lib/modules/posixAccount.inc

Properties

Description

Manages Unix accounts for users and hosts.

Classes

posixAccount

Properties

 
\passwordService
 
modules  
No 
No 

Description

Manages the object class "posixAccount" for users and hosts.
It implements the complete module interface and uses meta-data provided by the account modules for its functions.

Location and naming of modules
All LAM modules are placed in lib/modules/ and are named ".inc". E.g. if you create a new module and its class name is "qmail" then the filename would be "qmail.inc". The class name of a module must contain only a-z, A-Z, 0-9, -, and _.

You can avoid to override many functions by using {@link get_metaData()}.

All module classes should extend the baseModule class.

Methods

__construct, areGroupOfNamesActive, build_uploadAccounts, checkASCII, checkSelfServiceOptions, check_configOptions, delete_attributes, display_html_attributes, display_html_delete, display_html_group, display_html_homedir, doUploadPostActions, findGroupOfNames, findGroups, getGID, getGroupDN, getGroupName, getHomedirAttrName, getNextSambaPoolUIDs, getNextUIDs, getNextUserName, getPasswordAttrName, getSelfServiceOptions, getShells, getUIDs, getUserNameSuggestion, getUserNames, get_metaData, get_pdfEntries, get_profileOptions, init, isLockable, isLocked, isOptional, load_Messages, load_attributes, load_profile, lock, manageCn, managesPasswordAttributes, module_complete, passwordChangeRequested, postModifyActions, preDeleteActions, process_attributes, process_group, process_homedir, removeFromGONGroups, removeFromUnixGroups, save_attributes, supportsForcePasswordChange, unlock, userNameExists,

__construct( string   $scope, ) : n/a

Description

Creates a new windowsPosixGroup object.

Arguments

Name Type Description Default
$scope string

account type (user, group, host)

Return value

Type Description
n/a n/a

areGroupOfNamesActive( ) : boolean

Description

Returns if LAM manages group of names entries.

Return value

Type Description
boolean group of names are active

build_uploadAccounts( array   $rawAccounts, array   $ids, array   $partialAccounts, array   $selectedModules, ) : array

Description

In this function the LDAP account is built up.

Arguments

Name Type Description Default
$rawAccounts array

list of hash arrays (name => value) from user input

$ids array

list of IDs for column position (e.g. "posixAccount_uid" => 5)

$partialAccounts array

list of hash arrays (name => value) which are later added to LDAP

$selectedModules array

list of selected account modules

Return value

Type Description
array list of error messages if any

checkASCII( string   $attribute, ) : string

Description

Checks if an attribute contains only ASCII charaters and replaces invalid characters.

Arguments

Name Type Description Default
$attribute string

attribute value

Return value

Type Description
string attribute value with replaced non-ASCII characters

checkSelfServiceOptions( string   $fields, array   $attributes, boolean   $passwordChangeOnly, array   $readOnlyFields, ) : array

Description

Checks if all input values are correct and returns the LDAP attributes which should be changed.

Return values:
messages: array of parameters to create status messages
add: array of attributes to add
del: array of attributes to remove
mod: array of attributes to modify
"info" are values with informational value (e.g. to be used later by pre/postModify actions) Calling this method does not require the existence of an enclosing {@link accountContainer}.

Arguments

Name Type Description Default
$fields string

input fields

$attributes array

LDAP attributes

$passwordChangeOnly boolean

indicates that the user is only allowed to change his password and no LDAP content is readable

$readOnlyFields array

list of read-only fields

Return value

Type Description
array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))

check_configOptions( array   $scopes, array   $options, ) : array

Description

Checks input values of module settings.

Arguments

Name Type Description Default
$scopes array

list of account types which are used

$options array

hash array containing the settings (array('option' => array('value')))

Return value

Type Description
array list of error messages

delete_attributes( ) : \List

Description

Additional LDAP operations on delete.

Return value

Type Description
\List of LDAP operations, same as for save_attributes()

display_html_attributes( ) : \htmlElement

Description

Returns the HTML meta data for the main account page.

Return value

Type Description
\htmlElement HTML meta data

display_html_delete( ) : \htmlElement

Description

Displays the delete homedir option for the delete page.

Return value

Type Description
\htmlElement meta HTML code

display_html_group( ) : \htmlElement

Description

Displays the group selection.

Return value

Type Description
\htmlElement meta HTML code

display_html_homedir( ) : \htmlElement

Description

Displays the delete homedir option for the homedir page.

Return value

Type Description
\htmlElement meta HTML code

doUploadPostActions( array   $data, array   $ids, array   $failed, array   $temp, array   $accounts, ) : array

Description

This function executes one post upload action.

Arguments

Name Type Description Default
$data array

array containing one account in each element

$ids array

array( => )

$failed array

list of accounts which were not created successfully

$temp array

variable to store temporary data between two post actions

$accounts array

list of LDAP entries

Return value

Type Description
array current status <br> array ( <br> 'status' => 'finished' | 'inProgress' <br> 'progress' => 0..100 <br> 'errors' => array (<array of parameters for StatusMessage>) <br> )

findGroupOfNames( ) : array

Description

Finds all existing LDAP group of names.

Return value

Type Description
array groups array(dn => array('cn' => array('groupName'), 'objectClass' => array('top', 'groupOfNames')))

findGroups( ) : array

Description

Finds all existing LDAP groups.

Return value

Type Description
array groups array(array(gidnumber, cn), array(gidnumber, cn), ...)

getGID( String   $groupname, ) : String

Description

Returns the group ID of the given group.

Arguments

Name Type Description Default
$groupname String

group name

Return value

Type Description
String GID

getGroupDN( String   $groupname, ) : String

Description

Returns the group DN of the given group.

Arguments

Name Type Description Default
$groupname String

group name

Return value

Type Description
String DN

getGroupName( String   $groupID, ) : String

Description

Returns the group name of the group with the given group ID.

Arguments

Name Type Description Default
$groupID String

group ID

Return value

Type Description
String group name

getHomedirAttrName( ) : boolean

Description

Returns the home directory attribute.
Usually, this is homeDirectory. If Windows modules are active this is unixHomeDirectory.

Return value

Type Description
boolean attribute name

getNextSambaPoolUIDs( integer   $count, array   $errors, ) : mixed

Description

Gets the free UID numbers from an Samba pool entry in LDAP.

Arguments

Name Type Description Default
$count integer

number of needed free UIDs.

$errors array

list of error messages where errors can be added

Return value

Type Description
mixed null if no UIDs are free else an array of free UIDs

getNextUIDs( integer   $count, array   $errors, ) : mixed

Description

Returns one or more free UID numbers.

Arguments

Name Type Description Default
$count integer

Number of needed free UIDs.

$errors array

list of error messages where errors can be added

Return value

Type Description
mixed Null if no UIDs are free else an array of free UIDs.

getNextUserName( String   $userName, ) : String

Description

Returns the next possible user name based on the given one.
If the user name does not end with a number then a "2" is added. User names with numbers at the end are simply increased by one.

Attention: This user name might still be in use. This needs to be checked separately.

Arguments

Name Type Description Default
$userName String

user name

Return value

Type Description
String new user name

getPasswordAttrName( ) : boolean

Description

Returns the password attribute.
Usually, this is userPassword. If Windows modules are active this is unixUserPassword.

Return value

Type Description
boolean attribute name

getSelfServiceOptions( array   $fields, array   $attributes, boolean   $passwordChangeOnly, array   $readOnlyFields, ) : array

Description

Returns the meta HTML code for each input field.
format: array( => array(), ...) It is not possible to display help links.

Arguments

Name Type Description Default
$fields array

list of active fields

$attributes array

attributes of LDAP account

$passwordChangeOnly boolean

indicates that the user is only allowed to change his password and no LDAP content is readable

$readOnlyFields array

list of read-only fields

Return value

Type Description
array list of meta HTML elements (field name => htmlTableRow)

getShells( ) : array

Description

Returns the list of possible login shells.

Return value

Type Description
array login shells

getUIDs( ) : array

Description

Returns a list of existing UID numbers.

Return value

Type Description
array list of UID numbers

getUserNameSuggestion( array   $attrs, ) : String

Description

Returns a suggestion for the user name.
By deafult this wil be the first character of the first name plus the last name.

Arguments

Name Type Description Default
$attrs array

LDAP attributes

Return value

Type Description
String user name

getUserNames( ) : array

Description

Returns a list of all user names in LDAP.

Return value

Type Description
array user names

get_metaData( ) : array

Description

Returns meta data that is interpreted by parent class

Return value

Type Description
array array with meta data

Tags

Name Description
see

get_pdfEntries( ) : array

Description

Returns the PDF entries for this module.

Return value

Type Description
array list of possible PDF entries

get_profileOptions( ) : \profile

Description

Returns a list of elements for the account profiles.

Return value

Type Description
\profile elements

init( string   $base, ) : n/a

Description

Initializes the module after it became part of an accountContainer

Arguments

Name Type Description Default
$base string

the name of the accountContainer object ($_SESSION[$base])

Return value

Type Description
n/a n/a

isLockable( ) : n/a

Description

Returns if this account can be locked.
This is the case if a hashed password is set ("{" at the beginning).

Return value

Type Description
n/a n/a

isLocked( ) : boolean

Description

Returns if the Unix part of the current account is locked.

Return value

Type Description
boolean password is locked

isOptional( ) : boolean

Description

Returns if the Unix part can be added and removed.

Return value

Type Description
boolean is optional

load_Messages( ) : n/a

Description

This function fills the error message array with messages.

Return value

Type Description
n/a n/a

load_attributes( array   $attr, ) : n/a

Description

This function loads all needed LDAP attributes.

Arguments

Name Type Description Default
$attr array

list of attributes

Return value

Type Description
n/a n/a

load_profile( array   $profile, ) : n/a

Description

Loads the values of an account profile into internal variables.

Arguments

Name Type Description Default
$profile array

hash array with profile values (identifier => value)

Return value

Type Description
n/a n/a

lock( ) : n/a

Description

Locks the user password of this account.

Return value

Type Description
n/a n/a

manageCn( ) : boolean

Description

Returns if the cn attribute should be managed.
If Windows modules are active then cn will not be managed.

Return value

Type Description
boolean manage cn attribute

managesPasswordAttributes( ) : boolean

Description

This method specifies if a module manages password attributes.

Return value

Type Description
boolean true if this module manages password attributes

Tags

Name Description
see

module_complete( ) : boolean

Description

This functions is used to check if all settings for this module have been made.

Return value

Type Description
boolean true, if settings are complete

passwordChangeRequested( String   $password,   $modules, boolean   $forcePasswordChange, ) : array

Description

This function is called whenever the password should be changed. Account modules must change their password attributes only if the modules list contains their module name.

Arguments

Name Type Description Default
$password String

new password

$modules n/a

list of modules for which the password should be changed

$forcePasswordChange boolean

force the user to change his password at next login

Return value

Type Description
array list of error messages if any as parameter array for StatusMessage e.g. return arrray(array('ERROR', 'Password change failed.'))

Tags

Name Description
see

postModifyActions( boolean   $newAccount, array   $attributes, ) : array

Description

Runs the postmodify actions.

Arguments

Name Type Description Default
$newAccount boolean
$attributes array

LDAP attributes of this entry

Return value

Type Description
array array which contains status messages. Each entry is an array containing the status message parameters.

Tags

Name Description
see

preDeleteActions( ) : array

Description

Allows the module to run commands before the LDAP entry is deleted.

Return value

Type Description
array Array which contains status messages. Each entry is an array containing the status message parameters.

process_attributes( ) : array

Description

Processes user input of the primary module page.
It checks if all input values are correct and updates the associated LDAP attributes.

Return value

Type Description
array list of info/error messages

process_group( ) : array

Description

Processes user input of the group selection page.
It checks if all input values are correct and updates the associated LDAP attributes.

Return value

Type Description
array list of info/error messages

process_homedir( ) : array

Description

Processes user input of the homedir check page.
It checks if all input values are correct and updates the associated LDAP attributes.

Return value

Type Description
array list of info/error messages

removeFromGONGroups( ) : n/a

Description

Removes all group of names memberships from this user.

Return value

Type Description
n/a n/a

removeFromUnixGroups( ) : n/a

Description

Removes all Unix group memberships from this user.

Return value

Type Description
n/a n/a

save_attributes( ) : array

Description

Returns a list of modifications which have to be made to the LDAP account.

Return value

Type Description
array list of modifications <br>This function returns an array with 3 entries: <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... ) <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid) <br>"add" are attributes which have to be added to LDAP entry <br>"remove" are attributes which have to be removed from LDAP entry <br>"modify" are attributes which have to been modified in LDAP entry <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)

supportsForcePasswordChange( ) : boolean

Description

Specifies if this module supports to force that a user must change his password on next login.

Return value

Type Description
boolean force password change supported

unlock( ) : n/a

Description

Unlocks the user password of this account.

Return value

Type Description
n/a n/a

userNameExists( String   $userName, ) : boolean

Description

Checks if the given user name already exists in LDAP.

Arguments

Name Type Description Default
$userName String

user name

Return value

Type Description
boolean true if already exists

Properties

$SPLIT_DELIMITER, $cachedUIDList, $cachedUserNameList, $clearTextPassword, $gonCache, $gonList, $gonList_orig, $groupCache, $groups, $groups_orig, $lamdaemonServers, $umlautReplacements,

  private  static $SPLIT_DELIMITER = "###x##y##x###"

delimiter for lamdaemon commands


  private  $cachedUIDList = null

caches the list of known UIDs


  private  $cachedUserNameList = null

caches the list of known user names


  private  $clearTextPassword =

clear text password


  private  $gonCache = null

cache for group of names objects


  private  $gonList = array()

current group of names list


  private  $gonList_orig = array()

original group of names list


  private  $groupCache = null

cache for group objects


  private  $groups =

current group list


  private  $groups_orig =

original group list


  private  $lamdaemonServers = array()

lamdaemon servers


  private  $umlautReplacements = array('ä' => 'ae', 'Ä' => 'Ae', 'ö' => 'oe', 'Ö' => 'Oe', 'ü' => 'ue', 'Ü' => 'Ue', 'ß' => 'ss', 'é' => 'e', 'è' => 'e', 'ô' => 'o', 'ç' => 'c')

replacements for common umlauts


Documentation was generated by phpDocumentor 2.1.0 .

Namespaces

  • global

    Packages