WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
LDAPAccountManager/lam/lib/modules/shadowAccount.inc

964 lines
41 KiB
PHP
Raw Normal View History

Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
<?php
/*
$Id$
new homepage
2009-10-27 18:47:12 +00:00
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright updates
2006-03-03 17:30:35 +00:00
Copyright (C) 2003 - 2006 Tilo Lutz
fixed problem with autoload in tree view
2016-01-05 16:55:01 +00:00
Copyright (C) 2007 - 2016 Roland Gruber
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
PHPDoc updates
2005-07-21 10:33:02 +00:00
/**
* Manages Unix shadow accounts for users.
*
* @package modules
*
* @author Tilo Lutz
* @author Roland Gruber
* @author Michael Duergner
*/
/**
* Manages the object class "shadowAccount" for users.
*
* @package modules
*/
added central password service
2009-10-09 18:21:12 +00:00
class shadowAccount extends baseModule implements passwordService {
responsive self service
2015-08-06 19:20:54 +00:00
made shadowAccount optional
2008-10-21 18:47:45 +00:00
/**
* Creates a new shadowAccount object.
*
* @param string $scope account type (user, group, host)
*/
function __construct($scope) {
// call parent constructor
parent::__construct($scope);
$this->autoAddObjectClasses = false;
}
moved can_manage() to baseModule
2004-06-13 19:58:58 +00:00
code cleanup: added parent function for module_ready() and module_complete() which always return true to baseModule
2005-08-13 09:19:40 +00:00
/**
* This function builds up the message array.
*/
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
function load_Messages() {
// error messages for input checks
fixed descriptions
2006-07-29 15:13:08 +00:00
$this->messages['shadowMin'][0] = array('ERROR', _('Minimum password age'), _('Password minimum age must be are natural number.'));
added upload
2004-11-08 19:48:39 +00:00
$this->messages['shadowMin'][1] = array('ERROR', _('Account %s:') . ' shadowAccount_minAge', _('Password minimum age must be are natural number.'));
fixed descriptions
2006-07-29 15:13:08 +00:00
$this->messages['shadowMax'][0] = array('ERROR', _('Maximum password age'), _('Password maximum age must be are natural number.'));
added upload
2004-11-08 19:48:39 +00:00
$this->messages['shadowMax'][1] = array('ERROR', _('Account %s:') . ' shadowAccount_maxAge', _('Password maximum age must be are natural number.'));
translation update
2004-11-10 14:00:00 +00:00
$this->messages['inactive'][0] = array('ERROR', _('Password expiration'), _('Password expiration must be are natural number or -1.'));
$this->messages['inactive'][1] = array('ERROR', _('Account %s:') . ' shadowAccount_ignoreExpire', _('Password expiration must be are natural number or -1.'));
added upload
2004-11-08 19:48:39 +00:00
$this->messages['shadowWarning'][0] = array('ERROR', _('Password warning'), _('Password warning must be are natural number.'));
$this->messages['shadowWarning'][1] = array('ERROR', _('Account %s:') . ' shadowAccount_warning', _('Password warning must be are natural number.'));
fixed typo
2010-03-07 15:50:38 +00:00
$this->messages['shadow_cmp'][0] = array('ERROR', _('Maximum password age'), _('Password maximum age must be bigger than password minimum age.'));
added upload
2004-11-08 19:48:39 +00:00
$this->messages['shadow_cmp'][1] = array('ERROR', _('Account %s:') . ' shadowAccount_min/maxAge', _('Password maximum age must be bigger as password minimum age.'));
$this->messages['shadow_expireDate'][0] = array('ERROR', _('Account %s:') . ' shadowAccount_expireDate', _('The expiration date is invalid.'));
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
}
removed $post parameter
2006-08-14 17:24:27 +00:00
made can_manage() abstract in baseModule to save memory
2014-04-20 13:00:42 +00:00
/**
* Returns true if this module can manage accounts of the current type, otherwise false.
responsive self service
2015-08-06 19:20:54 +00:00
*
made can_manage() abstract in baseModule to save memory
2014-04-20 13:00:42 +00:00
* @return boolean true if module fits
*/
public function can_manage() {
return in_array($this->get_scope(), array('user'));
}
moved can_manage() to baseModule
2004-06-13 19:58:58 +00:00
/**
* Returns meta data that is interpreted by parent class
*
* @return array array with meta data
responsive self service
2015-08-06 19:20:54 +00:00
*
documented meta data in PHPDoc
2008-02-03 14:28:28 +00:00
* @see baseModule::get_metaData()
moved can_manage() to baseModule
2004-06-13 19:58:58 +00:00
*/
function get_metaData() {
$return = array();
added icons for modules
2007-11-19 18:42:03 +00:00
// icon
bigger icons
2007-12-01 12:34:52 +00:00
$return['icon'] = 'keyBig.png';
moved get_alias() to baseModule
2004-06-14 16:05:36 +00:00
// alias name
$return["alias"] = _('Shadow');
moved dependencies to meta data
2004-06-20 17:32:02 +00:00
// module dependencies
$return['dependencies'] = array('depends' => array('posixAccount'), 'conflicts' => array());
added fix for wrong spelled object classes
2006-04-05 15:48:27 +00:00
// managed object classes
$return['objectClasses'] = array('shadowAccount');
new attribute loading mechanism
2006-05-13 08:55:31 +00:00
// managed attributes
changed Unix password management
2006-09-03 12:41:22 +00:00
$return['attributes'] = array('shadowLastChange', 'shadowMin', 'shadowMax', 'shadowWarning',
allow to remove extension
2009-12-18 21:02:21 +00:00
'shadowInactive', 'shadowExpire', 'shadowFlag');
added profile check
2004-07-04 15:18:53 +00:00
// lists for expiration date
support to set no expiration date in profile
2015-03-27 21:15:20 +00:00
$day = array('-'); $mon = array('-'); $year = array('-');
added profile check
2004-07-04 15:18:53 +00:00
for ( $i=1; $i<=31; $i++ ) $day[] = $i;
for ( $i=1; $i<=12; $i++ ) $mon[] = $i;
for ( $i=2003; $i<=2030; $i++ ) $year[] = $i;
use new meta HTML
2010-08-02 19:24:58 +00:00
$profileOptionsTable = new htmlTable();
// auto add extension
$profileOptionsTable->addElement(new htmlTableExtendedInputCheckbox('shadowAccount_addExt', false, _('Automatically add this extension'), 'autoAdd'), true);
// password warning
$profilePwdWarning = new htmlTableExtendedInputField(_('Password warning'), 'shadowAccount_shadowWarning', null, 'shadowWarning');
$profilePwdWarning->setFieldSize(5);
$profilePwdWarning->setFieldMaxLength(4);
$profileOptionsTable->addElement($profilePwdWarning, true);
// password expiration
$profilePwdExpiration = new htmlTableExtendedInputField(_('Password expiration'), 'shadowAccount_shadowInactive', null, 'shadowInactive');
$profilePwdExpiration->setFieldSize(5);
$profilePwdExpiration->setFieldMaxLength(4);
$profileOptionsTable->addElement($profilePwdExpiration, true);
// minimum password age
$profilePwdMinAge = new htmlTableExtendedInputField(_('Minimum password age'), 'shadowAccount_shadowMin', null, 'shadowMin');
$profilePwdMinAge->setFieldSize(5);
$profilePwdMinAge->setFieldMaxLength(5);
$profileOptionsTable->addElement($profilePwdMinAge, true);
// maximum password age
$profilePwdMinAge = new htmlTableExtendedInputField(_('Maximum password age'), 'shadowAccount_shadowMax', null, 'shadowMax');
$profilePwdMinAge->setFieldSize(5);
$profilePwdMinAge->setFieldMaxLength(5);
$profileOptionsTable->addElement($profilePwdMinAge, true);
// expiration date
$profileOptionsTable->addElement(new htmlOutputText(_('Account expiration date')));
$profileOptionsExpire = new htmlTable();
support to set no expiration date in profile
2015-03-27 21:15:20 +00:00
$profileOptionsExpire->addElement(new htmlSelect('shadowAccount_shadowExpire_day', $day, array('-')));
$profileOptionsExpire->addElement(new htmlSelect('shadowAccount_shadowExpire_mon', $mon, array('-')));
$profileOptionsExpire->addElement(new htmlSelect('shadowAccount_shadowExpire_yea', $year, array('-')));
use new meta HTML
2010-08-02 19:24:58 +00:00
$profileOptionsTable->addElement($profileOptionsExpire);
$profileOptionsTable->addElement(new htmlHelpLink('shadowExpire'));
$return['profile_options'] = $profileOptionsTable;
added integer comparison for profile options
2004-07-13 14:51:28 +00:00
// profile checks
use preg-checks
2004-09-26 15:55:29 +00:00
$return['profile_checks']['shadowAccount_shadowMin'] = array(
'type' => 'ext_preg',
'regex' => 'digit',
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
'error_message' => $this->messages['shadowMin'][0]);
use preg-checks
2004-09-26 15:55:29 +00:00
$return['profile_checks']['shadowAccount_shadowMax'] = array(
'type' => 'ext_preg',
'regex' => 'digit',
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
'error_message' => $this->messages['shadowMax'][0]);
use preg-checks
2004-09-26 15:55:29 +00:00
$return['profile_checks']['shadowAccount_cmp'] = array(
'type' => 'int_greater',
'cmp_name1' => 'shadowAccount_shadowMax',
'cmp_name2' => 'shadowAccount_shadowMin',
'error_message' => $this->messages['shadow_cmp'][0]);
$return['profile_checks']['shadowAccount_shadowInactive'] = array(
'type' => 'ext_preg',
'regex' => 'digit2',
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
'error_message' => $this->messages['inactive'][0]);
use preg-checks
2004-09-26 15:55:29 +00:00
$return['profile_checks']['shadowAccount_shadowWarning'] = array(
'type' => 'ext_preg',
'regex' => 'digit',
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
'error_message' => $this->messages['shadowWarning'][0]);
implemented profile loading
2005-01-29 15:14:13 +00:00
// profile mappings
$return['profile_mappings'] = array(
'shadowAccount_shadowWarning' => 'shadowWarning',
'shadowAccount_shadowInactive' => 'shadowInactive',
'shadowAccount_shadowMin' => 'shadowMin',
'shadowAccount_shadowMax' => 'shadowMax'
);
PHPDoc coments added; refactored some things by using the meta array;
2004-08-17 15:16:17 +00:00
// available PDF fields
*** empty log message ***
2004-10-30 16:46:06 +00:00
$return['PDF_fields'] = array(
implemented descriptive PDF fields
2010-04-05 10:13:37 +00:00
'shadowLastChange' => _('Last password change'),
'shadowWarning' => _('Password warning'),
'shadowInactive' => _('Account inactive'),
better timezone handling
2015-08-23 17:56:27 +00:00
'shadowExpire' => _('Account expiration date'),
reduced PDF code
2013-05-09 17:26:56 +00:00
'shadowMinAge' => _('Minimum password age'),
'shadowMaxAge' => _('Maximum password age'),
*** empty log message ***
2004-10-30 16:46:06 +00:00
);
help entries added; data is double in this->meta und in get_help() funktion
2004-09-08 17:39:06 +00:00
// help Entries
*** empty log message ***
2004-10-30 16:46:06 +00:00
$return['help'] = array (
'shadowWarning' => array (
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Password warning"), 'attr' => 'shadowWarning',
updated help
2007-10-28 15:06:59 +00:00
"Text" => _("Days before password is to expire that user is warned of pending password expiration. If set value must be >0."). ' '. _("Can be left empty.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'shadowInactive' => array (
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Password expiration"), 'attr' => 'shadowInactive',
*** empty log message ***
2004-10-30 16:46:06 +00:00
"Text" => _("Number of days a user can login even his password has expired. -1=always."). ' '. _("Can be left empty.")
),
'shadowMin' => array (
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Minimum password age"), 'attr' => 'shadowMin',
updated help
2007-10-28 15:06:59 +00:00
"Text" => _("Number of days a user has to wait until he is allowed to change his password again. If set value must be >0."). ' '. _("Can be left empty.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'shadowMax' => array (
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Maximum password age"), 'attr' => 'shadowMax',
updated help
2007-10-28 15:06:59 +00:00
"Text" => _("Number of days after a user has to change his password again. If set value must be >0."). ' '. _("Can be left empty.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'shadowExpire' => array (
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Account expiration date"), 'attr' => 'shadowExpire',
added defaults for expiration date
2005-10-01 07:23:57 +00:00
"Text" => _("This is the date when the account will expire. Format: DD-MM-YYYY")
allow to remove the extension
2009-12-20 14:35:42 +00:00
),
'autoAdd' => array(
"Headline" => _("Automatically add this extension"),
"Text" => _("This will enable the extension automatically if this profile is loaded.")
allow to expire password
2010-08-05 20:42:11 +00:00
),
'shadowLastChange' => array(
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Last password change"), 'attr' => 'shadowLastChange',
allow to expire password
2010-08-05 20:42:11 +00:00
"Text" => _("This is the date when the user changed his password. If you specify a maximum password age then you can force a password change here.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
)
);
added upload
2004-11-08 19:48:39 +00:00
// upload fields
$return['upload_columns'] = array(
array(
'name' => 'shadowAccount_warning',
'description' => _('Password warning'),
'help' => 'shadowWarning',
'example' => '14'
),
array(
fixed errors in upload
2010-11-20 19:57:32 +00:00
'name' => 'shadowAccount_ignoreExpire',
translation update
2004-11-10 14:00:00 +00:00
'description' => _('Password expiration'),
added upload
2004-11-08 19:48:39 +00:00
'help' => 'shadowInactive',
'example' => '7'
),
array(
'name' => 'shadowAccount_minAge',
'description' => _('Minimum password age'),
'help' => 'shadowMin',
'example' => '1'
),
array(
'name' => 'shadowAccount_maxAge',
'description' => _('Maximum password age'),
'help' => 'shadowMax',
'example' => '365'
),
array(
translation update
2004-11-10 14:00:00 +00:00
'name' => 'shadowAccount_expireDate',
added defaults for expiration date
2005-10-01 07:23:57 +00:00
'description' => _('Account expiration date'),
added upload
2004-11-08 19:48:39 +00:00
'help' => 'shadowExpire',
'example' => '17-07-2011'
)
);
show last password change in self service
2013-09-28 11:44:41 +00:00
// self service fields
$return['selfServiceFieldSettings'] = array('shadowLastChange' => _('Last password change (read-only)'));
moved can_manage() to baseModule
2004-06-13 19:58:58 +00:00
return $return;
}
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
/**
* Returns a list of modifications which have to be made to the LDAP account.
*
* @return array list of modifications
* <br>This function returns an array with 3 entries:
* <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid)
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
enhanced wildcards for custom scripts
2011-02-26 13:14:10 +00:00
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
*/
function save_attributes() {
allow to remove extension
2009-12-18 21:02:21 +00:00
if (!in_array('shadowAccount', $this->attributes['objectClass']) && !in_array('shadowAccount', $this->orig['objectClass'])) {
// skip saving if the extension was not added/modified
made shadowAccount optional
2008-10-21 18:47:45 +00:00
return array();
}
allow to remove extension
2009-12-18 21:02:21 +00:00
return parent::save_attributes();
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
}
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
/**
no longer allow integer results from process_..., updated documentation
2005-09-07 12:58:34 +00:00
* Processes user input of the primary module page.
* It checks if all input values are correct and updates the associated LDAP attributes.
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
*
no longer allow integer results from process_..., updated documentation
2005-09-07 12:58:34 +00:00
* @return array list of info/error messages
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
*/
removed $post parameter
2006-08-14 17:24:27 +00:00
function process_attributes() {
allow to remove extension
2009-12-18 21:02:21 +00:00
if (isset($_POST['form_subpage_shadowAccount_attributes_remObjectClass'])) {
$this->attributes['objectClass'] = array_delete(array('shadowAccount'), $this->attributes['objectClass']);
if (isset($this->attributes['shadowMin'])) unset($this->attributes['shadowMin']);
if (isset($this->attributes['shadowMax'])) unset($this->attributes['shadowMax']);
if (isset($this->attributes['shadowWarning'])) unset($this->attributes['shadowWarning']);
if (isset($this->attributes['shadowInactive'])) unset($this->attributes['shadowInactive']);
if (isset($this->attributes['shadowLastChange'])) unset($this->attributes['shadowLastChange']);
if (isset($this->attributes['shadowExpire'])) unset($this->attributes['shadowExpire']);
if (isset($this->attributes['shadowFlag'])) unset($this->attributes['shadowFlag']);
return array();
}
made shadowAccount optional
2008-10-21 18:47:45 +00:00
if (!in_array('shadowAccount', $this->attributes['objectClass'])) {
return array();
}
fixed error handling
2006-05-17 17:57:42 +00:00
$errors = array();
improved support for config of modules
2003-12-30 15:36:30 +00:00
// Load attributes
removed $post parameter
2006-08-14 17:24:27 +00:00
$this->attributes['shadowMin'][0] = $_POST['shadowMin'];
$this->attributes['shadowMax'][0] = $_POST['shadowMax'];
$this->attributes['shadowWarning'][0] = $_POST['shadowWarning'];
$this->attributes['shadowInactive'][0] = $_POST['shadowInactive'];
removed grouping of error messages
2006-08-16 17:42:35 +00:00
if ( !get_preg($this->attributes['shadowMin'][0], 'digit')) $errors[] = $this->messages['shadowMin'][0];
if ( !get_preg($this->attributes['shadowMax'][0], 'digit')) $errors[] = $this->messages['shadowMax'][0];
if ( $this->attributes['shadowMin'][0] > $this->attributes['shadowMax'][0]) $errors[] = $this->messages['shadow_cmp'][0];
if ( !get_preg($this->attributes['shadowInactive'][0], 'digit2')) $errors[] = $this->messages['inactive'][0];
if ( !get_preg($this->attributes['shadowWarning'][0], 'digit')) $errors[] = $this->messages['shadowWarning'][0];
allow to expire password
2010-08-05 20:42:11 +00:00
if (isset($_POST['form_subpage_shadowAccount_attributes_expirePassword']) && isset($this->attributes['shadowMax'][0]) && ($this->attributes['shadowMax'][0] != 0)) {
$this->attributes['shadowLastChange'][0] = intval(time()/3600/24) - $this->attributes['shadowMax'][0] - 1;
}
fixed error handling
2006-05-17 17:57:42 +00:00
return $errors;
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
}
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
/**
* This function will create the meta HTML code to show a page with all attributes.
*
* @return array meta HTML code
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
*/
removed $post parameter
2006-08-14 17:24:27 +00:00
function display_html_attributes() {
made shadowAccount optional
2008-10-21 18:47:45 +00:00
if (isset($_POST['form_subpage_shadowAccount_attributes_addObjectClass'])) {
$this->attributes['objectClass'][] = 'shadowAccount';
better management of expiration date
2006-10-18 16:58:29 +00:00
}
use new meta HTML
2010-08-02 19:24:58 +00:00
$return = new htmlTable();
made shadowAccount optional
2008-10-21 18:47:45 +00:00
if (in_array('shadowAccount', $this->attributes['objectClass'])) {
$shWarning = '';
if (isset($this->attributes['shadowWarning'][0])) {
$shWarning = $this->attributes['shadowWarning'][0];
}
use new meta HTML
2010-08-02 19:24:58 +00:00
$pwdWarnInput = new htmlTableExtendedInputField(_('Password warning'), 'shadowWarning', $shWarning, 'shadowWarning');
$pwdWarnInput->setFieldMaxLength(4);
$pwdWarnInput->setFieldSize(5);
client-side validation
2011-10-16 12:06:00 +00:00
$pwdWarnInput->setValidationRule(htmlElement::VALIDATE_NUMERIC);
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement($pwdWarnInput, true);
responsive self service
2015-08-06 19:20:54 +00:00
made shadowAccount optional
2008-10-21 18:47:45 +00:00
$shPwdExpiration = '';
if (isset($this->attributes['shadowInactive'][0])) $shPwdExpiration = $this->attributes['shadowInactive'][0];
use new meta HTML
2010-08-02 19:24:58 +00:00
$pwdExpInput = new htmlTableExtendedInputField(_('Password expiration'), 'shadowInactive', $shPwdExpiration, 'shadowInactive');
$pwdExpInput->setFieldMaxLength(4);
$pwdExpInput->setFieldSize(5);
client-side validation
2011-10-16 12:06:00 +00:00
$pwdExpInput->setValidationRule(htmlElement::VALIDATE_NUMERIC);
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement($pwdExpInput, true);
responsive self service
2015-08-06 19:20:54 +00:00
made shadowAccount optional
2008-10-21 18:47:45 +00:00
$shMinAge = '';
if (isset($this->attributes['shadowMin'][0])) $shMinAge = $this->attributes['shadowMin'][0];
use new meta HTML
2010-08-02 19:24:58 +00:00
$minAgeInput = new htmlTableExtendedInputField(_('Minimum password age'), 'shadowMin', $shMinAge, 'shadowMin');
$minAgeInput->setFieldMaxLength(5);
$minAgeInput->setFieldSize(5);
client-side validation
2011-10-16 12:06:00 +00:00
$minAgeInput->setValidationRule(htmlElement::VALIDATE_NUMERIC);
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement($minAgeInput, true);
responsive self service
2015-08-06 19:20:54 +00:00
made shadowAccount optional
2008-10-21 18:47:45 +00:00
$shMaxAge = '';
if (isset($this->attributes['shadowMax'][0])) $shMaxAge = $this->attributes['shadowMax'][0];
use new meta HTML
2010-08-02 19:24:58 +00:00
$maxAgeInput = new htmlTableExtendedInputField(_('Maximum password age'), 'shadowMax', $shMaxAge, 'shadowMax');
$maxAgeInput->setFieldMaxLength(5);
$maxAgeInput->setFieldSize(5);
client-side validation
2011-10-16 12:06:00 +00:00
$maxAgeInput->setValidationRule(htmlElement::VALIDATE_NUMERIC);
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement($maxAgeInput, true);
responsive self service
2015-08-06 19:20:54 +00:00
made shadowAccount optional
2008-10-21 18:47:45 +00:00
$expirationDate = "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
if (isset($this->attributes['shadowExpire'][0])) {
$shAccExpirationDate = $this->attributes['shadowExpire'][0];
removed getDate()
2016-07-18 18:58:47 +00:00
$date = new DateTime('@' . $shAccExpirationDate*3600*24, new DateTimeZone('UTC'));
$expirationDate = $date->format('d.m.Y');
made shadowAccount optional
2008-10-21 18:47:45 +00:00
}
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement(new htmlOutputText(_('Account expiration date')));
$expireTable = new htmlTable();
$expireTable->addElement(new htmlOutputText($expirationDate, false));
allow to change shadowLastChange
2015-06-02 19:31:46 +00:00
$expireTable->addElement(new htmlAccountPageButton('shadowAccount', 'expire', 'open', 'edit.png', true, _('Change')));
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement($expireTable);
$return->addElement(new htmlHelpLink('shadowExpire'), true);
responsive self service
2015-08-06 19:20:54 +00:00
allow to expire password
2010-08-05 20:42:11 +00:00
$pwdChangeDate = "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
if (isset($this->attributes['shadowLastChange'][0])) {
$shPwdChangeDate = $this->attributes['shadowLastChange'][0];
removed getDate()
2016-07-18 18:58:47 +00:00
$date = new DateTime('@' . $shPwdChangeDate*3600*24, new DateTimeZone('UTC'));
$pwdChangeDate = $date->format('d.m.Y');
allow to expire password
2010-08-05 20:42:11 +00:00
}
$return->addElement(new htmlOutputText(_('Last password change')));
$pwdChangeTable = new htmlTable();
$pwdChangeTable->addElement(new htmlOutputText($pwdChangeDate, false));
allow to change shadowLastChange
2015-06-02 19:31:46 +00:00
$pwdChangeTable->addElement(new htmlAccountPageButton('shadowAccount', 'pwdChange', 'open', 'edit.png', true, _('Change')));
allow to expire password
2010-08-05 20:42:11 +00:00
if (isset($this->attributes['shadowMax'][0]) && ($this->attributes['shadowMax'][0] != '')) {
$pwdChangeTable->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'expirePassword', _('Force password change')));
}
$return->addElement($pwdChangeTable);
$return->addElement(new htmlHelpLink('shadowLastChange'), true);
responsive self service
2015-08-06 19:20:54 +00:00
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement(new htmlOutputText(''), true);
$remButton = new htmlAccountPageButton('shadowAccount', 'attributes', 'remObjectClass', _('Remove Shadow account extension'));
$remButton->colspan = 4;
$return->addElement($remButton);
made shadowAccount optional
2008-10-21 18:47:45 +00:00
}
else {
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'addObjectClass', _('Add Shadow account extension')));
better management of expiration date
2006-10-18 16:58:29 +00:00
}
return $return;
}
/**
* Processes user input of the expiration page.
* It checks if all input values are correct and updates the associated LDAP attributes.
*
* @return array list of info/error messages
*/
function process_expire() {
$errors = array();
// set expiration date
if (isset($_POST['form_subpage_shadowAccount_attributes_change'])) {
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
$this->setExpirationDate($_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
sync with Kerberos
2012-02-18 13:47:49 +00:00
// sync other modules
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
if (isset($_POST['syncSamba']) && ($_POST['syncSamba'] == 'on')) {
$this->getAccountContainer()->getAccountModule('sambaSamAccount')->setExpirationDate(
$_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
}
expiration date for Windows
2015-11-02 20:53:20 +00:00
if (isset($_POST['syncWindows']) && ($_POST['syncWindows'] == 'on')) {
$this->getAccountContainer()->getAccountModule('windowsUser')->setExpirationDate(
$_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
}
sync with Kerberos
2012-02-18 13:47:49 +00:00
if (isset($_POST['syncHeimdal']) && ($_POST['syncHeimdal'] == 'on')) {
$this->getAccountContainer()->getAccountModule('heimdalKerberos')->setExpirationDate(
$_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
}
support MIT Kerberos
2012-11-11 11:35:45 +00:00
if (isset($_POST['syncMIT']) && ($_POST['syncMIT'] == 'on')) {
$this->getAccountContainer()->getAccountModule('mitKerberos')->setExpirationDate(
$_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
}
if (isset($_POST['syncMITStructural']) && ($_POST['syncMITStructural'] == 'on')) {
$this->getAccountContainer()->getAccountModule('mitKerberosStructural')->setExpirationDate(
$_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
}
better management of expiration date
2006-10-18 16:58:29 +00:00
}
// remove expiration date
elseif (isset($_POST['form_subpage_shadowAccount_attributes_del'])) {
unset($this->attributes['shadowExpire']);
sync with Kerberos
2012-02-18 13:47:49 +00:00
// sync other modules
expiration date for Windows
2015-11-02 20:53:20 +00:00
if (isset($_POST['syncWindows']) && ($_POST['syncWindows'] == 'on')) {
$this->getAccountContainer()->getAccountModule('windowsUser')->setExpirationDate(
null, null, null);
}
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
if (isset($_POST['syncSamba']) && ($_POST['syncSamba'] == 'on')) {
$this->getAccountContainer()->getAccountModule('sambaSamAccount')->setExpirationDate(
null, null, null);
}
sync with Kerberos
2012-02-18 13:47:49 +00:00
if (isset($_POST['syncHeimdal']) && ($_POST['syncHeimdal'] == 'on')) {
$this->getAccountContainer()->getAccountModule('heimdalKerberos')->setExpirationDate(
null, null, null);
}
support MIT Kerberos
2012-11-11 11:35:45 +00:00
if (isset($_POST['syncMIT']) && ($_POST['syncMIT'] == 'on')) {
$this->getAccountContainer()->getAccountModule('mitKerberos')->setExpirationDate(
null, null, null);
}
if (isset($_POST['syncMITStructural']) && ($_POST['syncMITStructural'] == 'on')) {
$this->getAccountContainer()->getAccountModule('mitKerberosStructural')->setExpirationDate(
null, null, null);
}
better management of expiration date
2006-10-18 16:58:29 +00:00
}
responsive self service
2015-08-06 19:20:54 +00:00
return $errors;
better management of expiration date
2006-10-18 16:58:29 +00:00
}
responsive self service
2015-08-06 19:20:54 +00:00
better management of expiration date
2006-10-18 16:58:29 +00:00
/**
* This function will create the meta HTML code to show a page with the expiration date.
*
* @return array meta HTML code
*/
function display_html_expire() {
use new meta HTML
2010-08-02 19:24:58 +00:00
$return = new htmlTable();
removed getDate()
2016-07-18 18:58:47 +00:00
$shAccExpirationDate = time()/(3600*24) + 365;
better management of expiration date
2006-10-18 16:58:29 +00:00
if (isset($this->attributes['shadowExpire'][0])) {
$shAccExpirationDate = $this->attributes['shadowExpire'][0];
}
removed getDate()
2016-07-18 18:58:47 +00:00
$date = new DateTime('@' . $shAccExpirationDate*3600*24, new DateTimeZone('UTC'));
added support for profile, config and help in modules
2004-01-27 19:07:31 +00:00
for ( $i=1; $i<=31; $i++ ) $mday[] = $i;
for ( $i=1; $i<=12; $i++ ) $mon[] = $i;
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
for ( $i=2003; $i<=2050; $i++ ) $year[] = $i;
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement(new htmlOutputText(_('Account expiration date')));
$expTable = new htmlTable();
removed getDate()
2016-07-18 18:58:47 +00:00
$expTable->addElement(new htmlSelect('shadowExpire_day', $mday, array($date->format('j'))));
$expTable->addElement(new htmlSelect('shadowExpire_mon', $mon, array($date->format('n'))));
$expTable->addElement(new htmlSelect('shadowExpire_yea', $year, array($date->format('Y'))));
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement($expTable);
$return->addElement(new htmlHelpLink('shadowExpire'), true);
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
if ($this->getAccountContainer()->getAccountModule('sambaSamAccount') != null) {
$return->addElement(new htmlTableExtendedInputCheckbox('syncSamba', false, _('Set also for Samba 3')), true);
}
expiration date for Windows
2015-11-02 20:53:20 +00:00
if ($this->getAccountContainer()->getAccountModule('windowsUser') != null) {
$return->addElement(new htmlTableExtendedInputCheckbox('syncWindows', false, _('Set also for Windows')), true);
}
sync with Kerberos
2012-02-18 13:47:49 +00:00
if ($this->getAccountContainer()->getAccountModule('heimdalKerberos') != null) {
$return->addElement(new htmlTableExtendedInputCheckbox('syncHeimdal', false, _('Set also for Kerberos')), true);
}
support MIT Kerberos
2012-11-11 11:35:45 +00:00
if ($this->getAccountContainer()->getAccountModule('mitKerberos') != null) {
$return->addElement(new htmlTableExtendedInputCheckbox('syncMIT', false, _('Set also for Kerberos')), true);
}
if ($this->getAccountContainer()->getAccountModule('mitKerberosStructural') != null) {
$return->addElement(new htmlTableExtendedInputCheckbox('syncMITStructural', false, _('Set also for Kerberos')), true);
}
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
$return->addElement(new htmlSpacer(null, '10px'), true);
use new meta HTML
2010-08-02 19:24:58 +00:00
$buttonTable = new htmlTable();
$buttonTable->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'change', _('Change')));
better management of expiration date
2006-10-18 16:58:29 +00:00
if (isset($this->attributes['shadowExpire'][0])) {
use new meta HTML
2010-08-02 19:24:58 +00:00
$buttonTable->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'del', _('Remove')));
better management of expiration date
2006-10-18 16:58:29 +00:00
}
use new meta HTML
2010-08-02 19:24:58 +00:00
$buttonTable->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'back', _('Cancel')));
$buttonTable->colspan=3;
$return->addElement($buttonTable);
return $return;
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
}
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
allow to change shadowLastChange
2015-06-02 19:31:46 +00:00
/**
* Processes user input of the last password change page.
* It checks if all input values are correct and updates the associated LDAP attributes.
*
* @return array list of info/error messages
*/
function process_pwdChange() {
$errors = array();
// set last change date
if (isset($_POST['form_subpage_shadowAccount_attributes_changePwdChange'])) {
$this->setLastChangeDate($_POST['shadowLastChange_yea'], $_POST['shadowLastChange_mon'], $_POST['shadowLastChange_day']);
}
// remove last change date
elseif (isset($_POST['form_subpage_shadowAccount_attributes_delPwdChange'])) {
unset($this->attributes['shadowLastChange']);
}
responsive self service
2015-08-06 19:20:54 +00:00
return $errors;
allow to change shadowLastChange
2015-06-02 19:31:46 +00:00
}
responsive self service
2015-08-06 19:20:54 +00:00
allow to change shadowLastChange
2015-06-02 19:31:46 +00:00
/**
* This function will create the meta HTML code to show a page with the password change date.
*
* @return array meta HTML code
*/
function display_html_pwdChange() {
$return = new htmlTable();
removed getDate()
2016-07-18 18:58:47 +00:00
$shLastChange = time()/(3600*24);
allow to change shadowLastChange
2015-06-02 19:31:46 +00:00
if (isset($this->attributes['shadowLastChange'][0])) {
$shLastChange = $this->attributes['shadowLastChange'][0];
}
removed getDate()
2016-07-18 18:58:47 +00:00
$date = new DateTime('@' . $shLastChange*3600*24, new DateTimeZone('UTC'));
allow to change shadowLastChange
2015-06-02 19:31:46 +00:00
for ( $i=1; $i<=31; $i++ ) $mday[] = $i;
for ( $i=1; $i<=12; $i++ ) $mon[] = $i;
for ( $i=2003; $i<=2050; $i++ ) $year[] = $i;
$return->addElement(new htmlOutputText(_('Last password change')));
$table = new htmlTable();
removed getDate()
2016-07-18 18:58:47 +00:00
$table->addElement(new htmlSelect('shadowLastChange_day', $mday, array($date->format('j'))));
$table->addElement(new htmlSelect('shadowLastChange_mon', $mon, array($date->format('n'))));
$table->addElement(new htmlSelect('shadowLastChange_yea', $year, array($date->format('Y'))));
allow to change shadowLastChange
2015-06-02 19:31:46 +00:00
$return->addElement($table);
$return->addElement(new htmlHelpLink('shadowLastChange'), true);
$return->addElement(new htmlSpacer(null, '10px'), true);
$buttonTable = new htmlTable();
$buttonTable->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'changePwdChange', _('Change')));
if (isset($this->attributes['shadowLastChange'][0])) {
$buttonTable->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'delPwdChange', _('Remove')));
}
$buttonTable->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'back', _('Cancel')));
$buttonTable->colspan = 3;
$return->addElement($buttonTable);
return $return;
}
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
/**
added $pdfKeys to get_pdfEntries
2015-01-07 17:16:35 +00:00
* Returns a list of possible PDF entries for this account.
*
* @param array $pdfKeys list of PDF keys that are included in document
* @return list of PDF entries (array(<PDF key> => <PDF lines>))
*/
function get_pdfEntries($pdfKeys) {
use getTimeZone()
2015-11-07 08:30:52 +00:00
$timeZone = getTimeZone();
fixed PHP notices
2011-01-09 16:20:21 +00:00
$shadowLastChange = '';
better timezone handling
2015-08-23 17:56:27 +00:00
if (!empty($this->attributes['shadowLastChange'][0])) {
$time = new DateTime('@' . $this->attributes['shadowLastChange'][0]*24*3600, $timeZone);
use getTimeZone()
2015-11-07 08:30:52 +00:00
$shadowLastChange = $time->format('d.m.Y');
fixed PHP notices
2011-01-09 16:20:21 +00:00
}
$shadowExpire = '';
better timezone handling
2015-08-23 17:56:27 +00:00
if (!empty($this->attributes['shadowExpire'][0])) {
$time = new DateTime('@' . $this->attributes['shadowExpire'][0]*24*3600);
use getTimeZone()
2015-11-07 08:30:52 +00:00
$shadowExpire = $time->format('d.m.Y');
fixed PHP notices
2011-01-09 16:20:21 +00:00
}
added addPDFKeyValue()
2015-03-13 17:15:45 +00:00
$return = array();
$this->addPDFKeyValue($return, 'shadowLastChange', _('Last password change'), $shadowLastChange);
$this->addPDFKeyValue($return, 'shadowExpire', _('Account expiration date'), $shadowExpire);
reduced PDF code
2013-05-09 17:26:56 +00:00
$this->addSimplePDFField($return, 'shadowWarning', _('Password warning'));
$this->addSimplePDFField($return, 'shadowInactive', _('Password expiration'));
$this->addSimplePDFField($return, 'shadowMinAge', _('Minimum password age'), 'shadowMin');
$this->addSimplePDFField($return, 'shadowMaxAge', _('Maximum password age'), 'shadowMax');
return $return;
dummy implemenation of get_pdfEntries added for each module class;account,inetOrgPerson and posixAccount partially implemented
2004-05-24 21:39:57 +00:00
}
added check_profileOptions() dummy
2004-03-14 17:33:05 +00:00
added upload
2004-11-08 19:48:39 +00:00
/**
* In this function the LDAP account is built up.
*
* @param array $rawAccounts list of hash arrays (name => value) from user input
* @param array $ids list of IDs for column position (e.g. "posixAccount_uid" => 5)
PHPDoc update
2012-07-15 12:05:47 +00:00
* @param array $partialAccounts list of hash arrays (name => value) which are later added to LDAP
allow to selected modules for file upload
2010-02-15 20:21:44 +00:00
* @param array $selectedModules list of selected account modules
added upload
2004-11-08 19:48:39 +00:00
* @return array list of error messages if any
*/
allow to selected modules for file upload
2010-02-15 20:21:44 +00:00
function build_uploadAccounts($rawAccounts, $ids, &$partialAccounts, $selectedModules) {
added upload
2004-11-08 19:48:39 +00:00
$messages = array();
for ($i = 0; $i < sizeof($rawAccounts); $i++) {
// add object class
if (!in_array("shadowAccount", $partialAccounts[$i]['objectClass'])) $partialAccounts[$i]['objectClass'][] = "shadowAccount";
set shadowLastChange
2006-02-23 18:48:20 +00:00
// shadow last change
$partialAccounts[$i]['shadowLastChange'] = array(intval(time()/3600/24));
added upload
2004-11-08 19:48:39 +00:00
// password warning
reduced upload code
2014-04-18 18:29:51 +00:00
$this->mapSimpleUploadField($rawAccounts, $ids, $partialAccounts, $i, 'shadowAccount_warning', 'shadowWarning',
'digit', $this->messages['shadowWarning'][1], $messages);
added upload
2004-11-08 19:48:39 +00:00
// password expire ignoration
reduced upload code
2014-04-18 18:29:51 +00:00
$this->mapSimpleUploadField($rawAccounts, $ids, $partialAccounts, $i, 'shadowAccount_ignoreExpire', 'shadowInactive',
'digit2', $this->messages['inactive'][1], $messages);
added upload
2004-11-08 19:48:39 +00:00
// password minAge
reduced upload code
2014-04-18 18:29:51 +00:00
$this->mapSimpleUploadField($rawAccounts, $ids, $partialAccounts, $i, 'shadowAccount_minAge', 'shadowMin',
'digit', $this->messages['shadowMin'][1], $messages);
added upload
2004-11-08 19:48:39 +00:00
// password maxAge
reduced upload code
2014-04-18 18:29:51 +00:00
$this->mapSimpleUploadField($rawAccounts, $ids, $partialAccounts, $i, 'shadowAccount_maxAge', 'shadowMax',
'digit', $this->messages['shadowMax'][1], $messages);
added upload
2004-11-08 19:48:39 +00:00
// minAge <= maxAge
if ((($rawAccounts[$i][$ids['shadowAccount_minAge']] != '') || ($rawAccounts[$i][$ids['shadowAccount_maxAge']] != '')) && // if at least one is set
(($rawAccounts[$i][$ids['shadowAccount_minAge']] == '') || ($rawAccounts[$i][$ids['shadowAccount_maxAge']] == '') || ( // and one is not set
($rawAccounts[$i][$ids['shadowAccount_minAge']] > $rawAccounts[$i][$ids['shadowAccount_maxAge']])))) { // or minAge > maxAge
$errMsg = $this->messages['shadow_cmp'][1];
array_push($errMsg, array($i));
$messages[] = $errMsg;
}
// expiration date
fixed errors in upload
2010-11-20 19:57:32 +00:00
if ($rawAccounts[$i][$ids['shadowAccount_expireDate']] != '') {
if (get_preg($rawAccounts[$i][$ids['shadowAccount_expireDate']], 'date')) {
$parts = explode('-', $rawAccounts[$i][$ids['shadowAccount_expireDate']]);
removed mktime calls
2016-07-20 18:19:26 +00:00
$date = DateTime::createFromFormat('j.n.Y', $parts[0] . '.' . $parts[1] . '.' . $parts[2], new DateTimeZone('UTC'));
$partialAccounts[$i]['shadowExpire'][] = intval($date->format('U')/3600/24);
added upload
2004-11-08 19:48:39 +00:00
}
else {
$errMsg = $this->messages['shadow_expireDate'][0];
array_push($errMsg, array($i));
$messages[] = $errMsg;
}
}
}
return $messages;
}
implemented profile loading
2005-01-29 15:14:13 +00:00
/**
* Loads the values of an account profile into internal variables.
*
* @param array $profile hash array with profile values (identifier => value)
*/
function load_profile($profile) {
// profile mappings in meta data
parent::load_profile($profile);
allow to remove the extension
2009-12-20 14:35:42 +00:00
// add extension
fixed PHP notices
2011-01-09 14:38:00 +00:00
if (isset($profile['shadowAccount_addExt'][0]) && ($profile['shadowAccount_addExt'][0] == "true")) {
allow to remove the extension
2009-12-20 14:35:42 +00:00
if (!in_array('shadowAccount', $this->attributes['objectClass'])) {
$this->attributes['objectClass'][] = 'shadowAccount';
}
}
implemented profile loading
2005-01-29 15:14:13 +00:00
// expiration date
support to set no expiration date in profile
2015-03-27 21:15:20 +00:00
if (!empty($profile['shadowAccount_shadowExpire_day'][0])) {
$day = $profile['shadowAccount_shadowExpire_day'][0];
$mon = $profile['shadowAccount_shadowExpire_mon'][0];
$year = $profile['shadowAccount_shadowExpire_yea'][0];
if (!(($day == '-') && ($mon == '-') && ($year == '-'))) {
$day = ($day == '-') ? 1 : $day;
$mon = ($mon == '-') ? 1 : $mon;
$year = ($year == '-') ? 2030 : $year;
$this->setExpirationDate($year, $mon, $day);
}
implemented profile loading
2005-01-29 15:14:13 +00:00
}
}
removed $post parameter
2006-08-14 17:24:27 +00:00
added central password service
2009-10-09 18:21:12 +00:00
/**
* This method specifies if a module manages password attributes.
* @see passwordService::managesPasswordAttributes
*
* @return boolean true if this module manages password attributes
*/
public function managesPasswordAttributes() {
// only listen to password changes
return false;
}
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
/**
* Specifies if this module supports to force that a user must change his password on next login.
responsive self service
2015-08-06 19:20:54 +00:00
*
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
* @return boolean force password change supported
*/
public function supportsForcePasswordChange() {
return true;
}
responsive self service
2015-08-06 19:20:54 +00:00
added central password service
2009-10-09 18:21:12 +00:00
/**
* This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name.
*
* @param String $password new password
* @param $modules list of modules for which the password should be changed
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
* @param boolean $forcePasswordChange force the user to change his password at next login
added central password service
2009-10-09 18:21:12 +00:00
* @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.'))
* @see passwordService::passwordChangeRequested
*/
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
public function passwordChangeRequested($password, $modules, $forcePasswordChange) {
added central password service
2009-10-09 18:21:12 +00:00
// update password timestamp when Unix password was updated
if (!in_array('posixAccount', $modules)) {
return array();
}
add object class check for password changes
2009-11-24 11:39:41 +00:00
if (in_array_ignore_case('shadowAccount', $this->attributes['objectClass'])) {
$this->attributes['shadowLastChange'][0] = intval(time()/3600/24);
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
if ($forcePasswordChange && isset($this->attributes['shadowMax'][0]) && ($this->attributes['shadowMax'][0] != 0)) {
$this->attributes['shadowLastChange'][0] = intval(time()/3600/24) - $this->attributes['shadowMax'][0] - 1;
}
add object class check for password changes
2009-11-24 11:39:41 +00:00
}
added central password service
2009-10-09 18:21:12 +00:00
return array();
}
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
/**
* Sets the expiration date of this account.
* If all parameters are null the expiration date will be removed.
*
* @param String $year year (e.g. 2040)
* @param String $month month (e.g. 8)
* @param String $day day (e.g. 27)
*/
public function setExpirationDate($year, $month, $day) {
if (($year == null) && ($month == null) && ($day == null)) {
unset($this->attributes['shadowExpire']);
return;
}
removed mktime calls
2016-07-20 18:19:26 +00:00
$date = DateTime::createFromFormat('j.n.Y', $day . '.' . $month . '.' . $year, new DateTimeZone('UTC'));
$this->attributes['shadowExpire'][0] = intval($date->format('U')/3600/24);
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
}
responsive self service
2015-08-06 19:20:54 +00:00
allow to change shadowLastChange
2015-06-02 19:31:46 +00:00
/**
* Sets the last password change date of this account.
* If all parameters are null the password change date will be removed.
*
* @param String $year year (e.g. 2040)
* @param String $month month (e.g. 8)
* @param String $day day (e.g. 27)
*/
public function setLastChangeDate($year, $month, $day) {
if (($year == null) && ($month == null) && ($day == null)) {
unset($this->attributes['shadowLastChange']);
return;
}
removed mktime calls
2016-07-20 18:19:26 +00:00
$date = DateTime::createFromFormat('j.n.Y', $day . '.' . $month . '.' . $year, new DateTimeZone('UTC'));
$this->attributes['shadowLastChange'][0] = intval($date->format('U')/3600/24);
allow to change shadowLastChange
2015-06-02 19:31:46 +00:00
}
responsive self service
2015-08-06 19:20:54 +00:00
show last password change in self service
2013-09-28 11:44:41 +00:00
/**
* Returns the meta HTML code for each input field.
* format: array(<field1> => array(<META HTML>), ...)
* It is not possible to display help links.
*
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
responsive self service
2015-08-06 19:20:54 +00:00
* @return array list of meta HTML elements (field name => htmlResponsiveRow)
show last password change in self service
2013-09-28 11:44:41 +00:00
*/
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array();
if ($passwordChangeOnly) {
return $return; // no fields as long no LDAP content can be read
}
if (in_array('shadowLastChange', $fields)) {
$shadowLastChange = '';
if (isset($attributes['shadowLastChange'][0])) {
removed getDate()
2016-07-18 18:58:47 +00:00
$date = new DateTime('@' . $attributes['shadowLastChange'][0] * 3600 * 24, new DateTimeZone('UTC'));
$shadowLastChange = $date->format('d.m.Y');
show last password change in self service
2013-09-28 11:44:41 +00:00
}
responsive self service
2015-08-06 19:20:54 +00:00
$row = new htmlResponsiveRow();
responsive self service
2015-08-09 07:57:56 +00:00
$row->addLabel(new htmlOutputText($this->getSelfServiceLabel('shadowLastChange', _('Last password change'))));
$row->addField(new htmlOutputText($shadowLastChange));
responsive self service
2015-08-06 19:20:54 +00:00
$return['shadowLastChange'] = $row;
show last password change in self service
2013-09-28 11:44:41 +00:00
}
return $return;
}
added password notification job for Shadow accounts
2015-11-15 15:36:20 +00:00
/**
* Returns a list of jobs that can be run.
*
* @param LAMConfig $config configuration
* @return array list of jobs
*/
public function getSupportedJobs(&$config) {
return array(
added job to move or delete expired accounts
2016-07-16 07:52:09 +00:00
new ShadowAccountPasswordNotifyJob(),
new ShadowAccountExpirationCleanupJob()
added password notification job for Shadow accounts
2015-11-15 15:36:20 +00:00
);
}
}
fixed problem with autoload in tree view
2016-01-05 16:55:01 +00:00
if (interface_exists('\LAM\JOB\Job', false)) {
added password notification job for Shadow accounts
2015-11-15 15:36:20 +00:00
include_once dirname(__FILE__) . '/../passwordExpirationJob.inc';
/**
* Job to notify users about password expiration.
*
* @package jobs
*/
class ShadowAccountPasswordNotifyJob extends \LAM\JOB\PasswordExpirationJob {
/**
* Returns the alias name of the job.
*
* @return String name
*/
public function getAlias() {
generic password notification job
2015-11-16 20:10:47 +00:00
return _('Shadow') . ': ' . _('Notify users about password expiration');
added password notification job for Shadow accounts
2015-11-15 15:36:20 +00:00
}
/**
* Searches for users in LDAP.
*
* @param String $jobID unique job identifier
* @param array $options config options (name => value)
* @return array list of user attributes
*/
protected function findUsers($jobID, $options) {
// read users
$sysattrs = array('mail', 'shadowLastChange', 'shadowWarning', 'shadowMax', 'userPassword');
$attrs = $this->getAttrWildcards($jobID, $options);
$attrs = array_values(array_unique(array_merge($attrs, $sysattrs)));
$userResults = searchLDAPByFilter('(&(shadowLastChange=*)(shadowMax=*)(mail=*))', $attrs, array('user'));
return $userResults;
}
/**
* Checks if a user needs to change his password.
*
* @param integer $jobID job ID
* @param array $options job settings
* @param PDO $pdo PDO
* @param DateTime $now current time
* @param array $policyOptions list of max age values (policy DN => maxAge)
* @param array $user user attributes
* @param boolean $isDryRun just do a dry run, nothing is modified
*/
protected function checkSingleUser($jobID, $options, &$pdo, $now, $policyOptions, $user, $isDryRun) {
// skip if user is locked
if (!empty($user['userpassword'][0]) && !pwd_is_enabled($user['userpassword'][0])) {
logNewMessage(LOG_DEBUG, $user['dn'] . ' is locked.');
return;
}
if ($user['shadowmax'][0] < 1) {
logNewMessage(LOG_DEBUG, $user['dn'] . ' does not expire.');
return;
}
// calculate time when password expires
$lastPwdTimeUnix = $user['shadowlastchange'][0] * 3600 * 24;
$lastPwdTime = new DateTime('@' . $lastPwdTimeUnix, new DateTimeZone('UTC'));
logNewMessage(LOG_DEBUG, "Last password change on " . $lastPwdTime->format('Y-m-d'));
$numDaysToWarn = $options[$this->getConfigPrefix() . '_mailNotificationPeriod' . $jobID][0];
if (!empty($user['shadowwarning'][0]) && ($user['shadowwarning'][0] > 0)) {
$numDaysToWarn += $user['shadowwarning'][0];
}
logNewMessage(LOG_DEBUG, "Number of days before warning " . $numDaysToWarn);
$numDaysToExpire = $user['shadowmax'][0];
$expireTime = $lastPwdTime->add(new DateInterval('P' . $numDaysToExpire . 'D'));
logNewMessage(LOG_DEBUG, "Password expires on " . $expireTime->format('Y-m-d'));
// skip already expired accounts
if ($expireTime <= $now) {
logNewMessage(LOG_DEBUG, $user['dn'] . ' already expired');
return;
}
// calculate time of notification
$notifyTime = clone $expireTime;
$notifyTime->sub(new DateInterval('P' . $numDaysToWarn . 'D'));
$notifyTime->setTimeZone(getTimeZone());
logNewMessage(LOG_DEBUG, "Password notification on " . $notifyTime->format('Y-m-d H:i'));
// skip if notification is in the future
if ($notifyTime > $now) {
logNewMessage(LOG_DEBUG, $user['dn'] . ' does not need notification yet.');
return;
}
$dbLastChange = $this->getDBLastPwdChangeTime($jobID, $pdo, $user['dn']);
// skip entries where mail was already sent
if ($dbLastChange == $user['shadowlastchange'][0]) {
logNewMessage(LOG_DEBUG, $user['dn'] . ' was already notified.');
return;
}
if ($isDryRun) {
// no action for dry run
logNewMessage(LOG_NOTICE, 'Not sending email to ' . $user['dn'] . ' because of dry run.');
return;
}
// send email
expiration date placeholder for jobs
2016-01-16 18:46:58 +00:00
$success = $this->sendMail($options, $jobID, $user, $expireTime);
added password notification job for Shadow accounts
2015-11-15 15:36:20 +00:00
// update DB if mail was sent successfully
if ($success) {
$this->setDBLastPwdChangeTime($jobID, $pdo, $user['dn'], $user['shadowlastchange'][0]);
}
}
}
added job to move or delete expired accounts
2016-07-16 07:52:09 +00:00
/**
* Job to delete or move users on account expiration.
*
* @package jobs
*/
class ShadowAccountExpirationCleanupJob extends \LAM\JOB\AccountExpirationCleanupJob {
/**
* Returns the alias name of the job.
*
* @return String name
*/
public function getAlias() {
return _('Shadow') . ': ' . _('Cleanup expired user accounts');
}
/**
* Returns the description of the job.
*
* @return String description
*/
public function getDescription() {
return _('This job deletes or moves user accounts when they expire.');
}
/**
* Searches for users in LDAP.
*
* @param String $jobID unique job identifier
* @param array $options config options (name => value)
* @return array list of user attributes
*/
protected function findUsers($jobID, $options) {
// read users
$attrs = array('shadowExpire');
$userResults = searchLDAPByFilter('(shadowExpire=*)', $attrs, array('user'));
return $userResults;
}
/**
cleanup job FreeRadius
2016-07-16 14:07:21 +00:00
* Checks if a user is expired.
added job to move or delete expired accounts
2016-07-16 07:52:09 +00:00
*
* @param integer $jobID job ID
* @param array $options job settings
* @param PDO $pdo PDO
* @param DateTime $now current time
* @param array $policyOptions list of policy options by getPolicyOptions()
* @param array $user user attributes
* @param boolean $isDryRun just do a dry run, nothing is modified
*/
protected function checkSingleUser($jobID, $options, &$pdo, $now, $policyOptions, $user, $isDryRun) {
$expireTimeUnix = $user['shadowexpire'][0] * 3600 * 24;
$expireTime = new DateTime('@' . $expireTimeUnix, new DateTimeZone('UTC'));
logNewMessage(LOG_DEBUG, "Expiration on " . $expireTime->format('Y-m-d'));
$delay = 0;
if (!empty($options[$this->getConfigPrefix() . '_delay' . $jobID][0])) {
$delay = $options[$this->getConfigPrefix() . '_delay' . $jobID][0];
}
$actionTime = clone $expireTime;
if ($delay != 0) {
$actionTime->add(new DateInterval('P' . $delay . 'D'));
}
$actionTime->setTimeZone(getTimeZone());
logNewMessage(LOG_DEBUG, "Action time on " . $actionTime->format('Y-m-d'));
if ($actionTime <= $now) {
$this->performAction($jobID, $options, $user, $isDryRun);
}
}
}
added dummy getProfileOptions() functions
2004-03-09 12:03:39 +00:00
}
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
?>