lib/modules/windowsUser.inc

Properties

Description

Manages Windows AD (e.g. Samba 4) users.

Classes

windowsUser

Properties

 
\passwordService
 
modules  
No 
No 

Description

Manages Windows AD (e.g. Samba 4) users.
It implements the complete module interface and uses meta-data provided by the account modules for its functions.

Location and naming of modules
All LAM modules are placed in lib/modules/ and are named ".inc". E.g. if you create a new module and its class name is "qmail" then the filename would be "qmail.inc". The class name of a module must contain only a-z, A-Z, 0-9, -, and _.

You can avoid to override many functions by using {@link get_metaData()}.

All module classes should extend the baseModule class.

Methods

build_uploadAccounts, checkSelfServiceOptions, display_html_attributes, display_html_group, doUploadPostActions, findGroups, getSelfServiceOptions, get_metaData, get_pdfEntries, get_profileOptions, init, isDeactivated, isLockedOut, isNeverExpiring, isSmartCardRequired, load_Messages, load_attributes, load_profile, managesPasswordAttributes, passwordChangeRequested, postModifyActions, process_attributes, process_group, pwdAttributeValue, save_attributes, setIsDeactivated, setIsNeverExpiring, setIsSmartCardRequired, setSelfServicePassword, supportsForcePasswordChange, unlock,

build_uploadAccounts( array   $rawAccounts, array   $ids, array   $partialAccounts, array   $selectedModules, ) : array

Description

In this function the LDAP account is built up.

Arguments

Name Type Description Default
$rawAccounts array

list of hash arrays (name => value) from user input

$ids array

list of IDs for column position (e.g. "posixAccount_uid" => 5)

$partialAccounts array

list of hash arrays (name => value) which are later added to LDAP

$selectedModules array

list of selected account modules

Return value

Type Description
array list of error messages if any

checkSelfServiceOptions( string   $fields, array   $attributes, boolean   $passwordChangeOnly, array   $readOnlyFields, ) : array

Description

Checks if all input values are correct and returns the LDAP attributes which should be changed.

Return values:
messages: array of parameters to create status messages
add: array of attributes to add
del: array of attributes to remove
mod: array of attributes to modify
info: array of values with informational value (e.g. to be used later by pre/postModify actions) Calling this method does not require the existence of an enclosing {@link accountContainer}.

Arguments

Name Type Description Default
$fields string

input fields

$attributes array

LDAP attributes

$passwordChangeOnly boolean

indicates that the user is only allowed to change his password and no LDAP content is readable

$readOnlyFields array

list of read-only fields

Return value

Type Description
array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))

display_html_attributes( ) : \htmlElement

Description

Returns the HTML meta data for the main account page.

Return value

Type Description
\htmlElement HTML meta data

display_html_group( ) : \htmlElement

Description

Displays the group selection.

Return value

Type Description
\htmlElement meta HTML code

doUploadPostActions( array   $data, array   $ids, array   $failed, array   $temp, array   $accounts, ) : array

Description

This function executes one post upload action.

Arguments

Name Type Description Default
$data array

array containing one account in each element

$ids array

array( => )

$failed array

list of accounts which were not created successfully

$temp array

variable to store temporary data between two post actions

$accounts array

list of LDAP entries

Return value

Type Description
array current status <br> array ( <br> 'status' => 'finished' | 'inProgress' <br> 'progress' => 0..100 <br> 'errors' => array (<array of parameters for StatusMessage>) <br> )

findGroups( ) : array

Description

Finds all existing groups.

Return value

Type Description
array group DNs

getSelfServiceOptions( array   $fields, array   $attributes, boolean   $passwordChangeOnly, array   $readOnlyFields, ) : array

Description

Returns the meta HTML code for each input field.
format: array( => array(), ...) It is not possible to display help links.

Arguments

Name Type Description Default
$fields array

list of active fields

$attributes array

attributes of LDAP account

$passwordChangeOnly boolean

indicates that the user is only allowed to change his password and no LDAP content is readable

$readOnlyFields array

list of read-only fields

Return value

Type Description
array list of meta HTML elements (field name => htmlTableRow)

get_metaData( ) : array

Description

Returns meta data that is interpreted by parent class

Return value

Type Description
array array with meta data

Tags

Name Description
see

get_pdfEntries( ) : n/a

Description

Returns a list of PDF entries

Return value

Type Description
n/a n/a

get_profileOptions( ) : \htmlElement

Description

Returns a list of elements for the account profiles.

Return value

Type Description
\htmlElement profile elements

init( string   $base, ) : n/a

Description

Initializes the module after it became part of an accountContainer

Arguments

Name Type Description Default
$base string

the name of the accountContainer object ($_SESSION[$base])

Return value

Type Description
n/a n/a

isDeactivated( array   $attrs, ) : boolean

Description

Returns if the account is currently deactivated.

Arguments

Name Type Description Default
$attrs array

LDAP attributes

Return value

Type Description
boolean is deactivated

isLockedOut( array   $attrs, ) : boolean

Description

Returns if the account is currently locked out.

Arguments

Name Type Description Default
$attrs array

LDAP attributes

Return value

Type Description
boolean is locked out

isNeverExpiring( array   $attrs, ) : boolean

Description

Returns if the account never expires.

Arguments

Name Type Description Default
$attrs array

LDAP attributes

Return value

Type Description
boolean never expires

isSmartCardRequired( array   $attrs, ) : boolean

Description

Returns if the account requires a smartcard to login.

Arguments

Name Type Description Default
$attrs array

LDAP attributes

Return value

Type Description
boolean requires a smartcard

load_Messages( ) : n/a

Description

This function fills the $messages variable with output messages from this module.

Return value

Type Description
n/a n/a

load_attributes( array   $attr, ) : n/a

Description

This function loads all needed LDAP attributes.

Arguments

Name Type Description Default
$attr array

list of attributes

Return value

Type Description
n/a n/a

load_profile( array   $profile, ) : n/a

Description

Loads the values of an account profile into internal variables.

Arguments

Name Type Description Default
$profile array

hash array with profile values (identifier => value)

Return value

Type Description
n/a n/a

managesPasswordAttributes( ) : boolean

Description

This method specifies if a module manages password attributes. The module alias will then appear as option in the GUI.

If the module only wants to get notified about password changes then return false.

Return value

Type Description
boolean true if this module manages password attributes

passwordChangeRequested( String   $password, array   $modules, boolean   $forcePasswordChange, ) : array

Description

This function is called whenever the password should be changed. Account modules must change their password attributes only if the modules list contains their module name.

Arguments

Name Type Description Default
$password String

new password

$modules array

list of modules for which the password should be changed

$forcePasswordChange boolean

force the user to change his password at next login

Return value

Type Description
array list of error messages if any as parameter array for StatusMessage e.g. return arrray(array('ERROR', 'Password change failed.'))

postModifyActions( boolean   $newAccount, array   $attributes, ) : array

Description

Runs the postmodify actions.

Arguments

Name Type Description Default
$newAccount boolean
$attributes array

LDAP attributes of this entry

Return value

Type Description
array array which contains status messages. Each entry is an array containing the status message parameters.

Tags

Name Description
see

process_attributes( ) : array

Description

Processes user input of the primary module page.
It checks if all input values are correct and updates the associated LDAP attributes.

Return value

Type Description
array list of info/error messages

process_group( ) : array

Description

Processes user input of the group selection page.
It checks if all input values are correct and updates the associated LDAP attributes.

Return value

Type Description
array list of info/error messages

pwdAttributeValue( String   $password, ) : n/a

Description

Creates the LDAP password value.

Arguments

Name Type Description Default
$password String

password

Return value

Type Description
n/a n/a

save_attributes( ) : array

Description

Returns a list of modifications which have to be made to the LDAP account.

Return value

Type Description
array list of modifications <br>This function returns an array with 3 entries: <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... ) <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid) <br>"add" are attributes which have to be added to LDAP entry <br>"remove" are attributes which have to be removed from LDAP entry <br>"modify" are attributes which have to been modified in LDAP entry <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)

setIsDeactivated( boolean   $deactivated, array   $attrs = null, ) : n/a

Description

Sets if the account is currently deactivated.

Arguments

Name Type Description Default
$deactivated boolean

is deactivated

$attrs array

LDAP attributes to modify (default $this->attributes)

null

Return value

Type Description
n/a n/a

setIsNeverExpiring( array   $attrs, boolean   $neverExpires, ) : n/a

Description

Sets if the account never expires.

Arguments

Name Type Description Default
$attrs array

LDAP attributes to modify

$neverExpires boolean

never expires

Return value

Type Description
n/a n/a

setIsSmartCardRequired( array   $attrs, boolean   $requireCard, ) : n/a

Description

Sets if the account requires a smartcard to login.

Arguments

Name Type Description Default
$attrs array

LDAP attributes to modify

$requireCard boolean

requires a smartcard

Return value

Type Description
n/a n/a

setSelfServicePassword( array   $return, array   $attributes, ) : n/a

Description

Sets the user password in self service.
Since the change requires the old password we need to run ldapmodify for this task. Enter description here ...

Arguments

Name Type Description Default
$return array

return value for checkSelfServiceOptions() (used to add message if any)

$attributes array

LDAP attributes

Return value

Type Description
n/a n/a

supportsForcePasswordChange( ) : boolean

Description

Specifies if this module supports to force that a user must change his password on next login.

Return value

Type Description
boolean force password change supported

unlock( array   $attrs, ) : n/a

Description

Unlocks the account.

Arguments

Name Type Description Default
$attrs array

LDAP attributes to modify

Return value

Type Description
n/a n/a

Properties

$clearTextPassword, $groupCache, $groupList, $groupList_orig, $pwdLastSet,

  private  $clearTextPassword =

clear text password


  private  $groupCache = null

cache for groups


  private  $groupList = array()

current group of names list


  private  $groupList_orig = array()

original group of names list


  private  $pwdLastSet = null

option for forcing password change, used in postModifyActions


Constants

  AC_ACCOUNT_DISABLED = 2

account is disabled


  AC_LOCKED_OUT = 16

currently locked out, read only flag


  AC_PWD_NEVER_EXPIRES = 65536

password never expires


  AC_SMARTCARD_REQUIRED = 262144

login requires smartcard


  DEFAULT_ACCOUNT_CONTROL = 512

initial account flags


Documentation was generated by phpDocumentor 2.0.1 .

Namespaces

  • global

    Packages