File indexing completed on 2025-02-09 07:14:37
0001 <?php 0002 0003 /** 0004 * ocs-webserver 0005 * 0006 * Copyright 2016 by pling GmbH. 0007 * 0008 * This file is part of ocs-webserver. 0009 * 0010 * This program is free software: you can redistribute it and/or modify 0011 * it under the terms of the GNU Affero General Public License as 0012 * published by the Free Software Foundation, either version 3 of the 0013 * License, or (at your option) any later version. 0014 * 0015 * This program is distributed in the hope that it will be useful, 0016 * but WITHOUT ANY WARRANTY; without even the implied warranty of 0017 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 0018 * GNU Affero General Public License for more details. 0019 * 0020 * You should have received a copy of the GNU Affero General Public License 0021 * along with this program. If not, see <http://www.gnu.org/licenses/>. 0022 * 0023 * Created: 01.08.2018 0024 */ 0025 class Default_Model_Ocs_Ldap 0026 { 0027 const JPEG_PHOTO = 'jpegPhoto'; 0028 const LDAP_SUCCESS = '(Success)'; 0029 const USER_PASSWORD = 'userPassword'; 0030 0031 /** @var string */ 0032 protected $baseDnUser; 0033 /** @var Zend_Config */ 0034 protected $config; 0035 protected $messages; 0036 protected $errCode; 0037 protected $baseDnGroup; 0038 /** @var Zend_Ldap */ 0039 protected $identGroupServer; 0040 /** @var Zend_Ldap */ 0041 private $ldap; 0042 0043 /** 0044 * @inheritDoc 0045 */ 0046 public function __construct($config = null) 0047 { 0048 if (isset($config)) { 0049 $this->config = $config; 0050 } else { 0051 $this->config = Zend_Registry::get('config')->settings->server->ldap; 0052 } 0053 $this->baseDnUser = $this->config->baseDn; 0054 $this->baseDnGroup = $this->config->baseGroupDn; 0055 $this->messages = array(); 0056 $this->errCode = 0; 0057 } 0058 0059 /** 0060 * @return string 0061 * @throws Zend_Exception 0062 */ 0063 public static function getBaseDn() 0064 { 0065 try { 0066 return Zend_Registry::get('config')->settings->server->ldap->baseDn; 0067 } catch (Zend_Exception $e) { 0068 Zend_Registry::get('logger')->err($e->getMessage()); 0069 } 0070 0071 return ''; 0072 } 0073 0074 /** 0075 * @param string $ouName 0076 * @return array 0077 */ 0078 public function createEntryOrgUnit($ouName) 0079 { 0080 $entry = array(); 0081 Zend_Ldap_Attribute::setAttribute($entry, 'objectClass', 'top'); 0082 Zend_Ldap_Attribute::setAttribute($entry, 'objectClass', 'organizationalUnit', true); 0083 Zend_Ldap_Attribute::setAttribute($entry, 'ou', $ouName); 0084 0085 return $entry; 0086 } 0087 0088 /** 0089 * @param array $entry 0090 * @param string $ouName 0091 * @return string return DN for the new org unit 0092 * @throws Zend_Exception 0093 */ 0094 public function addOrgUnit(array $entry, $ouName) 0095 { 0096 $rootDn = Zend_Registry::get('config')->settings->server->ldap_ext->rootDn; 0097 $dn = "ou={$ouName},{$rootDn}"; 0098 0099 $this->addEntry($entry, $dn); 0100 0101 return $dn; 0102 } 0103 0104 public function addEntry(array $entry, $dn) 0105 { 0106 $this->getConnectionUser()->add($dn, $entry); 0107 $this->messages[] = __METHOD__ . ' = ' . $this->getConnectionUser()->getLastError(); 0108 } 0109 0110 /** 0111 * @return null|Zend_Ldap 0112 * @throws Zend_Ldap_Exception 0113 */ 0114 private function getConnectionUser() 0115 { 0116 if (false === empty($this->ldap)) { 0117 return $this->ldap; 0118 } 0119 $this->ldap = new Zend_Ldap($this->config); 0120 $this->ldap->bind(); 0121 0122 return $this->ldap; 0123 } 0124 0125 /** 0126 * @param int $member_id 0127 * 0128 * @return bool 0129 * @throws Zend_Exception 0130 * @throws Zend_Ldap_Exception 0131 */ 0132 public function updateMail($member_id) 0133 { 0134 $connection = $this->getConnectionUser(); 0135 $member_data = $this->getMemberData($member_id); 0136 0137 try { 0138 $entry = $this->getLdapUser($member_data); 0139 } catch (Exception $e) { 0140 $this->messages[] = "Failed."; 0141 Zend_Registry::get('logger')->err(__METHOD__ . ' - ' . $e->getMessage()); 0142 0143 return false; 0144 } 0145 if (empty($entry)) { 0146 $this->messages[] = "Failed."; 0147 Zend_Registry::get('logger')->err(__METHOD__ . ' - ldap entry for member does not exists. Going to create it.'); 0148 0149 return false; 0150 } 0151 0152 $email = $this->lowerString($member_data['email_address']); 0153 $oldUidAttribute = Zend_Ldap_Attribute::getAttribute($entry, 'email'); 0154 Zend_Ldap_Attribute::removeFromAttribute($entry, 'uid', $oldUidAttribute); 0155 Zend_Ldap_Attribute::removeFromAttribute($entry, 'email', $oldUidAttribute); 0156 Zend_Ldap_Attribute::setAttribute($entry, 'email', $member_data['email_address']); 0157 Zend_Ldap_Attribute::setAttribute($entry, 'uid', $email, true); 0158 $dn = $entry['dn']; 0159 $connection->update($dn, $entry); 0160 $connection->getLastError($this->errCode, $this->messages); 0161 0162 return true; 0163 } 0164 0165 /** 0166 * @param int $member_id 0167 * 0168 * @param bool $onlyActive 0169 * @return array 0170 * @throws Default_Model_Ocs_Exception 0171 */ 0172 private function getMemberData($member_id, $onlyActive = true) 0173 { 0174 0175 $onlyActiveFilter = ''; 0176 if ($onlyActive) { 0177 $onlyActiveFilter = 0178 " AND `m`.`is_active` = 1 AND `m`.`is_deleted` = 0 AND `me`.`email_checked` IS NOT NULL AND `me`.`email_deleted` = 0"; 0179 } 0180 $sql = " 0181 SELECT `mei`.`external_id`,`m`.`member_id`, `m`.`username`, `me`.`email_address`, `m`.`password`, `m`.`roleId`, `m`.`firstname`, `m`.`lastname`, `m`.`profile_image_url`, `m`.`created_at`, `m`.`changed_at`, `m`.`source_id` 0182 FROM `member` AS `m` 0183 LEFT JOIN `member_email` AS `me` ON `me`.`email_member_id` = `m`.`member_id` AND `me`.`email_primary` = 1 0184 LEFT JOIN `member_external_id` AS `mei` ON `mei`.`member_id` = `m`.`member_id` 0185 WHERE `m`.`member_id` = :memberId {$onlyActiveFilter} 0186 ORDER BY `m`.`member_id` DESC 0187 "; 0188 0189 $result = Zend_Db_Table::getDefaultAdapter()->fetchRow($sql, array('memberId' => $member_id)); 0190 if (count($result) == 0) { 0191 throw new Default_Model_Ocs_Exception('member with id ' . $member_id . ' could not found.'); 0192 } 0193 0194 return $result; 0195 } 0196 0197 /** 0198 * @param array $member_data 0199 * 0200 * @return array 0201 * @throws Default_Model_Ocs_Exception 0202 * @throws Zend_Exception 0203 */ 0204 public function getLdapUser(array $member_data) 0205 { 0206 if (empty($member_data)) { 0207 throw new Default_Model_Ocs_Exception('given member_data empty'); 0208 } 0209 0210 $entry = array(); 0211 0212 try { 0213 $entry = $this->getLdapUserByMemberId($member_data['member_id']); 0214 0215 if ($entry) { 0216 return $entry; 0217 } 0218 0219 $entry = $this->getLdapUserByUsername($member_data['username']); 0220 } catch (Exception $e) { 0221 Zend_Registry::get('logger')->err($e->getMessage()); 0222 } 0223 0224 return $entry; 0225 } 0226 0227 /** 0228 * @param int $member_id 0229 * @return array 0230 * @throws Default_Model_Ocs_Exception 0231 * @throws Zend_Ldap_Exception 0232 */ 0233 public function getLdapUserByMemberId($member_id) 0234 { 0235 $ldap_connection = $this->getConnectionUser(); 0236 0237 $filter = "(&(uidNumber={$member_id})(objectClass=account))"; 0238 $entries = $ldap_connection->searchEntries($filter, $this->baseDnUser); 0239 0240 if (empty($entries)) { 0241 return array(); 0242 } 0243 0244 if (count($entries) > 1) { 0245 throw new Default_Model_Ocs_Exception('found member_id more than once. member_id: ' . $member_id); 0246 } 0247 0248 return $entries[0]; 0249 } 0250 0251 /** 0252 * @param string $username 0253 * 0254 * @return array 0255 * @throws Zend_Ldap_Exception 0256 */ 0257 public function getLdapUserByUsername($username) 0258 { 0259 $username = $this->lowerString($username); 0260 $ldap_connection = $this->getConnectionUser(); 0261 $entry = $ldap_connection->getEntry("cn={$username},{$this->baseDnUser}"); 0262 0263 return $entry; 0264 } 0265 0266 /** 0267 * @param $string 0268 * @return string 0269 */ 0270 private function lowerString($string) 0271 { 0272 $enc = mb_detect_encoding($string) ? mb_detect_encoding($string) : 'UTF-8'; 0273 $string = mb_strtolower($string, $enc); 0274 0275 return $string; 0276 } 0277 0278 /** 0279 * @param int $member_id 0280 * 0281 * @param string|null $password 0282 * @return bool 0283 * @throws Zend_Exception 0284 * @throws Zend_Ldap_Exception 0285 */ 0286 public function updatePassword($member_id, $password = null) 0287 { 0288 $connection = $this->getConnectionUser(); 0289 $member_data = $this->getMemberData($member_id); 0290 try { 0291 $entry = $this->getLdapUser($member_data); 0292 } catch (Exception $e) { 0293 $this->messages[] = "Failed."; 0294 Zend_Registry::get('logger')->err(__METHOD__ . ' - ' . $e->getMessage()); 0295 0296 return false; 0297 } 0298 0299 if (empty($entry)) { 0300 $this->messages[] = "Failed."; 0301 Zend_Registry::get('logger')->err(__METHOD__ . ' - ldap entry for member does not exists. member_id:' . $member_id); 0302 0303 return false; 0304 } 0305 Zend_Ldap_Attribute::removeFromAttribute($entry, self::USER_PASSWORD, 0306 Zend_Ldap_Attribute::getAttribute($entry, self::USER_PASSWORD)); 0307 if (isset($password)) { 0308 $hash = Local_Auth_Adapter_Ocs::getEncryptedLdapPass($password); 0309 } else { 0310 $hash = '{MD5}' . base64_encode(pack("H*", $member_data['password'])); 0311 } 0312 Zend_Ldap_Attribute::setAttribute($entry, self::USER_PASSWORD, $hash); 0313 0314 $connection->update($entry['dn'], $entry); 0315 $connection->getLastError($this->errCode, $this->messages); 0316 0317 return true; 0318 } 0319 0320 /** 0321 * @param int $member_id 0322 * 0323 * @return bool 0324 * @throws ImagickException 0325 * @throws Zend_Exception 0326 * @throws Zend_Ldap_Exception 0327 */ 0328 public function createUser($member_id) 0329 { 0330 $connection = $this->getConnectionUser(); 0331 $member_data = $this->getMemberData($member_id); 0332 0333 //Only create, if user do not exisits 0334 try { 0335 $entry = $this->getLdapUser($member_data); 0336 } catch (Exception $e) { 0337 $this->messages[] = "Failed."; 0338 Zend_Registry::get('logger')->err(__METHOD__ . ' - ' . $e->getMessage()); 0339 0340 return false; 0341 } 0342 if (false === empty($entry)) { 0343 $this->messages[] = __METHOD__ . ' = ' . "user already exists."; 0344 Zend_Registry::get('logger')->err(__METHOD__ . ' - ldap entry for member does not exists. Going to create it.'); 0345 0346 return false; 0347 } 0348 0349 $entry = $this->createEntryForUser($member_data); 0350 $dn = $this->getDnForUser($member_data['username']); 0351 $connection->add($dn, $entry); 0352 $connection->getLastError($this->errCode, $this->messages); 0353 0354 return true; 0355 } 0356 0357 /** 0358 * @param array $member 0359 * 0360 * @return array 0361 * @throws Zend_Exception 0362 */ 0363 public function createEntryForUser(array $member) 0364 { 0365 $username = $this->lowerString($member['username']); 0366 $password = $this->createPasswordFromHash($member['password']); 0367 $mail_address = $this->lowerString($member['email_address']); 0368 $jpegPhoto = $this->createJpegPhoto($member['member_id'], $member['profile_image_url']); 0369 0370 $entry = array(); 0371 Zend_Ldap_Attribute::setAttribute($entry, 'objectClass', 'top'); 0372 Zend_Ldap_Attribute::setAttribute($entry, 'objectClass', 'account', true); 0373 Zend_Ldap_Attribute::setAttribute($entry, 'objectClass', 'extensibleObject', true); 0374 Zend_Ldap_Attribute::setAttribute($entry, 'uid', $username); 0375 Zend_Ldap_Attribute::setAttribute($entry, 'uid', $mail_address, true); 0376 Zend_Ldap_Attribute::removeDuplicatesFromAttribute($entry, 'uid'); 0377 Zend_Ldap_Attribute::setAttribute($entry, self::USER_PASSWORD, $password); 0378 Zend_Ldap_Attribute::setAttribute($entry, 'cn', $username); 0379 Zend_Ldap_Attribute::setAttribute($entry, 'email', $member['email_address']); 0380 Zend_Ldap_Attribute::setAttribute($entry, 'uidNumber', $member['member_id']); 0381 Zend_Ldap_Attribute::setAttribute($entry, 'gidNumber', $member['roleId']); 0382 Zend_Ldap_Attribute::setAttribute($entry, 'memberUid', $member['external_id']); 0383 if (false === empty(trim($member['firstname']))) { 0384 Zend_Ldap_Attribute::setAttribute($entry, 'gn', $member['firstname']); 0385 } 0386 if (false === empty(trim($member['lastname']))) { 0387 Zend_Ldap_Attribute::setAttribute($entry, 'sn', $member['lastname']); 0388 } 0389 0390 Zend_Ldap_Attribute::setAttribute($entry, self::JPEG_PHOTO, $jpegPhoto); 0391 0392 return $entry; 0393 } 0394 0395 /** 0396 * @param int $member_id 0397 * @param string $profile_image_url 0398 * 0399 * @return bool|string 0400 * @throws Zend_Exception 0401 */ 0402 public function createJpegPhoto($member_id, $profile_image_url) 0403 { 0404 $imgTempPath = APPLICATION_DATA . '/uploads/tmp/' . $member_id . "_avatar.jpg"; 0405 $helperImagePath = new Default_View_Helper_Image(); 0406 $urlImage = $helperImagePath->Image($profile_image_url); 0407 0408 try { 0409 $im = new imagick($urlImage); 0410 $layer_method = imagick::LAYERMETHOD_FLATTEN; 0411 $im = $im->mergeImageLayers($layer_method); 0412 } catch (ImagickException $e) { 0413 Zend_Registry::get('logger')->err(__METHOD__ . ' - error during converting avatar image. ' . $e->getMessage() . " ({$member_id};{$profile_image_url})"); 0414 0415 return false; 0416 } 0417 0418 // convert to jpeg 0419 $im->setImageFormat('jpeg'); 0420 //write image on server 0421 $im->writeImage($imgTempPath); 0422 $blob = $im->getImageBlob(); 0423 $im->clear(); 0424 $im->destroy(); 0425 0426 $avatarBase64 = file_get_contents($imgTempPath); 0427 0428 unlink($imgTempPath); 0429 0430 return $avatarBase64; 0431 } 0432 0433 /** 0434 * @param string $user_name 0435 * @param string|null $baseDn 0436 * @param bool $lowerCase 0437 0438 * @return string 0439 */ 0440 public function getDnForUser($user_name, $baseDn = null, $lowerCase = true) 0441 { 0442 if (empty($baseDn)) { 0443 $baseDn = $this->baseDnUser; 0444 } 0445 $username = $lowerCase ? $this->lowerString($user_name) : $user_name; 0446 $dn = "cn={$username},{$baseDn}"; 0447 0448 return $dn; 0449 } 0450 0451 /** 0452 * @param int $member_id 0453 * @param string $profile_image_url 0454 * 0455 * @return bool 0456 * @throws Zend_Exception 0457 * @throws Zend_Ldap_Exception 0458 */ 0459 public function updateAvatar($member_id, $profile_image_url) 0460 { 0461 $jpegPhoto = $this->createJpegPhoto($member_id, $profile_image_url); 0462 0463 try { 0464 $entry = $this->getLdapUserByMemberId($member_id); 0465 } catch (Exception $e) { 0466 $this->messages[] = "Failed."; 0467 Zend_Registry::get('logger')->err(__METHOD__ . ' - ' . $e->getMessage()); 0468 0469 return false; 0470 } 0471 if (empty($entry)) { 0472 $this->messages[] = "Failed."; 0473 Zend_Registry::get('logger')->err(__METHOD__ . ' - ldap entry for member does not exists.'); 0474 0475 return false; 0476 } 0477 0478 $entry = $this->updateLdapAttrib($entry, $jpegPhoto, self::JPEG_PHOTO); 0479 0480 $this->updateLdapEntry($entry); 0481 0482 return true; 0483 } 0484 0485 /** 0486 * @param array $entry 0487 * @param string $attribValue 0488 * @param string $attribName 0489 * 0490 * @return array 0491 */ 0492 public function updateLdapAttrib(array $entry, $attribValue, $attribName) 0493 { 0494 Zend_Ldap_Attribute::removeFromAttribute($entry, $attribName, 0495 Zend_Ldap_Attribute::getAttribute($entry, $attribName)); 0496 0497 Zend_Ldap_Attribute::setAttribute($entry, $attribName, $attribValue); 0498 0499 return $entry; 0500 } 0501 0502 /** 0503 * @param array $entry 0504 * @throws Zend_Ldap_Exception 0505 */ 0506 public function updateLdapEntry(array $entry) 0507 { 0508 $dn = $entry['dn']; 0509 $this->getConnectionUser()->update($dn, $entry); 0510 $this->messages[] = __METHOD__ . ' = ' . $this->getConnectionUser()->getLastError(); 0511 } 0512 0513 /** 0514 * @param int $member_id 0515 * 0516 * @return bool 0517 * @throws Zend_Exception 0518 * @throws Zend_Ldap_Exception 0519 */ 0520 public function deleteUser($member_id) 0521 { 0522 if (empty($member_id)) { 0523 return false; 0524 } 0525 $connection = $this->getConnectionUser(); 0526 try { 0527 $entry = $this->getLdapUserByMemberId($member_id); 0528 } catch (Exception $e) { 0529 $this->messages[] = "Failed."; 0530 Zend_Registry::get('logger')->err(__METHOD__ . ' - ' . $e->getMessage()); 0531 0532 return false; 0533 } 0534 if (empty($entry)) { 0535 $this->messages[] = "Failed. user entry not exists."; 0536 0537 return false; 0538 } 0539 $connection->delete($entry['dn']); 0540 $connection->getLastError($this->errCode, $this->messages); 0541 0542 return true; 0543 } 0544 0545 /** 0546 * @param array $member_data 0547 * @param bool $force_update 0548 * 0549 * @return array|bool 0550 * @throws Zend_Exception 0551 * @throws Zend_Ldap_Exception 0552 */ 0553 public function addUserFromArray(array $member_data, $force_update = false) 0554 { 0555 if (empty($member_data)) { 0556 return false; 0557 } 0558 0559 $this->messages = array(); 0560 0561 $connection = $this->getConnectionUser(); 0562 $entry = $this->createEntryForUser($member_data); 0563 $dn = $this->getDnForUser($member_data['username']); 0564 $ldapUser = null; 0565 0566 try { 0567 $ldapUser = $this->getLdapUser($member_data); 0568 } catch (Exception $e) { 0569 $this->errCode = 998; 0570 $this->messages[] = $e->getMessage(); 0571 $ldapUser = null; 0572 0573 return false; 0574 } 0575 0576 if (empty($ldapUser)) { 0577 $connection->add($dn, $entry); 0578 $this->messages[] = __METHOD__ . ' = ' . $connection->getLastError(); 0579 0580 return $entry; 0581 } 0582 0583 if (true === $force_update) { 0584 return $this->updateUserFromArray($member_data); 0585 } 0586 0587 $this->errCode = 999; 0588 $this->messages[] = __METHOD__ . ' = ' . "user already exists."; 0589 0590 return false; 0591 } 0592 0593 /** 0594 * @param array $member_data 0595 * 0596 * @return array|bool 0597 * @throws Zend_Exception 0598 * @throws Zend_Ldap_Exception 0599 */ 0600 public function updateUserFromArray(array $member_data) 0601 { 0602 if (empty($member_data)) { 0603 return false; 0604 } 0605 0606 $this->messages = array(); 0607 0608 $connection = $this->getConnectionUser(); 0609 $entry = $this->createEntryForUser($member_data); 0610 $dn = $this->getDnForUser($member_data['username']); 0611 $user = null; 0612 0613 try { 0614 $user = $this->getLdapUser($member_data); 0615 } catch (Exception $e) { 0616 $this->errCode = 998; 0617 $this->messages[] = $e->getMessage(); 0618 $user = null; 0619 0620 return false; 0621 } 0622 0623 if (empty($user)) { 0624 $this->errCode = 998; 0625 $this->messages[] = "user not exist"; 0626 $user = null; 0627 0628 return false; 0629 } 0630 0631 if ($this->hasChangedUsername($member_data['username'], $user)) { 0632 $this->messages[] = 'username changed: '. $user['dn'] . $member_data['username']; 0633 $dnDelete = $user['dn']; 0634 $connection->delete($dnDelete); 0635 $connection->getLastError($this->errCode, $this->messages); 0636 $connection->add($dn, $entry); 0637 $connection->getLastError($this->errCode, $this->messages); 0638 $this->messages[] = "old user deleted : " . $user['dn']; 0639 } else { 0640 $connection->update($dn, $entry); 0641 $connection->getLastError($this->errCode, $this->messages); 0642 } 0643 $this->messages[] = "overwritten : " . json_encode($user); 0644 0645 return $entry; 0646 } 0647 0648 /** 0649 * @param string $user_name 0650 * @param array $user 0651 * @return bool 0652 */ 0653 private function hasChangedUsername($user_name, $user) 0654 { 0655 return !Zend_Ldap_Attribute::attributeHasValue($user, 'cn', $this->lowerString($user_name)); 0656 } 0657 0658 /** 0659 * @param $member_id 0660 * @param $username 0661 * 0662 * @return bool 0663 * @throws Default_Model_Ocs_Exception 0664 * @throws Zend_Ldap_Exception 0665 */ 0666 public function hasUser($member_id, $username) 0667 { 0668 if (empty($member_id)) { 0669 throw new Default_Model_Ocs_Exception('given $member_id empty'); 0670 } 0671 0672 $ldap = $this->getConnectionUser(); 0673 $filter = "(uidNumber={$member_id})"; 0674 $entries = $ldap->searchEntries($filter, $this->baseDnUser); 0675 0676 if (count($entries) > 1) { 0677 throw new Default_Model_Ocs_Exception("{$member_id} is ambiguous"); 0678 } 0679 0680 if (false === empty($entries)) { 0681 return $entries[0]; 0682 } 0683 0684 $username = $this->lowerString($username); 0685 $entry = $ldap->getEntry("cn={$username},{$this->baseDnUser}"); 0686 0687 return empty($entry) ? false : true; 0688 } 0689 0690 /** 0691 * @return array 0692 */ 0693 public function getMessages() 0694 { 0695 return $this->messages; 0696 } 0697 0698 public function addGroupMember($user_username, $group_name, $group_access, $group_id = null, $group_path = null) 0699 { 0700 $connection = $this->getConnectionGroup(); 0701 $dnGroup = $this->getDnGroup($group_name); 0702 0703 //Only update, if member exists 0704 try { 0705 $entry = $this->getLdapUserByUsername($user_username); 0706 } catch (Exception $e) { 0707 $this->messages[] = "Failed."; 0708 Zend_Registry::get('logger')->warn(__METHOD__ . ' - ' . $e->getMessage()); 0709 0710 return false; 0711 } 0712 if (empty($entry)) { 0713 $this->messages[] = "user not exists. nothing to update."; 0714 Zend_Registry::get('logger')->warn(__METHOD__ . ' - ldap entry for new group user does not exists.' . $user_username); 0715 0716 return false; 0717 } 0718 0719 //Only update, if group exists 0720 try { 0721 $entry = $connection->getEntry($dnGroup); 0722 } catch (Exception $e) { 0723 $this->messages[] = "Failed."; 0724 Zend_Registry::get('logger')->warn(__METHOD__ . ' - ' . $e->getMessage()); 0725 0726 return false; 0727 } 0728 if (empty($entry) AND (strtolower($group_access) != 'owner')) { 0729 $this->messages[] = "group not exists. nothing to update."; 0730 Zend_Registry::get('logger')->warn(__METHOD__ . ' - ldap entry for group does not exists.'); 0731 0732 return false; 0733 } 0734 if (empty($entry) AND (strtolower($group_access) == 'owner')) { 0735 if (empty($group_id) OR empty($group_path)) { 0736 Zend_Registry::get('logger')->warn(__METHOD__ 0737 . ' - ldap entry for group does not exists and owner is given. But group_id or group_path is empty.'); 0738 0739 return false; 0740 } 0741 $group = $this->createGroup($group_name, $group_id, $group_path, $user_username, $group_access); 0742 0743 return $group; 0744 } 0745 0746 $group = $this->addMemberToGroupEntry($entry, $user_username, $group_access); 0747 0748 $connection->update($dnGroup, $group); 0749 $connection->getLastError($this->errCode, $this->messages); 0750 0751 return $group; 0752 } 0753 0754 /** 0755 * @return null|Zend_Ldap 0756 * @throws Zend_Exception 0757 * @throws Zend_Ldap_Exception 0758 */ 0759 private function getConnectionGroup() 0760 { 0761 if (false === empty($this->identGroupServer)) { 0762 return $this->identGroupServer; 0763 } 0764 $config = $this->config; 0765 $config->baseDn = Zend_Registry::get('config')->settings->server->ldap_group->baseDn; 0766 $this->identGroupServer = new Zend_Ldap($config); 0767 $this->identGroupServer->bind(); 0768 0769 return $this->identGroupServer; 0770 } 0771 0772 /** 0773 * @param $group_name 0774 * 0775 * @return string 0776 */ 0777 private function getDnGroup($group_name) 0778 { 0779 $baseDn = ''; 0780 try { 0781 $baseDn = Zend_Registry::get('config')->settings->server->ldap_group->baseDn; 0782 } catch (Zend_Exception $e) { 0783 } 0784 $dnGroup = "cn={$group_name},{$baseDn}"; 0785 0786 return $dnGroup; 0787 } 0788 0789 /** 0790 * @param string $group_name 0791 * @param int $group_id 0792 * @param $group_path 0793 * @param $user_name 0794 * @param $group_access 0795 * 0796 * @return array|bool 0797 * @throws Zend_Exception 0798 * @throws Zend_Ldap_Exception 0799 */ 0800 public function createGroup($group_name, $group_id, $group_path, $user_name, $group_access) 0801 { 0802 $newGroup = $this->createEntryGroup($group_name, $group_id, $group_path, $user_name, $group_access); 0803 $connection = $this->getConnectionGroup(); 0804 0805 $groupDn = $this->getDnGroup($group_name); 0806 0807 if ($connection->exists($groupDn)) { 0808 $this->messages[] = "group already exists: {$groupDn}"; 0809 0810 return false; 0811 } 0812 0813 $connection->add($groupDn, $newGroup); 0814 $connection->getLastError($this->errCode, $this->messages); 0815 0816 return $newGroup; 0817 } 0818 0819 /** 0820 * @param string $name 0821 * @param int $group_id 0822 * @param string $group_path 0823 * @param string $user_name 0824 * @param string $group_access 0825 * 0826 * @return array 0827 */ 0828 private function createEntryGroup($name, $group_id, $group_path, $user_name, $group_access) 0829 { 0830 $entry = array(); 0831 Zend_Ldap_Attribute::setAttribute($entry, 'objectClass', 'top'); 0832 Zend_Ldap_Attribute::setAttribute($entry, 'objectClass', 'groupOfNames', true); 0833 Zend_Ldap_Attribute::setAttribute($entry, 'objectClass', 'extensibleObject', true); 0834 Zend_Ldap_Attribute::setAttribute($entry, 'cn', $name); 0835 Zend_Ldap_Attribute::setAttribute($entry, 'member', null); 0836 Zend_Ldap_Attribute::setAttribute($entry, 'gidNumber', $group_id); 0837 Zend_Ldap_Attribute::setAttribute($entry, 'labeledURI', $group_path . ' group_path'); 0838 $entry = $this->addMemberToGroupEntry($entry, $user_name, $group_access); 0839 0840 return $entry; 0841 } 0842 0843 /** 0844 * @param array $group 0845 * @param string $user_username 0846 * @param string $group_access 0847 * 0848 * @return mixed 0849 */ 0850 private function addMemberToGroupEntry($group, $user_username, $group_access) 0851 { 0852 $dn = $this->getDnForUser($user_username); 0853 Zend_Ldap_Attribute::setAttribute($group, 'member', $dn, true); 0854 if ('owner' == strtolower($group_access)) { 0855 Zend_Ldap_Attribute::setAttribute($group, 'owner', $dn, true); 0856 } 0857 Zend_Ldap_Attribute::removeDuplicatesFromAttribute($group, 'member'); 0858 Zend_Ldap_Attribute::removeDuplicatesFromAttribute($group, 'owner'); 0859 0860 return $group; 0861 } 0862 0863 public function resetMessages() 0864 { 0865 $this->messages = array(); 0866 } 0867 0868 public function saveEntry(array $entry, $dn) 0869 { 0870 $this->getConnectionUser()->save($dn, $entry); 0871 $this->messages[] = $this->getConnectionUser()->getLastError(); 0872 } 0873 0874 /** 0875 * @param string $password_hash 0876 * @return string 0877 */ 0878 public function createPasswordFromHash($password_hash) 0879 { 0880 $password = '{MD5}' . base64_encode(pack("H*", $password_hash)); 0881 0882 return $password; 0883 } 0884 0885 }