lib/modules/windowsUser.inc
Properties
Description
Manages Windows AD (e.g. Samba 4) users.Classes
windowsUser
Description
Manages Windows AD (e.g. Samba 4) users.It implements the complete module interface and uses meta-data provided by the account modules for its functions.
Location and naming of modules
All LAM modules are placed in lib/modules/ and are named "
You can avoid to override many functions by using {@link get_metaData()}.
All module classes should extend the baseModule class.
Methods
build_uploadAccounts, checkSelfServiceOptions, display_html_attributes, display_html_group, doUploadPostActions, findGroups, getSelfServiceOptions, get_metaData, get_pdfEntries, get_profileOptions, init, isDeactivated, isLockedOut, isNeverExpiring, isSmartCardRequired, load_Messages, load_attributes, load_profile, managesPasswordAttributes, passwordChangeRequested, postModifyActions, process_attributes, process_group, pwdAttributeValue, save_attributes, setIsDeactivated, setIsNeverExpiring, setIsSmartCardRequired, setSelfServicePassword, supportsForcePasswordChange, unlock,build_uploadAccounts( array $rawAccounts, array $ids, array $partialAccounts, array $selectedModules, ) : array
Description
In this function the LDAP account is built up.Arguments
Name | Type | Description | Default |
---|---|---|---|
$rawAccounts | array | list of hash arrays (name => value) from user input |
|
$ids | array | list of IDs for column position (e.g. "posixAccount_uid" => 5) |
|
$partialAccounts | array | list of hash arrays (name => value) which are later added to LDAP |
|
$selectedModules | array | list of selected account modules |
Return value
Type | Description |
---|---|
array | list of error messages if any |
checkSelfServiceOptions( string $fields, array $attributes, boolean $passwordChangeOnly, array $readOnlyFields, ) : array
Description
Checks if all input values are correct and returns the LDAP attributes which should be changed.Return values:
messages: array of parameters to create status messages
add: array of attributes to add
del: array of attributes to remove
mod: array of attributes to modify
info: array of values with informational value (e.g. to be used later by pre/postModify actions) Calling this method does not require the existence of an enclosing {@link accountContainer}.
Arguments
Name | Type | Description | Default |
---|---|---|---|
$fields | string | input fields |
|
$attributes | array | LDAP attributes |
|
$passwordChangeOnly | boolean | indicates that the user is only allowed to change his password and no LDAP content is readable |
|
$readOnlyFields | array | list of read-only fields |
Return value
Type | Description |
---|---|
array | messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) |
display_html_attributes( ) : \htmlElement
Description
Returns the HTML meta data for the main account page.Return value
Type | Description |
---|---|
\htmlElement | HTML meta data |
display_html_group( ) : \htmlElement
Description
Displays the group selection.Return value
Type | Description |
---|---|
\htmlElement | meta HTML code |
doUploadPostActions( array $data, array $ids, array $failed, array $temp, array $accounts, ) : array
Description
This function executes one post upload action.Arguments
Name | Type | Description | Default |
---|---|---|---|
$data | array | array containing one account in each element |
|
$ids | array | array( |
|
$failed | array | list of accounts which were not created successfully |
|
$temp | array | variable to store temporary data between two post actions |
|
$accounts | array | list of LDAP entries |
Return value
Type | Description |
---|---|
array | current status <br> array ( <br> 'status' => 'finished' | 'inProgress' <br> 'progress' => 0..100 <br> 'errors' => array (<array of parameters for StatusMessage>) <br> ) |
findGroups( ) : array
Description
Finds all existing groups.Return value
Type | Description |
---|---|
array | group DNs |
getSelfServiceOptions( array $fields, array $attributes, boolean $passwordChangeOnly, array $readOnlyFields, ) : array
Description
Returns the meta HTML code for each input field.format: array(
Arguments
Name | Type | Description | Default |
---|---|---|---|
$fields | array | list of active fields |
|
$attributes | array | attributes of LDAP account |
|
$passwordChangeOnly | boolean | indicates that the user is only allowed to change his password and no LDAP content is readable |
|
$readOnlyFields | array | list of read-only fields |
Return value
Type | Description |
---|---|
array | list of meta HTML elements (field name => htmlTableRow) |
get_metaData( ) : array
Description
Returns meta data that is interpreted by parent classReturn value
Type | Description |
---|---|
array | array with meta data |
Tags
Name | Description |
---|---|
see |
get_pdfEntries( ) : n/a
Description
Returns a list of PDF entriesReturn value
Type | Description |
---|---|
n/a | n/a |
get_profileOptions( ) : \htmlElement
Description
Returns a list of elements for the account profiles.Return value
Type | Description |
---|---|
\htmlElement | profile elements |
init( string $base, ) : n/a
Description
Initializes the module after it became part of an accountContainerArguments
Name | Type | Description | Default |
---|---|---|---|
$base | string | the name of the accountContainer object ($_SESSION[$base]) |
Return value
Type | Description |
---|---|
n/a | n/a |
isDeactivated( array $attrs, ) : boolean
Description
Returns if the account is currently deactivated.Arguments
Name | Type | Description | Default |
---|---|---|---|
$attrs | array | LDAP attributes |
Return value
Type | Description |
---|---|
boolean | is deactivated |
isLockedOut( array $attrs, ) : boolean
Description
Returns if the account is currently locked out.Arguments
Name | Type | Description | Default |
---|---|---|---|
$attrs | array | LDAP attributes |
Return value
Type | Description |
---|---|
boolean | is locked out |
isNeverExpiring( array $attrs, ) : boolean
Description
Returns if the account never expires.Arguments
Name | Type | Description | Default |
---|---|---|---|
$attrs | array | LDAP attributes |
Return value
Type | Description |
---|---|
boolean | never expires |
isSmartCardRequired( array $attrs, ) : boolean
Description
Returns if the account requires a smartcard to login.Arguments
Name | Type | Description | Default |
---|---|---|---|
$attrs | array | LDAP attributes |
Return value
Type | Description |
---|---|
boolean | requires a smartcard |
load_Messages( ) : n/a
Description
This function fills the $messages variable with output messages from this module.Return value
Type | Description |
---|---|
n/a | n/a |
load_attributes( array $attr, ) : n/a
Description
This function loads all needed LDAP attributes.Arguments
Name | Type | Description | Default |
---|---|---|---|
$attr | array | list of attributes |
Return value
Type | Description |
---|---|
n/a | n/a |
load_profile( array $profile, ) : n/a
Description
Loads the values of an account profile into internal variables.Arguments
Name | Type | Description | Default |
---|---|---|---|
$profile | array | hash array with profile values (identifier => value) |
Return value
Type | Description |
---|---|
n/a | n/a |
managesPasswordAttributes( ) : boolean
Description
This method specifies if a module manages password attributes. The module alias will then appear as option in the GUI.If the module only wants to get notified about password changes then return false.
Return value
Type | Description |
---|---|
boolean | true if this module manages password attributes |
passwordChangeRequested( String $password, array $modules, boolean $forcePasswordChange, ) : array
Description
This function is called whenever the password should be changed. Account modules must change their password attributes only if the modules list contains their module name.Arguments
Name | Type | Description | Default |
---|---|---|---|
$password | String | new password |
|
$modules | array | list of modules for which the password should be changed |
|
$forcePasswordChange | boolean | force the user to change his password at next login |
Return value
Type | Description |
---|---|
array | list of error messages if any as parameter array for StatusMessage e.g. return arrray(array('ERROR', 'Password change failed.')) |
postModifyActions( boolean $newAccount, array $attributes, ) : array
Description
Runs the postmodify actions.Arguments
Name | Type | Description | Default |
---|---|---|---|
$newAccount | boolean | ||
$attributes | array | LDAP attributes of this entry |
Return value
Type | Description |
---|---|
array | array which contains status messages. Each entry is an array containing the status message parameters. |
Tags
Name | Description |
---|---|
see |
process_attributes( ) : array
Description
Processes user input of the primary module page.It checks if all input values are correct and updates the associated LDAP attributes.
Return value
Type | Description |
---|---|
array | list of info/error messages |
process_group( ) : array
Description
Processes user input of the group selection page.It checks if all input values are correct and updates the associated LDAP attributes.
Return value
Type | Description |
---|---|
array | list of info/error messages |
pwdAttributeValue( String $password, ) : n/a
Description
Creates the LDAP password value.Arguments
Name | Type | Description | Default |
---|---|---|---|
$password | String | password |
Return value
Type | Description |
---|---|
n/a | n/a |
save_attributes( ) : array
Description
Returns a list of modifications which have to be made to the LDAP account.Return value
Type | Description |
---|---|
array | list of modifications <br>This function returns an array with 3 entries: <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... ) <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid) <br>"add" are attributes which have to be added to LDAP entry <br>"remove" are attributes which have to be removed from LDAP entry <br>"modify" are attributes which have to been modified in LDAP entry <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions) |
setIsDeactivated( boolean $deactivated, array $attrs = null, ) : n/a
Description
Sets if the account is currently deactivated.Arguments
Name | Type | Description | Default |
---|---|---|---|
$deactivated | boolean | is deactivated |
|
$attrs | array | LDAP attributes to modify (default $this->attributes) |
null |
Return value
Type | Description |
---|---|
n/a | n/a |
setIsNeverExpiring( array $attrs, boolean $neverExpires, ) : n/a
Description
Sets if the account never expires.Arguments
Name | Type | Description | Default |
---|---|---|---|
$attrs | array | LDAP attributes to modify |
|
$neverExpires | boolean | never expires |
Return value
Type | Description |
---|---|
n/a | n/a |
setIsSmartCardRequired( array $attrs, boolean $requireCard, ) : n/a
Description
Sets if the account requires a smartcard to login.Arguments
Name | Type | Description | Default |
---|---|---|---|
$attrs | array | LDAP attributes to modify |
|
$requireCard | boolean | requires a smartcard |
Return value
Type | Description |
---|---|
n/a | n/a |
setSelfServicePassword( array $return, array $attributes, ) : n/a
Description
Sets the user password in self service.Since the change requires the old password we need to run ldapmodify for this task. Enter description here ...
Arguments
Name | Type | Description | Default |
---|---|---|---|
$return | array | return value for checkSelfServiceOptions() (used to add message if any) |
|
$attributes | array | LDAP attributes |
Return value
Type | Description |
---|---|
n/a | n/a |