lib/modules/sambaSamAccount.inc

Properties

Description

Manages Samba 3 accounts for users and hosts.

Classes

sambaSamAccount

Properties

 
\passwordService
 
modules  
No 
No 

Description

Manages the object class "sambaSamAccount" for users and hosts.
It implements the complete module interface and uses meta-data provided by the account modules for its functions.

Location and naming of modules
All LAM modules are placed in lib/modules/ and are named ".inc". E.g. if you create a new module and its class name is "qmail" then the filename would be "qmail.inc". The class name of a module must contain only a-z, A-Z, 0-9, -, and _.

You can avoid to override many functions by using {@link get_metaData()}.

All module classes should extend the baseModule class.

Methods

__construct, activate, build_uploadAccounts, checkSelfServiceOptions, deactivate, display_html_attributes, display_html_logonHours, display_html_profilePath, display_html_sambaUserWorkstations, display_html_terminalServer, display_html_time, getDomains, getGroupName, getGroupSIDList, getHostList, getPasswordCanChangeTime, getPasswordMustChangeTime, getSelfServiceOptions, get_metaData, get_pdfEntries, get_profileOptions, init, isDeactivated, isExtensionEnabled, load_Messages, load_attributes, load_profile, managesPasswordAttributes, module_complete, module_ready, passwordChangeRequested, process_attributes, process_logonHours, process_profilePath, process_sambaUserWorkstations, process_terminalServer, process_time, save_attributes, setExpirationDate, supportsForcePasswordChange,

__construct( string   $scope, ) : n/a

Description

Creates a new sambaSamAccount object.

Arguments

Name Type Description Default
$scope string

account type (user, group, host)

Return value

Type Description
n/a n/a

activate( ) : n/a

Description

Activates this account.

Return value

Type Description
n/a n/a

build_uploadAccounts( array   $rawAccounts, array   $ids, array   $partialAccounts, array   $selectedModules, ) : array

Description

In this function the LDAP account is built up.

Arguments

Name Type Description Default
$rawAccounts array

list of hash arrays (name => value) from user input

$ids array

list of IDs for column position (e.g. "posixAccount_uid" => 5)

$partialAccounts array

list of hash arrays (name => value) which are later added to LDAP

$selectedModules array

list of selected account modules

Return value

Type Description
array list of error messages if any

checkSelfServiceOptions( string   $fields, array   $attributes, boolean   $passwordChangeOnly, array   $readOnlyFields, ) : array

Description

Checks if all input values are correct and returns the LDAP attributes which should be changed.

Return values:
messages: array of parameters to create status messages
add: array of attributes to add
del: array of attributes to remove
mod: array of attributes to modify
info: array of values with informational value (e.g. to be used later by pre/postModify actions) Calling this method does not require the existence of an enclosing {@link accountContainer}.

Arguments

Name Type Description Default
$fields string

input fields

$attributes array

LDAP attributes

$passwordChangeOnly boolean

indicates that the user is only allowed to change his password and no LDAP content is readable

$readOnlyFields array

list of read-only fields

Return value

Type Description
array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))

deactivate( ) : n/a

Description

Deactivates this account.

Return value

Type Description
n/a n/a

display_html_attributes( ) : \htmlElement

Description

Returns the HTML meta data for the main account page.

Return value

Type Description
\htmlElement HTML meta data

display_html_logonHours( ) : \htmlElement

Description

This function will create the HTML page to edit logon hours.

Return value

Type Description
\htmlElement meta HTML code

display_html_profilePath( ) : \htmlElement

Description

Displays manage profile path page.

Return value

Type Description
\htmlElement meta HTML code

display_html_sambaUserWorkstations( ) : \htmlElement

Description

This function will create the HTML page to edit the allowed workstations.

Return value

Type Description
\htmlElement meta HTML code

display_html_terminalServer( ) : \htmlElement

Description

This function will create the HTML page to edit the terminal server options.

Return value

Type Description
\htmlElement meta HTML code

display_html_time( ) : \htmlElement

Description

This function will create the meta HTML code to show a page to change time values.

Return value

Type Description
\htmlElement meta HTML code

getDomains( ) : array

Description

Returns a list of existing Samba 3 domains.

Return value

Type Description
array list of samba3domain objects

getGroupName( String   $groupID, ) : String

Description

Returns the group name of the group with the given group ID.

Arguments

Name Type Description Default
$groupID String

group ID

Return value

Type Description
String group name

getGroupSIDList( ) : array

Description

Returns a list of existing hosts.

Return value

Type Description
array host names

getHostList( ) : array

Description

Returns a list of existing hosts.

Return value

Type Description
array host names

getPasswordCanChangeTime( array   $domains, String   $selectedDomain, ) : n/a

Description

Returns the time when the user can change his password.

Arguments

Name Type Description Default
$domains array

list of domain objects

$selectedDomain String

selected domain name

Return value

Type Description
n/a n/a

getPasswordMustChangeTime( array   $domains, String   $selectedDomain, ) : n/a

Description

Returns the time when the user needs to change his password.

Arguments

Name Type Description Default
$domains array

list of domain objects

$selectedDomain String

selected domain name

Return value

Type Description
n/a n/a

getSelfServiceOptions( array   $fields, array   $attributes, boolean   $passwordChangeOnly, array   $readOnlyFields, ) : array

Description

Returns the meta HTML code for each input field.
format: array( => array(), ...) It is not possible to display help links.

Arguments

Name Type Description Default
$fields array

list of active fields

$attributes array

attributes of LDAP account

$passwordChangeOnly boolean

indicates that the user is only allowed to change his password and no LDAP content is readable

$readOnlyFields array

list of read-only fields

Return value

Type Description
array list of meta HTML elements (field name => htmlTableRow)

get_metaData( ) : array

Description

Returns meta data that is interpreted by parent class

Return value

Type Description
array array with meta data

Tags

Name Description
see

get_pdfEntries( ) : array

Description

Returns the PDF entries for this module.

Return value

Type Description
array list of possible PDF entries

get_profileOptions( ) : \htmlElement

Description

Returns a list of elements for the account profiles.

Return value

Type Description
\htmlElement profile elements

init( string   $base, ) : n/a

Description

Initializes the module after it became part of an accountContainer

Arguments

Name Type Description Default
$base string

the name of the accountContainer object ($_SESSION[$base])

Return value

Type Description
n/a n/a

isDeactivated( ) : boolean

Description

Returns if the Samba part of the current account is deactivated.

Return value

Type Description
boolean account is locked

isExtensionEnabled( ) : boolean

Description

Returns if the Samba extension is enabled.

Return value

Type Description
boolean Samba extension is active

load_Messages( ) : n/a

Description

this functin fills the error message array with messages

Return value

Type Description
n/a n/a

load_attributes( array   $attr, ) : n/a

Description

This function loads the LDAP attributes for this module.

Arguments

Name Type Description Default
$attr array

attribute list

Return value

Type Description
n/a n/a

load_profile( array   $profile, ) : n/a

Description

Loads the values of an account profile into internal variables.

Arguments

Name Type Description Default
$profile array

hash array with profile values (identifier => value)

Return value

Type Description
n/a n/a

managesPasswordAttributes( ) : boolean

Description

This method specifies if a module manages password attributes.

Return value

Type Description
boolean true if this module manages password attributes

Tags

Name Description
see

module_complete( ) : boolean

Description

This function is used to check if all settings for this module have been made.

Return value

Type Description
boolean true, if settings are complete

Tags

Name Description
see

module_ready( ) : boolean

Description

This function is used to check if this module page can be displayed.
It returns false if a module depends on data from other modules which was not yet entered.

Return value

Type Description
boolean true, if page can be displayed

passwordChangeRequested( String   $password,   $modules, boolean   $forcePasswordChange, ) : array

Description

This function is called whenever the password should be changed. Account modules must change their password attributes only if the modules list contains their module name.

Arguments

Name Type Description Default
$password String

new password

$modules n/a

list of modules for which the password should be changed

$forcePasswordChange boolean

force the user to change his password at next login

Return value

Type Description
array list of error messages if any as parameter array for StatusMessage e.g. return arrray(array('ERROR', 'Password change failed.'))

Tags

Name Description
see

process_attributes( ) : array

Description

Processes user input of the primary module page.
It checks if all input values are correct and updates the associated LDAP attributes.

Return value

Type Description
array list of info/error messages

process_logonHours( ) : array

Description

Processes user input of the logon hours page.
It checks if all input values are correct and updates the associated LDAP attributes.

Return value

Type Description
array list of info/error messages

process_profilePath( ) : array

Description

Processes user input of the profile path check page.
It checks if all input values are correct and updates the associated LDAP attributes.

Return value

Type Description
array list of info/error messages

process_sambaUserWorkstations( ) : array

Description

Processes user input of the primary module page.
It checks if all input values are correct and updates the associated LDAP attributes.

Return value

Type Description
array list of info/error messages

process_terminalServer( ) : array

Description

Processes user input of the terminal server page.
It checks if all input values are correct and updates the associated LDAP attributes.

Return value

Type Description
array list of info/error messages

process_time( ) : array

Description

Processes user input of the time selection page.

Return value

Type Description
array list of info/error messages

save_attributes( ) : array

Description

Returns a list of modifications which have to be made to the LDAP account.

Return value

Type Description
array list of modifications <br>This function returns an array with 3 entries: <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... ) <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid) <br>"add" are attributes which have to be added to LDAP entry <br>"remove" are attributes which have to be removed from LDAP entry <br>"modify" are attributes which have to been modified in LDAP entry <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)

setExpirationDate( String   $year, String   $month, String   $day, ) : n/a

Description

Sets the expiration date of this account.
If all parameters are null the expiration date will be removed.

Arguments

Name Type Description Default
$year String

year (e.g. 2040)

$month String

month (e.g. 8)

$day String

day (e.g. 27)

Return value

Type Description
n/a n/a

supportsForcePasswordChange( ) : boolean

Description

Specifies if this module supports to force that a user must change his password on next login.

Return value

Type Description
boolean force password change supported

Properties

$SPLIT_DELIMITER, $cachedDomainList, $cachedGroupSIDList, $cachedHostList, $deactivated, $expirePassword, $groupRids, $hex2bitstring, $noexpire, $nopwd, $userRids,

  private  static $SPLIT_DELIMITER = "###x##y##x###"

delimiter for lamdaemon commands


  private  $cachedDomainList = null

cache for domain list


  private  $cachedGroupSIDList = null

group cache to reduce LDAP queries


  private  $cachedHostList = null

host cache to reduce LDAP queries


  private  $deactivated =

account deactivated?


  private  $expirePassword = false

specifies if the password should be expired


  private  $groupRids =

array of well known group rids


  private  $hex2bitstring = array('0' => '0000', '1' => '0001', '2' => '0010', '3' => '0011', '4' => '0100', '5' => '0101', '6' => '0110', '7' => '0111', '8' => '1000', '9' => '1001', 'A' => '1010', 'B' => '1011', 'C' => '1100', 'D' => '1101', 'E' => '1110', 'F' => '1111')

HEX to binary conversion table


  private  $noexpire =

password does not expire?


  private  $nopwd =

use no password?


  private  $userRids =

array of well known user rids


Documentation was generated by phpDocumentor 2.0.1 .

Namespaces

  • global

    Packages