lib/modules/windowsUser.inc
Properties
Description
Manages Windows AD (e.g. Samba 4) users.Classes
windowsUser
Description
Manages Windows AD (e.g. Samba 4) users.It implements the complete module interface and uses meta-data provided by the account modules for its functions.
Location and naming of modules
All LAM modules are placed in lib/modules/ and are named "
You can avoid to override many functions by using {@link get_metaData()}.
All module classes should extend the baseModule class.
Methods
build_uploadAccounts, checkSelfServiceOptions, display_html_attributes, display_html_group, doUploadPostActions, findGroups, getDomains, getSelfServiceOptions, get_metaData, get_pdfEntries, get_profileOptions, init, isDeactivated, isLockedOut, isNeverExpiring, isSmartCardRequired, load_Messages, load_attributes, load_profile, managesPasswordAttributes, passwordChangeRequested, postModifyActions, process_attributes, process_group, pwdAttributeValue, save_attributes, setIsDeactivated, setIsNeverExpiring, setIsSmartCardRequired, setSelfServicePassword, supportsForcePasswordChange, unlock,build_uploadAccounts( array $rawAccounts, array $ids, array $partialAccounts, array $selectedModules, ) : array
Description
In this function the LDAP account is built up.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $rawAccounts | array | list of hash arrays (name => value) from user input | |
| $ids | array | list of IDs for column position (e.g. "posixAccount_uid" => 5) | |
| $partialAccounts | array | list of hash arrays (name => value) which are later added to LDAP | |
| $selectedModules | array | list of selected account modules | 
Return value
| Type | Description | 
|---|---|
| array | list of error messages if any | 
checkSelfServiceOptions( string $fields, array $attributes, boolean $passwordChangeOnly, array $readOnlyFields, ) : array
Description
Checks if all input values are correct and returns the LDAP attributes which should be changed.Return values:
messages: array of parameters to create status messages
add: array of attributes to add
del: array of attributes to remove
mod: array of attributes to modify
info: array of values with informational value (e.g. to be used later by pre/postModify actions) Calling this method does not require the existence of an enclosing {@link accountContainer}.
Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $fields | string | input fields | |
| $attributes | array | LDAP attributes | |
| $passwordChangeOnly | boolean | indicates that the user is only allowed to change his password and no LDAP content is readable | |
| $readOnlyFields | array | list of read-only fields | 
Return value
| Type | Description | 
|---|---|
| array | messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | 
display_html_attributes( ) : \htmlElement
Description
Returns the HTML meta data for the main account page.Return value
| Type | Description | 
|---|---|
| \htmlElement | HTML meta data | 
display_html_group( ) : \htmlElement
Description
Displays the group selection.Return value
| Type | Description | 
|---|---|
| \htmlElement | meta HTML code | 
doUploadPostActions( array $data, array $ids, array $failed, array $temp, array $accounts, ) : array
Description
This function executes one post upload action.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $data | array | array containing one account in each element | |
| $ids | array | array( | |
| $failed | array | list of accounts which were not created successfully | |
| $temp | array | variable to store temporary data between two post actions | |
| $accounts | array | list of LDAP entries | 
Return value
| Type | Description | 
|---|---|
| array | current status <br> array ( <br> 'status' => 'finished' | 'inProgress' <br> 'progress' => 0..100 <br> 'errors' => array (<array of parameters for StatusMessage>) <br> ) | 
findGroups( ) : array
Description
Finds all existing groups.Return value
| Type | Description | 
|---|---|
| array | group DNs | 
getDomains( ) : array
Description
Gets the list of possible domains from the config setting.Return value
| Type | Description | 
|---|---|
| array | domain list | 
getSelfServiceOptions( array $fields, array $attributes, boolean $passwordChangeOnly, array $readOnlyFields, ) : array
Description
Returns the meta HTML code for each input field.format: array(
Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $fields | array | list of active fields | |
| $attributes | array | attributes of LDAP account | |
| $passwordChangeOnly | boolean | indicates that the user is only allowed to change his password and no LDAP content is readable | |
| $readOnlyFields | array | list of read-only fields | 
Return value
| Type | Description | 
|---|---|
| array | list of meta HTML elements (field name => htmlTableRow) | 
get_metaData( ) : array
Description
Returns meta data that is interpreted by parent classReturn value
| Type | Description | 
|---|---|
| array | array with meta data | 
Tags
| Name | Description | 
|---|---|
| see | 
get_pdfEntries( ) : n/a
Description
Returns a list of PDF entriesReturn value
| Type | Description | 
|---|---|
| n/a | n/a | 
get_profileOptions( ) : \htmlElement
Description
Returns a list of elements for the account profiles.Return value
| Type | Description | 
|---|---|
| \htmlElement | profile elements | 
init( string $base, ) : n/a
Description
Initializes the module after it became part of an accountContainerArguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $base | string | the name of the accountContainer object ($_SESSION[$base]) | 
Return value
| Type | Description | 
|---|---|
| n/a | n/a | 
isDeactivated( array $attrs, ) : boolean
Description
Returns if the account is currently deactivated.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $attrs | array | LDAP attributes | 
Return value
| Type | Description | 
|---|---|
| boolean | is deactivated | 
isLockedOut( array $attrs, ) : boolean
Description
Returns if the account is currently locked out.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $attrs | array | LDAP attributes | 
Return value
| Type | Description | 
|---|---|
| boolean | is locked out | 
isNeverExpiring( array $attrs, ) : boolean
Description
Returns if the account never expires.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $attrs | array | LDAP attributes | 
Return value
| Type | Description | 
|---|---|
| boolean | never expires | 
isSmartCardRequired( array $attrs, ) : boolean
Description
Returns if the account requires a smartcard to login.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $attrs | array | LDAP attributes | 
Return value
| Type | Description | 
|---|---|
| boolean | requires a smartcard | 
load_Messages( ) : n/a
Description
This function fills the $messages variable with output messages from this module.Return value
| Type | Description | 
|---|---|
| n/a | n/a | 
load_attributes( array $attr, ) : n/a
Description
This function loads all needed LDAP attributes.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $attr | array | list of attributes | 
Return value
| Type | Description | 
|---|---|
| n/a | n/a | 
load_profile( array $profile, ) : n/a
Description
Loads the values of an account profile into internal variables.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $profile | array | hash array with profile values (identifier => value) | 
Return value
| Type | Description | 
|---|---|
| n/a | n/a | 
managesPasswordAttributes( ) : boolean
Description
This method specifies if a module manages password attributes. The module alias will then appear as option in the GUI.If the module only wants to get notified about password changes then return false.
Return value
| Type | Description | 
|---|---|
| boolean | true if this module manages password attributes | 
passwordChangeRequested( String $password, array $modules, boolean $forcePasswordChange, ) : array
Description
This function is called whenever the password should be changed. Account modules must change their password attributes only if the modules list contains their module name.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $password | String | new password | |
| $modules | array | list of modules for which the password should be changed | |
| $forcePasswordChange | boolean | force the user to change his password at next login | 
Return value
| Type | Description | 
|---|---|
| array | list of error messages if any as parameter array for StatusMessage e.g. return arrray(array('ERROR', 'Password change failed.')) | 
postModifyActions( boolean $newAccount, array $attributes, ) : array
Description
Runs the postmodify actions.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $newAccount | boolean | ||
| $attributes | array | LDAP attributes of this entry | 
Return value
| Type | Description | 
|---|---|
| array | array which contains status messages. Each entry is an array containing the status message parameters. | 
Tags
| Name | Description | 
|---|---|
| see | 
process_attributes( ) : array
Description
Processes user input of the primary module page.It checks if all input values are correct and updates the associated LDAP attributes.
Return value
| Type | Description | 
|---|---|
| array | list of info/error messages | 
process_group( ) : array
Description
Processes user input of the group selection page.It checks if all input values are correct and updates the associated LDAP attributes.
Return value
| Type | Description | 
|---|---|
| array | list of info/error messages | 
pwdAttributeValue( String $password, ) : n/a
Description
Creates the LDAP password value.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $password | String | password | 
Return value
| Type | Description | 
|---|---|
| n/a | n/a | 
save_attributes( ) : array
Description
Returns a list of modifications which have to be made to the LDAP account.Return value
| Type | Description | 
|---|---|
| array | list of modifications <br>This function returns an array with 3 entries: <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... ) <br>DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid) <br>"add" are attributes which have to be added to LDAP entry <br>"remove" are attributes which have to be removed from LDAP entry <br>"modify" are attributes which have to been modified in LDAP entry <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions) | 
setIsDeactivated( boolean $deactivated, array $attrs = null, ) : n/a
Description
Sets if the account is currently deactivated.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $deactivated | boolean | is deactivated | |
| $attrs | array | LDAP attributes to modify (default $this->attributes) | null | 
Return value
| Type | Description | 
|---|---|
| n/a | n/a | 
setIsNeverExpiring( array $attrs, boolean $neverExpires, ) : n/a
Description
Sets if the account never expires.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $attrs | array | LDAP attributes to modify | |
| $neverExpires | boolean | never expires | 
Return value
| Type | Description | 
|---|---|
| n/a | n/a | 
setIsSmartCardRequired( array $attrs, boolean $requireCard, ) : n/a
Description
Sets if the account requires a smartcard to login.Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $attrs | array | LDAP attributes to modify | |
| $requireCard | boolean | requires a smartcard | 
Return value
| Type | Description | 
|---|---|
| n/a | n/a | 
setSelfServicePassword( array $return, array $attributes, ) : n/a
Description
Sets the user password in self service.Since the change requires the old password we need to run ldapmodify for this task. Enter description here ...
Arguments
| Name | Type | Description | Default | 
|---|---|---|---|
| $return | array | return value for checkSelfServiceOptions() (used to add message if any) | |
| $attributes | array | LDAP attributes | 
Return value
| Type | Description | 
|---|---|
| n/a | n/a | 
