<?php
$LUMS_base_path = '/usr/local/lums';
require_once($LUMS_base_path . '/config/config.php');
require_once($LUMS_base_path . '/lib/functions.php');
require_once($LUMS_base_path . '/lib/extras.php');
function LUMS_set_proxy_auth($conn, $proxydn, $check)
{
#
# Check to see if the directory server supports the
# Proxied Authorization control
#
if ($check){
$r = @ldap_read($conn, '', 'objectclass=*', array('supportedControl'));
if ($r){
$results = @ldap_get_entries($conn, $r);
if ($results[count] == 0)
return 'Could not read Root DSE';
if ($results[0]['supportedcontrol'][count] == 0)
return 'Could not find any supportedControl attributes in Root DSE';
$found_ctrl = 0;
for($i=0;$i<$results[0]['supportedcontrol'][count];$i++){
if ($results[0]['supportedcontrol'][$i] == '2.16.840.1.113730.3.4.18')
$found_ctrl = 1;
}
if ($found_ctrl == 0)
return 'Proxied Authorization control is not supported';
}
else
return "Root DSE Search failed: " . @ldap_error($conn);
}
$proxy_auth_ctrl = array('oid' => '2.16.840.1.113730.3.4.18',
'value' => "dn:$proxydn", 'iscritical' => true);
if (!@ldap_set_option($conn, LDAP_OPT_SERVER_CONTROLS, array($ctrl1, $ctrl2)))
return "Could not set Proxy Auth control";
return '';
}
function LUMS_ldap_bind($L_binddn, $L_bindpassword)
{
global $LUMS_Config;
#check arguments
if ($L_binddn == '' || $L_bindpassword == '')
return "Invalid arguments provided";
if ($LUMS_Config[Main][debug] == 1)
print "<br>LUMS_ldap_bind: Binddn='$L_binddn',BindPassword='$L_bindpassword'<br>\n";
$conn = @ldap_connect($LUMS_Config[LDAP][server]);
if (!$conn) return "Could not connect to ldap server";
@ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
return @ldap_error($conn);
return '';
}
function LUMS_ldap_search($L_binddn,$L_bindpassword,$L_basedn,$L_scope,$L_filter,$L_attrs_array = array(),
$L_sizelimit = 0, $L_timelimit = 0)
{
global $LUMS_Config;
#check arguments
if ($L_basedn == '' || $L_scope == '' || $L_filter == '')
return "Invalid arguments provided";
if ($L_binddn == ''){
$L_binddn = $LUMS_Config[LDAP][binddn];
$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
}
if ($LUMS_Config[Main][debug] == 1)
print "<br>LUMS_ldap_search: Binddn='$L_binddn',BindPassword='$L_bindpassword'<br>\n";
$conn = @ldap_connect($LUMS_Config[LDAP][server]);
if (!$conn) return "Could not connect to ldap server";
@ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
return "Could not bind to ldap server" . @ldap_error($conn);
switch($L_scope){
case 'base':
$sr=@ldap_read ($conn, $L_basedn, $L_filter, $L_attrs_array);
break;
case 'one':
$sr=@ldap_list ($conn, $L_basedn, $L_filter, $L_attrs_array, 0, $L_sizelimit, $L_timelimit);
break;
case 'sub':
$sr=@ldap_search($conn, $L_basedn, $L_filter , $L_attrs_array, 0, $L_sizelimit, $L_timelimit);
break;
default:
$sr=@ldap_search($conn, $L_basedn, $L_filter , $L_attrs_array, 0, $L_sizelimit, $L_timelimit);
}
if ($sr)
$results = @ldap_get_entries($conn, $sr);
else
return "Search failed: " . @ldap_error($conn);
unset($info);
if ($results[count] > 0)
$info = $results;
return $info;
}
function LUMS_ldap_add_entry($L_binddn, $L_bindpassword,$L_object_type,$L_entrydn,$L_entry_info)
{
global $LUMS_Config;
if ($L_object_type == '' || $L_entrydn == '' || ! isset($L_entry_info) || !is_array($L_entry_info))
return "Invalid arguments provided";
if ($L_binddn == '' || $LUMS_Config[LDAP][useproxyauth] == '1'){
$L_binddn = $LUMS_Config[LDAP][binddn];
$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
}
$conn = @ldap_connect($LUMS_Config[LDAP][server]);
if (!$conn) return "Could not connect to ldap server";
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
return "Could not bind to ldap server";
if ($LUMS_Config[LDAP][useproxyauth] == '1'){
if ($L_binddn == '')
return "Proxy authorization set but binddn not available";
$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
if ($ret != '')
return "Proxy authorization failed: $ret";
}
#Check that we konw this Object Type
if (! is_array($LUMS_Config[Object][$L_object_type]))
return "Object Type $L_object_type is not known";
#Lower case all attribute names in $L_entry_info and $LUMS_Config[Object][$L_object_type]
$L_entry_info = array_change_key_case($L_entry_info, CASE_LOWER);
if ($LUMS_Config[Main][debug] == 1){
echo "LUMS_ldap_add_entry. INFO BEFORE<br>\n";
print_r($L_entry_info);
}
#Call any pre operation function
if (isset($LUMS_Config[Object][$L_object_type][operations][preadd])){
if (! $LUMS_Config[Object][$L_object_type][operations][preadd]($conn, $L_entrydn, $L_entry_info))
return "Pre operation failed";
}
#Walk through the Config attributes list and perform all actions required
if (isset($LUMS_Config[Object][$L_object_type][attributes])){
foreach ($LUMS_Config[Object][$L_object_type][attributes] as $attribute_name => $attribute){
#If valuetype is constant set entry info with Config values
#If an entry already exists fail
if ($attribute[valuetype] == 'constant'){
if (isset($L_entry_info[$attribute_name]))
return "attribute $attribute_name is constant but was passed a value";
foreach($attribute[constant][values] as $attr_val)
$L_entry_info[$attribute_name][] = $attr_val;
}
#If valuetype is uservalue then
#1. Make sure the attributes exist in $L_entry_info
#2. Check basic syntax
#3. Call external check type function if one is defined
#4. Call attribute uniqueness function is one is defined
if ($attribute[valuetype] == 'uservalue'){
if ($attribute[required] == 1 && !isset($L_entry_info[$attribute_name]))
return "Required attribute $attribute_name is not set";
if (!isset($L_entry_info[$attribute_name]))
continue;
#Check if an attribute is not allowed to be multivalue and
#we are passed an array
if ($attribute[multivalue] == 0 && is_array($L_entry_info[$attribute_name]))
return "Attribute $attribute_name is not allowed to be multivalued";
if (! LUMS_helper_check_syntax($L_entry_info[$attribute_name], $attribute[type]))
return "Invalid syntax for atribute $attribute_name";
if (isset($attribute[checktypefunction]) && ! $attribute[checktypefunction]($L_entry_info[$attribute_name]))
return "Invalid syntax for attribute $attribute_name";
if ($attribute[constraint_unique] == 1)
if (! LUMS_helper_check_uniqueness($conn, $attribute[unique][base], $L_entry_info[$attribute_name]))
return "Attribute $attribute_name value is not unique";
#If it is a password attribute call creation function
if ($attribute[type] == 'password'){
$arr = LUMS_helper_create_password($L_entry_info[$attribute_name]);
if ($arr[0] != '')
return $arr[0];
$L_entry_info[$attribute_name] = $arr[1];
}
}
#If valuetype is callfunc then call corresponding function
if ($attribute[valuetype] == 'callfunc'){
if (isset($L_entry_info[$attribute_name]))
return "Attribute $attribute_name is of type 'call function' but were passed a value";
if (!function_exists($attribute[callfunction]))
return "Call function '$attribute[callfunction]' is not set";
$arr = $attribute[callfunction]($L_entry_info);
if ($arr[0] == 'notset' || $arr[0] == 'empty'){
if ($attribute[required] == 1)
return "Call function returned empty/notset for attribute $attribute_name";
else
continue;
}
if ($arr[0] == 'error')
return "Call function returned an error: " . $arr[1];
$L_entry_info[$attribute_name] = $arr[1];
#Check if an attribute is not allowed to be multivalue and
#we are passed an array
if ($attribute[multivalue] == 0 && is_array($L_entry_info[$attribute_name]))
return "Attribute $attribute_name is not allowed to be multivalued";
if (! LUMS_helper_check_syntax($L_entry_info[$attribute_name], $attribute[type]))
return "Invalid syntax for atribute $attribute_name";
if (isset($attribute[checktypefunction]) && ! $attribute[checktypefunction]($L_entry_info[$attribute_name]))
return "Invalid syntax for attribute $attribute_name";
}
#If valuetype is autoincrement then call autoincrement function
if ($attribute[valuetype] == 'autoincrement'){
if (isset($L_entry_info[$attribute_name]))
return "Attribute $attribute_name is of type 'autoincrement' but were passed a value";
$val = $attribute[autoincrement][func]($conn, $LUMS_Config[LDAP][countersdn],
$attribute[autoincrement][counter], $LUMS_Config[Main][interfaceid]);
if ($val == 0)
return "Auto Increment function returned failure";
unset($L_entry_info[$attribute_name]);
$L_entry_info[$attribute_name] = $val;
}
#If valuetype is virtual then we do not do anything about the attribute
if ($attribute[valuetype] == 'virtual'){
if ($attribute[required] == 1 && !isset($L_entry_info[$attribute_name]))
return "Required attribute $attribute_name is not set";
if (!isset($L_entry_info[$attribute_name]))
continue;
#Check if an attribute is not allowed to be multivalue and
#we are passed an array
if ($attribute[multivalue] == 0 && is_array($L_entry_info[$attribute_name]))
return "Attribute $attribute_name is not allowed to be multivalued";
if (! LUMS_helper_check_syntax($L_entry_info[$attribute_name], $attribute[type]))
return "Invalid syntax for atribute $attribute_name";
if (isset($attribute[checktypefunction]) && ! $attribute[checktypefunction]($L_entry_info[$attribute_name]))
return "Invalid syntax for attribute $attribute_name";
}
#If valuetype is mapping then try and find the mappings and create value based on them
if ($attribute[valuetype] == 'mapping'){
if (isset($L_entry_info[$attribute_name]))
return "Attribute $attribute_name is of type 'mapping' but were passed a value";
$indexattr = $attribute[mapping][indexattribute];
if ($indexattr == '')
return "No Index Attribute for mapping for attribute $attribute_name";
$base = $LUMS_Config[Object][$L_object_type][mappings][$indexattr][$attribute_name];
if (!isset($base))
return "No mappings found for attribute $attribute_name with index attribute $indexattr";
if (!isset($L_entry_info[$indexattr]))
return "Index attribute $indexattr has no value";
if (is_array($L_entry_info[$indexattr])){
foreach ($L_entry_info[$indexattr] as $value){
if (isset($base[$value]))
$L_entry_info[$attribute_name][] = $base[$value];
}
}
else
$L_entry_info[$attribute_name] = $base[$L_entry_info[$indexattr]];
if ($attribute[required] == 1 && !isset($L_entry_info[$attribute_name]))
return "Required attribute $attribute_name is not set";
#Check if an attribute is not allowed to be multivalue and
#we are passed an array
if ($attribute[multivalue] == 0 && is_array($L_entry_info[$attribute_name]))
return "Attribute $attribute_name is not allowed to be multivalued";
if (! LUMS_helper_check_syntax($L_entry_info[$attribute_name], $attribute[type]))
return "Invalid syntax for atribute $attribute_name";
if (isset($attribute[checktypefunction]) && ! $attribute[checktypefunction]($L_entry_info[$attribute_name]))
return "Invalid syntax for attribute $attribute_name";
}
#If valuetype is copyattr then
#Find the source attribute and blindly copy (no other checks are necessary since we made
#them for the source attribute)
if ($attribute[valuetype] == 'copyattr'){
if (isset($L_entry_info[$attribute_name]))
return "Attribute $attribute_name is of type 'copyattr' but were passed a value";
if (!isset($attribute[sourceattr]))
return "Attribute $attribute_name is of type 'copyattr' but no source attribute configured";
else
$L_sourceattr = $attribute[sourceattr];
if (isset($L_entry_info[$L_sourceattr]))
$L_entry_info[$attribute_name] = $L_entry_info[$L_sourceattr];
}
#If we have a constraint on the attribute value now is the time to do the checks
if (isset($attribute[constraint]) && isset($L_entry_info[$attribute_name])){
if ($attribute[constraint][type] == 'arrayOfValues'){
if (!isset($attribute[constraint][values]) || !is_array($attribute[constraint][values]))
return "Attribute $attribute_name has value constraints but constraint values not set";
$matching = 0;
foreach ($attribute[constraint][values] as $constraint){
if ( (is_array($L_entry_info[$attribute_name]) &&
in_array($constraint, $L_entry_info[$attribute_name]) ) ||
(!is_array($L_entry_info[$attribute_name]) &&
$L_entry_info[$attribute_name] == $constraint) ){
$matching = 1;
break;
}
}
if (! $matching)
return "Attribute $attribute_name value(s) does not match constraints";
}
}
}
}
#Delete any virtual attributes
#UTF8 encode any values needed
foreach ($L_entry_info as $attribute_name => $attribute_val){
if ($LUMS_Config[Object][$L_object_type][attributes][$attribute_name][valuetype] == 'virtual')
unset($L_entry_info[$attribute_name]);
if (is_array($attribute_val)){
foreach ($attribute_val as $attribute_index => $attribute_val2){
if (preg_match('/[\x80-\xff]/',$attribute_val2))
$L_entry_info[$attribute_val][$attribute_index] = iconv($LUMS_Config[Main][non_english_charset],'UTF-8',$attribute_val2);
}
}
else
if (preg_match('/[\x80-\xff]/',$attribute_val))
$L_entry_info[$attribute_name] = iconv($LUMS_Config[Main][non_english_charset],'UTF-8',$attribute_val);
}
if ($LUMS_Config[Main][debug] == 1){
echo "LUMS_ldap_add_entry. INFO AFTER<br>\n";
print_r($L_entry_info);
}
if (! @ldap_add($conn, $L_entrydn, $L_entry_info))
return "Entry creation failed: " . @ldap_error($conn);
#Call any post operation function
if (isset($LUMS_Config[Object][$L_object_type][operations][postadd])){
$LUMS_Config[Object][$L_object_type][operations][postadd]($conn, $L_entrydn, $L_entry_info);
}
return 0;
}
function LUMS_ldap_change_password($L_binddn, $L_bindpassword,$L_entrydn,$L_newpassword)
{
global $LUMS_Config;
if ($L_entrydn == '' || $L_newpassword == '')
return "Invalid arguments provided";
if ($L_binddn == ''){
$L_binddn = $LUMS_Config[LDAP][binddn];
$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
}
$conn = @ldap_connect($LUMS_Config[LDAP][server]);
if (!$conn) return "Could not connect to ldap server";
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
return "Could not bind to ldap server";
if ($LUMS_Config[LDAP][useproxyauth] == '1'){
if ($L_binddn == '')
return "Proxy authorization set but binddn not available";
$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
if ($ret != '')
return "Proxy authorization failed: $ret";
}
$arr = LUMS_helper_create_password($L_newpassword);
if ($arr[0] != '')
return $arr[0];
$attrs_array = array('userpassword');
$sr = @ldap_read($conn, $L_entrydn, '(objectclass=*)',$attrs_array);
if (!$sr)
return "Search for entry failed: " . @ldap_error($conn);
unset($info);
$info['userpassword'] = $arr[1];
if (@ldap_mod_replace($conn, $L_entrydn, $info))
return null;
else
return "Password replace failed: " . @ldap_error($conn);
return null;
}
function LUMS_ldap_modify_entry($L_binddn, $L_bindpassword, $L_object_type, $L_entrydn, $L_change_info)
{
global $LUMS_Config;
if ($L_object_type == '' || $L_entrydn == '' || ! isset($L_change_info))
return "Invalid arguments provided";
if ($L_binddn == ''){
$L_binddn = $LUMS_Config[LDAP][binddn];
$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
}
$conn = @ldap_connect($LUMS_Config[LDAP][server]);
if (!$conn) return "Could not connect to ldap server";
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
return "Could not bind to ldap server";
if ($LUMS_Config[LDAP][useproxyauth] == '1'){
if ($L_binddn == '')
return "Proxy authorization set but binddn not available";
$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
if ($ret != '')
return "Proxy authorization failed: $ret";
}
#Check that we konw this Object Type
if (! is_array($LUMS_Config[Object][$L_object_type]))
return "Object Type $L_object_type is not known";
#Lower case all attribute names in $L_change_info
$L_change_info = array_change_key_case($L_change_info, CASE_LOWER);
if ($LUMS_Config[Main][debug] == 1){
echo "LUMS_ldap_add_entry. INFO BEFORE<br>\n";
print_r($L_change_info);
}
#Call any pre operation function
if (isset($LUMS_Config[Object][$L_object_type][operations][premodify])){
if (! $LUMS_Config[Object][$L_object_type][operations][premodify]($conn, $L_entrydn, $L_change_info))
return "Pre operation failed";
}
#Walk through the Config attributes list and perform all actions required
foreach ($LUMS_Config[Object][$L_object_type][attributes] as $attribute_name => $attribute){
#If valuetype is constant and we find an attribute in L_change_info, complain
if ($attribute[valuetype] == 'constant' && isset($L_change_info[$attribute_name]))
return "attribute $attribute_name is constant but were passed a value";
#If valuetype is uservalue and exists in $L_change_info then
#1. Check basic syntax
#2. Call external check type function if one is defined
#3. Call attribute uniqueness function is one is defined
if ($attribute[valuetype] == 'uservalue' && isset($L_change_info[$attribute_name])){
#Check if an attribute is not allowed to be multivalue and
#we are passed an array
if ($attribute[multivalue] == 0 && is_array($L_change_info[$attribute_name]))
return "Attribute $attribute_name is not allowed to be multivalued";
if (! LUMS_helper_check_syntax($L_change_info[$attribute_name], $attribute[type]))
return "Invalid syntax for atribute $attribute_name";
if (isset($attribute[checktypefunction]) && ! $attribute[checktypefunction]($L_change_info[$attribute_name]))
return "Invalid syntax for attribute $attribute_name";
if ($attribute[constraint_unique] == 1)
if (! LUMS_helper_check_uniqueness($conn, $attribute[unique][base], $L_change_info[$attribute_name]))
return "Attribute $attribute_name value is not unique";
#If it is a password attribute call creation function
if ($attribute[type] == 'password'){
$arr = LUMS_helper_create_password($L_change_info[$attribute_name]);
if ($arr[0] != '')
return $arr[0];
$L_change_info[$attribute_name] = $arr[1];
}
#If attribute value is '' then we set it to an empty array() so that the attribute(s) get deleted
#If it is required complaint
if (! is_array($L_change_info[$attribute_name]) && $L_change_info[$attribute_name] == ''){
if ($attribute[required] == 1)
return "Attribute $attribute_name was set to be deleted but is required";
$L_change_info[$attribute_name] = array();
}
}
#If valuetype is callfunc then call corresponding function
if ($attribute[valuetype] == 'callfunc'){
if (!function_exists($attribute[callfunction]))
return "Call function '$attribute[callfunction]' is not set";
if (isset($L_change_info[$attribute_name]))
return "Attribute $attribute_name is of type 'call function' but were passed a value";
$arr = $attribute[callfunction]($L_change_info);
if ($arr[0] == 'error')
return "Call function returned an error: " . $arr[1];
if ($arr[0] != 'notset'){
$L_change_info[$attribute_name] = $arr[1];
#Check if an attribute is not allowed to be multivalue and
#we are passed an array
if ($attribute[multivalue] == 0 && is_array($L_change_info[$attribute_name]))
return "Attribute $attribute_name is not allowed to be multivalued";
if (! LUMS_helper_check_syntax($L_change_info[$attribute_name], $attribute[type]))
return "Invalid syntax for atribute $attribute_name";
if (isset($attribute[checktypefunction]) &&
! $attribute[checktypefunction]($L_change_info[$attribute_name]))
return "Invalid syntax for attribute $attribute_name";
}
}
#We don't do anything for autoincrement type attributes (we only handle them on entry creation)
#If valuetype is virtual then we do not do anything about the attribute
if ($attribute[valuetype] == 'virtual' && isset($L_change_info[$attribute_name])){
#Check if an attribute is not allowed to be multivalue and
#we are passed an array
if ($attribute[multivalue] == 0 && is_array($L_change_info[$attribute_name]))
return "Attribute $attribute_name is not allowed to be multivalued";
if (! LUMS_helper_check_syntax($L_change_info[$attribute_name], $attribute[type]))
return "Invalid syntax for atribute $attribute_name";
if (isset($attribute[checktypefunction]) &&
! $attribute[checktypefunction]($L_change_info[$attribute_name]))
return "Invalid syntax for attribute $attribute_name";
}
#If valuetype is mapping then try and find the mappings and create value based on them
if ($attribute[valuetype] == 'mapping'){
if (isset($L_change_info[$attribute_name]))
return "Attribute $attribute_name is of type 'mapping' but were passed a value";
$indexattr = $attribute[mapping][indexattribute];
if ($indexattr == '')
return "No Index Attribute for mapping for attribute $attribute_name";
$base = $LUMS_Config[Object][$L_object_type][mappings][$indexattr][$attribute_name];
if (!isset($base))
return "No mappings found for attribute $attribute_name with index attribute $indexattr";
#We only do work if the index attribute is present in L_change_info
if (isset($L_change_info[$indexattr])){
if (is_array($L_change_info[$indexattr])){
foreach ($L_change_info[$indexattr] as $value){
if (isset($base[$value]))
$L_change_info[$attribute_name][] = $base[$value];
}
}
else
$L_change_info[$attribute_name] = $base[$L_change_info[$indexattr]];
#Check if an attribute is not allowed to be multivalue and
#we are passed an array
if ($attribute[multivalue] == 0 && is_array($L_change_info[$attribute_name]))
return "Attribute $attribute_name is not allowed to be multivalued";
if (! LUMS_helper_check_syntax($L_change_info[$attribute_name], $attribute[type]))
return "Invalid syntax for atribute $attribute_name";
if (isset($attribute[checktypefunction]) &&
! $attribute[checktypefunction]($L_change_info[$attribute_name]))
return "Invalid syntax for attribute $attribute_name";
}
}
#If valuetype is copyattr then
#Find the source attribute and blindly copy (no other checks are necessary since we made
#them for the source attribute)
if ($attribute[valuetype] == 'copyattr'){
if (isset($L_change_info[$attribute_name]))
return "Attribute $attribute_name is of type 'copyattr' but were passed a value";
if (!isset($attribute[sourceattr]))
return "Attribute $attribute_name is of type 'copyattr' but no source attribute configured";
else
$L_sourceattr = $attribute[sourceattr];
if (isset($L_change_info[$L_sourceattr]))
$L_change_info[$attribute_name] = $L_change_info[$L_sourceattr];
}
#If we have a constraint on the attribute value now is the time to do the checks
if (isset($attribute[constraint]) && isset($L_change_info[$attribute_name]) && !empty($L_change_info[$attribute_name])){
if ($attribute[constraint][type] == 'arrayOfValues'){
if (!isset($attribute[constraint][values]) || !is_array($attribute[constraint][values]))
return "Attribute $attribute_name has value constraints but constraint values not set";
$matching = 0;
foreach ($attribute[constraint][values] as $constraint){
if ( (is_array($L_change_info[$attribute_name]) &&
in_array($constraint, $L_change_info[$attribute_name]) ) ||
(!is_array($L_change_info[$attribute_name]) &&
$L_change_info[$attribute_name] == $constraint) ){
$matching = 1;
break;
}
}
if (! $matching)
return "Attribute $attribute_name value(s) does not match constraints";
}
}
}
#UTF8 encode any values needed
foreach ($L_change_info as $attribute_name => $attribute_val){
if ($LUMS_Config[Object][$L_object_type][attributes][$attribute_name][valuetype] == 'virtual')
unset($L_change_info[$attribute_name]);
if (is_array($attribute_val)){
foreach ($attribute_val as $attribute_index => $attribute_val2){
if (preg_match('/[\x80-\xff]/',$attribute_val2))
$L_change_info[$attribute_val][$attribute_index] = iconv($LUMS_Config[Main][non_english_charset],'UTF-8',$attribute_val2);
}
}
else
if (preg_match('/[\x80-\xff]/',$attribute_val))
$L_change_info[$attribute_name] = iconv($LUMS_Config[Main][non_english_charset],'UTF-8',$attribute_val);
}
if ($LUMS_Config[Main][debug] == 1){
echo "LUMS_ldap_modify_entry. INFO AFTER<br>\n";
print_r($L_change_info);
}
if (! @ldap_modify($conn, $L_entrydn, $L_change_info))
return "Entry modify failed: " . @ldap_error($conn);
#Call any post operation function
if (isset($LUMS_Config[Object][$L_object_type][operations][postmodify])){
$LUMS_Config[Object][$L_object_type][operations][postmodify]($conn, $L_entrydn, $L_change_info);
}
return 0;
}
function LUMS_ldap_delete_entry($L_binddn, $L_bindpassword, $L_object_type, $L_entrydn)
{
global $LUMS_Config;
if ($L_object_type == '' || $L_entrydn == '')
return "Invalid arguments provided";
if ($L_binddn == ''){
$L_binddn = $LUMS_Config[LDAP][binddn];
$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
}
$conn = @ldap_connect($LUMS_Config[LDAP][server]);
if (!$conn) return "Could not connect to ldap server";
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
return "Could not bind to ldap server";
if ($LUMS_Config[LDAP][useproxyauth] == '1'){
if ($L_binddn == '')
return "Proxy authorization set but binddn not available";
$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
if ($ret != '')
return "Proxy authorization failed: $ret";
}
#Check that we konw this Object Type
if (! is_array($LUMS_Config[Object][$L_object_type]))
return "Object Type $L_object_type is not known";
#Call any pre operation function
if (isset($LUMS_Config[Object][$L_object_type][operations][predelete])){
if (! $LUMS_Config[Object][$L_object_type][operations][predelete]($conn, $L_entrydn, ''))
return "Pre operation failed";
}
if (! @ldap_delete($conn, $L_entrydn))
return "Could not delete entry '" . $L_entrydn . "':" . @ldap_error($conn);
#Call any post operation function
if (isset($LUMS_Config[Object][$L_object_type][operations][postdelete])){
$LUMS_Config[Object][$L_object_type][operations][postdelete]($conn, $L_entrydn, '');
}
return 0;
}
function LUMS_ldap_rename_entry($L_binddn, $L_bindpassword, $L_object_type, $L_entrydn, $L_newrdn, $L_newparent, $L_deleteoldrdn)
{
global $LUMS_Config;
if ($L_object_type == '' || $L_entrydn == '' || $L_newrdn != '' || $L_newparent != '')
return "Invalid arguments provided";
if ($L_binddn == ''){
$L_binddn = $LUMS_Config[LDAP][binddn];
$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
}
$conn = @ldap_connect($LUMS_Config[LDAP][server]);
if (!$conn) return "Could not connect to ldap server";
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
return "Could not bind to ldap server";
if ($LUMS_Config[LDAP][useproxyauth] == '1'){
if ($L_binddn == '')
return "Proxy authorization set but binddn not available";
$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
if ($ret != '')
return "Proxy authorization failed: $ret";
}
#Check that we konw this Object Type
if (! is_array($LUMS_Config[Object][$L_object_type]))
return "Object Type $L_object_type is not known";
#Call any pre operation function
if (isset($LUMS_Config[Object][$L_object_type][operations][prerename])){
$info = array($L_newrdn, $L_newparent, $L_deleteoldrdn);
if (! $LUMS_Config[Object][$L_object_type][operations][prerename]($conn, $L_entrydn, $info))
return "Pre operation failed";
}
if (! @ldap_rename($conn, $L_entrydn, $L_newrdn, $L_newparent, $L_deleteoldrdn))
return "Could not rename entry '" . $L_entrydn . "':" . @ldap_error($conn);
#TODO: Perform any subsequent attribute management work
#Call any post operation function
if (isset($LUMS_Config[Object][$L_object_type][operations][postrename])){
$info = array($L_newrdn, $L_newparent, $L_deleteoldrdn);
$newdn = $L_newrdn . ',' . $L_newparent;
$LUMS_Config[Object][$L_object_type][operations][postrename]($conn, $newdn, $info);
}
return 0;
}
function LUMS_ldap_plain_modify_entry($L_binddn, $L_bindpassword, $L_entrydn, $L_change_info)
{
global $LUMS_Config;
if ($L_object_type == '' || $L_entrydn == '' || ! isset($L_change_info))
return "Invalid arguments provided";
if ($L_binddn == ''){
$L_binddn = $LUMS_Config[LDAP][binddn];
$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
}
$conn = @ldap_connect($LUMS_Config[LDAP][server]);
if (!$conn) return "Could not connect to ldap server";
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
return "Could not bind to ldap server";
if ($LUMS_Config[LDAP][useproxyauth] == '1'){
if ($L_binddn == '')
return "Proxy authorization set but binddn not available";
$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
if ($ret != '')
return "Proxy authorization failed: $ret";
}
#Lower case all attribute names in $L_change_info
$L_change_info = array_change_key_case($L_change_info, CASE_LOWER);
if (! @ldap_modify($conn, $L_entrydn, $L_change_info))
return "Entry modify failed: " . @ldap_error($conn);
return 0;
}
function LUMS_ldap_plain_add_entry($L_binddn, $L_bindpassword,$L_entrydn,$L_entry_info)
{
global $LUMS_Config;
if ($L_entrydn == '' || ! isset($L_entry_info) || !is_array($L_entry_info))
return "Invalid arguments provided";
if ($L_binddn == ''){
$L_binddn = $LUMS_Config[LDAP][binddn];
$L_bindpassword = $LUMS_Config[LDAP][bindpassword];
}
$conn = @ldap_connect($LUMS_Config[LDAP][server]);
if (!$conn) return "Could not connect to ldap server";
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
if (! @ldap_bind($conn, $L_binddn, $L_bindpassword))
return "Could not bind to ldap server";
if ($LUMS_Config[LDAP][useproxyauth] == '1'){
if ($L_binddn == '')
return "Proxy authorization set but binddn not available";
$ret = LUMS_set_proxy_auth($conn, $L_binddn, $LUMS_Config[LDAP][checkrootdse]);
if ($ret != '')
return "Proxy authorization failed: $ret";
}
#Lower case all attribute names in $L_entry_info
$L_entry_info = array_change_key_case($L_entry_info, CASE_LOWER);
if (! @ldap_add($conn, $L_entrydn, $L_entry_info))
return "Entry creation failed: " . @ldap_error($conn);
return 0;
}
?>