From 61b23f530bfdefc13b8fd4b7acb3792eaadaffe7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 28 Nov 2007 22:49:35 +0000 Subject: [PATCH] Suppression des TODO/FIXME Suppression code obsolete --- htdocs/lib/ldap.class.php | 135 +------------------------------------- 1 file changed, 1 insertion(+), 134 deletions(-) diff --git a/htdocs/lib/ldap.class.php b/htdocs/lib/ldap.class.php index 5420dc9ebae..5bbc08e7386 100644 --- a/htdocs/lib/ldap.class.php +++ b/htdocs/lib/ldap.class.php @@ -20,7 +20,6 @@ * or see http://www.gnu.org/ * * $Id$ - * $Source$ */ @@ -425,10 +424,8 @@ class Ldap } - // 2.2 Password methods ------------------------------------------------------ - /** - * 2.2.1 : Checks a username and password - does this by logging on to the + * Checks a username and password - does this by logging on to the * server as a user - specified in the DN. There are several reasons why * this login could fail - these are listed below. */ @@ -463,136 +460,6 @@ class Ldap } - /** - * 2.2.2 : Allows a password to be changed. Note that on most LDAP servers, - * a new ACL must be defined giving users the ability to modify their - * password attribute (userPassword). Otherwise this will fail. - */ - function changePass($uname,$oldPass,$newPass) - { - // builds the appropriate dn, based on whether $this->people and/or $this->group is set - if ($this->serverType == "activedirectory") { - $checkDn = "$uname@$this->domain"; - } else { - $checkDn = $this->getUserIdentifier() . "=$uname, " . $this->setDn(true); - } - $this->result = @ldap_bind( $this->connection,$checkDn,$oldPass); - - if ( $this->result) { - // Connected OK - Now modify the password... - $info["userPassword"] = $newPass; - $this->result = @ldap_modify( $this->connection, $checkDn, $info); - if ( $this->result) { - // Change went OK - return true; - } else { - // Couldn't change password... - $this->ldapErrorCode = ldap_errno( $this->connection); - $this->ldapErrorText = ldap_error( $this->connection); - return false; - } - } else { - // Login failed - see checkPass method for common error codes - $this->ldapErrorCode = ldap_errno( $this->connection); - $this->ldapErrorText = ldap_error( $this->connection); - return false; - } - } - - - /** - * 2.2.3 : Returns days until the password will expire. - * We have to explicitly state this is what we want returned from the - * LDAP server - by default, it will only send back the "basic" - * attributes. - */ - function checkPassAge ( $uname) - { - $results[0] = "passwordexpirationtime"; - // builds the appropriate dn, based on whether $this->people and/or $this->group is set - $checkDn = $this->setDn(true); - $this->result = @ldap_search( $this->connection,$checkDn,$this->getUserIdentifier()."=$uname",$results); - - if ( !$info=@ldap_get_entries( $this->connection, $this->result)) { - $this->ldapErrorCode = ldap_errno( $this->connection); - $this->ldapErrorText = ldap_error( $this->connection); - return false; - } else { - /* Now work out how many days remaining.... - ** Yes, it's very verbose code but I left it like this so it can easily - ** be modified for your needs. - */ - $date = $info[0]["passwordexpirationtime"][0]; - $year = substr( $date,0,4); - $month = substr( $date,4,2); - $day = substr( $date,6,2); - $hour = substr( $date,8,2); - $min = substr( $date,10,2); - $sec = substr( $date,12,2); - - $timestamp = mktime( $hour,$min,$sec,$month,$day,$year); - $today = mktime(); - $diff = $timestamp-$today; - return round( ( ( ( $diff/60)/60)/24)); - } - } - - // 2.3 Group methods --------------------------------------------------------- - - /** - * 2.3.1 : Checks to see if a user is in a given group. If so, it returns - * true, and returns false if the user isn't in the group, or any other - * error occurs (eg:- no such user, no group by that name etc.) - */ - function checkGroup ( $uname,$group) - { - // builds the appropriate dn, based on whether $this->people and/or $this->group is set - $checkDn = $this->setDn(false); - - // We need to search for the group in order to get it's entry. - $this->result = @ldap_search( $this->connection, $checkDn, "cn=" .$group); - $info = @ldap_get_entries( $this->connection, $this->result); - - // Only one entry should be returned(no groups will have the same name) - $entry = ldap_first_entry( $this->connection,$this->result); - - if ( !$entry) { - $this->ldapErrorCode = ldap_errno( $this->connection); - $this->ldapErrorText = ldap_error( $this->connection); - return false; // Couldn't find the group... - } - // Get all the member DNs - if ( !$values = @ldap_get_values( $this->connection, $entry, "uniqueMember")) { - $this->ldapErrorCode = ldap_errno( $this->connection); - $this->ldapErrorText = ldap_error( $this->connection); - return false; // No users in the group - } - - foreach ( $values as $key => $value) { - /* Loop through all members - see if the uname is there... - ** Also check for sub-groups - this allows us to define a group as - ** having membership of another group. - ** FIXME:- This is pretty ugly code and unoptimised. It takes ages - ** to search if you have sub-groups. - */ - list( $cn,$ou) = explode( ",",$value); - list( $ou_l,$ou_r) = explode( "=",$ou); - - if ( $this->groups==$ou_r) { - list( $cn_l,$cn_r) = explode( "=",$cn); - // OK, So we now check the sub-group... - if ( $this->checkGroup ( $uname,$cn_r)) { - return true; - } - } - - if ( preg_match( "/$uname/i",$value)) { - return true; - } - } - } - - /* * \brief Add a LDAP entry * \param dn DN entry key