added tree view

lam/HISTORY

@@ -12,7 +12,8 @@
   - new plugin for managing MAC addresses (RFE 926017)
   - new plugin for managing NIS mail aliases (RFE 1050036)
   - new plugin for managing mail routing with inetLocalMailRecipient (RFE 1092137)
-  - added schema browser
+  - schema browser
+  - tree view
 
 
 26.01.2005 0.4.8

lam/help/help.inc

@@ -63,6 +63,12 @@ $helpArray = array (
 						_("Examples").
 						":</b><br><br>".
 						_("ou=People,dc=yourcompany,dc=com will read and store all accounts in this subtree.")),
+				"203" => array ("ext" => "FALSE", "Headline" => _("Configuration wizard") . " - " . _("Tree suffix"),
+					"Text" => _("This is the suffix for the LDAP tree viewer.") .
+						"<br><br><b>".
+						_("Example").
+						":</b><br><br>".
+						_("dc=yourcompany,dc=com")),
 				"206" => array ("ext" => "FALSE", "Headline" => _("Configuration wizard") . " - " . _("List attributes"),
 					"Text" => _("This is the list of attributes to show in the user/group/host list. The entries can either be predefined values, \"#attribute\", or individual ones, \"attribute:description\". Several entries are seperated by semicolons.") .
 						"<br><br><b>" .

lam/lib/config.inc

@@ -120,6 +120,9 @@ class Config {
 	/** LDAP suffix for Samba 3 domains */
 	var $domainsuffix;
 
+	/** LDAP suffix for tree view */
+	var $treesuffix;
+
 	/** Attributes that are shown in the user list */
 	var $userlistAttributes;
 	/** Attributes that are shown in the group list */
@@ -165,7 +168,7 @@ class Config {
 	var $file;
 
 	/** List of all settings in config file */
-	var $settings = array("ServerURL", "Passwd", "Admins", "usersuffix", "groupsuffix", "hostsuffix",
+	var $settings = array("ServerURL", "Passwd", "Admins", "usersuffix", "groupsuffix", "hostsuffix", "treesuffix",
 		"domainsuffix", "userlistAttributes", "grouplistAttributes", "hostlistAttributes", "maxlistentries",
 		"defaultLanguage", "scriptPath", "scriptServer", "cachetimeout",
 		"usermodules", "groupmodules", "hostmodules", "modules");
@@ -288,10 +291,12 @@ class Config {
 								"# e.g. ou=People,dc=yourdomain,dc=org\n" . "usersuffix: " . $this->usersuffix . "\n");
 			if (!in_array("groupsuffix", $saved)) array_push($file_array, "\n\n# suffix of groups\n" .
 								"# e.g. ou=Groups,dc=yourdomain,dc=org\n" . "groupsuffix: " . $this->groupsuffix . "\n");
-			if (!in_array("hostsuffix", $saved)) array_push($file_array, "\n\n# suffix of Samba hosts\n" .
+			if (!in_array("hostsuffix", $saved)) array_push($file_array, "\n\n# suffix of hosts\n" .
 								"# e.g. ou=machines,dc=yourdomain,dc=org\n" . "hostsuffix: " . $this->hostsuffix . "\n");
 			if (!in_array("domainsuffix", $saved)) array_push($file_array, "\n\n# suffix of Samba 3 domains\n" .
 								"# e.g. ou=domains,dc=yourdomain,dc=org\n" . "domainsuffix: " . $this->domainsuffix . "\n");
+			if (!in_array("treesuffix", $saved)) array_push($file_array, "\n\n# suffix of tree view\n" .
+								"# e.g. dc=yourdomain,dc=org\n" . "treesuffix: " . $this->treesuffix . "\n");
 			if (!in_array("userlistAttributes", $saved)) array_push($file_array, "\n\n# list of attributes to show in user list\n# entries can either be predefined values (e.g. '#cn' or '#uid')" .
 								"\n# or individual ones (e.g. 'uid:User ID' or 'host:Host Name')\n# values have to be seperated by semicolons\n" . "userlistAttributes: " . $this->userlistAttributes . "\n");
 			if (!in_array("grouplistAttributes", $saved)) array_push($file_array, "\n\n# list of attributes to show in group list\n# entries can either be predefined values (e.g. '#cn' or '#gidNumber')" .
@@ -334,6 +339,7 @@ class Config {
 		echo "<b>" . _("GroupSuffix") . ": </b>" . $this->groupsuffix . "<br>\n";
 		echo "<b>" . _("HostSuffix") . ": </b>" . $this->hostsuffix . "<br>\n";
 		echo "<b>" . _("DomainSuffix") . ": </b>" . $this->domainsuffix . "<br>\n";
+		echo "<b>" . _("TreeSuffix") . ": </b>" . $this->treesuffix . "<br>\n";
 		echo "<b>" . _("Attributes in User List") . ": </b>" . $this->userlistAttributes . "<br>\n";
 		echo "<b>" . _("Attributes in Group List") . ": </b>" . $this->grouplistAttributes . "<br>\n";
 		echo "<b>" . _("Attributes in Host List") . ": </b>" . $this->hostlistAttributes . "<br>\n";
@@ -531,6 +537,65 @@ class Config {
 		return true;
 	}
 
+	/**
+	* Returns the LDAP suffix for the given account type
+	*
+	* @param string $scope account type
+	* @return string the LDAP suffix
+	*/
+	function get_Suffix($scope) {
+		switch ($scope) {
+			case 'user':
+					return $this->usersuffix;
+				break;
+			case 'group':
+					return $this->groupsuffix;
+				break;
+			case 'host':
+					return $this->hostsuffix;
+				break;
+			case 'domain':
+					return $this->domainsuffix;
+				break;
+			case 'tree':
+					return $this->treesuffix;
+				break;
+		}
+		return "";
+	}
+
+	/**
+	* Sets the LDAP suffix where accounts are saved
+	*
+	* @param string $scope account type
+	* @param string $value new LDAP suffix
+	* @return boolean true if $value has correct format
+	*/
+	function set_Suffix($scope, $value) {
+		if (!$value) $value = "";
+		elseif (!is_string($value)) {
+			return false;
+		}
+		switch ($scope) {
+			case 'user':
+					$this->usersuffix = $value;
+				break;
+			case 'group':
+					$this->groupsuffix = $value;
+				break;
+			case 'host':
+					$this->hostsuffix = $value;
+				break;
+			case 'domain':
+					$this->domainsuffix = $value;
+				break;
+			case 'tree':
+					$this->treesuffix = $value;
+				break;
+		}
+		return true;
+	}
+
 	/**
 	* Returns the list of attributes to show in user list
 	*

lam/lib/ldap.inc

@@ -312,7 +312,7 @@ class Ldap{
 			$time = time();
 			$dir = @opendir($relpath);
 			while ($file = @readdir($dir)) {
-					if (substr($file, -4) == '.pdf') {
+					if ((substr($file, -4) == '.pdf') || (substr($file, -4) == '.jpg')) {
 					$path = $relpath . $file;
 					if ($time - filemtime($path) > 600) {
 						@unlink($path);
@@ -323,11 +323,17 @@ class Ldap{
 		}
 	}
 
-	/** Calculates a new value for rand */
+	/**
+	* Calculates a new value for rand
+	*
+	* @return int New random value
+	*/
 	function new_rand() {
 		// change random number
 		mt_srand($this->rand + (microtime() * 1000000));
-		$this->rand = mt_rand();
+		$r = mt_rand();
+		$this->rand = $r;
+		return $r;
 	}
 
 	/**

lam/session-vars.txt

@@ -63,6 +63,7 @@ convsave, confmain, conflogin:
 - conf_suffgroups: Eingabe von confmain
 - conf_suffhosts: Eingabe von confmain
 - conf_suffdomains: Eingabe von confmain
+- conf_sufftree: Eingabe von confmain
 - conf_usrlstattr: Eingabe von confmain
 - conf_grplstattr: Eingabe von confmain
 - conf_hstlstattr: Eingabe von confmain

lam/style/500_layout.css

@@ -57,6 +57,10 @@ color:red;
 text-decoration:none;
 }
 
+a img {
+	border: 0px;
+}
+
 form { }
 input {
 font-weight:bold;
@@ -597,3 +601,298 @@ h4.schema_oclass_sub {
 	font-size: 80%;
 }
 
+table.tree tr.login td {
+}
+
+table.tree td.links {
+	padding: 0px;
+	font-size: 10px;
+	padding-left: 12px;
+	font-size: 10px;
+}
+
+table.tree td.links a {
+	font-size: 10px;
+}
+
+table.tree {
+	border: 0px;
+}
+
+table.tree img {
+	border: 0px;
+}
+	
+table.tree td {
+	padding: 2px;
+	border: 0px solid black;
+}
+
+table.tree tr {
+}
+
+table.tree tr.server td.icon {
+	width: 14px;
+}
+
+table.tree tr.server td {
+	padding-top: 15px;
+	padding-bottom: 0px;
+	vertical-align: top;
+	font-size: 20px;
+	text-align: left;
+}
+
+table.tree td.icon {
+	text-align: center;
+	padding: 0px;
+	width: 14px;
+	font-size: 1px;
+}
+
+table.tree td.rdn {
+	width: 500px;
+}
+
+table.tree td.rdn a {
+	text-decoration: none;
+	color: black;
+}
+
+table.tree td.rdn a:hover {
+	text-decoration: none;
+	color: blue;
+}
+
+table.tree td.create {
+}
+
+table.tree td.create a {
+	text-decoration: none;
+	color: black;
+}
+
+table.tree td.create a:hover {
+	text-decoration: none;
+	color: blue;
+}
+
+
+table.tree td.spacer {
+	width: 22px;
+}
+
+table.tree td.expander {
+	text-align: center;
+	width: 22px;
+	max-width: 22px;
+	min-width: 22px;
+}
+
+table.tree td span.count {
+	color: gray;
+	font-size: 85%;
+}
+
+h3.tree_title {
+	text-align: center;
+	margin: 0px;
+	padding: 10px;
+	color: white;
+	background-color: #018;
+	border: 1px solid black;
+	font-weight: normal;
+	font-size: 150%;
+}
+
+h3.tree_subtitle {
+	text-align: center;
+	margin: 0px;
+	margin-bottom: 15px;
+	font-size: 75%;
+	color: white;
+	border-bottom: 1px solid black;
+	border-left: 1px solid black;
+	border-right: 1px solid black;
+	background: #018;
+	padding: 4px;
+	font-weight: normal;
+}
+
+table.tree_edit_dn {
+	border-collapse: collapse;
+	border-spacing: 0px;
+	empty-cells: show;
+	width: 500px;
+}
+
+table.tree_edit_dn input {
+	margin: 1px;
+}
+
+table.tree_edit_dn input.val {
+	font-size: 14px;
+	width: 350px; 
+	font-family: arial, helvetica, sans-serif
+	background-color: white;
+}
+
+table.tree_edit_dn textarea.val {
+	font-size: 14px;
+	width: 350px; 
+	font-family: arial, helvetica, sans-serif;
+	background-color: white;
+}
+
+table.tree_edit_dn tr td {
+	padding: 4px;
+	padding-right: 0px;
+}
+
+table.tree_edit_dn tr td.attr {
+	background-color: #eee;
+	vertical-align: top;
+}
+
+table.tree_edit_dn tr td.heading {
+	border-top: 3px solid #ccc;
+	font-weight: bold;
+}
+
+table.tree_edit_dn tr td.attr_note {
+    text-align: right;
+	background-color: #eee;
+}
+
+table.tree_edit_dn tr td.attr a {
+	text-decoration: none;
+	color: black;
+}
+
+table.tree_edit_dn tr td.attr a:hover {
+	text-decoration: underline;
+	color: #016;
+}
+
+table.tree_edit_dn tr td.val {
+	text-align: left;
+	vertical-align: center;
+	padding-bottom: 10px;
+	padding-left: 80px;
+}
+
+
+/** When an attr is updated, it is highlighted to indicate such */
+table.tree_edit_dn tr.updated_attr td.attr {
+	border-top: 1px dashed green;
+	border-left: 1px dashed green;
+	background-color: #ded;
+}
+
+table.tree_edit_dn tr.updated_attr td.attr_note {
+	border-top: 1px dashed green;
+	border-right: 1px dashed green;
+	background-color: #ded;
+}
+
+/** An extra row that sits at the bottom of recently modified attrs to encase them in dashes */
+table.tree_edit_dn tr.updated_attr td.bottom {
+	border-top: 1px dashed green;
+}
+
+/** Formatting for the value cell when it is the attribute that has been recently modified */
+table.tree_edit_dn tr.updated_attr td.val {
+	border-left: 1px dashed green;
+	border-right: 1px dashed green;
+}
+
+/* Neede to prevent sub-tables (like the one in which jpegPhotos are displayed)
+ * from drawing borders as well. */
+table.tree_edit_dn tr.updated_attr td table td {
+	border: 0px;
+}
+
+table.tree_edit_dn tr.updated_attr a {
+}
+
+table.tree_edit_dn tr.mod_dn {
+	background: #def;
+}
+
+table.tree_edit_dn tr.row1 {
+	background: #eee;
+}
+
+table.tree_edit_dn tr.row2 {
+	background: #ccc;
+}
+
+form.tree_edit_dn {
+	margin: 0px;
+	padding: 0px;
+}
+
+table.tree_edit_dn_menu {
+	font-size: 75%;
+}
+
+table.tree_edit_dn_menu td.icon {
+	width: 16px;
+	text-align: center;
+}
+
+span.tree_hint {
+	font-size: small;
+	font-weight: normal;
+	color: #888;
+}
+
+table.tree_confirm th {
+	background-color: #016;
+	padding: 5px;
+	color: white;
+	font-weight: normal;
+}
+
+table.tree_confirm tr td {
+	padding: 4px;
+}
+
+table.tree_confirm tr.spacer {
+	background-color: #ddd;
+}
+
+table.tree_confirm tr.even {
+	background-color: #ccc;
+}
+
+table.tree_confirm tr.odd {
+	background-color: #eee;
+}
+
+table.tree_confirm tr td.heading {
+	text-align: right;
+	font-size: 75%;
+}
+
+table.tree_confirm td.icon {
+	text-align: center;
+}
+
+table.tree_delete_confirm {
+	width: 76%;
+	background-color: #ddf;
+	padding: 20px;
+	text-align: left;
+}
+
+table.tree_create {
+	font-size: 75%;
+}
+
+table.tree_create td.heading {
+	vertical-align: top;
+	padding: 10px;
+}
+
+

lam/templates/config/confmain.php

@@ -57,6 +57,7 @@ if (isset($_POST['back']) || isset($_POST['submitconf']) || isset($_POST['editmo
 		$_SESSION['conf_suffgroups'] = $_POST['suffgroups'];
 		$_SESSION['conf_suffhosts'] = $_POST['suffhosts'];
 		$_SESSION['conf_suffdomains'] = $_POST['suffdomains'];
+		$_SESSION['conf_sufftree'] = $_POST['sufftree'];
 		$_SESSION['conf_usrlstattr'] = $_POST['usrlstattr'];
 		$_SESSION['conf_grplstattr'] = $_POST['grplstattr'];
 		$_SESSION['conf_hstlstattr'] = $_POST['hstlstattr'];
@@ -122,6 +123,7 @@ if (isset($_GET["modulesback"])) {
 	$conf->set_GroupSuffix($_SESSION['conf_suffgroups']);
 	$conf->set_HostSuffix($_SESSION['conf_suffhosts']);
 	$conf->set_DomainSuffix($_SESSION['conf_suffdomains']);
+	$conf->set_Suffix('tree', $_SESSION['conf_sufftree']);
 	$conf->set_userlistAttributes($_SESSION['conf_usrlstattr']);
 	$conf->set_grouplistAttributes($_SESSION['conf_grplstattr']);
 	$conf->set_hostlistAttributes($_SESSION['conf_hstlstattr']);
@@ -167,28 +169,34 @@ echo ("<tr><td colspan=3>&nbsp</td></tr>");
 
 // user suffix
 echo ("<tr><td align=\"right\"><b>".
-	_("UserSuffix") . " *: </b></td>".
+	_("UserSuffix") . ": </b></td>".
 	"<td><input tabindex=\"$tabindex\" size=50 type=\"text\" name=\"suffusers\" value=\"" . $conf->get_UserSuffix() . "\"></td>\n");
 echo ("<td><a href=\"../help.php?HelpNumber=202\" target=\"lamhelp\">" . _("Help") . "</a></td></tr>\n");
 $tabindex++;
 // group suffix
 echo ("<tr><td align=\"right\"><b>".
-	_("GroupSuffix") . " *: </b></td>".
+	_("GroupSuffix") . ": </b></td>".
 	"<td><input tabindex=\"$tabindex\" size=50 type=\"text\" name=\"suffgroups\" value=\"" . $conf->get_GroupSuffix() . "\"></td>\n");
 echo ("<td><a href=\"../help.php?HelpNumber=202\" target=\"lamhelp\">" . _("Help") . "</a></td></tr>\n");
 $tabindex++;
 // host suffix
 echo ("<tr><td align=\"right\"><b>".
-	_("HostSuffix") . " **: </b></td>".
+	_("HostSuffix") . ": </b></td>".
 	"<td><input tabindex=\"$tabindex\" size=50 type=\"text\" name=\"suffhosts\" value=\"" . $conf->get_HostSuffix() . "\"></td>\n");
 echo ("<td><a href=\"../help.php?HelpNumber=202\" target=\"lamhelp\">" . _("Help") . "</a></td></tr>\n");
 $tabindex++;
 // domain suffix
 echo ("<tr><td align=\"right\"><b>".
-	_("DomainSuffix") . " ***: </b></td>".
+	_("DomainSuffix") . " **: </b></td>".
 	"<td><input tabindex=\"$tabindex\" size=50 type=\"text\" name=\"suffdomains\" value=\"" . $conf->get_DomainSuffix() . "\"></td>\n");
 echo ("<td><a href=\"../help.php?HelpNumber=202\" target=\"lamhelp\">" . _("Help") . "</a></td></tr>\n");
 $tabindex++;
+// tree suffix
+echo ("<tr><td align=\"right\"><b>".
+	_("TreeSuffix") . ": </b></td>".
+	"<td><input tabindex=\"$tabindex\" size=50 type=\"text\" name=\"sufftree\" value=\"" . $conf->get_Suffix('tree') . "\"></td>\n");
+echo ("<td><a href=\"../help.php?HelpNumber=203\" target=\"lamhelp\">" . _("Help") . "</a></td></tr>\n");
+$tabindex++;
 
 // new line
 echo ("<tr><td colspan=3>&nbsp</td></tr>");
@@ -429,8 +437,7 @@ echo ("</table>\n");
 echo ("<p></p>");
 
 echo ("<p>* = ". _("required") . "</p>");
-echo ("<p>** = ". _("required for Samba accounts") . "</p>");
+echo ("<p>** = ". _("required for Samba 3 accounts") . "</p>");
-echo ("<p>*** = ". _("required for Samba 3 accounts") . "</p>");
 
 // password for configuration
 echo ("<p><input type=\"hidden\" name=\"passwd\" value=\"" . $passwd . "\"></p>\n");

lam/templates/config/confsave.php

@@ -52,6 +52,7 @@ $suffusers = $_SESSION['conf_suffusers'];
 $suffgroups = $_SESSION['conf_suffgroups'];
 $suffhosts = $_SESSION['conf_suffhosts'];
 $suffdomains = $_SESSION['conf_suffdomains'];
+$sufftree = $_SESSION['conf_sufftree'];
 $usrlstattr = $_SESSION['conf_usrlstattr'];
 $grplstattr = $_SESSION['conf_grplstattr'];
 $hstlstattr = $_SESSION['conf_hstlstattr'];
@@ -122,6 +123,11 @@ if (!$conf->set_DomainSuffix($suffdomains)) {
 	echo ("\n<br><br><br><a href=\"javascript:history.back()\">" . _("Back to preferences...") . "</a>");
 	exit;
 }
+if (!$conf->set_Suffix("tree", $sufftree)) {
+	echo ("<font color=\"red\"><b>" . _("TreeSuffix is invalid!") . "</b></font>");
+	echo ("\n<br><br><br><a href=\"javascript:history.back()\">" . _("Back to preferences...") . "</a>");
+	exit;
+}
 if (!$conf->set_userlistAttributes($usrlstattr)) {
 	echo ("<font color=\"red\"><b>" . _("User list attributes are invalid!") . "</b></font>");
 	echo ("\n<br><br><br><a href=\"javascript:history.back()\">" . _("Back to preferences...") . "</a>");
@@ -260,6 +266,7 @@ unset($_SESSION['conf_suffusers']);
 unset($_SESSION['conf_suffgroups']);
 unset($_SESSION['conf_suffhosts']);
 unset($_SESSION['conf_suffdomains']);
+unset($_SESSION['conf_sufftree']);
 unset($_SESSION['conf_usrlstattr']);
 unset($_SESSION['conf_grplstattr']);
 unset($_SESSION['conf_hstlstattr']);

lam/templates/main_header.php

@@ -44,6 +44,7 @@ $lists = 0;
 if ($_SESSION['config']->get_Usersuffix() != "") $lists++;
 if ($_SESSION['config']->get_Groupsuffix() != "") $lists++;
 if ($_SESSION['config']->get_Hostsuffix() != "") $lists++;
+if ($_SESSION['config']->get_Suffix('tree') != "") $lists++;
 
 ?>
 
@@ -73,6 +74,9 @@ if ($_SESSION['config']->get_Hostsuffix() != "") $lists++;
 	<tr>
 		<td></td>
 		<?php
+			if ($_SESSION['config']->get_Suffix('tree') != "") {
+				echo '<td width="120" align="center"><a href="./tree/tree_view.php" target="mainpart"><big>' . _("Tree view") . '</big></a></td>' . "\n";
+			}
 			if ($_SESSION['config']->get_Usersuffix() != "") {
 				echo '<td width="120" align="center"><a href="./lists/listusers.php" target="mainpart"><big>' . _("Users") . '</big></a></td>' . "\n";
 			}

lam/templates/tree/add_attr.php

@@ -0,0 +1,166 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+ 
+
+/**
+ * Adds an attribute/value pair to an object
+ *
+ * Variables that come in as POST vars:
+ *  - dn
+ *  - attr
+ *  - val
+ *  - binary
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+/** common functions */
+include_once('../../lib/account.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+$attr = $_POST['attr'];
+$val  = isset( $_POST['val'] ) ? $_POST['val'] : false;;
+$dn = $_POST['dn'] ;
+$encoded_dn = rawurlencode( $dn );
+$encoded_attr = rawurlencode( $attr );
+$is_binary_val = isset( $_POST['binary'] ) ? true : false;
+
+if( ! $is_binary_val && $val == "" ) {
+	echo $_SESSION['header'];
+	echo "<title>LDAP Account Manager</title>\n";
+	echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+	echo "</head><body>\n";
+	StatusMessage("ERROR", _('You left the attribute value blank. Please go back and try again.'), '');
+	echo "</body></html>";
+	exit;
+}
+
+// special case for binary attributes (like jpegPhoto and userCertificate): 
+// we must go read the data from the file and override $val with the binary data
+// Secondly, we must check if the ";binary" option has to be appended to the name
+// of the attribute.
+
+if( $is_binary_val ) {
+    if (( 0 == $_FILES['val']['size'] ) || (! is_uploaded_file( $_FILES['val']['tmp_name'] ))) {
+		echo $_SESSION['header'];
+		echo "<title>LDAP Account Manager</title>\n";
+		echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+		echo "</head><body>\n";
+		StatusMessage("ERROR", _('File upload failed!'), '');
+		echo "</body></html>";
+		exit;
+    }
+	$file = $_FILES['val']['tmp_name'];
+    $f = fopen( $file, 'r' );
+    $binary_data = fread( $f, filesize( $file ) );
+    fclose( $f );
+    $val = $binary_data;
+
+	if( is_binary_option_required( $attr ) )
+	  $attr .=";binary";
+}
+
+// Automagically hash new userPassword attributes according to the 
+// chosen in config.php. 
+if( 0 == strcasecmp( $attr, 'userpassword' ) ) {
+		$val = pwd_hash($val);
+}
+elseif(0 == strcasecmp( $attr , 'sambalmpassword') ) {
+	$val = lmPassword($val);
+}
+elseif (0 == strcasecmp( $attr , 'sambantpassword' )) {
+	$val = ntPassword($val);
+}
+
+$ds = $_SESSION['ldap']->server;
+$new_entry = array( $attr => $val );
+$result = @ldap_mod_add( $ds, $dn, $new_entry );
+
+if( $result )
+     header( "Location: edit.php?dn=$encoded_dn&amp;modified_attrs[]=$encoded_attr" );
+else {
+	echo $_SESSION['header'];
+	echo "<title>LDAP Account Manager</title>\n";
+	echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+	echo "</head><body>\n";
+	StatusMessage("ERROR", _('Failed to add the attribute.'), ldap_error($ds));
+	echo "</body></html>";
+	exit;
+}
+
+// check if we need to append the ;binary option to the name 
+// of some binary attribute
+
+function is_binary_option_required( $attr ){
+
+  // list of the binary attributes which need the ";binary" option
+  $binary_attributes_with_options = array(
+      // Superior: Ldapv3 Syntaxes (1.3.6.1.4.1.1466.115.121.1)
+      '1.3.6.1.4.1.1466.115.121.1.8'  =>  "userCertificate",
+      '1.3.6.1.4.1.1466.115.121.1.8'  =>  "caCertificate",
+      '1.3.6.1.4.1.1466.115.121.1.10' =>  "crossCertificatePair",
+      '1.3.6.1.4.1.1466.115.121.1.9'  =>  "certificateRevocationList",
+      '1.3.6.1.4.1.1466.115.121.1.9'  =>  "authorityRevocationList",
+      // Superior: Netscape Ldap attributes types (2.16.840.1.113730.3.1)
+      '2.16.840.1.113730.3.1.40'      =>  "userSMIMECertificate" 
+  );
+  
+  // quick check by attr name (short circuits the schema check if possible)
+  //foreach( $binary_attributes_with_options as $oid => $name )
+    //if( 0 == strcasecmp( $attr, $name ) )
+        //return true;
+
+  $schema_attr = get_schema_attribute( $attr );
+  if( ! $schema_attr )
+    return false;
+
+  $syntax = $schema_attr->getSyntaxOID();
+  if( isset( $binary_attributes_with_options[ $syntax ] ) )
+    return true;
+
+  return false;
+}
+
+?>

lam/templates/tree/add_attr_form.php

@@ -0,0 +1,198 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+ 
+
+/**
+ * Displays a form for adding an attribute/value to an LDAP entry.
+ *
+ * Variables that come in as GET vars:
+ *  - dn (rawurlencoded)
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+echo $_SESSION['header'];
+
+echo "<title>LDAP Account Manager</title>\n";
+echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+echo "</head>\n";
+
+$dn = $_GET['dn'];
+$encoded_dn = rawurlencode( $dn );
+$rdn = get_rdn( $dn );
+?>
+
+<body>
+
+<h3 class="tree_title"><?php echo sprintf( _('Add new attribute'), htmlspecialchars( $rdn ) ); ?></b></h3>
+<h3 class="tree_subtitle"><?php echo _('DN'); ?>: <b><?php echo htmlspecialchars( ( $dn ) ); ?></b></h3>
+
+<?php
+
+$attrs = get_object_attrs( $dn );
+$oclasses = get_object_attr( $dn, 'objectClass' );
+if( ! is_array( $oclasses ) )
+	$oclasses = array( $oclasses );
+$avail_attrs = array();
+$schema_oclasses = get_schema_objectclasses( $dn );
+foreach( $oclasses as $oclass ) {
+	$schema_oclass = get_schema_objectclass( $oclass, $dn );
+	if( $schema_oclass && 0 == strcasecmp( 'objectclass', get_class( $schema_oclass ) ) )
+		$avail_attrs = array_merge( $schema_oclass->getMustAttrNames( $schema_oclasses ),
+				$schema_oclass->getMayAttrNames( $schema_oclasses ),
+				$avail_attrs );
+}
+
+$avail_attrs = array_unique( $avail_attrs );
+$avail_attrs = array_filter( $avail_attrs, "not_an_attr" );
+sort( $avail_attrs );
+
+$avail_binary_attrs = array();
+foreach( $avail_attrs as $i => $attr ) {
+	if( is_attr_binary( $attr ) ) {
+		$avail_binary_attrs[] = $attr;
+		unset( $avail_attrs[ $i ] );
+	}
+}
+
+?>
+
+<br />
+<center>
+
+
+	<?php echo _('Add new attribute'); ?>
+
+	<?php if( is_array( $avail_attrs ) && count( $avail_attrs ) > 0 ) { ?>
+
+		<br />
+		<br />
+		<form action="add_attr.php" method="post">
+		<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
+
+		<select name="attr"><?php  
+	
+		$attr_select_html = '';
+		usort($avail_attrs,"sortAttrs");
+		foreach( $avail_attrs as $a ) { 
+			$attr_display = htmlspecialchars( $a );
+			echo $attr_display;
+			$attr_select_html .= "<option>$attr_display</option>\n";
+			echo "<option value=\"" . htmlspecialchars($a) . "\">$attr_display</option>";
+		} ?>
+		</select>
+		<input type="text" name="val" size="20" />
+		<input type="submit" name="submit" value="<?php echo _('Add'); ?>"/>
+		</form>
+	<?php } else { ?>
+	
+		<br />
+		<br />
+		<small><?php echo _('(no new attributes available for this entry)'); ?></small>
+		<br />
+		<br />
+	
+	<?php } ?>
+
+<?php echo _('Add new binary attribute'); ?>
+<?php if( count( $avail_binary_attrs ) > 0 ) { ?>
+	<!-- Form to add a new BINARY attribute to this entry -->
+	<form action="add_attr.php" method="post" enctype="multipart/form-data">
+	<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+	<input type="hidden" name="binary" value="true" />
+	<br />
+	<select name="attr">
+	<?php  
+		$attr_select_html = '';
+		usort($avail_binary_attrs,"sortAttrs");
+		foreach( $avail_binary_attrs as $a ) { 
+			$attr_display = htmlspecialchars( $a );
+	
+			echo $attr_display;
+			$attr_select_html .= "<option>$attr_display</option>\n";
+			echo "<option value=\"" . htmlspecialchars($a) . "\">$attr_display</option>";
+		} ?>
+	</select>
+	<input type="file" name="val" size="20" />
+	<input type="submit" name="submit" value="<?php echo _('Add'); ?>"/>
+    <?php 
+        if( ! ini_get( 'file_uploads' ) )
+            echo "<br><small><b>" . _('Your PHP configuration has disabled file uploads. Please check php.ini before proceeding.') . "</b></small><br>";
+        else
+            echo "<br><small><b>" . sprintf( _('Maximum file size: %s'), ini_get( 'upload_max_filesize' ) ) . "</b></small><br>";
+    ?>
+	</form>
+<?php } else { ?>
+	
+	<br />
+	<br />
+	<small><?php echo _('(no new binary attributes available for this entry)'); ?></small>
+	
+<?php } ?>
+
+</center>
+</body>
+</html>
+
+<?php
+
+/**
+ * Given an attribute $x, this returns true if it is NOT already specified
+ * in the current entry, returns false otherwise.
+ */
+function not_an_attr( $x )
+{
+	global $attrs;
+	//return ! isset( $attrs[ strtolower( $x ) ] );
+	foreach( $attrs as $attr => $values )
+		if( 0 == strcasecmp( $attr, $x ) )
+			return false;
+	return true;
+}
+
+
+?>

lam/templates/tree/add_oclass.php

@@ -0,0 +1,97 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+/**
+ * Adds an objectClass to the specified dn.
+ * Variables that come in as POST vars:
+ *
+ * Note, this does not do any schema violation checking. That is
+ * performed in add_oclass_form.php.
+ *
+ * Vars that come in as POST:
+ *  - dn (rawurlencoded)
+ *  - new_oclass
+ *  - new_attrs (array, if any)
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+$dn = rawurldecode( $_POST['dn'] );
+$encoded_dn = rawurlencode( $dn );
+$new_oclass = $_POST['new_oclass'];
+$new_attrs = $_POST['new_attrs'];
+
+$new_entry = array();
+$new_entry['objectClass'] = $new_oclass;
+
+$new_attrs_entry = array();
+$new_oclass_entry = array( 'objectClass' => $new_oclass );
+
+if( is_array( $new_attrs ) && count( $new_attrs ) > 0 )
+	foreach( $new_attrs as $attr => $val ) {
+		$new_entry[ $attr ] = $val;
+	}
+
+$ds = $_SESSION['ldap']->server;
+$add_res = @ldap_mod_add( $ds, $dn, $new_entry );
+
+if( ! $add_res )
+{
+	echo $_SESSION['header'];
+	
+	echo "<title>LDAP Account Manager</title>\n";
+	echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+	echo "</head>\n";
+	StatusMessage('ERROR', _("Was unable to modify attribtues from DN: %s."), ldap_error( $ds ), array($dn));
+	echo "</body></html>";
+}
+else
+{
+	header( "Location: edit.php?dn=$encoded_dn&amp;modified_attrs[]=objectclass" );
+}
+
+?>

lam/templates/tree/add_oclass_form.php

@@ -0,0 +1,163 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+ 
+
+/**
+ * This page may simply add the objectClass and take you back to the edit page,
+ * but, in one condition it may prompt the user for input. That condition is this:
+ *
+ *    If the user has requested to add an objectClass that requires a set of
+ *    attributes with 1 or more not defined by the object. In that case, we will
+ *    present a form for the user to add those attributes to the object.
+ *
+ * Variables that come in as POST vars:
+ *  - dn (rawurlencoded)
+ *  - new_oclass
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+$dn = rawurldecode( $_POST['dn'] );
+$encoded_dn = rawurlencode( $dn );
+$new_oclass = $_POST['new_oclass'];
+
+/* Ensure that the object has defined all MUST attrs for this objectClass.
+ * If it hasn't, present a form to have the user enter values for all the
+ * newly required attrs. */
+
+$entry = get_object_attrs( $dn, true );
+$current_attrs = array();
+foreach( $entry as $attr => $junk )
+	$current_attrs[] = strtolower($attr);
+
+// grab the required attributes for the new objectClass
+$oclass = get_schema_objectclass( $new_oclass );
+if( $oclass )
+	$must_attrs = $oclass->getMustAttrs();
+else
+	$must_attrs = array();
+
+// We don't want any of the attr meta-data, just the string
+//foreach( $must_attrs as $i => $attr )
+	//$must_attrs[$i] = $attr->getName();
+
+// build a list of the attributes that this new objectClass requires,
+// but that the object does not currently contain
+$needed_attrs = array();
+foreach( $must_attrs as $attr ) {
+    $attr = get_schema_attribute( $attr->getName() );
+    //echo "<pre>"; var_dump( $attr ); echo "</pre>";
+    // First, check if one of this attr's aliases is already an attribute of this entry
+    foreach( $attr->getAliases() as $alias_attr_name )
+        if( in_array( strtolower( $alias_attr_name ), $current_attrs ) )
+            // Skip this attribute since it's already in the entry
+            continue;
+	if( in_array( strtolower($attr->getName()), $current_attrs ) )
+        continue;
+
+    // We made it this far, so the attribute needs to be added to this entry in order 
+    // to add this objectClass
+    $needed_attrs[] = $attr;
+}
+
+if( count( $needed_attrs ) > 0 )
+{
+	echo $_SESSION['header'];
+	
+	echo "<title>LDAP Account Manager</title>\n";
+	echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+	echo "</head>\n";
+	?>
+	<body>
+	
+	<h3 class="tree_title"><?php echo _('DN') . ": " . $dn; ?></h3>
+	<h3 class="tree_subtitle"><?php echo _('There are new required attributes which need to be set.'); ?></h3>
+
+	<br />
+	
+	<form action="add_oclass.php" method="post">
+	<input type="hidden" name="new_oclass" value="<?php echo htmlspecialchars( $new_oclass ); ?>" />
+	<input type="hidden" name="dn" value="<?php echo $encoded_dn; ?>" />
+	
+	<table class="tree_edit_dn" cellspacing="0">
+	<tr><th colspan="2"><?php echo _('New required attributes:'); ?></th></tr>
+
+	<?php foreach( $needed_attrs as $count => $attr ) { ?>
+        <tr><td class="attr"><b><?php echo htmlspecialchars($attr->getName()); ?></b></td></tr>
+		<tr><td class="val"><input type="text" name="new_attrs[<?php echo htmlspecialchars($attr->getName()); ?>]" value="" size="40" /></tr>
+	<?php  } ?>
+
+	</table>
+	<br />
+	<br />
+	<center><input type="submit" value="<?php echo _('Add'); ?>" /></center>
+	</form>
+
+	</body>
+	</html>
+
+	<?php
+}
+else
+{
+	$ds = $_SESSION['ldap']->server;
+	$add_res = @ldap_mod_add( $ds, $dn, array( 'objectClass' => $new_oclass ) );
+	if( ! $add_res ) {
+		echo $_SESSION['header'];
+		
+		echo "<title>LDAP Account Manager</title>\n";
+		echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+		echo "</head>\n";
+		StatusMessage('ERROR', _("Was unable to modify attribtues from DN: %s."), ldap_error( $ds ), array($dn));
+		echo "</body></html>";
+	}
+	else
+		header( "Location: edit.php?dn=$encoded_dn&amp;modified_attrs[]=objectClass" );
+
+}
+
+?>

lam/templates/tree/add_value.php

@@ -0,0 +1,100 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+ 
+
+/**
+ * Adds a value to an attribute for a given dn.
+ * Variables that come in as POST vars:
+ *  - dn (rawurlencoded)
+ *  - attr (rawurlencoded) the attribute to which we are adding a value 
+ *  - new_value (form element)
+ *  - binary 
+ *
+ * On success, redirect to the edit_dn page.
+ * On failure, echo an error.
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+$dn = rawurldecode( $_POST['dn'] );
+$encoded_dn = rawurlencode( $dn );
+$attr = $_POST['attr'];
+$encoded_attr = rawurlencode( $attr );
+$new_value = $_POST['new_value'];
+$is_binary_val = isset( $_POST['binary'] ) ? true : false;
+
+$ds = $_SESSION['ldap']->server;
+
+// special case for binary attributes: 
+// we must go read the data from the file.
+if( $is_binary_val )
+{
+	$file = $_FILES['new_value']['tmp_name'];
+	$f = fopen( $file, 'r' );
+	$binary_value = fread( $f, filesize( $file ) );
+	fclose( $f );
+	$new_value = $binary_value;
+}
+
+$new_entry = array( $attr => $new_value  );
+
+$add_result = @ldap_mod_add( $ds, $dn, $new_entry );
+
+if( ! $add_result ) {
+	echo $_SESSION['header'];
+	
+	echo "<title>LDAP Account Manager</title>\n";
+	echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+	echo "</head><body>\n";
+	StatusMessage('ERROR', _('Adding attribute failed!'), ldap_error( $ds ));
+	echo "</body></html>";
+	exit;
+}
+
+header( "Location: edit.php?dn=$encoded_dn&amp;modified_attrs[]=$encoded_attr" );
+
+?>

lam/templates/tree/add_value_form.php

@@ -0,0 +1,203 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+ 
+
+/**
+ * add_value_form.php
+ * Displays a form to allow the user to enter a new value to add
+ * to the existing list of values for a multi-valued attribute.
+ * Variables that come in as GET vars:
+ *  - dn (rawurlencoded)
+ *  - attr (rawurlencoded) the attribute to which we are adding a value 
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+echo $_SESSION['header'];
+
+echo "<title>LDAP Account Manager</title>\n";
+echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+echo "</head>\n";
+
+$dn = isset( $_GET['dn'] ) ? $_GET['dn'] : null;
+$encoded_dn = rawurlencode( $dn );
+if( null != $dn ) {
+	$rdn = get_rdn( $dn );
+} else {
+	$rdn = null;
+}
+$attr = $_GET['attr'];
+$encoded_attr = rawurlencode( $attr );
+$current_values = get_object_attr( $dn, $attr );
+$num_current_values = ( is_array($current_values) ? count($current_values) : 1 );
+$is_object_class = ( 0 == strcasecmp( $attr, 'objectClass' ) ) ? true : false;
+$is_jpeg_photo = is_jpeg_photo( $attr ); //( 0 == strcasecmp( $attr, 'jpegPhoto' ) ) ? true : false;
+
+if( $is_object_class ) { 
+	// fetch all available objectClasses and remove those from the list that are already defined in the entry
+	$schema_oclasses = get_schema_objectclasses();
+	foreach( $current_values as $oclass )
+		unset( $schema_oclasses[ strtolower( $oclass ) ] );
+} else {
+	$schema_attr = get_schema_attribute( $attr );
+}
+
+?>
+
+<body>
+
+<h3 class="tree_title">
+	<?php echo _('Add new attribute:'); ?>
+	<b><?php echo htmlspecialchars($attr); ?></b> 
+</h3>
+<h3 class="tree_subtitle">
+	<?php echo _('DN'); ?>: <b><?php echo htmlspecialchars( $dn ); ?></b></h3>
+
+<?php echo _('Current list of values for attribute:') . " <b>" . htmlspecialchars($attr); ?></b>
+		
+<?php if( is_attr_binary( $attr ) ) { ?>
+	<ul>
+	<?php if( is_array( $vals ) ) { for( $i=1; $i<=count($vals); $i++ ) { 
+		$href = "download_binary_attr.php?dn=$encoded_dn&amp;attr=$attr&amp;value_num=" . ($i-1); ?>
+		<li><a href="<?php echo $href; ?>"><img src="../../graphics/save.png" /> <?php echo _('download value') . ' ' .  $i; ?>)</a></li>
+	<?php } } else { 
+		$href = "download_binary_attr.php?dn=$encoded_dn&amp;attr=$attr"; ?>
+		<li><a href="<?php echo $href; ?>"><img src="../../graphics/save.png" /> <?php echo _('download value'); ?></a></li>
+	<?php } ?>
+	</ul>
+	<!-- Temporary warning until we find a way to add jpegPhoto values without an INAPROPRIATE_MATCHING error -->	
+		<p><small>
+		<?php echo _('Note: You will get an "inappropriate matching" error if you have not setup an EQUALITY rule on your LDAP server for this attribute.'); ?>
+		</small></p>
+	<!-- End of temporary warning -->
+	
+<?php } else { ?>
+
+<ul class="current_values">
+	<?php  if( is_array( $current_values ) ) /*$num_current_values > 1 )*/  {
+		 foreach( $current_values as $val ) { ?>
+
+			<li><nobr><?php echo htmlspecialchars(($val)); ?></nobr></li>
+
+		<?php  } ?>
+	<?php  } else { ?>
+
+		<li><nobr><?php echo htmlspecialchars(($current_values)); ?></nobr></li>
+
+	<?php  } ?>
+</ul>
+
+<?php } ?>
+
+<?php echo _('Enter the value you would like to add:'); ?>
+<br />
+<br />
+
+<?php if( $is_object_class ) { ?>
+
+	<form action="add_oclass_form.php" method="post" class="new_value">
+	<input type="hidden" name="dn" value="<?php echo $encoded_dn; ?>" />
+	<select name="new_oclass">
+
+	<?php foreach( $schema_oclasses as $name => $oclass ) {
+
+		// exclude any structural ones, as they'll only generate an LDAP_OBJECT_CLASS_VIOLATION
+		if ($oclass->type == "structural") continue;
+?>
+
+		<option value="<?php echo $oclass->getName(); ?>"><?php echo $oclass->getName(); ?></option>
+
+	<?php } ?>
+
+	</select> <input type="submit" value="<?php echo _('Add'); ?>" />
+		
+	<br />
+
+<?php } else { ?>
+
+	<form action="add_value.php" method="post" class="new_value" name="new_value_form"<?php 
+		if( is_attr_binary( $attr ) ) echo "enctype=\"multipart/form-data\""; ?>>
+	<input type="hidden" name="dn" value="<?php echo $encoded_dn; ?>" />
+	<input type="hidden" name="attr" value="<?php echo $encoded_attr; ?>" />
+
+	<?php if( is_attr_binary( $attr ) ) { ?>
+		<input type="file" name="new_value" />
+		<input type="hidden" name="binary" value="true" />
+	<?php } else { ?>
+        <?php if( is_multi_line_attr( $attr ) ) { ?>
+            <textarea name="new_value" rows="3" cols="30"></textarea>
+        <?php } else { ?>
+		<input type="text" <?php 
+				if( $schema_attr->getMaxLength() ) 
+					echo "maxlength=\"" . $schema_attr->getMaxLength() . "\" "; 
+				?>name="new_value" size="40" value="" /><?php 
+                    // draw the "browse" button next to this input box if this attr houses DNs:
+                    if( is_dn_attr( $attr ) ) draw_chooser_link( "new_value_form.new_value", false ); ?>
+        <?php } ?>
+	<?php } ?>
+
+	<input type="submit" name="submit" value="<?php echo _('Add'); ?>" />
+	<br />
+
+	<?php if( $schema_attr->getDescription() ) { ?>
+		<small><b><?php echo _('Description'); ?>:</b> <?php echo $schema_attr->getDescription(); ?></small><br />
+	<?php } ?>
+
+	<?php if( $schema_attr->getType() ) { ?>
+		<small><b><?php echo _('Syntax'); ?>:</b> <?php echo $schema_attr->getType(); ?></small><br />
+	<?php } ?>
+
+	<?php if( $schema_attr->getMaxLength() ) { ?>
+		<small><b><?php echo _('Maximum length'); ?>:</b> <?php echo number_format( $schema_attr->getMaxLength() ); ?></small><br />
+	<?php } ?>
+
+	</form>
+
+<?php } ?>
+
+</body>
+</html>

lam/templates/tree/collapse.php

@@ -0,0 +1,75 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+
+/**
+ * This script alters the session variable 'tree', collapsing it
+ * at the dn specified in the query string. 
+ *
+ * Variables that come in as GET vars:
+ *  - dn (rawurlencoded)
+ *  - server_id
+ *
+ * Note: this script is equal and opposite to expand.php
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+$dn = $_GET['dn'];
+$encoded_dn = rawurlencode( $dn );
+
+initialize_session_tree();
+
+if( array_key_exists( $dn, $_SESSION['tree'] ) )
+	unset( $_SESSION['tree'][$dn] );
+
+// This is for Opera. By putting "random junk" in the query string, it thinks
+// that it does not have a cached version of the page, and will thus
+// fetch the page rather than display the cached version
+$time = gettimeofday();
+$random_junk = md5( strtotime( 'now' ) . $time['usec'] );
+
+header( "Location:tree.php?foo=$random_junk#{$encoded_dn}" );
+?>

lam/templates/tree/create.php

@@ -0,0 +1,185 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+
+/**
+ * Creates a new object.
+ *
+ * Variables that come in as POST vars:
+ *  - new_dn
+ *  - attrs (an array of attributes)
+ *  - vals (an array of values for the above attrs)
+ *  - required_attrs (an array with indices being the attributes,
+ *		      and the values being their respective values)
+ *  - object_classes (rawurlencoded, and serialized array of objectClasses)
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+$new_dn = isset( $_POST['new_dn'] ) ? $_POST['new_dn'] : null;
+$encoded_dn = rawurlencode( $new_dn );
+$vals = isset( $_POST['vals'] ) ? $_POST['vals'] : array();
+$attrs = isset( $_POST['attrs'] ) ? $_POST['attrs'] : array();
+$required_attrs = isset( $_POST['required_attrs'] ) ? $_POST['required_attrs'] : false;
+$object_classes = unserialize( rawurldecode( $_POST['object_classes'] ) );
+$container = get_container( $new_dn );
+
+// build the new entry
+$new_entry = array();
+if( isset( $required_attrs ) && is_array( $required_attrs ) ) {
+	foreach( $required_attrs as $attr => $val ) {
+		if( $val == '' ) {
+			echo $_SESSION['header'];
+			echo "<title>LDAP Account Manager</title>\n";
+			echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+			echo "</head><body>\n";
+	
+			StatusMessage("ERROR", _('You left the value blank for required attribute: %s.'), '', array(htmlspecialchars($attr)));
+			
+			echo "</body></html>";
+			exit;
+		}
+		$new_entry[ $attr ][] = $val;
+	}
+}
+
+if( isset( $attrs ) && is_array( $attrs ) ) {
+	foreach( $attrs as $i => $attr ) {
+		if( is_attr_binary( $attr ) ) {
+			if( isset( $_FILES['vals']['name'][$i] ) && $_FILES['vals']['name'][$i] != '' ) {
+				// read in the data from the file
+				$file = $_FILES['vals']['tmp_name'][$i];
+				$f = fopen( $file, 'r' );
+				$binary_data = fread( $f, filesize( $file ) );
+				fclose( $f );
+				$val = $binary_data;
+				$new_entry[ $attr ][] = $val;
+			}
+		} else {
+            $val = isset( $vals[$i] ) ? $vals[$i] : '';
+			if( '' !== trim($val) )
+			  $new_entry[ $attr ][] = $val;
+		}
+	}
+}
+
+$new_entry['objectClass'] = $object_classes;
+if( ! in_array( 'top', $new_entry['objectClass'] ) )
+	$new_entry['objectClass'][] = 'top';
+
+foreach( $new_entry as $attr => $vals ) {
+	if( ! is_attr_binary( $attr ) )
+		if( is_array( $vals ) ) {
+			foreach( $vals as $i => $v ) {
+                           $new_entry[ $attr ][ $i ] = $v;
+			}
+		}
+		else {
+			$new_entry[ $attr ] = $vals;
+		}
+}
+
+//echo "<pre>"; var_dump( $new_dn );print_r( $new_entry ); echo "</pre>";
+
+$ds = $_SESSION['ldap']->server;
+
+// Check the user-defined custom call back first
+$add_result = @ldap_add( $ds, $new_dn, $new_entry );
+if( $add_result )
+{
+    $redirect_url = "edit.php?dn=" . rawurlencode( $new_dn );
+
+	if( array_key_exists( 'tree', $_SESSION ) )
+	{
+		$tree = $_SESSION['tree'];
+		$tree_icons = $_SESSION['tree_icons'];
+
+		if( isset( $tree[$container] ) ) {
+			$tree[$container][] = $new_dn;
+			sort( $tree[$container] );
+			$tree_icons[$new_dn] = get_icon( $new_dn );
+		}
+
+		$_SESSION['tree'] = $tree;
+		$_SESSION['tree_icons'] = $tree_icons;
+		session_write_close();
+	}
+
+	?>
+	<?php
+	if( isset( $tree[$container])) {
+		echo $_SESSION['header'];
+		echo "<meta http-equiv=\"refresh\" content=\"0; URL=" . $redirect_url . "\">\n";
+		echo "<title></title>\n";
+		echo "</head>\n";
+		echo "<body>\n";
+		echo "<script language=\"javascript\">";
+			echo "parent.left_frame.location.reload();";
+		echo "</script>";
+		// print link if refresh does not work
+		echo "<p>\n";
+		echo "<a href=\"" . $redirect_url . "\">" . _("Click here if you are not directed to the next page.") . "</a>\n";
+		echo "</p>\n";
+		echo "</body>\n";
+		echo "</html>\n";
+	}
+	?>
+
+<?PHP
+	}
+	else {
+		echo $_SESSION['header'];
+		echo "<title>LDAP Account Manager</title>\n";
+		echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+		echo "</head><body>\n";
+
+		StatusMessage("ERROR", _("LAM was unable to create account %s! An LDAP error occured."), ldap_error($ds), array($new_dn));
+
+		echo "</body></html>\n";
+	}
+	
+?>

lam/templates/tree/create_form.php

@@ -0,0 +1,145 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+
+/**
+ * The menu where the user chooses an RDN, Container, and Template for creating a new entry.
+ * After submitting this form, the user is taken to their chosen Template handler.
+ *
+ * Variables that come in as GET vars
+ *  - container (rawurlencoded) (optional)
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+/** template configuration */
+include_once('templates/templates.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+$step = isset( $_REQUEST['step'] ) ? $_REQUEST['step'] : 1; // defaults to 1
+$container = $_REQUEST['container'];
+
+
+echo $_SESSION['header'];
+
+echo "<title>LDAP Account Manager</title>\n";
+echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+echo "</head>\n";
+?>
+
+<body>
+
+<h3 class="tree_title"><?php echo _('Create Object')?></h3>
+<h3 class="tree_subtitle"><?php echo _('Choose a template')?></h3>
+	<center><h3><?php echo _('Select a template for the creation process')?></h3></center>
+	<form action="creation_template.php" method="post">
+	<input type="hidden" name="container" value="<?php echo htmlspecialchars( $container ); ?>" />
+	<table class="tree_create">
+	<tr>
+      <td class="heading">
+        <?php echo _('Template'); ?>:
+      </td>
+      <td>
+        <table class="template_display">
+          <tr>
+            <td>
+              <table class="templates">
+                <?php
+                $count = count( $templates );
+                $i = -1;
+                foreach( $templates as $name => $template ) {
+                    $i++;
+                    // Balance the columns properly
+                    if( ( count( $templates ) % 2 == 0 && $i == intval( $count / 2 ) ) ||
+                            ( count( $templates ) % 2 == 1 && $i == intval( $count / 2 ) + 1 ) )
+                        echo "</table></td><td><table class=\"templates\">";
+     				// Check and see if this template should be shown in the list
+     				$isValid = false;
+     				if( isset($template['regexp'] ) ) {
+     					if( @preg_match( "/".$template['regexp']."/i", $container ) ) {
+     						$isValid = true;
+     					}
+     				} else {
+     					$isValid = true;
+     				}
+     
+     				?>
+     				<tr>
+                      <td><input type="radio" name="template" value="<?php echo htmlspecialchars($name);?>" 
+                                 id="<?php echo htmlspecialchars($name); ?>"
+                                <?php if( 0 == strcasecmp( 'custom.php', $template['handler'] ) ) echo ' checked';
+                                if( ! $isValid ) echo ' disabled'; ?> />
+                                </td>
+                      <td class="icon"><label for="<?php echo htmlspecialchars($name);?>"><img src="<?php echo $template['icon']; ?>" /></label></td>
+                      <td>
+                        <label for="<?php echo htmlspecialchars($name);?>">
+                        <?php if( 0 == strcasecmp( 'Custom', $template['desc'] ) ) echo '<b>';
+                              if( ! $isValid ) echo "<span style=\"color: gray\"><acronym title=\"This template is not allowed in this container\">";
+                              echo htmlspecialchars( $template['desc'] ); 
+                              if( ! $isValid ) echo "</acronym></span>";
+                              if( 0 == strcasecmp( 'Custom', $template['desc'] ) ) echo '</b>'; ?>
+                        </label></td>
+                    </tr>
+                  <?php 
+             }
+             ?>
+
+			</table>
+            </td>
+            </tr>
+            </table>
+		</td>
+	</tr>
+
+	<tr>
+		<td colspan="2"><center><input type="submit" name="submit" value="<?php echo _('Next')?>" /></center></td>
+	</tr>
+
+	</table>
+
+	</form>
+
+</body>
+</html>

lam/templates/tree/creation_template.php

@@ -0,0 +1,96 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+/**
+ * This file simply acts as a plugin grabber for the creator templates in
+ * the directory templates/creation/
+ *
+ * Expected POST vars:
+ *  template
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+/** template configuration */
+include_once('templates/templates.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+$template = $_POST['template'];
+
+if( $template == 'custom' ) {
+    foreach( $templates as $id => $template ) {
+        if( $template['handler'] == 'custom.php' ) {
+            $template = $id;
+            break;
+        }
+    }
+}
+
+$template_id = $template;
+$template = isset( $templates[$template] ) ? $templates[$template_id] : null;
+$ds = $_SESSION['ldap']->server;
+
+echo $_SESSION['header'];
+
+echo "<title>LDAP Account Manager</title>\n";
+echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+echo "</head>\n";
+
+?>
+
+<body>
+<h3 class="tree_title"><?php echo _('Create Object')?></h3>
+<h3 class="tree_subtitle"><?php echo _('Using template:')?> '<?php echo htmlspecialchars( $template['desc'] ); ?>'</h3>
+
+<?php
+
+$handler = 'templates/creation/' . $template['handler'];
+$handler = realpath( $handler );
+
+include $handler;
+
+echo "</body>\n</html>";
+
+?>

lam/templates/tree/delete.php

@@ -0,0 +1,112 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+
+/**
+ * Deletes a DN and presents a "job's done" message.
+ *
+ * Variables that come in as POST vars:
+ *  - dn (rawurlencoded)
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+echo $_SESSION['header'];
+	
+echo "<title>LDAP Account Manager</title>\n";
+echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+echo "</head>\n";
+echo "<body>";
+
+$dn = $_POST['dn'];
+$encoded_dn = rawurlencode( $dn );
+
+$ds = $_SESSION['ldap']->server;
+
+$del_result = @ldap_delete( $ds, $dn );
+
+if( $del_result )
+{
+	// kill the DN from the tree browser session variable and
+	// refresh the tree viewer frame (left_frame)
+
+	if( array_key_exists( 'tree', $_SESSION ) )
+	{
+		$tree = $_SESSION['tree'];
+		if( isset( $tree ) && is_array( $tree ) ) {
+
+			// does it have children? (it shouldn't, but hey, you never know)	
+			if( isset( $tree[$dn] ) )
+				unset( $tree[$dn] );
+			
+			// search and destroy
+			foreach( $tree as $tree_dn => $subtree )
+				foreach( $subtree as $key => $sub_tree_dn )
+					if( 0 == strcasecmp( $sub_tree_dn, $dn ) ) 
+						unset( $tree[$tree_dn][$key] );
+			$_SESSION['tree'] = $tree;
+		}
+	}
+
+	?>
+
+	<script language="javascript">
+		parent.left_frame.location.reload();
+	</script>
+
+	<br />
+	<br />
+	<center><?php echo sprintf( _('Entry %s deleted successfully.'), $dn ); ?></center>
+
+	<?php 
+
+
+} else {
+    StatusMessage("ERROR", _("Was unable to delete DN: %s."), '', array($dn));
+}
+
+echo "</body></html>";

lam/templates/tree/delete_attr.php

@@ -0,0 +1,83 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+ 
+
+/**
+ *  Deletes an attribute from an entry with NO confirmation.
+ *
+ *  On success, redirect to edit.php
+ *  On failure, echo an error.
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+$dn = $_POST['dn'] ;
+$encoded_dn = rawurlencode( $dn );
+$attr = $_POST['attr'];
+
+$update_array = array();
+$update_array[$attr] = array();
+$ds = $_SESSION['ldap']->server;
+$res = @ldap_modify( $ds, $dn, $update_array );
+if( $res ) {
+	$redirect_url = "edit.php?dn=$encoded_dn";
+	foreach( $update_array as $attr => $junk ) {
+		$redirect_url .= "&modified_attrs[]=$attr";
+	}
+	header( "Location: $redirect_url" );
+}
+else {
+	echo $_SESSION['header'];
+	echo "<title>LDAP Account Manager</title>\n";
+	echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+	echo "</head><body>\n";
+	StatusMessage("ERROR", _('Could not perform ldap_modify operation.'), ldap_error($ds));
+	echo "</body></html>";
+	exit;
+}
+
+?>

lam/templates/tree/delete_form.php

@@ -0,0 +1,183 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+
+/**
+ * Displays a last chance confirmation form to delete a dn.
+ *
+ * Variables that come in as GET vars:
+ *  - dn (rawurlencoded)
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+$dn = $_GET['dn'];
+$encoded_dn = rawurlencode( $dn );
+$rdn = pla_explode_dn( $dn );
+$rdn = $rdn[0];
+
+$children = get_container_contents( $dn,0,'(objectClass=*)',LDAP_DEREF_NEVER );
+$has_children = count($children)>0 ? true : false;
+
+echo $_SESSION['header'];
+
+echo "<title>LDAP Account Manager</title>\n";
+echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+echo "</head>\n";
+?>
+
+<body>
+
+<h3 class="tree_title"><?php echo sprintf( _('Delete %s'), htmlspecialchars( $rdn ) ); ?></b></h3>
+<h3 class="tree_subtitle"><?php echo _('DN'); ?>: <b><?php echo htmlspecialchars( ( $dn ) ); ?></b></h3>
+
+<?php  if( $has_children ) { ?>
+
+<center><b><?php echo _('Permanently delete all children, too?'); ?></b><br /><br />
+
+<?php
+flush(); // so the user can get something on their screen while we figure out how many children this object has
+if( $has_children ) {
+	// get the total number of child objects (whole sub-tree)
+	$s = pla_ldap_search( 'objectClass=*', $dn, array('dn'), 'sub' );
+	$sub_tree_count = count( $s );
+}
+?>
+
+<table class="tree_delete_confirm">
+<td>
+
+<p>
+<?php echo sprintf( _('This entry is the root of a sub-tree containing %s entries.'), $sub_tree_count ); ?> 
+<br />
+<br />
+
+<?php echo sprintf( _('LAM can recursively delete this entry and all of its children. See below for a list of all the entries that this action will delete. Do you want to do this?'), ($sub_tree_count-1) ); ?><br />
+<br />
+
+<br />
+<br />
+<table width="100%">
+<tr>
+	<td>
+	<center>
+	<form action="rdelete.php" method="post">
+	<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+	<input type="submit" value="<?php echo sprintf( _('Delete all %s objects'), $sub_tree_count ); ?>" />
+	</form>
+	</td>
+	
+	<td>
+	<center>
+	<form action="edit.php" method="get">
+	<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
+	<input type="submit" name="submit" value="<?php echo _('Cancel'); ?>"/>
+	</form>
+	</center>
+	</td>
+</tr>
+</table>
+</td>
+</table>
+<?php flush(); ?>
+<br />
+<br />
+<?php echo _('List of entries to be deleted:'); ?><br />
+<select size="<?php echo min( 10, $sub_tree_count );?>" multiple disabled style="background:white; color:black;width:500px" >
+<?php $i=0; ?>
+<?php foreach( $s as $dn => $junk ) { ?>
+	<?php $i++; ?>
+	<option><?php echo $i; ?>. <?php echo htmlspecialchars( ( $dn ) ); ?></option>
+<?php } ?>
+
+</select>
+
+<br />
+
+<?php  } else { ?>
+
+<center>
+
+<table class="tree_delete_confirm">
+<td>
+
+<?php echo _('Are you sure you want to permanently delete this object?'); ?><br />
+<br />
+<nobr><acronym><?php echo _('DN'); ?></acronym>:  <b><?php echo pretty_print_dn( $dn ); ?></b><nobr><br />
+<br />
+<table width="100%">
+<tr>
+	<td>
+	<center>
+	<form action="delete.php" method="post">
+	<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
+	<input type="submit" name="submit" value="<?php echo _('Delete'); ?>"/>
+	</center>
+	</form>
+	</td>
+	
+	<td>
+	<center>
+	<form action="edit.php" method="get">
+	<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+	<input type="submit" name="submit" value="<?php echo _('Cancel'); ?>"/>
+	</form>
+	</center>
+	</td>
+</tr>
+</table>
+
+</td>
+</table>
+
+</center>
+
+<?php  } ?>
+
+</body>
+
+</html>

lam/templates/tree/download_binary_attr.php

@@ -0,0 +1,87 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+ /**
+ * Used to send binary values to user.
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+
+$dn = rawurldecode( $_GET['dn'] );
+$dn = rawurldecode( $_GET['dn'] );
+$attr = $_GET['attr'];
+// if there are multiple values in this attribute, which one do you want to see?
+$value_num = isset( $_GET['value_num'] ) ? $_GET['value_num'] : 0;
+
+$ds = $_SESSION['ldap']->server;
+
+$search = @ldap_read( $ds, $dn, "(objectClass=*)", array($attr));
+if( ! $search ) {
+	echo $_SESSION['header'];
+	echo "<title>LDAP Account Manager</title>\n";
+	echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+	echo "</head><body>\n";
+	StatusMessage("ERROR", _('Encountered an error while performing search.'), ldap_error($ds));
+	echo "</body></html>";
+	exit;
+}
+$entry =  ldap_first_entry(     $ds, $search );
+$attrs =  ldap_get_attributes(  $ds, $entry );
+$attr =   ldap_first_attribute( $ds, $entry, $attrs );
+$values = ldap_get_values_len(  $ds, $entry, $attr );
+$count = $values['count'];
+
+// Dump the binary data to the browser
+header( "Content-type: octet-stream" );
+header( "Content-disposition: attachment; filename=$attr" );
+header( "Expires: Mon, 26 Jul 1997 05:00:00 GMT" ); 
+header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" ); 
+echo $values[$value_num];
+
+?>

lam/templates/tree/edit.php

@@ -0,0 +1,544 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+
+/**
+ * Displays the specified dn from the specified server for editing
+ *
+ * Variables that come in as GET vars:
+ *  - dn (rawurlencoded)
+ *  - modified_attrs (optional) an array of attributes to highlight as 
+ *                              they were changed by the last operation
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+/** If an entry has more children than this, stop searching and display this amount with a '+' */
+$max_children = 100;
+
+$dn = $_GET['dn'];
+$encoded_dn = rawurlencode( $dn );
+$modified_attrs = isset( $_GET['modified_attrs'] ) ? $_GET['modified_attrs'] : false;
+$show_internal_attrs = isset( $_GET['show_internal_attrs'] ) ? true : false;
+if( null != $dn ) {
+	$rdn = pla_explode_dn( $dn );
+	if( isset( $rdn[0] ) )
+		$rdn = $rdn[0];
+	else
+		$rdn = null;
+} else {
+	$rdn = null;
+}
+
+$attrs = get_object_attrs( $dn, false );
+
+$system_attrs = get_entry_system_attrs( $dn );
+dn_exists( $dn ) or StatusMessage('ERROR', _('No such entry!'), $dn);
+
+echo $_SESSION['header'];
+
+echo "<title>LDAP Account Manager</title>\n";
+echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+echo "</head>\n";
+?>
+<body>
+
+<h3 class="tree_title"><?php echo htmlspecialchars( ( $rdn ) ); ?></h3>
+<h3 class="tree_subtitle"></b><?php echo _('DN');?>: <b><?php echo htmlspecialchars( ( $dn ) ); ?></b></h3>
+
+<table class="tree_edit_dn_menu">
+
+<tr>
+	<?php  $time = gettimeofday(); $random_junk = md5( strtotime( 'now' ) . $time['usec'] ); ?>
+	<td class="icon"><img src="../../graphics/refresh.png" /></td>
+	<td><a href="edit.php?dn=<?php echo $encoded_dn; ?>&amp;random=<?php
+			echo $random_junk; ?>"
+	       title="<?php echo _('Refresh'); ?>"><?php echo _('Refresh'); ?></a></td>
+<?php if( $show_internal_attrs ) { ?>
+    <td class="icon"><img src="../../graphics/tools-no.png" /></td>
+    <td><a href="edit.php?dn=<?php echo $encoded_dn; ?>"><?php echo _('Hide internal attributes'); ?></a></td>
+<?php } else { ?>
+    <td class="icon"><img src="../../graphics/tools.png" /></td>
+    <td><a href="edit.php?dn=<?php echo $encoded_dn; ?>&amp;show_internal_attrs=true"><?php echo _('Show internal attributes'); ?></a></td>
+<?php } ?>
+</tr>
+
+<tr>
+	<td class="icon"><img src="../../graphics/delete.gif" /></td>
+	<td><a style="color: red" href="delete_form.php?dn=<?php echo $encoded_dn; ?>">
+	<?php echo _('Delete'); ?></a></td>
+</tr>
+<tr>
+    	<td class="icon"><img src="../../graphics/light.png" /></td>
+    	<td colspan="3"><span class="tree_hint"><?php echo _('Hint: To delete an attribute, empty the text field and click save.'); ?></span></td>
+    </tr>
+<tr>
+	<td class="icon"><img src="../../graphics/star.png" /></td>
+	<td><a href="<?php echo "create_form.php?container=$encoded_dn"; ?>"><?php echo _('Create new entry'); ?></a></td>
+	<td class="icon"><img src="../../graphics/add.png" /></td>
+	<td><a href="<?php echo "add_attr_form.php?dn=$encoded_dn"; ?>"><?php echo _('Add new attribute'); ?></a></td>
+</tr>
+
+
+<?php flush(); ?>
+
+<?php if( $modified_attrs ) { ?>
+<tr>
+	<td class="icon"><img src="../../graphics/light.png" /></td>
+	<?php if( count( $modified_attrs ) > 1 ) { ?>
+		<td colspan="3"><?php echo sprintf( _('Some attributes (%s) were modified and are highlighted below.'), implode( ', ', $modified_attrs ) ); ?></td>
+	<?php } else { ?>
+		<td colspan="3"><?php echo sprintf( _('An attribute (%s) was modified and is highlighted below.'), implode( '', $modified_attrs ) ); ?></td>
+	<?php } ?>
+</tr>
+<?php 
+    // lower-case all the modified attrs to remove ambiguity when searching the array later
+    foreach( $modified_attrs as $i => $attr ) {
+        $modified_attrs[$i] = strtolower( $attr );
+    }
+}
+?>
+
+</table>
+
+<?php flush(); ?>
+
+<br />
+<table class="tree_edit_dn">
+
+<?php
+if( $show_internal_attrs ) {
+	$counter = 0;
+	foreach( get_entry_system_attrs( $dn ) as $attr => $vals ) {
+		$counter++;
+		$schema_href = "../schema/schema.php?view=attributes&amp;viewvalue=" . real_attr_name($attr);
+		?>
+
+        <tr>
+		<td class="val">
+        <?php 
+           if( is_attr_binary( $attr ) ) {
+               $href = "download_binary_attr.php?dn=$encoded_dn&amp;attr=$attr";
+               ?>
+        		<small>
+        		<?php echo _('Binary value'); ?><br />
+        		<?php if( count( $vals ) > 1 ) { for( $i=1; $i<=count($vals); $i++ ) { ?>
+        			<a href="<?php echo $href . "&amp;value_num=$i"; ?>"><img 
+        				src="../../graphics/save.png" /> <?php echo _('download value'); ?>(<?php echo $i; ?>)</a><br />
+        		<?php } } else { ?>
+        			<a href="<?php echo $href; ?>"><img src="../../graphics/save.png" /> <?php echo _('download value'); ?></a><br />
+        		<?php }
+           }  else {
+               foreach( $vals as $v ) {
+                   echo htmlspecialchars( $v );
+                   echo "<br />\n";
+               }
+           } ?>
+		</td>
+		</tr>
+	<?php } 
+	if( $counter == 0 )
+		echo "<tr><td colspan=\"2\">(" . _('No internal attributes') . ")</td></tr>\n";
+}
+
+?>
+
+<?php flush(); ?>
+
+<!-- Table of attributes/values to edit -->
+
+	<form action="update_confirm.php" method="post" name="edit_form">
+	<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+
+<?php $counter=0; ?>
+
+<?php
+
+if( ! $attrs || ! is_array( $attrs ) ) {
+    echo "<tr><td colspan=\"2\">(" . _('This entry has no attributes') . ")</td></tr>\n";
+    echo "</table>";
+    echo "</html>";
+    die();
+}
+
+uksort( $attrs, 'sortAttrs' );
+foreach( $attrs as $attr => $vals ) { 
+
+	flush();
+
+    $schema_attr = get_schema_attribute( $attr, $dn );
+    if( $schema_attr )
+        $attr_syntax = $schema_attr->getSyntaxOID();
+    else
+        $attr_syntax = null;
+
+	if( 0 == strcasecmp( $attr, 'dn' ) )
+		continue;
+
+    // Setup the $attr_note, which will be displayed to the right of the attr name (if any)
+    $attr_note = '';
+
+		$attr_note = "";
+		$attr_display = $attr;
+
+	// is this attribute required by an objectClass?
+	$required_by = '';
+	if( $schema_attr )
+		foreach( $schema_attr->getRequiredByObjectClasses() as $required )
+			if( in_array( strtolower( $required ), arrayLower( $attrs['objectClass'] ) ) ) {
+				$required_by .= $required . ' ';
+			}
+	if( $required_by ) {
+		if( trim( $attr_note ) )
+			$attr_note .= ', ';
+			$attr_note .= "<acronym title=\"" . sprintf( _('Required attribute for objectClass(es) %s'), $required_by ) . "\">" . _('required') . "</acronym>&nbsp;";
+	}
+	?>
+
+	<?php  
+    if( is_array( $modified_attrs ) && in_array( strtolower($attr), $modified_attrs ) )
+        $is_modified_attr = true;
+    else
+        $is_modified_attr = false;
+    ?>
+
+    <?php if( $is_modified_attr ) { ?>
+		<tr class="updated_attr">
+	<?php  } else { ?>
+        <tr>
+	<?php  } ?>
+
+	<td class="attr">
+		<?php $schema_href="../schema/schema.php?view=attributes&amp;viewvalue=" . real_attr_name($attr); ?>
+		<b>
+            <a href="<?php echo $schema_href; ?>"><?php echo $attr_display; ?></a></b>
+	</td>
+    <td class="attr_note">
+		<sup><small><?php echo $attr_note; ?></small></sup>
+    </td>
+    </tr>
+
+    <?php if( $is_modified_attr ) { ?>
+		<tr class="updated_attr">
+	<?php  } else { ?>
+        <tr>
+	<?php  } ?>
+	<td class="val" colspan="2">
+
+	<?php 
+	
+	/*
+	 * Is this attribute a jpegPhoto? 
+	 */
+	if( is_jpeg_photo( $attr ) ) {
+		
+		draw_jpeg_photos( $dn, $attr, true );
+			
+		// proceed to the next attribute
+        echo "</td></tr>\n";
+        if( $is_modified_attr ) 
+            echo '<tr class="updated_attr"><td class="bottom" colspan="2"></td></tr>';
+		continue;
+	} 
+
+
+	/*
+	 * Is this attribute binary?
+	 */
+	if( is_attr_binary( $attr ) ) {
+		$href = "download_binary_attr.php?dn=$encoded_dn&amp;attr=$attr";
+		?>
+
+		<small>
+		<?php echo _('Binary value'); ?><br />
+		<?php if( count( $vals ) > 1 ) { for( $i=1; $i<=count($vals); $i++ ) { ?>
+			<a href="<?php echo $href . "&amp;value_num=$i"; ?>"><img 
+				src="../../graphics/save.png" /> <?php echo _('download value'); ?>(<?php echo $i; ?>)</a><br />
+		<?php } } else { ?>
+			<a href="<?php echo $href; ?>"><img src="../../graphics/save.png" /> <?php echo _('download value'); ?></a><br />
+		<?php } ?>
+
+		<a href="javascript:deleteAttribute( '<?php echo $attr; ?>' );"
+			style="color:red;"><img src="../../graphics/delete.gif" /> <?php echo _('delete attribute'); ?></a>
+
+		</small>
+		</td>
+        </tr>
+
+		<?php 
+        if( $is_modified_attr ) 
+            echo '<tr class="updated_attr"><td class="bottom" colspan="2"></td></tr>';
+        continue; 
+	}
+
+
+	/*
+	 * Note: at this point, the attribute must be text-based (not binary or jpeg)
+	 */
+
+
+	/*
+	 * Is this a userPassword attribute?
+	 */
+	if( 0 == strcasecmp( $attr, 'userpassword' ) ) { 
+		$user_password = $vals[0];
+        $enc_type = get_enc_type( $user_password );
+
+        // Set the default hashing type if the password is blank (must be newly created)
+        if( $user_password == '' ) {
+            $enc_type = get_default_hash();
+        } 
+        ?>
+
+		<input type="hidden"
+		       name="old_values[userpassword]" 
+		       value="<?php echo htmlspecialchars($user_password); ?>" />
+
+		<!-- Special case of enc_type to detect changes when user changes enc_type but not the password value -->
+		<input size="38"
+		       type="hidden"
+		       name="old_enc_type"
+		       value="<?php echo ($enc_type==''?'clear':$enc_type); ?>" />
+
+        <br />
+		<input style="width: 260px"
+		       type="password"
+		       name="new_values[userpassword]" 
+               value="<?php echo htmlspecialchars( $user_password ); ?>" />
+
+		<select name="enc_type">
+			<option>clear</option>
+			<option<?php echo $enc_type=='crypt'?' selected="true"':''; ?>>crypt</option>
+			<option<?php echo $enc_type=='md5'?' selected="true"':''; ?>>md5</option>
+			<option<?php echo $enc_type=='smd5'?' selected="true"':''; ?>>smd5</option>
+			<option<?php echo $enc_type=='md5crypt'?' selected="true"':''; ?>>md5crypt</option>
+			<option<?php echo $enc_type=='blowfish'?' selected="true"':''; ?>>blowfish</option>
+			<option<?php echo $enc_type=='sha'?' selected="true"':''; ?>>sha</option>
+			<option<?php echo $enc_type=='ssha'?' selected="true"':''; ?>>ssha</option>
+			</select>
+
+            <br />
+
+        </td></tr>
+
+		<?php 
+        if( $is_modified_attr ) 
+            echo '<tr class="updated_attr"><td class="bottom" colspan="2"></td></tr>';
+        continue; 
+	} 
+	
+	/*
+	 * Is this a boolean attribute? 
+	 */
+     if( is_attr_boolean( $attr) ) {
+		$val = $vals[0];
+		?>
+
+		<input type="hidden"
+		       name="old_values[<?php echo htmlspecialchars( $attr ); ?>]" 
+		       value="<?php echo htmlspecialchars($val); ?>" />
+
+			<select name="new_values[<?php echo htmlspecialchars( $attr ); ?>]">
+			<option value="TRUE"<?php echo ($val=='TRUE' ?  ' selected' : ''); ?>>
+				<?php echo _('true'); ?></option>
+			<option value="FALSE"<?php echo ($val=='FALSE' ? ' selected' : ''); ?>>
+				<?php echo _('false'); ?></option>
+			<option value="">(<?php echo _('none, remove value'); ?>)</option>
+		</select>
+        </td>
+        </tr>
+
+		<?php 
+        if( $is_modified_attr ) 
+            echo '<tr class="updated_attr"><td class="bottom" colspan="2"></td></tr>';
+		continue; 
+	}
+
+	/*
+	 * End of special case attributes (non plain text).
+	 */
+
+
+	/*
+	 * This is a plain text attribute, to be displayed and edited in plain text.
+	 */
+	foreach( $vals as $i => $val ) {
+
+        $input_name = "new_values[" . htmlspecialchars( $attr ) . "][$i]";
+        // We smack an id="..." tag in here that doesn't have [][] in it to allow the 
+        // draw_chooser_link() to identify it after the user clicks.
+        $input_id =  "new_values_" . htmlspecialchars($attr) . "_" . $i;
+
+        ?>
+
+		<!-- The old_values array will let update.php know if the entry contents changed
+		     between the time the user loaded this page and saved their changes. -->
+		<input type="hidden"
+		       name="old_values[<?php echo htmlspecialchars( $attr ); ?>][<?php echo $i; ?>]" 
+		       value="<?php echo htmlspecialchars($val); ?>" />
+        <?php
+
+		// Is this value is a structural objectClass, make it read-only
+		if( 0 == strcasecmp( $attr, 'objectClass' ) ) {
+            ?>
+            <a
+              href="../schema/schema.php?view=objectClasses&amp;viewvalue=<?php echo htmlspecialchars( $val ); ?>"><img
+                src="../../graphics/tree_info.png" /></a>
+            <?php
+			$schema_object = get_schema_objectclass( $val);
+			if ($schema_object->type == 'structural') {
+				echo "$val <small>(<acronym>" .
+                        _('structural') . "</acronym>)</small><br />";
+                ?>
+        	<input type="hidden"
+		       	name="<?php echo $input_name; ?>"
+                id="<?php echo $input_id; ?>"
+         	    value="<?php echo htmlspecialchars($val); ?>" />
+                <?php
+                continue;
+			}
+		}
+
+		?>
+			       
+        <?php if( is_mail_string( $val ) ) { ?>
+             <a 
+                href="mailto:<?php echo htmlspecialchars($val); ?>"><img 
+                        style="vertical-align: center" src="../../graphics/mail.png" /></a>
+        <?php } elseif( is_url_string( $val ) ) { ?>
+             <a 
+                href="<?php echo htmlspecialchars($val); ?>"
+                target="new"><img 
+                        style="vertical-align: center" src="../../graphics/dc.png" /></a>
+
+        <?php } ?>
+
+        <?php if( is_multi_line_attr( $attr, $val ) ) { ?>
+            <textarea
+                class="val"
+                rows="3"
+         	    cols="50"
+		       	name="<?php echo $input_name; ?>"
+                id="<?php echo $input_id; ?>"><?php echo htmlspecialchars($val); ?></textarea>
+        <?php } else { ?>
+        	<input type="text"
+                class="val"
+		       	name="<?php echo $input_name; ?>"
+                id="<?php echo $input_id; ?>"
+         	    value="<?php echo htmlspecialchars($val); ?>" />
+        <?php } ?>
+
+
+		<?php 
+		// draw a link for popping up the entry browser if this is the type of attribute
+		// that houses DNs. 
+		if( is_dn_attr( $attr ) )
+			draw_chooser_link( "edit_form.$input_id", false );
+
+        ?>
+
+		<br />
+	       
+	<?php  } /* end foreach value */ ?>
+
+		<?php 
+		/* Draw the "add value" link under the list of values for this attributes */
+
+		if(	( $schema_attr = get_schema_attribute( $attr, $dn ) ) &&
+			! $schema_attr->getIsSingleValue() )
+		{ 
+			$add_href = "add_value_form.php?dn=$encoded_dn&amp;attr=" . rawurlencode( $attr ); 
+			echo "<div class=\"add_value\">(<a href=\"$add_href\">" . 
+				_('add value') . "</a>)</div>\n";
+		} 
+			   
+		?>
+
+	</td>
+	</tr>
+
+    <?php if( $is_modified_attr ) { ?>
+		<tr class="updated_attr"><td class="bottom" colspan="2"></td></tr>
+	<?php  } ?>
+
+	<?php  
+
+	flush();
+
+} /* End foreach( $attrs as $attr => $vals ) */ ?>
+
+	<tr><td colspan="2"><center><input type="submit" value="<?php echo _('Save'); ?>" /></center></td></tr></form>
+	
+<?php 
+?>
+
+
+</table>
+
+<?php /* If this entry has a binary attribute, we need to provide a form for it to submit when deleting it. */ ?>
+<script language="javascript">
+//<!--
+function deleteAttribute( attrName )
+{
+	if( confirm( "<?php echo _('Really delete attribute?'); ?> '" + attrName + "'" ) ) {
+		document.delete_attribute_form.attr.value = attrName;
+		document.delete_attribute_form.submit();
+	}
+}
+//-->
+</script>
+
+<!-- This form is submitted by JavaScript when the user clicks "Delete attribute" on a binary attribute -->
+<form name="delete_attribute_form" action="delete_attr.php" method="post">
+	<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+	<input type="hidden" name="attr" value="FILLED IN BY JAVASCRIPT" />
+</form>
+
+<?php 
+
+echo "</body>\n</html>";
+?>

lam/templates/tree/expand.php

@@ -0,0 +1,88 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+
+/**
+ * This script alters the session variable 'tree', expanding it
+ * at the dn specified in the query string. 
+ *
+ * Variables that come in as GET vars:
+ *  - dn (rawurlencoded)
+ *
+ * Note: this script is equal and opposite to collapse.php
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+// This allows us to display large sub-trees without running out of time.
+@set_time_limit( 0 );
+
+$dn = $_GET['dn'];
+$encoded_dn = rawurlencode( $dn );
+
+initialize_session_tree();
+
+$tree = $_SESSION['tree'];
+$tree_icons = $_SESSION['tree_icons'];
+
+$contents = get_container_contents($dn, 0, '(objectClass=*)');
+
+usort( $contents, 'pla_compare_dns' );
+$tree[$dn] = $contents;
+
+foreach( $contents as $dn )
+	$tree_icons[$dn] = get_icon( $dn );
+
+$_SESSION['tree'] = $tree;
+$_SESSION['tree_icons'] = $tree_icons;
+
+// This is for Opera. By putting "random junk" in the query string, it thinks
+// that it does not have a cached version of the page, and will thus
+// fetch the page rather than display the cached version
+$time = gettimeofday();
+$random_junk = md5( strtotime( 'now' ) . $time['usec'] );
+
+header( "Location:tree.php?foo=$random_junk#{$encoded_dn}" );
+?>

lam/templates/tree/rdelete.php

@@ -0,0 +1,154 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+ 
+
+/**
+ * Recursively deletes the specified DN and all of its children
+ * Variables that come in as POST vars:
+ *  - dn (rawurlencoded)
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** status messages */
+include_once('../../lib/status.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+echo $_SESSION['header'];
+	
+echo "<title>LDAP Account Manager</title>\n";
+echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+echo "</head>\n";
+
+$dn = $_POST['dn'];
+$encoded_dn = rawurlencode( $dn );
+$rdn = get_rdn( $dn );
+
+$ds = $_SESSION['ldap']->server;
+
+echo "<body>\n";
+echo "<h3 class=\"tree_title\">" . sprintf( _('Deleting %s'), htmlspecialchars($rdn) ) . "</h3>\n";
+echo "<h3 class=\"tree_subtitle\">" . _('Recursive delete progress') . "</h3>";
+echo "<br /><br />";
+echo "<small>\n";
+flush();
+
+// prevent script from bailing early on a long delete
+@set_time_limit( 0 );
+
+$del_result = pla_rdelete( $dn );
+echo "</small><br />\n";
+if( $del_result )
+{
+	// kill the DN from the tree browser session variable and
+	// refresh the tree viewer frame (left_frame)
+
+	if( array_key_exists( 'tree', $_SESSION ) )
+	{
+		$tree = $_SESSION['tree'];
+
+		// does it have children? (it shouldn't, but hey, you never know)	
+		if( isset( $tree[$dn] ) )
+			unset( $tree[$dn] );
+		
+        // Get a tree in the session if not already gotten
+        initialize_session_tree();
+
+		// search and destroy from the tree sesssion
+		foreach( $tree as $tree_dn => $subtree )
+			foreach( $subtree as $key => $sub_tree_dn )
+				if( 0 == strcasecmp( $sub_tree_dn, $dn ) ) 
+					unset( $tree[$tree_dn][$key] );
+	}
+
+	$_SESSION['tree'] = $tree;
+
+	?>
+
+	<script language="javascript">
+		parent.left_frame.location.reload();
+	</script>
+
+	<?php 
+
+	echo sprintf( _('Entry %s and sub-tree deleted successfully.'), '<b>' . htmlspecialchars( $dn ) . '</b>' );
+
+} else {
+	StatusMessage("ERROR", _('Failed to delete entry %s'), '', array(htmlspecialchars($dn)));
+}
+
+echo "</body></html>";
+
+exit;
+
+
+function pla_rdelete( $dn )
+{
+	$children = get_container_contents( $dn );
+	global $ds;
+	$ds = $_SESSION['ldap']->server;
+
+	if( ! is_array( $children ) || count( $children ) == 0 ) {
+		echo "<nobr>" . sprintf( _('Deleting %s'), htmlspecialchars( $dn ) ) . "...";
+		flush();
+		if( @ldap_delete( $ds, $dn ) ) {
+			echo " <span style=\"color:green\">" . _('Success') . "</span></nobr><br />\n";
+			return true;
+		} else {
+			StatusMessage("ERROR", _('Failed to delete entry %s'), '', array(htmlspecialchars($dn)));
+		}
+	} else {
+		foreach( $children as $child_dn ) {
+			pla_rdelete( $child_dn );
+		}
+		echo "<nobr>" . sprintf( _('Deleting %s'), htmlspecialchars( $dn ) ) . "...";
+		flush();
+		if( @ldap_delete( $ds, $dn ) ) {
+			echo " <span style=\"color:green\">" . _('Success') . "</span></nobr><br />\n";
+			return true;
+		} else {
+			StatusMessage("ERROR", _('Failed to delete entry %s'), '', array(htmlspecialchars($dn)));
+		}
+	}
+	return false;
+}

lam/templates/tree/refresh.php

@@ -0,0 +1,89 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+ 
+
+/**
+ * This script alters the session variable 'tree', by re-querying
+ * the LDAP server to grab the contents of every expanded container.
+ *
+ * Variables that come in as GET vars:
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+if( ! array_key_exists( 'tree', $_SESSION ) )
+	header( "Location: tree.php" );
+
+$tree = $_SESSION['tree'];
+$tree_icons = $_SESSION['tree_icons'];
+
+// Get the icon for the base object for this server
+$base_dn = $_SESSION['config']->get_Suffix('tree');
+$tree_icons[ $base_dn ] = get_icon( $base_dn );
+
+// get all the icons and container contents for all expanded entries
+if( isset($tree) && is_array( $tree ) ) 
+{
+	foreach( $tree as $dn => $children )
+	{
+		$tree[$dn] = get_container_contents( $dn, 0, '(objectClass=*)' );
+		if( is_array( $tree[$dn] ) ) {
+			foreach( $tree[$dn] as $child_dn )
+				$tree_icons[$child_dn] = get_icon( $child_dn );
+			sort( $tree[ $dn ] );	
+		}
+	}
+}
+else
+{
+	header( "Location: tree.php" );
+}
+
+$_SESSION['tree'] = $tree;
+$_SESSION['tree_icons'] = $tree_icons;
+session_write_close();
+
+header( "Location: tree.php" );
+
+
+?>

lam/templates/tree/templates/creation/custom.php

@@ -0,0 +1,311 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+ /**
+ * Creates custom LDAP objects.
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+// Common to all templates
+$rdn = isset( $_POST['rdn'] ) ? $_POST['rdn'] : null;
+$container = $_POST['container'];
+
+// Unique to this template
+$step = isset( $_POST['step'] ) ? $_POST['step'] : 1;
+
+if( $step == 1 )
+{
+	$oclasses = get_schema_objectClasses();
+    if( ! $oclasses || ! is_array( $oclasses ) ) {
+        StatusMessage("ERROR", "Unable to retrieve the schema from your LDAP server. Cannot continue with creation.", '');
+    }
+	?>
+
+	<h4><?php echo _('Step 1 of 2: Name and object class(es)'); ?></h4>
+
+	<form action="creation_template.php" method="post" name="creation_form">
+	<input type="hidden" name="step" value="2" />
+	<input type="hidden" name="template" value="<?php echo htmlspecialchars( $_POST['template'] ); ?>" />
+
+	<table class="create">
+	<tr>
+		<td class="heading"><acronym title="<?php echo _('Relative distinguished name'); ?>"><?php echo _('RDN'); ?></acronym>:</td>
+		<td><input type="text" name="rdn" value="<?php echo htmlspecialchars( $rdn ); ?>" size="30" /> <?php echo _('(example: cn=MyNewPerson)'); ?></td>
+	</tr>
+	<tr>
+		<td class="heading"><?php echo _('Container'); ?></td>
+		<td><input type="text" name="container" size="40" value="<?php echo htmlspecialchars( $container ); ?>" /></td>
+	</tr>
+	<tr>
+		<td class="heading"><?php echo _('Object classes'); ?></td>
+		<td>
+			<select name="object_classes[]" multiple="true" size="15">
+			<?php  foreach( $oclasses as $name => $oclass ) { 
+                if( 0 == strcasecmp( "top", $name ) ) continue; ?>
+				<option <?php if( $oclass->getType() == 'structural' ) echo 'style="font-weight: bold" '; ?> 
+                    value="<?php echo htmlspecialchars($oclass->getName()); ?>">
+					<?php echo htmlspecialchars($oclass->getName()); ?>
+				</option>
+				<?php  } ?>
+			</select>
+		</td>
+	</tr>
+
+	<tr>
+		<td></td>
+		<td><input type="submit" value="<?php echo _('Next'); ?>" /></td>
+	</tr>
+	</table>
+	</form>
+	
+	<?php
+}
+if( $step == 2 )
+{
+	strlen( trim( $rdn ) ) != 0 or
+		StatusMessage("ERROR", _("Data field for RDN is empty!"), '');
+
+	if ((strlen( trim( $container ) ) == 0) || !(dn_exists( $container ))) {
+		StatusMessage("ERROR", _('The container you specified (%s) does not exist. Please try again.'), "", array(htmlspecialchars($container)));
+		echo "</body></html>";
+		exit;
+	}
+
+	$oclasses = isset( $_POST['object_classes'] ) ? $_POST['object_classes'] : null;
+	if( count( $oclasses ) == 0 ) {
+		StatusMessage("ERROR", _('You did not select any object classes for this object. Please go back and do so.'), '');
+		echo "</body></html>";
+		exit;
+	}
+	$dn = trim( $container ) ? $rdn . ',' . $container : $rdn;
+
+	// incrementally build up the all_attrs and required_attrs arrays
+	$schema_oclasses = get_schema_objectclasses();
+	$required_attrs = array();
+	$all_attrs = array();
+	foreach( $oclasses as $oclass_name ) {
+		$oclass = get_schema_objectclass( $oclass_name  );
+		if( $oclass ) {
+			$required_attrs = array_merge( $required_attrs, 
+						$oclass->getMustAttrNames( $schema_oclasses ) );
+			$all_attrs = array_merge( $all_attrs, 
+						$oclass->getMustAttrNames( $schema_oclasses ), 
+						$oclass->getMayAttrNames( $schema_oclasses ) );
+		} 
+	}
+
+	$required_attrs = array_unique( $required_attrs );
+	$all_attrs = array_unique( $all_attrs );
+    remove_aliases( $required_attrs);
+    remove_aliases( $all_attrs);
+	sort( $required_attrs );
+	sort( $all_attrs );
+
+    // if for some reason "ObjectClass" ends up in the list of
+    // $all_attrs or $required_attrs, remove it! This is a fix
+    // for bug 927487 
+    foreach( $all_attrs as $i => $attr_name )
+        if( 0 == strcasecmp( $attr_name, 'objectClass' ) ) {
+            unset( $all_attrs[$i] );
+            $all_attrs = array_values( $all_attrs );
+            break;
+        }
+
+    foreach( $required_attrs as $i => $attr_name )
+        if( 0 == strcasecmp( $attr_name, 'objectClass' ) ) {
+            unset( $required_attrs[$i] );
+            $required_attrs = array_values( $required_attrs );
+            break;
+        }
+
+	// remove binary attributes and add them to the binary_attrs array
+	$binary_attrs = array();
+	foreach( $all_attrs as $i => $attr_name ) {
+		if( is_attr_binary( $attr_name )  ) {
+			unset( $all_attrs[ $i ] );
+			$binary_attrs[] = $attr_name;
+		}
+	}
+
+    // If we trim any attrs out above, then we will have a gap in the index
+    // sequence and will get an "undefined index" error below. This prevents
+    // that from happening.
+    $all_attrs = array_values( $all_attrs );
+	
+	// add the required attribute based on the RDN provided by the user
+	// (ie, if the user specifies "cn=Bob" for their RDN, make sure "cn" is
+       	// in the list of required attributes.
+	$rdn_attr = trim( substr( $rdn, 0, strpos( $rdn, '=' ) ) );
+	$rdn_value = trim( substr( $rdn, strpos( $rdn, '=' ) + 1 ) );
+    $rdn_value = @pla_explode_dn( $rdn );
+    $rdn_value = @explode( '=', $rdn_value[0], 2 );
+    $rdn_value = @$rdn_value[1];
+	if( in_array( $rdn_attr, $all_attrs ) && ! in_array( $rdn_attr, $required_attrs ) )
+		$required_attrs[] = $rdn_attr;
+	?>
+
+	<h4><?php echo _('Step 2 of 2: Specify attributes and values'); ?></h4>
+	
+	<form action="create.php" method="post"  enctype="multipart/form-data">
+	<input type="hidden" name="step" value="2" />
+	<input type="hidden" name="new_dn" value="<?php echo htmlspecialchars( $dn ); ?>" />
+	<input type="hidden" name="new_rdn" value="<?php echo htmlspecialchars( $rdn ); ?>" />
+	<input type="hidden" name="container" value="<?php echo htmlspecialchars( $container ); ?>" />
+	<input type="hidden" name="object_classes" value="<?php echo rawurlencode(serialize($oclasses)); ?>" />
+	
+	<table class="edit_dn" cellspacing="0">
+	<tr><th colspan="2"><?php echo _('Required attributes'); ?></th></tr>
+	<?php  if( count( $required_attrs ) == 0 ) {
+			echo "<tr class=\"row1\"><td colspan=\"2\"><center>(" . _('none') . ")</center></td></tr>\n";
+		} else 
+	
+		foreach( $required_attrs as $count => $attr ) { ?>
+			<tr>
+		    <td class="attr"><b><?php 
+		
+			$attr_display = htmlspecialchars( $attr );
+
+			echo $attr_display;
+			
+			?></b></td></tr>
+            <tr>
+		<td class="val"><input 	type="<?php echo (is_attr_binary( $attr ) ? "file" : "text"); ?>"
+					name="required_attrs[<?php echo htmlspecialchars($attr); ?>]"
+					value="<?php echo ($attr == $rdn_attr ? htmlspecialchars($rdn_value) : '')  ?>" size="40" />
+	</tr>
+	<?php  } ?>
+	
+	<tr><th colspan="2">&nbsp;</th></tr>
+	<tr><th colspan="2"><?php echo _('Optional attributes'); ?></th></tr>
+	
+	<?php if( count( $all_attrs ) == 0 ) { ?>
+		<tr><td colspan="2"><center>(<?php echo _('none'); ?>)</center></td></tr>
+	<?php } else { ?>
+		<?php  for($i=0; $i<min( count( $all_attrs ), 10 ); $i++ ) { $attr = $all_attrs[$i] ?>
+            <tr>
+			<td class="attr"><select style="background-color: #ddd; font-weight: bold" name="attrs[<?php echo $i; ?>]"><?php echo get_attr_select_html( $all_attrs, $attr ); ?></select></td>
+            </tr>
+            <tr>
+			<td class="val"><input type="text" name="vals[<?php echo $i; ?>]" value="" size="40" />
+    		</tr>
+		<?php } ?>
+	<?php  } ?>
+	
+	<?php if( count( $binary_attrs ) > 0 ) { ?>
+	<tr><th colspan="2"><?php echo _('Optional binary attributes'); ?></th></tr>
+		<?php for( $k=$i; $k<$i+count($binary_attrs); $k++ ) { $attr = $binary_attrs[$k-$i]; ?>
+		<tr><td class="attr"><select style="background-color: #ddd; font-weight: bold" name="attrs[<?php echo $k; ?>]"><?php echo get_binary_attr_select_html( $binary_attrs, $attr );?></select></td></tr>
+		<tr><td class="val"><input type="file" name="vals[<?php echo $k; ?>]" value="" size="25" /></td></tr>
+		<?php } ?>
+	<?php } ?>
+
+    <tr><td>
+	<center>
+		<input type="submit" name="submit" value="<?php echo _('Create'); ?>" />
+	</center>
+    </td></tr>
+
+	</table>
+
+<?php } 
+
+/**
+* Returns option values.
+*/
+function get_attr_select_html( $all_attrs, $highlight_attr=null )
+{
+	$attr_select_html = "";
+    if( ! is_array( $all_attrs ) )
+        return null;
+	foreach( $all_attrs as $a ) {
+		$attr_display = htmlspecialchars( $a );
+		$a = htmlspecialchars( $a );
+		$attr_select_html .= "<option value=\"$a\"";
+        if( 0 == strcasecmp( $highlight_attr, $a ) )
+            $attr_select_html .= " selected";
+        $attr_select_html .= ">$attr_display</option>\n";
+	}
+    return $attr_select_html;
+}
+
+/**
+* Returns option values.
+*/
+function get_binary_attr_select_html( $binary_attrs, $highlight_attr=null )
+{
+	$binary_attr_select_html = "";
+    if( ! is_array( $binary_attrs ) )
+        return null;
+	if( count( $binary_attrs ) == 0 ) 
+        return null;
+    foreach( $binary_attrs as $a ) {
+        $attr_display = htmlspecialchars( $a );
+        $binary_attr_select_html .= "<option";
+        if( 0 == strcasecmp( $highlight_attr, $a ) )
+            $binary_attr_select_html .= " selected";
+        $binary_attr_select_html .= ">$attr_display</option>\n";
+    }
+    return $binary_attr_select_html;
+}
+
+/**
+ * Removes attributes from the array that are aliases for eachother 
+ * (just removes the second instance of the aliased attr)
+ */
+function remove_aliases( &$attribute_list)
+{
+    // remove aliases from the attribute_list array
+    for( $i=0; $i<count( $attribute_list ); $i++  ) {
+        if( ! isset( $attribute_list[ $i ] ) )
+            continue;
+        $attr_name1 = $attribute_list[ $i ];
+        for( $k=0; $k<count( $attribute_list ); $k++  ) {
+            if( ! isset( $attribute_list[ $k ] ) )
+                continue;
+            if( $i == $k )
+                continue;
+            $attr_name2 = $attribute_list[ $k ];
+            //echo "Comparing $attr_name1 and $attr_name2<br>";
+            $attr1 = get_schema_attribute( $attr_name1 );	
+            if( null == $attr1 )
+                continue;
+            if( $attr1->isAliasFor( $attr_name2 ) ) {
+                //echo "* Removing attribute ". $attribute_list[ $k ] . "<br>";
+                unset( $attribute_list[ $k ] );
+            }
+        }
+    }
+    $attribute_list = array_values( $attribute_list );
+}
+?>
+

lam/templates/tree/templates/creation/new_ou_template.php

@@ -0,0 +1,111 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+/**
+ * Creates new OUs.
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+// Common to all templates
+$container = $_POST['container'];
+
+// Unique to this template: which step of the ou creation process are we on
+$step = isset( $_POST['step'] ) ? $_POST['step'] : 1;
+
+?>
+
+<center><h2><?PHP echo _('New organizational unit');?></h2></center>
+
+<?php if( $step == 1 ) { ?>
+
+<form action="creation_template.php" method="post" name="ou_form">
+<input type="hidden" name="step" value="2" />
+<input type="hidden" name="template" value="<?php echo htmlspecialchars( $_POST['template'] ); ?>" />
+
+<center>
+<table class="confirm">
+<tr>
+	<td></td>
+	<td class="heading"><?PHP echo _('Name');?>:</td>
+	<td><input type="text" name="ou_name" value="" /> <small><?PHP echo _('(hint: do not include "ou=")');?></small></td>
+</tr>
+<tr>
+	<td></td>
+	<td class="heading"><?PHP echo _("Container DN") ?>:</td>
+	<td><input type="text" name="container" size="40" value="<?php echo htmlspecialchars( $container ); ?>" />
+	</td>
+</tr>
+<tr>
+	<td colspan="3"><center><br /><input type="submit" value="<?php echo _('Next'); ?>" /></center></td>
+</tr>
+</table>
+</center>
+</form>
+
+<?php } elseif( $step == 2 ) {
+
+	$ou_name = trim( $_POST['ou_name'] );
+	$container = trim( $_POST['container'] );
+	
+	if (!dn_exists( $container )) {
+		StatusMessage("ERROR", "The container you specified does not exist. ", $container );
+		echo "</body></html>";
+		exit();
+	}
+
+	?>
+	<form action="create.php" method="post">
+	<input type="hidden" name="new_dn" value="<?php echo htmlspecialchars( 'ou=' . $ou_name . ',' . $container ); ?>" />
+
+	<!-- ObjectClasses  -->
+	<?php $object_classes = rawurlencode( serialize( array( 'top', 'organizationalUnit' ) ) ); ?>
+
+	<input type="hidden" name="object_classes" value="<?php echo $object_classes; ?>" />
+		
+	<!-- The array of attributes/values -->
+	<input type="hidden" name="attrs[]" value="ou" />
+		<input type="hidden" name="vals[]" value="<?php echo htmlspecialchars($ou_name);?>" />
+
+	<center><?php echo _("Really create this new OU?") ?>
+	<br />
+	<br />
+
+	<table class="confirm">
+	<tr class="even"><td><?PHP echo _('Name'); ?></td><td><b><?php echo htmlspecialchars($ou_name); ?></b></td></tr>
+	<tr class="odd"><td><?PHP echo _('Container'); ?></td><td><b><?php echo htmlspecialchars( $container ); ?></b></td></tr>
+	</table>
+	<br /><input type="submit" value="<?php echo _('Create'); ?>" />
+	</center>
+
+<?php } ?>
+

lam/templates/tree/templates/templates.inc

@@ -0,0 +1,56 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+
+/**
+ * Configuration for creation templates.
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+*/ 
+
+
+// template list
+
+$templates = array();
+
+$templates[] = array(
+	'desc' => 'Organizational Unit',
+	'icon' => '../../graphics/ou.png',
+	'handler' => 'new_ou_template.php');
+
+$templates[] = array(
+	'desc' => 'Custom',
+	'icon' => '../../graphics/object.png',
+	'handler' => 'custom.php');
+
+
+?>

lam/templates/tree/tree.php

@@ -0,0 +1,193 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+
+/**
+ * This script displays the LDAP tree for all the servers that you have
+ * in config.php. We read the session variable 'tree' to know which
+ * dns are expanded or collapsed. No query string parameters are expected,
+ * however, you can use a '#' offset to scroll to a given dn. The syntax is
+ * tree.php#<rawurlencoded dn>, so if I wanted to scroll to
+ * dc=example,dc=com for server 3, the URL would be: 
+ *	tree.php#3_dc%3Dexample%2Cdc%3Dcom
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+// This allows us to display large sub-trees without running out of time.
+@set_time_limit( 0 );
+
+// do we not have a tree and tree icons yet? Build a new one.
+initialize_session_tree();
+
+// get the tree and tree icons.
+$tree = $_SESSION['tree'];
+$tree_icons = $_SESSION['tree_icons'];
+
+
+echo $_SESSION['header'];
+
+echo "<title>LDAP Account Manager</title>\n";
+echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+echo "</head>\n";
+?>
+
+<body>
+
+<table class="tree" cellspacing="0">
+
+<?php 
+
+draw_server_tree();
+
+?>
+
+</table>
+<?php 
+//	echo "<pre>"; print_r( $tree ); 
+?>
+
+</body>
+</html>
+
+<?php
+exit;
+
+/**
+ * Recursively descend on the given dn and draw the tree in html
+ */
+function draw_tree_html( $dn, $level = 0 )
+{
+	global $tree, $tree_icons, $search_result_size_limit;
+
+	$encoded_dn = rawurlencode( $dn );
+	$expand_href = "expand.php?dn=$encoded_dn";
+	$collapse_href = "collapse.php?dn=$encoded_dn";
+	$edit_href = "edit.php?dn=$encoded_dn";
+
+	// should never happen, but just in case
+	if( ! isset( $tree_icons[ $dn ] ) )
+		$tree_icons[ $dn ] = get_icon( $dn );
+	$img_src = '../../graphics/' . $tree_icons[ $dn ];
+
+	$rdn = get_rdn( $dn );
+
+	echo '<tr>';
+
+	for( $i=0; $i<=$level; $i++ ) {
+		echo '<td class="spacer"></td>' . "\n";
+	}
+
+	// is this node expanded? (deciding whether to draw "+" or "-")
+	if( isset( $tree[$dn] ) ) { ?>
+		<td class="expander">
+			<nobr>
+			<a href="<?php echo $collapse_href; ?>"><img src="../../graphics/minus.png" alt="-" /></a>
+			</nobr>
+		</td>
+		<?php  $child_count = number_format( count( $tree[$dn] ) );
+	} else { ?>	
+		<td class="expander">
+			<nobr>
+			<a href="<?php echo $expand_href; ?>"><img src="../../graphics/plus.png" alt="+" /></a>
+			</nobr>
+		</td>
+		<?php  	$limit = isset( $search_result_size_limit ) ? $search_result_size_limit : 50;
+               $child_count = count( get_container_contents( $dn, $limit+1, 
+                                     '(objectClass=*)') );
+               if( $child_count > $limit )
+                   $child_count = $limit . '+';
+	} ?>	
+
+	<td class="icon">
+		<a href="<?php echo $edit_href; ?>"
+		   target="right_frame"
+		   name="<?php echo $encoded_dn; ?>"><img src="<?php echo $img_src; ?>" alt="img" /></a>
+	</td>
+	<td class="rdn" colspan="<?php echo (97-$level); ?>">
+		<nobr>
+			<a href="<?php echo $edit_href; ?>"
+				target="right_frame"><?php echo ( draw_formatted_dn( $dn ) ); /*pretty_print_dn( $rdn ) );*/ ?></a>
+				<?php if( $child_count ) { ?>
+					<span class="count">(<?php echo $child_count; ?>)</span>
+				<?php } ?>
+		</nobr>
+	</td>
+	</tr>
+
+	<?php 
+
+	if( isset( $tree[$dn] ) && is_array( $tree[$dn] ) )	{
+        // Draw the "create new" link at the top of the tree list if there are more than 10
+        // entries in the listing for this node.
+        if( count( $tree[$dn] ) > 10 )
+	        draw_create_link( $rdn, $level, $encoded_dn );
+		foreach( $tree[$dn] as $dn )
+			draw_tree_html( $dn, $level+1 );
+        // Always draw the "create new" link at the bottom of the listing
+        draw_create_link( $rdn, $level, $encoded_dn );
+	}
+}
+
+function draw_create_link( $rdn, $level, $encoded_dn )
+{
+    // print the "Create New object" link.
+    $create_html = "";
+    $create_href = "create_form.php?container=$encoded_dn";
+    $create_html .= '<tr>';
+    for( $i=0; $i<=$level; $i++ ) {
+        $create_html .= '<td class="spacer"></td>';
+    }
+    $create_html .= '<td class="spacer"></td>';
+    $create_html .= '<td class="icon"><a href="' . $create_href .
+        '" target="right_frame"><img src="../../graphics/star.png" alt="' . _('Create new entry') . '" /></a></td>';
+    $create_html .= '<td class="create" colspan="' . (97-$level) . '"><a href="' . $create_href . 
+        '" target="right_frame" title="' . _('Create new entry') . ' ' . $rdn.'">' . 
+        _('Create new entry') . '</a></td>';
+    $create_html .= '</tr>';
+    echo $create_html;
+}
+
+?>

lam/templates/tree/tree_view.php

@@ -0,0 +1,85 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+/**
+* This file includes the main frame of the LDAP browser.
+*
+* @package lists
+* @subpackage tree
+* @author Roland Gruber
+*/
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+// get encoding
+$lang = explode(":",$_SESSION['language']);
+$lang = $lang[1];
+
+$dn = $_SESSION['config']->get_Suffix('tree');
+
+// init tree
+if (! isset($_SESSION['tree'])) {
+	initialize_session_tree();
+	$tree = $_SESSION['tree'];
+	$tree_icons = $_SESSION['tree_icons'];
+	$contents = get_container_contents($dn, 0, '(objectClass=*)');
+	usort( $contents, 'pla_compare_dns' );
+	$tree[$dn] = $contents;
+	
+	foreach( $contents as $c )
+		$tree_icons[$c] = get_icon( $c );
+	
+	$_SESSION['tree'] = $tree;
+	$_SESSION['tree_icons'] = $tree_icons;
+}
+
+echo "<?xml version=\"1.0\" encoding=\"$lang\"?>";
+echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Frameset//EN\" \"http://www.w3.org/TR/html4/frameset.dtd\">";
+echo "<html>";
+echo "<head>";
+echo "<meta http-equiv=\"content-type\" content=\"text/html; charset=$lang\">";
+echo "<meta http-equiv=\"pragma\" content=\"no-cache\">";
+echo "<meta http-equiv=\"cache-control\" content=\"no-cache\">";
+echo "<title>LDAP Account Manager</title>";
+echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\"></head>";
+echo "<frameset cols=\"320,*\">";
+echo "<frame src=\"./tree.php\" name=\"left_frame\" frameborder=\"0\" scrolling=\"yes\" noresize>";
+echo "<frame src=\"./edit.php?dn=$dn\" name=\"right_frame\" frameborder=\"0\" scrolling=\"yes\">";
+echo "<noframes>";
+echo "This page requires a browser that can show frames!";
+echo "</noframes>";
+echo "</frameset>";
+
+echo "</html>";
+
+?>

lam/templates/tree/update.php

@@ -0,0 +1,109 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+
+/** 
+ *  Updates or deletes a value from a specified 
+ *  attribute for a specified dn.
+ *  Variables that come in on the query string:
+ *  - dn (rawurlencoded)
+ *  - update_array (an array in the form expected by PHP's ldap_modify, except for deletions)
+ *     (will never be empty: update_confirm.php ensures that)
+ *
+ * Attribute deletions:
+ * To specify that an attribute is to be deleted (whether multi- or single-valued), 
+ *  enter that attribute in the update array like this: attr => ''. For example, to
+ *  delete the 'sn' attribute from an entry, the update array would look like this:
+ *  Array (
+ *     sn => ''
+ *  )
+ *
+ * On success, redirect to edit.php
+ * On failure, echo an error.
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+$dn = $_POST['dn'];
+$encoded_dn = rawurlencode( $dn );
+$update_array = $_POST['update_array'];
+
+// check for delete attributes (indicated by the attribute entry appearing like this: attr => '' 
+foreach( $update_array as $attr => $val )
+	if( ! is_array( $val ) )
+		if( $val == '' ) {
+			$update_array[ $attr ] = array();
+		}
+		else {
+			$update_array[ $attr ] = $val;
+		}
+	else {
+		foreach( $val as $i => $v ) {
+			$update_array[ $attr ][ $i ] = $v;
+		}
+	}
+			
+$ds = $_SESSION['ldap']->server;
+$res = @ldap_modify( $ds, $dn, $update_array );
+if( $res )
+{
+	$redirect_url = "edit.php?dn=$encoded_dn";
+	foreach( $update_array as $attr => $junk )
+		$redirect_url .= "&modified_attrs[]=$attr";
+	header( "Location: $redirect_url" );
+}
+else
+{
+	echo $_SESSION['header'];
+	
+	echo "<title>LDAP Account Manager</title>\n";
+	echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+	echo "</head>\n";
+	echo "<body>";
+	StatusMessage('ERROR', _("Was unable to modify attribtues from DN: %s."), ldap_error( $ds ), array($dn));
+	echo "</body></html>";
+}
+
+?>

lam/templates/tree/update_confirm.php

@@ -0,0 +1,259 @@
+<?php
+/*
+$Id$
+
+  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+  
+  This code is based on phpLDAPadmin.
+  Copyright (C) 2004  David Smith and phpLDAPadmin developers
+  
+  The original code was modified to fit for LDAP Account Manager by Roland Gruber.
+  Copyright (C) 2005  Roland Gruber
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+*/
+
+
+/**
+ * Takes the results of clicking "Save" in edit.php and determines which 
+ * attributes need to be updated (ie, which ones actually changed). Then,
+ * we present a confirmation table to the user outlining the changes they
+ * are about to make. That form submits directly to update.php, which 
+ * makes the change.
+ *
+ * @package lists
+ * @subpackage tree
+ * @author David Smith
+ * @author Roland Gruber
+ */
+
+/** tree functions */
+include_once('../../lib/tree.inc');
+/** access to configuration */
+include_once('../../lib/config.inc');
+/** LDAP functions */
+include_once('../../lib/ldap.inc');
+/** common functions */
+include_once('../../lib/account.inc');
+
+// start session
+session_save_path("../../sess");
+@session_start();
+
+setlanguage();
+
+$dn = $_POST['dn'];
+$encoded_dn = rawurlencode( $dn );
+$rdn = get_rdn( $dn );
+$old_values = $_POST['old_values'];
+$new_values = $_POST['new_values'];
+$mkntPassword = NULL;
+$samba_password_step = 0;
+
+echo $_SESSION['header'];
+
+echo "<title>LDAP Account Manager</title>\n";
+echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n";
+echo "</head>\n";
+?>
+<body>
+<h3 class="tree_title"><?php echo htmlspecialchars( ( $rdn ) ); ?></h3>
+<h3 class="tree_subtitle"><?php echo _('DN'); ?>: <b><?php echo htmlspecialchars( ( $dn ) ); ?></b></h3>
+<?php
+$update_array = array();
+foreach( $old_values as $attr => $old_val )
+{
+	// Did the user delete the field?
+	if( ! isset( $new_values[ $attr ] ) ) {
+		$update_array[ $attr ] = '';
+	}
+	// did the user change the field?
+	elseif( $old_val != $new_values[ $attr ] ) {
+
+		$new_val = $new_values[ $attr ];
+
+		// special case for userPassword attributes
+		if( 0 == strcasecmp( $attr, 'userPassword' ) && $new_val != '' ) {
+		  $new_val = password_hash( $new_val, $_POST['enc_type'] );
+		  $password_already_hashed = true;
+		}
+		// special case for samba password
+		else if (( 0 == strcasecmp($attr,'sambaNTPassword') || 0 == strcasecmp($attr,'sambaLMPassword')) && trim($new_val[0]) != '' ){
+			if ( 0 == strcasecmp($attr,'sambaNTPassword')) {
+				$new_val = ntPassword($new_val[0]);
+			}
+			else {
+				$new_val = lmPassword($new_val[0]);
+			}
+		}
+		$update_array[ $attr ] = $new_val;
+	}
+}
+
+// special case check for a new enc_type for userPassword (not otherwise detected)
+if(	isset( $_POST['enc_type'] ) && 
+    ! isset( $password_already_hashed ) &&
+	$_POST['enc_type'] != $_POST['old_enc_type'] && 
+	$_POST['enc_type'] != 'clear' &&
+	$_POST['new_values']['userpassword'] != '' ) {
+
+	$new_password = password_hash( $_POST['new_values']['userpassword'], $_POST['enc_type'] );
+	$update_array[ 'userpassword' ] = $new_password;
+}
+
+// strip empty vals from update_array and ensure consecutive indices for each attribute
+foreach( $update_array as $attr => $val ) {
+	if( is_array( $val ) ) {
+		foreach( $val as $i => $v )
+			if( null == $v || 0 == strlen( $v ) )
+				unset( $update_array[$attr][$i] );
+		$update_array[$attr] = array_values( $update_array[$attr] );
+	}
+}
+
+// at this point, the update_array should look like this (example):
+// Array (
+//    cn => Array( 
+//           [0] => 'Dave',
+//           [1] => 'Bob' )
+//    sn => 'Smith',
+//    telephoneNumber => '555-1234' )
+//  This array should be ready to be passed to ldap_modify()
+
+?>
+<?php if( count( $update_array ) > 0 ) { ?>
+
+	<br />
+	<center>
+	<?php echo _('Do you want to make these changes?'); ?>
+	<br />
+	<br />
+
+	<table class="tree_confirm">
+	<tr>
+		<th><?php echo _('Attribute'); ?></th>
+		<th><?php echo _('Old value'); ?></th>
+		<th><?php echo _('New value'); ?></th>
+	</tr>
+
+	<?php $counter=0; foreach( $update_array as $attr => $new_val ) { $counter++ ?>
+	
+		<tr class="<?php echo $counter%2 ? 'even' : 'odd'; ?>">
+		<td><b><?php echo htmlspecialchars( $attr ); ?></b></td>
+		<td><nobr>
+		<?php
+		if( is_array( $old_values[ $attr ] ) ) 
+			foreach( $old_values[ $attr ] as $v )
+				echo nl2br( htmlspecialchars( $v ) ) . "<br />";
+		else  
+			if( 0 == strcasecmp( $attr, 'userPassword' ) && ( obfuscate_password_display() || is_null( get_enc_type( $old_values[ $attr ] ) ) ) ) {
+				echo preg_replace( '/./', '*', $old_values[ $attr ] ) . "<br />";
+			}
+			else {
+				echo nl2br( htmlspecialchars( $old_values[ $attr ] ) ) . "<br />";
+			}
+		echo "</nobr></td><td><nobr>";
+
+		// is this a multi-valued attribute?
+		if( is_array( $new_val ) ) {
+			foreach( $new_val as $i => $v ) {
+				if( $v == '' ) {
+					// remove it from the update array if it's empty
+					unset( $update_array[ $attr ][ $i ] );
+					$update_array[ $attr ] = array_values( $update_array[ $attr ] );
+				} else {
+					echo nl2br( htmlspecialchars( $v ) ) . "<br />";
+				}
+			}
+
+			// was this a multi-valued attribute deletion? If so,
+			// fix the $update_array to reflect that per update_confirm.php's
+			// expectations
+			if( $update_array[ $attr ] == array( 0 => '' ) || $update_array[ $attr ] == array() ) {
+				$update_array[ $attr ] = '';
+				echo '<span style="color: red">' . _('[attribute deleted]') . '</span>';
+			}
+		}
+		else 
+			if( $new_val != '' ) 
+				if( 0 == strcasecmp( $attr, 'userPassword' ) && ( obfuscate_password_display() || is_null( get_enc_type( $new_values[ $attr ] ) ) ) ) {
+					echo preg_replace( '/./', '*', $new_val ) . "<br />";
+				}
+				else {
+					echo htmlspecialchars( $new_val ) . "<br />";
+				}
+			else 
+				echo '<span style="color: red">' . _('[attribute deleted]') . '</span>';
+		echo "</nobr></td></tr>\n\n";
+	}
+
+	?>
+
+	</table>
+	<br />
+
+	<table>
+	<tr>
+		<td>
+			<!-- Commit button and acompanying form -->
+			<form action="update.php" method="post">
+			<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+			<?php foreach( $update_array as $attr => $val ) { ?>
+				<?php if( is_array( $val ) ) { ?>				
+					<?php foreach( $val as $i => $v ) { ?>
+
+						<input  type="hidden"
+							name="update_array[<?php echo htmlspecialchars( $attr ); ?>][<?php echo $i; ?>]"
+							value="<?php echo htmlspecialchars( $v ); ?>" />
+					<?php } ?> 
+				<?php } else { ?>				
+
+					<input  type="hidden"
+						name="update_array[<?php echo htmlspecialchars( $attr ); ?>]"
+						value="<?php echo htmlspecialchars( $val ); ?>" />
+				<?php } ?>				
+			<?php } ?>
+			<input type="submit" value="<?php echo _('Commit'); ?>"/>
+			</form>
+		</td>
+		<td>
+			<!-- Cancel button -->
+			<form action="edit.php" method="get">
+			<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+			<input type="submit" value="<?php echo _('Cancel'); ?>"/>
+			</form>
+		</td>
+	</tr>
+	</table>		
+	</center>
+	</body>
+
+	<?php
+
+} else { ?>
+	
+	<center>
+	<?php echo _('You made no changes.'); ?>
+	<br><br><a href="edit.php?dn=<?php echo $encoded_dn; ?>"><?php echo _('Back'); ?></a>
+	</center>
+
+<?php } ?>
+
+</form>
+
+
+