr['employeeType'][0])) $return->personal_employeeType = utf8_decode($attr['employeeType'][0]);
|
|
|
|
|
|
2003-10-17 16:04:57 +00:00
|
|
|
|
if (isset($attr['userPassword'][0])) {
|
|
|
|
|
$return->unix_password = $attr['userPassword'][0];
|
2003-10-19 17:04:49 +00:00
|
|
|
|
$return->unix_deactivated=pwd_is_enabled($attr['userPassword'][0]);
|
2003-10-17 16:04:57 +00:00
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// sambaSamAccount (Samba3) is used.
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if (in_array('sambaSamAccount', $attr['objectClass'])) {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
/* Write attributes into $return.
|
|
|
|
|
* Some values don't have to be set. These are only loaded if they are set
|
|
|
|
|
*/
|
2003-07-14 12:27:52 +00:00
|
|
|
|
if (isset($attr['sambaAcctFlags'][0])) {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// a user is no workstation
|
|
|
|
|
$return->smb_flagsW=false;
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if (strrpos($attr['sambaAcctFlags'][0], 'D')) $return->smb_flagsD=true;
|
|
|
|
|
if (strrpos($attr['sambaAcctFlags'][0], 'X')) $return->smb_flagsX=true;
|
|
|
|
|
}
|
2003-07-14 12:27:52 +00:00
|
|
|
|
if (isset($attr['sambaPwdCanChange'][0])) $return->smb_pwdcanchange = $attr['sambaPwdCanChange'][0];
|
|
|
|
|
if (isset($attr['sambaPwdMustChange'][0])) $return->smb_pwdmustchange = $attr['sambaPwdMustChange'][0];
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if (isset($attr['sambaHomePath'][0])) $return->smb_smbhome = utf8_decode($attr['sambaHomePath'][0]);
|
2003-07-14 12:27:52 +00:00
|
|
|
|
if (isset($attr['sambaHomeDrive'][0])) $return->smb_homedrive = $attr['sambaHomeDrive'][0];
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if (isset($attr['sambaLogonScript'][0])) $return->smb_scriptPath = utf8_decode($attr['sambaLogonScript'][0]);
|
2003-07-14 12:27:52 +00:00
|
|
|
|
if (isset($attr['sambaProfilePath'][0])) $return->smb_profilePath = $attr['sambaProfilePath'][0];
|
|
|
|
|
if (isset($attr['sambaUserWorkstations'][0])) $return->smb_smbuserworkstations = $attr['sambaUserWorkstations'][0];
|
|
|
|
|
if (isset($attr['sambaDomainName'][0])) $return->smb_domain = $attr['sambaDomainName'][0];
|
|
|
|
|
if (isset($attr['sambaNTPassword'][0])) $return->smb_password = $attr['sambaNTPassword'][0];
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if (isset($attr['sambaDomainName'][0])) {
|
|
|
|
|
if ($_SESSION['config']->samba3=='yes') {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// store smb_domain as samba3domain-Object
|
2003-09-18 13:54:02 +00:00
|
|
|
|
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
|
2003-10-17 07:58:43 +00:00
|
|
|
|
$i=0;
|
|
|
|
|
while ($i!=-1) {
|
|
|
|
|
if ($attr['sambaDomainName'][0] == $samba3domains[$i]->name) {
|
|
|
|
|
$return->smb_domain = $samba3domains[$i];
|
|
|
|
|
$i = -1;
|
|
|
|
|
}
|
|
|
|
|
else $i++;
|
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// store smb_domain as string
|
|
|
|
|
else $return->smb_domain = $attr['sambaDomainName'];
|
2003-09-18 13:54:02 +00:00
|
|
|
|
}
|
|
|
|
|
if (isset($attr['sambaPrimaryGroupSID'][0])) {
|
|
|
|
|
if ($_SESSION['config']->samba3=='yes')
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// store "real" SID if we want to save user as samba3 entry
|
2003-09-18 13:54:02 +00:00
|
|
|
|
$return->smb_mapgroup = $attr['sambaPrimaryGroupSID'][0];
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// store "calculated" id if we want to save user as samba2.2 entry
|
2003-09-18 13:54:02 +00:00
|
|
|
|
else $return->smb_mapgroup = 2*$attr['gidNumber'][0]+1001;
|
|
|
|
|
}
|
|
|
|
|
// return value to prevent loaded values to be overwritten from old samba 2.2 attributes
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if ($_SESSION['config']->is_samba3()) return $return;
|
2003-06-26 16:26:06 +00:00
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// sambaSamAccount (Samba2.2) is used.
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if (in_array('sambaAccount', $attr['objectClass'])) {
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if (isset($attr['acctFlags'][0])) {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
$return->smb_flagsW=false;
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if (strrpos($attr['acctFlags'][0], 'D')) $return->smb_flagsD=true;
|
|
|
|
|
if (strrpos($attr['acctFlags'][0], 'X')) $return->smb_flagsX=true;
|
2003-06-26 16:26:06 +00:00
|
|
|
|
}
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if (isset($attr['ntPassword'][0])) $return->smb_password = $attr['ntPassword'][0];
|
|
|
|
|
if (isset($attr['smbHome'][0])) $return->smb_smbhome = utf8_decode($attr['smbHome'][0]);
|
|
|
|
|
if (isset($attr['pwdCanChange'][0])) $return->smb_pwdcanchange = $attr['pwdCanChange'][0];
|
|
|
|
|
if (isset($attr['pwdMustChange'][0])) $return->smb_pwdmustchange = $attr['pwdMustChange'][0];
|
|
|
|
|
if (isset($attr['homeDrive'][0])) $return->smb_homedrive = $attr['homeDrive'][0];
|
|
|
|
|
if (isset($attr['scriptPath'][0])) $return->smb_scriptPath = utf8_decode($attr['scriptPath'][0]);
|
|
|
|
|
if (isset($attr['profilePath'][0])) $return->smb_profilePath = $attr['profilePath'][0];
|
|
|
|
|
if (isset($attr['userWorkstations'][0])) $return->smb_smbuserworkstations = $attr['userWorkstations'][0];
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if (isset($attr['domain'][0])) {
|
|
|
|
|
if ($_SESSION['config']->samba3=='yes') {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// store smb_domain as samba3domain-Object
|
2003-09-18 13:54:02 +00:00
|
|
|
|
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
|
|
|
|
|
for ($i=0; $i<sizeof($samba3domains); $i++)
|
|
|
|
|
if ($attr['domain'][0] == $samba3domains[$i]->name) $return->smb_domain = $samba3domains[$i];
|
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// store smb_domain as string
|
2003-09-18 13:54:02 +00:00
|
|
|
|
else $return->smb_domain = $attr['domain'][0];
|
|
|
|
|
}
|
|
|
|
|
if (isset($attr['primaryGroupID'][0])) {
|
|
|
|
|
if ($_SESSION['config']->samba3=='yes')
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// store "real" SID if we want to save user as samba3 entry
|
2003-09-18 13:54:02 +00:00
|
|
|
|
$return->smb_mapgroup = $return->smb_domain->SID. '-' . (2*$attr['primaryGroupID'][0]+1);
|
2003-10-19 17:04:49 +00:00
|
|
|
|
// store "calculated" id if we want to save user as samba2.2 entry
|
2003-09-18 13:54:02 +00:00
|
|
|
|
else $return->smb_mapgroup = $attr['primaryGroupID'][0];
|
2003-06-05 11:36:54 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
2003-06-01 10:02:44 +00:00
|
|
|
|
return $return;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-10-19 17:04:49 +00:00
|
|
|
|
|
|
|
|
|
|
2003-04-23 15:47:00 +00:00
|
|
|
|
function loadhost($dn) { // Will load all needed values from an existing account
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$return = new account();
|
2003-09-17 16:57:01 +00:00
|
|
|
|
$return->type='host';
|
2003-05-02 15:32:44 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
2003-06-03 14:01:39 +00:00
|
|
|
|
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
2003-08-12 19:45:24 +00:00
|
|
|
|
$i=0;
|
|
|
|
|
while (isset($attr['objectClass'][$i])) {
|
|
|
|
|
$return->general_objectClass[$i] = $attr['objectClass'][$i];
|
|
|
|
|
$i++;
|
|
|
|
|
}
|
2003-07-14 12:27:52 +00:00
|
|
|
|
if (isset($attr['uid'][0])) $return->general_username = $attr['uid'][0];
|
|
|
|
|
if (isset($attr['uidNumber'][0])) $return->general_uidNumber = $attr['uidNumber'][0];
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if (isset($attr['gecos'][0])) $return->general_gecos = utf8_decode($attr['gecos'][0]);
|
2003-09-17 16:57:01 +00:00
|
|
|
|
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
|
2003-10-17 16:04:57 +00:00
|
|
|
|
if (isset($attr['userPassword'][0])) {
|
|
|
|
|
$return->unix_password = $attr['userPassword'][0];
|
2003-10-19 17:04:49 +00:00
|
|
|
|
$return->unix_deactivated=pwd_is_enabled($attr['userPassword'][0]);
|
2003-10-17 16:04:57 +00:00
|
|
|
|
}
|
2003-09-17 16:57:01 +00:00
|
|
|
|
|
|
|
|
|
// Get Groupname
|
2003-07-14 12:27:52 +00:00
|
|
|
|
if (isset($attr['gidNumber'][0])) {
|
2003-06-07 14:25:30 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), "objectclass=PosixGroup", array('gidNumber', 'cn'));
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
while ($entry) {
|
|
|
|
|
$attr2 = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($attr2['gidNumber'][0]==$attr['gidNumber'][0]) $return->general_group = $attr2['cn'][0];
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
}
|
|
|
|
|
}
|
2003-08-14 12:49:11 +00:00
|
|
|
|
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
|
|
|
|
|
|
2003-09-17 16:57:01 +00:00
|
|
|
|
// load samba3 attributes
|
|
|
|
|
if (in_array('sambaSamAccount', $attr['objectClass'])) {
|
2003-07-14 12:27:52 +00:00
|
|
|
|
if (isset($attr['sambaAcctFlags'][0])) {
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if (strrpos($attr['sambaAcctFlags'][0], 'W')) $return->smb_flagsW=true;
|
|
|
|
|
if (strrpos($attr['sambaAcctFlags'][0], 'D')) $return->smb_flagsD=true;
|
|
|
|
|
if (strrpos($attr['sambaAcctFlags'][0], 'X')) $return->smb_flagsX=true;
|
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if (isset($attr['sambaDomainName'][0])) {
|
|
|
|
|
if ($_SESSION['config']->samba3=='yes') {
|
|
|
|
|
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
|
|
|
|
|
for ($i=0; $i<sizeof($samba3domains); $i++)
|
|
|
|
|
if ($attr['sambaDomainName'][0] == $samba3domains[$i]->name) $return->smb_domain = $samba3domains[$i];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$return->smb_domain = $attr['sambaDomainName'];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (isset($attr['sambaPrimaryGroupSID'][0])) {
|
|
|
|
|
if ($_SESSION['config']->samba3=='yes')
|
|
|
|
|
$return->smb_mapgroup = $attr['sambaPrimaryGroupSID'][0];
|
|
|
|
|
else $return->smb_mapgroup = 2*$attr['gidNumber'][0]+1001;
|
2003-09-17 16:57:01 +00:00
|
|
|
|
}
|
|
|
|
|
// return value to prevent loaded values to be overwritten from old samba 2.2 attributes
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if ($_SESSION['config']->is_samba3()) return $return;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
2003-09-17 16:57:01 +00:00
|
|
|
|
// load samba 2.2 attributes
|
|
|
|
|
if (in_array('sambaAccount', $attr['objectClass'])) {
|
|
|
|
|
if (isset($attr['acctFlags'][0])) {
|
|
|
|
|
if (strrpos($attr['acctFlags'][0], 'W')) $return->smb_flagsW=true;
|
|
|
|
|
if (strrpos($attr['acctFlags'][0], 'D')) $return->smb_flagsD=true;
|
|
|
|
|
if (strrpos($attr['acctFlags'][0], 'X')) $return->smb_flagsX=true;
|
2003-06-26 16:26:06 +00:00
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if (isset($attr['domain'][0])) {
|
|
|
|
|
if ($_SESSION['config']->samba3=='yes') {
|
|
|
|
|
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
|
|
|
|
|
for ($i=0; $i<sizeof($samba3domains); $i++)
|
|
|
|
|
if ($attr['domain'][0] == $samba3domains[$i]->name) $return->smb_domain = $samba3domains[$i];
|
|
|
|
|
}
|
|
|
|
|
else $return->smb_domain = $attr['domain'][0];
|
|
|
|
|
}
|
|
|
|
|
if (isset($attr['primaryGroupID'][0])) {
|
|
|
|
|
if ($_SESSION['config']->samba3=='yes')
|
|
|
|
|
$return->smb_mapgroup = $return->smb_domain->SID. '-' . (2*$attr['primaryGroupID'][0]+1);
|
|
|
|
|
else $return->smb_mapgroup = $attr['primaryGroupID'][0];
|
|
|
|
|
}
|
2003-09-17 16:57:01 +00:00
|
|
|
|
}
|
2003-06-01 10:02:44 +00:00
|
|
|
|
return $return;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function loadgroup($dn) { // Will load all needed values from an existing group
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$return = new account();
|
2003-05-02 15:32:44 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixGroup");
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
2003-06-03 14:01:39 +00:00
|
|
|
|
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
2003-09-16 12:44:28 +00:00
|
|
|
|
// Load values into account object
|
2003-08-12 19:45:24 +00:00
|
|
|
|
$i=0;
|
|
|
|
|
while (isset($attr['objectClass'][$i])) {
|
|
|
|
|
$return->general_objectClass[$i] = $attr['objectClass'][$i];
|
|
|
|
|
$i++;
|
|
|
|
|
}
|
2003-09-01 16:04:43 +00:00
|
|
|
|
$i=0;
|
|
|
|
|
while (isset($attr['memberUid'][$i])) {
|
2003-09-11 16:55:57 +00:00
|
|
|
|
$return->unix_memberUid[$i] = $attr['memberUid'][$i];
|
2003-09-01 16:04:43 +00:00
|
|
|
|
$i++;
|
|
|
|
|
}
|
2003-07-14 12:27:52 +00:00
|
|
|
|
if (isset($attr['gidNumber'][0])) $return->general_uidNumber = $attr['gidNumber'][0];
|
2003-09-16 12:44:28 +00:00
|
|
|
|
if (isset($attr['description'][0])) $return->general_gecos = utf8_decode($attr['description'][0]);
|
2003-09-19 10:03:00 +00:00
|
|
|
|
if (isset($attr['cn'][0])) $return->general_username = $attr['cn'][0];
|
2003-09-16 12:44:28 +00:00
|
|
|
|
if (isset($attr['sambaSID'][0])) { // Samba3 Samba 2.0 don't have any objects 4 groups
|
2003-08-12 19:45:24 +00:00
|
|
|
|
$return->smb_mapgroup = $attr['sambaSID'][0];
|
2003-09-16 12:44:28 +00:00
|
|
|
|
if (isset($attr['displayName'][0])) $return->smb_displayName = utf8_decode($attr['displayName'][0]);
|
|
|
|
|
// extract SID from sambaSID to find domain
|
2003-08-12 19:45:24 +00:00
|
|
|
|
$temp = explode('-', $attr['sambaSID'][0]);
|
|
|
|
|
$SID = $temp[0].'-'.$temp[1].'-'.$temp[2].'-'.$temp[3].'-'.$temp[4].'-'.$temp[5].'-'.$temp[6];
|
|
|
|
|
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
|
|
|
|
|
for ($i=0; $i<sizeof($samba3domains); $i++)
|
|
|
|
|
if ($SID == $samba3domains[$i]->SID) $return->smb_domain = $samba3domains[$i];
|
|
|
|
|
}
|
2003-08-16 09:38:17 +00:00
|
|
|
|
$return->type='group';
|
2003-06-01 10:02:44 +00:00
|
|
|
|
return $return;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-06-01 10:02:44 +00:00
|
|
|
|
function createuser($values) { // Will create the LDAP-Account
|
2003-08-18 18:46:33 +00:00
|
|
|
|
// 2 == Account already exists at different location
|
2003-04-23 15:47:00 +00:00
|
|
|
|
// 1 == Account has been created
|
|
|
|
|
// 4 == Error while creating Account
|
2003-06-01 10:02:44 +00:00
|
|
|
|
// values stored in shadowExpire, days since 1.1.1970
|
2003-07-11 14:42:28 +00:00
|
|
|
|
if ($values->unix_pwdexpire) {
|
|
|
|
|
$date = $values->unix_pwdexpire / 86400 ;
|
2003-06-21 12:37:57 +00:00
|
|
|
|
settype($date, 'integer');
|
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
2003-06-15 19:28:15 +00:00
|
|
|
|
// decrypt password
|
2003-06-15 20:02:33 +00:00
|
|
|
|
$iv = base64_decode($_COOKIE["IV"]);
|
|
|
|
|
$key = base64_decode($_COOKIE["Key"]);
|
|
|
|
|
if ($values->unix_password != '') {
|
|
|
|
|
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
|
|
|
|
|
$values->unix_password = str_replace(chr(00), '', $values->unix_password);
|
|
|
|
|
}
|
|
|
|
|
if ($values->smb_password != '') {
|
|
|
|
|
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
|
|
|
|
|
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
|
|
|
|
|
}
|
2003-04-23 15:47:00 +00:00
|
|
|
|
|
|
|
|
|
// All Values need for an user-account
|
|
|
|
|
// General Objectclasses
|
2003-05-17 11:19:03 +00:00
|
|
|
|
$attr['objectClass'][0] = 'posixAccount';
|
|
|
|
|
$attr['objectClass'][1] = 'shadowAccount';
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if ($_SESSION['config']->is_samba3()) {
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$attr['objectClass'][2] = 'sambaSamAccount';
|
|
|
|
|
if ($values->smb_password_no) {
|
|
|
|
|
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
|
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
else {
|
2003-09-28 13:30:31 +00:00
|
|
|
|
if (file_exists($_SESSION['lampath'].'lib/createntlm.pl')) { // masscreate.php is at a different relative path
|
2003-10-19 17:04:49 +00:00
|
|
|
|
$attr['sambaNTPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
|
|
|
|
|
$attr['sambaLMPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
|
2003-09-20 07:59:19 +00:00
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
|
|
|
|
|
}
|
2003-08-10 19:46:21 +00:00
|
|
|
|
$attr['sambaSID'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
|
2003-09-20 07:59:19 +00:00
|
|
|
|
if ($values->smb_mapgroup!='') $attr['sambaPrimaryGroupSID'] = $values->smb_mapgroup; // sambaAccount_req
|
2003-08-19 17:19:41 +00:00
|
|
|
|
if ($values->smb_pwdcanchange!='') $attr['sambaPwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
|
|
|
|
|
else $attr['sambaPwdCanChange'] = time(); // sambaAccount_may
|
2003-08-19 17:22:44 +00:00
|
|
|
|
if ($values->smb_pwdmustchange!='') $attr['sambaPwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
|
|
|
|
|
else $attr['sambaPwdMustChange'] = time() + 1000000000; // sambaAccount_may
|
2003-10-17 07:58:43 +00:00
|
|
|
|
$attr['sambaAcctFlags'] = smbflag($values); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if ($values->smb_smbhome!='') $attr['sambaHomePath'] = utf8_encode($values->smb_smbhome); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if ($values->smb_homedrive!='') $attr['sambaHomeDrive'] = $values->smb_homedrive; // sambaAccount_may
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if ($values->smb_scriptPath!='') $attr['sambaLogonScript'] = utf8_encode($values->smb_scriptPath); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if ($values->smb_profilePath!='') $attr['sambaProfilePath'] = $values->smb_profilePath; // sambaAccount_may
|
|
|
|
|
if ($values->smb_smbuserworkstations!='') $attr['sambaUserWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
|
2003-08-10 19:46:21 +00:00
|
|
|
|
if ($values->smb_domain!='') $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
else {
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$attr['objectClass'][2] = 'sambaAccount';
|
|
|
|
|
if ($values->smb_password_no) {
|
|
|
|
|
$attr['ntPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['lmPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['pwdLastSet'] = time(); // sambaAccount_may
|
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
else {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
$attr['ntPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
|
|
|
|
|
$attr['lmPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
|
2003-09-18 13:54:02 +00:00
|
|
|
|
$attr['pwdLastSet'] = time(); // sambaAccount_may
|
|
|
|
|
}
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
|
2003-08-16 09:38:17 +00:00
|
|
|
|
$attr['primaryGroupID'] = $values->smb_mapgroup; // sambaAccount_req
|
2003-08-19 17:19:41 +00:00
|
|
|
|
if ($values->smb_pwdcanchange!='') $attr['pwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
|
|
|
|
|
else $attr['pwdCanChange'] = time(); // sambaAccount_may
|
|
|
|
|
if ($values->smb_pwdmustchange!='') $attr['pwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
|
|
|
|
|
else $attr['pwdMustChange'] = time() + 1000000000; // sambaAccount_may
|
2003-07-11 14:42:28 +00:00
|
|
|
|
$attr['pwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
|
2003-10-17 09:30:13 +00:00
|
|
|
|
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if ($values->smb_smbhome!='') $attr['smbHome'] = utf8_encode($values->smb_smbhome); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if ($values->smb_homedrive!='') $attr['homeDrive'] = $values->smb_homedrive; // sambaAccount_may
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if ($values->smb_scriptPath!='') $attr['scriptPath'] = utf8_encode($values->smb_scriptPath); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if ($values->smb_profilePath!='') $attr['profilePath'] = $values->smb_profilePath; // sambaAccount_may
|
|
|
|
|
if ($values->smb_smbuserworkstations!='') $attr['userWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
|
|
|
|
|
if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
|
|
|
|
|
}
|
2003-05-17 11:19:03 +00:00
|
|
|
|
$attr['objectClass'][3] = 'inetOrgPerson';
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
|
|
|
|
|
$attr['uid'] = $values->general_username; // posixAccount_req
|
|
|
|
|
$attr['uidNumber'] = $values->general_uidNumber; // posixAccount_req
|
|
|
|
|
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
|
|
|
|
|
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
|
2003-08-14 14:40:01 +00:00
|
|
|
|
if ($values->personal_title!='') $attr['title'] = utf8_encode($values->personal_title);
|
|
|
|
|
if ($values->personal_mail!='') $attr['mail'] = utf8_encode($values->personal_mail);
|
|
|
|
|
if ($values->personal_telephoneNumber!='') $attr['telephoneNumber'] = utf8_encode($values->personal_telephoneNumber);
|
|
|
|
|
if ($values->personal_mobileTelephoneNumber!='') $attr['mobilemobileTelephoneNumber'] = utf8_encode($values->personal_mobileTelephoneNumber);
|
|
|
|
|
if ($values->personal_facsimileTelephoneNumber!='') $attr['facsimileTelephoneNumber'] = utf8_encode($values->personal_facsimileTelephoneNumber);
|
|
|
|
|
if ($values->personal_street!='') $attr['street'] = utf8_encode($values->personal_street);
|
|
|
|
|
if ($values->personal_postalCode!='') $attr['postalCode'] = utf8_encode($values->personal_postalCode);
|
|
|
|
|
if ($values->personal_postalAddress!='') $attr['postalAddress'] = utf8_encode($values->personal_postalAddress);
|
|
|
|
|
if ($values->personal_employeeType!='') $attr['employeeType'] = utf8_encode($values->personal_employeeType);
|
2003-04-23 15:47:00 +00:00
|
|
|
|
// posixAccount_may shadowAccount_may
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($values->unix_password_no) $values->unix_password = '';
|
2003-10-05 10:38:31 +00:00
|
|
|
|
if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash($values->unix_password, false);
|
2003-10-17 07:58:43 +00:00
|
|
|
|
else $attr['userPassword'] = pwd_hash($values->unix_password);
|
2003-05-20 21:12:15 +00:00
|
|
|
|
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$attr['loginShell'] = $values->general_shell; // posixAccount_may
|
2003-09-25 14:14:59 +00:00
|
|
|
|
$attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos)); // posixAccount_may
|
2003-09-18 13:54:02 +00:00
|
|
|
|
$attr['description'] = utf8_encode($values->general_gecos); // posixAccount_may sambaAccount_may
|
|
|
|
|
$attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
|
2003-04-23 15:47:00 +00:00
|
|
|
|
|
2003-08-11 12:40:06 +00:00
|
|
|
|
$values->unix_host = str_replace(' ', '', $values->unix_host);
|
|
|
|
|
$hosts = explode (',', $values->unix_host);
|
|
|
|
|
$i=0;
|
|
|
|
|
while(isset($hosts[$i])) {
|
2003-08-12 19:45:24 +00:00
|
|
|
|
if ($hosts[$i]!='') $attr['host'][$i] = $hosts[$i];
|
2003-08-11 12:40:06 +00:00
|
|
|
|
$i++;
|
|
|
|
|
}
|
2003-06-21 12:37:57 +00:00
|
|
|
|
if ($values->unix_pwdminage!='') $attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
|
|
|
|
|
if ($values->unix_pwdmaxage!='') $attr['shadowMax'] = $values->unix_pwdmaxage; // shadowAccount_may
|
|
|
|
|
if ($values->unix_pwdwarn!='') $attr['shadowWarning'] = $values->unix_pwdwarn; // shadowAccount_may
|
|
|
|
|
if ($values->unix_pwdallowlogin!='') $attr['shadowInactive'] = $values->unix_pwdallowlogin; // shadowAccount_may
|
|
|
|
|
if ($date) $attr['shadowExpire'] = $date ; // shadowAccount_may
|
2003-04-23 15:47:00 +00:00
|
|
|
|
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if ($values->general_givenname!='') $attr['givenName'] = utf8_encode($values->general_givenname);
|
|
|
|
|
if ($values->general_surname!='') $attr['sn'] = utf8_encode($values->general_surname);
|
2003-04-23 15:47:00 +00:00
|
|
|
|
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
2003-05-20 21:12:15 +00:00
|
|
|
|
if (!$success) return 4;
|
|
|
|
|
if ($_SESSION['config']->scriptServer) {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
if (is_array($values->quota)) setquotas($values);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
addhomedir($values->general_username);
|
2003-05-20 21:12:15 +00:00
|
|
|
|
}
|
|
|
|
|
// Add User to Additional Groups
|
2003-06-08 19:08:29 +00:00
|
|
|
|
if ($values->general_groupadd[0])
|
2003-06-01 10:02:44 +00:00
|
|
|
|
foreach ($values->general_groupadd as $group2) {
|
2003-08-19 10:38:39 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), "(&(objectclass=posixGroup)(cn=$group2))", array('memberUid'));
|
2003-05-20 21:12:15 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
$group = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
2003-08-19 10:24:22 +00:00
|
|
|
|
$dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
2003-05-20 21:12:15 +00:00
|
|
|
|
if ($group['memberUid']) array_shift($group['memberUid']);
|
2003-08-19 10:24:22 +00:00
|
|
|
|
if (! @in_array($values->general_username, $group['memberUid'])) {
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$toadd['memberUid'] = $values->general_username;
|
2003-08-19 10:24:22 +00:00
|
|
|
|
$success = ldap_mod_add($_SESSION['ldap']->server(), $dn, $toadd);
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
2003-05-20 21:12:15 +00:00
|
|
|
|
if (!$success) return 4;
|
|
|
|
|
}
|
2003-08-18 17:41:34 +00:00
|
|
|
|
if ((isset($_SESSION['userDN']))) {
|
|
|
|
|
$_SESSION['userDN'][$values->general_dn]['cn'] = $values->general_username;
|
|
|
|
|
$_SESSION['userDN'][$values->general_dn]['uidNumber'] = $values->general_uidNumber;
|
|
|
|
|
}
|
2003-05-20 21:12:15 +00:00
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2003-06-01 10:02:44 +00:00
|
|
|
|
function modifyuser($values,$values_old) { // Will modify the LDAP-Account
|
2003-08-18 18:46:33 +00:00
|
|
|
|
// 2 == Account already exists at different location
|
2003-05-20 21:12:15 +00:00
|
|
|
|
// 3 == Account has been modified
|
|
|
|
|
// 5 == Error while modifying Account
|
|
|
|
|
// Value stored in shadowExpire, days since 1.1.1970
|
2003-06-15 19:28:15 +00:00
|
|
|
|
// decrypt password
|
2003-06-15 20:02:33 +00:00
|
|
|
|
$iv = base64_decode($_COOKIE["IV"]);
|
|
|
|
|
$key = base64_decode($_COOKIE["Key"]);
|
2003-07-11 14:42:28 +00:00
|
|
|
|
if ($values->unix_pwdexpire) {
|
|
|
|
|
$date = $values->unix_pwdexpire / 86400 ;
|
2003-06-21 12:37:57 +00:00
|
|
|
|
settype($date, 'integer');
|
|
|
|
|
}
|
2003-07-11 14:42:28 +00:00
|
|
|
|
if ($values_old->unix_pwdexpire) {
|
|
|
|
|
$date_old = $values_old->unix_pwdexpire / 86400 ;
|
2003-06-21 12:37:57 +00:00
|
|
|
|
settype($date_old, 'integer');
|
|
|
|
|
}
|
2003-06-15 20:02:33 +00:00
|
|
|
|
if ($values->unix_password != '') {
|
|
|
|
|
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
|
|
|
|
|
$values->unix_password = str_replace(chr(00), '', $values->unix_password);
|
|
|
|
|
}
|
|
|
|
|
if ($values->smb_password != '') {
|
|
|
|
|
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
|
|
|
|
|
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
|
|
|
|
|
}
|
2003-06-21 12:37:57 +00:00
|
|
|
|
if ($values->unix_pwdexpire_mon) {
|
|
|
|
|
$date = mktime(10,0,0, $values->unix_pwdexpire_mon, $values->unix_pwdexpire_day, $values->unix_pwdexpire_yea) / 86400 ;
|
|
|
|
|
settype($date, 'integer');
|
|
|
|
|
}
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($values->general_username != $values_old->general_username) {
|
|
|
|
|
$attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
|
|
|
|
|
$attr['uid'] = $values->general_username; // posixAccount_req
|
2003-05-20 21:12:15 +00:00
|
|
|
|
}
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($values->general_uidNumber != $values_old->general_uidNumber) {
|
|
|
|
|
$attr['uidNumber'] = $values->general_uidNumber; // posixAccount_req
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if ($_SESSION['config']->is_samba3()) $attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
else $attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
|
2003-05-20 21:12:15 +00:00
|
|
|
|
}
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($values->general_group != $values_old->general_group) {
|
|
|
|
|
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
|
2003-09-18 13:54:02 +00:00
|
|
|
|
$change = false;
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if ($_SESSION['config']->is_samba3()) {
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if ($values->smb_mapgroup==$_SESSION['account']->smb_domain->SID . '-512') $found=true;
|
|
|
|
|
if ($values->smb_mapgroup==$_SESSION['account']->smb_domain->SID . '-513') $found=true;
|
|
|
|
|
if ($values->smb_mapgroup==$_SESSION['account']->smb_domain->SID . '-514') $found=true;
|
|
|
|
|
if (!$found) $attr['sambaPrimaryGroupSID'] = $_SESSION['account']->smb_domain->SID . "-".
|
|
|
|
|
(2 * getgid($_SESSION['account']->general_group) + $values->smb_domain->RIDbase+1);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
if ($values->smb_mapgroup== '512') $found=true;
|
|
|
|
|
if ($values->smb_mapgroup== '513') $found=true;
|
|
|
|
|
if ($values->smb_mapgroup== '514') $found=true;
|
|
|
|
|
if (!$found) $attr['primaryGroupID'] = (2 * getgid($_SESSION['account']->general_group) + 1001);
|
|
|
|
|
}
|
2003-05-20 21:12:15 +00:00
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($values->general_homedir != $values_old->general_homedir)
|
|
|
|
|
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
|
2003-05-20 21:12:15 +00:00
|
|
|
|
// posixAccount_may shadowAccount_may
|
2003-10-05 10:38:31 +00:00
|
|
|
|
|
|
|
|
|
// Set new password
|
2003-09-24 20:58:34 +00:00
|
|
|
|
if ($values->unix_password=='') {
|
2003-10-05 10:38:31 +00:00
|
|
|
|
if ($values->unix_deactivated != $values_old->unix_deactivated) {
|
|
|
|
|
$i = 0;
|
|
|
|
|
while ($values_old->unix_password{$i} != '}') $i++;
|
|
|
|
|
$passwd = substr($values_old->unix_password, $i+1 );
|
|
|
|
|
$crypt = substr($values_old->unix_password, 0, $i+1 );
|
|
|
|
|
if ($passwd{0} == '!') $passwd = substr($passwd, 1);
|
|
|
|
|
if ($values->unix_deactivated) $attr['userPassword'] = $crypt.'!'.$passwd;
|
|
|
|
|
else $attr['userPassword'] = $crypt.$passwd;
|
2003-09-24 20:58:34 +00:00
|
|
|
|
}
|
2003-10-05 10:38:31 +00:00
|
|
|
|
if ($values->unix_password_no) {
|
|
|
|
|
if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash('', false);
|
|
|
|
|
else $attr['userPassword'] = pwd_hash('');
|
|
|
|
|
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
2003-09-24 20:58:34 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
2003-10-05 10:38:31 +00:00
|
|
|
|
if ($values->unix_password_no) $values->unix_password = '';
|
|
|
|
|
if ($values->unix_deactivated) $attr['userPassword'] = pwd_hash($values->unix_password, false);
|
|
|
|
|
else $attr['userPassword'] = pwd_hash($values->unix_password);
|
2003-09-24 20:58:34 +00:00
|
|
|
|
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
2003-10-05 10:38:31 +00:00
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if ($_SESSION['config']->is_samba3()) {
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if ($values->smb_password_no) {
|
|
|
|
|
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
if ($values->smb_password!='') {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
$attr['sambaNTPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
|
|
|
|
|
$attr['sambaLMPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
|
|
|
|
|
}
|
2003-07-11 14:42:28 +00:00
|
|
|
|
if ($values->smb_pwdcanchange != $values_old->smb_pwdcanchange) $attr['sambaPwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
|
|
|
|
|
if ($values->smb_pwdmustchange != $values_old->smb_pwdmustchange) $attr['sambaPwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
|
2003-10-17 09:30:13 +00:00
|
|
|
|
if (smbflag($values) != smbflag($values_old)) $attr['sambaAcctFlags'] = smbflag($values); // sambaAccount_may
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if (($values->smb_smbhome!='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr['sambaHomePath'] = utf8_encode($values->smb_smbhome); // sambaAccount_may
|
|
|
|
|
if (($values->smb_smbhome=='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr_rem['sambaHomePath'] = utf8_encode($values_old->smb_smbhome); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if (($values->smb_homedrive!='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr['sambaHomeDrive'] = $values->smb_homedrive; // sambaAccount_may
|
|
|
|
|
if (($values->smb_homedrive=='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr_rem['sambaHomeDrive'] = $values_old->smb_homedrive; // sambaAccount_may
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if (($values->smb_scriptPath!='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr['sambaLogonScript'] = utf8_encode($values->smb_scriptPath); // sambaAccount_may
|
|
|
|
|
if (($values->smb_scriptPath=='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr_rem['sambaLogonScript'] = utf8_encode($values_old->smb_scriptPath); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if (($values->smb_profilePath!='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr['sambaProfilePath'] = $values->smb_profilePath; // sambaAccount_may
|
|
|
|
|
if (($values->smb_profilePath=='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr_rem['sambaProfilePath'] = $values_old->smb_profilePath; // sambaAccount_may
|
|
|
|
|
if (($values->smb_smbuserworkstations!='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr['sambaUserWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
|
|
|
|
|
if (($values->smb_smbuserworkstations=='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr_rem['sambaUserWorkstations'] = $values_old->smb_smbuserworkstations; // sambaAccount_may
|
2003-08-10 19:46:21 +00:00
|
|
|
|
if (($values->smb_domain->name!='') && ($values->smb_domain->name!=$values_old->smb_domain->name)) $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
|
|
|
|
|
if (($values->smb_domain->name=='') && ($values->smb_domain->name!=$values_old->smb_domain->name)) $attr_rem['sambaDomainName'] = $values_old->smb_domain->name; // sambaAccount_may
|
2003-08-16 09:38:17 +00:00
|
|
|
|
if (($values->smb_mapgroup!='') && ($values->smb_mapgroup!=$values_old->smb_mapgroup)) $attr['sambaPrimaryGroupSID'] = $values->smb_mapgroup; // sambaAccount_may
|
|
|
|
|
if (($values->smb_mapgroup=='') && ($values->smb_mapgroup!=$values_old->smb_mapgroup)) $attr_rem['sambaPrimaryGroupSID'] = $values_old->smb_mapgroup;
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if ($values->smb_displayName != $values_old->smb_displayName) $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
else {
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if ($values->smb_password_no) {
|
|
|
|
|
$attr['ntPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['lmPassword'] = 'NO PASSWORD*****';
|
2003-05-20 21:12:15 +00:00
|
|
|
|
$attr['pwdLastSet'] = time(); // sambaAccount_may
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
2003-06-26 16:26:06 +00:00
|
|
|
|
else
|
|
|
|
|
if ($values->smb_password!='') {
|
2003-10-19 17:04:49 +00:00
|
|
|
|
$attr['ntPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl nt ' . $values->smb_password));
|
|
|
|
|
$attr['lmPassword'] = exec(($_SESSION['lampath'].'lib/createntlm.pl lm ' . $values->smb_password));
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$attr['pwdLastSet'] = time(); // sambaAccount_may
|
|
|
|
|
}
|
2003-07-11 14:42:28 +00:00
|
|
|
|
if ($values->smb_pwdcanchange != $values_old->smb_pwdcanchange) $attr['pwdCanChange'] = $values->smb_pwdcanchange; // sambaAccount_may
|
|
|
|
|
if ($values->smb_pwdmustchange != $values_old->smb_pwdmustchange) $attr['pwdMustChange'] = $values->smb_pwdmustchange; // sambaAccount_may
|
2003-10-17 09:30:13 +00:00
|
|
|
|
if (smbflag($values) != smbflag($values_old)) $attr['acctFlags'] = smbflag($values); // sambaAccount_may
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if (($values->smb_smbhome!='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr['smbHome'] = utf8_encode($values->smb_smbhome); // sambaAccount_may
|
|
|
|
|
if (($values->smb_smbhome=='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr_rem['smbHome'] = utf8_encode($values_old->smb_smbhome); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if (($values->smb_homedrive!='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr['homeDrive'] = $values->smb_homedrive; // sambaAccount_may
|
|
|
|
|
if (($values->smb_homedrive=='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr_rem['homeDrive'] = $values_old->smb_homedrive; // sambaAccount_may
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if (($values->smb_scriptPath!='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr['scriptPath'] = utf8_encode($values->smb_scriptPath); // sambaAccount_may
|
|
|
|
|
if (($values->smb_scriptPath=='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr_rem['scriptPath'] = utf8_encode($values_old->smb_scriptPath); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if (($values->smb_profilePath!='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr['profilePath'] = $values->smb_profilePath; // sambaAccount_may
|
|
|
|
|
if (($values->smb_profilePath=='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr_rem['profilePath'] = $values_old->smb_profilePath; // sambaAccount_may
|
|
|
|
|
if (($values->smb_smbuserworkstations!='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr['userWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
|
|
|
|
|
if (($values->smb_smbuserworkstations=='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr_rem['userWorkstations'] = $values_old->smb_smbuserworkstations; // sambaAccount_may
|
|
|
|
|
if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['domain'] = $values->smb_domain; // sambaAccount_may
|
|
|
|
|
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['domain'] = $values_old->smb_domain; // sambaAccount_may
|
2003-08-16 09:38:17 +00:00
|
|
|
|
if (($values->smb_mapgroup!='') && ($values->smb_mapgroup!=$values_old->smb_mapgroup)) $attr['primaryGroupID'] = $values->smb_mapgroup; // sambaAccount_may
|
|
|
|
|
if (($values->smb_mapgroup=='') && ($values->smb_mapgroup!=$values_old->smb_mapgroup)) $attr_rem['primaryGroupID'] = $values_old->smb_mapgroup;
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if ($values->smb_displayName != $values_old->smb_displayName) $attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($values->general_shell != $values_old->general_shell)
|
|
|
|
|
$attr['loginShell'] = $values->general_shell; // posixAccount_may
|
|
|
|
|
if ($values->general_gecos != $values_old->general_gecos) {
|
2003-09-25 14:14:59 +00:00
|
|
|
|
$attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos)); // posixAccount_may
|
2003-08-14 12:49:11 +00:00
|
|
|
|
$attr['description'] = utf8_encode($values->general_gecos); // posixAccount_may sambaAccount_may
|
2003-05-20 21:12:15 +00:00
|
|
|
|
}
|
2003-08-11 12:40:06 +00:00
|
|
|
|
|
|
|
|
|
if (($values->unix_host != $values_old->unix_host)) {
|
|
|
|
|
$values->unix_host = str_replace(' ', '', $values->unix_host);
|
2003-09-01 16:04:43 +00:00
|
|
|
|
$host = explode (',', $values->unix_host);
|
2003-08-11 12:40:06 +00:00
|
|
|
|
$values_old->unix_host = str_replace(' ', '', $values_old->unix_host);
|
2003-09-01 16:04:43 +00:00
|
|
|
|
$host_old = explode (',', $values_old->unix_host);
|
|
|
|
|
if ($host[0]=='') $attr_rem['host'] = $host_old;
|
|
|
|
|
else if ($host[0]!='') $attr['host'] = $host;
|
2003-08-11 12:40:06 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-06-21 12:37:57 +00:00
|
|
|
|
if (($values->unix_pwdminage != $values_old->unix_pwdminage) && ($values->unix_pwdminage !=''))
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
|
2003-06-21 12:37:57 +00:00
|
|
|
|
if (($values->unix_pwdminage != $values_old->unix_pwdminage) && ($values->unix_pwdminage ==''))
|
|
|
|
|
$attr_rem['shadowMin'] = $values_old->unix_pwdminage; // shadowAccount_may
|
|
|
|
|
if (($values->unix_pwdmaxage != $values_old->unix_pwdmaxage) && ($values->unix_pwdmaxage !=''))
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$attr['shadowMax'] = $values->unix_pwdmaxage; // shadowAccount_may
|
2003-06-21 12:37:57 +00:00
|
|
|
|
if (($values->unix_pwdmaxage != $values_old->unix_pwdmaxage) && ($values->unix_pwdmaxage ==''))
|
|
|
|
|
$attr_rem['shadowMax'] = $values_old->unix_pwdmaxage; // shadowAccount_may
|
|
|
|
|
if (($values->unix_pwdwarn != $values_old->unix_pwdwarn) && ($values->unix_pwdwarn !=''))
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$attr['shadowWarning'] = $values->unix_pwdwarn; // shadowAccount_may
|
2003-06-21 12:37:57 +00:00
|
|
|
|
if (($values->unix_pwdwarn != $values_old->unix_pwdwarn) && ($values->general_pwdwarn ==''))
|
|
|
|
|
$attr_rem['shadowWarning'] = $values_old->unix_pwdwarn; // shadowAccount_may
|
2003-06-28 13:48:15 +00:00
|
|
|
|
if (($values->unix_pwdallowlogin != $values_old->unix_pwdallowlogin) && ($values->unix_pwdallowlogin !=''))
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$attr['shadowInactive'] = $values->unix_pwdallowlogin; // shadowAccount_may
|
2003-06-28 13:48:15 +00:00
|
|
|
|
if (($values->unix_pwdallowlogin != $values_old->unix_pwdallowlogin) && ($values->unix_pwdallowlogin ==''))
|
2003-06-21 12:37:57 +00:00
|
|
|
|
$attr_rem['shadowInactive'] = $values_old->unix_pwdallowlogin; // shadowAccount_may
|
|
|
|
|
if (($date != $date_old) && $date) $attr['shadowExpire'] = $date ; // shadowAccount_may
|
|
|
|
|
if (($date != $date_old) && !$date) $attr_rem['shadowExpire'] = $date_old ; // shadowAccount_may
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_title != $values_old->personal_title) && ($values->personal_title != ''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr['title'] = utf8_encode($values->personal_title);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_title != $values_old->personal_title) && ($values->personal_title == ''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr_rem['title'] = utf8_encode($values_old->personal_title);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_mail != $values_old->personal_mail) && ($values->personal_mail != ''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr['mail'] = utf8_encode($values->personal_mail);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_mail != $values_old->personal_mail) && ($values->personal_mail == ''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr_rem['mail'] = utf8_encode($values_old->personal_mail);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_telephoneNumber != $values_old->personal_telephoneNumber) && ($values->personal_telephoneNumber !=''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr['telephoneNumber'] = utf8_encode($values->personal_telephoneNumber);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_telephoneNumber != $values_old->personal_telephoneNumber) && ($values->personal_telephoneNumber ==''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr_rem['telephoneNumber'] = utf8_encode($values_old->personal_telephoneNumber);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_mobileTelephoneNumber != $values_old->personal_mobileTelephoneNumber) && ($values->personal_mobileTelephoneNumber!=''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr['mobileTelephoneNumber'] = utf8_encode($values->personal_mobileTelephoneNumber);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_mobileTelephoneNumber != $values_old->personal_mobileTelephoneNumber) && ($values->personal_mobileTelephoneNumber==''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr_rem['mobilemobileTelephoneNumber'] = utf8_encode($values_old->personal_mobileTelephoneNumber);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_facsimileTelephoneNumber != $values_old->personal_facsimileTelephoneNumber) && ($values->personal_facsimileTelephoneNumber!=''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr['facsimileTelephoneNumber'] = utf8_encode($values->personal_facsimileTelephoneNumber);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_facsimileTelephoneNumber != $values_old->personal_facsimileTelephoneNumber) && ($values->personal_facsimileTelephoneNumber==''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr_rem['facsimileTelephoneNumber'] = utf8_encode($values_old->personal_facsimileTelephoneNumber);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_street != $values_old->personal_street) && ($values->personal_street!=''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr['street'] = utf8_encode($values->personal_street);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_street != $values_old->personal_street) && ($values->personal_street==''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr_rem['street'] = utf8_encode($values_old->personal_street);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_street != $values_old->personal_street) && ($values->personal_street!=''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr['postalCode'] = utf8_encode($values->personal_street);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_street != $values_old->personal_street) && ($values->personal_street==''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr_rem['postalCode'] = utf8_encode($values_old->personal_street);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_postalAddress != $values_old->personal_postalAddress) && ($values->personal_postalAddress!=''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr['postalAddress'] = utf8_encode($values->personal_postalAddress);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_postalAddress != $values_old->personal_postalAddress) && ($values->personal_postalAddress==''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr_rem['postalAddress'] = utf8_encode($values_old->personal_postalAddress);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_employeeType != $values_old->personal_employeeType) && ($values->personal_employeeType!=''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr['employeeType'] = utf8_encode($values->personal_employeeType);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->personal_employeeType != $values_old->personal_employeeType) && ($values->personal_employeeType==''))
|
2003-08-14 14:40:01 +00:00
|
|
|
|
$attr_rem['employeeType'] = utf8_encode($values_old->personal_employeeType);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if (($values->unix_pwdexpire_day = $date['mday']!=$values_old->unix_pwdexpire_day = $date['mday']) ||
|
|
|
|
|
($values->unix_pwdexpire_mon = $date['mon'] != $values_old->unix_pwdexpire_mon = $date['mon']) ||
|
|
|
|
|
($values->unix_pwdexpire_yea = $date['year'] != $values->unix_pwdexpire_yea = $date['year']))
|
2003-05-20 21:12:15 +00:00
|
|
|
|
$attr['shadowExpire'] = $date ; // shadowAccount_may
|
2003-08-14 12:49:11 +00:00
|
|
|
|
if ($values->general_givenname!=$values_old->general_givenname) $attr['givenName'] = utf8_encode($values->general_givenname);
|
|
|
|
|
if ($values->general_surname!=$values_old->general_surname) $attr['sn'] = utf8_encode($values->general_surname);
|
2003-05-20 21:12:15 +00:00
|
|
|
|
|
2003-09-18 13:54:02 +00:00
|
|
|
|
// Add missing objectclasses to group
|
|
|
|
|
if (!in_array('posixAccount', $values->general_objectClass)) {
|
|
|
|
|
$attr['objectClass'] = $values->general_objectClass;
|
|
|
|
|
$attr['objectClass'][] = 'posixAccount';
|
|
|
|
|
}
|
|
|
|
|
if (!in_array('shadowAccount', $values->general_objectClass)) {
|
|
|
|
|
if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
|
|
|
|
|
$attr['objectClass'][] = 'shadowAccount';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Add or convert samba attributes & object to samba 3
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if (($_SESSION['config']->is_samba3()) && (!in_array('sambaSamAccount', $values->general_objectClass))) {
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
|
|
|
|
|
$attr['objectClass'][] = 'sambaSamAccount';
|
|
|
|
|
// unset old sambaAccount objectClass
|
|
|
|
|
for ($i=0; $i<count($attr['objectClass']); $i++)
|
|
|
|
|
if ($attr['objectClass'][$i]=='sambaAccount') unset($attr['objectClass'][$i]);
|
|
|
|
|
$attr['objectClass'] = array_values($attr['objectClass']);
|
|
|
|
|
// Set correct values for new objectclass
|
|
|
|
|
// Load old samba-values not stored in account object
|
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
|
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
|
|
|
|
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
if (isset($attr_old['lmPassword'][0])) $attr['sambaLMPassword'] = $attr_old['lmPassword'][0];
|
|
|
|
|
if (isset($attr_old['ntPassword'][0])) $attr['sambaNTPassword'] = $attr_old['ntPassword'][0];
|
|
|
|
|
if (isset($attr_old['pwdLastSet'][0])) $attr['sambaPwdLastSet'] = $attr_old['pwdLastSet'][0];
|
|
|
|
|
if (isset($attr_old['logonTime'][0])) $attr['sambaLogonTime'] = $attr_old['logonTime'][0];
|
|
|
|
|
if (isset($attr_old['logoffTime'][0])) $attr['sambaLogoffTime'] = $attr_old['logoffTime'][0];
|
|
|
|
|
if (isset($attr_old['kickoffTime'][0])) $attr['sambaKickoffTime'] = $attr_old['kickoffTime'][0];
|
|
|
|
|
if (isset($attr_old['pwdCanChange'][0])) $attr['sambaPwdCanChange'] = $attr_old['pwdCanChange'][0];
|
|
|
|
|
if (isset($attr_old['pwdMustChange'][0])) $attr['sambaPwdMustChange'] = $attr_old['pwdMustChange'][0];
|
|
|
|
|
if (isset($attr_old['smbHome'][0])) $attr['sambaHomePath'] = $attr_old['smbHome'][0];
|
|
|
|
|
if (isset($attr_old['homeDrive'][0])) $attr['sambaHomeDrive'] = $attr_old['homeDrive'][0];
|
|
|
|
|
if (isset($attr_old['scriptPath'][0])) $attr['sambaLogonScript'] = $attr_old['scriptPath'][0];
|
|
|
|
|
if (isset($attr_old['profilePath'][0])) $attr['sambaProfilePath'] = $attr_old['profilePath'][0];
|
|
|
|
|
if (isset($attr_old['userWorkstations'][0])) $attr['sambaUserWorkstations'] = $attr_old['userWorkstations'][0];
|
|
|
|
|
// Values used from account object
|
|
|
|
|
$attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
|
|
|
|
|
$attr['sambaAcctFlags'] = smbflag($values); // sambaAccount_may
|
|
|
|
|
$attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
|
|
|
|
|
$attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
|
|
|
|
|
$attr['sambaPrimaryGroupSID'] = $values->smb_mapgroup; // sambaAccount_req
|
|
|
|
|
// remove old attributes
|
|
|
|
|
if (in_array('sambaAccount', $attr_old['objectClass'])) $attr_rem['objectClass'] = 'sambaAccount';
|
|
|
|
|
if (isset($attr_old['lmPassword'][0])) $attr_rem['lmPassword'] = $attr_old['lmPassword'][0];
|
|
|
|
|
if (isset($attr_old['ntPassword'][0])) $attr_rem['ntPassword'] = $attr_old['ntPassword'][0];
|
|
|
|
|
if (isset($attr_old['pwdLastSet'][0])) $attr_rem['pwdLastSet'] = $attr_old['pwdLastSet'][0];
|
|
|
|
|
if (isset($attr_old['logonTime'][0])) $attr_rem['logonTime'] = $attr_old['logonTime'][0];
|
|
|
|
|
if (isset($attr_old['kickoffTime'][0])) $attr_rem['kickoffTime'] = $attr_old['kickoffTime'][0];
|
|
|
|
|
if (isset($attr_old['pwdCanChange'][0])) $attr_rem['pwdCanChange'] = $attr_old['pwdCanChange'][0];
|
|
|
|
|
if (isset($attr_old['pwdMustChange'][0])) $attr_rem['pwdMustChange'] = $attr_old['pwdMustChange'][0];
|
|
|
|
|
if (isset($attr_old['smbHome'][0])) $attr_rem['smbHome'] = $attr_old['smbHome'][0];
|
|
|
|
|
if (isset($attr_old['acctFlags'][0])) $attr_rem['acctFlags'] = $attr_old['acctFlags'][0];
|
|
|
|
|
if (isset($attr_old['homeDrive'][0])) $attr_rem['homeDrive'] = $attr_old['homeDrive'][0];
|
|
|
|
|
if (isset($attr_old['scriptPath'][0])) $attr_rem['scriptPath'] = $attr_old['scriptPath'][0];
|
|
|
|
|
if (isset($attr_old['profilePath'][0])) $attr_rem['profilePath'] = $attr_old['profilePath'][0];
|
|
|
|
|
if (isset($attr_old['userWorkstations'][0])) $attr_rem['userWorkstations'] = $attr_old['userWorkstations'][0];
|
|
|
|
|
if (isset($attr_old['primaryGroupID'][0])) $attr_rem['primaryGroupID'] = $attr_old['primaryGroupID'][0];
|
|
|
|
|
if (isset($attr_old['domain'][0])) $attr_rem['domain'] = $attr_old['domain'][0];
|
|
|
|
|
if (isset($attr_old['rid'][0])) $attr_rem['rid'] = $attr_old['rid'][0];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Add or convert samba attributes & object to samba 2.2
|
|
|
|
|
if (($_SESSION['config']->samba3 == 'no') && (!in_array('sambaAccount', $values->general_objectClass))) {
|
|
|
|
|
if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
|
|
|
|
|
$attr['objectClass'][] = 'sambaAccount';
|
|
|
|
|
// unset old sambaAccount objectClass
|
|
|
|
|
for ($i=0; $i<count($attr['objectClass']); $i++)
|
|
|
|
|
if ($attr['objectClass'][$i]=='sambaSamAccount') unset($attr['objectClass'][$i]);
|
|
|
|
|
$attr['objectClass'] = array_values($attr['objectClass']);
|
|
|
|
|
// Set correct values for new objectclass
|
|
|
|
|
// Load old samba-values not stored in account object
|
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
|
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
|
|
|
|
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
if (isset($attr_old['sambaLMPassword'][0])) $attr['lmPassword'] = $attr_old['sambaLMPassword'][0];
|
|
|
|
|
if (isset($attr_old['sambaNTPassword'][0])) $attr['ntPassword'] = $attr_old['sambaNTPassword'][0];
|
|
|
|
|
if (isset($attr_old['sambaPwdLastSet'][0])) $attr['pwdLastSet'] = $attr_old['sambaPwdLastSet'][0];
|
|
|
|
|
if (isset($attr_old['sambaLogonTime'][0])) $attr['logonTime'] = $attr_old['sambaLogonTime'][0];
|
|
|
|
|
if (isset($attr_old['sambaLogoffTime'][0])) $attr['logoffTime'] = $attr_old['sambaLogoffTime'][0];
|
|
|
|
|
if (isset($attr_old['sambaKickoffTime'][0])) $attr['kickoffTime'] = $attr_old['sambaKickoffTime'][0];
|
|
|
|
|
if (isset($attr_old['sambaPwdCanChange'][0])) $attr['pwdCanChange'] = $attr_old['sambaPwdCanChange'][0];
|
|
|
|
|
if (isset($attr_old['sambaPwdMustChange'][0])) $attr['pwdMustChange'] = $attr_old['sambaPwdMustChange'][0];
|
|
|
|
|
if (isset($attr_old['sambaHomePath'][0])) $attr['smbHome'] = $attr_old['sambaHomePath'][0];
|
|
|
|
|
if (isset($attr_old['sambaHomeDrive'][0])) $attr['homeDrive'] = $attr_old['sambaHomeDrive'][0];
|
|
|
|
|
if (isset($attr_old['sambaLogonScript'][0])) $attr['scriptPath'] = $attr_old['sambaLogonScript'][0];
|
|
|
|
|
if (isset($attr_old['sambaProfilePath'][0])) $attr['profilePath'] = $attr_old['sambaProfilePath'][0];
|
|
|
|
|
if (isset($attr_old['sambaUserWorkstations'][0])) $attr['userWorkstations'] = $attr_old['sambaUserWorkstations'][0];
|
|
|
|
|
// Values used from account object
|
|
|
|
|
$attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
|
|
|
|
|
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
|
|
|
|
|
if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
|
|
|
|
|
$attr['primaryGroupID'] = $values->smb_mapgroup; // sambaAccount_req
|
|
|
|
|
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
|
|
|
|
|
|
|
|
|
|
// remove old attributes
|
|
|
|
|
if (in_array('sambaSamAccount', $attr_old['objectClass'])) $attr_rem['objectClass'] = 'sambaSamAccount';
|
|
|
|
|
if (isset($attr_old['sambaLMPassword'][0])) $attr_rem['sambaLMPassword'] = $attr_old['sambaLMPassword'][0];
|
|
|
|
|
if (isset($attr_old['sambaNTPassword'][0])) $attr_rem['sambaNTPassword'] = $attr_old['sambaNTPassword'][0];
|
|
|
|
|
if (isset($attr_old['sambaPwdLastSet'][0])) $attr_rem['sambaPwdLastSet'] = $attr_old['sambaPwdLastSet'][0];
|
|
|
|
|
if (isset($attr_old['sambaLogonTime'][0])) $attr_rem['sambaLogonTime'] = $attr_old['sambaLogonTime'][0];
|
|
|
|
|
if (isset($attr_old['sambaKickoffTime'][0])) $attr_rem['sambaKickoffTime'] = $attr_old['sambaKickoffTime'][0];
|
|
|
|
|
if (isset($attr_old['sambaPwdCanChange'][0])) $attr_rem['sambaPwdCanChange'] = $attr_old['sambaPwdCanChange'][0];
|
|
|
|
|
if (isset($attr_old['sambaPwdMustChange'][0])) $attr_rem['sambaPwdMustChange'] = $attr_old['sambaPwdMustChange'][0];
|
|
|
|
|
if (isset($attr_old['sambaHomePath'][0])) $attr_rem['sambaHomePath'] = $attr_old['sambaHomePAth'][0];
|
|
|
|
|
if (isset($attr_old['sambaAcctFlags'][0])) $attr_rem['sambaAcctFlags'] = $attr_old['sambaAcctFlags'][0];
|
|
|
|
|
if (isset($attr_old['sambaHomeDrive'][0])) $attr_rem['sambaHomeDrive'] = $attr_old['sambaHomeDrive'][0];
|
|
|
|
|
if (isset($attr_old['sambaLogonScript'][0])) $attr_rem['sambaLogonScript'] = $attr_old['sambaLogonScript'][0];
|
|
|
|
|
if (isset($attr_old['sambaProfilePath'][0])) $attr_rem['sambaProfilePath'] = $attr_old['sambaProfilePath'][0];
|
|
|
|
|
if (isset($attr_old['sambaUserWorkstations'][0])) $attr_rem['sambaUserWorkstations'] = $attr_old['sambaUserWorkstations'][0];
|
|
|
|
|
if (isset($attr_old['sambaPrimaryGroupID'][0])) $attr_rem['sambaPrimaryGroupID'] = $attr_old['sambaPrimaryGroupID'][0];
|
|
|
|
|
if (isset($attr_old['sambaDomainName'][0])) $attr_rem['sambaDomainName'] = $attr_old['sambaDomainName'][0];
|
|
|
|
|
if (isset($attr_old['sambaSID'][0])) $attr_rem['sambaSID'] = $attr_old['sambaSID'][0];
|
|
|
|
|
}
|
|
|
|
|
|
2003-08-12 19:45:24 +00:00
|
|
|
|
|
|
|
|
|
|
2003-05-31 10:52:15 +00:00
|
|
|
|
if ($attr_rem) {
|
2003-06-28 13:14:45 +00:00
|
|
|
|
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
|
2003-05-31 10:52:15 +00:00
|
|
|
|
if (!$success) return 5;
|
|
|
|
|
}
|
2003-06-28 13:38:18 +00:00
|
|
|
|
if ($attr) {
|
|
|
|
|
$success = ldap_modify($_SESSION['ldap']->server(),$values_old->general_dn, $attr);
|
|
|
|
|
if (!$success) return 5;
|
|
|
|
|
}
|
|
|
|
|
if ($values->general_dn != $values_old->general_dn) { // Username hasn't changed
|
2003-06-28 13:14:45 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixAccount");
|
2003-04-23 15:47:00 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
2003-05-20 21:12:15 +00:00
|
|
|
|
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
2003-06-28 13:14:45 +00:00
|
|
|
|
// remove "count" from array
|
|
|
|
|
unset($attr_old['count']);
|
|
|
|
|
for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
|
|
|
|
|
$keys = array_keys($attr_old);
|
|
|
|
|
for ($i=0; $i < sizeof($keys); $i++)
|
|
|
|
|
unset($attr_old[$keys[$i]]['count']);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
|
|
|
|
|
if ($success) $success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
|
2003-10-17 16:04:57 +00:00
|
|
|
|
if (!$success) return 5;
|
2003-05-20 21:12:15 +00:00
|
|
|
|
}
|
|
|
|
|
// Write Groupmemberchips
|
2003-09-18 13:54:02 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_GroupSuffix(), 'objectClass=PosixGroup', array('memberUid', 'cn'));
|
2003-05-20 21:12:15 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
while ($entry) {
|
|
|
|
|
$modifygroup=0;
|
|
|
|
|
$attr2 = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
if ($attr2['memberUid']) {
|
|
|
|
|
array_shift($attr2['memberUid']);
|
|
|
|
|
foreach ($attr2['memberUid'] as $nam) {
|
2003-06-07 14:25:30 +00:00
|
|
|
|
if ( ($nam==$values->general_username) && !in_array($attr2['cn'][0], $values->general_groupadd)) {
|
2003-05-20 21:12:15 +00:00
|
|
|
|
$todelete['memberUid'] = $nam;
|
|
|
|
|
$success = ldap_mod_del($_SESSION['ldap']->server(), ldap_get_dn($_SESSION['ldap']->server(), $entry) ,$todelete);
|
2003-05-31 10:52:15 +00:00
|
|
|
|
if (!$success) return 5;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
2003-05-20 21:12:15 +00:00
|
|
|
|
}
|
2003-10-17 16:04:57 +00:00
|
|
|
|
if (!@in_array($values->general_username, $attr2['memberUid']) && @in_array($attr2['cn'][0], $values->general_groupadd) && ($attr2['cn'][0]!=$values->general_group)) {
|
2003-05-20 21:12:15 +00:00
|
|
|
|
$toadd['memberUid'] = $attr2['memberUid'];
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$toadd['memberUid'][] = $values->general_username;
|
2003-05-20 21:12:15 +00:00
|
|
|
|
$success = ldap_mod_replace($_SESSION['ldap']->server(), ldap_get_dn($_SESSION['ldap']->server(), $entry), $toadd);
|
2003-05-31 10:52:15 +00:00
|
|
|
|
if (!$success) return 5;
|
2003-05-20 21:12:15 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
2003-06-07 14:25:30 +00:00
|
|
|
|
if (in_array($attr2['cn'][0], $values->general_groupadd) && ($attr2['cn'][0]!=$values->general_group)) {
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$toadd['memberUid'] = $values->general_username;
|
2003-05-20 21:12:15 +00:00
|
|
|
|
$success = ldap_mod_add($_SESSION['ldap']->server(), ldap_get_dn($_SESSION['ldap']->server(), $entry), $toadd);
|
2003-05-31 10:52:15 +00:00
|
|
|
|
if (!$success) return 5;
|
2003-05-20 21:12:15 +00:00
|
|
|
|
}
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
2003-05-20 21:12:15 +00:00
|
|
|
|
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
if ($_SESSION['config']->scriptServer && is_array($values->quota) ) setquotas($values,$values_old);
|
2003-08-18 17:41:34 +00:00
|
|
|
|
if ((isset($_SESSION['userDN']))) {
|
|
|
|
|
if ($values->general_dn != $values_old->general_dn) {
|
|
|
|
|
unset ($_SESSION['userDN'][$values_old->general_dn]);
|
|
|
|
|
}
|
|
|
|
|
$_SESSION['userDN'][$values->general_dn]['cn'] = $values->general_username;
|
|
|
|
|
$_SESSION['userDN'][$values->general_dn]['uidNumber'] = $values->general_uidNumber;
|
|
|
|
|
}
|
2003-05-20 21:12:15 +00:00
|
|
|
|
return 3;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-05-20 21:12:15 +00:00
|
|
|
|
|
|
|
|
|
|
2003-06-01 10:02:44 +00:00
|
|
|
|
function createhost($values) { // Will create the LDAP-Account
|
2003-08-18 18:46:33 +00:00
|
|
|
|
// 2 == Account already exists at different location
|
2003-05-17 11:19:03 +00:00
|
|
|
|
// 1 == Account has been created
|
|
|
|
|
// 3 == Account has been modified
|
|
|
|
|
// 4 == Error while creating Account
|
|
|
|
|
// 5 == Error while modifying Account
|
2003-04-23 15:47:00 +00:00
|
|
|
|
// Value stored in shadowExpire, days since 1.1.1970
|
2003-09-17 16:57:01 +00:00
|
|
|
|
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
|
2003-05-17 11:19:03 +00:00
|
|
|
|
// All Values need for an host-account
|
2003-04-23 15:47:00 +00:00
|
|
|
|
// General Objectclasses
|
2003-05-17 11:19:03 +00:00
|
|
|
|
$attr['objectClass'][0] = 'posixAccount';
|
|
|
|
|
$attr['objectClass'][1] = 'shadowAccount';
|
2003-09-17 16:57:01 +00:00
|
|
|
|
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if ($_SESSION['config']->is_samba3()) {
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$attr['objectClass'][2] = 'sambaSamAccount';
|
2003-08-10 19:46:21 +00:00
|
|
|
|
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
|
2003-08-10 19:46:21 +00:00
|
|
|
|
$attr['sambaSID'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
|
|
|
|
|
$attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-" . (2 * getgid($values->general_group) + $values->smb_domain->RIDbase +1); // sambaAccount_req
|
|
|
|
|
$attr['sambaPwdCanChange'] = time(); // sambaAccount_may
|
2003-09-17 16:57:01 +00:00
|
|
|
|
$attr['sambaPwdMustChange'] = "1893452400"; // sambaAccount_may // anywhere in year 2030
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$attr['sambaAcctFlags'] = smbflag($values); // sambaAccount_may
|
2003-09-17 17:04:43 +00:00
|
|
|
|
$attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
|
|
|
|
|
$attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$attr['objectClass'][2] = 'sambaAccount';
|
2003-08-10 19:46:21 +00:00
|
|
|
|
$attr['ntPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['lmPassword'] = 'NO PASSWORD*****';
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$attr['pwdLastSet'] = time(); // sambaAccount_may
|
|
|
|
|
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
|
|
|
|
|
$attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
|
2003-08-10 19:46:21 +00:00
|
|
|
|
$attr['pwdCanChange'] = time(); // sambaAccount_may
|
2003-09-17 16:57:01 +00:00
|
|
|
|
$attr['pwdMustChange'] = "1893452400"; // sambaAccount_may // anywhere in 2030
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
|
2003-09-17 17:04:43 +00:00
|
|
|
|
$attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
|
|
|
|
|
}
|
2003-05-17 11:19:03 +00:00
|
|
|
|
$attr['objectClass'][3] = 'account';
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
|
|
|
|
|
$attr['uid'] = $values->general_username; // posixAccount_req
|
|
|
|
|
$attr['uidNumber'] = $values->general_uidNumber; // posixAccount_req
|
|
|
|
|
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
|
|
|
|
|
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
|
2003-05-17 11:19:03 +00:00
|
|
|
|
|
2003-10-05 10:38:31 +00:00
|
|
|
|
if ($values->smb_flagsD) $attr['userPassword'] = pwd_hash('', false);
|
|
|
|
|
else $attr['userPassword'] = pwd_hash('');
|
2003-09-17 16:57:01 +00:00
|
|
|
|
|
2003-05-21 11:10:28 +00:00
|
|
|
|
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$attr['loginShell'] = $values->general_shell; // posixAccount_may
|
2003-09-25 14:14:59 +00:00
|
|
|
|
$attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos)); // posixAccount_may
|
2003-09-17 17:04:43 +00:00
|
|
|
|
$attr['description'] = utf8_encode($values->general_gecos); // posixAccount_may sambaAccount_may
|
2003-06-21 12:37:57 +00:00
|
|
|
|
if ($date!='') $attr['shadowExpire'] = $date ; // shadowAccount_may
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
2003-05-21 11:10:28 +00:00
|
|
|
|
if (!$success) return 4;
|
2003-08-18 17:41:34 +00:00
|
|
|
|
if ((isset($_SESSION['hostDN']))) {
|
|
|
|
|
$_SESSION['hostDN'][$values->general_dn]['cn'] = $values->general_username;
|
|
|
|
|
$_SESSION['hostDN'][$values->general_dn]['uidNumber'] = $values->general_uidNumber;
|
|
|
|
|
}
|
2003-05-21 11:10:28 +00:00
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2003-06-01 10:02:44 +00:00
|
|
|
|
function modifyhost($values,$values_old) { // Will modify the LDAP-Account
|
2003-08-18 18:46:33 +00:00
|
|
|
|
// 2 == Account already exists at different location
|
2003-05-21 11:10:28 +00:00
|
|
|
|
// 3 == Account has been modified
|
|
|
|
|
// 5 == Error while modifying Account
|
|
|
|
|
// Value stored in shadowExpire, days since 1.1.1970
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($values->general_username != $values_old->general_username) {
|
|
|
|
|
$attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
|
|
|
|
|
$attr['uid'] = $values->general_username; // posixAccount_req
|
2003-05-21 11:10:28 +00:00
|
|
|
|
}
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($values->general_uidNumber != $values_old->general_uidNumber) {
|
|
|
|
|
$attr['uidNumber'] = $values->general_uidNumber; // posixAccount_req
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if ($_SESSION['config']->is_samba3()) $attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
else $attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
|
2003-05-21 11:10:28 +00:00
|
|
|
|
}
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($values->general_group != $values_old->general_group) {
|
|
|
|
|
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
|
2003-09-18 13:54:02 +00:00
|
|
|
|
$change = false;
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if ($_SESSION['config']->is_samba3()) {
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if ($values->smb_mapgroup==$_SESSION['account']->smb_domain->SID . '-512') $found=true;
|
|
|
|
|
if ($values->smb_mapgroup==$_SESSION['account']->smb_domain->SID . '-513') $found=true;
|
|
|
|
|
if ($values->smb_mapgroup==$_SESSION['account']->smb_domain->SID . '-514') $found=true;
|
|
|
|
|
if (!$found) $attr['sambaPrimaryGroupSID'] = $_SESSION['account']->smb_domain->SID . "-".
|
|
|
|
|
(2 * getgid($_SESSION['account']->general_group) + $values->smb_domain->RIDbase+1);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
if ($values->smb_mapgroup== '512') $found=true;
|
|
|
|
|
if ($values->smb_mapgroup== '513') $found=true;
|
|
|
|
|
if ($values->smb_mapgroup== '514') $found=true;
|
|
|
|
|
if (!$found) $attr['primaryGroupID'] = (2 * getgid($_SESSION['account']->general_group) + 1001);
|
|
|
|
|
}
|
2003-05-21 11:10:28 +00:00
|
|
|
|
}
|
2003-09-17 16:57:01 +00:00
|
|
|
|
|
2003-10-05 10:38:31 +00:00
|
|
|
|
if ($values->smb_flagsD != $values_old->smb_flagsD) {
|
|
|
|
|
$i = 0;
|
|
|
|
|
while ($values_old->unix_password{$i} != '}') $i++;
|
|
|
|
|
$passwd = substr($values_old->unix_password, $i+1 );
|
|
|
|
|
$crypt = substr($values_old->unix_password, 0, $i+1 );
|
|
|
|
|
if ($passwd{0} == '!') $passwd = substr($passwd, 1);
|
|
|
|
|
if ($values->smb_flagsD ) $attr['userPassword'] = $crypt.'!'.$passwd;
|
|
|
|
|
else $attr['userPassword'] = $crypt.$passwd;
|
|
|
|
|
}
|
2003-08-10 19:46:21 +00:00
|
|
|
|
if ($values->smb_password_no) {
|
2003-10-05 10:38:31 +00:00
|
|
|
|
if ($values->smb_flagsD) $attr['userPassword'] = pwd_hash('', false);
|
|
|
|
|
else $attr['userPassword'] = pwd_hash('');
|
|
|
|
|
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
2003-05-21 11:10:28 +00:00
|
|
|
|
}
|
2003-08-10 19:46:21 +00:00
|
|
|
|
|
2003-09-17 16:57:01 +00:00
|
|
|
|
// Add missing objectclasses to group
|
|
|
|
|
if (!in_array('posixAccount', $values->general_objectClass)) {
|
|
|
|
|
$attr['objectClass'] = $values->general_objectClass;
|
|
|
|
|
$attr['objectClass'][] = 'posixAccount';
|
|
|
|
|
}
|
2003-09-18 13:54:02 +00:00
|
|
|
|
if (!in_array('shadowAccount', $values->general_objectClass)) {
|
2003-09-17 16:57:01 +00:00
|
|
|
|
if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
|
|
|
|
|
$attr['objectClass'][] = 'shadowAccount';
|
|
|
|
|
}
|
|
|
|
|
|
2003-09-17 17:04:43 +00:00
|
|
|
|
if ($values->smb_displayName != $values_old->smb_displayName)
|
|
|
|
|
$attr['displayName'] = utf8_encode($values->smb_displayName);
|
2003-09-17 16:57:01 +00:00
|
|
|
|
|
|
|
|
|
// Add or convert samba attributes & object to samba 3
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if (($_SESSION['config']->is_samba3()) && (!in_array('sambaSamAccount', $values->general_objectClass))) {
|
2003-09-17 16:57:01 +00:00
|
|
|
|
if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
|
|
|
|
|
$attr['objectClass'][] = 'sambaSamAccount';
|
|
|
|
|
// unset old sambaAccount objectClass
|
|
|
|
|
for ($i=0; $i<count($attr['objectClass']); $i++)
|
|
|
|
|
if ($attr['objectClass'][$i]=='sambaAccount') unset($attr['objectClass'][$i]);
|
|
|
|
|
$attr['objectClass'] = array_values($attr['objectClass']);
|
|
|
|
|
// Set correct values for new objectclass
|
|
|
|
|
// Load old samba-values not stored in account object
|
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
|
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
|
|
|
|
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
if (isset($attr_old['lmPassword'][0])) $attr['sambaLMPassword'] = $attr_old['lmPassword'][0];
|
|
|
|
|
if (isset($attr_old['ntPassword'][0])) $attr['sambaNTPassword'] = $attr_old['ntPassword'][0];
|
|
|
|
|
if (isset($attr_old['pwdLastSet'][0])) $attr['sambaPwdLastSet'] = $attr_old['pwdLastSet'][0];
|
|
|
|
|
if (isset($attr_old['logonTime'][0])) $attr['sambaLogonTime'] = $attr_old['logonTime'][0];
|
|
|
|
|
if (isset($attr_old['logoffTime'][0])) $attr['sambaLogoffTime'] = $attr_old['logoffTime'][0];
|
|
|
|
|
if (isset($attr_old['kickoffTime'][0])) $attr['sambaKickoffTime'] = $attr_old['kickoffTime'][0];
|
|
|
|
|
if (isset($attr_old['pwdCanChange'][0])) $attr['sambaPwdCanChange'] = $attr_old['pwdCanChange'][0];
|
|
|
|
|
if (isset($attr_old['pwdMustChange'][0])) $attr['sambaPwdMustChange'] = $attr_old['pwdMustChange'][0];
|
|
|
|
|
if (isset($attr_old['smbHome'][0])) $attr['sambaHomePath'] = $attr_old['smbHome'][0];
|
|
|
|
|
if (isset($attr_old['homeDrive'][0])) $attr['sambaHomeDrive'] = $attr_old['homeDrive'][0];
|
|
|
|
|
if (isset($attr_old['scriptPath'][0])) $attr['sambaLogonScript'] = $attr_old['scriptPath'][0];
|
|
|
|
|
if (isset($attr_old['profilePath'][0])) $attr['sambaProfilePath'] = $attr_old['profilePath'][0];
|
|
|
|
|
if (isset($attr_old['userWorkstations'][0])) $attr['sambaUserWorkstations'] = $attr_old['userWorkstations'][0];
|
|
|
|
|
// Values used from account object
|
2003-09-17 17:04:43 +00:00
|
|
|
|
$attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
|
2003-09-17 16:57:01 +00:00
|
|
|
|
$attr['sambaAcctFlags'] = smbflag($values); // sambaAccount_may
|
|
|
|
|
$attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
|
|
|
|
|
$attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase); // sambaAccount_may
|
|
|
|
|
$attr['sambaPrimaryGroupSID'] = $values->smb_domain->SID . "-" . (2 * getgid($values->general_group) + $values->smb_domain->RIDbase +1); // sambaAccount_req
|
|
|
|
|
// remove old attributes
|
|
|
|
|
if (in_array('sambaAccount', $attr_old['objectClass'])) $attr_rem['objectClass'] = 'sambaAccount';
|
|
|
|
|
if (isset($attr_old['lmPassword'][0])) $attr_rem['lmPassword'] = $attr_old['lmPassword'][0];
|
|
|
|
|
if (isset($attr_old['ntPassword'][0])) $attr_rem['ntPassword'] = $attr_old['ntPassword'][0];
|
|
|
|
|
if (isset($attr_old['pwdLastSet'][0])) $attr_rem['pwdLastSet'] = $attr_old['pwdLastSet'][0];
|
|
|
|
|
if (isset($attr_old['logonTime'][0])) $attr_rem['logonTime'] = $attr_old['logonTime'][0];
|
|
|
|
|
if (isset($attr_old['kickoffTime'][0])) $attr_rem['kickoffTime'] = $attr_old['kickoffTime'][0];
|
|
|
|
|
if (isset($attr_old['pwdCanChange'][0])) $attr_rem['pwdCanChange'] = $attr_old['pwdCanChange'][0];
|
|
|
|
|
if (isset($attr_old['pwdMustChange'][0])) $attr_rem['pwdMustChange'] = $attr_old['pwdMustChange'][0];
|
|
|
|
|
if (isset($attr_old['smbHome'][0])) $attr_rem['smbHome'] = $attr_old['smbHome'][0];
|
|
|
|
|
if (isset($attr_old['acctFlags'][0])) $attr_rem['acctFlags'] = $attr_old['acctFlags'][0];
|
|
|
|
|
if (isset($attr_old['homeDrive'][0])) $attr_rem['homeDrive'] = $attr_old['homeDrive'][0];
|
|
|
|
|
if (isset($attr_old['scriptPath'][0])) $attr_rem['scriptPath'] = $attr_old['scriptPath'][0];
|
|
|
|
|
if (isset($attr_old['profilePath'][0])) $attr_rem['profilePath'] = $attr_old['profilePath'][0];
|
|
|
|
|
if (isset($attr_old['userWorkstations'][0])) $attr_rem['userWorkstations'] = $attr_old['userWorkstations'][0];
|
|
|
|
|
if (isset($attr_old['primaryGroupID'][0])) $attr_rem['primaryGroupID'] = $attr_old['primaryGroupID'][0];
|
|
|
|
|
if (isset($attr_old['domain'][0])) $attr_rem['domain'] = $attr_old['domain'][0];
|
|
|
|
|
if (isset($attr_old['rid'][0])) $attr_rem['rid'] = $attr_old['rid'][0];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Add or convert samba attributes & object to samba 2.2
|
|
|
|
|
if (($_SESSION['config']->samba3 == 'no') && (!in_array('sambaAccount', $values->general_objectClass))) {
|
|
|
|
|
if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
|
|
|
|
|
$attr['objectClass'][] = 'sambaAccount';
|
|
|
|
|
// unset old sambaAccount objectClass
|
|
|
|
|
for ($i=0; $i<count($attr['objectClass']); $i++)
|
|
|
|
|
if ($attr['objectClass'][$i]=='sambaSamAccount') unset($attr['objectClass'][$i]);
|
|
|
|
|
$attr['objectClass'] = array_values($attr['objectClass']);
|
|
|
|
|
// Set correct values for new objectclass
|
|
|
|
|
// Load old samba-values not stored in account object
|
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
|
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
|
|
|
|
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
|
|
|
|
if (isset($attr_old['sambaLMPassword'][0])) $attr['lmPassword'] = $attr_old['sambaLMPassword'][0];
|
|
|
|
|
if (isset($attr_old['sambaNTPassword'][0])) $attr['ntPassword'] = $attr_old['sambaNTPassword'][0];
|
|
|
|
|
if (isset($attr_old['sambaPwdLastSet'][0])) $attr['pwdLastSet'] = $attr_old['sambaPwdLastSet'][0];
|
|
|
|
|
if (isset($attr_old['sambaLogonTime'][0])) $attr['logonTime'] = $attr_old['sambaLogonTime'][0];
|
|
|
|
|
if (isset($attr_old['sambaLogoffTime'][0])) $attr['logoffTime'] = $attr_old['sambaLogoffTime'][0];
|
|
|
|
|
if (isset($attr_old['sambaKickoffTime'][0])) $attr['kickoffTime'] = $attr_old['sambaKickoffTime'][0];
|
|
|
|
|
if (isset($attr_old['sambaPwdCanChange'][0])) $attr['pwdCanChange'] = $attr_old['sambaPwdCanChange'][0];
|
|
|
|
|
if (isset($attr_old['sambaPwdMustChange'][0])) $attr['pwdMustChange'] = $attr_old['sambaPwdMustChange'][0];
|
|
|
|
|
if (isset($attr_old['sambaHomePath'][0])) $attr['smbHome'] = $attr_old['sambaHomePath'][0];
|
|
|
|
|
if (isset($attr_old['sambaHomeDrive'][0])) $attr['homeDrive'] = $attr_old['sambaHomeDrive'][0];
|
|
|
|
|
if (isset($attr_old['sambaLogonScript'][0])) $attr['scriptPath'] = $attr_old['sambaLogonScript'][0];
|
|
|
|
|
if (isset($attr_old['sambaProfilePath'][0])) $attr['profilePath'] = $attr_old['sambaProfilePath'][0];
|
|
|
|
|
if (isset($attr_old['sambaUserWorkstations'][0])) $attr['userWorkstations'] = $attr_old['sambaUserWorkstations'][0];
|
|
|
|
|
// Values used from account object
|
2003-09-17 17:04:43 +00:00
|
|
|
|
$attr['displayName'] = utf8_encode($values->smb_displayName); // sambaAccount_may
|
2003-09-17 16:57:01 +00:00
|
|
|
|
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
|
|
|
|
|
if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
|
|
|
|
|
$attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
|
|
|
|
|
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
|
|
|
|
|
|
|
|
|
|
// remove old attributes
|
|
|
|
|
if (in_array('sambaSamAccount', $attr_old['objectClass'])) $attr_rem['objectClass'] = 'sambaSamAccount';
|
|
|
|
|
if (isset($attr_old['sambaLMPassword'][0])) $attr_rem['sambaLMPassword'] = $attr_old['sambaLMPassword'][0];
|
|
|
|
|
if (isset($attr_old['sambaNTPassword'][0])) $attr_rem['sambaNTPassword'] = $attr_old['sambaNTPassword'][0];
|
|
|
|
|
if (isset($attr_old['sambaPwdLastSet'][0])) $attr_rem['sambaPwdLastSet'] = $attr_old['sambaPwdLastSet'][0];
|
|
|
|
|
if (isset($attr_old['sambaLogonTime'][0])) $attr_rem['sambaLogonTime'] = $attr_old['sambaLogonTime'][0];
|
|
|
|
|
if (isset($attr_old['sambaKickoffTime'][0])) $attr_rem['sambaKickoffTime'] = $attr_old['sambaKickoffTime'][0];
|
|
|
|
|
if (isset($attr_old['sambaPwdCanChange'][0])) $attr_rem['sambaPwdCanChange'] = $attr_old['sambaPwdCanChange'][0];
|
|
|
|
|
if (isset($attr_old['sambaPwdMustChange'][0])) $attr_rem['sambaPwdMustChange'] = $attr_old['sambaPwdMustChange'][0];
|
|
|
|
|
if (isset($attr_old['sambaHomePath'][0])) $attr_rem['sambaHomePath'] = $attr_old['sambaHomePAth'][0];
|
|
|
|
|
if (isset($attr_old['sambaAcctFlags'][0])) $attr_rem['sambaAcctFlags'] = $attr_old['sambaAcctFlags'][0];
|
|
|
|
|
if (isset($attr_old['sambaHomeDrive'][0])) $attr_rem['sambaHomeDrive'] = $attr_old['sambaHomeDrive'][0];
|
|
|
|
|
if (isset($attr_old['sambaLogonScript'][0])) $attr_rem['sambaLogonScript'] = $attr_old['sambaLogonScript'][0];
|
|
|
|
|
if (isset($attr_old['sambaProfilePath'][0])) $attr_rem['sambaProfilePath'] = $attr_old['sambaProfilePath'][0];
|
|
|
|
|
if (isset($attr_old['sambaUserWorkstations'][0])) $attr_rem['sambaUserWorkstations'] = $attr_old['sambaUserWorkstations'][0];
|
|
|
|
|
if (isset($attr_old['sambaPrimaryGroupID'][0])) $attr_rem['sambaPrimaryGroupID'] = $attr_old['sambaPrimaryGroupID'][0];
|
|
|
|
|
if (isset($attr_old['sambaDomainName'][0])) $attr_rem['sambaDomainName'] = $attr_old['sambaDomainName'][0];
|
|
|
|
|
if (isset($attr_old['sambaSID'][0])) $attr_rem['sambaSID'] = $attr_old['sambaSID'][0];
|
|
|
|
|
}
|
|
|
|
|
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if ($_SESSION['config']->is_samba3()) {
|
2003-09-17 16:57:01 +00:00
|
|
|
|
// Reset password
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if ($values->smb_password_no) {
|
|
|
|
|
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
|
2003-09-17 16:57:01 +00:00
|
|
|
|
$attr['userPassword'] = '';
|
|
|
|
|
$attr['shadowLastChange'] = getdays();
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
2003-10-17 09:30:13 +00:00
|
|
|
|
if (smbflag($values) != smbflag($values_old)) $attr['sambaAcctFlags'] = smbflag($values); // sambaAccount_may
|
2003-09-17 16:57:01 +00:00
|
|
|
|
if ($values->smb_domain->name!=$values_old->smb_domain->name) $attr['sambaDomainName'] = $values->smb_domain->name; // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
}
|
2003-09-17 16:57:01 +00:00
|
|
|
|
// samba 2.2
|
|
|
|
|
else {
|
|
|
|
|
if ($values->smb_password_no) {
|
|
|
|
|
$attr['ntPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['lmPassword'] = 'NO PASSWORD*****';
|
|
|
|
|
$attr['pwdLastSet'] = time(); // sambaAccount_may
|
|
|
|
|
$attr['userPassword'] = '';
|
|
|
|
|
$attr['shadowLastChange'] = getdays();
|
|
|
|
|
}
|
|
|
|
|
if (isset($attr_old['sambaSID'][0])) $attr_rem['sambaSID'] = $attr_old['sambaSID'][0];
|
2003-10-17 09:30:13 +00:00
|
|
|
|
if (smbflag($values) != smbflag($values_old)) $attr['acctFlags'] = smbflag($values); // sambaAccount_may
|
2003-06-26 16:26:06 +00:00
|
|
|
|
if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['domain'] = $values->smb_domain; // sambaAccount_may
|
|
|
|
|
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['domain'] = $values_old->smb_domain; // sambaAccount_may
|
|
|
|
|
}
|
|
|
|
|
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($values->general_gecos != $values_old->general_gecos) {
|
2003-09-25 14:14:59 +00:00
|
|
|
|
$attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos)); // posixAccount_may
|
2003-09-17 17:04:43 +00:00
|
|
|
|
$attr['description'] = utf8_encode($values->general_gecos); // posixAccount_may sambaAccount_may
|
2003-05-21 11:10:28 +00:00
|
|
|
|
}
|
2003-08-10 19:46:21 +00:00
|
|
|
|
|
2003-08-12 19:45:24 +00:00
|
|
|
|
|
2003-05-31 10:52:15 +00:00
|
|
|
|
if ($attr_rem) {
|
2003-06-28 13:14:45 +00:00
|
|
|
|
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
|
2003-05-31 10:52:15 +00:00
|
|
|
|
if (!$success) return 5;
|
|
|
|
|
}
|
2003-06-28 13:38:18 +00:00
|
|
|
|
if ($attr) {
|
|
|
|
|
$success = ldap_modify($_SESSION['ldap']->server(),$values_old->general_dn, $attr);
|
|
|
|
|
if (!$success) return 5;
|
|
|
|
|
}
|
|
|
|
|
if ($values->general_dn != $values_old->general_dn) {// Hostname hasn't changed
|
2003-08-12 19:45:24 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixAccount");
|
2003-06-08 10:33:37 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
2003-06-28 13:14:45 +00:00
|
|
|
|
// remove "count" from array
|
|
|
|
|
unset($attr_old['count']);
|
|
|
|
|
for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
|
|
|
|
|
$keys = array_keys($attr_old);
|
|
|
|
|
for ($i=0; $i < sizeof($keys); $i++)
|
|
|
|
|
unset($attr_old[$keys[$i]]['count']);
|
2003-06-08 10:33:37 +00:00
|
|
|
|
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
|
|
|
|
|
if ($success) $success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
|
2003-08-12 19:45:24 +00:00
|
|
|
|
if (!$success) return 5;
|
2003-06-08 10:33:37 +00:00
|
|
|
|
}
|
2003-08-18 17:41:34 +00:00
|
|
|
|
if ((isset($_SESSION['hostDN']))) {
|
|
|
|
|
if ($values->general_dn != $values_old->general_dn) {
|
|
|
|
|
unset ($_SESSION['hostDN'][$values_old->general_dn]);
|
|
|
|
|
}
|
|
|
|
|
$_SESSION['hostDN'][$values->general_dn]['cn'] = $values->general_username;
|
|
|
|
|
$_SESSION['hostDN'][$values->general_dn]['uidNumber'] = $values->general_uidNumber;
|
|
|
|
|
}
|
2003-05-21 11:10:28 +00:00
|
|
|
|
return 3;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-05-21 11:10:28 +00:00
|
|
|
|
|
2003-06-01 10:02:44 +00:00
|
|
|
|
function creategroup($values) { // Will create the LDAP-Group
|
2003-08-18 18:46:33 +00:00
|
|
|
|
// 2 == Group already exists at different location
|
2003-04-23 15:47:00 +00:00
|
|
|
|
// 1 == Group has been created
|
|
|
|
|
// 3 == Group has been modified
|
|
|
|
|
// 4 == Error while creating Group
|
|
|
|
|
// 5 == Error while modifying Group
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$values->general_dn = 'cn=' . $values->general_username . ',' . $values->general_dn;
|
2003-06-30 12:06:44 +00:00
|
|
|
|
$attr['objectClass'][0] = 'posixGroup';
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$attr['cn'] = $values->general_username;
|
|
|
|
|
$attr['gidNumber'] = $values->general_uidNumber;
|
2003-09-16 12:44:28 +00:00
|
|
|
|
if ($values->general_gecos) $attr['description'] = utf8_encode($values->general_gecos);
|
2003-09-16 15:20:48 +00:00
|
|
|
|
if ($_SESSION['config']->samba3 =='yes') {
|
2003-06-30 12:06:44 +00:00
|
|
|
|
$attr['sambaSID'] = $values->smb_mapgroup;
|
2003-08-28 18:37:27 +00:00
|
|
|
|
$attr['objectClass'][1] = 'sambaGroupMapping';
|
2003-06-30 12:06:44 +00:00
|
|
|
|
$attr['sambaGroupType'] = '2';
|
2003-09-16 12:44:28 +00:00
|
|
|
|
if ($values->smb_displayName) $attr['displayName'] = utf8_encode($values->smb_displayName);
|
2003-06-30 12:06:44 +00:00
|
|
|
|
}
|
2003-10-19 17:04:49 +00:00
|
|
|
|
if (is_array($values->unix_memberUid)) foreach ($values->unix_memberUid as $user)
|
2003-10-07 17:52:51 +00:00
|
|
|
|
$attr['memberUid'][] = $user;
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
2003-10-17 07:58:43 +00:00
|
|
|
|
if (!$success) return 4;
|
2003-10-19 17:04:49 +00:00
|
|
|
|
if ($_SESSION['config']->scriptServer && is_array($values->quota)) setquotas($values);
|
2003-10-17 07:58:43 +00:00
|
|
|
|
// Add entry to cache-array
|
|
|
|
|
if ((isset($_SESSION['groupDN']))) {
|
|
|
|
|
$_SESSION['groupDN'][$values->general_dn]['cn'] = $values->general_username;
|
|
|
|
|
$_SESSION['groupDN'][$values->general_dn]['uidNumber'] = $values->general_uidNumber;
|
2003-08-18 11:16:37 +00:00
|
|
|
|
}
|
2003-10-17 07:58:43 +00:00
|
|
|
|
return 1;
|
2003-05-21 11:10:28 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-06-01 10:02:44 +00:00
|
|
|
|
function modifygroup($values,$values_old) { // Will modify the LDAP-Group
|
2003-08-18 18:46:33 +00:00
|
|
|
|
// 2 == Group already exists at different location
|
2003-05-21 11:10:28 +00:00
|
|
|
|
// 3 == Group has been modified
|
|
|
|
|
// 5 == Error while modifying Group
|
2003-06-26 16:26:06 +00:00
|
|
|
|
$values->general_dn = 'cn=' . $values->general_username . ',' . $values->general_dn;
|
2003-06-15 19:28:15 +00:00
|
|
|
|
|
2003-06-01 10:02:44 +00:00
|
|
|
|
if ($values->general_username != $values_old->general_username) $attr['cn'] = $values->general_username;
|
2003-09-17 16:57:01 +00:00
|
|
|
|
// Set correct SID if UID was changed
|
|
|
|
|
if ($values->general_uidNumber != $values_old->general_uidNumber) {
|
|
|
|
|
$attr['uidNumber'] = $values->general_uidNumber; // posixAccount_req
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if ($_SESSION['config']->is_samba3()) $attr['sambaSid'] = $values->smb_domain->SID . "-" . (2 * $values->general_uidNumber + $values->smb_domain->RIDbase +1); // sambaAccount_may
|
2003-09-17 16:57:01 +00:00
|
|
|
|
else $attr['rid'] = (2 * $values->general_uidNumber + 1001); // sambaAccount_may
|
|
|
|
|
}
|
|
|
|
|
|
2003-09-16 12:44:28 +00:00
|
|
|
|
if ($values->general_gecos != $values_old->general_gecos) $attr['description'] = utf8_encode($values->general_gecos);
|
|
|
|
|
|
2003-09-17 17:04:43 +00:00
|
|
|
|
if ($values->smb_displayName != $values_old->smb_displayName)
|
2003-09-16 12:44:28 +00:00
|
|
|
|
$attr['displayName'] = utf8_encode($values->smb_displayName);
|
|
|
|
|
|
2003-06-30 12:06:44 +00:00
|
|
|
|
if ($_SESSION['config']->samba3 =='yes') {
|
|
|
|
|
if ($values->smb_mapgroup != $values_old->smb_mapgroup)
|
|
|
|
|
$attr['sambaSID'] = $values->smb_mapgroup;
|
|
|
|
|
}
|
2003-09-01 16:04:43 +00:00
|
|
|
|
|
|
|
|
|
if (($values->unix_memberUid != $values_old->unix_memberUid)) {
|
2003-09-11 16:55:57 +00:00
|
|
|
|
if (count($values->unix_memberUid)==0) $attr_rem['memberUid'] = $values_old->unix_memberUid;
|
|
|
|
|
else $attr['memberUid'] = $values->unix_memberUid;
|
2003-09-01 16:04:43 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-09-16 15:20:48 +00:00
|
|
|
|
|
|
|
|
|
// Add missing objectclasses to group
|
|
|
|
|
if (!in_array('posixGroup', $values->general_objectClass)) {
|
|
|
|
|
$attr['objectClass'] = $values->general_objectClass;
|
|
|
|
|
$attr['objectClass'][] = 'posixGroup';
|
|
|
|
|
}
|
2003-09-20 10:15:24 +00:00
|
|
|
|
if (($_SESSION['config']->is_samba3()) && (!in_array('sambaGroupMapping', $values->general_objectClass))) {
|
2003-09-16 15:20:48 +00:00
|
|
|
|
if (!isset($attr['objectClass'])) $attr['objectClass'] = $values->general_objectClass;
|
|
|
|
|
$attr['objectClass'][] = 'sambaGroupMapping';
|
2003-09-16 16:14:43 +00:00
|
|
|
|
$attr['sambaGroupType'] = '2';
|
2003-09-16 15:20:48 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($attr_rem) { // Remove attributes not longer valid
|
2003-06-30 12:06:44 +00:00
|
|
|
|
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
|
|
|
|
|
if (!$success) return 5;
|
|
|
|
|
}
|
2003-09-16 15:20:48 +00:00
|
|
|
|
|
|
|
|
|
if ($attr) { // Add /replace new attributes
|
2003-09-01 16:04:43 +00:00
|
|
|
|
$success = ldap_modify($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
2003-06-28 13:38:18 +00:00
|
|
|
|
if (!$success) return 5;
|
|
|
|
|
}
|
2003-09-16 15:20:48 +00:00
|
|
|
|
|
2003-06-28 13:38:18 +00:00
|
|
|
|
if ($values->general_dn != $values_old->general_dn) {// Groupname hasn't changed
|
2003-08-12 19:45:24 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixGroup");
|
2003-05-21 11:10:28 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
2003-06-28 13:14:45 +00:00
|
|
|
|
// remove "count" from array
|
|
|
|
|
unset($attr_old['count']);
|
|
|
|
|
for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
|
|
|
|
|
$keys = array_keys($attr_old);
|
|
|
|
|
for ($i=0; $i < sizeof($keys); $i++)
|
|
|
|
|
unset($attr_old[$keys[$i]]['count']);
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
|
|
|
|
|
if ($success) ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
|
|
|
|
|
if ($success) $success = ldap_mod_replace($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
2003-08-12 19:45:24 +00:00
|
|
|
|
if (!$success) return 5;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
2003-09-16 12:44:28 +00:00
|
|
|
|
|
2003-09-16 15:20:48 +00:00
|
|
|
|
if ( $_SESSION['final_changegids']==true ) { // Chnage GIDs of all users which are member of group
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(), 'gidNumber=' . $values_old->general_uidNumber, array('gidNumber'));
|
2003-05-21 11:10:28 +00:00
|
|
|
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
|
|
|
|
while ($entry) {
|
2003-06-01 10:02:44 +00:00
|
|
|
|
$user['gidNumber'][0] = $values->general_uidNumber;
|
2003-10-17 09:30:13 +00:00
|
|
|
|
$success =ldap_modify($_SESSION['ldap']->server(), ldap_get_dn($_SESSION['ldap']->server(), $entry), $user);
|
2003-05-21 11:10:28 +00:00
|
|
|
|
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
2003-10-17 09:30:13 +00:00
|
|
|
|
if (!$success) return 5;
|
2003-10-19 17:04:49 +00:00
|
|
|
|
if ($_SESSION['config']->scriptServer && is_array($values->quota)) setquotas($values,$values_old);
|
2003-09-16 15:20:48 +00:00
|
|
|
|
if ((isset($_SESSION['groupDN']))) { // refresh group-cache array
|
2003-08-18 17:41:34 +00:00
|
|
|
|
if ($values->general_dn != $values_old->general_dn) {
|
|
|
|
|
unset ($_SESSION['groupDN'][$values_old->general_dn]);
|
|
|
|
|
}
|
|
|
|
|
$_SESSION['groupDN'][$values->general_dn]['cn'] = $values->general_username;
|
|
|
|
|
$_SESSION['groupDN'][$values->general_dn]['uidNumber'] = $values->general_uidNumber;
|
|
|
|
|
}
|
2003-05-31 10:52:15 +00:00
|
|
|
|
return 3;
|
2003-04-23 15:47:00 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-05-21 11:10:28 +00:00
|
|
|
|
|
2003-04-23 15:47:00 +00:00
|
|
|
|
?>
|