ldap.users.class.inc

groupoffice

<?php
/**
 * @copyright Copyright &copy; Intermesh 2003
 * @version $Revision: 1.27 $ $Date: 2006/04/10 13:21:10 $
 * 
 * @author Markus Schabel <markus.schabel@tgm.ac.at>
 * @author Merijn Schering <mschering@intermesh.nl>

   This file is part of Group-Office.

   Group-Office is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   Group-Office is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with Group-Office; if not, write to the Free Software
   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 * @package Framework
 * @subpackage Usermanagement
 * @category Accounts
 */

/*
 * This file is currently using the profiles class. However, we are working on
 * it, so that these methods are merged into this class, so that we can drop
 * the profiles class.
 */
require_once($GO_CONFIG->class_path.'profiles.class.inc');

/*
 * This file is overriding some of the functions that are defined in the
 * base_users class. So we need to include this class.
 */
require_once($GO_CONFIG->class_path.'base/base.users.class.inc');

/**
 * Implementation of LDAP User-Management.
 * 
 * This class provides the full user-management functionality.
 * @todo add a better comment ;-)
 * 
 * @package Framework
 * @subpackage Usermanagement
 * @category Authentication
 * 
 * @access protected
 * 
 * @uses base_auth
 */
class ldap_users extends base_users {
	var $user_id;
	var $profile;
	var $userlist;
	var $userlist_index;
	
	/**
	 * This variable stores the SQL column to LDAP attribute mappings.
	 */
	var $mapping = null;

	/**
	 * Initialize database connection, bind to directory, load mappings.
	 * 
	 * This function initializes the SQL database connection, binds to the
	 * LDAP directory and loads the SQL column to LDAP attribute mappings
	 * from the 'users.ldap.mapping.inc' file.
	 * 
	 * @access public
	 */
	function ldap_users() {
		global $GO_CONFIG;
		$this->db();
		
		/*
		 * Include the SQL column / LDAP attribute mapping file and initialize
		 * the local mapping variable with the read variable.
		 */
		include_once( $GO_CONFIG->root_path.$GO_CONFIG->slash.'lib'.
			$GO_CONFIG->slash.'ldap'.$GO_CONFIG->slash.
			'users.ldap.mapping.inc' );
		$this->mapping = $users_ldap_mapping;

		/*
		 * TODO: Probably we could connect with our own ldap-uid and not as
		 * admin (or whatever is configured in GO as rootdn), so that we
		 * definitely can only see what we are allowed by LDAP access rights.
		 * So we cannot change attributes of other users.
		 * Probably administrator should bind with rootdn.
		 */
		//$this->ldap->bind($_SESSION['GO_SESSION']['user'], $_SESSION['GO_SESSION']['password']);
	}

  function get_search_fields() {
    $searchfields[] = array( 'name', "Name" );
    return $searchfields;
  }

  function search($query, $field, $user_id, $start=0, $offset=0) {
    global $GO_LDAP;
    $query = substr( $query, 1, strlen( $query ) - 2 );
    switch( $field )
    {
      default:
	case "name":
	  $filter="(&(cn=*".utf8_encode($query)."*)(mail=*))";
	break;
    }
    $GO_LDAP->search($filter, $GO_LDAP->PeopleDN );
    //, array( "uidNumber", "uid", "cn"));
    $GO_LDAP->sort( "sn" );
    $ldapentries = $GO_LDAP->num_entries();
    $entries = $GO_LDAP->get_entries();
    $profile = new profiles();
    for ( $i=0; $i<$entries["count"]; $i++ ) {
      $this->userlist[] = $profile->convert_profile_ldap( $entries[$i] );
    }

    $this->userlist_index = 0;
    return count($this->userlist);
  }

  function get_users($sort="name",$direction="ASC", $start=0, $offset=0) {
    global $GO_LDAP;
    $GO_LDAP->search("(&(uid=*)(mail=*))", $GO_LDAP->PeopleDN ); //, array( "uidNumber", "uid", "cn"));
    $GO_LDAP->sort( "sn" );
    $ldapentries = $GO_LDAP->num_entries();
    $entries = $GO_LDAP->get_entries();
    $profile = new profiles();
//  if ( $offset == 0 ) { $offset = $entries["count"]; }
//  for ( $i=$start; ( $i<$entries["count"] ) && ( $i<$start+$offset ); $i++ ) {
    for ( $i=0; $i<$entries["count"]; $i++ ) {
      $this->userlist[] = $profile->convert_profile_ldap( $entries[$i] );
    }

//  sort( $this->userlist );
    $this->userlist_index = 0;
    return $entries["count"];
  }

  // TODO
  function get_authorized_users($user_id, $sort="name",$direction="ASC") {
    if ($sort == 'users.name' || $sort=='name') {
      $sort = 'users.first_name AND users.last_name';
    }
    $sql = "SELECT DISTINCT users.* FROM users, users_groups INNER JOIN acl ON users.acl_id= acl.acl_id WHERE ".
      "((acl.group_id = users_groups.group_id AND users_groups.user_id = ".$user_id.") OR (".
      "acl.user_id = ".$user_id." )) ORDER BY ".$sort." ".$direction;

    $this->query($sql);
    return $this->num_rows();
  }

  function next_record() {
    if ( count( $this->userlist ) > $this->userlist_index ) {
      $this->Record = $this->userlist[$this->userlist_index++];
      return $this->Record;
    } else {
      return false;
    }
  }

  /*function get_user_id_by_email($email) {
    global $GO_LDAP;
    // I'm not sure if we really need this, because each LDAP user should be in
    // SQL too. But in LDAP you have the possibility to specify more than one
    // email address.
    $GO_LDAP->search("mail=$email", $GO_LDAP->PeopleDN);
    if ( $GO_LDAP->num_entries() > 0 ) {
      $GO_LDAP->next_entry();
      return $GO_LDAP->first_value("uidnumber");
    }
    return false;
  }
*/
  function check_password($password) {
    global $GO_LDAP;
    // rebinding is not an optimal solution. hints for doing better are welcome...
    $ok = false;
    if ($GO_LDAP->bind("uid=".$_SESSION['GO_SESSION']['user_id'].",".$GO_LDAP->PeopleDN, $password)) {
      $ok = true;
    }
    $GO_LDAP->bind();
    return $ok;
  }

  function update_profile($user_id, $first_name, $middle_name, $last_name,
      $initials, $title, $sex, $birthday, $email,
      $work_phone, $home_phone, $fax, $cellular,
      $country, $state, $city, $zip, $address, $company,
      $work_country, $work_state, $work_city, $work_zip,
      $work_address, $work_fax, $homepage, $department,
      $function) {
    global $GO_LDAP;
    $middle_name = trim($middle_name);

    $GO_LDAP->search("uidNumber=".$_SESSION['GO_SESSION']['user_id'], $GO_LDAP->PeopleDN);
    if ($GO_LDAP->num_entries() > 0) {
      $GO_LDAP->next_entry();
      // TODO: update ldap attributes if we are able to write. This needs
      // to be intelligent code because LDAP structure is mostly different.

      // Update session if update was ok.
/*    if ($user_id == $_SESSION['GO_SESSION']['user_id']) {
	$middle_name = $middle_name == '' ? '' : $middle_name.' ';
	$_SESSION['GO_SESSION']['name']  = $first_name.' '.$middle_name.$last_name;
	$_SESSION['GO_SESSION']['first_name']  = $first_name;
	$_SESSION['GO_SESSION']['middle_name']  = $middle_name;
	$_SESSION['GO_SESSION']['last_name']  = $last_name;
	$_SESSION['GO_SESSION']['email'] = $email;
      }*/
      // If the update was ok, then we can return true.
      // return true;
    }
    return false;
  }

  function update_password($user_id, $password) {
    global $GO_CONFIG;
    if($profile = $this->get_user($user_id)) {
      // If we were able to find the user, we can change his password.
    }
    return false;
  }

	/**
	 * This function returns all userdata based on the email address.
	 * 
	 * @access public
	 * 
	 * @param string $mail
	 * 
	 * @return array The user profile
	 */
	function get_user_by_email( $email ) {
		return get_user_by_search( 'mail='.$email );
	}

	/**
	 * This function returns all userdata based on the uidNumber.
	 * 
	 * @access public
	 * 
	 * @param string $uidNumber
	 * 
	 * @return array The user profile
	 */
	function get_user( $uidNumber ) {
		return get_user_by_search( 'uidNumber='.$uidNumber );
	}

	/**
	 * This function returns all userdata based on the user's name.
	 * 
	 * @access public
	 * 
	 * @param string $username
	 * 
	 * @return array The user profile
	 */
	function get_user_by_username( $username ) {
		return get_user_by_search( 'uid='.$username );
	}

	/**
	 * This function returns all userdata based on a valid LDAP search filter.
	 * 
	 * Since there are some functions, that fetch a user from the directory,
	 * but use different searches, we've moved this functionality to a new
	 * function. This function needs a valid LDAP search filter, and retrieves
	 * the user that matches this filter - if, and only if there is only one
	 * user that matches.
	 * 
	 * @access private
	 * 
	 * @param string $filter is the search filter used to fetch the entry.
	 * 
	 * @return array The user profile
	 */
	function get_user_by_search( $search ) {
		// For accessing an LDAP directory, we need the LDAP functions, which
		// are defined inside the global $GO_LDAP object.
		global $GO_LDAP;

		// Search for the user inside the DN where the accounts are stored.
		$GO_LDAP->search( $search, $GO_LDAP->People_DN );

		// Check how many entries we got from this search. If we got more or
		// less than one entry, there's something wrong, because we cannot
		// identify the user.
		if ( $GO_LDAP->num_entries() != 1) {
			$this->Record = null;
			return null;
		}

		// Fetch the entry from the directory.
		$entry = $GO_LDAP->get_entries();

		// Take the entry and convert it to a SQL-Style row.
		$this->Record = convertEntryToRecord( $entry[0] );

		// Return the converted entry.
		return $this->Record;
	}

  function email_exists($email) {