ldap.php

GForge 3.0 协作开发平台 支持CVS, mailing lists, bug tracking, message boards/forums, task management, perman

<?php
/**
 * ldap.php - The LDAP library
 *
 * Copyright 1999-2001 (c) VA Linux Systems
 *
 * @version   $Id: ldap.php,v 1.9 2001/06/06 21:30:03 dbrogdon Exp $
 * @author Paul Sokolovsky pfalcon@users.sourceforge.net
 * @date 2000-10-17
 *
 * This file is part of GForge.
 *
 * GForge is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * GForge is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with GForge; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

require_once('common/include/account.php');

/*
 * Constants
 */

/**
 * Value to add to group_id to get unix gid
 *
 * @var	constant		$GID_ADD
 */
$GID_ADD = 10000;

/**
 * Value to add to unix_uid to get unix uid
 * 
 * @var	constant		$UID_ADD
 */
$UID_ADD = 20000;

/**
 * Value to add to unix gid to get unix uid of anoncvs special user
 *
 * @var	constant		$ANONCVS_UID_ADD
 */
$ANONCVS_UID_ADD = 50000;

/*
 * Auxilary functions
 */

/**
 *	asciize() - Replace non-ascii characters with question marks
 *
 *	LDAP expects utf-8 encoded character string. Since we cannot
 *	know which encoding 8-bit characters in database use, we
 *	just replace them with question marks.
 *
 *  @param		string	UTF-8 encoded character string.
 *	@return string which contains only ascii characters
 */
function asciize($str) {
	if (!$str) {
		// LDAP don't allow empty strings for some attributes
		return '?';
	}

	return ereg_replace("[\x80-\xff]","?",$str);
}

/*
 * Error message passing facility
 */

/**
 * sf_ldap_set_error_msg() - Set an LDAP error message
 *
 * @param		string	The message string to set
 *
 */
//var $_sf_ldap_error_msg;
function sf_ldap_set_error_msg($msg) {
	global $_sf_ldap_error_msg;
	$_sf_ldap_error_msg .= $msg;
}

/**
 * sf_ldap_get_error_msg() - Get an LDAP error message
 *
 * @returns The error message string
 *
 */
function sf_ldap_get_error_msg() {
	global $_sf_ldap_error_msg;
	return $_sf_ldap_error_msg;
}

/**
 * sf_ldap_reset_error_msg() - Reset the stored LDAP error message
 *
 */
function sf_ldap_reset_error_msg() {
	global $_sf_ldap_error_msg;
	$_sf_ldap_error_msg='';
}


/*
 * Wrappers for PHP LDAP functions
 */

/**
 * sf_ldap_connect() - Connect to the LDAP server
 *
 * @returns true on success/false on error
 *
 */
function sf_ldap_connect() {
	global $sys_ldap_host,$sys_ldap_port;
	global $sys_ldap_bind_dn,$sys_ldap_passwd,$ldap_conn;

	if (!$ldap_conn) {
		sf_ldap_reset_error_msg();
		$ldap_conn = @ldap_connect($sys_ldap_host,$sys_ldap_port);
		if (!$ldap_conn) {
			sf_ldap_set_error_msg('ERROR: Cannot connect to LDAP server<br />');
			return false;
		}
		ldap_bind($ldap_conn,$sys_ldap_bind_dn,$sys_ldap_passwd);
	}
	return true;
}

/**
 * sf_ldap_add() - Wrapper for ldap_add()
 * 
 * @param		string	dn
 * @param		string	entry
 *
 */
function sf_ldap_add($dn, $entry) {
	global $ldap_conn;
	return @ldap_add($ldap_conn,$dn,$entry);
}

/**
 * sf_ldap_delete() - Wrapper for ldap_delete()
 *
 * @param		string	dn
 *
 */
function sf_ldap_delete($dn) {
	global $ldap_conn;
	return @ldap_delete($ldap_conn,$dn);
}

/**
 * sf_ldap_modify() - Wrapper for ldap_modify()
 *
 * @param		string	dn
 * @param		string	entry
 *
 */
function sf_ldap_modify($dn,$entry) {
	global $ldap_conn;
	return @ldap_modify($ldap_conn,$dn,$entry);
}

/**
 * sf_ldap_modify_if_exists() - Wrapper for ldap_modify()
 * works like sf_ldap_modify, but returns true if the LDAP entry does not exist
 *
 * @param		string	dn
 * @param		string	entry
 *
 */
function sf_ldap_modify_if_exists($dn,$entry) {
        $res = sf_ldap_modify($dn,$entry);
        if ($res) {
                return true ;
        } else {
                $err = ldap_errno ($ldap_conn) ;
                if ($err == 32) {
                        return true ;
                } else {
                        return false ;
                }
        };
}

/**
 * sf_ldap_mod_add() - Wrapper for ldap_mod_add()
 *
 * @param		string	dn
 * @param		string	entry
 *
 */
function sf_ldap_mod_add($dn,$entry) {
	global $ldap_conn;
	return @ldap_mod_add($ldap_conn,$dn,$entry);
}

/**
 * sf_ldap_mod_del() - Wrapper for ldap_mod_del()
 *
 * @param		string	dn
 * @param		string	entry
 *
 */
function sf_ldap_mod_del($dn,$entry) {
	global $ldap_conn;
	return @ldap_mod_del($ldap_conn,$dn,$entry);
}

/**
 * sf_ldap_read() - Wrapper for ldap_read()
 *
 * @param		string	dn
 * @param		string	filter
 * @param		int		attrs
 *
 */
function sf_ldap_read($dn,$filter,$attrs=0) {
	global $ldap_conn;
	return @ldap_read($ldap_conn,$dn,$filter,$attrs);
}

/**
 * sf_ldap_error() - Wrapper for ldap_error()
 *
 * @see ldap_error()
 *
 */
function sf_ldap_error() {
	global $ldap_conn;
	return ldap_error($ldap_conn);
}

/**
 * sf_ldap_errno() - Wrapper for ldap_errno()
 *
 * @see ldap_errno()
 *
 */
function sf_ldap_errno() {
	global $ldap_conn;
	return ldap_errno($ldap_conn);
}

/**
 * sf_ldap_already_exists()
 */
function sf_ldap_already_exists() {
	global $ldap_conn;
	return ldap_errno($ldap_conn)==20;
}

/**
 * sf_ldap_does_not_exist()
 */
function sf_ldap_does_not_exist() {
	global $ldap_conn;
	return ldap_errno($ldap_conn)==16;
}

/*
 * User management functions
 */

/**
 * sf_ldap_check_user() - Check for the existence of a user
 * 
 * @param		int		The user ID of the user to check
 * @returns true on success/false on error
 *
 */
function sf_ldap_check_user($user_id) {
	$user =& user_get_object($user_id);
	if (!$user) {
		return false;
	}
	return sf_ldap_check_user_by_name($user->getUnixName());
}

/**
 * sf_ldap_check_user_by_name() - Check for a user by the username
 *
 * @param		string	The username 
 * @returns true on success/false on error
 *
 */
function sf_ldap_check_user_by_name($user_name) {
	global $ldap_conn;
	global $sys_ldap_base_dn;

	global $sys_use_ldap;
	if (!$sys_use_ldap) {
		return true;
	}

	if (!sf_ldap_connect()) {
		return false;
	}

	$dn = 'uid='.$user_name.',ou=People,'.$sys_ldap_base_dn;
	$res = sf_ldap_read($dn,"objectClass=*",array("uid"));
	if ($res) {
		ldap_free_result($res);
		return true;
	}

	return false;
}

/**
 * sf_ldap_create_user() - Create a user
 *
 * @param		int	The user ID of the user to create
 * @returns The return status of sf_ldap_create_user_from_object()
 *
 */
function sf_ldap_create_user($user_id) {
	$user = &user_get_object($user_id);
	return sf_ldap_create_user_from_object($user);
}

/**
 * sf_ldap_check_create_user() - Check that a user has been created
 *
 * @param		int		The ID of the user to check
 * @returns true on success/false on error
 *
 */
function sf_ldap_check_create_user($user_id) {
	global $sys_use_ldap;
	if (!$sys_use_ldap) {
		return true;
	}

	if (!sf_ldap_check_user($user_id)){
		$user = &user_get_object($user_id);
		return sf_ldap_create_user_from_object($user);
	}
	return true;
}

/**
 * sf_ldap_create_user_from_object() - Create a user from information contained within an object
 *
 * @param		object	The user object
 * @returns true on success/false on error
 *
 */
function sf_ldap_create_user_from_object(&$user) {
	global $sys_ldap_base_dn;
	global $UID_ADD;

	global $sys_use_ldap;
	if (!$sys_use_ldap) {
		return true;
	}

//echo "sf_ldap_create_user_from_object(".$user->getUnixName().")<br />";
	if (!sf_ldap_connect()) {
		return false;
	}
	$dn = 'uid='.$user->getUnixName().',ou=People,'.$sys_ldap_base_dn;
	$entry['objectClass'][0]='top';
	$entry['objectClass'][1]='account';
	$entry['objectClass'][2]='posixAccount';
	$entry['objectClass'][3]='shadowAccount';
	$entry['objectClass'][4]='debSfAccount';
	$entry['uid']=$user->getUnixName();
	$entry['cn']=asciize($user->getRealName());
	$entry['gecos']=asciize($user->getRealName());
	$entry['userPassword']='{crypt}'.$user->getUnixPasswd();
	$entry['homeDirectory'] = account_user_homedir($user->getUnixName());
	$entry['loginShell']=$user->getShell();
	$entry['debSfCvsShell']="/bin/cvssh"; // unless explicitly set otherwise, developer has write access
	$entry['debSfForwardEmail']=$user->getEmail();
	$entry['uidNumber']=$user->getUnixUID() + $UID_ADD;
	$entry['gidNumber']=$user->getUnixUID() + $UID_ADD; // users as in debian backend
	$entry['shadowLastChange']=1; // We don't have expiration, so any non-0
	$entry['shadowMax']=99999;
	$entry['shadowWarning']=7;

	if (!sf_ldap_add($dn,$entry)) {
		sf_ldap_set_error_msg("ERROR: cannot add LDAP user entry '".
			 $user->getUnixName()."': ".sf_ldap_error()."<br />");
		return false;
	}
	return true;
}

/**
 * sf_ldap_create_user_from_props() - Creates an LDAP user from
 *
 * @param		string	The username 
 * @param		string	????