LDAP Account Manager

API Documentation

Namespaces

LAM

Interfaces, Classes, Traits and Enums

ServerProfilePersistenceStrategy
Interface to store server profiles.
passwordService
This interface needs to be implemented by all account modules which manage passwords.
AccountStatusProvider
Provides module information about the status of an LDAP account.
SelfServicePersistenceStrategy
Interface for self service profile persistence.
SelfServiceLoginHandler
Login handler for self service
samba3domain
Represents a Samba 3 domain entry
moduleCache
Caches module objects.
LAMException
LAM exception with title and message.
baseModule
Parent class of all account modules.
baseType
This is the parent class of all account types.
LAMLanguage
Represents a supported language.
ServerProfilePersistenceManager
Manages the persistence of server profiles.
ServerProfilePersistenceStrategyFiles
Uses local file system to store server profiles.
ServerProfilePersistenceStrategyPdo
Stores server profiles in a database.
LAMConfig
This class manages conf files.
LAMCfgMain
This class manages config.cfg.
htmlElement
Represents a HTML element.
htmlTable
Structures elements using a table.
htmlDataTable
Table component for client-side controlled data tables.
htmlDataTableColumn
Column for data table.
htmlInputField
A standard input field.
htmlHelpLink
Renders a help link.
htmlButton
Simple button.
htmlAccountPageButton
Prints a button for the account pages.
htmlSelect
Represents a select box.
htmlRadio
Represents a radio selection.
htmlOutputText
Prints the text and escapes contained HTML code by default.
htmlInputCheckbox
Prints the HTML code for a checkbox.
htmlInputFileUpload
Prints the HTML code for a file upload field.
htmlInputTextarea
Prints the HTML code for a textarea.
htmlInputColorPicker
Prints the HTML code for a color picker field.
htmlResponsiveInputColorPicker
Color picker with descriptive label and help link.
htmlImage
Prints the HTML code for an image.
htmlSpacer
Adds an empty space with given width and height.
htmlStatusMessage
Prints a status message (e.g. error message).
htmlTitle
Generates a title line. This is used for page titles.
htmlSubTitle
Generates a subtitle line. This is used to group multiple fields.
htmlHiddenInput
Generates a hidden input field.
htmlLink
Generates a link.
htmlContentLink
Generates a link around a htmlElement.
htmlGroup
Groups multiple htmlElements.
htmlHorizontalLine
Prints a horizontal line.
htmlDiv
Creates a simple DIV element.
htmlSpan
Creates a simple SPAN element.
htmlJavaScript
Creates a JavaScript element.
htmlIframe
Creates a iframe element.
htmlScript
Creates a Script element to integrate external JavaScript files.
htmlLinkCss
Creates a link element to integrate external CSS files.
htmlSortableList
Creates a list of elements that can be sorted by the user via drag'n'drop.
htmlAccordion
Creates a list of content elements in accordion style.
htmlResponsiveRow
Responsive row with 12 column layout.
htmlResponsiveCell
Responsive cell inside htmlResponsiveRow with 12 column layout.
htmlResponsiveInputField
A responsive input field that combines label, input field and help.
htmlResponsiveInputFileUpload
File upload with descriptive label and help link.
htmlResponsiveInputTextarea
Responsive text area with label and help link.
htmlResponsiveSelect
Responsive select with label and help link.
htmlResponsiveRadio
Responsive select with label and help link.
htmlResponsiveInputCheckbox
Responsive checkbox with descriptive label and help link.
htmlResponsiveTable
Responsive table.
htmlCanvas
Renders a canvas.
htmlVideo
Renders a video.
htmlForm
Creates a form element for POST.
htmlList
Represents a (un)ordered list.
htmlLabel
Represents a label.
htmlProgressbar
Represents a progress bar.
Ldap
Ldap manages connection to LDAP and includes several helper functions.
lamList
Generates the list view.
lamListTool
Represents a tool which can be included in the account lists.
lamListOption
Represents a list configuration option.
lamBooleanListOption
Boolean option for list configuration.
lamSelectListOption
Boolean option for list configuration.
account
Manages the object class "account" for users and hosts.
asteriskAccount
Manages the Asterisk extension of user accounts.
asteriskExtension
Manages Asterisk extensions.
asteriskVoicemail
Manages the Asterisk extension of user accounts.
authorizedServiceObject
Provides Authorized Service for accounts.
courierMailAccount
Courier mail extension for users.
courierMailAlias
Enable the account for Courier Mail Service Aliases
ddns
Manages DDNS entries.
dhcp_settings
Manages DHCP entries.
eduPerson
Manages the eduPerson extension for user accounts.
fixed_ip
Manages DHCP host entries.
freeRadius
Manages FreeRadius accounts.
FreeRadiusAccountExpirationCleanupJob
Job to delete or move users on account expiration.
FreeRadiusAccountExpirationNotifyJob
Job to notify users about account expiration.
generalInformation
Shows general information like the creation time of an account.
hostObject
Manages the hosts to which a user may login.
ieee802device
Provides MAC addresses for hosts.
imapAccess
Manages mailboxes on an IMAP server.
inetLocalMailRecipient
Provides mail routing for users.
inetOrgPerson
This module manages LDAP attributes of the object class inetOrgPerson (e.g. name and address).
kolabGroup
Manages Kolab group accounts.
kolabSharedFolder
Manages Kolab shared folders.
kolabUser
Manages Kolab user accounts.
ldapPublicKey
Manages SSH public keys.
nisMailAlias
Provides NIS mail alias management.
nisMailAliasUser
Provides NIS mail alias management.
nisnetgroup
Manages entries based on the object class nisNetgroup.
nisNetGroupHost
Manages memberships in NIS net groups.
nisNetGroupUser
Manages memberships in NIS net groups.
posixAccount
Manages the object class "posixAccount" for users and hosts.
posixGroup
Manages the object class "posixGroup" for groups.
puppetClient
Manages Puppet configuration options.
pykotaBillingCode
Manages PyKota billing codes.
pykotaGroup
Manages PyKota group accounts.
pykotaGroupStructural
Manages PyKota group accounts.
pykotaPrinter
Manages PyKota printers.
pykotaUser
Manages PyKota user accounts.
pykotaUserStructural
Manages PyKota user accounts.
quota
Manages quotas for users and groups.
range
Manages DHCP ranges for DHCP server.
sambaDomain
Manages Samba 3 domain entries.
sambaGroupMapping
Manages the object class "sambaGroupMapping" for groups.
sambaMungedDial
Manages terminal server settings for Samba 3.
sambaSamAccount
Manages the object class "sambaSamAccount" for users and hosts.
shadowAccount
Manages the object class "shadowAccount" for users.
ShadowAccountPasswordNotifyJob
Job to notify users about password expiration.
ShadowAccountExpirationNotifyJob
Job to notify users about account expiration.
ShadowAccountExpirationCleanupJob
Job to delete or move users on account expiration.
systemQuotas
Manages user quotas with the object class systemQuotas.
windowsGroup
Manages Windows AD (e.g. Samba 4) groups.
windowsHost
Manages Windows AD (e.g. Samba 4) hosts.
windowsPosixGroup
Manages Unix groups in Windows LDAP schema.
windowsUser
Manages Windows AD (e.g. Samba 4) users.
WindowsPasswordNotifyJob
Job to notify users about password expiration.
WindowsManagedGroupsNotifyJob
Job to notify users about their managed groups.
WindowsAccountExpirationNotifyJob
Job to notify users about account expiration.
WindowsAccountExpirationCleanupJob
Job to delete or move users on account expiration.
yubiKeyUser
Manages YubiKey keys.
accountContainer
This class includes all modules and attributes of an account.
PasswordQuickChangeOption
Option for the password quick change page.
AccountStatus
Provides the complete information about the status of an LDAP account.
AccountStatusDetails
ScopeAndModuleValidation
Validation of scope and module names.
LamTemporaryFilesManager
Manages temporary files.
SelfServicePersistence
Manages reading and writing self service profiles.
SelfServicePersistenceStrategyFileSystem
Uses local file system for storing self service profiles.
SelfServicePersistenceStrategyPdo
Uses PDO for storing self service profiles.
selfServiceProfile
Includes all settings of a self service profile.
SelfServiceLdapConnection
LDAP connection for self service.
SelfServiceUserPasswordLoginHandler
Performs login with user and password.
SelfServiceHttpAuthLoginHandler
Performs login with HTTP authentication.
SelfService2FaLoginHandler
Performs login with pure 2FA.
LAMTool
Represents a tool.
LAMSubTool
Represents a subtool.
asteriskExt
The account type for Asterisk extensions.
lamAsteriskExtList
Generates the list view.
dhcp
The account type for DHCP
lamDHCPList
Generates the list view.
group
The account type for group accounts (e.g. Unix and Samba).
lamGroupList
Generates the list view.
host
The account type for host accounts (e.g. Samba).
lamHostList
Generates the list view.
kolabSharedFolderType
The account type for Kolab shared folders.
kolabSharedFolderTypeList
Generates the list view.
mailAlias
The account type for mail aliases.
lamMailAliasList
Generates the list view.
netgroup
The account type for NIS netgroups.
lamNetgroupList
Generates the list view.
pykotaBillingCodeType
The account type for PyKota billing codes.
lamPykotaBillingCodeTypeList
Generates the list view.
pykotaPrinterType
The account type for PyKota printers.
lamPykotaPrinterTypeList
Generates the list view.
smbDomain
The account type for Samba domains.
lamSmbDomainList
Generates the list view.
user
The account type for user accounts (e.g. Unix, Samba and Kolab).
lamUserList
Generates the list view.
altSecurityIdentities
Manages SSH public keys on Windows/Samba 4.

Table of Contents

ADD  = 'add'
DEL  = 'del'
LAMPDF_FONT_SIZE  = 7
font size
LAMPDF_FONT_SIZE_BIG  = 10
font size for bigger text
LAMPDF_LABELWIDTH  = 50
width of a label
LAMPDF_LINEHEIGHT  = 5
line height
LAMPDF_LINEWIDTH  = 190
line width
MOD  = 'mod'
SAMBA_MUNGEDDIAL_FILEHEADER  = "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "5000"
File header
SAMBA_MUNGEDDIAL_FILEHEADER_OLD  = "6d000800200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200064000100" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "50001000"
File header for old format.
STAGE_ACTIONS_CALCULATED  = 'actionsCalculated'
STAGE_FINISHED  = 'finished'
STAGE_READ_FINISHED  = 'readFinished'
STAGE_START  = 'start'
STAGE_WRITING  = 'writing'
array_delete()  : array<string|int, mixed>
This function will return all values from $array without values of $values.
in_array_ignore_case()  : mixed
Checks if a string exists in an array, ignoring case.
getdays()  : number
This function will return the days from 1.1.1970 until now.
smbflag()  : string
Takes a list of Samba flags and creates the corresponding flag string.
ntPassword()  : string
Generates the NT hash of a password.
pwd_hash()  : string
Returns the hash value of a plain text password.
getHashType()  : string
Returns the hash type of the given password hash.
getSupportedHashTypes()  : array<string|int, mixed>
Returns the list of supported hash types (e.g. SSHA).
generateSalt()  : string
Calculates a password salt of the given length.
pwd_enable()  : string
Marks an password hash as enabled and returns the new hash string
pwd_disable()  : string
Marks an password hash as disabled and returns the new hash string
pwd_is_lockable()  : bool
Checks if a Unix password can be locked.
pwd_is_enabled()  : bool
Checks if a password hash is enabled/disabled
generateRandomPassword()  : string
Generates a random password with 14 digits by default.
generateRandomText()  : string
Generates a random text with 20 letters by default.
checkPasswordHash()  : bool
Checks if the given password matches the crypto hash.
getNumberOfCharacterClasses()  : int
Returns the number of character classes in a password.
search_domains()  : array<string|int, mixed>
Returns an array with all Samba 3 domain entries under the given suffix
get_preg()  : bool
Checks if a given value matches the selected regular expression.
convertCommaEscaping()  : string
Converts the comma escaping from Windows to OpenLDAP style.
connectToLDAP()  : mixed
Connects to an LDAP server using the given URL.
searchLDAPByAttribute()  : array<string|int, mixed>
This will search the given LDAP suffix for all entries which have the given attribute.
searchLDAPByFilter()  : array<string|int, mixed>
This will search the given LDAP suffix for all entries which match the given filter.
searchLDAP()  : array<string|int, mixed>
Runs an LDAP search.
getLDAPServerHandle()  : handle
Returns the LDAP server handle.
searchLDAPPaged()  : array<string|int, mixed>
Runs an LDAP search and uses paging if configured.
ldapGetDN()  : array<string|int, mixed>|null
Returns the given DN.
ldapListDN()  : array<string|int, mixed>
Returns the DN and children of a given DN.
deleteDN()  : array<string|int, mixed>
Deletes a DN and all child entries.
copyDnRecursive()  : void
Performs a recursive copy from old DN under target DN.
moveDn()  : void
Moves an LDAP entry.
getLastLDAPError()  : array<string|int, mixed>
Returns the parameters for a StatusMessage of the last LDAP search.
cleanLDAPResult()  : mixed
Cleans the result of an LDAP search.
getAbstractDN()  : string
Transforms a DN into a more user friendly format.
unescapeLdapSpecialCharacters()  : string
Unescapes LDAP special characters for readability.
unescapeLdapSpecialCharactersCallback()  : string
Callback function for unescaping DN.
compareDN()  : int
Helper function to sort DNs.
compareLDAPEntriesByDn()  : int
Helper function to sort LDAP entries by DN.
formatLDAPTimestamp()  : string
Formats an LDAP time string (e.g. from createTimestamp).
parseLDAPTimestamp()  : DateTime
Parses an LDAP time stamp and returns a DateTime in current time zone.
obfuscateText()  : mixed
Simple function to obfuscate strings.
deobfuscateText()  : mixed
Simple function to deobfuscate strings.
isObfuscatedText()  : bool
Checks if the given text is obfuscated.
extractRDNAttribute()  : string
Extracts the RDN attribute name from a given DN.
extractRDNValue()  : string
Extracts the RDN attribute value from a given DN.
extractRDN()  : string|null
Extracts the RDN part of the DN.
extractDNSuffix()  : string
Extracts the DN suffix from a given DN.
testSmtpConnection()  : void
Checks if the SMTP connection with the given settings is fine.
sendPasswordMail()  : array<string|int, mixed>
Sends the password mail.
sendEMail()  : mixed
Sends out an email.
isCommandlineSafeEmailAddress()  : bool
Checks if an email address is safe for use on commandline
getRandomNumber()  : int
Returns a random number.
getLDAPSSLCertificate()  : mixed
Connects to the LDAP server and extracts the certificates.
getExtendedLDAPErrorMessage()  : string
Returns the extended LDAP error message if any.
getDefaultLDAPErrorString()  : string
Returns the default error message to display on the web page.
ldapIsPasswordExpired()  : bool
Returns if the last LDAP error was due to expired password or forced password change (AD only).
getExtraInvalidCredentialsMessage()  : string
Tries to get additional information why invalid credentials was returned. E.g. account is locked.
getCallingURL()  : string
Returns the URL under which the page was loaded.
getTimeZoneOffsetHours()  : int
Returns the offset in hours from configured time zone to GMT.
getTimeZone()  : DateTimeZone
Returns the configured time zone.
getFormattedTime()  : mixed
Returns the current time in formatted form.
formatSecondsToShortFormat()  : string
Formats a number of seconds to a more human readable format with minutes, hours, etc.
unformatShortFormatToSeconds()  : int
Unformats text like 1m10s back to number of seconds.
enforceUserIsLoggedIn()  : mixed
Checks if the user is logged in. Stops script execution if not.
printHeaderContents()  : mixed
Prints the content of the header part.
printJsIncludes()  : mixed
Prints script tags for all LAM JS files.
convertUtf8ToUtf16Le()  : mixed
Converts an UTF-8 string to UTF16LE.
getLAMVersionText()  : string
Returns the text with LAM and its version for header area.
isDeveloperVersion()  : bool
Returns if the given release is a developer version.
setSSLCaCert()  : mixed
Sets the environment variables for custom SSL CA certificates.
setlanguage()  : mixed
Sets language settings for automatic translation
checkChmod()  : mixed
Checks whether a specific flag in the rights string is set.
LAMVersion()  : string
Returns the version number of this LAM installation.
extractConfigOptionsFromPOST()  : array<string|int, mixed>
Extracts config options from HTTP POST data.
metaRefresh()  : mixed
Prints a meta refresh page
isAccountTypeHidden()  : bool
Checks if the given account type is hidden.
getLanguages()  : array<string|int, LAMLanguage>
Returns a list of all supported languages.
htmlGetRequiredMarker()  : string
Returns the marker for required values.
htmlGetRequiredMarkerElement()  : htmlSpan
Returns the marker for required values.
check_ip()  : mixed
Checks if the given IP is valid.
getModuleAlias()  : string|null
Returns the alias name of a module
is_base_module()  : bool
Returns true if the module is a base module
get_ldap_filter()  : string
Returns the LDAP filter used by the account lists
getRDNAttributes()  : array<string|int, mixed>
Returns a list of LDAP attributes which can be used to form the RDN.
getModulesDependencies()  : array<string|int, mixed>
Returns a hash array (module name => dependencies) of all module dependencies
check_module_depends()  : mixed
Checks if there are missing dependencies between modules.
check_module_conflicts()  : bool
Checks if there are conflicts between modules
getAvailableModules()  : array<string|int, mixed>
Returns an array with all available user module names
getAllModules()  : array<string|int, baseModule>
Returns an array with all modules.
getProfileOptions()  : array<string|int, mixed>
Returns the elements for the profile page.
checkProfileOptions()  : array<string|int, mixed>
Checks if the profile options are valid
getConfigOptions()  : array<string|int, mixed>
Returns a hash array (module name => elements) of all module options for the configuration page.
checkConfigOptions()  : array<string|int, mixed>
Checks if the configuration options are valid
getHelp()  : array<string|int, mixed>
Returns a help entry from an account module.
getAvailablePDFFields()  : array<string|int, mixed>
Returns a list of available PDF entries.
getUploadColumns()  : array<string|int, mixed>
Returns an array containing all input columns for the file upload.
buildUploadAccounts()  : mixed
This function builds the LDAP accounts for the file upload.
doUploadPreActions()  : array<string|int, mixed>
Runs any actions that need to be done before an LDAP entry is created.
doUploadPostActions()  : array<string|int, mixed>
This function executes one post upload action.
getRequiredExtensions()  : array<string|int, mixed>
Returns true if the module is a base module
parseHtml()  : array<string|int, mixed>
Takes a list of meta-HTML elements and prints the equivalent HTML output.
lamCompareDescriptiveOptions()  : int
Helper function to sort descriptive options in parseHTML().
printHelpLink()  : mixed
Prints a LAM help link.
lam_start_session()  : mixed
Starts a session and sets the cookie options.
lamDefaultCookieOptions()  : array<string|int, mixed>
startSecureSession()  : bool
Starts a session and checks the environment.
isFileBasedSession()  : bool
Returns if the session uses files storage.
checkClientIP()  : mixed
Checks if the client's IP address is on the list of allowed IPs.
logoffAndBackToLoginPage()  : mixed
Logs off the user and displays the login page.
isDebugLoggingEnabled()  : bool
Returns if debug messages are to be logged.
logNewMessage()  : void
Puts a new message in the log file.
checkIfWriteAccessIsAllowed()  : bool
Checks if write access to LDAP is allowed.
checkIfPasswordChangeIsAllowed()  : bool
Checks if passwords may be changed.
checkIfNewEntriesAreAllowed()  : bool
Checks if it is allowed to create new LDAP entries of the given type.
checkIfDeleteEntriesIsAllowed()  : bool
Checks if it is allowed to delete LDAP entries of the given type.
checkPasswordStrength()  : mixed
Checks if the password fulfills the password policies.
checkPwdWithExternalPasswordService()  : bool
Checks the password against the external password service.
checkIfToolIsActive()  : mixed
Checks if the given tool is active.
isLoggedIn()  : bool
Returns if the user is logged in.
getClientIPForLogging()  : string
Returns the client IP and comma separated proxy IPs if any (HTTP_X_FORWARDED_FOR, HTTP_X_REAL_IP).
getLamLdapUser()  : string
Returns the login dn of the current user.
addSecurityTokenToSession()  : void
Adds a security token to the session to prevent CSRF attacks.
validateSecurityToken()  : mixed
Checks if the security token from SESSION matches POST data.
addSecurityTokenToMetaHTML()  : mixed
Adds a hidden input field to the given meta HTML table.
getSecurityTokenName()  : string
Returns the name of the security token parameter.
getSecurityTokenValue()  : string
Returns the value of the security token parameter.
setLAMHeaders()  : mixed
Sets the X-Frame-Options and Content-Security-Policy header to prevent clickjacking.
lamEncrypt()  : object
Encrypts a string
lamDecrypt()  : string
Decrypts a string
lamEncryptionAlgo()  : string
Returns the encryption algorithm to use.
lamLogRemoteMessage()  : mixed
Logs a message to a remote logging service.
isLAMProVersion()  : bool
Returns if this is a LAM Pro installation.
getSelfServiceSearchAttributes()  : array<string|int, mixed>
Returns a list of possible search attributes for the self service.
getSelfServiceFieldSettings()  : array<string|int, mixed>
Returns the field settings for the self service.
getSelfServiceOptions()  : array<string|int, mixed>
Returns meta HTML code for each self service field.
checkSelfServiceOptions()  : array<string|int, mixed>
Checks if all input values are correct and returns the LDAP commands which should be executed.
getSelfServiceSettings()  : array<string|int, mixed>
Returns a hash array (module name => elements) of all module options for the configuration page.
checkSelfServiceSettings()  : array<string|int, mixed>
Checks if the self service settings are valid
isSelfService()  : bool
Returns if script runs inside self service.
openSelfServiceLdapConnection()  : handle
Opens the LDAP connection and returns the handle. No bind is done.
bindLdapUser()  : bool
Binds the LDAP connections with given user and password.
StatusMessage()  : string
This function prints a short status message. It can be used to print INFO, WARN and ERROR messages.
getTools()  : array<string|int, mixed>
Returns the tools which are available for LAM.

Constants

LAMPDF_FONT_SIZE

font size

public mixed LAMPDF_FONT_SIZE = 7

LAMPDF_FONT_SIZE_BIG

font size for bigger text

public mixed LAMPDF_FONT_SIZE_BIG = 10

LAMPDF_LABELWIDTH

width of a label

public mixed LAMPDF_LABELWIDTH = 50

LAMPDF_LINEHEIGHT

line height

public mixed LAMPDF_LINEHEIGHT = 5

LAMPDF_LINEWIDTH

line width

public mixed LAMPDF_LINEWIDTH = 190

SAMBA_MUNGEDDIAL_FILEHEADER

File header

public mixed SAMBA_MUNGEDDIAL_FILEHEADER = "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "5000"

SAMBA_MUNGEDDIAL_FILEHEADER_OLD

File header for old format.

public mixed SAMBA_MUNGEDDIAL_FILEHEADER_OLD = "6d000800200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200064000100" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "50001000"

STAGE_ACTIONS_CALCULATED

public mixed STAGE_ACTIONS_CALCULATED = 'actionsCalculated'

STAGE_FINISHED

public mixed STAGE_FINISHED = 'finished'

STAGE_READ_FINISHED

public mixed STAGE_READ_FINISHED = 'readFinished'

STAGE_START

public mixed STAGE_START = 'start'

STAGE_WRITING

public mixed STAGE_WRITING = 'writing'

Functions

array_delete()

This function will return all values from $array without values of $values.

array_delete(array<string|int, mixed> $values, array<string|int, mixed> $array) : array<string|int, mixed>
Parameters
$values : array<string|int, mixed>

list of values which should be removed

$array : array<string|int, mixed>

list of original values

Return values
array<string|int, mixed>

list of remaining values

in_array_ignore_case()

Checks if a string exists in an array, ignoring case.

in_array_ignore_case(string $needle, array<string|int, mixed> $haystack) : mixed
Parameters
$needle : string

search string

$haystack : array<string|int, mixed>

array

Return values
mixed

getdays()

This function will return the days from 1.1.1970 until now.

getdays() : number
Return values
number

of days

smbflag()

Takes a list of Samba flags and creates the corresponding flag string.

smbflag(array<string|int, mixed> $input) : string
Parameters
$input : array<string|int, mixed>

is an array of Samba flags (e.g. X or D)

Return values
string

Samba flag string

ntPassword()

Generates the NT hash of a password.

ntPassword(mixed $password) : string
Parameters
$password : mixed
Return values
string

password hash

pwd_hash()

Returns the hash value of a plain text password.

pwd_hash(string $password[, bool $enabled = true ][, string $hashType = 'SSHA' ]) : string
Parameters
$password : string

the password string

$enabled : bool = true

marks the hash as enabled/disabled (e.g. by prefixing "!")

$hashType : string = 'SSHA'

password hash type (CRYPT, CRYPT-SHA512, SHA, SSHA, MD5, SMD5, PLAIN, K5KEY)

Tags
see
getSupportedHashTypes()
Return values
string

the password hash

getHashType()

Returns the hash type of the given password hash.

getHashType(string|null $hash) : string

This will return PLAIN if no supported hash type was found.

Parameters
$hash : string|null

password hash

Return values
string

type (e.g. SSHA)

getSupportedHashTypes()

Returns the list of supported hash types (e.g. SSHA).

getSupportedHashTypes() : array<string|int, mixed>
Return values
array<string|int, mixed>

hash types

generateSalt()

Calculates a password salt of the given length.

generateSalt(int $len) : string
Parameters
$len : int

salt length

Return values
string

the salt string

pwd_enable()

Marks an password hash as enabled and returns the new hash string

pwd_enable(string $hash) : string
Parameters
$hash : string

hash value to enable

Return values
string

enabled password hash

pwd_disable()

Marks an password hash as disabled and returns the new hash string

pwd_disable(string $hash) : string
Parameters
$hash : string

hash value to disable

Return values
string

disabled hash value

pwd_is_lockable()

Checks if a Unix password can be locked.

pwd_is_lockable(string $password) : bool

This checks if the password is not plain text but e.g. contains {SSHA}.

Parameters
$password : string

password value

Return values
bool

can be locked

pwd_is_enabled()

Checks if a password hash is enabled/disabled

pwd_is_enabled(string $hash) : bool
Parameters
$hash : string

password hash to check

Return values
bool

true if the password is marked as enabled

generateRandomPassword()

Generates a random password with 14 digits by default.

generateRandomPassword([int $length = 14 ][, bool $checkStrength = true ]) : string
Parameters
$length : int = 14

length of password (defaults to 14)

$checkStrength : bool = true

check if password matches the policy

Return values
string

password

generateRandomText()

Generates a random text with 20 letters by default.

generateRandomText([int $length = 20 ]) : string
Parameters
$length : int = 20

length of password (defaults to 20)

Return values
string

text

checkPasswordHash()

Checks if the given password matches the crypto hash.

checkPasswordHash(mixed $type, string $hash, string $password) : bool
Parameters
$type : mixed
$hash : string

password hash value

$password : string

plain text password to check

Tags
see
getSupportedHashTypes()
Return values
bool

hash matches

getNumberOfCharacterClasses()

Returns the number of character classes in a password.

getNumberOfCharacterClasses(string $password) : int
Parameters
$password : string

password

Return values
int

number of classes

search_domains()

Returns an array with all Samba 3 domain entries under the given suffix

search_domains([mixed $server = null ][, string $suffix = null ]) : array<string|int, mixed>
Parameters
$server : mixed = null
$suffix : string = null

LDAP suffix to search (if null then $_SESSION['config']->get_Suffix('smbDomain') is used)

Return values
array<string|int, mixed>

list of samba3domain objects

get_preg()

Checks if a given value matches the selected regular expression.

get_preg(string $argument, string $regexp) : bool
Parameters
$argument : string

value to check

$regexp : string

pattern name

Return values
bool

true if matches, otherwise false

convertCommaEscaping()

Converts the comma escaping from Windows to OpenLDAP style.

convertCommaEscaping(string $dn) : string
Parameters
$dn : string

DN

Return values
string

DN

connectToLDAP()

Connects to an LDAP server using the given URL.

connectToLDAP(string $serverURL, mixed $startTLS) : mixed
Parameters
$serverURL : string

URL

$startTLS : mixed
Return values
mixed

searchLDAPByAttribute()

This will search the given LDAP suffix for all entries which have the given attribute.

searchLDAPByAttribute(string $name, string $value, string $objectClass, array<string|int, mixed> $attributes, array<string|int, mixed> $scopes) : array<string|int, mixed>
Parameters
$name : string

attribute name (may be null)

$value : string

attribute value

$objectClass : string

object class (may be null)

$attributes : array<string|int, mixed>

list of attributes to return

$scopes : array<string|int, mixed>

account types

Return values
array<string|int, mixed>

list of found entries

searchLDAPByFilter()

This will search the given LDAP suffix for all entries which match the given filter.

searchLDAPByFilter(string $filter, array<string|int, mixed> $attributes, array<string|int, mixed> $scopes[, bool $attrsOnly = false ]) : array<string|int, mixed>
Parameters
$filter : string
$attributes : array<string|int, mixed>

list of attributes to return

$scopes : array<string|int, mixed>

account types

$attrsOnly : bool = false

get only attributes but no values (default: false)

Return values
array<string|int, mixed>

list of found entries

searchLDAP()

Runs an LDAP search.

searchLDAP(string $suffix, string $filter, array<string|int, mixed> $attributes[, int $limit = -1 ]) : array<string|int, mixed>
Parameters
$suffix : string

LDAP suffix

$filter : string

filter

$attributes : array<string|int, mixed>

list of attributes to return

$limit : int = -1

result limit

Return values
array<string|int, mixed>

list of found entries

getLDAPServerHandle()

Returns the LDAP server handle.

getLDAPServerHandle() : handle
Return values
handle

LDAP handle

searchLDAPPaged()

Runs an LDAP search and uses paging if configured.

searchLDAPPaged(handle $server, string $dn, string $filter, array<string|int, mixed> $attributes, bool $attrsOnly, int $limit) : array<string|int, mixed>
Parameters
$server : handle

LDAP connection handle

$dn : string

DN

$filter : string

filter

$attributes : array<string|int, mixed>

attribute list

$attrsOnly : bool

return only attribute names

$limit : int

size limit

Return values
array<string|int, mixed>

results

ldapGetDN()

Returns the given DN.

ldapGetDN(string $dn[, array<string|int, mixed> $attributes = array('dn') ][, handle $handle = null ]) : array<string|int, mixed>|null
Parameters
$dn : string

DN

$attributes : array<string|int, mixed> = array('dn')

list of attributes to fetch

$handle : handle = null

LDAP handle (optional for admin interface pages)

Return values
array<string|int, mixed>|null

attributes or null if not found

ldapListDN()

Returns the DN and children of a given DN.

ldapListDN(string $dn[, string $filter = '(objectclass=*)' ][, array<string|int, mixed> $attributes = array('dn') ][, handle $handle = null ][, int $limit = -1 ]) : array<string|int, mixed>
Parameters
$dn : string

DN

$filter : string = '(objectclass=*)'

LDAP filter

$attributes : array<string|int, mixed> = array('dn')

list of attributes to fetch

$handle : handle = null

LDAP handle (optional for admin interface pages)

$limit : int = -1

result limit

Return values
array<string|int, mixed>

attributes or null if not found

deleteDN()

Deletes a DN and all child entries.

deleteDN(string $dn, bool $recursive) : array<string|int, mixed>
Parameters
$dn : string

DN to delete

$recursive : bool

recursive delete also child entries

Return values
array<string|int, mixed>

error messages

copyDnRecursive()

Performs a recursive copy from old DN under target DN.

copyDnRecursive(string $oldDn, string $targetDn) : void
Parameters
$oldDn : string

old DN to copy

$targetDn : string

copy nodes under this DN

Tags
throws
LAMException

error on copy

Return values
void

moveDn()

Moves an LDAP entry.

moveDn(string $oldDn, string $targetDn) : void
Parameters
$oldDn : string

old DN

$targetDn : string

target container DN

Tags
throws
LAMException

error during move

Return values
void

getLastLDAPError()

Returns the parameters for a StatusMessage of the last LDAP search.

getLastLDAPError() : array<string|int, mixed>
Return values
array<string|int, mixed>

parameters for StatusMessage or null if all was ok

cleanLDAPResult()

Cleans the result of an LDAP search.

cleanLDAPResult(array<string|int, mixed> &$entries) : mixed

This will remove all 'count' entries and also all numeric array keys.

Parameters
$entries : array<string|int, mixed>

LDAP entries in format $entries[entry number][attribute name][attribute values]

Return values
mixed

getAbstractDN()

Transforms a DN into a more user friendly format.

getAbstractDN(string $dn) : string

E.g. "dc=company,dc=de" is transformed to "company > de".

Parameters
$dn : string

DN

Return values
string

transformed DN

unescapeLdapSpecialCharacters()

Unescapes LDAP special characters for readability.

unescapeLdapSpecialCharacters(string $dn) : string
Parameters
$dn : string

escaped DN

Return values
string

unescaped DN

unescapeLdapSpecialCharactersCallback()

Callback function for unescaping DN.

unescapeLdapSpecialCharactersCallback(array<string|int, mixed> $matches) : string
Parameters
$matches : array<string|int, mixed>

HEX value that was found

Return values
string

unescaped string

compareDN()

Helper function to sort DNs.

compareDN(string $a, string $b) : int
Parameters
$a : string

first argument to compare

$b : string

second argument to compare

Return values
int

0 if equal, 1 if $a is greater, -1 if $b is greater

compareLDAPEntriesByDn()

Helper function to sort LDAP entries by DN.

compareLDAPEntriesByDn(array<string|int, mixed> $a, array<string|int, mixed> $b) : int
Parameters
$a : array<string|int, mixed>

first argument to compare

$b : array<string|int, mixed>

second argument to compare

Return values
int

0 if equal, 1 if $a is greater, -1 if $b is greater

formatLDAPTimestamp()

Formats an LDAP time string (e.g. from createTimestamp).

formatLDAPTimestamp(string $time) : string
Parameters
$time : string

LDAP time value

Return values
string

formatted time

parseLDAPTimestamp()

Parses an LDAP time stamp and returns a DateTime in current time zone.

parseLDAPTimestamp(string $time) : DateTime
Parameters
$time : string

LDAP time value

Return values
DateTime

time

obfuscateText()

Simple function to obfuscate strings.

obfuscateText(string $text) : mixed
Parameters
$text : string

text to obfuscate

Return values
mixed

deobfuscateText()

Simple function to deobfuscate strings.

deobfuscateText(string $text) : mixed
Parameters
$text : string

text to deobfuscate

Return values
mixed

isObfuscatedText()

Checks if the given text is obfuscated.

isObfuscatedText(string $text) : bool
Parameters
$text : string

text to check

Return values
bool

obfuscated or not

extractRDNAttribute()

Extracts the RDN attribute name from a given DN.

extractRDNAttribute(string $dn) : string
Parameters
$dn : string

DN

Return values
string

RDN attribute name

extractRDNValue()

Extracts the RDN attribute value from a given DN.

extractRDNValue(string $dn) : string
Parameters
$dn : string

DN

Return values
string

RDN attribute value

extractRDN()

Extracts the RDN part of the DN.

extractRDN(string|null $dn) : string|null
Parameters
$dn : string|null

DN

Return values
string|null

RDN part

extractDNSuffix()

Extracts the DN suffix from a given DN.

extractDNSuffix(string $dn) : string

E.g. ou=people,dc=test,dc=com will result in dc=test,dc=com.

Parameters
$dn : string

DN

Return values
string

DN suffix

testSmtpConnection()

Checks if the SMTP connection with the given settings is fine.

testSmtpConnection(string $server, string $user, string $password, string $encryption) : void
Parameters
$server : string

SMTP server

$user : string

user name

$password : string

password

$encryption : string

encryption type

Tags
throws
LAMException

error during SMTP connection

Return values
void

sendPasswordMail()

Sends the password mail.

sendPasswordMail(string $pwd, array<string|int, mixed> $user[, string $recipient = null ]) : array<string|int, mixed>
Parameters
$pwd : string

new password

$user : array<string|int, mixed>

LDAP attributes of user

$recipient : string = null

recipient address (optional, $user['mail'][0] used by default)

Return values
array<string|int, mixed>

list of arrays that can be used to create status messages

sendEMail()

Sends out an email.

sendEMail(string|array<string|int, mixed> $to, string $subject, string $text, string $from, bool $isHTML[, string $replyTo = null ][, string $cc = null ][, string $bcc = null ]) : mixed
Parameters
$to : string|array<string|int, mixed>

TO address

$subject : string

email subject

$text : string

mail body (with \r\n EOL)

$from : string

FROM address

$isHTML : bool

HTML format

$replyTo : string = null

REPLY-TO address (optional)

$cc : string = null

CC address (optional)

$bcc : string = null

BCC address (optional)

Return values
mixed

isCommandlineSafeEmailAddress()

Checks if an email address is safe for use on commandline

isCommandlineSafeEmailAddress( $address) : bool
Parameters
$address :

email address

Return values
bool

is safe

getRandomNumber()

Returns a random number.

getRandomNumber() : int
Return values
int

random number

getLDAPSSLCertificate()

Connects to the LDAP server and extracts the certificates.

getLDAPSSLCertificate(string $server, string $port) : mixed
Parameters
$server : string

server name

$port : string

server port

Return values
mixed

false on error and certificate if extracted successfully

getExtendedLDAPErrorMessage()

Returns the extended LDAP error message if any.

getExtendedLDAPErrorMessage(handle $server) : string
Parameters
$server : handle

LDAP server handle

Return values
string

error message

getDefaultLDAPErrorString()

Returns the default error message to display on the web page.

getDefaultLDAPErrorString(handle $server) : string

HTML special characters are already escaped.

Parameters
$server : handle

LDAP server handle

Return values
string

error message

ldapIsPasswordExpired()

Returns if the last LDAP error was due to expired password or forced password change (AD only).

ldapIsPasswordExpired( $server) : bool
Parameters
$server :

LDAP handle

Return values
bool

password expired

getExtraInvalidCredentialsMessage()

Tries to get additional information why invalid credentials was returned. E.g. account is locked.

getExtraInvalidCredentialsMessage(handle $ldap, string $userDn) : string
Parameters
$ldap : handle

LDAP object to connect for getting extra data

$userDn : string

failed DN

Return values
string

extra message

getCallingURL()

Returns the URL under which the page was loaded.

getCallingURL([ $baseUrl = '' ]) : string

This includes any GET parameters set.

Parameters
$baseUrl : = ''

base URL (e.g. http://www.example.com)

Return values
string

URL

getTimeZoneOffsetHours()

Returns the offset in hours from configured time zone to GMT.

getTimeZoneOffsetHours() : int
Return values
int

offset

getTimeZone()

Returns the configured time zone.

getTimeZone() : DateTimeZone
Return values
DateTimeZone

time zone

getFormattedTime()

Returns the current time in formatted form.

getFormattedTime(unknown $format) : mixed
Parameters
$format : unknown

format to use (e.g. 'Y-m-d H:i:s')

Return values
mixed

formatSecondsToShortFormat()

Formats a number of seconds to a more human readable format with minutes, hours, etc.

formatSecondsToShortFormat(int $numSeconds) : string

E.g. 70 seconds will return 1m10s.

Parameters
$numSeconds : int

number of seconds

Return values
string

formatted number

unformatShortFormatToSeconds()

Unformats text like 1m10s back to number of seconds.

unformatShortFormatToSeconds(string $text) : int
Parameters
$text : string

formatted text

Return values
int

number of seconds

enforceUserIsLoggedIn()

Checks if the user is logged in. Stops script execution if not.

enforceUserIsLoggedIn([bool $check2ndFactor = true ]) : mixed
Parameters
$check2ndFactor : bool = true

check if the 2nd factor was provided if required

Return values
mixed

printHeaderContents()

Prints the content of the header part.

printHeaderContents(string $title, string $prefix) : mixed
Parameters
$title : string

page title

$prefix : string

prefix to LAM main folder (e.g. "..")

Return values
mixed

printJsIncludes()

Prints script tags for all LAM JS files.

printJsIncludes(string $prefix) : mixed
Parameters
$prefix : string

prefix to LAM main folder (e.g. "..")

Return values
mixed

convertUtf8ToUtf16Le()

Converts an UTF-8 string to UTF16LE.

convertUtf8ToUtf16Le(string $input) : mixed
Parameters
$input : string

UTF-8 value

Return values
mixed

getLAMVersionText()

Returns the text with LAM and its version for header area.

getLAMVersionText() : string
Return values
string

LAM version text

isDeveloperVersion()

Returns if the given release is a developer version.

isDeveloperVersion(mixed $version) : bool
Parameters
$version : mixed
Return values
bool

is developer version

setSSLCaCert()

Sets the environment variables for custom SSL CA certificates.

setSSLCaCert() : mixed
Return values
mixed

setlanguage()

Sets language settings for automatic translation

setlanguage() : mixed
Return values
mixed

checkChmod()

Checks whether a specific flag in the rights string is set.

checkChmod(string $right, string $target, string $chmod) : mixed
Parameters
$right : string

read, write or execute

$target : string

owner, group or other

$chmod : string

the chmod rights

Return values
mixed

LAMVersion()

Returns the version number of this LAM installation.

LAMVersion() : string

Format: ..
Major/minor version are always numbers, patch level may contain letters for unofficial releases only (e.g. 0.5.alpha1).

Return values
string

version number

extractConfigOptionsFromPOST()

Extracts config options from HTTP POST data.

extractConfigOptionsFromPOST(array<string|int, mixed> $confTypes) : array<string|int, mixed>
Parameters
$confTypes : array<string|int, mixed>

array (option name => type (e.g. multiselect))

Return values
array<string|int, mixed>

list of config options (name =>[values])

metaRefresh()

Prints a meta refresh page

metaRefresh(string $page) : mixed
Parameters
$page : string

the URL of the target page

Return values
mixed

isAccountTypeHidden()

Checks if the given account type is hidden.

isAccountTypeHidden(string $type) : bool
Parameters
$type : string

account type (e.g. user)

Return values
bool

is hidden

getLanguages()

Returns a list of all supported languages.

getLanguages() : array<string|int, LAMLanguage>
Return values
array<string|int, LAMLanguage>

languages

htmlGetRequiredMarker()

Returns the marker for required values.

htmlGetRequiredMarker() : string
Return values
string

HTML code for required marker

htmlGetRequiredMarkerElement()

Returns the marker for required values.

htmlGetRequiredMarkerElement() : htmlSpan
Return values
htmlSpan

HTML code for required marker

check_ip()

Checks if the given IP is valid.

check_ip(string $ip[, bool $subnet = false ]) : mixed
Parameters
$ip : string

IP address

$subnet : bool = false

IP must be a subnet

Return values
mixed

getModuleAlias()

Returns the alias name of a module

getModuleAlias(string $name, string $scope) : string|null
Parameters
$name : string

the module name

$scope : string

the account type ("user", "group", "host")

Return values
string|null

alias name

is_base_module()

Returns true if the module is a base module

is_base_module(string $name, string $scope) : bool
Parameters
$name : string

the module name

$scope : string

the account type ("user", "group", "host")

Return values
bool

true if base module

get_ldap_filter()

Returns the LDAP filter used by the account lists

get_ldap_filter(string $typeId) : string
Parameters
$typeId : string

the account type ("user", "group", "host")

Return values
string

LDAP filter

getRDNAttributes()

Returns a list of LDAP attributes which can be used to form the RDN.

getRDNAttributes(string $typeId[, array<string|int, mixed> $selectedModules = null ]) : array<string|int, mixed>

The list is already sorted by the priority given by the modules.

Parameters
$typeId : string

account type (user, group, host)

$selectedModules : array<string|int, mixed> = null

return only RDN attributes of these modules

Return values
array<string|int, mixed>

list of LDAP attributes

getModulesDependencies()

Returns a hash array (module name => dependencies) of all module dependencies

getModulesDependencies(string $scope) : array<string|int, mixed>

"dependencies" contains an array with two sub arrays: depends, conflicts
The elements of "depends" are either module names or an array of module names (OR-case).
The elements of conflicts are module names.

Parameters
$scope : string

the account type (user, group, host)

Return values
array<string|int, mixed>

dependencies

check_module_depends()

Checks if there are missing dependencies between modules.

check_module_depends(array<string|int, mixed> $selected, array<string|int, mixed> $deps) : mixed
Parameters
$selected : array<string|int, mixed>

selected module names

$deps : array<string|int, mixed>

module dependencies

Return values
mixed

false if no missing dependency was found, otherwise an array of array(selected module, depending module) if missing dependencies were found

check_module_conflicts()

Checks if there are conflicts between modules

check_module_conflicts(array<string|int, mixed> $selected, array<string|int, mixed> $deps) : bool
Parameters
$selected : array<string|int, mixed>

selected module names

$deps : array<string|int, mixed>

module dependencies

Return values
bool

false if no conflict was found, otherwise an array of array(selected module, conflicting module) if conflicts were found

getAvailableModules()

Returns an array with all available user module names

getAvailableModules(string $scope[, bool $mustSupportAdminInterface = false ]) : array<string|int, mixed>
Parameters
$scope : string

account type (user, group, host)

$mustSupportAdminInterface : bool = false

module must support LAM admin interface (default: false)

Return values
array<string|int, mixed>

list of possible modules

getAllModules()

Returns an array with all modules.

getAllModules() : array<string|int, baseModule>
Return values
array<string|int, baseModule>

list of modules

getProfileOptions()

Returns the elements for the profile page.

getProfileOptions(string $typeId) : array<string|int, mixed>
Parameters
$typeId : string

account type (user, group, host)

Return values
array<string|int, mixed>

profile elements

checkProfileOptions()

Checks if the profile options are valid

checkProfileOptions(string $typeId, array<string|int, mixed> $options) : array<string|int, mixed>
Parameters
$typeId : string

account type (user, group, host)

$options : array<string|int, mixed>

hash array containing all options (name => array(...))

Return values
array<string|int, mixed>

list of error messages

getConfigOptions()

Returns a hash array (module name => elements) of all module options for the configuration page.

getConfigOptions(array<string|int, mixed> $moduleToScopes) : array<string|int, mixed>
Parameters
$moduleToScopes : array<string|int, mixed>

hash array (module name => array(account types))

Return values
array<string|int, mixed>

configuration options

checkConfigOptions()

Checks if the configuration options are valid

checkConfigOptions(array<string|int, mixed> $moduleToTypeIds, array<string|int, mixed> &$options) : array<string|int, mixed>
Parameters
$moduleToTypeIds : array<string|int, mixed>

hash array (module name => array(account type ids))

$options : array<string|int, mixed>

hash array containing all options (name => array(...))

Return values
array<string|int, mixed>

list of error messages

getHelp()

Returns a help entry from an account module.

getHelp(string $module, string $helpID, string $scope) : array<string|int, mixed>
Parameters
$module : string

module name

$helpID : string

help identifier

$scope : string

account type

Return values
array<string|int, mixed>

help entry

getAvailablePDFFields()

Returns a list of available PDF entries.

getAvailablePDFFields(string $typeId) : array<string|int, mixed>
Parameters
$typeId : string

account type (user, group, host)

Return values
array<string|int, mixed>

PDF entries (field ID => field label)

getUploadColumns()

Returns an array containing all input columns for the file upload.

getUploadColumns(ConfiguredType &$type, array<string|int, mixed> $selectedModules) : array<string|int, mixed>

Syntax:
array(
string: name, // fixed non-translated name which is used as column name (should be of format: _)
string: description, // short descriptive name
string: help, // help ID
string: example, // example value
boolean: required // true, if user must set a value for this column
)

Parameters
$type : ConfiguredType

account type

$selectedModules : array<string|int, mixed>

selected account modules

Return values
array<string|int, mixed>

column list

buildUploadAccounts()

This function builds the LDAP accounts for the file upload.

buildUploadAccounts(ConfiguredType $type, array<string|int, mixed> $data, array<string|int, mixed> $ids, array<string|int, mixed> $selectedModules, htmlResponsiveRow $container) : mixed

If there are problems status messages will be printed automatically.

Parameters
$type : ConfiguredType

account type

$data : array<string|int, mixed>

array containing one account in each element

$ids : array<string|int, mixed>

array(<column_name> => )

$selectedModules : array<string|int, mixed>

selected account modules

$container : htmlResponsiveRow

HTML container

Return values
mixed

array including accounts or false if there were errors

doUploadPreActions()

Runs any actions that need to be done before an LDAP entry is created.

doUploadPreActions(ConfiguredType $type, array<string|int, mixed> $selectedModules, array<string|int, mixed> $attributes) : array<string|int, mixed>
Parameters
$type : ConfiguredType

account type

$selectedModules : array<string|int, mixed>

list of selected account modules

$attributes : array<string|int, mixed>

LDAP attributes of this entry (attributes are provided as reference, handle modifications of $attributes with care)

Return values
array<string|int, mixed>

array which contains status messages. Each entry is an array containing the status message parameters.

doUploadPostActions()

This function executes one post upload action.

doUploadPostActions(ConfiguredType $type, array<string|int, mixed> &$data, array<string|int, mixed> $ids, array<string|int, mixed> $failed, array<string|int, mixed> $selectedModules, array<string|int, mixed> &$accounts) : array<string|int, mixed>
Parameters
$type : ConfiguredType

account type

$data : array<string|int, mixed>

array containing one account in each element

$ids : array<string|int, mixed>

array(<column_name> => )

$failed : array<string|int, mixed>

list of accounts which were not created successfully

$selectedModules : array<string|int, mixed>

list of selected account modules

$accounts : array<string|int, mixed>

list of LDAP entries

Return values
array<string|int, mixed>

current status
array (
'status' => 'finished' | 'inProgress'
'module' =>
'progress' => 0..100
'errors' => array (<array of parameters for StatusMessage>)
)

getRequiredExtensions()

Returns true if the module is a base module

getRequiredExtensions() : array<string|int, mixed>
Return values
array<string|int, mixed>

required extensions

parseHtml()

Takes a list of meta-HTML elements and prints the equivalent HTML output.

parseHtml(string $module, mixed $input, array<string|int, mixed> $values, bool $restricted, string $scope) : array<string|int, mixed>

The modules are not allowed to display HTML code directly but return meta HTML code. This allows to have a common design for all module pages.

Parameters
$module : string

Name of account module

$input : mixed

htmlElement or array of htmlElement elements

$values : array<string|int, mixed>

List of values which override the defaults in $input (name => value)

$restricted : bool

If true then no buttons will be displayed

$scope : string

Account type

Return values
array<string|int, mixed>

List of input field names and their type (name => type)

lamCompareDescriptiveOptions()

Helper function to sort descriptive options in parseHTML().

lamCompareDescriptiveOptions(array<string|int, mixed> &$a, array<string|int, mixed> &$b) : int

It compares the second entries of two arrays.

Parameters
$a : array<string|int, mixed>

first array

$b : array<string|int, mixed>

second array

Return values
int

compare result

Prints a LAM help link.

printHelpLink(array<string|int, mixed> $entry, string $number[, string $module = '' ][, string $scope = '' ][, array<string|int, mixed> $classes = [] ]) : mixed
Parameters
$entry : array<string|int, mixed>

help entry

$number : string

help number

$module : string = ''

module name

$scope : string = ''

account scope

$classes : array<string|int, mixed> = []

CSS classes

Return values
mixed

lam_start_session()

Starts a session and sets the cookie options.

lam_start_session() : mixed
Return values
mixed

lamDefaultCookieOptions()

lamDefaultCookieOptions() : array<string|int, mixed>
Return values
array<string|int, mixed>

startSecureSession()

Starts a session and checks the environment.

startSecureSession([bool $redirectToLogin = true ][, bool $initSecureData = false ]) : bool

The script is stopped if one of the checks fail (timeout redirection may be overridden).

Parameters
$redirectToLogin : bool = true

redirect user to login page (default: true)

$initSecureData : bool = false

init verification data like session ID and client IP (default: false)

Return values
bool

true if all ok, false if session expired

isFileBasedSession()

Returns if the session uses files storage.

isFileBasedSession() : bool
Return values
bool

file based session

checkClientIP()

Checks if the client's IP address is on the list of allowed IPs.

checkClientIP() : mixed

The script is stopped if the host is not valid.

Return values
mixed

logoffAndBackToLoginPage()

Logs off the user and displays the login page.

logoffAndBackToLoginPage() : mixed
Return values
mixed

isDebugLoggingEnabled()

Returns if debug messages are to be logged.

isDebugLoggingEnabled() : bool
Return values
bool

debug enabled

logNewMessage()

Puts a new message in the log file.

logNewMessage(string $level, string $message) : void
Parameters
$level : string

log level (LOG_DEBUG, LOG_NOTICE, LOG_WARNING, LOG_ERR)

$message : string

log message

Return values
void

checkIfWriteAccessIsAllowed()

Checks if write access to LDAP is allowed.

checkIfWriteAccessIsAllowed([string $scope = null ]) : bool
Parameters
$scope : string = null

account type (e.g. user)

Return values
bool

true, if allowed

checkIfPasswordChangeIsAllowed()

Checks if passwords may be changed.

checkIfPasswordChangeIsAllowed() : bool
Return values
bool

true, if allowed

checkIfNewEntriesAreAllowed()

Checks if it is allowed to create new LDAP entries of the given type.

checkIfNewEntriesAreAllowed(string $scope) : bool

This also checks if general write access is enabled.

Parameters
$scope : string

account type (e.g. 'user')

Return values
bool

true, if new entries are allowed

checkIfDeleteEntriesIsAllowed()

Checks if it is allowed to delete LDAP entries of the given type.

checkIfDeleteEntriesIsAllowed(string $scope) : bool
Parameters
$scope : string

account type (e.g. 'user')

Return values
bool

true, if entries may be deleted

checkPasswordStrength()

Checks if the password fulfills the password policies.

checkPasswordStrength(string $password, string|array<string|int, mixed> $userNames, array<string|int, mixed> $otherUserAttrs) : mixed
Parameters
$password : string

password

$userNames : string|array<string|int, mixed>

user name(s)

$otherUserAttrs : array<string|int, mixed>

user's first/last name

Return values
mixed

true if ok, string with error message if not valid

checkPwdWithExternalPasswordService()

Checks the password against the external password service.

checkPwdWithExternalPasswordService(LAMCfgMain $cfg, string $password) : bool
Parameters
$cfg : LAMCfgMain

main configuration

$password : string

password

Return values
bool

password accepted as secure

checkIfToolIsActive()

Checks if the given tool is active.

checkIfToolIsActive(string $tool) : mixed

Otherwise, an error message is logged and the execution is stopped (die()).

Parameters
$tool : string

tool class name (e.g. toolFileUpload)

Return values
mixed

isLoggedIn()

Returns if the user is logged in.

isLoggedIn() : bool
Return values
bool

is logged in

getClientIPForLogging()

Returns the client IP and comma separated proxy IPs if any (HTTP_X_FORWARDED_FOR, HTTP_X_REAL_IP).

getClientIPForLogging() : string
Return values
string

client IP (e.g. 10.10.10.10,11.11.11.11)

getLamLdapUser()

Returns the login dn of the current user.

getLamLdapUser() : string
Return values
string

user DN

addSecurityTokenToSession()

Adds a security token to the session to prevent CSRF attacks.

addSecurityTokenToSession([bool $overwrite = true ]) : void
Parameters
$overwrite : bool = true

overwrite existing token

Return values
void

validateSecurityToken()

Checks if the security token from SESSION matches POST data.

validateSecurityToken() : mixed
Return values
mixed

getSecurityTokenName()

Returns the name of the security token parameter.

getSecurityTokenName() : string
Return values
string

name

getSecurityTokenValue()

Returns the value of the security token parameter.

getSecurityTokenValue() : string
Return values
string

value

setLAMHeaders()

Sets the X-Frame-Options and Content-Security-Policy header to prevent clickjacking.

setLAMHeaders() : mixed
Return values
mixed

lamEncrypt()

Encrypts a string

lamEncrypt(string $data[, string $prefix = '' ]) : object
Parameters
$data : string

string to encrypt

$prefix : string = ''

prefix for cookie names

Return values
object

encrypted string

lamDecrypt()

Decrypts a string

lamDecrypt(object $data[, string $prefix = '' ]) : string
Parameters
$data : object

string to decrypt

$prefix : string = ''

prefix for cookie names

Return values
string

decrypted string

lamEncryptionAlgo()

Returns the encryption algorithm to use.

lamEncryptionAlgo() : string
Return values
string

algorithm name

lamLogRemoteMessage()

Logs a message to a remote logging service.

lamLogRemoteMessage(int $level, string $message, LAMCfgMain $cfgMain) : mixed
Parameters
$level : int

log level

$message : string

log message

$cfgMain : LAMCfgMain

main configuration

Return values
mixed

isLAMProVersion()

Returns if this is a LAM Pro installation.

isLAMProVersion() : bool
Return values
bool

LAM Pro installation

getSelfServiceSearchAttributes()

Returns a list of possible search attributes for the self service.

getSelfServiceSearchAttributes(string $scope) : array<string|int, mixed>
Parameters
$scope : string

account type

Return values
array<string|int, mixed>

attributes

getSelfServiceFieldSettings()

Returns the field settings for the self service.

getSelfServiceFieldSettings(string $scope) : array<string|int, mixed>
Parameters
$scope : string

account type

Return values
array<string|int, mixed>

settings

getSelfServiceOptions()

Returns meta HTML code for each self service field.

getSelfServiceOptions(string $scope, array<string|int, mixed> $fields, array<string|int, mixed> $attributes, bool $passwordChangeOnly, array<string|int, mixed> $readOnlyFields) : array<string|int, mixed>
Parameters
$scope : string

account type

$fields : array<string|int, mixed>

input fields (array(<moduleName> => array(, , ...)))

$attributes : array<string|int, mixed>

LDAP attributes (attribute names in lower case)

$passwordChangeOnly : bool

indicates that the user is only allowed to change his password and no LDAP content is readable

$readOnlyFields : array<string|int, mixed>

list of read-only fields

Return values
array<string|int, mixed>

meta HTML code (array(<moduleName> => htmlResponsiveRow))

checkSelfServiceOptions()

Checks if all input values are correct and returns the LDAP commands which should be executed.

checkSelfServiceOptions(string $scope, string $fields, array<string|int, mixed> $attributes, bool $passwordChangeOnly, array<string|int, mixed> $readOnlyFields) : array<string|int, mixed>
Parameters
$scope : string

account type

$fields : string

input fields (array(<moduleName> => array(, , ...)))

$attributes : array<string|int, mixed>

LDAP attributes

$passwordChangeOnly : bool

indicates that the user is only allowed to change his password and no LDAP content is readable

$readOnlyFields : array<string|int, mixed>

list of read-only fields

Return values
array<string|int, mixed>

messages and LDAP commands (array('messages' => [], 'add' => [], 'del' => [], 'mod' => []))

getSelfServiceSettings()

Returns a hash array (module name => elements) of all module options for the configuration page.

getSelfServiceSettings(string $scope, selfServiceProfile $profile) : array<string|int, mixed>
Parameters
$scope : string

account type

$profile : selfServiceProfile

currently edited profile

Return values
array<string|int, mixed>

configuration options

checkSelfServiceSettings()

Checks if the self service settings are valid

checkSelfServiceSettings(string $scope, array<string|int, mixed> &$options, selfServiceProfile &$profile) : array<string|int, mixed>
Parameters
$scope : string

account type

$options : array<string|int, mixed>

hash array containing all options (name => array(...))

$profile : selfServiceProfile

profile

Return values
array<string|int, mixed>

list of error messages

isSelfService()

Returns if script runs inside self service.

isSelfService() : bool
Return values
bool

is self service

openSelfServiceLdapConnection()

Opens the LDAP connection and returns the handle. No bind is done.

openSelfServiceLdapConnection(selfServiceProfile $profile) : handle
Parameters
$profile : selfServiceProfile

profile

Return values
handle

LDAP handle or null if connection failed

bindLdapUser()

Binds the LDAP connections with given user and password.

bindLdapUser(handle $handle, mixed $profile, string $userDn, string $password) : bool
Parameters
$handle : handle

LDAP handle

$profile : mixed
$userDn : string

bind DN

$password : string

bind password

Return values
bool

binding successful

StatusMessage()

This function prints a short status message. It can be used to print INFO, WARN and ERROR messages.

StatusMessage(string $MessageTyp, string $MessageHeadline[, string $MessageText = '' ][, array<string|int, mixed> $MessageVariables = [] ][, bool $returnOutput = false ]) : string
Parameters
$MessageTyp : string

The type of the message to be printed. It must be one of the following types: 'INFO', 'WARN' or 'ERROR'.
Every other type will lead to an error message indicating an invalid message type.

$MessageHeadline : string

The headline of the status message.
It may be formatted with special color/link/bold tags.

$MessageText : string = ''

The text of the status message.
It may be formatted with special color/link/bold tags. This parameter is optional.

$MessageVariables : array<string|int, mixed> = []

The variables that are used to replace the spacers (%s) in the submitted text. This parameter is optional.

$returnOutput : bool = false

if set to true this function will return the generated HTML code instead of printing it directly (default: false)

Return values
string

HTML code if $returnOutput is set to true, otherwise null

getTools()

Returns the tools which are available for LAM.

getTools() : array<string|int, mixed>
Return values
array<string|int, mixed>

list of LAMTool objects

Search results