ldap.php

GForge 3.0 协作开发平台 支持CVS, mailing lists, bug tracking, message boards/forums, task management, perman

 * @param		string	The encrypted password
 * @returns true on success/false on error
 *
 */
function sf_ldap_create_user_from_props($username, $cn, $crypt_pw,
					$shell, $cvsshell, $uid, $gid, $email) {
	global $sys_ldap_base_dn;

	global $sys_use_ldap;
	if (!$sys_use_ldap) {
		return true;
	}

	if (!sf_ldap_connect()) {
		return false;
	}
	$dn = 'uid='.$username.',ou=People,'.$sys_ldap_base_dn;
	$entry['objectClass'][0]='top';
	$entry['objectClass'][1]='account';
	$entry['objectClass'][2]='posixAccount';
	$entry['objectClass'][3]='shadowAccount';
	$entry['objectClass'][4]='debSfAccount';
	$entry['uid']=$username;
	$entry['cn']=asciize($cn);
	$entry['gecos']=asciize($cn);
	$entry['userPassword']='{crypt}'.$crypt_pw;
	$entry['homeDirectory'] = account_user_homedir($username);
	$entry['loginShell']=$shell;
	$entry['debSfCvsShell']=$cvsshell; 
	$entry['debSfForwardEmail']=$email;
	$entry['uidNumber']=$uid;
	$entry['gidNumber']=$gid;
	$entry['shadowLastChange']=1;
	$entry['shadowMax']=99999;
	$entry['shadowWarning']=7;

	if (!sf_ldap_add($dn,$entry)) {
		sf_ldap_set_error_msg("ERROR: cannot add LDAP user entry '".
			 $username."': ".sf_ldap_error()."<br />");
		return false;
	}
	return true;
}

/**
 * sf_ldap_remove_user() - Remove an LDAP user
 *
 * @param		int		The user ID of the user to remove
 * @returns true on success/false on failure
 *
 */
function sf_ldap_remove_user($user_id) {
	global $sys_ldap_base_dn;

	global $sys_use_ldap;
	if (!$sys_use_ldap) {
		return true;
	}

	$user = &user_get_object($user_id);
	if (!sf_ldap_connect()) {
		return false;
	}
	$dn = 'uid='.$user->getUnixName().',ou=People,'.$sys_ldap_base_dn;

	if (!sf_ldap_delete($dn)) {
	    sf_ldap_set_error_msg("ERROR: cannot delete LDAP user entry '".
			 $user->getUnixName()."': ".sf_ldap_error()."<br />");
	    return false;
	}
	return true;
}

/**
 * sf_ldap_user_set_attribute() - Set an attribute for a user
 *
 * @param		int		The user ID 
 * @param		string	The attribute to set
 * @param		string	The new value of the attribute
 * @returns true on success/false on error
 *
 */
function sf_ldap_user_set_attribute($user_id,$attr,$value) {
	global $sys_ldap_base_dn;

	global $sys_use_ldap;
	if (!$sys_use_ldap) {
		return true;
	}

	$user = &user_get_object($user_id);
//echo "sf_ldap_user_set_attribute(".$user->getUnixName().",".$attr.",".$value.")<br />";
	if (!sf_ldap_connect()) {
		return false;
	}
	$dn = 'uid='.$user->getUnixName().',ou=People,'.$sys_ldap_base_dn;
	$entry[$attr]=$value;

	if (!sf_ldap_modify_if_exists($dn, $entry)) {
	    sf_ldap_set_error_msg("ERROR: cannot change LDAP attribute '$attr' for user '".
			 $user->getUnixName()."': ".sf_ldap_error()."<br />");
	    return false;
	}
	return true;
}

/*
 * Group management functions
 */

/**
 * sf_ldap_check_group() - Check for the existence of a group
 * 
 * @param		int		The ID of the group to check
 * @returns true on success/false on error
 *
 */
function sf_ldap_check_group($group_id) {
	global $ldap_conn;
	global $sys_ldap_base_dn;

	global $sys_use_ldap;
	if (!$sys_use_ldap) {
		return true;
	}

	$group = &group_get_object($group_id);
	if (!$group) {
		sf_ldap_set_error_msg("ERROR: Cannot find group [$group_id]<br />");
		return false;
	}
	if (!sf_ldap_connect()) {
		return false;
	}
	$dn = 'cn='.$group->getUnixName().',ou=Group,'.$sys_ldap_base_dn;
	$res=sf_ldap_read($dn, "objectClass=*", array("cn"));
	if ($res) {
		ldap_free_result($res);
		return true;
	}
	return false;
}

/**
 * sf_ldap_create_group() - Create a group
 * 
 * @param		int		The ID of the group to create
 * @returns true on success/false on error
 *
 */
function sf_ldap_create_group($group_id) {
	global $sys_ldap_base_dn;
	global $GID_ADD;
	global $ANONCVS_UID_ADD;

	global $sys_use_ldap;
	if (!$sys_use_ldap) {
		return true;
	}

	$group = &group_get_object($group_id);
	if (!sf_ldap_connect()) {
		return false;
	}
	$dn = 'cn='.$group->getUnixName().',ou=Group,'.$sys_ldap_base_dn;
	$entry['objectClass'][0]='top';
	$entry['objectClass'][1]='posixGroup';
	$entry['cn']=$group->getUnixName();
	$entry['userPassword']='{crypt}x';
	$entry['gidNumber']=$group->getID() + $GID_ADD;

	$i=0; $i_cvs=0;

	$ret_val=true;
	
	if (!sf_ldap_add($dn,$entry)) {
	    sf_ldap_set_error_msg("ERROR: cannot add LDAP group entry '".
			 $group->getUnixName()."': ".sf_ldap_error()."<br />");
	    // If there's error, that's bad. But don't stop.
	    $ret_val=false;
	}

	//
	//	Now create CVS group
	//

	// Add virtual anoncvs user to CVS group
	$cvs_member_list[$i_cvs++] = 'anoncvs_'.$group->getUnixName();

	$dn = 'cn='.$group->getUnixName().',ou=cvsGroup,'.$sys_ldap_base_dn;

	if ($cvs_member_list) {
		$entry['memberUid']=$cvs_member_list;
	} else {
		unset($entry['memberUid']);
	}

	if (!sf_ldap_add($dn,$entry)) {
		sf_ldap_set_error_msg("ERROR: cannot add LDAP CVS group entry '"
			 .$group->getUnixName()."': ".sf_ldap_error()."<br />");
		$ret_val=false;
	}

	//
	// Finally, setup AnonCVS virtual user
	//

        if (!sf_ldap_check_user_by_name('anoncvs_'.$group->getUnixName())
	    && !sf_ldap_create_user_from_props('anoncvs_'.$group->getUnixName(),
						'anoncvs', 'x',
						'/bin/false', '/bin/false',
						$group_id+$GID_ADD+$ANONCVS_UID_ADD,
						$group_id+$GID_ADD, "/dev/null")) {
		sf_ldap_set_error_msg("ERROR: cannot add LDAP AnonCVS user entry '"
			 .$group->getUnixName()."': ".sf_ldap_error()."<br />");
		$ret_val=false;
	}

	return $ret_val;
}

/**
 * sf_ldap_remove_group() - Remove a group
 * 
 * @param		int		The ID of the group to remove
 * @returns true on success/false on error
 *
 */
function sf_ldap_remove_group($group_id) {
	global $sys_ldap_base_dn;

	global $sys_use_ldap;
	if (!$sys_use_ldap) {
		return true;
	}

	$group = &group_get_object($group_id);
	if (!sf_ldap_connect()) {
		return false;
	}

	//
	//	Remove shell LDAP group
	//
	$ret_val=true;
	
	$dn = 'cn='.$group->getUnixName().',ou=Group,'.$sys_ldap_base_dn;

	if (!sf_ldap_delete($dn)) {
	    sf_ldap_set_error_msg("ERROR: cannot delete LDAP group entry '".
			 $group->getUnixName()."': ".sf_ldap_error()."<br />");
	    $ret_val = false;
	}

	//
	//	Remove CVS LDAP group
	//

	$dn = 'cn='.$group->getUnixName().',ou=cvsGroup,'.$sys_ldap_base_dn;

	if (!sf_ldap_delete($dn)) {
	    sf_ldap_set_error_msg("ERROR: cannot delete LDAP CVS group entry '".
			 $group->getUnixName()."': ".sf_ldap_error()."<br />");
	    $ret_val = false;
	}

	//
	//	Remove AnonCVS virtual user
	//

	$dn = 'uid=anoncvs_'.$group->getUnixName().',ou=People,'.$sys_ldap_base_dn;
	if (!sf_ldap_delete($dn)) {
	    sf_ldap_set_error_msg("ERROR: cannot delete LDAP AnonCVS user entry '".
			 $group->getUnixName()."': ".sf_ldap_error()."<br />");
	    $ret_val = false;
	}

	return $ret_val;
}

/**
 * sf_ldap_group_add_user() - Add a user to an LDAP group
 *
 * @param		int		The ID of the group two which the user will be added
 * @param		int		The ID of the user to add
 * @param		bool	Only add this user to CVS
 * @returns true on success/false on error
 *
 */
function sf_ldap_group_add_user($group_id,$user_id,$cvs_only=0) {
	global $ldap_conn;
	global $sys_ldap_base_dn;

	global $sys_use_ldap;
	if (!$sys_use_ldap) {
		return true;
	}

	$group = &group_get_object($group_id);
	$user  = &user_get_object($user_id);
	if (!sf_ldap_connect()) {
		return false;
	}
	$dn = 'cn='.$group->getUnixName().',ou=Group,'.$sys_ldap_base_dn;
	$cvs_dn = 'cn='.$group->getUnixName().',ou=cvsGroup,'.$sys_ldap_base_dn;
	$entry['memberUid'] = $user->getUnixName();
	
	//
	//	Check if user already a member of CVS group
	//

	$res=sf_ldap_read($cvs_dn,"memberUid=".$user->getUnixName(),array("cn"));
	if ($res && ldap_count_entries($ldap_conn,$res)>0) {
		//echo "already a member of CVS<br />";
	} else {
		//
		//	No, add one
		//

		if (!sf_ldap_mod_add($cvs_dn,$entry)) {
			sf_ldap_set_error_msg("ERROR: cannot add member to LDAP CVS group entry '".
			 $group->getUnixName()."': ".sf_ldap_error()."<br />");
			return false;
		}
	}

	ldap_free_result($res);
	
	if ($cvs_only) {
		return true;
	}
	
	//
	//	Check if user already a member of shell group
	//
	$res = sf_ldap_read($dn, "memberUid=".$user->getUnixName(), array("cn"));

	if ($res && ldap_count_entries($ldap_conn,$res)>0) {
		//echo "already a member<br />";
	} else {
		//
		//	No, add one
		//

		if (!sf_ldap_mod_add($dn,$entry)) {
			sf_ldap_set_error_msg("ERROR: cannot add member to LDAP group entry '".
			 $group->getUnixName()."': ".sf_ldap_error()."<br />");
			return false;
		}
	}

	ldap_free_result($res);

	return true;
}

/**
 * sf_ldap_group_remove_user() - Remove a user from an LDAP group
 *
 * @param		int		The ID of the group from which to remove the user
 * @param		int		The ID of the user to remove
 * @param		bool	Only remove user from CVS group
 * @returns true on success/false on error
 *
 */
function sf_ldap_group_remove_user($group_id,$user_id,$cvs_only=0) {
	global $sys_ldap_base_dn;

	global $sys_use_ldap;
	if (!$sys_use_ldap) {
		return true;
	}

	$group = &group_get_object($group_id);
	$user  = &user_get_object($user_id);
	if (!sf_ldap_connect()) {
		return false;
	}

	$dn = 'cn='.$group->getUnixName().',ou=Group,'.$sys_ldap_base_dn;
	$cvs_dn = 'cn='.$group->getUnixName().',ou=cvsGroup,'.$sys_ldap_base_dn;
	$entry['memberUid'] = $user->getUnixName();

	$ret_val=true;

	if (!sf_ldap_mod_del($cvs_dn,$entry) && !sf_ldap_does_not_exist()) {
		sf_ldap_set_error_msg("ERROR: cannot remove member from LDAP CVS group entry '".
			 $group->getUnixName()."': ".sf_ldap_error()."(".sf_ldap_errno().")"."<br />");
		$ret_val=false;
	}
	
	if ($cvs_only) {
		return $ret_val;
	}

	if (!sf_ldap_mod_del($dn,$entry) && !sf_ldap_does_not_exist()) {
		sf_ldap_set_error_msg("ERROR: cannot remove member from LDAP group entry '".
			 $group->getUnixName()."': ".sf_ldap_error()."(".sf_ldap_errno().")"."<br />");
		$ret_val=false;
	}
	
	return $ret_val;
}

?>