Manages the object class "posixAccount" for users and hosts. It implements the complete module interface and uses meta-data
provided by the account modules for its functions.
Location and naming of modules
All LAM modules are placed in lib/modules/ and are named ".inc".
E.g. if you create a new module and its class name is "qmail" then the filename would be "qmail.inc".
The class name of a module must contain only a-z, A-Z, 0-9, -, and _.
You can avoid to override many functions by using {@link get_metaData()}.
All module classes should extend the baseModule class.
Checks if all input values are correct and returns the LDAP attributes which should be changed.
Return values:
messages: array of parameters to create status messages
add: array of attributes to add
del: array of attributes to remove
mod: array of attributes to modify
"info" are values with informational value (e.g. to be used later by pre/postModify actions)
Calling this method does not require the existence of an enclosing {@link accountContainer}.
Arguments
Name
Type
Description
Default
$fields
string
input fields
$attributes
array
LDAP attributes
$passwordChangeOnly
boolean
indicates that the user is only allowed to change his password and no LDAP content is readable
Null if no UIDs are free else an array of free UIDs.
getNextUserName(
String
$userName,
)
:
String
Description
Returns the next possible user name based on the given one. If the user name does not end with a number then a "2" is added.
User names with numbers at the end are simply increased by one.
Attention: This user name might still be in use. This needs to be checked separately.
Arguments
Name
Type
Description
Default
$userName
String
user name
Return value
Type
Description
String
new user name
getPasswordAttrName(
)
:
boolean
Description
Returns the password attribute. Usually, this is userPassword. If Windows modules are active this is unixUserPassword.
This function is called whenever the password should be changed. Account modules
must change their password attributes only if the modules list contains their module name.
Arguments
Name
Type
Description
Default
$password
String
new password
$modules
n/a
list of modules for which the password should be changed
$forcePasswordChange
boolean
force the user to change his password at next login
Return value
Type
Description
array
list of error messages if any as parameter array for StatusMessage
e.g. return arrray(array('ERROR', 'Password change failed.'))
array which contains status messages. Each entry is an array containing the status message parameters.
Tags
Name
Description
see
preDeleteActions(
)
:
array
Description
Allows the module to run commands before the LDAP entry is deleted.
Return value
Type
Description
array
Array which contains status messages. Each entry is an array containing the status message parameters.
process_attributes(
)
:
array
Description
Processes user input of the primary module page. It checks if all input values are correct and updates the associated LDAP attributes.
Return value
Type
Description
array
list of info/error messages
process_group(
)
:
array
Description
Processes user input of the group selection page. It checks if all input values are correct and updates the associated LDAP attributes.
Return value
Type
Description
array
list of info/error messages
process_homedir(
)
:
array
Description
Processes user input of the homedir check page. It checks if all input values are correct and updates the associated LDAP attributes.
Return value
Type
Description
array
list of info/error messages
removeFromGONGroups(
)
:
n/a
Description
Removes all group of names memberships from this user.
Return value
Type
Description
n/a
n/a
removeFromUnixGroups(
)
:
n/a
Description
Removes all Unix group memberships from this user.
Return value
Type
Description
n/a
n/a
save_attributes(
)
:
array
Description
Returns a list of modifications which have to be made to the LDAP account.
Return value
Type
Description
array
list of modifications
<br>This function returns an array with 3 entries:
<br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
<br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid)
<br>"add" are attributes which have to be added to LDAP entry
<br>"remove" are attributes which have to be removed from LDAP entry
<br>"modify" are attributes which have to been modified in LDAP entry
<br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
supportsForcePasswordChange(
)
:
boolean
Description
Specifies if this module supports to force that a user must change his password on next login.
Return value
Type
Description
boolean
force password change supported
unlock(
)
:
n/a
Description
Unlocks the user password of this account.
Return value
Type
Description
n/a
n/a
userNameExists(
String
$userName,
)
:
boolean
Description
Checks if the given user name already exists in LDAP.