Overview

Packages

  • Horde
  • None

Classes

  • Horde_Ajax_Application
  • Horde_Api
  • Horde_Block_Account
  • Horde_Block_Account_Base
  • Horde_Block_Account_Finger
  • Horde_Block_Account_Ldap
  • Horde_Block_Account_Localhost
  • Horde_Block_Cloud
  • Horde_Block_FbStream
  • Horde_Block_Feed
  • Horde_Block_Fortune
  • Horde_Block_Google
  • Horde_Block_Iframe
  • Horde_Block_Metar
  • Horde_Block_Moon
  • Horde_Block_Sunrise
  • Horde_Block_Time
  • Horde_Block_TwitterTimeline
  • Horde_Block_Vatid
  • Horde_Block_Weather
  • Horde_LoginTasks_SystemTask_GarbageCollection
  • Horde_LoginTasks_SystemTask_Upgrade
  • Horde_LoginTasks_Task_AdminCheck
  • Horde_LoginTasks_Task_LastLogin
  • Horde_LoginTasks_Task_TosAgreement
  • Horde_Prefs_Ui
  • Overview
  • Package
  • Class
  • Tree 
  1: <?php
  2: /**
  3:  * The ldap class attempts to return user information stored in an ldap
  4:  * directory service.
  5:  *
  6:  * Copyright 2001-2012 Horde LLC (http://www.horde.org/)
  7:  *
  8:  * See the enclosed file COPYING for license information (LGPL). If you
  9:  * did not receive this file, see http://www.horde.org/licenses/lgpl21.
 10:  *
 11:  * @author  Eric Jon Rostetter <eric.rostetter@physics.utexas.edu>
 12:  * @author  Jan Schneider <jan@horde.org>
 13:  * @package Horde
 14:  */
 15: class Horde_Block_Account_Ldap extends Horde_Block_Account_Base
 16: {
 17:     /**
 18:      * Pointer to the LDAP connection.
 19:      *
 20:      * @var Horde_Ldap
 21:      */
 22:     protected $_ldap;
 23: 
 24:     /**
 25:      * User information hash.
 26:      *
 27:      * @var array
 28:      */
 29:     protected $_information;
 30: 
 31:     /**
 32:      * Constructor.
 33:      *
 34:      * @param array $params  A hash containing connection parameters.
 35:      */
 36:     public function __construct($params = array())
 37:     {
 38:         $this->_ldap = $params['ldap'];
 39:         unset($params['ldap']);
 40:         parent::__construct($params);
 41:     }
 42: 
 43:     /**
 44:      * Returns the win32 AD epoch number of days the password may be unchanged.
 45:      *
 46:      * @return integer|boolean  Number of days or false if no limit.
 47:      */
 48:     protected function _getMaxPasswd()
 49:     {
 50:         $dn = Horde_Ldap_Util::explodeDN($this->_params['basedn']);
 51:         $domaindn = array();
 52:         foreach ($dn as $rdn) {
 53:             $attribute = Horde_Ldap_Util::splitAttributeString($rdn);
 54:             if ($attribute[0] == 'DC') {
 55:                 $domaindn[] = $rdn;
 56:             }
 57:         }
 58:         $dn = Horde_Ldap_Util::canonicalDN($domaindn);
 59: 
 60:         $search = $this->_ldap->search($domaindn, 'objectClass=*');
 61:         $entry = $search->shiftEntry();
 62:         try {
 63:             return $entry->getValue('maxPwdAge', 'single');
 64:         } catch (Horde_Ldap_Exception $e) {
 65:             return false;
 66:         }
 67:     }
 68: 
 69:     /**
 70:      * Code from 'brudinie at yahoo dot co dot uk' at http://nl3.php.net/ldap/
 71:      *
 72:      * @param integer $dateLargeInt  The win32 active directory epoch time.
 73:      *
 74:      * @return integer  A unix timestamp.
 75:      */
 76:     protected function _convertWinTimeToUnix($dateLargeInt)
 77:     {
 78:         // Seconds since jan 1st 1601.
 79:         $secsAfterADEpoch = $dateLargeInt / (10000000);
 80: 
 81:         // Unix epoch - AD epoch * number of tropical days * seconds in a day.
 82:         $ADToUnixConvertor = ((1970 - 1601) * 365.242190) * 86400;
 83: 
 84:         return intval($secsAfterADEpoch - $ADToUnixConvertor);
 85:     }
 86: 
 87:     /**
 88:      * Returns the user account from the LDAP source.
 89:      *
 90:      * @return Horde_Ldap_Entry  An entry with complete account details.
 91:      *
 92:      * @throws Horde_Exception if user not found.
 93:      * @throws Horde_Ldap_Exception on LDAP errors.
 94:      */
 95:     protected function _getAccount()
 96:     {
 97:         if (!isset($this->_information)) {
 98:             $search = $this->_ldap->search($this->_params['basedn'],
 99:                                            $this->_params['attr'] . '=' . $this->_params['user']);
100:             if (!$search->count()) {
101:                 throw new Horde_Exception(_("User account not found"));
102:             }
103:             $this->_information = $search->shiftEntry();
104:         }
105:         return $this->_information;
106:     }
107: 
108:     /**
109:      * Returns the user's full name.
110:      *
111:      * @return string  The user's full name.
112:      *
113:      * @throws Horde_Exception if user not found.
114:      * @throws Horde_Ldap_Exception on LDAP errors.
115:      */
116:     public function getFullname()
117:     {
118:         $information = $this->_getAccount();
119:         try {
120:             return $information->getValue('cn', 'single');
121:         } catch (Horde_Ldap_Exception $e) {
122:             return '';
123:         }
124:     }
125: 
126:     /**
127:      * Returns the user's home (login) directory.
128:      *
129:      * @return string  The user's directory.
130:      *
131:      * @throws Horde_Exception if user not found.
132:      * @throws Horde_Ldap_Exception on LDAP errors.
133:      */
134:     public function getHome()
135:     {
136:         $information = $this->_getAccount();
137:         try {
138:             return $information->getValue('homedirectory', 'single');
139:         } catch (Horde_Ldap_Exception $e) {
140:             return '';
141:         }
142:     }
143: 
144:     /**
145:      * Returns the user's default shell.
146:      *
147:      * @return string  The user's shell.
148:      *
149:      * @throws Horde_Exception if user not found.
150:      * @throws Horde_Ldap_Exception on LDAP errors.
151:      */
152:     public function getShell()
153:     {
154:         $information = $this->_getAccount();
155:         try {
156:             return $information->getValue('useraccountcontrol', 'single');
157:         } catch (Horde_Ldap_Exception $e) {
158:         }
159:         try {
160:             return $information->getValue('loginshell', 'single');
161:         } catch (Horde_Ldap_Exception $e) {
162:             return '';
163:         }
164:     }
165: 
166:     /**
167:      * Returns the date of the user's last password change.
168:      *
169:      * @return string  Date string.
170:      *
171:      * @throws Horde_Exception if user not found.
172:      * @throws Horde_Ldap_Exception on LDAP errors.
173:      */
174:     public function getPasswordChange()
175:     {
176:         $information = $this->_getAccount();
177:         try {
178:             return strftime('%x', $information->getValue('shadowlastchange', 'single') * 86400);
179:         } catch (Horde_Ldap_Exception $e) {
180:         }
181:         try {
182:             return strftime('%x', $this->_convertWinTimeToUnix($information->getValue('pwdlastset', 'single')));
183:         } catch (Horde_Ldap_Exception $e) {
184:             return '';
185:         }
186:     }
187: 
188:     /**
189:      * Returns the status of the current password.
190:      *
191:      * @return string  A string with a warning message if the password is about
192:      *                 to expire.
193:      *
194:      * @throws Horde_Exception if user not found.
195:      * @throws Horde_Ldap_Exception on LDAP errors.
196:      */
197:     public function checkPasswordStatus()
198:     {
199:         $information = $this->_getAccount();
200: 
201:         // Active Directory.
202:         try {
203:             $accountControl = $information->getValue('useraccountcontrol', 'single');
204:             $pwdlastset     = $information->getValue('pwdlastset', 'single');
205:             $accountControl = $information[0]['useraccountcontrol'][0];
206:             if (($accountControl & 65536) != 0) {
207:                 // ADS_UF_DONT_EXPIRE_PASSWD
208:                 return '';
209:             }
210:             if (($accountControl & 524288) != 0) {
211:                 // ADS_UF_PASSWORD_EXPIRED
212:                 return _("Your password has expired");
213:             }
214: 
215:             $maxdays = $this->_getMaxPasswd();
216:             if ($maxdays === false) {
217:                 return '';
218:             }
219: 
220:             $today = time();
221:             $lastset = $pwdlastset - $maxdays;
222:             $toexpire = floor(($this->_convertWinTimeToUnix($lastset) - $today) / 86400);
223:             if ($toexpire < 0) {
224:                 return _("Your password has expired");
225:             }
226:             if ($toexpire < 14) {
227:                 // Two weeks.
228:                 return sprintf(_("%d days until your password expires."), $toexpire);
229:             }
230:         } catch (Horde_Ldap_Exception $e) {
231:         }
232: 
233:         // OpenLDAP.
234:         try {
235:             $shadowmax        = $information->getValue('shadowmax', 'single');
236:             $shadowlastchange = $information->getValue('shadowlastchange', 'single');
237:             $shadowwarning    = $information->getValue('shadowwarning', 'single');
238:             $today = floor(time() / 86400);
239:             $warnday = $shadowlastchange + $shadowmax - $shadowwarning;
240:             $toexpire = $shadowlastchange + $shadowmax - $today;
241: 
242:             if ($today >= $warnday) {
243:                 return sprintf(_("%d days until your password expires."), $toexpire);
244:             }
245:         } catch (Horde_Ldap_Exception $e) {
246:         }
247: 
248:         return '';
249:     }
250: }
251:
API documentation generated by ApiGen