Location: PHPKode > projects > LDAP User Management System > lums-0.6/lib/main.php
<?php
$LUMS_base_path = '/usr/local/lums';
require_once($LUMS_base_path . '/config/config.php');
require_once($LUMS_base_path . '/lib/functions.php');
require_once($LUMS_base_path . '/lib/extras.php');

function LUMS_set_proxy_auth($conn, $proxydn, $check)
{
	#
	# Check to see if the directory server supports the
	# Proxied Authorization control
	#
	if ($check){
		$r = @ldap_read($conn, '', 'objectclass=*', array('supportedControl'));
		if ($r){
			$results = @ldap_get_entries($conn, $r);
			if ($results[count] == 0)
				return 'Could not read Root DSE';
			if ($results[0]['supportedcontrol'][count] == 0)
				return 'Could not find any supportedControl attributes in Root DSE';
			$found_ctrl = 0;
			for($i=0;$i<$results[0]['supportedcontrol'][count];$i++){
				if ($results[0]['supportedcontrol'][$i] == '2.16.840.1.113730.3.4.18')
					$found_ctrl = 1;
			}
			if ($found_ctrl == 0)
				return 'Proxied Authorization control is not supported';
		}
		else
			return "Root DSE Search failed: " . @ldap_error($conn);
	}

	$proxy_auth_ctrl = array('oid' => '2.16.840.1.113730.3.4.18',
	'value' => "dn:$proxydn", 'iscritical' => true); 
	if (!@ldap_set_option($conn, LDAP_OPT_SERVER_CONTROLS, array($ctrl1, $ctrl2)))
		return "Could not set Proxy Auth control";

	return '';
}

function LUMS_ldap_bind($L_binddn, $L_bindpassword)
{
	global $LUMS_Config;
	#check arguments
	if ($L_binddn == '' || $L_bindpassword == '')
		return "Invalid arguments provided";

	if ($LUMS_Config[Main][debug] == 1)
		print "<br>LUMS_ldap_bind: Binddn='$L_binddn',BindPassword='$L_bindpassword'<br>\n";


	$conn = @ldap_connect($LUMS_Config[LDAP][server]);
	if (!$conn) return "Could not connect to ldap server";
	@ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
	if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
		return @ldap_error($conn);

	return '';
}

function LUMS_ldap_search($L_binddn,$L_bindpassword,$L_basedn,$L_scope,$L_filter,$L_attrs_array = array(),
$L_sizelimit = 0, $L_timelimit = 0)
{
	global $LUMS_Config;
	#check arguments
	if ($L_basedn == '' || $L_scope == '' || $L_filter == '')
		return "Invalid arguments provided";

	if ($L_binddn == ''){
		$L_binddn = $LUMS_Config[LDAP][binddn];
		$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
	}
	if ($LUMS_Config[Main][debug] == 1)
		print "<br>LUMS_ldap_search: Binddn='$L_binddn',BindPassword='$L_bindpassword'<br>\n";


	$conn = @ldap_connect($LUMS_Config[LDAP][server]);
	if (!$conn) return "Could not connect to ldap server";
	@ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
	if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
		return "Could not bind to ldap server" . @ldap_error($conn);

	switch($L_scope){
		case 'base':
			$sr=@ldap_read ($conn, $L_basedn, $L_filter, $L_attrs_array);
			break;
		case 'one':
			$sr=@ldap_list ($conn, $L_basedn, $L_filter, $L_attrs_array, 0, $L_sizelimit, $L_timelimit);
			break;
		case 'sub':
			$sr=@ldap_search($conn, $L_basedn, $L_filter , $L_attrs_array, 0, $L_sizelimit, $L_timelimit);
			break;
		default:
			$sr=@ldap_search($conn, $L_basedn, $L_filter , $L_attrs_array, 0, $L_sizelimit, $L_timelimit);
	}
	if ($sr)
		$results = @ldap_get_entries($conn, $sr);
	else
		return "Search failed: " . @ldap_error($conn);

	unset($info);
	if ($results[count] > 0)
		$info = $results;

	return $info;
}

function LUMS_ldap_add_entry($L_binddn, $L_bindpassword,$L_object_type,$L_entrydn,$L_entry_info)
{
	global $LUMS_Config;
	if ($L_object_type == '' || $L_entrydn == '' || ! isset($L_entry_info) || !is_array($L_entry_info))
		return "Invalid arguments provided";
	if ($L_binddn == '' || $LUMS_Config[LDAP][useproxyauth] == '1'){
		$L_binddn = $LUMS_Config[LDAP][binddn];
		$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
	}
	$conn = @ldap_connect($LUMS_Config[LDAP][server]);
	if (!$conn) return "Could not connect to ldap server";
	ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
	if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
		return "Could not bind to ldap server";
	if ($LUMS_Config[LDAP][useproxyauth] == '1'){
		if ($L_binddn == '')
			return "Proxy authorization set but binddn not available";
		$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
		if ($ret != '')
			return "Proxy authorization failed: $ret";
	}
	

	#Check that we konw this Object Type

	if (! is_array($LUMS_Config[Object][$L_object_type]))
		return "Object Type $L_object_type is not known";

	#Lower case all attribute names in $L_entry_info and $LUMS_Config[Object][$L_object_type]

	$L_entry_info = array_change_key_case($L_entry_info, CASE_LOWER);

	if ($LUMS_Config[Main][debug] == 1){
		echo "LUMS_ldap_add_entry. INFO BEFORE<br>\n";
		print_r($L_entry_info);
	}

	#Call any pre operation function
	if (isset($LUMS_Config[Object][$L_object_type][operations][preadd])){
		if (! $LUMS_Config[Object][$L_object_type][operations][preadd]($conn, $L_entrydn, $L_entry_info))
			return "Pre operation failed";
	}

	#Walk through the Config attributes list and perform all actions required

	if (isset($LUMS_Config[Object][$L_object_type][attributes])){
	foreach ($LUMS_Config[Object][$L_object_type][attributes] as $attribute_name => $attribute){
		
		#If valuetype is constant set entry info with Config values
		#If an entry already exists fail

		if ($attribute[valuetype] == 'constant'){
			if (isset($L_entry_info[$attribute_name]))
				return "attribute $attribute_name is constant but was passed a value";
			foreach($attribute[constant][values] as $attr_val)
				$L_entry_info[$attribute_name][] = $attr_val;
		}

		#If valuetype is uservalue then
		#1. Make sure the attributes exist in $L_entry_info
		#2. Check basic syntax
		#3. Call external check type function if one is defined
		#4. Call attribute uniqueness function is one is defined

		if ($attribute[valuetype] == 'uservalue'){
			if ($attribute[required] == 1 && !isset($L_entry_info[$attribute_name]))
				return "Required attribute $attribute_name is not set";	

			if (!isset($L_entry_info[$attribute_name]))
				continue;

			#Check if an attribute is not allowed to be multivalue and
			#we are passed an array

			if ($attribute[multivalue] == 0 && is_array($L_entry_info[$attribute_name]))
				return "Attribute $attribute_name is not allowed to be multivalued";

			if (! LUMS_helper_check_syntax($L_entry_info[$attribute_name], $attribute[type]))
				return "Invalid syntax for atribute $attribute_name";

			if (isset($attribute[checktypefunction]) && ! $attribute[checktypefunction]($L_entry_info[$attribute_name]))
				return "Invalid syntax for attribute $attribute_name";

			if ($attribute[constraint_unique] == 1)
				if (! LUMS_helper_check_uniqueness($conn, $attribute[unique][base], $L_entry_info[$attribute_name]))
					return "Attribute $attribute_name value is not unique";

			#If it is a password attribute call creation function

			if ($attribute[type] == 'password'){
				$arr = LUMS_helper_create_password($L_entry_info[$attribute_name]);
				if ($arr[0] != '')
					return $arr[0];
				$L_entry_info[$attribute_name] = $arr[1];
			}
		}

		#If valuetype is callfunc then call corresponding function

		if ($attribute[valuetype] == 'callfunc'){
			if (isset($L_entry_info[$attribute_name]))
				return "Attribute $attribute_name is of type 'call function' but were passed a value";
			if (!function_exists($attribute[callfunction]))
				return "Call function '$attribute[callfunction]' is not set";
			$arr = $attribute[callfunction]($L_entry_info);
			if ($arr[0] == 'notset' || $arr[0] == 'empty'){
				if ($attribute[required] == 1)
					return "Call function returned empty/notset for attribute $attribute_name";
				else
					continue;
			}
			if ($arr[0] == 'error')
				return "Call function returned an error: " . $arr[1];
			$L_entry_info[$attribute_name] = $arr[1];

			#Check if an attribute is not allowed to be multivalue and
			#we are passed an array

			if ($attribute[multivalue] == 0 && is_array($L_entry_info[$attribute_name]))
				return "Attribute $attribute_name is not allowed to be multivalued";

			if (! LUMS_helper_check_syntax($L_entry_info[$attribute_name], $attribute[type]))
				return "Invalid syntax for atribute $attribute_name";

			if (isset($attribute[checktypefunction]) && ! $attribute[checktypefunction]($L_entry_info[$attribute_name]))
				return "Invalid syntax for attribute $attribute_name";
		}

		#If valuetype is autoincrement then call autoincrement function

		if ($attribute[valuetype] == 'autoincrement'){
			if (isset($L_entry_info[$attribute_name]))
				return "Attribute $attribute_name is of type 'autoincrement' but were passed a value";
			$val = $attribute[autoincrement][func]($conn, $LUMS_Config[LDAP][countersdn], 
				$attribute[autoincrement][counter], $LUMS_Config[Main][interfaceid]);
			if ($val == 0)
				return "Auto Increment function returned failure";
			unset($L_entry_info[$attribute_name]);
			$L_entry_info[$attribute_name] = $val;

		}

		#If valuetype is virtual then we do not do anything about the attribute
		if ($attribute[valuetype] == 'virtual'){
			if ($attribute[required] == 1 && !isset($L_entry_info[$attribute_name]))
				return "Required attribute $attribute_name is not set";	

			if (!isset($L_entry_info[$attribute_name]))
				continue;

			#Check if an attribute is not allowed to be multivalue and
			#we are passed an array

			if ($attribute[multivalue] == 0 && is_array($L_entry_info[$attribute_name]))
				return "Attribute $attribute_name is not allowed to be multivalued";

			if (! LUMS_helper_check_syntax($L_entry_info[$attribute_name], $attribute[type]))
				return "Invalid syntax for atribute $attribute_name";

			if (isset($attribute[checktypefunction]) && ! $attribute[checktypefunction]($L_entry_info[$attribute_name]))
				return "Invalid syntax for attribute $attribute_name";

		}

		#If valuetype is mapping then try and find the mappings and create value based on them
		if ($attribute[valuetype] == 'mapping'){
			if (isset($L_entry_info[$attribute_name]))
				return "Attribute $attribute_name is of type 'mapping' but were passed a value";
			$indexattr = $attribute[mapping][indexattribute];
			if ($indexattr == '')
				return "No Index Attribute for mapping for attribute $attribute_name";
			$base = $LUMS_Config[Object][$L_object_type][mappings][$indexattr][$attribute_name];
			if (!isset($base))
				return "No mappings found for attribute $attribute_name with index attribute $indexattr";
			if (!isset($L_entry_info[$indexattr]))
				return "Index attribute $indexattr has no value";
			if (is_array($L_entry_info[$indexattr])){
				foreach ($L_entry_info[$indexattr] as $value){
					if (isset($base[$value]))
						$L_entry_info[$attribute_name][] = $base[$value];
				}
			}
			else
				$L_entry_info[$attribute_name] = $base[$L_entry_info[$indexattr]];
			if ($attribute[required] == 1 && !isset($L_entry_info[$attribute_name]))
				return "Required attribute $attribute_name is not set";	

			#Check if an attribute is not allowed to be multivalue and
			#we are passed an array

			if ($attribute[multivalue] == 0 && is_array($L_entry_info[$attribute_name]))
				return "Attribute $attribute_name is not allowed to be multivalued";

			if (! LUMS_helper_check_syntax($L_entry_info[$attribute_name], $attribute[type]))
				return "Invalid syntax for atribute $attribute_name";

			if (isset($attribute[checktypefunction]) && ! $attribute[checktypefunction]($L_entry_info[$attribute_name]))
				return "Invalid syntax for attribute $attribute_name";
		}

		#If valuetype is copyattr then
		#Find the source attribute and blindly copy (no other checks are necessary since we made
		#them for the source attribute)

		if ($attribute[valuetype] == 'copyattr'){
			if (isset($L_entry_info[$attribute_name]))
				return "Attribute $attribute_name is of type 'copyattr' but were passed a value";
			if (!isset($attribute[sourceattr]))
				return "Attribute $attribute_name is of type 'copyattr' but no source attribute configured";
			else
				$L_sourceattr = $attribute[sourceattr];
			if (isset($L_entry_info[$L_sourceattr]))
				$L_entry_info[$attribute_name] = $L_entry_info[$L_sourceattr];
		}

		#If we have a constraint on the attribute value now is the time to do the checks

		if (isset($attribute[constraint]) && isset($L_entry_info[$attribute_name])){
			if ($attribute[constraint][type] == 'arrayOfValues'){
				if (!isset($attribute[constraint][values]) || !is_array($attribute[constraint][values]))
					return "Attribute $attribute_name has value constraints but constraint values not set";
				$matching = 0;
				foreach ($attribute[constraint][values] as $constraint){
					if ( (is_array($L_entry_info[$attribute_name]) &&
					in_array($constraint, $L_entry_info[$attribute_name]) ) ||
					(!is_array($L_entry_info[$attribute_name]) &&
					$L_entry_info[$attribute_name] == $constraint) ){
						$matching = 1;
						break;
					}
				}
				if (! $matching)
					return "Attribute $attribute_name value(s) does not match constraints";
			}
		}
	}
	}

	#Delete any virtual attributes
	#UTF8 encode any values needed
	foreach ($L_entry_info as $attribute_name => $attribute_val){
		if ($LUMS_Config[Object][$L_object_type][attributes][$attribute_name][valuetype] == 'virtual')
			unset($L_entry_info[$attribute_name]);
		if (is_array($attribute_val)){
			foreach ($attribute_val as $attribute_index => $attribute_val2){
				if (preg_match('/[\x80-\xff]/',$attribute_val2))
		$L_entry_info[$attribute_val][$attribute_index] = iconv($LUMS_Config[Main][non_english_charset],'UTF-8',$attribute_val2);
			}
		}
		else
			if (preg_match('/[\x80-\xff]/',$attribute_val))
		$L_entry_info[$attribute_name] = iconv($LUMS_Config[Main][non_english_charset],'UTF-8',$attribute_val);
	}

	if ($LUMS_Config[Main][debug] == 1){
		echo "LUMS_ldap_add_entry. INFO AFTER<br>\n";
		print_r($L_entry_info);
	}

	if (! @ldap_add($conn, $L_entrydn, $L_entry_info))
		return "Entry creation failed: " . @ldap_error($conn);

	#Call any post operation function
	if (isset($LUMS_Config[Object][$L_object_type][operations][postadd])){
		$LUMS_Config[Object][$L_object_type][operations][postadd]($conn, $L_entrydn, $L_entry_info);
	}

	return 0;
}

function LUMS_ldap_change_password($L_binddn, $L_bindpassword,$L_entrydn,$L_newpassword)
{
	global $LUMS_Config;
	if ($L_entrydn == '' || $L_newpassword == '')
		return "Invalid arguments provided";
	if ($L_binddn == ''){
		$L_binddn = $LUMS_Config[LDAP][binddn];
		$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
	}
	$conn = @ldap_connect($LUMS_Config[LDAP][server]);
	if (!$conn) return "Could not connect to ldap server";
	ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
	if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
		return "Could not bind to ldap server";
	if ($LUMS_Config[LDAP][useproxyauth] == '1'){
		if ($L_binddn == '')
			return "Proxy authorization set but binddn not available";
		$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
		if ($ret != '')
			return "Proxy authorization failed: $ret";
	}

	$arr = LUMS_helper_create_password($L_newpassword);
	if ($arr[0] != '')
		return $arr[0];
	$attrs_array = array('userpassword');

	$sr = @ldap_read($conn, $L_entrydn, '(objectclass=*)',$attrs_array);
	if (!$sr)
		return "Search for entry failed: " . @ldap_error($conn);
	unset($info);
	$info['userpassword'] = $arr[1];
	if (@ldap_mod_replace($conn, $L_entrydn, $info))
		return null;
	else
		return "Password replace failed: " . @ldap_error($conn);
	
	return null;
}

function LUMS_ldap_modify_entry($L_binddn, $L_bindpassword, $L_object_type, $L_entrydn, $L_change_info)
{
	global $LUMS_Config;
	if ($L_object_type == '' || $L_entrydn == '' || ! isset($L_change_info))
		return "Invalid arguments provided";
	if ($L_binddn == ''){
		$L_binddn = $LUMS_Config[LDAP][binddn];
		$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
	}
	$conn = @ldap_connect($LUMS_Config[LDAP][server]);
	if (!$conn) return "Could not connect to ldap server";
	ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
	if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
		return "Could not bind to ldap server";
	if ($LUMS_Config[LDAP][useproxyauth] == '1'){
		if ($L_binddn == '')
			return "Proxy authorization set but binddn not available";
		$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
		if ($ret != '')
			return "Proxy authorization failed: $ret";
	}

	#Check that we konw this Object Type

	if (! is_array($LUMS_Config[Object][$L_object_type]))
		return "Object Type $L_object_type is not known";

	#Lower case all attribute names in $L_change_info

	$L_change_info = array_change_key_case($L_change_info, CASE_LOWER);

	if ($LUMS_Config[Main][debug] == 1){
		echo "LUMS_ldap_add_entry. INFO BEFORE<br>\n";
		print_r($L_change_info);
	}

	#Call any pre operation function
	if (isset($LUMS_Config[Object][$L_object_type][operations][premodify])){
		if (! $LUMS_Config[Object][$L_object_type][operations][premodify]($conn, $L_entrydn, $L_change_info))
			return "Pre operation failed";
	}

	#Walk through the Config attributes list and perform all actions required

	foreach ($LUMS_Config[Object][$L_object_type][attributes] as $attribute_name => $attribute){
		
		#If valuetype is constant and we find an attribute in L_change_info, complain

		if ($attribute[valuetype] == 'constant' && isset($L_change_info[$attribute_name]))
			return "attribute $attribute_name is constant but were passed a value";

		#If valuetype is uservalue and exists in $L_change_info then
		#1. Check basic syntax
		#2. Call external check type function if one is defined
		#3. Call attribute uniqueness function is one is defined

		if ($attribute[valuetype] == 'uservalue' && isset($L_change_info[$attribute_name])){

			#Check if an attribute is not allowed to be multivalue and
			#we are passed an array

			if ($attribute[multivalue] == 0 && is_array($L_change_info[$attribute_name]))
				return "Attribute $attribute_name is not allowed to be multivalued";

			if (! LUMS_helper_check_syntax($L_change_info[$attribute_name], $attribute[type]))
				return "Invalid syntax for atribute $attribute_name";

		if (isset($attribute[checktypefunction]) && ! $attribute[checktypefunction]($L_change_info[$attribute_name]))
				return "Invalid syntax for attribute $attribute_name";

			if ($attribute[constraint_unique] == 1)
				if (! LUMS_helper_check_uniqueness($conn, $attribute[unique][base], $L_change_info[$attribute_name]))
					return "Attribute $attribute_name value is not unique";

			#If it is a password attribute call creation function

			if ($attribute[type] == 'password'){
				$arr = LUMS_helper_create_password($L_change_info[$attribute_name]);
				if ($arr[0] != '')
					return $arr[0];
				$L_change_info[$attribute_name] = $arr[1];
			}

			#If attribute value is '' then we set it to an empty array() so that the attribute(s) get deleted
			#If it is required complaint

			if (! is_array($L_change_info[$attribute_name]) && $L_change_info[$attribute_name] == ''){
				if ($attribute[required] == 1)
					return "Attribute $attribute_name was set to be deleted but is required";
				$L_change_info[$attribute_name] = array();
			}
		}
		
		#If valuetype is callfunc then call corresponding function

		if ($attribute[valuetype] == 'callfunc'){
			if (!function_exists($attribute[callfunction]))
				return "Call function '$attribute[callfunction]' is not set";
			if (isset($L_change_info[$attribute_name]))
				return "Attribute $attribute_name is of type 'call function' but were passed a value";
			$arr = $attribute[callfunction]($L_change_info);
			if ($arr[0] == 'error')
				return "Call function returned an error: " . $arr[1];
			if ($arr[0] != 'notset'){
				$L_change_info[$attribute_name] = $arr[1];

				#Check if an attribute is not allowed to be multivalue and
				#we are passed an array

				if ($attribute[multivalue] == 0 && is_array($L_change_info[$attribute_name]))
					return "Attribute $attribute_name is not allowed to be multivalued";

				if (! LUMS_helper_check_syntax($L_change_info[$attribute_name], $attribute[type]))
					return "Invalid syntax for atribute $attribute_name";

				if (isset($attribute[checktypefunction]) &&
					 ! $attribute[checktypefunction]($L_change_info[$attribute_name]))
					return "Invalid syntax for attribute $attribute_name";
			}
		}

		#We don't do anything for autoincrement type attributes (we only handle them on entry creation)

		#If valuetype is virtual then we do not do anything about the attribute
		if ($attribute[valuetype] == 'virtual' && isset($L_change_info[$attribute_name])){

			#Check if an attribute is not allowed to be multivalue and
			#we are passed an array

			if ($attribute[multivalue] == 0 && is_array($L_change_info[$attribute_name]))
				return "Attribute $attribute_name is not allowed to be multivalued";

			if (! LUMS_helper_check_syntax($L_change_info[$attribute_name], $attribute[type]))
				return "Invalid syntax for atribute $attribute_name";

			if (isset($attribute[checktypefunction]) &&
				! $attribute[checktypefunction]($L_change_info[$attribute_name]))
				return "Invalid syntax for attribute $attribute_name";

		}

		#If valuetype is mapping then try and find the mappings and create value based on them
		if ($attribute[valuetype] == 'mapping'){
			if (isset($L_change_info[$attribute_name]))
				return "Attribute $attribute_name is of type 'mapping' but were passed a value";
			$indexattr = $attribute[mapping][indexattribute];
			if ($indexattr == '')
				return "No Index Attribute for mapping for attribute $attribute_name";
			$base = $LUMS_Config[Object][$L_object_type][mappings][$indexattr][$attribute_name];
			if (!isset($base))
				return "No mappings found for attribute $attribute_name with index attribute $indexattr";

			#We only do work if the index attribute is present in L_change_info
			if (isset($L_change_info[$indexattr])){
				if (is_array($L_change_info[$indexattr])){
					foreach ($L_change_info[$indexattr] as $value){
						if (isset($base[$value]))
							$L_change_info[$attribute_name][] = $base[$value];
					}
				}
				else
					$L_change_info[$attribute_name] = $base[$L_change_info[$indexattr]];

				#Check if an attribute is not allowed to be multivalue and
				#we are passed an array

				if ($attribute[multivalue] == 0 && is_array($L_change_info[$attribute_name]))
					return "Attribute $attribute_name is not allowed to be multivalued";

				if (! LUMS_helper_check_syntax($L_change_info[$attribute_name], $attribute[type]))
					return "Invalid syntax for atribute $attribute_name";

				if (isset($attribute[checktypefunction]) && 
					! $attribute[checktypefunction]($L_change_info[$attribute_name]))
					return "Invalid syntax for attribute $attribute_name";
			}
		}

		#If valuetype is copyattr then
		#Find the source attribute and blindly copy (no other checks are necessary since we made
		#them for the source attribute)

		if ($attribute[valuetype] == 'copyattr'){
			if (isset($L_change_info[$attribute_name]))
				return "Attribute $attribute_name is of type 'copyattr' but were passed a value";
			if (!isset($attribute[sourceattr]))
				return "Attribute $attribute_name is of type 'copyattr' but no source attribute configured";
			else
				$L_sourceattr = $attribute[sourceattr];
			if (isset($L_change_info[$L_sourceattr]))
				$L_change_info[$attribute_name] = $L_change_info[$L_sourceattr];
		}

		#If we have a constraint on the attribute value now is the time to do the checks

		if (isset($attribute[constraint]) && isset($L_change_info[$attribute_name]) && !empty($L_change_info[$attribute_name])){
			if ($attribute[constraint][type] == 'arrayOfValues'){
				if (!isset($attribute[constraint][values]) || !is_array($attribute[constraint][values]))
					return "Attribute $attribute_name has value constraints but constraint values not set";
				$matching = 0;
				foreach ($attribute[constraint][values] as $constraint){
					if ( (is_array($L_change_info[$attribute_name]) &&
					in_array($constraint, $L_change_info[$attribute_name]) ) ||
					(!is_array($L_change_info[$attribute_name]) &&
					$L_change_info[$attribute_name] == $constraint) ){
						$matching = 1;
						break;
					}
				}
				if (! $matching)
					return "Attribute $attribute_name value(s) does not match constraints";
			}
		}

	}

	#UTF8 encode any values needed
	foreach ($L_change_info as $attribute_name => $attribute_val){
		if ($LUMS_Config[Object][$L_object_type][attributes][$attribute_name][valuetype] == 'virtual')
			unset($L_change_info[$attribute_name]);
		if (is_array($attribute_val)){
			foreach ($attribute_val as $attribute_index => $attribute_val2){
				if (preg_match('/[\x80-\xff]/',$attribute_val2))
		$L_change_info[$attribute_val][$attribute_index] = iconv($LUMS_Config[Main][non_english_charset],'UTF-8',$attribute_val2);
			}
		}
		else
			if (preg_match('/[\x80-\xff]/',$attribute_val))
		$L_change_info[$attribute_name] = iconv($LUMS_Config[Main][non_english_charset],'UTF-8',$attribute_val);
	}

	if ($LUMS_Config[Main][debug] == 1){
		echo "LUMS_ldap_modify_entry. INFO AFTER<br>\n";
		print_r($L_change_info);
	}

	if (! @ldap_modify($conn, $L_entrydn, $L_change_info))
		return "Entry modify failed: " . @ldap_error($conn);

	#Call any post operation function
	if (isset($LUMS_Config[Object][$L_object_type][operations][postmodify])){
		$LUMS_Config[Object][$L_object_type][operations][postmodify]($conn, $L_entrydn, $L_change_info);
	}

	return 0;
}

function LUMS_ldap_delete_entry($L_binddn, $L_bindpassword, $L_object_type, $L_entrydn)
{
	global $LUMS_Config;
	if ($L_object_type == '' || $L_entrydn == '')
		return "Invalid arguments provided";
	if ($L_binddn == ''){
		$L_binddn = $LUMS_Config[LDAP][binddn];
		$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
	}

	$conn = @ldap_connect($LUMS_Config[LDAP][server]);
	if (!$conn) return "Could not connect to ldap server";
	ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
	if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
		return "Could not bind to ldap server";
	if ($LUMS_Config[LDAP][useproxyauth] == '1'){
		if ($L_binddn == '')
			return "Proxy authorization set but binddn not available";
		$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
		if ($ret != '')
			return "Proxy authorization failed: $ret";
	}

	#Check that we konw this Object Type

	if (! is_array($LUMS_Config[Object][$L_object_type]))
		return "Object Type $L_object_type is not known";

	#Call any pre operation function
	if (isset($LUMS_Config[Object][$L_object_type][operations][predelete])){
		if (! $LUMS_Config[Object][$L_object_type][operations][predelete]($conn, $L_entrydn, ''))
			return "Pre operation failed";
	}

	if (! @ldap_delete($conn, $L_entrydn))
		return "Could not delete entry '" . $L_entrydn . "':" . @ldap_error($conn);

	#Call any post operation function
	if (isset($LUMS_Config[Object][$L_object_type][operations][postdelete])){
		$LUMS_Config[Object][$L_object_type][operations][postdelete]($conn, $L_entrydn, '');
	}

	return 0;
}

function LUMS_ldap_rename_entry($L_binddn, $L_bindpassword, $L_object_type, $L_entrydn, $L_newrdn, $L_newparent, $L_deleteoldrdn)
{
	global $LUMS_Config;
	if ($L_object_type == '' || $L_entrydn == '' || $L_newrdn != '' || $L_newparent != '')
		return "Invalid arguments provided";
	if ($L_binddn == ''){
		$L_binddn = $LUMS_Config[LDAP][binddn];
		$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
	}

	$conn = @ldap_connect($LUMS_Config[LDAP][server]);
	if (!$conn) return "Could not connect to ldap server";
	ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
	if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
		return "Could not bind to ldap server";
	if ($LUMS_Config[LDAP][useproxyauth] == '1'){
		if ($L_binddn == '')
			return "Proxy authorization set but binddn not available";
		$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
		if ($ret != '')
			return "Proxy authorization failed: $ret";
	}

	#Check that we konw this Object Type

	if (! is_array($LUMS_Config[Object][$L_object_type]))
		return "Object Type $L_object_type is not known";

	#Call any pre operation function
	if (isset($LUMS_Config[Object][$L_object_type][operations][prerename])){
		$info = array($L_newrdn, $L_newparent, $L_deleteoldrdn);
		if (! $LUMS_Config[Object][$L_object_type][operations][prerename]($conn, $L_entrydn, $info))
			return "Pre operation failed";
	}

	if (! @ldap_rename($conn, $L_entrydn, $L_newrdn, $L_newparent, $L_deleteoldrdn))
		return "Could not rename entry '" . $L_entrydn . "':" . @ldap_error($conn);

	#TODO: Perform any subsequent attribute management work

	#Call any post operation function
	if (isset($LUMS_Config[Object][$L_object_type][operations][postrename])){
		$info = array($L_newrdn, $L_newparent, $L_deleteoldrdn);
		$newdn = $L_newrdn . ',' . $L_newparent;

		$LUMS_Config[Object][$L_object_type][operations][postrename]($conn, $newdn, $info);
	}

	return 0;
}

function LUMS_ldap_plain_modify_entry($L_binddn, $L_bindpassword, $L_entrydn, $L_change_info)
{
	global $LUMS_Config;
	if ($L_object_type == '' || $L_entrydn == '' || ! isset($L_change_info))
		return "Invalid arguments provided";
	if ($L_binddn == ''){
		$L_binddn = $LUMS_Config[LDAP][binddn];
		$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
	}
	$conn = @ldap_connect($LUMS_Config[LDAP][server]);
	if (!$conn) return "Could not connect to ldap server";
	ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
	if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
		return "Could not bind to ldap server";
	if ($LUMS_Config[LDAP][useproxyauth] == '1'){
		if ($L_binddn == '')
			return "Proxy authorization set but binddn not available";
		$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
		if ($ret != '')
			return "Proxy authorization failed: $ret";
	}

        #Lower case all attribute names in $L_change_info

	$L_change_info = array_change_key_case($L_change_info, CASE_LOWER);


	if (! @ldap_modify($conn, $L_entrydn, $L_change_info))
		return "Entry modify failed: " . @ldap_error($conn);
	return 0;
}

function LUMS_ldap_plain_add_entry($L_binddn, $L_bindpassword,$L_entrydn,$L_entry_info)
{
	global $LUMS_Config;
	if ($L_entrydn == '' || ! isset($L_entry_info) || !is_array($L_entry_info))
		return "Invalid arguments provided";
	if ($L_binddn == ''){
		$L_binddn = $LUMS_Config[LDAP][binddn];
		$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
	}
	$conn = @ldap_connect($LUMS_Config[LDAP][server]);
	if (!$conn) return "Could not connect to ldap server";
	ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
	if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
		return "Could not bind to ldap server";
	if ($LUMS_Config[LDAP][useproxyauth] == '1'){
		if ($L_binddn == '')
			return "Proxy authorization set but binddn not available";
		$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
		if ($ret != '')
			return "Proxy authorization failed: $ret";
	}

        #Lower case all attribute names in $L_entry_info

	$L_entry_info = array_change_key_case($L_entry_info, CASE_LOWER);


	if (! @ldap_add($conn, $L_entrydn, $L_entry_info))
		return "Entry creation failed: " . @ldap_error($conn);
	return 0;
}

?>
Return current item: LDAP User Management System