WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

enhanced wildcards for custom scripts

This commit is contained in:
Roland Gruber 2011-02-26 13:14:10 +00:00
parent 8fa551882b
commit 519f2cea20
25 changed files with 217 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lam/HISTORY
View File

@ -7,6 +7,7 @@ April 2011 3.4.0
- LAM Pro:
-> support automount entries
-> Zarafa groups: allow combination with group of names
-> enhanced wildcards for custom scripts
- fixed bugs:
-> renaming of default profile (3183920)

10
lam/docs/devel/upgrade.htm
View File

@ -12,6 +12,7 @@
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-15"><title>Upgrade notes</title>
@ -28,7 +29,14 @@ This is a list of API changes for all LAM releases.
<br>
<h2>3.2.0 -&gt; 3.3.0</h2>The cache class was removed. Please use local caching and the functions searchLDAP... instead of get_cache().<br>
<h2>3.3.0 -&gt; 3.4.0</h2>Module interface:<br>
<ul>
<li><span style="font-weight: bold;">save_attributes():</span> can now contain a return value 'info' =&gt; array() with values for pre/postModify actions</li>
<li><span style="font-weight: bold;">checkSelfServiceOptions():</span> can now contain a return value 'info' =&gt; array() with values for pre/postModify actions</li>
</ul>
<br>
<h2>3.2.0 -&gt; 3.3.0</h2>
The cache class was removed. Please use local caching and the functions searchLDAP... instead of get_cache().<br>
The return values for baseModule::pre/postDeleteActions() were changed to an array of StatusMessage parameters.
<br>CSS class TYPElist-sort removed without replacement.<br>
<br>

38
lam/docs/manual-sources/howto.xml
View File

@ -2592,6 +2592,44 @@ Have fun!
the attribute "uid" and value "steve" then LAM will resolve "$uid$" to
"steve".</para>
<para>You can switch LAM's logging to debug mode if you are unsure which
attributes with which values are available.</para>
<para>The following special wildcards are available:</para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">$INFO.userPasswordClearText$:</emphasis>
cleartext password when Unix password is changed (e.g. useful for
external password synchronisation) for new/modified accounts</para>
</listitem>
<listitem>
<para><emphasis
role="bold">$INFO.userPasswordStatusChange$:</emphasis> provides
additional information if the password locking status was changed,
possible values: locked, unlocked, unchanged</para>
</listitem>
<listitem>
<para><emphasis role="bold">$NEW.&lt;attribute&gt;$:</emphasis> the
value of a new attribute (e.g. $NEW.telephoneNumber$) for modified
accounts</para>
</listitem>
<listitem>
<para><emphasis role="bold">$DEL.&lt;attribute&gt;$:</emphasis> the
value of a deleted attribute (e.g. $DEL.telephoneNumber$) for
modified accounts</para>
</listitem>
<listitem>
<para><emphasis role="bold">$MOD.&lt;attribute&gt;$:</emphasis> the
new value of a modified attribute (e.g. $MOD.telephoneNumber$) for
modified accounts</para>
</listitem>
</itemizedlist>
<para><emphasis role="bold">Output may contain HTML:</emphasis> If your
scripts generate HTML output then activate this option.</para>

11
lam/lib/baseModule.inc
View File

@ -1019,6 +1019,7 @@ abstract class baseModule {
* <br><b>"remove"</b> are attributes which have to be removed from the LDAP entry
* <br><b>"modify"</b> are attributes which have to be modified in the LDAP entry
* <br><b>"notchanged"</b> are attributes which stay unchanged
* <br><b>"info"</b> values with informational value (e.g. to be used later by pre/postModify actions)
* <br>
* <br>This builds the required comands from $this-attributes and $this->orig.
*
@ -1240,15 +1241,21 @@ abstract class baseModule {
/**
* Checks if all input values are correct and returns the LDAP attributes which should be changed.
* <br>Return values:
* <br>messages: array of parameters to create status messages
* <br>add: array of attributes to add
* <br>del: array of attributes to remove
* <br>mod: array of attributes to modify
* <br>info: array of values with informational value (e.g. to be used later by pre/postModify actions)
*
* Calling this method does not require the existence of an enclosing {@link accountContainer}.
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array()))
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
public function checkSelfServiceOptions($fields, $attributes) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array());
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
return $return;
}

32
lam/lib/modules.inc
View File

@ -1623,6 +1623,7 @@ class accountContainer {
* @return array an array which can be passed to $this->saveAccount()
*/
function save_module_attributes($attributes, $orig) {
$return = array();
$toadd = array();
$tomodify = array();
$torem = array();
@ -1924,22 +1925,39 @@ class accountContainer {
$this->finalDN = $this->dn_orig;
}
// pre modify actions
$currentAccountAttributes = array();
$prePostModifyAttributes = array();
if (isset($attributes[$this->finalDN]) && is_array($attributes[$this->finalDN])) {
if (isset($attributes[$this->finalDN]['notchanged'])) {
$currentAccountAttributes = array_merge($currentAccountAttributes, $attributes[$this->finalDN]['notchanged']);
$prePostModifyAttributes = array_merge($prePostModifyAttributes, $attributes[$this->finalDN]['notchanged']);
}
if (isset($attributes[$this->finalDN]['modify'])) {
$currentAccountAttributes = array_merge($currentAccountAttributes, $attributes[$this->finalDN]['modify']);
$prePostModifyAttributes = array_merge($prePostModifyAttributes, $attributes[$this->finalDN]['modify']);
foreach ($attributes[$this->finalDN]['modify'] as $key => $value) {
$prePostModifyAttributes['MOD.' . $key] = $value;
}
}
if (isset($attributes[$this->finalDN]['add'])) {
$currentAccountAttributes = array_merge($currentAccountAttributes, $attributes[$this->finalDN]['add']);
$prePostModifyAttributes = array_merge($prePostModifyAttributes, $attributes[$this->finalDN]['add']);
foreach ($attributes[$this->finalDN]['add'] as $key => $value) {
$prePostModifyAttributes['NEW.' . $key] = $value;
}
}
$currentAccountAttributes['dn'][0] = $this->finalDN;
if (isset($attributes[$this->finalDN]['remove'])) {
foreach ($attributes[$this->finalDN]['remove'] as $key => $value) {
$prePostModifyAttributes['DEL.' . $key] = $value;
}
}
if (isset($attributes[$this->finalDN]['info'])) {
foreach ($attributes[$this->finalDN]['info'] as $key => $value) {
$prePostModifyAttributes['INFO.' . $key] = $value;
}
}
}
$prePostModifyAttributes['dn'][0] = $this->finalDN;
logNewMessage(LOG_DEBUG, 'Edit page pre/postModify attributes: ' . print_r($prePostModifyAttributes, true));
$preModifyOk = true;
foreach ($module as $singlemodule) {
$result = $this->module[$singlemodule]->preModifyActions($this->isNewAccount, $currentAccountAttributes);
$result = $this->module[$singlemodule]->preModifyActions($this->isNewAccount, $prePostModifyAttributes);
if (!$result) {
$preModifyOk = false;
break;
@ -2035,7 +2053,7 @@ class accountContainer {
if (!$stopprocessing) {
// post modify actions
foreach ($module as $singlemodule) {
$this->module[$singlemodule]->postModifyActions($this->isNewAccount, $currentAccountAttributes);
$this->module[$singlemodule]->postModifyActions($this->isNewAccount, $prePostModifyAttributes);
}
}
return $errors;

1
lam/lib/modules/account.inc
View File

@ -157,6 +157,7 @@ class account extends baseModule {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
// skip saving if account is based on another structural object class

15
lam/lib/modules/asteriskAccount.inc
View File

@ -313,6 +313,7 @@ class asteriskAccount extends baseModule implements passwordService {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
if (!in_array('AsteriskSIPUser', $this->attributes['objectClass'])) {
@ -458,14 +459,22 @@ class asteriskAccount extends baseModule implements passwordService {
}
/**
* Checks if all input values are correct and returns the LDAP commands which should be executed.
* Checks if all input values are correct and returns the LDAP attributes which should be changed.
* <br>Return values:
* <br>messages: array of parameters to create status messages
* <br>add: array of attributes to add
* <br>del: array of attributes to remove
* <br>mod: array of attributes to modify
* <br>info: array of values with informational value (e.g. to be used later by pre/postModify actions)
*
* Calling this method does not require the existence of an enclosing {@link accountContainer}.
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()))
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array());
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!in_array_ignore_case('AsteriskSIPUser', $attributes['objectClass'])) {
return $return;
}

17
lam/lib/modules/asteriskVoicemail.inc
View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2010 Pavel Pozdnyak
2010 Roland Gruber
2010 - 2011 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -523,6 +523,7 @@ class asteriskVoicemail extends baseModule implements passwordService {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
if (!in_array('AsteriskVoiceMail', $this->attributes['objectClass']) && !in_array('AsteriskVoiceMail', $this->orig['objectClass'])) {
@ -564,14 +565,22 @@ class asteriskVoicemail extends baseModule implements passwordService {
}
/**
* Checks if all input values are correct and returns the LDAP commands which should be executed.
* Checks if all input values are correct and returns the LDAP attributes which should be changed.
* <br>Return values:
* <br>messages: array of parameters to create status messages
* <br>add: array of attributes to add
* <br>del: array of attributes to remove
* <br>mod: array of attributes to modify
* <br>info: array of values with informational value (e.g. to be used later by pre/postModify actions)
*
* Calling this method does not require the existence of an enclosing {@link accountContainer}.
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()))
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array());
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!in_array_ignore_case('AsteriskVoiceMail', $attributes['objectClass'])) {
return $return;
}

18
lam/lib/modules/dhcp_settings.inc
View File

@ -294,13 +294,17 @@ By default, the nodes are configured as H-Nodes which fits for small networks. I
$this->messages['domainname'][5] = array('ERROR', _('Account %s:') . ' dhcp_settings_domainName', _('The domain name includes invalid characters. Valid characters are A-Z, a-z, 0-9, ".", "_","-".'));
}
/** This function returns an array with 4 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr), 'lamdaemon' => array(cmds)), DN2 .... )
* DN is the DN to change. It may be possible to change several DNs,
* e.g. create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* lamdaemon are lamdaemon commands to modify homedir, quotas, ...
/**
* Returns a list of modifications which have to be made to the LDAP account.
*
* @return array list of modifications
* <br>This function returns an array with 3 entries:
* <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid)
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
public function save_attributes() {
// remove dhcpSubnet object class if only the DHCP settings were changed

17
lam/lib/modules/fixed_ip.inc
View File

@ -418,13 +418,16 @@ class fixed_ip extends baseModule {
}
/**
* This function returns an array with 4 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr), 'lamdaemon' => array(cmds)), DN2 .... )
* DN is the DN to change. It may be possible to change several DNs,
* e.g. create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* lamdaemon are lamdaemon commands to modify homedir, quotas, ...
* Returns a list of modifications which have to be made to the LDAP account.
*
* @return array list of modifications
* <br>This function returns an array with 3 entries:
* <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid)
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
public function save_attributes() {

1
lam/lib/modules/hostObject.inc
View File

@ -114,6 +114,7 @@ class hostObject extends baseModule {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
if (!in_array('hostObject', $this->attributes['objectClass']) && !in_array('hostObject', $this->orig['objectClass'])) {

15
lam/lib/modules/inetOrgPerson.inc
View File

@ -697,6 +697,7 @@ class inetOrgPerson extends baseModule implements passwordService {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
// skip saving if account is based on another structural object class
@ -1662,14 +1663,22 @@ class inetOrgPerson extends baseModule implements passwordService {
}
/**
* Checks if all input values are correct and returns the LDAP commands which should be executed.
* Checks if all input values are correct and returns the LDAP attributes which should be changed.
* <br>Return values:
* <br>messages: array of parameters to create status messages
* <br>add: array of attributes to add
* <br>del: array of attributes to remove
* <br>mod: array of attributes to modify
* <br>info: array of values with informational value (e.g. to be used later by pre/postModify actions)
*
* Calling this method does not require the existence of an enclosing {@link accountContainer}.
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()))
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array());
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
$attributeNames = array(); // list of attributes which should be checked for modification
$attributesNew = $attributes;
// first name

15
lam/lib/modules/kolabUser.inc
View File

@ -606,6 +606,7 @@ class kolabUser extends baseModule {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
if (!in_array('kolabInetOrgPerson', $this->attributes['objectClass']) && !in_array('kolabInetOrgPerson', $this->orig['objectClass'])) {
@ -909,14 +910,22 @@ class kolabUser extends baseModule {
}
/**
* Checks if all input values are correct and returns the LDAP commands which should be executed.
* Checks if all input values are correct and returns the LDAP attributes which should be changed.
* <br>Return values:
* <br>messages: array of parameters to create status messages
* <br>add: array of attributes to add
* <br>del: array of attributes to remove
* <br>mod: array of attributes to modify
* <br>info: array of values with informational value (e.g. to be used later by pre/postModify actions)
*
* Calling this method does not require the existence of an enclosing {@link accountContainer}.
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()))
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array());
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!in_array_ignore_case('kolabInetOrgPerson', $attributes['objectClass'])) {
return $return;
}

1
lam/lib/modules/nisMailAlias.inc
View File

@ -119,6 +119,7 @@ class nisMailAlias extends baseModule {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
// skip saving if account is based on another structural object class

1
lam/lib/modules/nisnetgroup.inc
View File

@ -154,6 +154,7 @@ class nisnetgroup extends baseModule {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
$return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig);

1
lam/lib/modules/phpGroupwareGroup.inc
View File

@ -133,6 +133,7 @@ class phpGroupwareGroup extends baseModule {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
public function save_attributes() {
if (!in_array('phpgwGroup', $this->attributes['objectClass'])) {

1
lam/lib/modules/phpGroupwareUser.inc
View File

@ -309,6 +309,7 @@ class phpGroupwareUser extends baseModule implements passwordService {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
if (!in_array('phpgwAccount', $this->attributes['objectClass'])) {

30
lam/lib/modules/posixAccount.inc
View File

@ -474,9 +474,24 @@ class posixAccount extends baseModule implements passwordService {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
$return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig);
// add information about clear text password and password status change
$return[$this->getAccountContainer()->dn]['info']['userPasswordClearText'][0] = $this->clearTextPassword;
if (isset($this->orig['userPassword'][0]) && isset($this->attributes['userPassword'][0])) {
if ((pwd_is_enabled($this->orig['userPassword'][0]) && pwd_is_enabled($this->attributes['userPassword'][0]))
|| (!pwd_is_enabled($this->orig['userPassword'][0]) && !pwd_is_enabled($this->attributes['userPassword'][0]))) {
$return[$this->getAccountContainer()->dn]['info']['userPasswordStatusChange'][0] = 'unchanged';
}
elseif (pwd_is_enabled($this->orig['userPassword'][0])) {
$return[$this->getAccountContainer()->dn]['info']['userPasswordStatusChange'][0] = 'locked';
}
else {
$return[$this->getAccountContainer()->dn]['info']['userPasswordStatusChange'][0] = 'unlocked';
}
}
// Remove primary group from additional groups
if (!isset($this->moduleSettings['posixAccount_primaryGroupAsSecondary'][0])
|| ($this->moduleSettings['posixAccount_primaryGroupAsSecondary'][0] != 'true')) {
@ -1694,14 +1709,22 @@ class posixAccount extends baseModule implements passwordService {
}
/**
* Checks if all input values are correct and returns the LDAP commands which should be executed.
* Checks if all input values are correct and returns the LDAP attributes which should be changed.
* <br>Return values:
* <br>messages: array of parameters to create status messages
* <br>add: array of attributes to add
* <br>del: array of attributes to remove
* <br>mod: array of attributes to modify
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*
* Calling this method does not require the existence of an enclosing {@link accountContainer}.
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()))
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array());
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (in_array('password', $fields)) {
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {
if ($_POST['posixAccount_password'] != $_POST['posixAccount_password2']) {
@ -1715,6 +1738,7 @@ class posixAccount extends baseModule implements passwordService {
$pwdPolicyResult = checkPasswordStrength($_POST['posixAccount_password']);
if ($pwdPolicyResult === true) {
$return['mod']['userPassword'][0] = pwd_hash($_POST['posixAccount_password'], true, $this->selfServiceSettings->moduleSettings['posixAccount_pwdHash'][0]);
$return['info']['userPasswordClearText'][0] = $_POST['posixAccount_password'];
if (isset($attributes['shadowLastChange'][0])) {
$return['mod']['shadowLastChange'][0] = intval(time()/3600/24);
}

1
lam/lib/modules/posixGroup.inc
View File

@ -680,6 +680,7 @@ class posixGroup extends baseModule implements passwordService {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
// skip saving if account is based on another structural object class

17
lam/lib/modules/range.inc
View File

@ -451,13 +451,16 @@ class range extends baseModule {
}
/**
* This function returns an array with 4 entries:
* array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr), 'lamdaemon' => array(cmds)), DN2 .... )
* DN is the DN to change. It may be possible to change several DNs,
* e.g. create a new user and add him to some groups via attribute memberUid
* add are attributes which have to be added to ldap entry
* remove are attributes which have to be removed from ldap entry
* lamdaemon are lamdaemon commands to modify homedir, quotas, ...
* Returns a list of modifications which have to be made to the LDAP account.
*
* @return array list of modifications
* <br>This function returns an array with 3 entries:
* <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid)
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
public function save_attributes() {
$return = array();

1
lam/lib/modules/sambaGroupMapping.inc
View File

@ -538,6 +538,7 @@ class sambaGroupMapping extends baseModule {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
if (!in_array('sambaGroupMapping', $this->attributes['objectClass'])) {

15
lam/lib/modules/sambaSamAccount.inc
View File

@ -659,6 +659,7 @@ class sambaSamAccount extends baseModule implements passwordService {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
if (!in_array('sambaSamAccount', $this->attributes['objectClass']) && !in_array('sambaSamAccount', $this->orig['objectClass'])) {
@ -2051,14 +2052,22 @@ class sambaSamAccount extends baseModule implements passwordService {
}
/**
* Checks if all input values are correct and returns the LDAP commands which should be executed.
* Checks if all input values are correct and returns the LDAP attributes which should be changed.
* <br>Return values:
* <br>messages: array of parameters to create status messages
* <br>add: array of attributes to add
* <br>del: array of attributes to remove
* <br>mod: array of attributes to modify
* <br>info: array of values with informational value (e.g. to be used later by pre/postModify actions)
*
* Calling this method does not require the existence of an enclosing {@link accountContainer}.
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()))
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array());
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!in_array_ignore_case('sambaSamAccount', $attributes['objectClass'])) {
return $return;
}

1
lam/lib/modules/shadowAccount.inc
View File

@ -239,6 +239,7 @@ class shadowAccount extends baseModule implements passwordService {
* <br>"add" are attributes which have to be added to LDAP entry
* <br>"remove" are attributes which have to be removed from LDAP entry
* <br>"modify" are attributes which have to been modified in LDAP entry
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/
function save_attributes() {
if (!in_array('shadowAccount', $this->attributes['objectClass']) && !in_array('shadowAccount', $this->orig['objectClass'])) {

3
lam/lib/selfService.inc
View File

@ -114,7 +114,7 @@ function getSelfServiceOptions($scope, $fields, $attributes) {
* @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()))
*/
function checkSelfServiceOptions($scope, $fields, $attributes) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array());
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
$modules = getAvailableModules($scope);
for ($i = 0; $i < sizeof($modules); $i++) {
if (!isset($fields[$modules[$i]])) continue;
@ -124,6 +124,7 @@ function checkSelfServiceOptions($scope, $fields, $attributes) {
if (sizeof($result['add']) > 0) $return['add'] = array_merge($result['add'], $return['add']);
if (sizeof($result['del']) > 0) $return['del'] = array_merge($result['del'], $return['del']);
if (sizeof($result['mod']) > 0) $return['mod'] = array_merge($result['mod'], $return['mod']);
if (sizeof($result['info']) > 0) $return['info'] = array_merge($result['info'], $return['info']);
}
return $return;
}

4
lam/templates/delete.php
View File

@ -4,7 +4,7 @@
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz
Copyright (C) 2007 - 2010 Roland Gruber
Copyright (C) 2007 - 2011 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -218,7 +218,7 @@ if (isset($_POST['delete'])) {
$allOk = false;
}
}
// removce attributes
// remove attributes
if (isset($attributes[$DNs[$i]]['remove']) && !$stopprocessing) {
$success = @ldap_mod_del($_SESSION['ldap']->server(), $DNs[$i], $attributes[$DNs[$i]]['remove']);
if (!$success) {