WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
LDAPAccountManager/lam/lib/modules/shadowAccount.inc

684 lines
31 KiB
PHP
Raw Normal View History

Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
<?php
/*
$Id$
new homepage
2009-10-27 18:47:12 +00:00
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright updates
2006-03-03 17:30:35 +00:00
Copyright (C) 2003 - 2006 Tilo Lutz
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
Copyright (C) 2007 - 2012 Roland Gruber
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
PHPDoc updates
2005-07-21 10:33:02 +00:00
/**
* Manages Unix shadow accounts for users.
*
* @package modules
*
* @author Tilo Lutz
* @author Roland Gruber
* @author Michael Duergner
*/
/**
* Manages the object class "shadowAccount" for users.
*
* @package modules
*/
added central password service
2009-10-09 18:21:12 +00:00
class shadowAccount extends baseModule implements passwordService {
made shadowAccount optional
2008-10-21 18:47:45 +00:00
/**
* Creates a new shadowAccount object.
*
* @param string $scope account type (user, group, host)
*/
function __construct($scope) {
// call parent constructor
parent::__construct($scope);
$this->autoAddObjectClasses = false;
}
moved can_manage() to baseModule
2004-06-13 19:58:58 +00:00
code cleanup: added parent function for module_ready() and module_complete() which always return true to baseModule
2005-08-13 09:19:40 +00:00
/**
* This function builds up the message array.
*/
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
function load_Messages() {
// error messages for input checks
fixed descriptions
2006-07-29 15:13:08 +00:00
$this->messages['shadowMin'][0] = array('ERROR', _('Minimum password age'), _('Password minimum age must be are natural number.'));
added upload
2004-11-08 19:48:39 +00:00
$this->messages['shadowMin'][1] = array('ERROR', _('Account %s:') . ' shadowAccount_minAge', _('Password minimum age must be are natural number.'));
fixed descriptions
2006-07-29 15:13:08 +00:00
$this->messages['shadowMax'][0] = array('ERROR', _('Maximum password age'), _('Password maximum age must be are natural number.'));
added upload
2004-11-08 19:48:39 +00:00
$this->messages['shadowMax'][1] = array('ERROR', _('Account %s:') . ' shadowAccount_maxAge', _('Password maximum age must be are natural number.'));
translation update
2004-11-10 14:00:00 +00:00
$this->messages['inactive'][0] = array('ERROR', _('Password expiration'), _('Password expiration must be are natural number or -1.'));
$this->messages['inactive'][1] = array('ERROR', _('Account %s:') . ' shadowAccount_ignoreExpire', _('Password expiration must be are natural number or -1.'));
added upload
2004-11-08 19:48:39 +00:00
$this->messages['shadowWarning'][0] = array('ERROR', _('Password warning'), _('Password warning must be are natural number.'));
$this->messages['shadowWarning'][1] = array('ERROR', _('Account %s:') . ' shadowAccount_warning', _('Password warning must be are natural number.'));
fixed typo
2010-03-07 15:50:38 +00:00
$this->messages['shadow_cmp'][0] = array('ERROR', _('Maximum password age'), _('Password maximum age must be bigger than password minimum age.'));
added upload
2004-11-08 19:48:39 +00:00
$this->messages['shadow_cmp'][1] = array('ERROR', _('Account %s:') . ' shadowAccount_min/maxAge', _('Password maximum age must be bigger as password minimum age.'));
$this->messages['shadow_expireDate'][0] = array('ERROR', _('Account %s:') . ' shadowAccount_expireDate', _('The expiration date is invalid.'));
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
}
removed $post parameter
2006-08-14 17:24:27 +00:00
moved can_manage() to baseModule
2004-06-13 19:58:58 +00:00
/**
* Returns meta data that is interpreted by parent class
*
* @return array array with meta data
documented meta data in PHPDoc
2008-02-03 14:28:28 +00:00
*
* @see baseModule::get_metaData()
moved can_manage() to baseModule
2004-06-13 19:58:58 +00:00
*/
function get_metaData() {
$return = array();
added icons for modules
2007-11-19 18:42:03 +00:00
// icon
bigger icons
2007-12-01 12:34:52 +00:00
$return['icon'] = 'keyBig.png';
moved can_manage() to baseModule
2004-06-13 19:58:58 +00:00
// manages user accounts
$return["account_types"] = array("user");
moved get_alias() to baseModule
2004-06-14 16:05:36 +00:00
// alias name
$return["alias"] = _('Shadow');
moved dependencies to meta data
2004-06-20 17:32:02 +00:00
// module dependencies
$return['dependencies'] = array('depends' => array('posixAccount'), 'conflicts' => array());
added fix for wrong spelled object classes
2006-04-05 15:48:27 +00:00
// managed object classes
$return['objectClasses'] = array('shadowAccount');
new attribute loading mechanism
2006-05-13 08:55:31 +00:00
// managed attributes
changed Unix password management
2006-09-03 12:41:22 +00:00
$return['attributes'] = array('shadowLastChange', 'shadowMin', 'shadowMax', 'shadowWarning',
allow to remove extension
2009-12-18 21:02:21 +00:00
'shadowInactive', 'shadowExpire', 'shadowFlag');
added profile check
2004-07-04 15:18:53 +00:00
// lists for expiration date
$day = array(); $mon = array(); $year = array();
for ( $i=1; $i<=31; $i++ ) $day[] = $i;
for ( $i=1; $i<=12; $i++ ) $mon[] = $i;
for ( $i=2003; $i<=2030; $i++ ) $year[] = $i;
use new meta HTML
2010-08-02 19:24:58 +00:00
$profileOptionsTable = new htmlTable();
// auto add extension
$profileOptionsTable->addElement(new htmlTableExtendedInputCheckbox('shadowAccount_addExt', false, _('Automatically add this extension'), 'autoAdd'), true);
// password warning
$profilePwdWarning = new htmlTableExtendedInputField(_('Password warning'), 'shadowAccount_shadowWarning', null, 'shadowWarning');
$profilePwdWarning->setFieldSize(5);
$profilePwdWarning->setFieldMaxLength(4);
$profileOptionsTable->addElement($profilePwdWarning, true);
// password expiration
$profilePwdExpiration = new htmlTableExtendedInputField(_('Password expiration'), 'shadowAccount_shadowInactive', null, 'shadowInactive');
$profilePwdExpiration->setFieldSize(5);
$profilePwdExpiration->setFieldMaxLength(4);
$profileOptionsTable->addElement($profilePwdExpiration, true);
// minimum password age
$profilePwdMinAge = new htmlTableExtendedInputField(_('Minimum password age'), 'shadowAccount_shadowMin', null, 'shadowMin');
$profilePwdMinAge->setFieldSize(5);
$profilePwdMinAge->setFieldMaxLength(5);
$profileOptionsTable->addElement($profilePwdMinAge, true);
// maximum password age
$profilePwdMinAge = new htmlTableExtendedInputField(_('Maximum password age'), 'shadowAccount_shadowMax', null, 'shadowMax');
$profilePwdMinAge->setFieldSize(5);
$profilePwdMinAge->setFieldMaxLength(5);
$profileOptionsTable->addElement($profilePwdMinAge, true);
// expiration date
$profileOptionsTable->addElement(new htmlOutputText(_('Account expiration date')));
$profileOptionsExpire = new htmlTable();
$profileOptionsExpire->addElement(new htmlSelect('shadowAccount_shadowExpire_day', $day, array('1')));
$profileOptionsExpire->addElement(new htmlSelect('shadowAccount_shadowExpire_mon', $mon, array('1')));
$profileOptionsExpire->addElement(new htmlSelect('shadowAccount_shadowExpire_yea', $year, array('2030')));
$profileOptionsTable->addElement($profileOptionsExpire);
$profileOptionsTable->addElement(new htmlHelpLink('shadowExpire'));
$return['profile_options'] = $profileOptionsTable;
added integer comparison for profile options
2004-07-13 14:51:28 +00:00
// profile checks
use preg-checks
2004-09-26 15:55:29 +00:00
$return['profile_checks']['shadowAccount_shadowMin'] = array(
'type' => 'ext_preg',
'regex' => 'digit',
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
'error_message' => $this->messages['shadowMin'][0]);
use preg-checks
2004-09-26 15:55:29 +00:00
$return['profile_checks']['shadowAccount_shadowMax'] = array(
'type' => 'ext_preg',
'regex' => 'digit',
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
'error_message' => $this->messages['shadowMax'][0]);
use preg-checks
2004-09-26 15:55:29 +00:00
$return['profile_checks']['shadowAccount_cmp'] = array(
'type' => 'int_greater',
'cmp_name1' => 'shadowAccount_shadowMax',
'cmp_name2' => 'shadowAccount_shadowMin',
'error_message' => $this->messages['shadow_cmp'][0]);
$return['profile_checks']['shadowAccount_shadowInactive'] = array(
'type' => 'ext_preg',
'regex' => 'digit2',
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
'error_message' => $this->messages['inactive'][0]);
use preg-checks
2004-09-26 15:55:29 +00:00
$return['profile_checks']['shadowAccount_shadowWarning'] = array(
'type' => 'ext_preg',
'regex' => 'digit',
added new get_preg function. Changed all modules to use get_reg Changed Status Messages in Module. Thex are now all stored in a single array. Changed Password handling in psoxGroup and posixAccount
2004-09-26 13:48:52 +00:00
'error_message' => $this->messages['shadowWarning'][0]);
implemented profile loading
2005-01-29 15:14:13 +00:00
// profile mappings
$return['profile_mappings'] = array(
'shadowAccount_shadowWarning' => 'shadowWarning',
'shadowAccount_shadowInactive' => 'shadowInactive',
'shadowAccount_shadowMin' => 'shadowMin',
'shadowAccount_shadowMax' => 'shadowMax'
);
PHPDoc coments added; refactored some things by using the meta array;
2004-08-17 15:16:17 +00:00
// available PDF fields
*** empty log message ***
2004-10-30 16:46:06 +00:00
$return['PDF_fields'] = array(
implemented descriptive PDF fields
2010-04-05 10:13:37 +00:00
'shadowLastChange' => _('Last password change'),
'shadowWarning' => _('Password warning'),
'shadowInactive' => _('Account inactive'),
'shadowExpire' => _('Password expiration')
*** empty log message ***
2004-10-30 16:46:06 +00:00
);
help entries added; data is double in this->meta und in get_help() funktion
2004-09-08 17:39:06 +00:00
// help Entries
*** empty log message ***
2004-10-30 16:46:06 +00:00
$return['help'] = array (
'shadowWarning' => array (
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Password warning"), 'attr' => 'shadowWarning',
updated help
2007-10-28 15:06:59 +00:00
"Text" => _("Days before password is to expire that user is warned of pending password expiration. If set value must be >0."). ' '. _("Can be left empty.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'shadowInactive' => array (
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Password expiration"), 'attr' => 'shadowInactive',
*** empty log message ***
2004-10-30 16:46:06 +00:00
"Text" => _("Number of days a user can login even his password has expired. -1=always."). ' '. _("Can be left empty.")
),
'shadowMin' => array (
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Minimum password age"), 'attr' => 'shadowMin',
updated help
2007-10-28 15:06:59 +00:00
"Text" => _("Number of days a user has to wait until he is allowed to change his password again. If set value must be >0."). ' '. _("Can be left empty.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'shadowMax' => array (
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Maximum password age"), 'attr' => 'shadowMax',
updated help
2007-10-28 15:06:59 +00:00
"Text" => _("Number of days after a user has to change his password again. If set value must be >0."). ' '. _("Can be left empty.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
),
'shadowExpire' => array (
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Account expiration date"), 'attr' => 'shadowExpire',
added defaults for expiration date
2005-10-01 07:23:57 +00:00
"Text" => _("This is the date when the account will expire. Format: DD-MM-YYYY")
allow to remove the extension
2009-12-20 14:35:42 +00:00
),
'autoAdd' => array(
"Headline" => _("Automatically add this extension"),
"Text" => _("This will enable the extension automatically if this profile is loaded.")
allow to expire password
2010-08-05 20:42:11 +00:00
),
'shadowLastChange' => array(
technical attribute names for help
2012-02-04 15:56:31 +00:00
"Headline" => _("Last password change"), 'attr' => 'shadowLastChange',
allow to expire password
2010-08-05 20:42:11 +00:00
"Text" => _("This is the date when the user changed his password. If you specify a maximum password age then you can force a password change here.")
*** empty log message ***
2004-10-30 16:46:06 +00:00
)
);
added upload
2004-11-08 19:48:39 +00:00
// upload fields
$return['upload_columns'] = array(
array(
'name' => 'shadowAccount_warning',
'description' => _('Password warning'),
'help' => 'shadowWarning',
'example' => '14'
),
array(
fixed errors in upload
2010-11-20 19:57:32 +00:00
'name' => 'shadowAccount_ignoreExpire',
translation update
2004-11-10 14:00:00 +00:00
'description' => _('Password expiration'),
added upload
2004-11-08 19:48:39 +00:00
'help' => 'shadowInactive',
'example' => '7'
),
array(
'name' => 'shadowAccount_minAge',
'description' => _('Minimum password age'),
'help' => 'shadowMin',
'example' => '1'
),
array(
'name' => 'shadowAccount_maxAge',
'description' => _('Maximum password age'),
'help' => 'shadowMax',
'example' => '365'
),
array(
translation update
2004-11-10 14:00:00 +00:00
'name' => 'shadowAccount_expireDate',
added defaults for expiration date
2005-10-01 07:23:57 +00:00
'description' => _('Account expiration date'),
added upload
2004-11-08 19:48:39 +00:00
'help' => 'shadowExpire',
'example' => '17-07-2011'
)
);
moved can_manage() to baseModule
2004-06-13 19:58:58 +00:00
return $return;
}
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
/**
* Returns a list of modifications which have to be made to the LDAP account.
*
* @return array list of modifications
* <br>This function returns an array with 3 entries:
* <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid)
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
enhanced wildcards for custom scripts
2011-02-26 13:14:10 +00:00
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
*/
function save_attributes() {
allow to remove extension
2009-12-18 21:02:21 +00:00
if (!in_array('shadowAccount', $this->attributes['objectClass']) && !in_array('shadowAccount', $this->orig['objectClass'])) {
// skip saving if the extension was not added/modified
made shadowAccount optional
2008-10-21 18:47:45 +00:00
return array();
}
allow to remove extension
2009-12-18 21:02:21 +00:00
return parent::save_attributes();
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
}
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
/**
no longer allow integer results from process_..., updated documentation
2005-09-07 12:58:34 +00:00
* Processes user input of the primary module page.
* It checks if all input values are correct and updates the associated LDAP attributes.
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
*
no longer allow integer results from process_..., updated documentation
2005-09-07 12:58:34 +00:00
* @return array list of info/error messages
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
*/
removed $post parameter
2006-08-14 17:24:27 +00:00
function process_attributes() {
allow to remove extension
2009-12-18 21:02:21 +00:00
if (isset($_POST['form_subpage_shadowAccount_attributes_remObjectClass'])) {
$this->attributes['objectClass'] = array_delete(array('shadowAccount'), $this->attributes['objectClass']);
if (isset($this->attributes['shadowMin'])) unset($this->attributes['shadowMin']);
if (isset($this->attributes['shadowMax'])) unset($this->attributes['shadowMax']);
if (isset($this->attributes['shadowWarning'])) unset($this->attributes['shadowWarning']);
if (isset($this->attributes['shadowInactive'])) unset($this->attributes['shadowInactive']);
if (isset($this->attributes['shadowLastChange'])) unset($this->attributes['shadowLastChange']);
if (isset($this->attributes['shadowExpire'])) unset($this->attributes['shadowExpire']);
if (isset($this->attributes['shadowFlag'])) unset($this->attributes['shadowFlag']);
return array();
}
made shadowAccount optional
2008-10-21 18:47:45 +00:00
if (!in_array('shadowAccount', $this->attributes['objectClass'])) {
return array();
}
fixed error handling
2006-05-17 17:57:42 +00:00
$errors = array();
improved support for config of modules
2003-12-30 15:36:30 +00:00
// Load attributes
removed $post parameter
2006-08-14 17:24:27 +00:00
$this->attributes['shadowMin'][0] = $_POST['shadowMin'];
$this->attributes['shadowMax'][0] = $_POST['shadowMax'];
$this->attributes['shadowWarning'][0] = $_POST['shadowWarning'];
$this->attributes['shadowInactive'][0] = $_POST['shadowInactive'];
removed grouping of error messages
2006-08-16 17:42:35 +00:00
if ( !get_preg($this->attributes['shadowMin'][0], 'digit')) $errors[] = $this->messages['shadowMin'][0];
if ( !get_preg($this->attributes['shadowMax'][0], 'digit')) $errors[] = $this->messages['shadowMax'][0];
if ( $this->attributes['shadowMin'][0] > $this->attributes['shadowMax'][0]) $errors[] = $this->messages['shadow_cmp'][0];
if ( !get_preg($this->attributes['shadowInactive'][0], 'digit2')) $errors[] = $this->messages['inactive'][0];
if ( !get_preg($this->attributes['shadowWarning'][0], 'digit')) $errors[] = $this->messages['shadowWarning'][0];
allow to expire password
2010-08-05 20:42:11 +00:00
if (isset($_POST['form_subpage_shadowAccount_attributes_expirePassword']) && isset($this->attributes['shadowMax'][0]) && ($this->attributes['shadowMax'][0] != 0)) {
$this->attributes['shadowLastChange'][0] = intval(time()/3600/24) - $this->attributes['shadowMax'][0] - 1;
}
fixed error handling
2006-05-17 17:57:42 +00:00
return $errors;
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
}
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
/**
* This function will create the meta HTML code to show a page with all attributes.
*
* @return array meta HTML code
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
*/
removed $post parameter
2006-08-14 17:24:27 +00:00
function display_html_attributes() {
made shadowAccount optional
2008-10-21 18:47:45 +00:00
if (isset($_POST['form_subpage_shadowAccount_attributes_addObjectClass'])) {
$this->attributes['objectClass'][] = 'shadowAccount';
better management of expiration date
2006-10-18 16:58:29 +00:00
}
use new meta HTML
2010-08-02 19:24:58 +00:00
$return = new htmlTable();
made shadowAccount optional
2008-10-21 18:47:45 +00:00
if (in_array('shadowAccount', $this->attributes['objectClass'])) {
$shWarning = '';
if (isset($this->attributes['shadowWarning'][0])) {
$shWarning = $this->attributes['shadowWarning'][0];
}
use new meta HTML
2010-08-02 19:24:58 +00:00
$pwdWarnInput = new htmlTableExtendedInputField(_('Password warning'), 'shadowWarning', $shWarning, 'shadowWarning');
$pwdWarnInput->setFieldMaxLength(4);
$pwdWarnInput->setFieldSize(5);
client-side validation
2011-10-16 12:06:00 +00:00
$pwdWarnInput->setValidationRule(htmlElement::VALIDATE_NUMERIC);
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement($pwdWarnInput, true);
allow to expire password
2010-08-05 20:42:11 +00:00
made shadowAccount optional
2008-10-21 18:47:45 +00:00
$shPwdExpiration = '';
if (isset($this->attributes['shadowInactive'][0])) $shPwdExpiration = $this->attributes['shadowInactive'][0];
use new meta HTML
2010-08-02 19:24:58 +00:00
$pwdExpInput = new htmlTableExtendedInputField(_('Password expiration'), 'shadowInactive', $shPwdExpiration, 'shadowInactive');
$pwdExpInput->setFieldMaxLength(4);
$pwdExpInput->setFieldSize(5);
client-side validation
2011-10-16 12:06:00 +00:00
$pwdExpInput->setValidationRule(htmlElement::VALIDATE_NUMERIC);
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement($pwdExpInput, true);
allow to expire password
2010-08-05 20:42:11 +00:00
made shadowAccount optional
2008-10-21 18:47:45 +00:00
$shMinAge = '';
if (isset($this->attributes['shadowMin'][0])) $shMinAge = $this->attributes['shadowMin'][0];
use new meta HTML
2010-08-02 19:24:58 +00:00
$minAgeInput = new htmlTableExtendedInputField(_('Minimum password age'), 'shadowMin', $shMinAge, 'shadowMin');
$minAgeInput->setFieldMaxLength(5);
$minAgeInput->setFieldSize(5);
client-side validation
2011-10-16 12:06:00 +00:00
$minAgeInput->setValidationRule(htmlElement::VALIDATE_NUMERIC);
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement($minAgeInput, true);
allow to expire password
2010-08-05 20:42:11 +00:00
made shadowAccount optional
2008-10-21 18:47:45 +00:00
$shMaxAge = '';
if (isset($this->attributes['shadowMax'][0])) $shMaxAge = $this->attributes['shadowMax'][0];
use new meta HTML
2010-08-02 19:24:58 +00:00
$maxAgeInput = new htmlTableExtendedInputField(_('Maximum password age'), 'shadowMax', $shMaxAge, 'shadowMax');
$maxAgeInput->setFieldMaxLength(5);
$maxAgeInput->setFieldSize(5);
client-side validation
2011-10-16 12:06:00 +00:00
$maxAgeInput->setValidationRule(htmlElement::VALIDATE_NUMERIC);
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement($maxAgeInput, true);
allow to expire password
2010-08-05 20:42:11 +00:00
made shadowAccount optional
2008-10-21 18:47:45 +00:00
$expirationDate = "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
if (isset($this->attributes['shadowExpire'][0])) {
$shAccExpirationDate = $this->attributes['shadowExpire'][0];
$date = getdate($shAccExpirationDate*3600*24);
$expirationDate = $date['mday'] . "." . $date['mon'] . "." . $date['year'];
}
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement(new htmlOutputText(_('Account expiration date')));
$expireTable = new htmlTable();
$expireTable->addElement(new htmlOutputText($expirationDate, false));
$expireTable->addElement(new htmlAccountPageButton('shadowAccount', 'expire', 'open', _('Change')));
$return->addElement($expireTable);
$return->addElement(new htmlHelpLink('shadowExpire'), true);
allow to expire password
2010-08-05 20:42:11 +00:00
$pwdChangeDate = "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
if (isset($this->attributes['shadowLastChange'][0])) {
$shPwdChangeDate = $this->attributes['shadowLastChange'][0];
$date = getdate($shPwdChangeDate*3600*24);
$pwdChangeDate = $date['mday'] . "." . $date['mon'] . "." . $date['year'];
}
$return->addElement(new htmlOutputText(_('Last password change')));
$pwdChangeTable = new htmlTable();
$pwdChangeTable->addElement(new htmlOutputText($pwdChangeDate, false));
if (isset($this->attributes['shadowMax'][0]) && ($this->attributes['shadowMax'][0] != '')) {
$pwdChangeTable->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'expirePassword', _('Force password change')));
}
$return->addElement($pwdChangeTable);
$return->addElement(new htmlHelpLink('shadowLastChange'), true);
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement(new htmlOutputText(''), true);
$remButton = new htmlAccountPageButton('shadowAccount', 'attributes', 'remObjectClass', _('Remove Shadow account extension'));
$remButton->colspan = 4;
$return->addElement($remButton);
made shadowAccount optional
2008-10-21 18:47:45 +00:00
}
else {
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'addObjectClass', _('Add Shadow account extension')));
better management of expiration date
2006-10-18 16:58:29 +00:00
}
return $return;
}
/**
* Processes user input of the expiration page.
* It checks if all input values are correct and updates the associated LDAP attributes.
*
* @return array list of info/error messages
*/
function process_expire() {
$errors = array();
// set expiration date
if (isset($_POST['form_subpage_shadowAccount_attributes_change'])) {
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
$this->setExpirationDate($_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
sync with Kerberos
2012-02-18 13:47:49 +00:00
// sync other modules
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
if (isset($_POST['syncSamba']) && ($_POST['syncSamba'] == 'on')) {
$this->getAccountContainer()->getAccountModule('sambaSamAccount')->setExpirationDate(
$_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
}
sync with Kerberos
2012-02-18 13:47:49 +00:00
if (isset($_POST['syncHeimdal']) && ($_POST['syncHeimdal'] == 'on')) {
$this->getAccountContainer()->getAccountModule('heimdalKerberos')->setExpirationDate(
$_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
}
support MIT Kerberos
2012-11-11 11:35:45 +00:00
if (isset($_POST['syncMIT']) && ($_POST['syncMIT'] == 'on')) {
$this->getAccountContainer()->getAccountModule('mitKerberos')->setExpirationDate(
$_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
}
if (isset($_POST['syncMITStructural']) && ($_POST['syncMITStructural'] == 'on')) {
$this->getAccountContainer()->getAccountModule('mitKerberosStructural')->setExpirationDate(
$_POST['shadowExpire_yea'], $_POST['shadowExpire_mon'], $_POST['shadowExpire_day']);
}
better management of expiration date
2006-10-18 16:58:29 +00:00
}
// remove expiration date
elseif (isset($_POST['form_subpage_shadowAccount_attributes_del'])) {
unset($this->attributes['shadowExpire']);
sync with Kerberos
2012-02-18 13:47:49 +00:00
// sync other modules
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
if (isset($_POST['syncSamba']) && ($_POST['syncSamba'] == 'on')) {
$this->getAccountContainer()->getAccountModule('sambaSamAccount')->setExpirationDate(
null, null, null);
}
sync with Kerberos
2012-02-18 13:47:49 +00:00
if (isset($_POST['syncHeimdal']) && ($_POST['syncHeimdal'] == 'on')) {
$this->getAccountContainer()->getAccountModule('heimdalKerberos')->setExpirationDate(
null, null, null);
}
support MIT Kerberos
2012-11-11 11:35:45 +00:00
if (isset($_POST['syncMIT']) && ($_POST['syncMIT'] == 'on')) {
$this->getAccountContainer()->getAccountModule('mitKerberos')->setExpirationDate(
null, null, null);
}
if (isset($_POST['syncMITStructural']) && ($_POST['syncMITStructural'] == 'on')) {
$this->getAccountContainer()->getAccountModule('mitKerberosStructural')->setExpirationDate(
null, null, null);
}
better management of expiration date
2006-10-18 16:58:29 +00:00
}
return $errors;
}
/**
* This function will create the meta HTML code to show a page with the expiration date.
*
* @return array meta HTML code
*/
function display_html_expire() {
use new meta HTML
2010-08-02 19:24:58 +00:00
$return = new htmlTable();
better management of expiration date
2006-10-18 16:58:29 +00:00
$shAccExpirationDate = 0;
if (isset($this->attributes['shadowExpire'][0])) {
$shAccExpirationDate = $this->attributes['shadowExpire'][0];
}
$date = getdate($shAccExpirationDate*3600*24);
added support for profile, config and help in modules
2004-01-27 19:07:31 +00:00
for ( $i=1; $i<=31; $i++ ) $mday[] = $i;
for ( $i=1; $i<=12; $i++ ) $mon[] = $i;
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
for ( $i=2003; $i<=2050; $i++ ) $year[] = $i;
use new meta HTML
2010-08-02 19:24:58 +00:00
$return->addElement(new htmlOutputText(_('Account expiration date')));
$expTable = new htmlTable();
$expTable->addElement(new htmlSelect('shadowExpire_day', $mday, array($date['mday'])));
$expTable->addElement(new htmlSelect('shadowExpire_mon', $mon, array($date['mon'])));
$expTable->addElement(new htmlSelect('shadowExpire_yea', $year, array($date['year'])));
$return->addElement($expTable);
$return->addElement(new htmlHelpLink('shadowExpire'), true);
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
if ($this->getAccountContainer()->getAccountModule('sambaSamAccount') != null) {
$return->addElement(new htmlTableExtendedInputCheckbox('syncSamba', false, _('Set also for Samba 3')), true);
}
sync with Kerberos
2012-02-18 13:47:49 +00:00
if ($this->getAccountContainer()->getAccountModule('heimdalKerberos') != null) {
$return->addElement(new htmlTableExtendedInputCheckbox('syncHeimdal', false, _('Set also for Kerberos')), true);
}
support MIT Kerberos
2012-11-11 11:35:45 +00:00
if ($this->getAccountContainer()->getAccountModule('mitKerberos') != null) {
$return->addElement(new htmlTableExtendedInputCheckbox('syncMIT', false, _('Set also for Kerberos')), true);
}
if ($this->getAccountContainer()->getAccountModule('mitKerberosStructural') != null) {
$return->addElement(new htmlTableExtendedInputCheckbox('syncMITStructural', false, _('Set also for Kerberos')), true);
}
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
$return->addElement(new htmlSpacer(null, '10px'), true);
use new meta HTML
2010-08-02 19:24:58 +00:00
$buttonTable = new htmlTable();
$buttonTable->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'change', _('Change')));
better management of expiration date
2006-10-18 16:58:29 +00:00
if (isset($this->attributes['shadowExpire'][0])) {
use new meta HTML
2010-08-02 19:24:58 +00:00
$buttonTable->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'del', _('Remove')));
better management of expiration date
2006-10-18 16:58:29 +00:00
}
use new meta HTML
2010-08-02 19:24:58 +00:00
$buttonTable->addElement(new htmlAccountPageButton('shadowAccount', 'attributes', 'back', _('Cancel')));
$buttonTable->colspan=3;
$return->addElement($buttonTable);
return $return;
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
}
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
/**
code cleanup: removed obsolete parameter from get_pdfentries() and updated PHPDoc comments
2005-10-09 18:05:32 +00:00
* Returns the PDF entries for this module.
removed $post parameter
2006-08-14 17:24:27 +00:00
*
code cleanup: removed obsolete parameter from get_pdfentries() and updated PHPDoc comments
2005-10-09 18:05:32 +00:00
* @return array list of possible PDF entries
code cleanup and updated documentation
2005-08-14 11:38:06 +00:00
*/
function get_pdfEntries() {
fixed PHP notices
2011-01-09 16:20:21 +00:00
$shadowLastChange = '';
if (isset($this->attributes['shadowLastChange'][0])) {
$shadowLastChange = date('d. m. Y',$this->attributes['shadowLastChange'][0]*24*3600);
}
$shadowWarn = '';
if (isset($this->attributes['shadowWarn'][0])) {
$shadowWarn = $this->attributes['shadowWarn'][0];
}
$shadowInactive = '';
if (isset($this->attributes['shadowInactive'][0])) {
$shadowInactive = $this->attributes['shadowInactive'][0];
}
$shadowExpire = '';
if (isset($this->attributes['shadowExpire'][0])) {
$shadowExpire = date('d. m. Y',$this->attributes['shadowExpire'][0]*24*3600);
}
$shadowMin = '';
if (isset($this->attributes['shadowMin'][0])) {
$shadowMin = $this->attributes['shadowMin'][0];
}
$shadowMax = '';
if (isset($this->attributes['shadowMax'][0])) {
$shadowMax = $this->attributes['shadowMax'][0];
}
return array('shadowAccount_shadowLastChange' => array('<block><key>' . _('Last password change') . '</key><value>' . $shadowLastChange . '</value></block>'),
'shadowAccount_shadowWarning' => array('<block><key>' . _('Password warning') . '</key><value>' . $shadowWarn . '</value><block>'),
'shadowAccount_shadowInactive' => array('<block><key>' . _('Password expiration') . '</key><value>' . $shadowInactive . '</value></block>'),
'shadowAccount_shadowExpire' => array('<block><key>' . _('Account expiration date') . '</key><value>' . $shadowExpire . '</value></block>'),
'shadowAccount_shadowMinAge' => array('<block><key>' . _('Minimum password age') . '</key><value>' . $shadowMin . '</value><block>'),
'shadowAccount_shadowMaxAge' => array('<block><key>' . _('Maximum password age') . '</key><value>' . $shadowMax . '</value><block>'),
allow to expire password
2010-08-05 20:42:11 +00:00
);
dummy implemenation of get_pdfEntries added for each module class;account,inetOrgPerson and posixAccount partially implemented
2004-05-24 21:39:57 +00:00
}
added check_profileOptions() dummy
2004-03-14 17:33:05 +00:00
added upload
2004-11-08 19:48:39 +00:00
/**
* In this function the LDAP account is built up.
*
* @param array $rawAccounts list of hash arrays (name => value) from user input
* @param array $ids list of IDs for column position (e.g. "posixAccount_uid" => 5)
PHPDoc update
2012-07-15 12:05:47 +00:00
* @param array $partialAccounts list of hash arrays (name => value) which are later added to LDAP
allow to selected modules for file upload
2010-02-15 20:21:44 +00:00
* @param array $selectedModules list of selected account modules
added upload
2004-11-08 19:48:39 +00:00
* @return array list of error messages if any
*/
allow to selected modules for file upload
2010-02-15 20:21:44 +00:00
function build_uploadAccounts($rawAccounts, $ids, &$partialAccounts, $selectedModules) {
added upload
2004-11-08 19:48:39 +00:00
$messages = array();
for ($i = 0; $i < sizeof($rawAccounts); $i++) {
// add object class
if (!in_array("shadowAccount", $partialAccounts[$i]['objectClass'])) $partialAccounts[$i]['objectClass'][] = "shadowAccount";
set shadowLastChange
2006-02-23 18:48:20 +00:00
// shadow last change
$partialAccounts[$i]['shadowLastChange'] = array(intval(time()/3600/24));
added upload
2004-11-08 19:48:39 +00:00
// password warning
if ($rawAccounts[$i][$ids['shadowAccount_warning']] != '') {
if (get_preg($rawAccounts[$i][$ids['shadowAccount_warning']], 'digit')) {
$partialAccounts[$i]['shadowWarning'][] = $rawAccounts[$i][$ids['shadowAccount_warning']];
}
else {
$errMsg = $this->messages['shadowWarning'][1];
array_push($errMsg, array($i));
$messages[] = $errMsg;
}
}
// password expire ignoration
if ($rawAccounts[$i][$ids['shadowAccount_ignoreExpire']] != '') {
if (get_preg($rawAccounts[$i][$ids['shadowAccount_ignoreExpire']], 'digit2')) {
$partialAccounts[$i]['shadowInactive'][] = $rawAccounts[$i][$ids['shadowAccount_ignoreExpire']];
}
else {
$errMsg = $this->messages['inactive'][1];
array_push($errMsg, array($i));
$messages[] = $errMsg;
}
}
// password minAge
if ($rawAccounts[$i][$ids['shadowAccount_minAge']] != '') {
if (get_preg($rawAccounts[$i][$ids['shadowAccount_minAge']], 'digit')) {
$partialAccounts[$i]['shadowMin'][] = $rawAccounts[$i][$ids['shadowAccount_minAge']];
}
else {
$errMsg = $this->messages['shadowMin'][1];
array_push($errMsg, array($i));
$messages[] = $errMsg;
}
}
// password maxAge
if ($rawAccounts[$i][$ids['shadowAccount_maxAge']] != '') {
if (get_preg($rawAccounts[$i][$ids['shadowAccount_maxAge']], 'digit')) {
$partialAccounts[$i]['shadowMax'][] = $rawAccounts[$i][$ids['shadowAccount_maxAge']];
}
else {
$errMsg = $this->messages['shadowMax'][1];
array_push($errMsg, array($i));
$messages[] = $errMsg;
}
}
// minAge <= maxAge
if ((($rawAccounts[$i][$ids['shadowAccount_minAge']] != '') || ($rawAccounts[$i][$ids['shadowAccount_maxAge']] != '')) && // if at least one is set
(($rawAccounts[$i][$ids['shadowAccount_minAge']] == '') || ($rawAccounts[$i][$ids['shadowAccount_maxAge']] == '') || ( // and one is not set
($rawAccounts[$i][$ids['shadowAccount_minAge']] > $rawAccounts[$i][$ids['shadowAccount_maxAge']])))) { // or minAge > maxAge
$errMsg = $this->messages['shadow_cmp'][1];
array_push($errMsg, array($i));
$messages[] = $errMsg;
}
// expiration date
fixed errors in upload
2010-11-20 19:57:32 +00:00
if ($rawAccounts[$i][$ids['shadowAccount_expireDate']] != '') {
if (get_preg($rawAccounts[$i][$ids['shadowAccount_expireDate']], 'date')) {
$parts = explode('-', $rawAccounts[$i][$ids['shadowAccount_expireDate']]);
fixed mktime calls
2006-06-29 15:21:44 +00:00
$partialAccounts[$i]['shadowExpire'][] = intval(mktime(0, 0, 0, intval($parts[1]), intval($parts[0]), intval($parts[2]))/3600/24);
added upload
2004-11-08 19:48:39 +00:00
}
else {
$errMsg = $this->messages['shadow_expireDate'][0];
array_push($errMsg, array($i));
$messages[] = $errMsg;
}
}
}
return $messages;
}
implemented profile loading
2005-01-29 15:14:13 +00:00
/**
* Loads the values of an account profile into internal variables.
*
* @param array $profile hash array with profile values (identifier => value)
*/
function load_profile($profile) {
// profile mappings in meta data
parent::load_profile($profile);
allow to remove the extension
2009-12-20 14:35:42 +00:00
// add extension
fixed PHP notices
2011-01-09 14:38:00 +00:00
if (isset($profile['shadowAccount_addExt'][0]) && ($profile['shadowAccount_addExt'][0] == "true")) {
allow to remove the extension
2009-12-20 14:35:42 +00:00
if (!in_array('shadowAccount', $this->attributes['objectClass'])) {
$this->attributes['objectClass'][] = 'shadowAccount';
}
}
implemented profile loading
2005-01-29 15:14:13 +00:00
// expiration date
if (isset($profile['shadowAccount_shadowExpire_day'][0]) && ($profile['shadowAccount_shadowExpire_day'][0] != "")) {
fixed mktime calls
2006-06-29 15:21:44 +00:00
$date = intval(mktime(0, 0, 0, intval($profile['shadowAccount_shadowExpire_mon'][0]),
fixed warnings about mktime()
2006-02-23 08:22:22 +00:00
intval($profile['shadowAccount_shadowExpire_day'][0]), intval($profile['shadowAccount_shadowExpire_yea'][0]))/3600/24);
implemented profile loading
2005-01-29 15:14:13 +00:00
$this->attributes['shadowExpire'][0] = $date;
}
}
removed $post parameter
2006-08-14 17:24:27 +00:00
added central password service
2009-10-09 18:21:12 +00:00
/**
* This method specifies if a module manages password attributes.
* @see passwordService::managesPasswordAttributes
*
* @return boolean true if this module manages password attributes
*/
public function managesPasswordAttributes() {
// only listen to password changes
return false;
}
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
/**
* Specifies if this module supports to force that a user must change his password on next login.
*
* @return boolean force password change supported
*/
public function supportsForcePasswordChange() {
return true;
}
added central password service
2009-10-09 18:21:12 +00:00
/**
* This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name.
*
* @param String $password new password
* @param $modules list of modules for which the password should be changed
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
* @param boolean $forcePasswordChange force the user to change his password at next login
added central password service
2009-10-09 18:21:12 +00:00
* @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.'))
* @see passwordService::passwordChangeRequested
*/
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
public function passwordChangeRequested($password, $modules, $forcePasswordChange) {
added central password service
2009-10-09 18:21:12 +00:00
// update password timestamp when Unix password was updated
if (!in_array('posixAccount', $modules)) {
return array();
}
add object class check for password changes
2009-11-24 11:39:41 +00:00
if (in_array_ignore_case('shadowAccount', $this->attributes['objectClass'])) {
$this->attributes['shadowLastChange'][0] = intval(time()/3600/24);
allow to force password change in password dialog
2012-01-15 19:34:14 +00:00
if ($forcePasswordChange && isset($this->attributes['shadowMax'][0]) && ($this->attributes['shadowMax'][0] != 0)) {
$this->attributes['shadowLastChange'][0] = intval(time()/3600/24) - $this->attributes['shadowMax'][0] - 1;
}
add object class check for password changes
2009-11-24 11:39:41 +00:00
}
added central password service
2009-10-09 18:21:12 +00:00
return array();
}
allow to sync expiration date (RFE 3147751)
2011-02-24 19:30:00 +00:00
/**
* Sets the expiration date of this account.
* If all parameters are null the expiration date will be removed.
*
* @param String $year year (e.g. 2040)
* @param String $month month (e.g. 8)
* @param String $day day (e.g. 27)
*/
public function setExpirationDate($year, $month, $day) {
if (($year == null) && ($month == null) && ($day == null)) {
unset($this->attributes['shadowExpire']);
return;
}
$this->attributes['shadowExpire'][0] = intval(gmmktime(0, 0, 0, intval($month), intval($day),
intval($year))/3600/24);
}
added central password service
2009-10-09 18:21:12 +00:00
added dummy getProfileOptions() functions
2004-03-09 12:03:39 +00:00
}
Removed little bug when moving groups to another dn. It has worked but an error has shown. Improved new module design. It's now possible to create and modify users if they're only using inetOrgPerson and posixAccount.
2003-12-19 12:45:23 +00:00
?>