WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixed problem with new modules and ldap objectclasses. 

SUP-Classes weren't included in attribute list.
This commit is contained in:
katagia 2003-12-12 11:52:52 +00:00
parent b2e93fe95f
commit ff524e3f23
3 changed files with 142 additions and 275 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
lam/lib/account.inc
View File

@ -86,7 +86,7 @@ class cache {
foreach ($DNs as $dn) { foreach ($DNs as $dn) {
if (isset($this->ldapcache[$scope][$dn][$attribute]) && in_array($objectClass, $this->ldapcache[$scope][$dn]['objectClass'])) { if (isset($this->ldapcache[$scope][$dn][$attribute]) && in_array($objectClass, $this->ldapcache[$scope][$dn]['objectClass'])) {
// return string if only attribute exists only once // return string if only attribute exists only once
if (count($this->ldapcache[$scope][$dn][$attribute])==1) $return[$dn] = $this->ldapcache[$scope][$dn][$attribute][0]; if (count($this->ldapcache[$scope][$dn][$attribute])==1) $return[$dn][] = $this->ldapcache[$scope][$dn][$attribute][0];
else { else {
// else return array with all attributes // else return array with all attributes
$return[$dn] = $this->ldapcache[$scope][$dn][$attribute]; $return[$dn] = $this->ldapcache[$scope][$dn][$attribute];
@ -231,6 +231,7 @@ class accountContainer {
var $type; var $type;
var $lampath; // reference to lampath from Session var $lampath; // reference to lampath from Session
var $ldap; // This is a reference to the ldap class in session var $ldap; // This is a reference to the ldap class in session
var $modules; // This is an array with all module objects
/* Get the type of account. Valid /* Get the type of account. Valid
* types are: user, group, host * types are: user, group, host
@ -266,7 +267,7 @@ class accountContainer {
// create array with may-attributes // create array with may-attributes
// Get startposition in string // Get startposition in string
if (strpos($this->ldap->objectClasses[$line], 'MAY (')) { if (strpos($this->ldap->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($_SESSION['ldap']->objectClasses[$line], 'MAY (')+5); $string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes // Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')')); $string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string); $string = trim($string);
@ -277,6 +278,49 @@ class accountContainer {
else $this->attributes[$attribute][$objectClass] = 'MAY'; else $this->attributes[$attribute][$objectClass] = 'MAY';
} }
} }
// Get attributes of subclasses
while (strpos($this->ldap->objectClasses[$line], "SUP ")) {
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'SUP ')+4);
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
// Add account type to object
for ($i=0; $i<count($this->ldap->objectClasses) || $i==-1; $i++) {
if (strpos($this->ldap->objectClasses[$i], "NAME '$subclass'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (_("objectClass objectClass required but not defined in ldap."), E_USER_WARNING);
// create array with must-attributes
// Get startposition in string
if (strpos($this->ldap->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
$may = explode(" $ ", $string);
// Ad must
foreach ($must as $attribute) {
if (!isset($this->attributes[$attribute])) $this->attributes[$attribute][$objectClass] = 'MUST';
else $this->attributes[$attribute][$objectClass] = 'MUST';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($this->ldap->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($this->ldap->objectClasses[$line], strpos($this->ldap->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
$must = explode(" $ ", $string);
// Ad may
foreach ($must as $attribute) {
if (!isset($this->attributes[$attribute])) $this->attributes[$attribute][$objectClass] = 'MAY';
else $this->attributes[$attribute][$objectClass] = 'MAY';
}
}
}
} }
/* This function return ldap attributes /* This function return ldap attributes
@ -309,7 +353,7 @@ class accountContainer {
// Add module if it exists // Add module if it exists
if (filetype($this->lampath."/lib/modules/".$objectClass.".inc") == 'file') { if (filetype($this->lampath."/lib/modules/".$objectClass.".inc") == 'file') {
include_once ($this->lampath."/lib/modules/".$objectClass.".inc"); include_once ($this->lampath."/lib/modules/".$objectClass.".inc");
$this[] = new $objectClass($this); $this->modules[] = new $objectClass($this);
} }
} }
return 0; return 0;

359
lam/lib/modules/inetOrgPerson.inc
View File

@ -31,10 +31,6 @@ $Id$
* account.inc: array_delete * account.inc: array_delete
*/ */
// *** fixme, start session if not yet done
// *** fixme set language if not yet done
include_once('../ldap.inc');
include_once('../account.inc');
/* This class contains all inetOrgPerson LDAP attributes /* This class contains all inetOrgPerson LDAP attributes
* and funtioncs required to deal with inetOrgPerson * and funtioncs required to deal with inetOrgPerson
@ -50,15 +46,15 @@ include_once('../account.inc');
class inetOrgPerson { class inetOrgPerson {
// Constructor // Constructor
function inetOrgPerson(&$basearray=false) { function inetOrgPerson(&$basearray) {
/* Return an error if posixAccount should be created without /* Return an error if posixAccount should be created without
* base container * base container
*/ */
if (!$basearray) die _('Please create a new object with $array[] = new posixAccount($array);'); if (!$basearray) trigger_error(_('Please create a new object with $array[] = new posixAccount($array);'), E_USER_ERROR);
// Check if $basearray is an array // Check if $basearray is an array
if (!is_array($basearray)) die _('Please create a new object with $array[] = new posixAccount($array);'); if (!is_object($basearray)) trigger_error(_('Please create a new module object with $accountContainer->add_objectClass(\'inetOrgPerson\');'), E_USER_ERROR);
// posixAccount is only a valid objectClass for user and host // posixAccount is only a valid objectClass for user and host
if !($basearray->get_type() == 'user') die _('inetOrgPerson can only be used for users.'); if ($basearray->get_type() != 'user') trigger_error(_('inetOrgPerson can only be used for users.'), E_USER_WARNING);
/* Create a reference to basearray so we can read all other modules /* Create a reference to basearray so we can read all other modules
* php will avaois recousrion itself * php will avaois recousrion itself
*/ */
@ -69,8 +65,73 @@ class inetOrgPerson {
$basearray->add_attributes ('inetOrgPerson'); $basearray->add_attributes ('inetOrgPerson');
// Add account type to object // Add account type to object
$orig = array( 'uid' => '', 'uidNumber' => '', 'gidNumber' => '', 'homeDirectory' => '', 'loginShell' => '', 'gecos' => '', $line=-1;
'description' => '', 'enc_userPassword' => '', 'groups' => array() ); for ($i=0; $i<count($this->base->ldap->objectClasses) || $i==-1; $i++) {
if (strpos($this->base->ldap->objectClasses[$i], "NAME 'inetOrgPerson'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (_("objectClass objectClass required but not defined in ldap."), E_USER_WARNING);
// create array with must-attributes
// Get startposition in string
if (strpos($this->base->ldap->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad must
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($this->base->ldap->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad may
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// Get attributes of subclasses
while (strpos($this->base->ldap->objectClasses[$line], "SUP ")) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'SUP ')+4);
$subclass = substr($string_withtail, 0, strpos($string_withtail, ' '));
// Add account type to object
for ($i=0; $i<count($this->base->ldap->objectClasses) || $i==-1; $i++) {
if (strpos($this->base->ldap->objectClasses[$i], "NAME '$subclass'")) $line = $i;
}
// Return error if objectClass isn't found
if ($line==-1) trigger_error (_("objectClass objectClass required but not defined in ldap."), E_USER_WARNING);
// create array with must-attributes
// Get startposition in string
if (strpos($this->base->ldap->objectClasses[$line], 'MUST (')) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MUST (')+6);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad must
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
// create array with may-attributes
// Get startposition in string
if (strpos($this->base->ldap->objectClasses[$line], 'MAY (')) {
$string_withtail = substr($this->base->ldap->objectClasses[$line], strpos($this->base->ldap->objectClasses[$line], 'MAY (')+5);
// Now we have a string with all must-attributes
$string = substr($string_withtail, 0, strpos($string_withtail, ')'));
$string = trim($string);
// Ad may
foreach (explode(" $ ", $string) as $attribute) {
$this->attributes[$attribute] = '';
}
}
}
$this->attributes = $this->orig;
$this->alias = _('inetOrgPerson'); $this->alias = _('inetOrgPerson');
} }
@ -79,112 +140,50 @@ class inetOrgPerson {
var $alias; var $alias;
// reference to base-array so we can read other classes in basearray // reference to base-array so we can read other classes in basearray
var $base; var $base;
// This variable contains all inetOrgPerson Attributes
var $attributes;
// Use a unix password?
var $userPassword_no;
// Lock account?
var $userPassword_lock;
// Array with all groups the user should also be member of
var $groups;
// LDAP attributes
// These attributes have to be set in ldap
var $uid;
var $uidNumber;
var $gidNumber;
var $homeDirectory;
// These attributes doesn't have to be set in ldap
var $loginShell;
var $gecos;
var $description;
/* This function will return the unencrypted password when
* called without a variable
* If it's called with a new password, the
* new password will be stored encrypted
*/
function userPassword($newpassword='') {
// Read existing password if set
if ($newpassword='') {
if ($this->enc_userPassword != '') {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->enc_userPassword), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
return $password;
}
else return '';
}
// Write new password
else {
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$this->enc_userPassword = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $newpassword, MCRYPT_MODE_ECB, $iv));
return 0;
}
}
/* If an account was loaded all attributes are kept in this array /* If an account was loaded all attributes are kept in this array
* to compare it with new changed attributes * to compare it with new changed attributes
*/ */
var $orig; var $orig;
/* $attribute['password'] can't accessed directly because it's enrcypted
* To read / write password function userPassword is needed
*/
/* This function returns a list with all required modules /* This function returns a list with all required modules
*/ */
function dependencies() { function dependencies() {
if ($this->base['type']=='user') return array('inetOrgPerson');
if ($this->base['type']=='host') return array('account');
// return error if unsupported type is used // return error if unsupported type is used
return -1; return array();
} }
/* Write variables into object and do some regexp checks /* Write variables into object and do some regexp checks
*/ */
function proccess_attributes() { function proccess_attributes() {
// Load attributes // Load attributes
$this->uid = $_POST['form_posixAccount_uid']; $this->attributes['uid'] = $_POST['form_inetOrgPerson_uid'];
if ($this->base['type']=='user') $this->uid &= $this->base['inetOrgPerson']->cn; $this->attributes['cn'] &= $this->attributes['cn'];
if ($this->base['type']=='host') $this->uid &= $this->base['account']->cn;
$this->uidNumber = $_POST['form_posixAccount_uidNumber'];
$this->gidNumber = getgrnam($_POST['form_posixAccount_gidNumber']);
$this->homeDirectory = $_POST['form_posixAccount_homeDirectory'];
$this->loginShell = $_POST['form_posixAccount_loginShell'];
$this->gecos = $_POST['form_posixAccount_gecos'];
$this->description = $_POST['form_posixAccount_description'];
if ($_POST['form_posixAccount_userPassword_no']; $this->userPassword_no=true;
else $this->userPassword_no=false;
if ($_POST['form_posixAccount_userPassword_lock']; $this->userPassword_lock=true;
else $this->userPassword_lock=false;
if (isset($_POST['form_posixAccount_userPassword'])) {
if ($_POST['form_posixAccount_userPassword'] != $_POST['form_posixAccount_userPassword2']) {
$errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
unset ($_POST['form_posixAccount_userPassword2']);
}
else $this->userPassword($_POST['form_posixAccount_userPassword']);
}
if ($_POST['form_posixAccount_genpass']) $this->userPassword(genpasswd());
// Check if Username contains only valid characters // Check if Username contains only valid characters
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*$', $this->uid)) if ( !ereg('^([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*$', $this->attributes['uid']))
$errors[] = array('ERROR', _('Username'), _('Username contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !')); $errors[] = array('ERROR', _('Username'), _('Username contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !'));
// Create automatic useraccount with number if original user already exists // Create automatic useraccount with number if original user already exists
// Reset name to original name if new name is in use // Reset name to original name if new name is in use
// *** fixme make incache modularized. Incache will return the found attribute // *** fixme make incache modularized. Incache will return the found attribute
// Set username back to original name if new username is in use // Set username back to original name if new username is in use
if (incache($this->uid,'uid', '*')!=$this->orig['uid'] && ($this->orig['uid']!='')) $this->uid = $this->orig['uid']; if (incache($this->attributes['uid'],'uid', '*')!=$this->orig['uid'] && ($this->orig['uid']!='')) $this->attributes['uid'] = $this->orig['uid'];
// Change uid to a new uid until a free uid is found // Change uid to a new uid until a free uid is found
while (incache($this->uid, 'uid', '*')) { while (incache($this->attributes['uid'], 'uid', '*')) {
// Remove "$" at end of hostname if type is host
if ($this->base['type']=='host') $this->uid = substr($this->uid, 0, $this->uid-1);
// get last character of username // get last character of username
$lastchar = substr($this->uid, strlen($this->uid)-1, 1); $lastchar = substr($this->attributes['uid'], strlen($this->attributes['uid'])-1, 1);
// Last character is no number // Last character is no number
if ( !ereg('^([0-9])+$', $lastchar)) if ( !ereg('^([0-9])+$', $lastchar))
/* Last character is no number. Therefore we only have to /* Last character is no number. Therefore we only have to
* add "2" to it. * add "2" to it.
*/ */
if ($this->base['type']=='host') $this->uid = $this->uid . '2$'; $this->attributes['uid'] = $this->attributes['uid'] . '2';
else $this->uid = $this->uid . '2';
else { else {
/* Last character is a number -> we have to increase the number until we've /* Last character is a number -> we have to increase the number until we've
* found a groupname with trailing number which is not in use. * found a groupname with trailing number which is not in use.
@ -192,175 +191,35 @@ class inetOrgPerson {
* $i will show us were we have to split groupname so we get a part * $i will show us were we have to split groupname so we get a part
* with the groupname and a part with the trailing number * with the groupname and a part with the trailing number
*/ */
$i=strlen($this->uid)-1; $i=strlen($this->attributes['uid'])-1;
$mark = false; $mark = false;
// Set $i to the last character which is a number in $account_new->general_username // Set $i to the last character which is a number in $account_new->general_username
while (!$mark) { while (!$mark) {
if (ereg('^([0-9])+$',substr($this->uid, $i, strlen($this->uid)-$i))) $i--; if (ereg('^([0-9])+$',substr($this->attributes['uid'], $i, strlen($this->attributes['uid'])-$i))) $i--;
else $mark=true; else $mark=true;
} }
// increase last number with one // increase last number with one
$firstchars = substr($this->uid, 0, $i+1); $firstchars = substr($this->attributes['uid'], 0, $i+1);
$lastchars = substr($this->uid, $i+1, strlen($this->uid)-$i); $lastchars = substr($this->attributes['uid'], $i+1, strlen($this->attributes['uid'])-$i);
// Put username together // Put username together
$this->uid = $firstchars . (intval($lastchars)+1); $this->attributes['uid'] = $firstchars . (intval($lastchars)+1);
// Add $ name if type is host
if ($this->base['type']=='host') $this->uid .= '$';
} }
} }
// Show warning if lam has changed username // Show warning if lam has changed username
if ($this->uid != $_POST['form_posixAccount_uid']) $errors[] = array('WARN', _('Username'), _('Username in use. Selected next free username.')); if ($this->attributes['uid'] != $_POST['form_inetOrgPerson_uid']) $errors[] = array('WARN', _('Username'), _('Username in use. Selected next free username.'));
// Check if UID is valid. If none value was entered, the next useable value will be inserted
// load min and may uidNumber
if ($this->base['type']=='user') {
$minID = intval($_SESSION['config']->get_minUID());
$maxID = intval($_SESSION['config']->get_maxUID());
}
else {
$minID = intval($_SESSION['config']->get_minMachine());
$maxID = intval($_SESSION['config']->get_maxMachine());
}
// *** fixme create getcache function
$dn_uids = getcache('uidNumber', 'posixAccount', '*');
// getcache will return an array ( dn1 => array(uidnumber1), dn2 => array(uidnumber2), ... )
foreach ($dn_uids as $uid) $uids[] = $uid[0];
if(is_array($uids)) sort ($uids, SORT_NUMERIC);
if ($this->uidNumber=='') {
// No id-number given
if ($this->orig['uidNumber']=='') {
// new account -> we have to find a free id-number
if (count($uids)!=0) {
// There are some uids
// Store highest id-number
$id = $uids[count($uids)-1];
// Return minimum allowed id-number if all found id-numbers are too low
if ($id < $minID) $this->uidNumber = $minID;
// Return higesht used id-number + 1 if it's still in valid range
if ($id < $maxID) $this->uidNumber = $id+1;
/* If this function is still running we have to fid a free id-number between
* the used id-numbers
*/
$i = intval($minID);
while (in_array($i, $uids)) $i++;
if ($i>$maxID)
$errors[] = array('ERROR', _('ID-Number'), _('No free ID-Number!')))));
else {
$this->uidNumber = $i;
$errors[] = array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.'));
}
}
else $this->uidNumber = $minID;
// return minimum allowed id-number if no id-numbers are found
}
else $this->uidNumber = $this->orig['uidNumber'];
// old account -> return id-number which has been used
}
else {
// Check manual ID
// id-number is out of valid range
if ( $this->uidNumber < $minID || $this->uidNumber > $maxID) $errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
// $uids is allways an array but not if no entries were found
if (is_array($uids)) {
// id-number is in use and account is a new account
if ((in_array($this->uidNumber, $uids)) && $this->orig['uidNumber']=='') $errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
// id-number is in use, account is existing account and id-number is not used by itself
if ((in_array($this->uidNumber, $uids)) && $this->orig['uidNumber']!='' && ($this->orig['uidNumber'] != $this->uidNumber) ) {
$errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
$this->uidNumber = $this->orig['uidNumber'];
}
}
}
// Check if Homedir is valid
$this->homeDirectory = str_replace('$group', getgrnam($this->gidNumber), $this->homeDirectory);
if ($this->uid != '')
$this->homeDirectory = str_replace('$user', $this->uid, $this->homeDirectory);
if ($this->homeDirectory != $_POST['form_posixAccount_homeDirectory']) $errors[] = array('INFO', _('Home directory'), _('Replaced $user or $group in homedir.'));
if ( !ereg('^[/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*([/]([a-z]|[A-Z])([a-z]|[A-Z]|[0-9]|[.]|[-]|[_])*)*$', $this->homeDirectory ))
$errors[] = array('ERROR', _('Home directory'), _('Homedirectory contains invalid characters.'));
// Check if Name-length is OK. minLength=3, maxLength=20
if ( !ereg('.{3,20}', $this->uid)) $errors[] = array('ERROR', _('Name'), _('Name must contain between 3 and 20 characters.'));
// Check if Name starts with letter
if ( !ereg('^([a-z]|[A-Z]).*$', $this->uid))
$errors[] = array('ERROR', _('Name'), _('Name contains invalid characters. First character must be a letter'));
// Check if password is OK
if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $this->userPassword()))
$errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
// Return error-messages // Return error-messages
if (is_array($errors)) return $errors; if (is_array($errors)) return $errors;
// Go to additional group page when no error did ocour and button was pressed
if ($_POST['form_posixAccount_addgroup']) return 'group';
return 0; return 0;
} }
/* Write variables into object and do some regexp checks
*/
function process_groups() {
do { // X-Or, only one if() can be true
if (isset($_POST['form_posixAccount_addgroups']) && isset($_POST['form_posixAccount_addgroups_button'])) { // Add groups to list
// Add new group
$this->groups = @array_merge($this->groups, $_POST['allgroups']);
// remove doubles
$this->groups = @array_flip($this->groups);
array_unique($this->groups);
$this->groups = @array_flip($this->groups);
// sort groups
sort($this->groups);
break;
}
if (isset($_POST['form_posixAccount_removegroups']) && isset($_POST['form_posixAccount_removegroups_button'])) { // remove groups from list
$this->groups = array_delete($_POST['form_posixAccount_removegroups'], $this->groups);
break;
}
} while(0);
if (isset($_POST['form_posixAccount_addgroups_button']) || isset($_POST['form_posixAccount_removegroups_button'])) return 'group';
if ($_POST['form_posixAccount_toattributes'] return 'attributes';
return 0;
}
/* This function loads all attributes into the object /* This function loads all attributes into the object
* $attr is an array as it's retured from ldap_get_attributes * $attr is an array as it's retured from ldap_get_attributes
*/ */
function load_attributes($attr) { function load_attributes($attr) {
// Load attributes which are displayed // Load attributes which are displayed
// Values are kept as copy so we can compare old attributes with new attributes // Values are kept as copy so we can compare old attributes with new attributes
$this->cn = $attr['cn'][0];
$this->orig['cn'] = $attr['cn'][0];
$this->uid = $attr['uid'][0];
$this->orig['uid'] = $attr['uid'][0];
$this->uidNumber = $attr['uidNumber'][0];
$this->orig['uidNumber'] = $attr['uidNumber'][0];
$this->gidNumber = $attr['gidNumber'][0];
$this->orig['gidNumber'] = $attr['gidNumber'][0];
$this->homeDirectory = $attr['homeDirectory'][0];
$this->orig['homeDirectory'] = $attr['homeDirectory'][0];
if (isset($attr['loginShell'][0])) {
$this->loginShell = $attr['loginShell'][0];
$this->orig['loginShell'] = $attr['loginShell'][0];
}
if (isset($attr['gecos'][0])) {
$this->gecos = $attr['gecos'][0];
$this->orig['gecos'] = $attr['gecos'][0];
}
if (isset($attr['description'][0])) {
$this->gecos = $attr['description'][0];
$this->orig['description'] = $attr['description'][0];
}
if (isset($attr['userPassword'][0])) {
$this->orig['enc_userPassword'] = $attr['userPassword'][0];
}
$this->userPassword_lock=!pwd_is_enabled($attr['userPassword'][0]);
// get all additional groupmemberships
$dn_groups = getcache('memberUid', 'posixGroup', 'group');
$DNs = array_keys($dn_groups);
foreach ($DNs as $DN) {
if (in_array($attr['uid'], $dn_groups[$DN]))
$this->groups[] = substr($DN, 3, strpos($DN, ',')-1);
}
$this->orig['groups'] = $this->groups;
return 0;
} }
@ -424,42 +283,6 @@ class inetOrgPerson {
} }
} }
} }
// Set additional group memberships
if (is_array($this->groups)) {
// There are some additional groups defined
if (is_array($this->orig['groups']) {
//There are some old groups.
$add = array_delete($this->orig['groups'], $this->groups);
$remove = array_delete($this->groups, $this->orig['groups']);
$dn_cns = getcache('cn', 'posixGroup', 'group');
// getcache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
$DNs = array_keys($dn_cns);
foreach ($DNs as $DN) {
if (in_array($dn_cns[$DN], $add)) $return[$DN]]['add']['memberUid'] = $this->uid;
if (in_array($dn_cns[$DN], $remove)) $return[$DN]]['remove']['memberUid'] = $this->uid;
}
}
else {
// Add user to every group
$dn_cns = getcache('cn', 'posixGroup', 'group');
// getcache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
$DNs = array_keys($dn_cns);
foreach ($DNs as $DN) {
if (in_array($dn_cns[$DN], $this->groups)) $return[$DN]]['add']['memberUid'] = $this->uid;
}
}
}
else {
if (is_array($this->orig['groups'])) {
//There are some old groups which have to be removed
$dn_cns = getcache('cn', 'posixGroup', 'group');
// getcache will return an array ( dn1 => array(cn1), dn2 => array(cn2), ... )
$DNs = array_keys($dn_cns);
foreach ($DNs as $DN) {
if (in_array($dn_cns[$DN], $this->orig['groups'])) $return[$DN]]['remove']['memberUid'] = $this->uid;
}
}
}
} }
/* This function returns all ldap attributes /* This function returns all ldap attributes

8
lam/templates/account/useredit.php
View File

@ -758,10 +758,10 @@ if (is_array($errors))
// print_r($account_new); // print_r($account_new);
//print_r($account_old); //print_r($account_old);
//$temp = new cache(); if (!isset($_SESSION['cache'])) $_SESSION['cache'] = new cache();
//$temp->add_cache(array( 'user' => array('uid', 'cn' ) )); $temp = new accountContainer('user');
//print_r($temp->get_cache('uid', 'posixAccount', 'user')); $temp->add_objectClass('inetOrgPerson');
//print_r($temp->ldapcache); // print_r($temp->modules);
switch ($select_local) { switch ($select_local) {
/* Select which part of page should be loaded and check values /* Select which part of page should be loaded and check values