WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

improved modules. 

It's nearly possible to create and modify users
This commit is contained in:
katagia 2003-12-20 19:24:01 +00:00
parent 5782108a0f
commit 2162935f53
4 changed files with 209 additions and 384 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
lam/lib/account.inc
View File

@ -242,6 +242,10 @@ class main {
return array();
}
function module_ready() {
return true;
}
function display_html_attributes($post) {
$function = '$profilelist = get'.ucfirst($_SESSION[$this->base]->type).'Profiles();';
eval($function);
@ -476,12 +480,12 @@ class accountContainer {
$function = '$result = $this->module[$this->order[$this->module[\'main\']->current_page]]->proccess_'.$this->module['main']->subpage.'($post);';
eval ($function);
if (is_string($result)) $this->module['main']->subpage = $result;
if (is_int($result)) {
for ($i=0; $i<count($this->order); $i++ ) {
if ($post['form_main_'.$this->order[$i]]) $this->module['main']->current_page = $i;
}
$this->module['main']->subpage='attributes';
}
if (is_int($result))
for ($i=0; $i<count($this->order); $i++ )
if ($post['form_main_'.$this->order[$i]]) {
$this->module['main']->current_page = $i;
$this->module['main']->subpage='attributes';
}
// Write HTML-Code
echo $_SESSION[$this->header2];
@ -490,7 +494,7 @@ class accountContainer {
echo "</title>\n";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
echo "</head><body>\n";
echo "<form action=\"useredit.php\" method=\"post\">\n";
echo "<form action=\"".$this->type."edit.php\" method=\"post\">\n";
// Display errir-messages
if (is_array($result))
for ($i=0; $i<sizeof($result); $i++) StatusMessage($result[$i][0], $result[$i][1], $result[$i][2]);
@ -498,12 +502,12 @@ class accountContainer {
// Create left module-menu
echo "<table border=0 width=\"100%\">\n<tr><td valign=\"top\" width=\"15%\" >";
echo "<table><tr>";
echo "<td><fieldset class=\"useredit-dark\"><legend class=\"useredit-bright\"><b>";
echo "<td><fieldset class=\"".$this->type."edit-dark\"><legend class=\"".$this->type."edit-bright\"><b>";
echo _('Please select page:');
echo "</b></legend>\n";
// Loop for module
for ($i=0; $i<count($this->order); $i++ ) {
if ($this->order[$i]==$this->order[$this->module['main']->current_page]) {
if ($this->order[$i]==$this->order[$this->module['main']->current_page] || !$this->module[$this->order[$i]]->module_ready() ) {
// print disabled button
echo "<input name=\"form_main_".$this->order[$i]."\" type=\"submit\" value=\"";
echo $this->module[$this->order[$i]]->alias;
@ -568,7 +572,6 @@ class accountContainer {
else $this->attributes[$attribute][$objectClass] = 'MAY';
}
}
// Get attributes of subclasses
while (strpos($_SESSION[$this->ldap]->objectClasses[$line], "SUP ")) {
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'SUP ')+4);
@ -579,8 +582,6 @@ class accountContainer {
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (sprintf(_("objectClass %s required but not defined in ldap."), $objectClass), E_USER_WARNING);
// create array with must-attributes
// Get startposition in string
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')) {
@ -631,6 +632,132 @@ class accountContainer {
return 0;
}
/* This function return ldap attributes which are uses by $objectClass
* Syntax is get_attributes($objectClass)
* Return is an array with all allowed attributes
*/
function get_module_attributes($objectClass) {
// Add account type to object
$line=-1;
for ($i=0; $i<count($_SESSION[$this->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME '$objectClass'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), $objectClass), E_USER_WARNING);
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad must
foreach (explode(" $ ", $string) as $attribute) {
$return[$attribute] = '';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad may
foreach (explode(" $ ", $string) as $attribute) {
$return[$attribute] = '';
}
}
// Get attributes of subclasses
while (strpos($_SESSION[$this->ldap]->objectClasses[$line], "SUP ")) {
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'SUP ')+4);
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
// Add account type to object
for ($i=0; $i<count($_SESSION[$this->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$this->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), $subclass), E_USER_WARNING);
// create array with must-attributes
// Get startposition in string
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad must
foreach (explode(" $ ", $string) as $attribute) {
$return[$attribute] = '';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$this->ldap]->objectClasses[$line], strpos($_SESSION[$this->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad may
foreach (explode(" $ ", $string) as $attribute) {
$return[$attribute] = '';
}
}
}
return $return;
}
/* This function return ldap attributes which are uses by $objectClass
* Syntax is get_attributes($attributes, $orig)
* Return is an array as needed for $this->saveAccount()
*/
function save_module_attributes($attributes, $orig) {
// Get list of all "easy" attributes
$attr_names = array_keys($attributes);
// Get attributes which should be added
for ($i=0; $i<count($attr_names); $i++) {
for ($j=0; $j<count($orig[$attr_names[$i]]); $j++) {
if (is_array($attributes[$attr_names[$i]])) {
if (!in_array($orig[$attr_names[$i]][$j], $attributes[$attr_names[$i]]))
if ($orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($orig[$attr_names[$i]][$j]);
}
else if ($orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($orig[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($attributes[$attr_names[$i]]); $j++) {
if (is_array($orig[$attr_names[$i]])) {
if (!in_array($attributes[$attr_names[$i]][$j], $orig[$attr_names[$i]]))
if ($attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($attributes[$attr_names[$i]][$j]);
}
else if ($attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($attributes[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($attributes[$attr_names[$i]]); $j++) {
if (is_array($orig[$attr_names[$i]]) && is_array($attributes[$attr_names[$i]])) {
if (($attributes[$attr_names[$i]][$j]==$orig[$attr_names[$i]][$j]) && $attributes[$attr_names[$i]][$j]!='')
$notchanged[$attr_names[$i]][] = utf8_encode($attributes[$attr_names[$i]][$j]);
}
}
}
// create modify wuth add and remove
if (is_array($toadd)) {
$attributes2 = array_keys($toadd);
for ($i=0; $i<count($attributes2); $i++) {
if (isset($torem[$attributes2[$i]])) {
// found modify entry
// Add unchanged attributes
if (isset($notchanged[$attributes2[$i]])) $tomodify[$attributes[$i]] = $notchanged[$attributes[$i]];
$tomodify[$attributes2[$i]] = array_merge_recursive($tomodify[$attributes2[$i]], $toadd[$attributes2[$i]]);
// unset attributes
if (isset($notchanged[$attributes2[$i]])) unset($notchanged[$attributes2[$i]]);
if (isset($toadd[$attributes2[$i]])) unset($toadd[$attributes2[$i]]);
if (isset($torem[$attributes2[$i]])) unset($torem[$attributes2[$i]]);
}
}
}
if (count($toadd)!=0) $return[$this->dn]['add'] = $toadd;
if (count($torem)!=0) $return[$this->dn]['remove'] = $torem;
if (count($tomodify)!=0) $return[$this->dn]['modify'] = $tomodify;
if (count($notchanged)!=0) $return[$this->dn]['notchanged'] = $notchanged;
return $return;
}
/* This function checks if all MUST-attribtues are set.
* If not it will return an array with all modules
* which have to be set first
@ -717,7 +844,7 @@ class accountContainer {
* for a new account
*/
function new_account() {
$modulelist = array('posixAccount', 'shadowAccount');
$modulelist = array('posixAccount', 'shadowAccount', 'sambaAccount');
// *** fixme add modules from config which should be used but not yet in loaded account
foreach ($modulelist as $objectClass) $this->add_objectClass($objectClass);
@ -760,6 +887,7 @@ class accountContainer {
$temp = $this->module[$singlemodule]->save_attributes();
// merge changes
$DNs = array_keys($temp);
// *** fixme don't include references
$attributes = array_merge_recursive($temp, $attributes);
for ($i=0; $i<count($DNs); $i++) {
$ops = array_keys($temp[$DNs[$i]]);
@ -770,6 +898,8 @@ class accountContainer {
}
}
}
print_r($attributes);
// Complete dn with uid or cn=
if ($this->type=='group') $search = 'cn';
else $search = 'uid';

168
lam/lib/modules/inetOrgPerson.inc
View File

@ -53,81 +53,14 @@ class inetOrgPerson {
if (!$base) trigger_error(_('Please create a base object with $var = new accountContainer();'), E_USER_ERROR);
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'inetOrgPerson\');'), E_USER_ERROR);
$this->base = $base;
// posixAccount is only a valid objectClass for user and host
// inetOrgPerson is only a valid objectClass for users
if ($_SESSION[$this->base]->get_type() != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING);
// Add account type to object
$line=-1;
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME 'inetOrgPerson'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), 'inetOrgPerson'), E_USER_WARNING);
// Add Array with all attributes and type
$this->attributes = $_SESSION[$this->base]->get_module_attributes('inetOrgPerson');
$_SESSION[$this->base]->add_attributes ('inetOrgPerson');
// create array with must-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad must
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad may
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// Get attributes of subclasses
while (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], "SUP ")) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'SUP ')+4);
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
// Add account type to object
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i;
}
// Return error if objectClass isn't found
// *** fixme, fix error message
if ($line==-1) trigger_error (_("objectClass objectClass required but not defined in ldap."), E_USER_WARNING);
// create array with must-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad must
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad may
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
}
$this->orig = $this->attributes ;
$this->attributes['objectClass'][0] = 'inetOrgPerson';
// unset userPassword because we handle it separat.
if (isset($this->attributes['userPassword'])) unset($this->attributes['userPassword']);
$this->alias = _('inetOrgPerson');
// Add attributes which should be cached
@ -150,10 +83,10 @@ class inetOrgPerson {
* to compare it with new changed attributes
*/
var $orig;
/* $attribute['password'] can't accessed directly because it's enrcypted
/* $attribute['userPassword'] can't accessed directly because it's enrcypted
* To read / write password function userPassword is needed
*/
/* This function will return the unencrypted password when
* This function will return the unencrypted password when
* called without a variable
* If it's called with a new password, the
* new password will be stored encrypted
@ -167,12 +100,15 @@ class inetOrgPerson {
return 0;
}
else {
// Read existing password if set
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['userPassword'][0]), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
return $password;
if ($this->attributes['userPassword'][0]!='') {
// Read existing password if set
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->attributes['userPassword'][0]), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
return $password;
}
else return '';
}
}
@ -182,6 +118,10 @@ class inetOrgPerson {
return array('main');
}
function module_ready() {
return true;
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
@ -189,7 +129,7 @@ class inetOrgPerson {
if (($this->attributes['uid'][0] != $post['form_inetOrgPerson_uid']) && ereg('[A-Z]$', $post['form_inetOrgPerson_uid']))
$errors[] = array('WARN', _('Username'), _('You are using a capital letters. This can cause problems because windows isn\'t case-sensitive.'));
$this->attributes['uid'][0] = $post['form_inetOrgPerson_uid'];
$this->attributes['cn'][0] &= $this->attributes['uid'][0];
$this->attributes['cn'][0] = $this->attributes['uid'][0];
$this->attributes['description'][0] = $post['form_inetOrgPerson_description'];
$this->attributes['sn'][0] = $post['form_inetOrgPerson_sn'];
$this->attributes['givenName'][0] = $post['form_inetOrgPerson_givenName'];
@ -203,6 +143,16 @@ class inetOrgPerson {
$this->attributes['postalAddress'][0] = $post['form_inetOrgPerson_postalAddress'];
$this->attributes['employeeType'][0] = $post['form_inetOrgPerson_employeeType'];
if (isset($this->attributes['host'])) {
$host = $post['form_inetOrgPerson_host'];
if ((!$host=='') && !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-])+(([,])+([ ])*([a-z]|[A-Z]|[0-9]|[.]|[-])+)*$', $host))
$errors[] = array('ERROR', _('Unix workstations'), _('Unix workstations is invalid.'));
$hosts = explode(" ", $host);
$this->attributes['host'] = array();
foreach ($hosts as $host)
if ($host!="") $this->attributes['host'][] = $host;
}
if ($post['form_inetOrgPerson_userPassword_no']) $this->userPassword_no=true;
else $this->userPassword_no=false;
if ($post['form_inetOrgPerson_userPassword_lock']) $this->userPassword_lock=true;
@ -315,53 +265,7 @@ class inetOrgPerson {
* remove are attributes which have to be removed from ldap entry
*/
function save_attributes() {
// Get list of all "easy" attributes
$attr_names = array_keys($this->attributes);
// Get attributes which should be added
for ($i=0; $i<count($attr_names); $i++) {
for ($j=0; $j<count($this->orig[$attr_names[$i]]); $j++) {
if (is_array($this->attributes[$attr_names[$i]])) {
if (!in_array($this->orig[$attr_names[$i]][$j], $this->attributes[$attr_names[$i]]))
if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($this->orig[$attr_names[$i]][$j]);
}
else if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($this->orig[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
if (is_array($this->orig[$attr_names[$i]])) {
if (!in_array($this->attributes[$attr_names[$i]][$j], $this->orig[$attr_names[$i]]))
if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
else if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
if (is_array($this->orig[$attr_names[$i]]) && is_array($this->attributes[$attr_names[$i]])) {
if (($this->attributes[$attr_names[$i]][$j]==$this->orig[$attr_names[$i]][$j]) && $this->attributes[$attr_names[$i]][$j]!='')
$notchanged[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
}
}
// create modify wuth add and remove
if (is_array($toadd)) {
$attributes = array_keys($toadd);
for ($i=0; $i<count($attributes); $i++) {
if (isset($torem[$attributes[$i]])) {
// found modify entry
// Add unchanged attributes
if (isset($notchanged[$attributes[$i]])) $tomodify[$attributes[$i]] = $notchanged[$attributes[$i]];
$tomodify[$attributes[$i]] = array_merge_recursive($tomodify[$attributes[$i]], $toadd[$attributes[$i]]);
// unset attributes
if (isset($notchanged[$attributes[$i]])) unset($notchanged[$attributes[$i]]);
if (isset($toadd[$attributes[$i]])) unset($toadd[$attributes[$i]]);
if (isset($torem[$attributes[$i]])) unset($torem[$attributes[$i]]);
}
}
}
if (count($toadd)!=0) $return[$_SESSION[$this->base]->dn]['add'] = $toadd;
if (count($torem)!=0) $return[$_SESSION[$this->base]->dn]['remove'] = $torem;
if (count($tomodify)!=0) $return[$_SESSION[$this->base]->dn]['modify'] = $tomodify;
if (count($notchanged)!=0) $return[$_SESSION[$this->base]->dn]['notchanged'] = $notchanged;
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// Set unix password
if (count($this->orig['userPassword'])==0) {
// New user or no old password set
@ -448,6 +352,16 @@ class inetOrgPerson {
echo "></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=426\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
if (isset($this->attributes['host'])) {
echo "<tr>\n";
echo "<td>" . _('Unix workstations') . "</td>\n";
echo "<td><input name=\"form_inetOrgPerson_host\" type=\"text\" size=\"20\" maxlength=\"80\" value=\"";
if (is_array($this->attributes['host']))
foreach ($this->attributes['host'] as $host) echo $host." ";
echo "\"></td>\n";
echo "<td><a href=\"../help.php?HelpNumber=466\" target=\"lamhelp\">" . _('Help') . "</a></td>\n";
echo "</tr>\n";
}
echo "<tr>\n";
echo "<td>" . _('Title') . "</td>\n";
echo "<td><input name=\"form_inetOrgPerson_title\" type=\"text\" size=\"10\" maxlength=\"10\" value=\"".$this->attributes['title'][0]."\"></td>\n";

139
lam/lib/modules/posixAccount.inc
View File

@ -62,82 +62,16 @@ class posixAccount {
if (!is_string($base)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'posixAccount\');'), E_USER_ERROR);
$this->base = $base;
// posixAccount is only a valid objectClass for user and host
if (!($_SESSION[$this->base]->get_type() == 'user' || $_SESSION[$this->base]->get_type() != 'host')) trigger_error(_('posixAccount can only be used for users or hosts.'), E_USER_WARNING);
if (!($_SESSION[$this->base]->get_type() == 'user') && !($_SESSION[$this->base]->get_type() != 'host')) trigger_error(_('posixAccount can only be used for users or hosts.'), E_USER_WARNING);
/* Check if ldap conatiner is in array and set type
* users are using inetOrgPerson-, hosts account-container
*/
if (!isset($_SESSION[$this->base]->module['inetOrgPerson']) && $_SESSION[$this->base]->type=='user') $_SESSION[$this->base]->add_objectClass('inetOrgPerson');
if (!isset($_SESSION[$this->base]->module['account']) && $_SESSION[$this->base]->type=='host') $_SESSION[$this->base]->add_objectClass('account');
// Add account type to object
$line=-1;
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME 'posixAccount'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), 'posixAccount'), E_USER_WARNING);
// Add Array with all attributes and type
$this->attributes = $_SESSION[$this->base]->get_module_attributes('posixAccount');
$_SESSION[$this->base]->add_attributes ('posixAccount');
// create array with must-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad must
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad may
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// Get attributes of subclasses
while (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], "SUP ")) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'SUP ')+4);
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
// Add account type to object
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i;
}
// Return error if objectClass isn't found
// *** fixme, fix error message
if ($line==-1) trigger_error (_("objectClass objectClass required but not defined in ldap."), E_USER_WARNING);
// create array with must-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad must
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad may
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
}
$this->alias = _('posixAccount');
// Add attributes which should be cached
$_SESSION[$_SESSION[$this->base]->cache]->add_cache(array ('user' => array('cn', 'uid', 'uidNumber'), 'host' => array('cn', 'uid', 'uidNumber'), 'group' => array('cn', 'memberUid')));
@ -185,6 +119,10 @@ class posixAccount {
return -1;
}
function module_ready() {
return true;
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
@ -315,8 +253,8 @@ class posixAccount {
}
}
// Values are kept as copy so we can compare old attributes with new attributes
$this->orig = $this->attributes;
$this->attributes['objectClass'][0] = 'posixAccount';
$this->orig = $this->attributes;
// get all additional groupmemberships
$dn_groups = $_SESSION[$_SESSION[$this->base]->cache]->get_cache('memberUid', 'posixGroup', 'group');
$DNs = array_keys($dn_groups);
@ -339,52 +277,7 @@ class posixAccount {
* modify are attributes which have to been modified in ldap entry
*/
function save_attributes() {
// Get list of all "easy" attributes
$attr_names = array_keys($this->attributes);
// Get attributes which should be added
for ($i=0; $i<count($attr_names); $i++) {
for ($j=0; $j<count($this->orig[$attr_names[$i]]); $j++) {
if (is_array($this->attributes[$attr_names[$i]])) {
if (!in_array($this->orig[$attr_names[$i]][$j], $this->attributes[$attr_names[$i]]))
if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($this->orig[$attr_names[$i]][$j]);
}
else if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($this->orig[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
if (is_array($this->orig[$attr_names[$i]])) {
if (!in_array($this->attributes[$attr_names[$i]][$j], $this->orig[$attr_names[$i]]))
if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
else if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
if (is_array($this->orig[$attr_names[$i]]) && is_array($this->attributes[$attr_names[$i]])) {
if (($this->attributes[$attr_names[$i]][$j]==$this->orig[$attr_names[$i]][$j]) && $this->attributes[$attr_names[$i]][$j]!='')
$notchanged[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
}
}
// create modify wuth add and remove
if (is_array($toadd)) {
$attributes = array_keys($toadd);
for ($i=0; $i<count($attributes); $i++) {
if (isset($torem[$attributes[$i]])) {
// found modify entry
// Add unchanged attributes
if (isset($notchanged[$attributes[$i]])) $tomodify[$attributes[$i]] = $notchanged[$attributes[$i]];
$tomodify[$attributes[$i]] = array_merge_recursive($tomodify[$attributes[$i]], $toadd[$attributes[$i]]);
// unset attributes
if (isset($notchanged[$attributes[$i]])) unset($notchanged[$attributes[$i]]);
if (isset($toadd[$attributes[$i]])) unset($toadd[$attributes[$i]]);
if (isset($torem[$attributes[$i]])) unset($torem[$attributes[$i]]);
}
}
}
if (count($toadd)!=0) $return[$_SESSION[$this->base]->dn]['add'] = $toadd;
if (count($torem)!=0) $return[$_SESSION[$this->base]->dn]['remove'] = $torem;
if (count($tomodify)!=0) $return[$_SESSION[$this->base]->dn]['modify'] = $tomodify;
if (count($notchanged)!=0) $return[$_SESSION[$this->base]->dn]['notchanged'] = $notchanged;
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// Remove primary group from additional groups
for ($i=0; $i<count($this->groups); $i++) {
@ -512,15 +405,15 @@ class posixAccount {
$groups = array_flip($groups);
echo "<table border=0 width=\"100%\">\n<tr>\n";
echo "<td><fieldset class=\"useredit-bright\">";
echo "<legend class=\"useredit-bright\"><b>" . _("Additional groups") . "</b></legend>\n";
echo "<td><fieldset class=\"".$_SESSION[$this->base]->type."edit-bright\">";
echo "<legend class=\"".$_SESSION[$this->base]->type."edit-bright\"><b>" . _("Additional groups") . "</b></legend>\n";
echo "<table border=0 width=\"100%\">\n<tr>\n";
echo "<td valign=\"top\">";
echo "<fieldset class=\"useredit-bright\">";
echo "<legend class=\"useredit-bright\">" . _("Selected groups") . "</legend>\n";
echo "<fieldset class=\"".$_SESSION[$this->base]->type."edit-bright\">";
echo "<legend class=\"".$_SESSION[$this->base]->type."edit-bright\">" . _("Selected groups") . "</legend>\n";
// Show all groups the user is additional member of
if (count($this->groups)!=0) {
echo "<select name=\"form_posixAccount_removegroups[]\" class=\"useredit-bright\" size=15 multiple>\n";
echo "<select name=\"form_posixAccount_removegroups[]\" class=\"".$_SESSION[$this->base]->type."edit-bright\" size=15 multiple>\n";
for ($i=0; $i<count($this->groups); $i++)
if ($this->groups[$i]!='') echo "<option> $this->groups[$i] </option>\n";
echo "</select>\n";
@ -531,11 +424,11 @@ class posixAccount {
echo "<input type=\"submit\" name=\"form_posixAccount_removegroups_button\" value=\"=>\"><br><br>";
echo "<a href=\""."../help.php?HelpNumber=402\" target=\"lamhelp\">"._('Help')."</a></td>\n";
echo "<td valign=\"top\">\n";
echo "<fieldset class=\"useredit-bright\">";
echo "<legend class=\"useredit-bright\">" . _('Available groups') . "</legend>\n";
echo "<fieldset class=\"".$_SESSION[$this->base]->type."edit-bright\">";
echo "<legend class=\"".$_SESSION[$this->base]->type."edit-bright\">" . _('Available groups') . "</legend>\n";
// show all groups expect these the user is member of
if (count($groups)!=0) {
echo "<select name=\"form_posixAccount_addgroups[]\" size=15 multiple class=\"useredit-bright\">\n";
echo "<select name=\"form_posixAccount_addgroups[]\" size=15 multiple class=\"".$_SESSION[$this->base]->type."edit-bright\">\n";
for ($i=0; $i<count($groups); $i++)
if ($groups[$i]!='') echo "<option> $groups[$i] </option>\n";
echo "</select>\n";

130
lam/lib/modules/shadowAccount.inc
View File

@ -63,80 +63,9 @@ class shadowAccount {
$this->base = $base;
// shadowAccount is only a valid objectClass for user and host
if (!($_SESSION[$this->base]->get_type() == 'user')) trigger_error(_('shadowAccount can only be used for users.'), E_USER_WARNING);
/* Check if ldap conatiner is in array and set type
* users are using inetOrgPerson-, hosts account-container
*/
if (!isset($_SESSION[$this->base]->module['inetOrgPerson'])) $_SESSION[$this->base]->add_objectClass('inetOrgPerson');
// Add account type to object
$line=-1;
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME 'shadowAccount'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (sprintf(_("ObjectClass %s required but not defined in ldap."), 'shadowAccount'), E_USER_WARNING);
// Add Array with all attributes and type
$this->attributes = $_SESSION[$this->base]->get_module_attributes('shadowAccount');
$_SESSION[$this->base]->add_attributes ('shadowAccount');
// create array with must-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad must
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad may
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// Get attributes of subclasses
while (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], "SUP ")) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'SUP ')+4);
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
// Add account type to object
for ($i=0; $i<count($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses) || $i==-1; $i++) {
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$i], "NAME '$subclass'")) $line = $i;
}
// Return error if objectClass isn't found
// *** fixme, fix error message
if ($line==-1) trigger_error (_("objectClass objectClass required but not defined in ldap."), E_USER_WARNING);
// create array with must-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad must
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], strpos($_SESSION[$_SESSION[$this->base]->ldap]->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad may
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
}
$this->alias = _('shadowAccount');
// Make references to attributes which already esists in ldap
$newattributes = array_keys($this->attributes);
@ -169,6 +98,10 @@ class shadowAccount {
return array('inetOrgPerson');
}
function module_ready() {
return true;
}
/* Write variables into object and do some regexp checks
*/
function proccess_attributes($post) {
@ -177,8 +110,8 @@ class shadowAccount {
$this->attributes['shadowMax'][0] = $post['form_shadowAccount_shadowMax'];
$this->attributes['shadowWarning'][0] = $post['form_shadowAccount_shadowWarning'];
$this->attributes['shadowInactive'][0] = $post['form_shadowAccount_shadowInactive'];
$this->attributes['shadowWarning'][0] = mtime(10, 0, 0, $post['form_shadowAccount_shadowExpire_mon'],
$post['form_shadowAccount_shadowExpire_day'], $post['form_shadowAccount_shadowExpire_yea']);
$this->attributes['shadowExpire'][0] = mktime(10, 0, 0, $post['form_shadowAccount_shadowExpire_mon'],
$post['form_shadowAccount_shadowExpire_day'], $post['form_shadowAccount_shadowExpire_yea'])/3600/24;
if ( !ereg('^([0-9])*$', $this->attributes['shadowMin'][0])) $errors[] = array('ERROR', _('Password minage'), _('Password minage must be are natural number.'));
if ( $this->attributes['shadowMin'][0] > $this->attributes['shadowMax'][0] ) $errors[] = array('ERROR', _('Password maxage'), _('Password maxage must bigger as Password Minage.'));
@ -212,8 +145,8 @@ class shadowAccount {
}
}
// Values are kept as copy so we can compare old attributes with new attributes
$this->orig = $this->attributes;
$this->attributes['objectClass'][0] = 'shadowAccount';
$this->orig = $this->attributes;
}
@ -226,52 +159,7 @@ class shadowAccount {
* modify are attributes which have to been modified in ldap entry
*/
function save_attributes() {
// Get list of all "easy" attributes
$attr_names = array_keys($this->attributes);
// Get attributes which should be added
for ($i=0; $i<count($attr_names); $i++) {
for ($j=0; $j<count($this->orig[$attr_names[$i]]); $j++) {
if (is_array($this->attributes[$attr_names[$i]])) {
if (!in_array($this->orig[$attr_names[$i]][$j], $this->attributes[$attr_names[$i]]))
if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] =utf8_encode($this->orig[$attr_names[$i]][$j]);
}
else if ($this->orig[$attr_names[$i]][$j]!='') $torem[$attr_names[$i]][] = utf8_encode($this->orig[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
if (is_array($this->orig[$attr_names[$i]])) {
if (!in_array($this->attributes[$attr_names[$i]][$j], $this->orig[$attr_names[$i]]))
if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
else if ($this->attributes[$attr_names[$i]][$j]!='') $toadd[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
for ($j=0; $j<count($this->attributes[$attr_names[$i]]); $j++) {
if (is_array($this->orig[$attr_names[$i]]) && is_array($this->attributes[$attr_names[$i]])) {
if (($this->attributes[$attr_names[$i]][$j]==$this->orig[$attr_names[$i]][$j]) && $this->attributes[$attr_names[$i]][$j]!='')
$notchanged[$attr_names[$i]][] = utf8_encode($this->attributes[$attr_names[$i]][$j]);
}
}
}
// create modify wuth add and remove
if (is_array($toadd)) {
$attributes = array_keys($toadd);
for ($i=0; $i<count($attributes); $i++) {
if (isset($torem[$attributes[$i]])) {
// found modify entry
// Add unchanged attributes
if (isset($notchanged[$attributes[$i]])) $tomodify[$attributes[$i]] = $notchanged[$attributes[$i]];
$tomodify[$attributes[$i]] = array_merge_recursive($tomodify[$attributes[$i]], $toadd[$attributes[$i]]);
// unset attributes
if (isset($notchanged[$attributes[$i]])) unset($notchanged[$attributes[$i]]);
if (isset($toadd[$attributes[$i]])) unset($toadd[$attributes[$i]]);
if (isset($torem[$attributes[$i]])) unset($torem[$attributes[$i]]);
}
}
}
if (count($toadd)!=0) $return[$_SESSION[$this->base]->dn]['add'] = $toadd;
if (count($torem)!=0) $return[$_SESSION[$this->base]->dn]['remove'] = $torem;
if (count($tomodify)!=0) $return[$_SESSION[$this->base]->dn]['modify'] = $tomodify;
if (count($notchanged)!=0) $return[$_SESSION[$this->base]->dn]['notchanged'] = $notchanged;
$return = $_SESSION[$this->base]->save_module_attributes($this->attributes, $this->orig);
// Set shadowLastchange manual.
if ($_SESSION[$this->base]->module['inetOrgPerson']->userPassword()!='' || $_SESSION[$this->base]->module['inetOrgPerson']->userPassword_no)