Functions

This function prints a short status message.

StatusMessage(string $MessageTyp, string $MessageHeadline, string $MessageText, array $MessageVariables, boolean $returnOutput) : String

It can be used to print INFO, WARN and ERROR messages at the moment.

The headline and text may be formated with special tags:

{bold}, {endbold}: All text between these tags is printed bold.
{color=#123456}, {endcolor}: All text between these tags is printed in the given color.
{link=http://nodomain.org}, {endlink}: A link with the given target is created. The link text is the text between the tags.

Parameters

$MessageTyp

string

The type of the message to be printed. It must be one of the following types: 'INFO', 'WARN' or 'ERROR'.
Every other type will lead to an error message indicating an invalid message type.

$MessageHeadline

string

The headline of the status message.
It may be formatted with special color/link/bold tags.

$MessageText

string

The text of the status message.
It may be formatted with special color/link/bold tags. This parameter is optional.

$MessageVariables

array

The variables that are used to replace the spacers (%s) in the submitted text. This parameter is optional.

$returnOutput

boolean

if set to true this function will return the generated HTML code instead of printing it directly (default: false)

Returns

StringHTML code if $returnOutput is set to true, otherwise null

Fetches the raw schema array for the subschemaSubentry of the server.

_get_raw_schema(\$schema_to_fetch $schema_to_fetch, \$dn $dn) : \an

Note, this function has grown many hairs to accomodate more LDAP servers. It is needfully complicated as it now supports many popular LDAP servers that don't necessarily expose their schema "the right way".

Parameters

$schema_to_fetch

\$schema_to_fetch
  • A string indicating which type of schema to fetch. Five valid values: 'objectclasses', 'attributetypes', 'ldapsyntaxes', 'matchingruleuse', or 'matchingrules'. Case insensitive.

$dn

\$dn

(optional) This paremeter is the DN of the entry whose schema you would like to fetch. Entries have the option of specifying their own subschemaSubentry that points to the DN of the system schema entry which applies to this attribute. If unspecified, this will try to retrieve the schema from the RootDSE subschemaSubentry. Failing that, we use some commonly known schema DNs. Default value is the Root DSE DN (zero-length string)

Returns

\anarray of strings of this form: Array ( [0] => "( 1.3.6.1.4.1.7165.1.2.2.4 NAME 'gidPool' DESC 'Pool ... [1] => "( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' DESC 'Sa ... etc.

Helper for _get_raw_schema() which fetches the DN of the schema object in an LDAP server based on a DN.

_get_schema_dn(string $dn, bool $debug) : string

Entries should set the subSchemaSubEntry attribute pointing to the DN of the server schema. You can specify the DN whose subSchemaSubEntry you wish to retrieve of specify an empty string to fetch the subScehamSubEntry from the Root DSE.

Parameters

$dn

string

The DN (may be null) which houses the subschemaSubEntry attribute which this function can use to determine the schema entry's DN.

$debug

bool

Switch to true to see some nice and copious output. :)

Returns

stringThe DN of the entry which houses this LDAP server's schema.

For each attribute that has multiple names, this function adds unique entries to the attrs array for those names.

add_aliases_to_attrs($attrs) 

Ie, attributeType has name 'gn' and 'givenName'. This function will create a unique entry for 'gn' and 'givenName'.

Parameters

$attrs

Adds inherited values to each attributeType specified by the SUP directive.

add_sup_to_attrs($attrs, $attrs_oid) 

Supports infinite levels of inheritance. Bug 856832: require a second paramter that has all attributes indexed by OID

Parameters

$attrs

$attrs_oid

This function will return all values from $array without values of $values.

array_delete(array $values, array $array) : array

Parameters

$values

array

list of values which should be removed

$array

array

list of original values

Returns

arraylist of remaining values

Replace {bold} and {endbold} with <b> and </b> HTML-Tags.

boldText(string $text) : string

access private

Parameters

$text

string

The text that is used to search for {bold} and {endbold} tags.

Returns

stringThe submitted text with {bold} and {endbold} replaced with the appropriate HTML tages and

Returns true if the schema for $schema_type has been cached and is availble.

cached_schema_available($schema_type) 

$schema_type may be one of (lowercase) the following: objectclasses attributetypes ldapsyntaxes matchingrules matchingruleuse Note that _get_raw_schema() takes a similar parameter.

Parameters

$schema_type

Checks if the client's IP address is on the list of allowed IPs.

checkClientIP() 

The script is stopped if the host is not valid.

Checks if it is allowed to delete LDAP entries of the given type.

checkIfDeleteEntriesIsAllowed(String $scope) : boolean

Parameters

$scope

String

account type (e.g. 'user')

Returns

booleantrue, if entries may be deleted

Checks if it is allowed to create new LDAP entries of the given type.

checkIfNewEntriesAreAllowed(String $scope) : boolean

This also checks if general write access is enabled.

Parameters

$scope

String

account type (e.g. 'user')

Returns

booleantrue, if new entries are allowed

Checks if passwords may be changed.

checkIfPasswordChangeIsAllowed() : boolean

Returns

booleantrue, if allowed

Checks if the given tool is active.

checkIfToolIsActive(String $tool) 

Otherwise, an error message is logged and the execution is stopped (die()).

Parameters

$tool

String

tool class name (e.g. toolFileUpload)

Checks if write access to LDAP is allowed.

checkIfWriteAccessIsAllowed() : boolean

Returns

booleantrue, if allowed

Checks if the password fulfills the password policies.

checkPasswordStrength(string $password) : mixed

Parameters

$password

string

password

Returns

mixedtrue if ok, string with error message if not valid

Cleans the result of an LDAP search.

cleanLDAPResult(array $entries) 

This will remove all 'count' entries and also all numeric array keys.

Parameters

$entries

array

LDAP entries in format $entries[entry number][attribute name][attribute values]

Replace {color=#[HEX-Value]} or {color=[HEX-Value]} and {endcolor} with <font color="#[HEX-Value]"> and </font> HTML-Tags.

colorText(string $text) : string

access private

Parameters

$text

string

The text that is used to search for {color} and {endcolor} tags.

Returns

stringInput string with HTML-formatted color tags

Helper function to sort DNs.

compareDN(string $a, string $b) : integer

Parameters

$a

string

first argument to compare

$b

string

second argument to compare

Returns

integer0 if equal, 1 if $a is greater, -1 if $b is greater

Simple function to deobfuscate strings.

deobfuscateText(String $text) 

Parameters

$text

String

text to deobfuscate

Escapes any special characters in an LDAP DN.

escapeDN(String $dn) : String

Parameters

$dn

String

DN

Returns

Stringescaped DN

Extracts the DN suffix from a given DN.

extractDNSuffix(String $dn) : String

E.g. ou=people,dc=test,dc=com will result in dc=test,dc=com.

Parameters

$dn

String

DN

Returns

StringDN suffix

Extracts the RDN attribute name from a given DN.

extractRDNAttribute(String $dn) : String

Parameters

$dn

String

DN

Returns

StringRDN attribute name

Extracts the RDN attribute value from a given DN.

extractRDNValue(String $dn) : String

Parameters

$dn

String

DN

Returns

StringRDN attribute value

Formats an LDAP time string (e.g.

formatLDAPTimestamp(String $time) : String

from createTimestamp).

Parameters

$time

String

LDAP time value

Returns

Stringformated time

Generates a random password with 12 digits.

generateRandomPassword() : String

Returns

Stringpassword

Calculates a password salt of the given legth.

generateSalt(int $len) : String

Parameters

$len

int

salt length

Returns

Stringthe salt string

Transforms a DN into a more user friendly format.

getAbstractDN(String $dn) : String

E.g. "dc=company,dc=de" is transformed to "company > de".

Parameters

$dn

String

DN

Returns

Stringtransformed DN

Returns the parameters for a StatusMessage of the last LDAP search.

getLastLDAPError() : array

Returns

arrayparameters for StatusMessage or null if all was ok

Returns the list of supported hash types (e.g.

getSupportedHashTypes() : array

SSHA).

Returns

arrayhash types

Returns the cached array of schemaitem objects for the specified $schema_type.

get_cached_schema($schema_type) 

For list of valid $schema_type values, see above schema_cache_available(). Note that internally, this function utilizes a two-layer cache, one in memory using a static variable for multiple calls within the same page load, and one in a session for multiple calls within the same user session (spanning multiple page loads).

Returns an array of SchemaItem objects on success or false on failure.

Parameters

$schema_type

Checks if a given value matches the selected regular expression.

get_preg(string $argument, string $regexp) : boolean

Parameters

$argument

string

value to check

$regexp

string

pattern name

Returns

booleantrue if matches, otherwise false

Gets a single AttributeType object specified by name.

get_schema_attribute($attr_name, string $dn, $use_cache) : \AttributeType

see \global\AttributeType
see \global\get_schema_attributes

Parameters

$attr_name

$dn

string

(optional) It is easier to fetch schema if a DN is provided which defines the subschemaSubEntry attribute (all entries should).

$use_cache

Returns

\AttributeTypeThe specified AttributeType object or false on error.

Gets an associative array of AttributeType objects for the specified server.

get_schema_attributes(string $dn, $use_cache) : array

Each array entry's key is the name of the attributeType in lower-case and the value is an AttributeType object.

Parameters

$dn

string

(optional) It is easier to fetch schema if a DN is provided which defines the subschemaSubEntry attribute (all entries should).

$use_cache

Returns

arrayAn array of AttributeType objects.

Returns an array of MatchingRule objects for the specified server.

get_schema_matching_rules($dn, $use_cache) 

The key of each entry is the OID of the matching rule.

Parameters

$dn

$use_cache

Gets a single ObjectClass object specified by name.

get_schema_objectclass(string $oclass_name, string $dn, $use_cache) : \ObjectClass

see \global\ObjectClass
see \global\get_schema_objectclasses

Parameters

$oclass_name

string

The name of the objectClass to fetch.

$dn

string

(optional) It is easier to fetch schema if a DN is provided which defines the subschemaSubEntry attribute (all entries should).

$use_cache

Returns

\ObjectClassThe specified ObjectClass object or false on error.

Gets an associative array of ObjectClass objects for the specified server.

get_schema_objectclasses(string $dn, $use_cache) : array

Each array entry's key is the name of the objectClass in lower-case and the value is an ObjectClass object.

see \global\ObjectClass
see \global\get_schema_objectclass

Parameters

$dn

string

(optional) It is easier to fetch schema if a DN is provided which defines the subschemaSubEntry attribute (all entries should).

$use_cache

Returns

arrayAn array of ObjectClass objects.

Returns an array of Syntax objects that this LDAP server uses mapped to their descriptions.

get_schema_syntaxes($dn, $use_cache) 

The key of each entry is the OID of the Syntax.

Parameters

$dn

$use_cache

This function will return the days from 1.1.1970 until now.

getdays() : \number

Returns

\numberof days

Checks if a string exists in an array, ignoring case.

in_array_ignore_case(String $needle, array $haystack) 

Parameters

$needle

String

search string

$haystack

array

array

Checks if the given text is obfuscated.

isObfuscatedText(String $text) : boolean

Parameters

$text

String

text to check

Returns

booleanobfuscated or not

Returns the given DN.

ldapGetDN(String $dn, array $attributes, \handle $handle) : array

Parameters

$dn

String

DN

$attributes

array

list of attributes to fetch

$handle

\handle

LDAP handle (optional for admin interface pages)

Returns

arrayattributes or null if not found

Replace {link=[Link-Target]} and {endlink} with <a href="[Link-Target]" target="_blank"> and </a> HTML-Tags.

linkText(string $text) : string

access private

Parameters

$text

string

The text that is used to search for {link} and {endlink} tags.

Returns

stringInput string with HTML-formatted link tags

Generates the LM hash of a password.

lmPassword(string $password) : string

Parameters

$password

string

password original password

Returns

stringpassword hash

Puts a new message in the log file.

logNewMessage(string $level, string $message) 

Parameters

$level

string

log level (LOG_DEBUG, LOG_NOTICE, LOG_WARNING, LOG_ERR)

$message

string

log message

Logs off the user and displays the login page.

logoffAndBackToLoginPage() 

Generates the NT hash of a password.

ntPassword(string $password) : string

Parameters

$password

string

password original password

Returns

stringpassword hash

Simple function to obfuscate strings.

obfuscateText(String $text) 

Parameters

$text

String

text to obfuscate

Use the three replace functions on the submitted Text.

parseMessageString(string $MessageString) : string

access private

Parameters

$MessageString

string

The text that is used to search for replaceable strings.

Returns

stringThe processed text.

Marks an password hash as disabled and returns the new hash string

pwd_disable(string $hash) : string

Parameters

$hash

string

hash value to disable

Returns

stringdisabled hash value

Marks an password hash as enabled and returns the new hash string

pwd_enable(string $hash) : string

Parameters

$hash

string

hash value to enable

Returns

stringenabled password hash

Returns the hash value of a plain text password.

pwd_hash(string $password, boolean $enabled, string $hashType) : string

see \global\getSupportedHashTypes()

Parameters

$password

string

the password string

$enabled

boolean

marks the hash as enabled/disabled (e.g. by prefixing "!")

$hashType

string

password hash type (CRYPT, CRYPT-SHA512, SHA, SSHA, MD5, SMD5, PLAIN)

Returns

stringthe password hash

Checks if a password hash is enabled/disabled

pwd_is_enabled(string $hash) : boolean

Parameters

$hash

string

password hash to check

Returns

booleantrue if the password is marked as enabled

Checks if a Unix password can be locked.

pwd_is_lockable(String $password) : boolean

This checks if the password is not plain text but e.g. contains {SSHA}.

Parameters

$password

String

password value

Returns

booleancan be locked

Runs an LDAP search.

searchLDAP(String $suffix, String $filter, array $attributes) : array

Parameters

$suffix

String

LDAP suffix

$filter

String

filter

$attributes

array

list of attributes to return

Returns

arraylist of found entries

This will search the given LDAP suffix for all entries which have the given attribute.

searchLDAPByAttribute(String $name, String $value, String $objectClass, array $attributes, array $scopes) : array

Parameters

$name

String

attribute name (may be null)

$value

String

attribute value

$objectClass

String

object class (may be null)

$attributes

array

list of attributes to return

$scopes

array

account types

Returns

arraylist of found entries

This will search the given LDAP suffix for all entries which match the given filter.

searchLDAPByFilter(String $filter, array $attributes, array $scopes, boolean $attrsOnly) : array

Parameters

$filter

String

$attributes

array

list of attributes to return

$scopes

array

account types

$attrsOnly

boolean

get only attributes but no values (default: false)

Returns

arraylist of found entries

Returns an array with all Samba 3 domain entries under the given suffix

search_domains(\handle $server, String $suffix) : array

Parameters

$server

\handle

LDAP handle (if null then $_SESSION['ldap']->server() is used)

$suffix

String

LDAP suffix to search (if null then $_SESSION['config']->get_Suffix('smbDomain') is used)

Returns

arraylist of samba3domain objects

Sends the password mail.

sendPasswordMail(String $pwd, array $user, String $recipient) : array

Parameters

$pwd

String

new password

$user

array

LDAP attributes of user

$recipient

String

recipient address (optional, $user['mail'][0] used by default)

Returns

arraylist of arrays that can be used to create status messages

Caches the specified $schema_type.

set_cached_schema($schema_type, $schema_items) 

$schema_items should be an array of SchemaItem instances (ie, an array of ObjectClass, AttributeType, LDAPSyntax, MatchingRuleUse, or MatchingRule objects.

Returns true on success of false on failure.

Parameters

$schema_type

$schema_items

Sets the schema entry for the server_id to be "unavailable" so that we realize that we tried to get the schema but could not, so quit trying next time to fetch it from the server.

set_schema_cache_unavailable() 

Takes a list of Samba flags and creates the corresponding flag string.

smbflag(array $input) : string

Parameters

$input

array

is an array of Samba flags (e.g. X or D)

Returns

stringSamba flag string

Starts a session and checks the environment.

startSecureSession(boolean $redirectToLogin) : boolean

The script is stopped if one of the checks fail (timeout redirection may be overriden).

Parameters

$redirectToLogin

boolean

redirect user to login page

Returns

booleantrue if all ok, false if session expired

Classes and interfaces

AttributeType

Represents an LDAP AttributeType

« More »

MatchingRule

Represents an LDAP MatchingRule

« More »

MatchingRuleUse

Represents an LDAP schema matchingRuleUse entry

« More »

ObjectClass

Represents an LDAP objectClass

« More »

ObjectClassAttribute

A simple class for representing AttributeTypes used only by the ObjectClass class.

« More »

SchemaItem

Generic parent class for all schema items.

« More »

Syntax

Represents an LDAP Syntax

« More »

Constants

 

SCHEMA_SESSION_CACHE_ENABLED

SCHEMA_SESSION_CACHE_ENABLED