WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

documentation update

This commit is contained in:
Roland Gruber 2004-05-31 14:04:00 +00:00
parent 0589dc8842
commit dc7ffcc5a6
2 changed files with 342 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

285
lam/lib/config.inc
View File

@ -20,15 +20,22 @@ $Id$
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Config supplies access to the configuration data.
*/
/**
* This file includes functions to manage the configuration files.
*
* @package configuration
* @author Roland Gruber
*/
/** Used to print messages. */
include_once("status.inc");
/** Used to get module information. */
include_once("modules.inc");
/**
* sets language settings for automatic translation
* Sets language settings for automatic translation
*/
function setlanguage() {
if ($_SESSION['language']) {
@ -43,7 +50,9 @@ function setlanguage() {
}
/**
* returns an array of string with all available configuration profiles (without .conf)
* Returns an array of string with all available configuration profiles (without .conf)
*
* @return array profile names
*/
function getConfigProfiles() {
$dir = dir(substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config");
@ -63,9 +72,9 @@ function getConfigProfiles() {
}
/**
* print meta refresh
* Prints a meta refresh page
*
* @param $page the URL of the target page
* @param string $page the URL of the target page
*/
function metaRefresh($page) {
echo $_SESSION['header'];
@ -84,66 +93,70 @@ function metaRefresh($page) {
/**
* This class manages .conf files.
*
* @package configuration
*/
class Config {
/** server address (e.g. ldap://127.0.0.1:389) */
/** Server address (e.g. ldap://127.0.0.1:389) */
var $ServerURL;
/** array of strings: users with admin rights */
/** Array of string: users with admin rights */
var $Admins;
/** string: password to edit preferences */
/** Password to edit preferences */
var $Passwd;
/** suffix for users */
/** LDAP suffix for users */
var $usersuffix;
/** suffix for groups */
/** LDAP suffix for groups */
var $groupsuffix;
/** suffix for Samba hosts */
/** LDAP suffix for Samba hosts */
var $hostsuffix;
/** suffix for domains (Samba 3) */
/** LDAP suffix for Samba 3 domains */
var $domainsuffix;
/** minimum UID number for users */
/** Minimum UID number for users */
var $MinUID;
/** maximum UID number for users */
/** Maximum UID number for users */
var $MaxUID;
/** minimum GID number for groups */
/** Minimum GID number for groups */
var $MinGID;
/** maximum GID number for groups */
/** Maximum GID number for groups */
var $MaxGID;
/** minimum UID number for Samba hosts */
/** Minimum UID number for Samba hosts */
var $MinMachine;
/** maximum UID number for Samba hosts */
/** Maximum UID number for Samba hosts */
var $MaxMachine;
/** attributes that are shown in the user list */
/** Attributes that are shown in the user list */
var $userlistAttributes;
/** attributes that are shown in the group list */
/** Attributes that are shown in the group list */
var $grouplistAttributes;
/** attributes that are shown in the host list */
/** Attributes that are shown in the host list */
var $hostlistAttributes;
/** maximum number of rows shown in user/group/host lists */
/** Maximum number of rows shown in user/group/host lists */
var $maxlistentries;
/** default language */
/** Default language */
var $defaultLanguage;
/**
* Path to external lamdaemon script on server where it is executed
* used for managing quota and home directories
*
* This is used for managing quota and home directories.
* optional setting, may not be defined
*/
var $scriptPath;
/**
* server where lamdaemon script is executed
* used for managing quota and home directories
* Server where lamdaemon script is executed
*
* This is used for managing quota and home directories.
* optional setting, may not be defined
*/
var $scriptServer;
@ -151,23 +164,24 @@ class Config {
/** LDAP cache timeout */
var $cachetimeout;
/** password hash algorithm */
/** Password hash algorithm */
var $pwdhash;
/** text to include in user PDF files */
/** Text to include in user PDF files */
var $pdftext = "";
/** account modules
** TODO add default modules for LAM <0.5
/**
* Account modules
* TODO add default modules for LAM <0.5
*/
var $usermodules = "um1,um2,um3";
var $groupmodules = "gm1,gm2,gm3";
var $hostmodules = "hm1,hm2,hm3";
/** name of configuration file */
/** Name of configuration file */
var $file;
/** list of all settings in config file */
/** List of all settings in config file */
var $settings = array("ServerURL", "Passwd", "Admins", "usersuffix", "groupsuffix", "hostsuffix",
"domainsuffix", "MinUID", "MaxUID", "MinGID", "MaxGID", "MinMachine", "MaxMachine",
"userlistAttributes", "grouplistAttributes", "hostlistAttributes", "maxlistentries",
@ -176,7 +190,7 @@ class Config {
/**
* constructor, loads preferences from config file
* Loads preferences from config file
*
* @param $file Index number in config file array
*/
@ -190,7 +204,7 @@ class Config {
$this->reload();
}
/** reloads preferences from config file */
/** Reloads preferences from config file */
function reload() {
$conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/" . $this->file . ".conf";
if (is_file($conffile) == True) {
@ -224,7 +238,7 @@ class Config {
}
}
/** saves preferences to config file */
/** Saves preferences to config file */
function save() {
$conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/" . $this->file . ".conf";
if (is_file($conffile) == True) {
@ -299,7 +313,7 @@ class Config {
}
}
/** prints current preferences */
/** Prints current preferences */
function printconf() {
echo "<b>" . _("Server address") . ": </b>" . $this->ServerURL . "<br>";
echo "<b>" . _("Password hash type") . ": </b>" . $this->pwdhash . "<br>";
@ -331,7 +345,7 @@ class Config {
// functions to read/write preferences
/**
* returns the server address as string
* Returns the server address as string
*
* @return server address
*/
@ -340,7 +354,7 @@ class Config {
}
/**
* sets the server address
* Sets the server address
*
* @param $value new server address
* @return true if $value has correct format
@ -352,7 +366,7 @@ class Config {
}
/**
* returns an array of string with all admin names
* Returns an array of string with all admin names
*
* @return the admin names
*/
@ -361,7 +375,7 @@ class Config {
}
/**
* returns all admin users seperated by semicolons
* Returns all admin users seperated by semicolons
*
* @return the admin string
*/
@ -370,7 +384,7 @@ class Config {
}
/**
* sets the admin string
* Sets the admin string
*
* @param $value new admin string that contains all admin users seperated by semicolons
* @return true if $value has correct format
@ -385,7 +399,7 @@ class Config {
}
/**
* returns the password to access the preferences wizard
* Returns the password to access the preferences wizard
*
* @return the password
*/
@ -394,7 +408,7 @@ class Config {
}
/**
* sets the preferences wizard password
* Sets the preferences wizard password
*
* @param $value new password
* @return true if $value has correct format
@ -406,7 +420,7 @@ class Config {
}
/**
* returns the LDAP suffix where users are saved
* Returns the LDAP suffix where users are saved
*
* @return the user suffix
*/
@ -415,7 +429,7 @@ class Config {
}
/**
* sets the LDAP suffix where users are saved
* Sets the LDAP suffix where users are saved
*
* @param $value new user suffix
* @return true if $value has correct format
@ -438,7 +452,7 @@ class Config {
}
/**
* sets the LDAP suffix where groups are saved
* Sets the LDAP suffix where groups are saved
*
* @param $value new group suffix
* @return true if $value has correct format
@ -461,7 +475,7 @@ class Config {
}
/**
* sets the LDAP suffix where hosts are saved
* Sets the LDAP suffix where hosts are saved
*
* @param $value new host suffix
* @return true if $value has correct format
@ -476,7 +490,7 @@ class Config {
}
/**
* returns the LDAP suffix where domains are saved
* Returns the LDAP suffix where domains are saved
*
* @return the domain suffix
*/
@ -485,7 +499,7 @@ class Config {
}
/**
* sets the LDAP suffix where domains are saved
* Sets the LDAP suffix where domains are saved
*
* @param $value new domain suffix
* @return true if $value has correct format
@ -500,7 +514,7 @@ class Config {
}
/**
* returns the minimum UID to use when creating new users
* Returns the minimum UID to use when creating new users
*
* @return the minimum UID number
*/
@ -509,7 +523,7 @@ class Config {
}
/**
* sets the minimum UID to use when creating new users
* Sets the minimum UID to use when creating new users
*
* @param $value new minimum UID number
* @return true if $value has correct format
@ -521,7 +535,7 @@ class Config {
}
/**
* returns the maximum UID to use when creating new users
* Returns the maximum UID to use when creating new users
*
* @return the maximum UID number
*/
@ -530,7 +544,7 @@ class Config {
}
/**
* sets the maximum UID to use when creating new users
* Sets the maximum UID to use when creating new users
*
* @param $value new maximum UID number
* @return true if $value has correct format
@ -542,7 +556,7 @@ class Config {
}
/**
* returns the minimum GID to use when creating new groups
* Returns the minimum GID to use when creating new groups
*
* @return the minimum GID number
*/
@ -551,7 +565,7 @@ class Config {
}
/**
* sets the minimum GID to use when creating new groups
* Sets the minimum GID to use when creating new groups
*
* @param $value new minimum GID number
* @return true if $value has correct format
@ -563,7 +577,7 @@ class Config {
}
/**
* returns the maximum GID to use when creating new groups
* Returns the maximum GID to use when creating new groups
*
* @return the maximum GID number
*/
@ -572,7 +586,7 @@ class Config {
}
/**
* sets the maximum GID to use when creating new groups
* Sets the maximum GID to use when creating new groups
*
* @param $value new maximum GID number
* @return true if $value has correct format
@ -584,7 +598,7 @@ class Config {
}
/**
* returns the minimum UID to use when creating new Samba hosts
* Returns the minimum UID to use when creating new Samba hosts
*
* @return the minimum UID number
*/
@ -593,7 +607,7 @@ class Config {
}
/**
* sets the minimum UID to use when creating new Samba hosts
* Sets the minimum UID to use when creating new Samba hosts
*
* @param $value new minimum UID number
* @return true if $value has correct format
@ -606,7 +620,7 @@ class Config {
}
/**
* returns the maximum UID to use when creating new Samba hosts
* Returns the maximum UID to use when creating new Samba hosts
*
* @return the maximum UID number
*/
@ -615,7 +629,7 @@ class Config {
}
/**
* sets the maximum UID to use when creating new Samba hosts
* Sets the maximum UID to use when creating new Samba hosts
*
* @param $value new maximum UID number
* @return true if $value has correct format
@ -628,7 +642,7 @@ class Config {
}
/**
* returns the list of attributes to show in user list
* Returns the list of attributes to show in user list
*
* @return the attribute list
*/
@ -637,7 +651,7 @@ class Config {
}
/**
* sets the list of attributes to show in user list
* Sets the list of attributes to show in user list
*
* @param $value new attribute string
* @return true if $value has correct format
@ -651,7 +665,7 @@ class Config {
}
/**
* returns the list of attributes to show in group list
* Returns the list of attributes to show in group list
*
* @return the attribute list
*/
@ -660,7 +674,7 @@ class Config {
}
/**
* sets the list of attributes to show in group list
* Sets the list of attributes to show in group list
*
* @param $value new attribute string
* @return true if $value has correct format
@ -674,7 +688,7 @@ class Config {
}
/**
* returns the list of attributes to show in host list
* Returns the list of attributes to show in host list
*
* @return the attribute list
*/
@ -683,7 +697,7 @@ class Config {
}
/**
* sets the list of attributes to show in host list
* Sets the list of attributes to show in host list
*
* @param $value new attribute string
* @return true if $value has correct format
@ -698,7 +712,7 @@ class Config {
}
/**
* returns the maximum number of rows in user/group/host lists
* Returns the maximum number of rows in user/group/host lists
*
* @return maximum number
*/
@ -707,7 +721,7 @@ class Config {
}
/**
* sets the maximum number of rows in user/group/host lists
* Sets the maximum number of rows in user/group/host lists
*
* @param $value new attribute string
* @return true if $value has correct format
@ -719,7 +733,7 @@ class Config {
}
/**
* returns the default language string
* Returns the default language string
*
* @return default language
*/
@ -728,7 +742,7 @@ class Config {
}
/**
* sets the default language string
* Sets the default language string
*
* @param $value new default language
* @return true if $value has correct format
@ -740,7 +754,7 @@ class Config {
}
/**
* returns the path to the external script
* Returns the path to the external script
*
* @return script path
*/
@ -749,7 +763,7 @@ class Config {
}
/**
* sets the path to the external script
* Sets the path to the external script
*
* @param $value new script path
* @return true if $value has correct format
@ -762,7 +776,7 @@ class Config {
}
/**
* returns the server of the external script
* Returns the server of the external script
*
* @return script server
*/
@ -771,7 +785,7 @@ class Config {
}
/**
* sets the server of the external script
* Sets the server of the external script
*
* @param $value new script server
* @return true if $value has correct format
@ -785,20 +799,31 @@ class Config {
return true;
}
// returns the LDAP cache timeout in minutes
/**
* Returns the LDAP cache timeout in minutes
*
* @return cache time
*/
function get_cacheTimeout() {
if (isset($this->cachetimeout)) return $this->cachetimeout;
else return 5;
}
// returns the LDAP cache timeout in seconds
/**
* Returns the LDAP cache timeout in seconds
*
* @return cache time
*/
function get_cacheTimeoutSec() {
return $this->cachetimeout * 60;
}
// sets the LDAP cache timeout in minutes (0,1,2,5,10,15)
// $value: new cache timeout
// returns true if $value has correct format
/**
* Sets the LDAP cache timeout in minutes (0,1,2,5,10,15)
*
* @param $value new cache timeout
* @return true if $value has correct format
*/
function set_cacheTimeout($value) {
if (is_numeric($value) && ($value > -1)) {
$this->cachetimeout = $value;
@ -807,15 +832,22 @@ class Config {
return true;
}
// returns the password hash type
/**
* Returns the password hash type
*
* @return password hash
*/
function get_pwdhash() {
if ($this->pwdhash) return strtoupper($this->pwdhash);
else return "SSHA";
}
// set the password hash type (CRYPT/SHA/SSHA/MD5/SMD5)
// $value: new password hash algorithm
// returns true if $value has correct format
/**
* Sets the password hash type (CRYPT/SHA/SSHA/MD5/SMD5)
*
* @param $value new password hash algorithm
* @return true if $value has correct format
*/
function set_pwdhash($value) {
if (is_string($value) && eregi("^(crypt|sha|ssha|md5|smd5|plain)$", $value)) {
$this->pwdhash = $value;
@ -824,15 +856,22 @@ class Config {
return true;
}
// returns text for user PDF files
/**
* Returns text for user PDF files
*
* @return text string
*/
function get_pdftext($name = "user") {
if ($this->pdftext) return $this->pdftext;
else return "";
}
// set the text for user PDF files
// $value: string containing the text
// returns true if $value has correct format and could be saved
/**
* Sets the text for user PDF files
*
* @param $value string containing the text
* @return true if $value has correct format and could be saved
*/
function set_pdftext($value) {
// check if text changed
if ($value == $this->pdftext) return true;
@ -852,7 +891,11 @@ class Config {
return true;
}
// returns an array of all selected user modules
/**
* Returns an array of all selected user modules
*
* @return user modules
*/
function get_UserModules() {
$modules = explode(",", $this->usermodules);
$available = getAvailableModules('user');
@ -864,9 +907,12 @@ class Config {
return $ret;
}
// sets the selected user modules
// $modules: array with module names (not aliases!)
// returns true if $modules has correct format
/**
* Sets the selected user modules
*
* @param $modules array with module names (not aliases!)
* @return true if $modules has correct format
*/
function set_UserModules($modules) {
if (! is_array($modules)) return false;
// check module names
@ -879,7 +925,11 @@ class Config {
return true;
}
// returns an array of all selected group modules
/**
* Returns an array of all selected group modules
*
* @return group modules
*/
function get_GroupModules() {
$modules = explode(",", $this->groupmodules);
$available = getAvailableModules('group');
@ -891,9 +941,12 @@ class Config {
return $ret;
}
// sets the selected group modules
// $modules: array with module names (not aliases!)
// returns true if $modules has correct format
/**
* Sets the selected group modules
*
* @param $modules array with module names (not aliases!)
* @return true if $modules has correct format
*/
function set_GroupModules($modules) {
if (! is_array($modules)) return false;
// check module names
@ -906,7 +959,11 @@ class Config {
return true;
}
// returns an array of all selected host modules
/**
* Returns an array of all selected host modules
*
* @return host modules
*/
function get_HostModules() {
$modules = explode(",", $this->hostmodules);
$available = getAvailableModules('host');
@ -918,9 +975,12 @@ class Config {
return $ret;
}
// sets the selected host modules
// $modules: array with module names (not aliases!)
// returns true if $modules has correct format
/**
* Sets the selected host modules
*
* @param $modules array with module names (not aliases!)
* @return true if $modules has correct format
*/
function set_HostModules($modules) {
if (! is_array($modules)) return false;
// check module names
@ -936,24 +996,29 @@ class Config {
}
/*
// class CfgMain
/**
* This class manages config.cfg.
*
* @package configuration
*/
// manages config.cfg
class CfgMain {
// default profile
/** Default profile */
var $default;
// password to change config.cfg
/** Password to change config.cfg */
var $password;
// constructor, loads preferences from config file
/**
* Loads preferences from config file
*/
function CfgMain() {
$this->reload();
}
// reloads preferences from config file config.cfg
/**
* Reloads preferences from config file config.cfg
*/
function reload() {
$conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/config.cfg";
if (is_file($conffile) == True) {
@ -979,7 +1044,9 @@ class CfgMain {
}
}
// saves preferences to config file config.cfg
/**
* Saves preferences to config file config.cfg
*/
function save() {
$conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/config.cfg";
if (is_file($conffile) == True) {

239
lam/lib/ldap.inc
View File

@ -21,20 +21,36 @@ $Id$
*/
// ldap.inc provides basic functions to connect to the OpenLDAP server.
/**
* ldap.inc provides basic functions to connect to the OpenLDAP server.
*
* @package LDAP
* @author Roland Gruber
*/
/** Access to configuration data */
include_once("config.inc");
/** Encryption functions */
include_once("blowfish.inc");
// converts a HEX string to a binary value
/**
* Converts a HEX string to a binary value
*
* @param string $value HEX string
* @return binary result binary
*/
function hex2bin($value) {
return pack("H*", $value);
}
// returns the hash value of a plain text password
// the hash algorithm depends on the configuration file
// $password: the password string
// $enabled: marks the hash as enabled/disabled (e.g. by prefixing "!")
/**
* Returns the hash value of a plain text password
* the hash algorithm depends on the configuration file
*
* @param string $password the password string
* @param boolean $enabled marks the hash as enabled/disabled (e.g. by prefixing "!")
* @return string the password hash
*/
function pwd_hash($password, $enabled=true) {
// check for empty password
if (! $password || ($password == "")) {
@ -117,9 +133,12 @@ function pwd_hash($password, $enabled=true) {
}
// marks an password hash as enabled
// and returns the new hash string
// hash: hash value to enable
/**
* Marks an password hash as enabled and returns the new hash string
*
* @param string $hash hash value to enable
* @return string enabled password hash
*/
function pwd_enable($hash) {
// check if password is disabled (old wrong LAM method)
if ((substr($hash, 0, 2) == "!{") || ((substr($hash, 0, 2) == "*{"))) {
@ -139,9 +158,12 @@ function pwd_enable($hash) {
}
}
// marks an password hash as disabled
// and returns the new hash string
// hash: hash value to disable
/**
* Marks an password hash as disabled and returns the new hash string
*
* @param string $hash hash value to disable
* @return string disabled hash value
*/
function pwd_disable($hash) {
// check if password is disabled (old wrong LAM method)
if ((substr($hash, 0, 2) == "!{") || ((substr($hash, 0, 2) == "*{"))) {
@ -161,8 +183,12 @@ function pwd_disable($hash) {
}
}
// checks if a password hash is enabled/disabled
// returns true if the password is marked as enabled
/**
* Checks if a password hash is enabled/disabled
*
* @param string $hash password hash to check
* @return boolean true if the password is marked as enabled
*/
function pwd_is_enabled($hash) {
// disabled passwords have a "!" or "*" at the beginning (old wrong LAM method)
if ((substr($hash, 0, 2) == "!{") || ((substr($hash, 0, 2) == "*{"))) return false;
@ -176,37 +202,48 @@ function pwd_is_enabled($hash) {
}
// manages connection to LDAP and several helper functions
/**
* Ldap manages connection to LDAP and includes several helper functions.
*
* @package LDAP
*/
class Ldap{
// object of Config to access preferences
/** Object of Config to access preferences */
var $conf;
// server handle
/** Server handle */
var $server;
// LDAP username and password used for bind
/** LDAP username used for bind */
var $username;
/** LDAP password used for bind */
var $password;
// Arrays that contain LDAP attributes and their descriptions which are translated
/** Contains LDAP attributes for user list and their descriptions */
var $ldapUserAttributes;
/** Contains LDAP attributes for group list and their descriptions */
var $ldapGroupAttributes;
/** Contains LDAP attributes for host list and their descriptions */
var $ldapHostAttributes;
// array with all objectClass strings from the LDAP server
/** Array with all objectClass strings from the LDAP server */
var $objectClasses;
// capabilities of the LDAP server
var $supports_unix_hosts=false; // host attribute in inetOrgPerson
var $supports_samba2_schema=false; // objectClass sambaAccount
var $supports_samba3_schema=false; // objectClass sambaSamAccount
// Capabilities of the LDAP server
/** Host attribute in inetOrgPerson */
var $supports_unix_hosts = false;
/** ObjectClass sambaAccount */
var $supports_samba2_schema = false;
/** ObjectClass sambaSamAccount */
var $supports_samba3_schema = false;
// random number (changes on every page request)
/** Random number (changes on every page request) */
var $rand;
// constructor
// $config: an object of Config (../config/config.php)
/**
* @param object $config an object of class Config
*/
function Ldap($config) {
setlanguage();
if (is_object($config)) $this->conf = $config;
@ -245,10 +282,13 @@ class Ldap{
return true;
}
// connects to the server using the given username and password
// if connect succeeds the server handle is returned
// $user: user name
// $passwd: password
/**
* Connects to the server using the given username and password
*
* @param string $user user name
* @param string $passwd password
* @return mixed if connect succeeds the server handle is returned, else false
*/
function connect($user, $passwd) {
// close any prior connection
@$this->close();
@ -288,14 +328,17 @@ class Ldap{
else return false;
}
// closes connection to server
/** Closes connection to server */
function close() {
@ldap_close($this->server);
}
// searches LDAP for a specific user name
// and returns its DN entry
// $name: user name
/**
* Searches LDAP for a specific user name and returns its DN entry
*
* @param string $name user name
* @return string DN
*/
function search_username($name) {
$filter = "(uid=$name)";
$attrs = array();
@ -309,8 +352,12 @@ class Ldap{
}
}
// returns an array with all organizational units under the given suffix
// $suffix: search suffix
/**
* Returns an array with all organizational units under the given suffix
*
* @param string $suffix search suffix
* @return array DNs of organizational units
*/
function search_units($suffix) {
$ret = array();
$sr = @ldap_search($this->server(), $suffix, "objectClass=organizationalunit", array("DN"));
@ -336,8 +383,12 @@ class Ldap{
return $ret;
}
// returns an array with all Samba 3 domain entries under the given suffix
// $suffix: search suffix
/**
* Returns an array with all Samba 3 domain entries under the given suffix
*
* @param string $suffix search suffix
* @return array list of samba3domain objects
*/
function search_domains($suffix) {
$ret = array();
$attr = array("DN", "sambaDomainName", "sambaSID", "sambaNextRid", "sambaNextGroupRid",
@ -364,7 +415,7 @@ class Ldap{
return $ret;
}
// reads the array of objectClasses from the LDAP server
/** Reads the array of objectClasses from the LDAP server */
function updateClasses() {
// read from default cn
$sr = @ldap_read($this->server, 'cn=subschema', '(objectClass=*)', array('objectclasses'));
@ -383,7 +434,7 @@ class Ldap{
$this->objectClasses = array();
}
// updates the capabilities values (var $supports_*)
/** Updates the capabilities values (var $supports_*) */
function updateCapabilities() {
for ($i = 0; $i < sizeof($this->objectClasses); $i++) {
$line = $this->objectClasses[$i];
@ -394,12 +445,16 @@ class Ldap{
}
}
// returns the LDAP connection handle
/**
* Returns the LDAP connection handle
*
* @return object connection handle
*/
function server() {
return $this->server;
}
// closes connection to LDAP server before serialization
/** Closes connection to LDAP server before serialization */
function __sleep() {
$this->close();
// define which attributes to save
@ -408,7 +463,7 @@ class Ldap{
"supports_samba3_schema", "rand");
}
// reconnects to LDAP server when deserialized
/** Reconnects to LDAP server when deserialized */
function __wakeup() {
$data = $this->decrypt_login();
$this->connect($data[0], $data[1]);
@ -432,16 +487,19 @@ class Ldap{
}
}
// calculates a new value for rand
/** Calculates a new value for rand */
function new_rand() {
// change random number
mt_srand($this->rand + (microtime() * 1000000));
$this->rand = mt_rand();
}
// encrypts a string
// $data: string to encrypt
// return: encrypted string
/**
* Encrypts a string
*
* @param string $data string to encrypt
* @return object encrypted string
*/
function encrypt($data) {
// use MCrypt if available
if (function_exists(mcrypt_create_iv)) {
@ -463,9 +521,12 @@ class Ldap{
}
}
// decrypts a string
// $data: string to decrypt
// return: decrypted string
/**
* Decrypts a string
*
* @param object $data string to decrypt
* @return string decrypted string
*/
function decrypt($data) {
// use MCrypt if available
if (function_exists(mcrypt_create_iv)) {
@ -489,19 +550,23 @@ class Ldap{
}
}
// encrypts username and password
// $username: LDAP user name
// $password: LDAP password
/**
* Encrypts username and password
*
* @param string $username LDAP user name
* @param string $password LDAP password
*/
function encrypt_login($username, $password) {
// encrypt username and password
$this->username = base64_encode($this->encrypt($username));
$this->password = base64_encode($this->encrypt($password));
}
// decrypts username and password
// returns an array
// return[0]: user name
// return[1]: password
/**
* Decrypts username and password
*
* @return array array(user name, password)
*/
function decrypt_login() {
// decrypt username and password
$username = $this->decrypt(base64_decode($this->username));
@ -510,30 +575,48 @@ class Ldap{
return $ret;
}
// closes connection to LDAP server and deletes encrypted username/password
/** Closes connection to LDAP server and deletes encrypted username/password */
function destroy() {
$this->close();
$this->username="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$this->password="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
}
// returns an array that contains LDAP attribute names and their description
/**
* Returns the LDAP attribute names and their description for the user list
*
* @return array list of LDAP attributes and descriptions
*/
function attributeUserArray() {
return $this->ldapUserAttributes;
}
// returns an array that contains LDAP attribute names and their description
/**
* Returns the LDAP attribute names and their description for the group list
*
* @return array list of LDAP attributes and descriptions
*/
function attributeGroupArray() {
return $this->ldapGroupAttributes;
}
// returns an array that contains LDAP attribute names and their description
/**
* Returns the LDAP attribute names and their description for the host list
*
* @return array list of LDAP attributes and descriptions
*/
function attributeHostArray() {
return $this->ldapHostAttributes;
}
// helper function to sort the unit DNs
/**
* Helper function to sort the unit DNs
*
* @param string $a first argument to compare
* @param string $b second argument to compare
* @return integer 0 if equal, 1 if $a is greater, -1 if $b is greater
*/
function cmp_array($a, $b) {
// split DNs
$array_a = explode(",", $a);
@ -560,7 +643,13 @@ class Ldap{
}
}
// helper function to sort the domains
/**
* Helper function to sort the domains
*
* @param string $a first argument to compare
* @param string $b second argument to compare
* @return integer 0 if equal, 1 if $a is greater, -1 if $b is greater
*/
function cmp_domain($a, $b) {
if ($a->name == $b->name) return 0;
elseif ($a->name == max($a->name, $b->name)) return 1;
@ -570,29 +659,33 @@ class Ldap{
}
// represents a Samba 3 domain entry
/**
* Represents a Samba 3 domain entry
*
* @package LDAP
*/
class samba3domain {
// DN
/** DN */
var $dn;
// domain name
/** Domain name */
var $name;
// domain SID
/** Domain SID */
var $SID;
// next RID
/** Next RID */
var $nextRID;
// next user RID
/** Next user RID */
var $nextUserRID;
// next group RID
/** Next group RID */
var $nextGroupRID;
// RID base to calculate RIDs, default 1000
var $RIDbase=1000;
/** RID base to calculate RIDs, default 1000 */
var $RIDbase = 1000;
}
?>