LDAP Account Manager

account.inc

This provides several helper function for the account modules.

Tags
author

Tilo Lutz

author

Roland Gruber

Interfaces, Classes, Traits and Enums

samba3domain
Represents a Samba 3 domain entry
moduleCache
Caches module objects.
LAMException
LAM exception with title and message.

Table of Contents

array_delete()  : array<string|int, mixed>
This function will return all values from $array without values of $values.
in_array_ignore_case()  : mixed
Checks if a string exists in an array, ignoring case.
getdays()  : number
This function will return the days from 1.1.1970 until now.
smbflag()  : string
Takes a list of Samba flags and creates the corresponding flag string.
ntPassword()  : string
Generates the NT hash of a password.
pwd_hash()  : string
Returns the hash value of a plain text password.
getHashType()  : string
Returns the hash type of the given password hash.
getSupportedHashTypes()  : array<string|int, mixed>
Returns the list of supported hash types (e.g. SSHA).
generateSalt()  : string
Calculates a password salt of the given length.
pwd_enable()  : string
Marks an password hash as enabled and returns the new hash string
pwd_disable()  : string
Marks an password hash as disabled and returns the new hash string
pwd_is_lockable()  : bool
Checks if a Unix password can be locked.
pwd_is_enabled()  : bool
Checks if a password hash is enabled/disabled
generateRandomPassword()  : string
Generates a random password with 14 digits by default.
generateRandomText()  : string
Generates a random text with 20 letters by default.
checkPasswordHash()  : bool
Checks if the given password matches the crypto hash.
getNumberOfCharacterClasses()  : int
Returns the number of character classes in a password.
search_domains()  : array<string|int, mixed>
Returns an array with all Samba 3 domain entries under the given suffix
get_preg()  : bool
Checks if a given value matches the selected regular expression.
convertCommaEscaping()  : string
Converts the comma escaping from Windows to OpenLDAP style.
connectToLDAP()  : mixed
Connects to an LDAP server using the given URL.
searchLDAPByAttribute()  : array<string|int, mixed>
This will search the given LDAP suffix for all entries which have the given attribute.
searchLDAPByFilter()  : array<string|int, mixed>
This will search the given LDAP suffix for all entries which match the given filter.
searchLDAP()  : array<string|int, mixed>
Runs an LDAP search.
getLDAPServerHandle()  : handle
Returns the LDAP server handle.
searchLDAPPaged()  : array<string|int, mixed>
Runs an LDAP search and uses paging if configured.
ldapGetDN()  : array<string|int, mixed>|null
Returns the given DN.
ldapListDN()  : array<string|int, mixed>
Returns the DN and children of a given DN.
deleteDN()  : array<string|int, mixed>
Deletes a DN and all child entries.
copyDnRecursive()  : void
Performs a recursive copy from old DN under target DN.
moveDn()  : void
Moves an LDAP entry.
getLastLDAPError()  : array<string|int, mixed>
Returns the parameters for a StatusMessage of the last LDAP search.
cleanLDAPResult()  : mixed
Cleans the result of an LDAP search.
getAbstractDN()  : string
Transforms a DN into a more user friendly format.
unescapeLdapSpecialCharacters()  : string
Unescapes LDAP special characters for readability.
unescapeLdapSpecialCharactersCallback()  : string
Callback function for unescaping DN.
compareDN()  : int
Helper function to sort DNs.
compareLDAPEntriesByDn()  : int
Helper function to sort LDAP entries by DN.
formatLDAPTimestamp()  : string
Formats an LDAP time string (e.g. from createTimestamp).
parseLDAPTimestamp()  : DateTime
Parses an LDAP time stamp and returns a DateTime in current time zone.
obfuscateText()  : mixed
Simple function to obfuscate strings.
deobfuscateText()  : mixed
Simple function to deobfuscate strings.
isObfuscatedText()  : bool
Checks if the given text is obfuscated.
extractRDNAttribute()  : string
Extracts the RDN attribute name from a given DN.
extractRDNValue()  : string
Extracts the RDN attribute value from a given DN.
extractRDN()  : string|null
Extracts the RDN part of the DN.
extractDNSuffix()  : string
Extracts the DN suffix from a given DN.
testSmtpConnection()  : void
Checks if the SMTP connection with the given settings is fine.
sendPasswordMail()  : array<string|int, mixed>
Sends the password mail.
sendEMail()  : mixed
Sends out an email.
isCommandlineSafeEmailAddress()  : bool
Checks if an email address is safe for use on commandline
getRandomNumber()  : int
Returns a random number.
getLDAPSSLCertificate()  : mixed
Connects to the LDAP server and extracts the certificates.
getExtendedLDAPErrorMessage()  : string
Returns the extended LDAP error message if any.
getDefaultLDAPErrorString()  : string
Returns the default error message to display on the web page.
ldapIsPasswordExpired()  : bool
Returns if the last LDAP error was due to expired password or forced password change (AD only).
getExtraInvalidCredentialsMessage()  : string
Tries to get additional information why invalid credentials was returned. E.g. account is locked.
getCallingURL()  : string
Returns the URL under which the page was loaded.
getTimeZoneOffsetHours()  : int
Returns the offset in hours from configured time zone to GMT.
getTimeZone()  : DateTimeZone
Returns the configured time zone.
getFormattedTime()  : mixed
Returns the current time in formatted form.
formatSecondsToShortFormat()  : string
Formats a number of seconds to a more human readable format with minutes, hours, etc.
unformatShortFormatToSeconds()  : int
Unformats text like 1m10s back to number of seconds.
enforceUserIsLoggedIn()  : mixed
Checks if the user is logged in. Stops script execution if not.
printHeaderContents()  : mixed
Prints the content of the header part.
printJsIncludes()  : mixed
Prints script tags for all LAM JS files.
convertUtf8ToUtf16Le()  : mixed
Converts an UTF-8 string to UTF16LE.
getLAMVersionText()  : string
Returns the text with LAM and its version for header area.
isDeveloperVersion()  : bool
Returns if the given release is a developer version.

Functions

array_delete()

This function will return all values from $array without values of $values.

array_delete(array<string|int, mixed> $values, array<string|int, mixed> $array) : array<string|int, mixed>
Parameters
$values : array<string|int, mixed>

list of values which should be removed

$array : array<string|int, mixed>

list of original values

Return values
array<string|int, mixed>

list of remaining values

in_array_ignore_case()

Checks if a string exists in an array, ignoring case.

in_array_ignore_case(string $needle, array<string|int, mixed> $haystack) : mixed
Parameters
$needle : string

search string

$haystack : array<string|int, mixed>

array

Return values
mixed

getdays()

This function will return the days from 1.1.1970 until now.

getdays() : number
Return values
number

of days

smbflag()

Takes a list of Samba flags and creates the corresponding flag string.

smbflag(array<string|int, mixed> $input) : string
Parameters
$input : array<string|int, mixed>

is an array of Samba flags (e.g. X or D)

Return values
string

Samba flag string

ntPassword()

Generates the NT hash of a password.

ntPassword(mixed $password) : string
Parameters
$password : mixed
Return values
string

password hash

pwd_hash()

Returns the hash value of a plain text password.

pwd_hash(string $password[, bool $enabled = true ][, string $hashType = 'SSHA' ]) : string
Parameters
$password : string

the password string

$enabled : bool = true

marks the hash as enabled/disabled (e.g. by prefixing "!")

$hashType : string = 'SSHA'

password hash type (CRYPT, CRYPT-SHA512, SHA, SSHA, MD5, SMD5, PLAIN, K5KEY)

Tags
see
getSupportedHashTypes()
Return values
string

the password hash

getHashType()

Returns the hash type of the given password hash.

getHashType(string|null $hash) : string

This will return PLAIN if no supported hash type was found.

Parameters
$hash : string|null

password hash

Return values
string

type (e.g. SSHA)

getSupportedHashTypes()

Returns the list of supported hash types (e.g. SSHA).

getSupportedHashTypes() : array<string|int, mixed>
Return values
array<string|int, mixed>

hash types

generateSalt()

Calculates a password salt of the given length.

generateSalt(int $len) : string
Parameters
$len : int

salt length

Return values
string

the salt string

pwd_enable()

Marks an password hash as enabled and returns the new hash string

pwd_enable(string $hash) : string
Parameters
$hash : string

hash value to enable

Return values
string

enabled password hash

pwd_disable()

Marks an password hash as disabled and returns the new hash string

pwd_disable(string $hash) : string
Parameters
$hash : string

hash value to disable

Return values
string

disabled hash value

pwd_is_lockable()

Checks if a Unix password can be locked.

pwd_is_lockable(string $password) : bool

This checks if the password is not plain text but e.g. contains {SSHA}.

Parameters
$password : string

password value

Return values
bool

can be locked

pwd_is_enabled()

Checks if a password hash is enabled/disabled

pwd_is_enabled(string $hash) : bool
Parameters
$hash : string

password hash to check

Return values
bool

true if the password is marked as enabled

generateRandomPassword()

Generates a random password with 14 digits by default.

generateRandomPassword([int $length = 14 ][, bool $checkStrength = true ]) : string
Parameters
$length : int = 14

length of password (defaults to 14)

$checkStrength : bool = true

check if password matches the policy

Return values
string

password

generateRandomText()

Generates a random text with 20 letters by default.

generateRandomText([int $length = 20 ]) : string
Parameters
$length : int = 20

length of password (defaults to 20)

Return values
string

text

checkPasswordHash()

Checks if the given password matches the crypto hash.

checkPasswordHash(mixed $type, string $hash, string $password) : bool
Parameters
$type : mixed
$hash : string

password hash value

$password : string

plain text password to check

Tags
see
getSupportedHashTypes()
Return values
bool

hash matches

getNumberOfCharacterClasses()

Returns the number of character classes in a password.

getNumberOfCharacterClasses(string $password) : int
Parameters
$password : string

password

Return values
int

number of classes

search_domains()

Returns an array with all Samba 3 domain entries under the given suffix

search_domains([mixed $server = null ][, string $suffix = null ]) : array<string|int, mixed>
Parameters
$server : mixed = null
$suffix : string = null

LDAP suffix to search (if null then $_SESSION['config']->get_Suffix('smbDomain') is used)

Return values
array<string|int, mixed>

list of samba3domain objects

get_preg()

Checks if a given value matches the selected regular expression.

get_preg(string $argument, string $regexp) : bool
Parameters
$argument : string

value to check

$regexp : string

pattern name

Return values
bool

true if matches, otherwise false

convertCommaEscaping()

Converts the comma escaping from Windows to OpenLDAP style.

convertCommaEscaping(string $dn) : string
Parameters
$dn : string

DN

Return values
string

DN

connectToLDAP()

Connects to an LDAP server using the given URL.

connectToLDAP(string $serverURL, mixed $startTLS) : mixed
Parameters
$serverURL : string

URL

$startTLS : mixed
Return values
mixed

searchLDAPByAttribute()

This will search the given LDAP suffix for all entries which have the given attribute.

searchLDAPByAttribute(string $name, string $value, string $objectClass, array<string|int, mixed> $attributes, array<string|int, mixed> $scopes) : array<string|int, mixed>
Parameters
$name : string

attribute name (may be null)

$value : string

attribute value

$objectClass : string

object class (may be null)

$attributes : array<string|int, mixed>

list of attributes to return

$scopes : array<string|int, mixed>

account types

Return values
array<string|int, mixed>

list of found entries

searchLDAPByFilter()

This will search the given LDAP suffix for all entries which match the given filter.

searchLDAPByFilter(string $filter, array<string|int, mixed> $attributes, array<string|int, mixed> $scopes[, bool $attrsOnly = false ]) : array<string|int, mixed>
Parameters
$filter : string
$attributes : array<string|int, mixed>

list of attributes to return

$scopes : array<string|int, mixed>

account types

$attrsOnly : bool = false

get only attributes but no values (default: false)

Return values
array<string|int, mixed>

list of found entries

searchLDAP()

Runs an LDAP search.

searchLDAP(string $suffix, string $filter, array<string|int, mixed> $attributes[, int $limit = -1 ]) : array<string|int, mixed>
Parameters
$suffix : string

LDAP suffix

$filter : string

filter

$attributes : array<string|int, mixed>

list of attributes to return

$limit : int = -1

result limit

Return values
array<string|int, mixed>

list of found entries

getLDAPServerHandle()

Returns the LDAP server handle.

getLDAPServerHandle() : handle
Return values
handle

LDAP handle

searchLDAPPaged()

Runs an LDAP search and uses paging if configured.

searchLDAPPaged(handle $server, string $dn, string $filter, array<string|int, mixed> $attributes, bool $attrsOnly, int $limit) : array<string|int, mixed>
Parameters
$server : handle

LDAP connection handle

$dn : string

DN

$filter : string

filter

$attributes : array<string|int, mixed>

attribute list

$attrsOnly : bool

return only attribute names

$limit : int

size limit

Return values
array<string|int, mixed>

results

ldapGetDN()

Returns the given DN.

ldapGetDN(string $dn[, array<string|int, mixed> $attributes = array('dn') ][, handle $handle = null ]) : array<string|int, mixed>|null
Parameters
$dn : string

DN

$attributes : array<string|int, mixed> = array('dn')

list of attributes to fetch

$handle : handle = null

LDAP handle (optional for admin interface pages)

Return values
array<string|int, mixed>|null

attributes or null if not found

ldapListDN()

Returns the DN and children of a given DN.

ldapListDN(string $dn[, string $filter = '(objectclass=*)' ][, array<string|int, mixed> $attributes = array('dn') ][, handle $handle = null ][, int $limit = -1 ]) : array<string|int, mixed>
Parameters
$dn : string

DN

$filter : string = '(objectclass=*)'

LDAP filter

$attributes : array<string|int, mixed> = array('dn')

list of attributes to fetch

$handle : handle = null

LDAP handle (optional for admin interface pages)

$limit : int = -1

result limit

Return values
array<string|int, mixed>

attributes or null if not found

deleteDN()

Deletes a DN and all child entries.

deleteDN(string $dn, bool $recursive) : array<string|int, mixed>
Parameters
$dn : string

DN to delete

$recursive : bool

recursive delete also child entries

Return values
array<string|int, mixed>

error messages

copyDnRecursive()

Performs a recursive copy from old DN under target DN.

copyDnRecursive(string $oldDn, string $targetDn) : void
Parameters
$oldDn : string

old DN to copy

$targetDn : string

copy nodes under this DN

Tags
throws
LAMException

error on copy

Return values
void

moveDn()

Moves an LDAP entry.

moveDn(string $oldDn, string $targetDn) : void
Parameters
$oldDn : string

old DN

$targetDn : string

target container DN

Tags
throws
LAMException

error during move

Return values
void

getLastLDAPError()

Returns the parameters for a StatusMessage of the last LDAP search.

getLastLDAPError() : array<string|int, mixed>
Return values
array<string|int, mixed>

parameters for StatusMessage or null if all was ok

cleanLDAPResult()

Cleans the result of an LDAP search.

cleanLDAPResult(array<string|int, mixed> &$entries) : mixed

This will remove all 'count' entries and also all numeric array keys.

Parameters
$entries : array<string|int, mixed>

LDAP entries in format $entries[entry number][attribute name][attribute values]

Return values
mixed

getAbstractDN()

Transforms a DN into a more user friendly format.

getAbstractDN(string $dn) : string

E.g. "dc=company,dc=de" is transformed to "company > de".

Parameters
$dn : string

DN

Return values
string

transformed DN

unescapeLdapSpecialCharacters()

Unescapes LDAP special characters for readability.

unescapeLdapSpecialCharacters(string $dn) : string
Parameters
$dn : string

escaped DN

Return values
string

unescaped DN

unescapeLdapSpecialCharactersCallback()

Callback function for unescaping DN.

unescapeLdapSpecialCharactersCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>

HEX value that was found

Return values
string

unescaped string

compareDN()

Helper function to sort DNs.

compareDN(string $a, string $b) : int
Parameters
$a : string

first argument to compare

$b : string

second argument to compare

Return values
int

0 if equal, 1 if $a is greater, -1 if $b is greater

compareLDAPEntriesByDn()

Helper function to sort LDAP entries by DN.

compareLDAPEntriesByDn(array<string|int, mixed> $a, array<string|int, mixed> $b) : int
Parameters
$a : array<string|int, mixed>

first argument to compare

$b : array<string|int, mixed>

second argument to compare

Return values
int

0 if equal, 1 if $a is greater, -1 if $b is greater

formatLDAPTimestamp()

Formats an LDAP time string (e.g. from createTimestamp).

formatLDAPTimestamp(string $time) : string
Parameters
$time : string

LDAP time value

Return values
string

formatted time

parseLDAPTimestamp()

Parses an LDAP time stamp and returns a DateTime in current time zone.

parseLDAPTimestamp(string $time) : DateTime
Parameters
$time : string

LDAP time value

Return values
DateTime

time

obfuscateText()

Simple function to obfuscate strings.

obfuscateText(string $text) : mixed
Parameters
$text : string

text to obfuscate

Return values
mixed

deobfuscateText()

Simple function to deobfuscate strings.

deobfuscateText(string $text) : mixed
Parameters
$text : string

text to deobfuscate

Return values
mixed

isObfuscatedText()

Checks if the given text is obfuscated.

isObfuscatedText(string $text) : bool
Parameters
$text : string

text to check

Return values
bool

obfuscated or not

extractRDNAttribute()

Extracts the RDN attribute name from a given DN.

extractRDNAttribute(string $dn) : string
Parameters
$dn : string

DN

Return values
string

RDN attribute name

extractRDNValue()

Extracts the RDN attribute value from a given DN.

extractRDNValue(string $dn) : string
Parameters
$dn : string

DN

Return values
string

RDN attribute value

extractRDN()

Extracts the RDN part of the DN.

extractRDN(string|null $dn) : string|null
Parameters
$dn : string|null

DN

Return values
string|null

RDN part

extractDNSuffix()

Extracts the DN suffix from a given DN.

extractDNSuffix(string $dn) : string

E.g. ou=people,dc=test,dc=com will result in dc=test,dc=com.

Parameters
$dn : string

DN

Return values
string

DN suffix

testSmtpConnection()

Checks if the SMTP connection with the given settings is fine.

testSmtpConnection(string $server, string $user, string $password, string $encryption) : void
Parameters
$server : string

SMTP server

$user : string

user name

$password : string

password

$encryption : string

encryption type

Tags
throws
LAMException

error during SMTP connection

Return values
void

sendPasswordMail()

Sends the password mail.

sendPasswordMail(string $pwd, array<string|int, mixed> $user[, string $recipient = null ]) : array<string|int, mixed>
Parameters
$pwd : string

new password

$user : array<string|int, mixed>

LDAP attributes of user

$recipient : string = null

recipient address (optional, $user['mail'][0] used by default)

Return values
array<string|int, mixed>

list of arrays that can be used to create status messages

sendEMail()

Sends out an email.

sendEMail(string|array<string|int, mixed> $to, string $subject, string $text, string $from, bool $isHTML[, string $replyTo = null ][, string $cc = null ][, string $bcc = null ]) : mixed
Parameters
$to : string|array<string|int, mixed>

TO address

$subject : string

email subject

$text : string

mail body (with \r\n EOL)

$from : string

FROM address

$isHTML : bool

HTML format

$replyTo : string = null

REPLY-TO address (optional)

$cc : string = null

CC address (optional)

$bcc : string = null

BCC address (optional)

Return values
mixed

isCommandlineSafeEmailAddress()

Checks if an email address is safe for use on commandline

isCommandlineSafeEmailAddress( $address) : bool
Parameters
$address :

email address

Return values
bool

is safe

getRandomNumber()

Returns a random number.

getRandomNumber() : int
Return values
int

random number

getLDAPSSLCertificate()

Connects to the LDAP server and extracts the certificates.

getLDAPSSLCertificate(string $server, string $port) : mixed
Parameters
$server : string

server name

$port : string

server port

Return values
mixed

false on error and certificate if extracted successfully

getExtendedLDAPErrorMessage()

Returns the extended LDAP error message if any.

getExtendedLDAPErrorMessage(handle $server) : string
Parameters
$server : handle

LDAP server handle

Return values
string

error message

getDefaultLDAPErrorString()

Returns the default error message to display on the web page.

getDefaultLDAPErrorString(handle $server) : string

HTML special characters are already escaped.

Parameters
$server : handle

LDAP server handle

Return values
string

error message

ldapIsPasswordExpired()

Returns if the last LDAP error was due to expired password or forced password change (AD only).

ldapIsPasswordExpired( $server) : bool
Parameters
$server :

LDAP handle

Return values
bool

password expired

getExtraInvalidCredentialsMessage()

Tries to get additional information why invalid credentials was returned. E.g. account is locked.

getExtraInvalidCredentialsMessage(handle $ldap, string $userDn) : string
Parameters
$ldap : handle

LDAP object to connect for getting extra data

$userDn : string

failed DN

Return values
string

extra message

getCallingURL()

Returns the URL under which the page was loaded.

getCallingURL([ $baseUrl = '' ]) : string

This includes any GET parameters set.

Parameters
$baseUrl : = ''

base URL (e.g. http://www.example.com)

Return values
string

URL

getTimeZoneOffsetHours()

Returns the offset in hours from configured time zone to GMT.

getTimeZoneOffsetHours() : int
Return values
int

offset

getTimeZone()

Returns the configured time zone.

getTimeZone() : DateTimeZone
Return values
DateTimeZone

time zone

getFormattedTime()

Returns the current time in formatted form.

getFormattedTime(unknown $format) : mixed
Parameters
$format : unknown

format to use (e.g. 'Y-m-d H:i:s')

Return values
mixed

formatSecondsToShortFormat()

Formats a number of seconds to a more human readable format with minutes, hours, etc.

formatSecondsToShortFormat(int $numSeconds) : string

E.g. 70 seconds will return 1m10s.

Parameters
$numSeconds : int

number of seconds

Return values
string

formatted number

unformatShortFormatToSeconds()

Unformats text like 1m10s back to number of seconds.

unformatShortFormatToSeconds(string $text) : int
Parameters
$text : string

formatted text

Return values
int

number of seconds

enforceUserIsLoggedIn()

Checks if the user is logged in. Stops script execution if not.

enforceUserIsLoggedIn([bool $check2ndFactor = true ]) : mixed
Parameters
$check2ndFactor : bool = true

check if the 2nd factor was provided if required

Return values
mixed

printHeaderContents()

Prints the content of the header part.

printHeaderContents(string $title, string $prefix) : mixed
Parameters
$title : string

page title

$prefix : string

prefix to LAM main folder (e.g. "..")

Return values
mixed

printJsIncludes()

Prints script tags for all LAM JS files.

printJsIncludes(string $prefix) : mixed
Parameters
$prefix : string

prefix to LAM main folder (e.g. "..")

Return values
mixed

convertUtf8ToUtf16Le()

Converts an UTF-8 string to UTF16LE.

convertUtf8ToUtf16Le(string $input) : mixed
Parameters
$input : string

UTF-8 value

Return values
mixed

getLAMVersionText()

Returns the text with LAM and its version for header area.

getLAMVersionText() : string
Return values
string

LAM version text

isDeveloperVersion()

Returns if the given release is a developer version.

isDeveloperVersion(mixed $version) : bool
Parameters
$version : mixed
Return values
bool

is developer version

Search results