This document describes the module interface for LDAP Account Manager

1. Location and naming of modules

All LAM modules are placed in lib/modules/ and are named "<class name>.inc".
E.g. if you create a new module and its class name is "qmail" then the filename would be "qmail.inc".

The class name of a module must contain only a-z, A-Z, 0-9, -, and _.
All module classes should extend the baseModule class.

2. Class functions

2.1. Functions that have to work without superior accountContainer

2.1.1. can_manage*

function can_manage()

Returns true if this module can manage accounts of the current type, otherwise false.

2.1.2. get_alias*

function get_alias()

This function returns a more descriptive string than the class name. Alias names are used for the buttons of the account pages and the module selection of the configuration wizard.
Please take care that your alias name is not too long. It may contain any character but should not include parts that may be interpreted by the browser (e.g. '<' or '>').
If you use different aliases dependent on the account type please make sure that there is a general alias for unknown types.

2.1.3. is_base_module*

function is_base_module()

Returns true if your module is a base module and otherwise false.

Every account type needs exactly one base module. A base module manages a structural object class.
E.g. the inetOrgPerson module is a base module since its object class is structural.

2.1.4. get_ldap_filter*

function get_ldap_filter()

Returns an array('or' => '...', 'and' => '...') that is used to build the LDAP filter. Usually used to filter object classes.

All "or" filter parts of the base modules are combined with OR and then combined with the "and" parts.
The resulting LDAP filter will look like this: (&(|(OR1)(OR2)(OR3))(AND1)(AND2)(AND3))

Example: return "('or' => '(objectClass=posixAccount)', 'and' => '(!(uid=*$))')"

2.1.5. getManagedObjectClasses*

function getManagedObjectClasses()

Returns an array of object class names which are managed by this module.

This is used to fix spelling errors in LDAP-Entries (e.g. if "posixACCOUNT" is read instead of "posixAccount" from LDAP).

Example: return "('posixAccount')"

2.1.6. getLDAPAliases*

function getLDAPAliases()

This function returns a list of LDAP attribute alias names.

return array(<alias name> => <attribute name>)

2.1.7. get_RDNAttributes*

function get_RDNAttributes()

Returns a hash array containing a list of possible LDAP attributes that can be used to form the RDN (Relative Distinguished Name).

The keys of the array are the LDAP attributes, the values are the priority ("low"/"normal"/"high").
Attributes with higher priority are placed higher in the drop down box for the RDN selection.

Example: return "('uid' => 'normal', 'cn' => 'low')"

2.1.8. get_dependencies*

function get_dependencies()

This function returns a list of modules it depends on.

The return value is an array with two sub arrays, "depends" and "conficts".
All values of the conflict array are string values with module names.
All values of the depends array are either string values with module names or arrays which include only string values with module names. If an element of the depends array is itself an array, this means that your module depends on one of these modules.

Example: return array("depends" => array("posixAccount", array("qmail", "sendmail")), "conflicts" => array("exim"));

2.1.9. get_metaData()

function get_metaData()

Returns an hash array including meta data for the baseModule.

Example: return array("is_base" => true);

2.1.10. get_configOptions()*

function get_configOptions($scopes, $allScopes)

Returns a list of configuration options.
$scopes is a list of account types (user, group, host) which are used.
$allScopes is a list of all active account modules and their scopes (module => array(scopes))

The return value is an array that contains meta HTML code.

The type "fieldset" is not allowed here.
The name attributes are used as keywords to load and save settings. We recommend to use the module name as prefix for them (e.g. posixAccount_homeDirectory) to avoid naming confilcts.

2.1.11. check_configOptions*

function check_configOptions($scopes, $options)

This function checks the input for module configuration settings.

$scopes is a list of used account types (user, group, host).
$options is an hash array (option name => value) that contains the input. The option values are all arrays containing one or more elements.
If the input data is invalid the return value is an array that contains arrays to build StatusMessages (0 => message type, 1 => message head, 2 => message text, 3 => additional variables).
If no errors occured the function returns an empty array.

2.1.12. get_scope()

function get_scope()

Returns the account type (user/group/host) of this module object.

This function is provided by the baseModule and should not be overwritten.

2.1.13. get_uploadColumns*

function get_uploadColumns()

Returns a list of column entries for the upload .csv-file.
Each column entry is an array containing these values:

string name: fixed non-translated name which is used as column name (should be of format: <module name>_<column name>)
string description: short descriptive name
string help: help ID
string example: example value
string values: possible input values (optional)
string default: default value (optional)
boolean required: true, if user must set a value for this column (optional, default: "false")
boolean unique: true if all values of this column must be different values (optional, default: "false")

2.1.14. get_uploadPreDepends*

function get_uploadPreDepends()

Returns a list of module names which must be processed before this module at builing accounts.
The named modules may not be active, LAM will check this automatically.

2.1.15. build_uploadAccounts

function get_uploadAccounts($rawAccounts, $ids, $partialAccounts)

This function takes the user input and generates the LDAP accounts.

array $rawAccounts: The user input data, contains one sub array for each account.
array $ids: Maps the column names to keys for the sub arrays.
array $partialAccounts: Containing one sub array for each account, format is the same as used for ldap_add().

Returns an array which contains sub arrays to generate StatusMessages if any errors occured.

2.1.16. do_uploadPostActions

function do_uploadPostActions($data, $ids, $failed, &$temp)

This function is responsible to do additional tasks after the account has been created in LDAP.
E.g. modifying group memberships, adding Quota etc..

This function is called as long as the returned status is 'finished'. Please make sure that one function call lasts no longer than 3-4 seconds. Otherwise the upload may fail because the time limit is exceeded. You should not make more than one LDAP operation in each call.

array $data: The user input data, contains one sub array for each account.
array $ids: Maps the column names to keys for the sub arrays.
array $failed: List of account numbers which could not be successfully uploaded to LDAP.
array &$temp: Pointer to temporary variable which can be used to save information between two function calls.

return array (
    'status' => 'finished' | 'inProgress'   // Defines if all operations are complete
    'progress' => 0..100   // The progress of the operations in percent
    'errors' => array()   // List of arrays which are used to generate StatusMessages
    )

2.1.17. get_profileOptions*

function get_profileOptions()

This function defines what attributes will be used in the account profiles and their appearance in the profile editor.

The return value is an array that contains meta HTML code.

The type "fieldset" is not allowed here.
The name attributes are used as keywords to load and save profiles. We recommend to use the module name as prefix for them (e.g. posixAccount_homeDirectory) to avoid naming confilcts.

2.1.18. check_profileOptions*

function check_profileOptions($options)

This function checks the input for a new or modified account profile.

$options is an hash array (option name => value) that contains the input. The option values are all arrays containing one or more elements.
If the input data is invalid the return value is an array that contains arrays to build StatusMessages (0 => message type, 1 => message head, 2 => message text, 3 => additional variables).
If no errors occured the function returns an empty array.

2.1.19. load_profile*

function load_profile($profile)

This function loads the values from an account profile to the module's internal data structures.

$profile is an hash array (identifier => array(values)) with all values of an account profile.

2.1.20. getRequiredExtensions*

function getRequiredExtensions()

This function returns a list of PHP extensions (e.g. mhash) which are needed by this module.

2.1.21. getSelfServiceSearchAttributes*

function getSelfServiceSearchAttributes()

This function returns a list of possible LDAP attributes (e.g. uid, cn, ...) which can be used to search for LDAP objects.

2.1.22. getSelfServiceFields*

function getSelfServiceFields()

This function returns a list of possible self service fields and their descriptions.

return array ('myField' => 'Field description');

2.1.23. getSelfServiceOptions

function getSelfServiceOptions($fields, $attributes)

Builds and returns the meta HTML code for each self service field.

$fields: list of self service field names
$attributes: LDAP attributes of the current account (all lower case)

2.1.24. checkSelfServiceOptions

function checkSelfServiceOptions($fields, $attributes)

Returns a list of LDAP operations and error messages.

$fields: list of self service field names
$attributes: LDAP attributes of the current account (all lower case)

return array(
    'messages' => array(array('ERROR', 'Error topic', 'Error message')),
    'add' => array('mail' => array('test@test.com')),
    'mod' => array(),
    'del' => array(),
);

2.1.25. getSelfServiceSettings

function getSelfServiceSettings()

Returns a list of self service configuration settings.

The return value is an array that contains meta HTML code.

The type "fieldset" is not allowed here.
The name attributes are used as keywords to load and save settings. We recommend to use the module name as prefix for them (e.g. posixAccount_homeDirectory) to avoid naming confilcts.

2.1.26. checkSelfServiceSettings

function checkSelfServiceSettings($options)

Checks if the self service settings are valid.

$options: is an hash array (option name => value) that contains the input. The option values are all arrays containing one or more elements.

If the input data is invalid the return value is an array that contains arrays to build StatusMessages (0 => message type, 1 => message head, 2 => message text, 3 => additional variables).
If no errors occured the function returns an empty array.

2.2. Functions which are called inside of an account container

2.2.1. init

function init($base)

Every module needs a initializing function that has an account container as argument $base.
With this account container you can interact with other modules and use several helper functions.

2.2.2. module_ready

function module_ready()

Your module might depend on input of other modules. This function determines if the user can change to your module page or not.
The return value is true if your module accepts input, otherwise false.

This function is implemented by the baseModule which returns true as default.

2.2.3. module_complete

function module_complete()

This function tells LAM if it can create/modify the LDAP account. If your module needs any additional input then set this to false. The user will be notified that your module needs more input.

This function is implemented by the baseModule which returns true as default.

2.2.4. getButtonStatus

function getButtonStatus()

This function tells LAM if the module button on the account page is visible and active.
The function may return these values:

enabled: button is visible and active
disabled: button is visible and deactivated (greyed)
hidden: no button will be shown

2.2.4. get_help

function get_help($helpID)

This function is called when a page requests a help topic from this module.
$helpID is the help identifier; it must only contain a-z, A-Z, 0-9 -, . and _.
It must return the help entry as array for the submitted help identifier. The format of the array to be returned is described in section 4. "Help entry syntax".

2.2.7. get_pdfEntries

function get_PDF_Entries()

This function is called when a PDF is to be created.
It returns the fields which are printed in the PDF file for the specified account type. At the monent there is no (easy) possibility for the user to decide which fields are to be displayed. Perhaps there will be a PDF config tool in future releases where you can offer the user to decide which fields are to be displayed on the PDF file. The format of the array to be returned is described in section 5. "PDF syntax".

2.2.8. dynamic_Message

function dynamic_Message($attribute, $id)

This function is only needed when a status message contains strings with variables.
$attribute is the attribute the message is corresponding to.
$id selects the exact message.

Returnis an array as expected from StatusMessage().

2.2.9. load_Messages

function load_Messages()

This function is fills the array $this->messages. First Index (x) is the attribute the message is corresponding to.
Second Index (y) selects the exact message. Third Index (z) contains an array as expected from StatusMessage().
$this->messages[x][y][z]

2.2.10. load_attributes

function load_attributes($attr)

This function loads attributes when an account should be loaded.
$attr is an array like the array returned by get_ldap_attributes(dn of account) but without count indicees.
If all attributes are very simple are part of the dn of account it's possible to just call $this->load_ldap_attributes($attr)
which is part of baseModule.
The function load_ldap_attributes loads all attributes which fit to the objectClass of the module.
This function has t be expanded when attributes have to be loaded from a different DN or handled completly
separat.

2.2.11. save_attributes

function save_attributes()

This function returns an array with changes which should be saved.
The return array has the following syntax: First index is the ldap dn which should be changed. Second
index is the kind of modification. Possible values are: 'add', 'modify', 'notchanged', 'remove'.
Third index is the attribute which should be changes. Fourth index is an array with all values of
an attribute.
If you want to call lamdaemon first index is 'lamdaemon'. Second index is 'command'. Third index is the command
itself which should be executed by lamdaemon.

This function is implemented by the baseModule which builds the required comands from $this-attributes and $this->orig.

2.2.12. delete_attributes

function delete_attributes($post)

This function returns an array with the same syntax as save_attributes(). It additional LDAP changes when an account is deleted.
$post is the $_POST array.

2.2.13. process_attributes

function process_attributes($post)

This function processes user input. It checks user input. It also saves changes in attributes.
It may return an array which contains status messages. Each entry is an array containing the status message parameters.
$post is the $_POST array.

Example:

return array(0 => array('ERROR', 'Invalid input!', 'This is not allowed here.'));

2.2.14. process_*

function process_*($post)

This function has the exact behavoir like process_attributes function. * is the name of the subpage which
should be processed.
$post is the $_POST array. It is needed to interact with the user.

2.2.15. display_html_attributes($post)

function display_html_attributes($post)

This function creates meta HTML code. The code is the page the module wants to display.
Return is an array of meta HTML code.
$post is the $_POST array. It is needed t interact with the user.

2.2.16. display_html_*($post)

function display_html_*($post)

This function has the exact behavoir like display_html_attributes(). * is the name of the subpage which
should be displayed.
$post is the $_POST array. It is needed t interact with the user.

2.2.17. display_html_delete($post)

function display_html_delete($post)

This function creates meta HTML code. The code will be displayed when an account should be deleted.
This is needed to interact, e.g. should the home directory be deleted?
The output of all modules is displayed on a single page.
Return is an array of meta HTML code.
$post is the $_POST array. It is needed t interact with the user.

*: These functions do not need to be implemented if meta data is supplied. See 6 for a list of meta data formats.

3. Meta HTML code

The modules are not allowed to display HTML code directly but return meta HTML code. This allows to have a common design for all module pages.
Meta HTML code is always returned as a three dimensional array[a][b][c] where a is the row number, b is the coumn number and c is is a data elememt.

Format for data elements:

A data element is an array which contains the data to display.
All data elements must contail a value "kind" which defines what kind of element should be displayed.

These are the possibilies for kind and what other options are implicated:

fieldset: Inserts a fieldset.

legend: The legend of the fieldset.
value: A data element. Can be used recursively.

help: Adds a help link.

value: The help number for the help entry.
scope: The account type for the help entry.

input: Adds a HTML input element.

name: The name of the element, will be used later as variable name when user input is returned.
type: allowed values: submit, reset, checkbox, text, password, file, hidden
checked: Boolean value, if true a checkbox will be checked. This value is only needed or checkboxes.
disabled: Boolean value, if true the element will be disabled.
size: The length of the input element, only used for text, password and file.
maxlength: The maximum size of the input element, only used for text, password and file.
value: The element will have this value as default. Button elements will have this as caption.

select: This will add a select field.

name: The name of the element, will be used later as variable name when user input is returned.
multiple: Boolean value, if set to true the user can select more than one entry.
options: Array of string. This is the list of option values the user can select.
options_selected: Array of string. This is the list of pre selected elements, must contain values that are also in options.
descriptiveOptions: Boolean value, if set to true then all elements in options must be arrays themselves (array(value, description)) (default: false)
size: The size of the select field, if set to 1 a dropdown box will be displayed.
noSorting: If set to true then the entries will not be sorted. Default is false.

table: Adds a table. Can be used recursively.

value: A data element. Can be used recursively.

text: Inserts a text element.

text: The text to display.

textarea: Adds a multiline text field.

name: The name of the element, will be used later as variable name when user input is returned.
rows: Number of rows (required)
cols: Number of characters for each line (required)
readonly: Boolean value, if true the text field will be read only.

image: Displays an image.

path: Path to the image
width: Width of the image
height: Height of the image
alt: Alt text of the image

Beneath those values a "td" value may be added. This has to be an array with one or more of these options:

colspan: Like the HTML colspan attribute for td elements
rowspan: Like the HTML rowspan attribute for td elements
align: left/center/right/justify Like the HTML align attribute
valign: top/middle/bottom Like the HTML valign attribute
width: Like the HTML height attribute for td elements

Input buttons which should load a different subpage of a module must have a special name attribute:

name => 'form_subpage_' . <module name> . '_' . <subpage name> . '_' . <button name>

<module name>: name of this account module (e.g. 'posixAccount')
<subpage name>: name of next subpage (e.g. 'attributes')
<button name>: a name to distinguish buttons (e.g. 'ok'/'cancel'/'back')

Example:

array(

  0 => array(

    0 => array("kind" => "text", "text" =>
"This is an
example", "td" => array("colspan" => 3))

  ), 

  1 => array(

    0 => array("kind" => "text", "text" =>
"Input:"),

    1 => array("kind" => "input", "name" =>
"myinput",
"type" => "text"),

    2 => array("kind" => "help", "value" => "42")

  ),

  2 => array(

    0 => array("kind" => "input", "name" =>
'form_subpage_myModule_attributes_back', "value" => _("Back"))

  )

4. Help entry syntax

The array that is returned by the get_help function must follow the below described syntax. Fields marked REQUIRED are neccessary under any circumstances. Fields marked OPTIONAL may be left out when not needed.
There are basically two different types of help entries that can be used. Internal help entries, that means the headline, text, etc is included in the help entry or external help entries, that means the help entry has only a reference pointing to a HTML/PHP page that offers the help entry.

4.1. Internal help entries

ext (REQUIRED)
Must be FALSE in this case.

Headline (REQUIRED)
The headline of this help entry. Can consist of any alpha-numeric characters. No HTML/CSS elements are not allowed here.

Text (REQUIRED)
The text of this help entry. Can constist if any alpha-numeric characters and can contain placeholder for variables passed to this help entry. The placeholder must follow the syntax for placeholder defined by the PHP printf function. HTML/CSS elements are allowed here as long as they follow the XHTML1.0 Strict specification.

When placeholders are included you can submit the values that should be displayed there as arguments when calling the templates/help.php file. There they are attached as var1, var2 and so on. The names must follow the following rules:

1. They must be named var$i where $i is any positive number except the '0'.
2. This number ($i) must either be '1' or $i -1 must be present.

SeeAlso (OPTIONAL)
An array of references to anonther related subjects. Each row of the array must contain a field called "text" with the text that should be displayed and may contain a field called "link" which is used as value for the href attribute of a HTML tag when set.

4.2. External help entries

ext (REQUIRED)
Must be TRUE in this case.

Link (REQUIRED)
The complete filename of the file stored under the help/ directory which should be displayed when this help entry is called.

5. PDF syntax

The get_pdfEntries() function uses XML formatted commands to define the PDF output. Each part in the PDF document is surrounded by "<block>" and "</block>".

Inside the <block> tags there are different ways to format the output:

simple line with attribute name and value: <block><key>attribute name</key><value>attribute value</value></block>
table: <block><key>attribute name</key><tr><td>value<td><td>value<td></tr></block><block><tr><td>value</td><td>value<td></tr></block>

Special commands:

Alignment in <td>: You can specify the alignment in <td> tags with align=(L|R|C) (e.g. <td align=\"L\">)
Cell width: <td> allows an attribute "width" to set the cell width (e.g. <td width=20%> or <td width=30>).
Line breaks: Line breaks can be specified by adding a <br /> tag. The new line will start at the left border of the PDF document.

Examples:

1. Simple name+value lines:

In most cases you will just want to display a single line per attribute with its name and value.

'myAttribute' => '<block><key>AttrName</key><value>12345</value></block>'

This will give the following PDF output: AttrName: 12345

2. Multiline values:

Sometimes you have multivalued attributes where it is not applicable to write all values in one line but where you want to list your values one below the other or show a table.
This can be done by using the <td> tag. This example only uses one column but can just use more <td> tags per <block> tag to display more columns.

'myAttribute' => '<block><key>AttrName</key><tr><td align=\"L\">123</td></tr></block><block><tr><td align=\"L\">456</td></tr></block><block><tr><td align=\"L\">789</td></tr></block>'

This will give the following PDF output:

AttrName:	123
	456
	789

6. Module meta data

6.1 can_manage()

"account_types" => array

Example: array("user", "host")

6.2 is_base_module()

"is_base" => boolean

6.3 get_ldap_filter()

"ldap_filter" => array

Example: array('or' => 'objectClass=posixAccount', 'and' => '(!(uid=*$))')

6.4 getManagedObjectClasses()

"objectClasses" => array

Example: array('posixAccount')

6.5 getLDAPaliases()

"LDAPaliases" => array()

Example: array('commonName' => 'cn')

6.6 get_RDNAttributes()

"RDN" => array

Example: array('uid' => 'normal', 'cn' => 'low')

6.7 get_dependencies()

"dependencies" => array

Example: array("depends" => array("posixAccount", array("qmail", "sendmail")), "conflicts" => array("exim"))

6.8 get_profileOptions()

"profile_options" => array

Syntax for array is the same as for the return value of get_profileOptions().

6.9 check_profileOptions()

    "profile_checks" => array

   The keys of the array are the names of the option identifiers.
   Each array element is an array containing these values:

type: determines how to check input

regex: check with regular expression from regex variable, case sensitive
regex_i: check with regular expression from regex variable, case insensitive
int_greater: integer value of cmp_name1 must be greater than the integer value from the option cmp_name2
int_greaterOrEqual: integer value of cmp_name1 must be greater or equal than the integer value from the option cmp_name2

error_message: message that is displayed if input value was syntactically incorrect

array to build StatusMessages (0 => message type, 1 => message head, 2 => message text, 3 => additional variables)

regex: regular expression string (only if type is regex/regex_i)
cmp_name1: name of first input variable that is used for comparison (only if type is int_greater/int_greaterOrEqual)
cmp_name2: name of second input variable that is used for comparison (only if type is int_greater/int_greaterOrEqual)
required: true or false, if this input field must be filled set to true (optional)
required_message: message that is displayed if no input value was given (only if required == true)

array to build StatusMessages (0 => message type, 1 => message head, 2 => message text, 3 => additional variables)

6.10 load_profile()

"profile_mappings" => array('profile_identifier1' => 'LDAP_attribute1', 'profile_identifier2' => 'LDAP_attribute2')

The mapped values are stored directly in $this->attributes.

6.11 get_configOptions()

    "config_options" => array('user' => array, 'host' => array, 'all' => array)

    The values from 'all' are always returned, the other values only if they are inside the $scopes array.

   Syntax for sub arrays is the same as for the return value of get_configOptions().

6.12 check_configOptions()

    "config_checks" => array('user' => array, 'host' => 'array', 'all' => array)

    The values from 'all' are always used for checking, the other values only if they are inside the $scopes array.

   Syntax for sub arrays is the same as for check_profileOptions().

6.13 get_uploadColumns()

"upload_columns" => array()

Syntax for array is the same as for the return value of get_uploadColumns().

6.14 get_uploadPreDepends()

"upload_preDepends" => array()

Syntax for array is the same as for the return value of get_uploadPreDepends().

6.15 getRequiredExtensions()

"extensions" => array()

Example: array('mhash')

6.16 getSelfServiceSearchAttributes()

"selfServiceSearchAttributes" => array()

Example: array('uid')

6.17 getSelfServiceFields()

"selfServiceFieldSettings" => array()

Example: array('pwd' => 'Password')