LDAP Account Manager

windowsUser extends baseModule
in package
implements passwordService, AccountStatusProvider

Manages Windows AD (e.g. Samba 4) users.

Interfaces, Classes, Traits and Enums

passwordService
This interface needs to be implemented by all account modules which manage passwords.
AccountStatusProvider
Provides module information about the status of an LDAP account.

Table of Contents

AC_ACCOUNT_DISABLED  = 0x2
account is disabled
AC_PWD_NEVER_EXPIRES  = 0x10000
password never expires
AC_SMARTCARD_REQUIRED  = 0x40000
login requires smartcard
ATTRIBUTES_TO_IGNORE_ON_COPY  = array('userPrincipalName', 'sAMAccountName', 'displayName', 'profilePath', 'scriptPath', 'pwdLastSet', 'otherMailbox', 'homeDirectory', 'msSFU30Name', 'pwdLastSet', 'lastLogonTimestamp', 'accountexpires', 'lockouttime')
These attributes will be ignored by default if a new account is copied from an existing one.
ATTRIBUTES_TO_IGNORE_ON_COPY_DEFAULT  = array('uid', 'uidNumber', 'gid', 'gidNumber', 'cn', 'userpassword', 'sn', 'givenName', 'initials', 'telephoneNumber', 'homePhone', 'mobile', 'facsimileTelephoneNumber', 'pager', 'mail', 'employeeNumber', 'userCertificate;binary', 'userCertificate', 'homeDirectory', 'unixHomeDirectory', 'jpegPhoto')
These attributes will be ignored by default if a new account is copied from an existing one.
DEFAULT_ACCOUNT_CONTROL  = 0x200
initial account flags
DISPLAY_GROUPS_CN  = 'CN'
display groups as cn
DISPLAY_GROUPS_DN  = 'DN'
display groups as dn
STATUS_ACCOUNT_EXPIRED  = "WINDOWS_ACCOUNT_EXPIRED"
ID for expired account status.
STATUS_ACCOUNT_LOCKED  = "WINDOWS_ACCOUNT_LOCKED"
ID for locked account status.
STATUS_PASSWORD_LOCKED  = "WINDOWS_PASSWORD_LOCKED"
ID for locked password status.
$attributes  : mixed
contains all ldap attributes which should be written
$autoAddObjectClasses  : mixed
if true, managed object classes are added when an account is created or loaded (default: true)
$messages  : mixed
contains all error messages of a module
$meta  : mixed
includes all meta data provided by the sub class
$moduleSettings  : mixed
configuration settings of all modules
$orig  : mixed
contains all ldap attributes which are loaded from ldap
$selfServiceSettings  : selfServiceProfile
self service profile with settings of all modules
$base  : mixed
name of parent accountContainer ($_SESSION[$base])
$businessCategoryCache  : mixed
business category cache
$cachedCnList  : mixed
cache for cn
$cachedHostList  : mixed
host cache to reduce LDAP queries
$cachedUserNameList  : mixed
cache for user name
$clearTextPassword  : mixed
clear text password
$departmentCache  : mixed
cache for departments
$departmentNumberCache  : mixed
cache for department numbers
$employeeTypeCache  : mixed
employee type cache
$groupCache  : mixed
cache for groups
$groupList  : mixed
current group list
$groupList_orig  : mixed
original group list
$oCache  : mixed
organization cache
$ouCache  : mixed
organizational unit cache
$pwdLastSet  : mixed
option for forcing password change, used in postModifyActions
$scope  : mixed
the account type of this module (user, group, host)
$titleCache  : mixed
title cache
__construct()  : mixed
Creates a new base module class
accountStatusPerformLock()  : void
Locks the account with the given lock IDs.
accountStatusPerformUnlock()  : void
Unlocks the account with the given lock IDs.
addPasswordQuickChangeAccountDetails()  : void
Adds account details such as first/last name for the current account.
addPDFImage()  : mixed
Adds an image to the PDF.
addPDFKeyValue()  : mixed
Adds a simple PDF entry with the given key and value.
addPDFTable()  : mixed
Adds a table entry to the PDF.
build_uploadAccounts()  : array<string|int, mixed>
In this function the LDAP accounts are built.
can_manage()  : bool
Returns true if this module can manage accounts of the current type, otherwise false.
canSelfServiceFieldBeReadOnly()  : bool
Returns if a given self service field can be set in read-only mode.
canSelfServiceFieldBeRelabeled()  : bool
Returns if a self service field can be relabeled.
check_configOptions()  : array<string|int, mixed>
Checks input values of module settings.
check_profileOptions()  : array<string|int, mixed>
Checks input values of account profiles.
checkGlobalConfigOptions()  : void
Checks the global config options.
checkSelfServiceOptions()  : array<string|int, mixed>
Checks if all input values are correct and returns the LDAP attributes which should be changed.
checkSelfServiceSettings()  : array<string|int, mixed>
Checks if the self service settings are valid.
delete_attributes()  : array<string|int, mixed>
This function returns an array with the same syntax as save_attributes().
display_html_accountexpires()  : htmlElement
This function will create the meta HTML code to show a page to change account expiration.
display_html_attributes()  : htmlElement
Returns the HTML meta data for the main account page.
display_html_delete()  : htmlElement
This function creates meta HTML code which will be displayed when an account should be deleted.
display_html_group()  : htmlElement
Displays the group selection.
display_html_manager()  : htmlElement
This function will create the meta HTML code to show a page to change the manager attribute.
display_html_photo()  : array<string|int, mixed>
Displays the photo upload page.
display_html_userWorkstations()  : htmlElement
This function will create the HTML page to edit the allowed workstations.
displaySpecialSelfServicePage()  : htmlElement
This function creates meta HTML code to display the module specific page for the self service.
doUploadPostActions()  : array<string|int, mixed>
This function is responsible to do additional tasks after the account has been created in LDAP (e.g. modifying group memberships, adding Quota etc..).
doUploadPreActions()  : array<string|int, mixed>
Runs any actions that need to be done before an LDAP entry is created.
get_alias()  : string
Returns an alias name for the module.
get_configOptions()  : mixed
Returns a list of configuration options.
get_dependencies()  : array<string|int, mixed>
This function returns a list with all depending and conflicting modules.
get_help()  : array<string|int, mixed>
This function returns the help entry array for a specific help id.
get_ldap_filter()  : string
Returns an LDAP filter for the account lists
get_metaData()  : array<string|int, mixed>
Returns meta data that is interpreted by parent class
get_pdfEntries()  : array<string|int, PDFEntry>
Returns the PDF entries for this module.
get_pdfFields()  : array<string|int, mixed>
Returns a hashtable with all entries that may be printed out in the PDF.
get_profileOptions()  : htmlElement
This function defines what attributes will be used in the account profiles and their appearance in the profile editor.
get_RDNAttributes()  : array<string|int, mixed>
Returns a hash array containing a list of possible LDAP attributes that can be used to form the RDN (Relative Distinguished Name).
get_scope()  : string
Returns the account type of this module (user, group, host)
get_uploadColumns()  : array<string|int, mixed>
Returns an array containing all input columns for the file upload.
get_uploadPreDepends()  : array<string|int, mixed>
Returns a list of module names which must be processed in building the account before this module.
getAccountStatusDetails()  : array<string|int, AccountStatusDetails>
Returns the list of account status detail lines.
getAccountStatusPossibleLockOptions()  : array<string|int, AccountStatusDetails>
Returns a list of options how the account could be locked.
getAccountStatusRequiredAttributes()  : array<string|int, mixed>
Returns the list of LDAP attributes that must be read to get the account status.
getAttributes()  : array<string|int, mixed>
Returns the LDAP attributes which are managed in this module.
getButtonStatus()  : string
Controls if the module button the account page is visible and activated.
getDomainPolicyAttribute()  : array<string|int, mixed>
Returns the value of a domain policy attribute.
getFileTime()  : DateTime
Returns a value in file time (100 ns since 1601-01-01).
getGlobalConfigOptions()  : array<string|int, htmlElement>
Returns a list of config options for LAM's main configuration.
getGroupList()  : array<string|int, mixed>
Returns the list of groups.
getIcon()  : unknown
Returns the path to the module icon.
getLDAPAliases()  : array<string|int, mixed>
Returns a list of aliases for LDAP attributes.
getLinkToSpecialSelfServicePage()  : string
This allows modules to create a link to a module specific page for the self service.
getListAttributeDescriptions()  : array<string|int, mixed>
Returns a list of attribute descriptions for the account list.
getListFilterFunction()  : callable|null
Returns a callable if there should be a custom filtering for the given attribute name.
getListRenderFunction()  : callable|null
Returns a callable if there should be a custom display for the given attribute name.
getManagedAttributes()  : array<string|int, mixed>
Returns a list of LDAP attributes which are managed by this module.
getManagedHiddenAttributes()  : array<string|int, mixed>
Returns a list of operational LDAP attributes which are managed by this module and need to be explicitly set for LDAP search.
getManagedObjectClasses()  : array<string|int, mixed>
Returns a list of managed object classes for this module.
getOriginalAttributes()  : array<string|int, mixed>
Returns the LDAP attributes which are managed in this module (with unchanged values).
getPasswordLocked()  : DateTime|false
Returns if the account is currently deactivated.
getPasswordQuickChangeChanges()  : array<string|int, mixed>
Returns a list of LDAP attribute changes to perform.
getPasswordQuickChangeIsPasswordInHistory()  : bool
Returns if the password is not same as an old password from history.
getPasswordQuickChangeOptions()  : array<string|int, PasswordQuickChangeOption>
Returns a list of password quick change options.
getPasswordQuickChangePasswordStrengthAttributes()  : array<string|int, mixed>
Returns additional attribute values to check when password strength is validated.
getPasswordQuickChangePasswordStrengthUserName()  : string|null
Returns the user name if known to be validated for password strength.
getRequiredExtensions()  : array<string|int, mixed>
This function returns a list of PHP extensions (e.g. hash) which are needed by this module.
getSelfServiceFields()  : array<string|int, mixed>
Returns a list of possible input fields and their descriptions.
getSelfServiceOptions()  : array<string|int, mixed>
Returns the meta HTML code for each input field.
getSelfServiceSearchAttributes()  : array<string|int, mixed>
This function returns a list of possible LDAP attributes (e.g. uid, cn, ...) which can be used to search for LDAP objects.
getSelfServiceSettings()  : htmlElement
Returns a list of self service configuration settings.
getSupportedJobs()  : array<string|int, mixed>
Returns a list of jobs that can be run.
getWildCardReplacements()  : array<string|int, mixed>
Returns a list of wildcards that can be replaced in input fields.
handleAjaxRequest()  : mixed
Manages AJAX requests.
hasOnlyVirtualChildren()  : bool
Defines if the LDAP entry has only virtual child entries. This is the case for e.g. LDAP views.
init()  : mixed
Initializes the module after it became part of an accountContainer
is_base_module()  : bool
Returns true if your module is a base module and otherwise false.
isAccountExpired()  : bool
Returns if the given account is expired.
isDeactivated()  : bool
Returns if the account is currently deactivated.
isNeverExpiring()  : bool
Returns if the account never expires.
isSmartCardRequired()  : bool
Returns if the account requires a smartcard to login.
load_attributes()  : mixed
This function loads all needed LDAP attributes.
load_Messages()  : mixed
This function fills the $messages variable with output messages from this module.
load_profile()  : mixed
Loads the values of an account profile into internal variables.
loadAttributesFromAccountCopy()  : void
Loads the LDAP data from an account to copy.
managesPasswordAttributes()  : bool
This method specifies if a module manages password attributes. The module alias will then appear as option in the GUI.
module_complete()  : bool
This function is used to check if all settings for this module have been made.
module_ready()  : bool
This function is used to check if this module page can be displayed.
passwordChangeRequested()  : array<string|int, mixed>
This function is called whenever the password should be changed. Account modules must change their password attributes only if the modules list contains their module name.
postDeleteActions()  : array<string|int, mixed>
Allows the module to run commands after the LDAP entry is deleted.
postModifyActions()  : array<string|int, mixed>
Runs the postmodify actions.
postModifySelfService()  : bool
Allows the module to run commands after the LDAP entry is changed or created.
preDeleteActions()  : array<string|int, mixed>
Allows the module to run commands before the LDAP entry is deleted.
preModifyActions()  : array<string|int, mixed>
Allows the module to run commands before the LDAP entry is changed or created.
preModifySelfService()  : bool
Allows the module to run commands before the LDAP entry is changed or created.
process_accountexpires()  : array<string|int, mixed>
Processes user input of the account expiration page.
process_attributes()  : array<string|int, mixed>
Processes user input of the primary module page.
process_group()  : array<string|int, mixed>
Processes user input of the group selection page.
process_manager()  : array<string|int, mixed>
Processes user input of the manager page.
process_photo()  : mixed
Sets a new photo.
process_userWorkstations()  : array<string|int, mixed>
Processes user input of the workstation page.
pwdAttributeValue()  : mixed
Creates the LDAP password value.
runGlobalCronActions()  : void
Runs any global cron actions.
save_attributes()  : array<string|int, mixed>
Returns a list of modifications which have to be made to the LDAP account.
setExpirationDate()  : mixed
Sets the expiration date of this account.
setIsDeactivated()  : mixed
Sets if the account is currently deactivated.
setIsNeverExpiring()  : mixed
Sets if the account never expires.
setIsSmartCardRequired()  : mixed
Sets if the account requires a smartcard to login.
supportsAdminInterface()  : bool
Specifies if this module supports the LAM admin interface.
supportsForcePasswordChange()  : bool
Specifies if this module supports to force that a user must change his password on next login.
supportsGlobalCronJob()  : bool
Specifies if the module supports global cron job actions.
supportsPasswordQuickChangePage()  : bool
Specifies if the module support password quick change for the current account.
unlockPassword()  : mixed
Unlocks the user password. This resets 'lockoutTime' to 0.
addDoubleSelectionArea()  : mixed
Adds an area with two multi-select fields with buttons to move items from right to left and vice-versa.
addMultiValueInputTextField()  : mixed
Adds a text input field that may contain multiple values to the given htmlResponsiveRow.
addMultiValueSelectField()  : mixed
Adds a select field type that may contain multiple values to the given htmlTable.
addMultiValueSelfServiceTextField()  : mixed
Adds a simple text input field for the self service.
addSimpleInputTextField()  : mixed
Adds a simple text input field to the given htmlResponsiveRow.
addSimplePDFField()  : mixed
Adds a simple PDF entry to the given array.
addSimpleReadOnlyField()  : mixed
Adds a simple read-only field to the given container.
addSimpleSelfServiceTextField()  : mixed
Adds a simple text input field for the self service.
checkMultiValueSelfServiceTextField()  : mixed
Checks the input value of a self service multi-value text field.
checkSimpleSelfServiceTextField()  : mixed
Checks the input value of a self service text field.
getAccountContainer()  : accountContainer|null
Returns the {@link accountContainer} object.
getSelfServiceLabel()  : string
Returns the field label. This can be either the given default label or an override value from profile.
isBooleanConfigOptionSet()  : bool
Returns if the given configuration option is set.
mapSimpleUploadField()  : mixed
Maps simple upload fields directly to LDAP attribute values.
processMultiValueInputTextField()  : mixed
Validates a multi-value text field.
processMultiValueSelectField()  : mixed
Validates a multi-value select field.
processSimpleTextInput()  : mixed
Validates a text field.
buildExpirationDate()  : mixed
Builds the value for the expiration date.
checkUploadRegex()  : value
Checks the upload value against a list of regular expressions.
findGroups()  : array<string|int, mixed>
Finds all existing groups.
formatAccountExpires()  : string
Returns the formatted value for the account expiration date.
formatFileTime()  : string
Formats a value in file time (100 ns since 1601-01-01).
formatGroupName()  : string
Formats a group name for the display.
formatLastLogonTimestamp()  : string
Returns the formatted value for last login.
formatPwdLastSet()  : string
Returns the formatted value for last password change.
getCns()  : array<string|int, mixed>
Returns a list of all CNs in LDAP.
getDomainLockoutDuration()  : mixed
Returns the domain lockout duration for this DN.
getDomains()  : array<string|int, mixed>
Gets the list of possible domains from the config setting.
getHostList()  : array<string|int, mixed>
Returns a list of existing hosts.
getUserNames()  : array<string|int, mixed>
Returns a list of all user names in LDAP.
groupDisplayContainsDn()  : bool
Returns if the group display name contains the DN.
initCache()  : mixed
Loads cached data from LDAP such as departmets etc.
manageWorkDetails()  : bool
Returns if any of the work details attributes should be managed.
manualSyncGonToWindows()  : mixed
Syncs the group of names to Windows.
manualSyncUnixToWindows()  : mixed
Syncs the Unix groups to Windows.
setSelfServicePassword()  : mixed
Sets the user password in self service.
uploadPhoto()  : array<string|int, mixed>
Uploads the photo file.

Constants

AC_ACCOUNT_DISABLED

account is disabled

public mixed AC_ACCOUNT_DISABLED = 0x2

AC_PWD_NEVER_EXPIRES

password never expires

public mixed AC_PWD_NEVER_EXPIRES = 0x10000

AC_SMARTCARD_REQUIRED

login requires smartcard

public mixed AC_SMARTCARD_REQUIRED = 0x40000

ATTRIBUTES_TO_IGNORE_ON_COPY

These attributes will be ignored by default if a new account is copied from an existing one.

public mixed ATTRIBUTES_TO_IGNORE_ON_COPY = array('userPrincipalName', 'sAMAccountName', 'displayName', 'profilePath', 'scriptPath', 'pwdLastSet', 'otherMailbox', 'homeDirectory', 'msSFU30Name', 'pwdLastSet', 'lastLogonTimestamp', 'accountexpires', 'lockouttime')

ATTRIBUTES_TO_IGNORE_ON_COPY_DEFAULT

These attributes will be ignored by default if a new account is copied from an existing one.

public mixed ATTRIBUTES_TO_IGNORE_ON_COPY_DEFAULT = array('uid', 'uidNumber', 'gid', 'gidNumber', 'cn', 'userpassword', 'sn', 'givenName', 'initials', 'telephoneNumber', 'homePhone', 'mobile', 'facsimileTelephoneNumber', 'pager', 'mail', 'employeeNumber', 'userCertificate;binary', 'userCertificate', 'homeDirectory', 'unixHomeDirectory', 'jpegPhoto')

DEFAULT_ACCOUNT_CONTROL

initial account flags

public mixed DEFAULT_ACCOUNT_CONTROL = 0x200

DISPLAY_GROUPS_CN

display groups as cn

public mixed DISPLAY_GROUPS_CN = 'CN'

DISPLAY_GROUPS_DN

display groups as dn

public mixed DISPLAY_GROUPS_DN = 'DN'

STATUS_ACCOUNT_EXPIRED

ID for expired account status.

public mixed STATUS_ACCOUNT_EXPIRED = "WINDOWS_ACCOUNT_EXPIRED"

STATUS_ACCOUNT_LOCKED

ID for locked account status.

public mixed STATUS_ACCOUNT_LOCKED = "WINDOWS_ACCOUNT_LOCKED"

STATUS_PASSWORD_LOCKED

ID for locked password status.

public mixed STATUS_PASSWORD_LOCKED = "WINDOWS_PASSWORD_LOCKED"

Properties

$attributes

contains all ldap attributes which should be written

protected mixed $attributes

$autoAddObjectClasses

if true, managed object classes are added when an account is created or loaded (default: true)

protected mixed $autoAddObjectClasses = \true

$messages

contains all error messages of a module

protected mixed $messages

$meta

includes all meta data provided by the sub class

protected mixed $meta

$moduleSettings

configuration settings of all modules

protected mixed $moduleSettings

$orig

contains all ldap attributes which are loaded from ldap

protected mixed $orig

$base

name of parent accountContainer ($_SESSION[$base])

private mixed $base

$businessCategoryCache

business category cache

private mixed $businessCategoryCache

$cachedCnList

cache for cn

private mixed $cachedCnList

$cachedHostList

host cache to reduce LDAP queries

private mixed $cachedHostList

$cachedUserNameList

cache for user name

private mixed $cachedUserNameList

$clearTextPassword

clear text password

private mixed $clearTextPassword

$departmentCache

cache for departments

private mixed $departmentCache

$departmentNumberCache

cache for department numbers

private mixed $departmentNumberCache

$employeeTypeCache

employee type cache

private mixed $employeeTypeCache

$groupCache

cache for groups

private mixed $groupCache

$groupList

current group list

private mixed $groupList = []

$groupList_orig

original group list

private mixed $groupList_orig = []

$ouCache

organizational unit cache

private mixed $ouCache

$pwdLastSet

option for forcing password change, used in postModifyActions

private mixed $pwdLastSet

$scope

the account type of this module (user, group, host)

private mixed $scope

Methods

__construct()

Creates a new base module class

public __construct(string $scope) : mixed
Parameters
$scope : string

the account type (user, group, host)

Return values
mixed

accountStatusPerformLock()

Locks the account with the given lock IDs.

public accountStatusPerformLock(ConfiguredType $type, array<string|int, mixed>|null &$attributes, array<string|int, mixed> $lockIds) : void
Parameters
$type : ConfiguredType

type

$attributes : array<string|int, mixed>|null

LDAP attributes

$lockIds : array<string|int, mixed>

IDs from AccountStatusDetails

Tags
inheritDoc
Return values
void

accountStatusPerformUnlock()

Unlocks the account with the given lock IDs.

public accountStatusPerformUnlock(ConfiguredType $type, array<string|int, mixed>|null &$attributes, array<string|int, mixed> $lockIds) : void
Parameters
$type : ConfiguredType

type

$attributes : array<string|int, mixed>|null

LDAP attributes

$lockIds : array<string|int, mixed>

IDs from AccountStatusDetails

Tags
inheritDoc
Return values
void

addPasswordQuickChangeAccountDetails()

Adds account details such as first/last name for the current account.

public addPasswordQuickChangeAccountDetails(htmlResponsiveRow $row) : void
Parameters
$row : htmlResponsiveRow

row where to add content

Tags
inheritDoc
Return values
void

addPDFImage()

Adds an image to the PDF.

public addPDFImage(array<string|int, mixed> &$result, string $attrName) : mixed
Parameters
$result : array<string|int, mixed>

result array (entry will be added here)

$attrName : string

attribute name

Return values
mixed

addPDFKeyValue()

Adds a simple PDF entry with the given key and value.

public addPDFKeyValue(array<string|int, mixed> &$result, string $name, string $label, mixed $value[, string $delimiter = ', ' ]) : mixed
Parameters
$result : array<string|int, mixed>

result array (entry will be added here)

$name : string

ID

$label : string

label name

$value : mixed

value as String or array

$delimiter : string = ', '

delimiter if value is array (default: ", ")

Return values
mixed

addPDFTable()

Adds a table entry to the PDF.

public addPDFTable(array<string|int, mixed> &$result, string $name, PDFTable $table) : mixed
Parameters
$result : array<string|int, mixed>

result array (entry will be added here)

$name : string

ID

$table : PDFTable

table

Return values
mixed

build_uploadAccounts()

In this function the LDAP accounts are built.

public build_uploadAccounts(mixed $rawAccounts, mixed $ids, mixed &$partialAccounts, mixed $selectedModules, mixed &$type) : array<string|int, mixed>
Parameters
$rawAccounts : mixed

the user input data, contains one subarray for each account.

$ids : mixed

list of IDs for column position (e.g. "posixAccount_uid" => 5)

$partialAccounts : mixed

list of hash arrays (name => value) which are later added to LDAP

$selectedModules : mixed

list of selected account modules

$type : mixed

account type

Tags
see
baseModule::build_uploadAccounts()
Return values
array<string|int, mixed>

list of error messages if any

can_manage()

Returns true if this module can manage accounts of the current type, otherwise false.

public can_manage() : bool
Return values
bool

true if module fits

canSelfServiceFieldBeReadOnly()

Returns if a given self service field can be set in read-only mode.

public canSelfServiceFieldBeReadOnly(string $fieldID, selfServiceProfile $profile) : bool
Parameters
$fieldID : string

field identifier

$profile : selfServiceProfile

currently edited profile

Return values
bool

may be set read-only

canSelfServiceFieldBeRelabeled()

Returns if a self service field can be relabeled.

public canSelfServiceFieldBeRelabeled(string $fieldID, selfServiceProfile $profile) : bool
Parameters
$fieldID : string

field ID

$profile : selfServiceProfile

currently edited profile

Return values
bool

may be relabeled

check_configOptions()

Checks input values of module settings.

public check_configOptions(array<string|int, mixed> $typeIds, array<string|int, mixed> &$options) : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

If the input data is invalid the return value is an array that contains subarrays to build StatusMessages ('message type', 'message head', 'message text').
If no errors occurred the function returns an empty array.

Parameters
$typeIds : array<string|int, mixed>

list of account type ids which are used

$options : array<string|int, mixed>

hash array (option name => value) that contains the input. The option values are all arrays containing one or more elements.

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

list of error messages

check_profileOptions()

Checks input values of account profiles.

public check_profileOptions(array<string|int, mixed> $options, string $typeId) : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

$options is an hash array (option name => value) that contains the user input. The option values are all arrays containing one or more elements.
If the input data is invalid the return value is an array that contains arrays to build StatusMessages (message type, message head, message text). If no errors occurred the function returns an empty array.

Parameters
$options : array<string|int, mixed>

a hash array (name => value) containing the user input

$typeId : string

type id (user, group, host)

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

list of error messages (array(type, title, text)) to generate StatusMessages, if any

checkGlobalConfigOptions()

Checks the global config options.

public checkGlobalConfigOptions(array<string|int, mixed> &$options, array<string|int, string> &$messages, array<string|int, string> &$errors) : void
Parameters
$options : array<string|int, mixed>

config options

$messages : array<string|int, string>

info messages can be added here

$errors : array<string|int, string>

error messages can be added here

Return values
void

checkSelfServiceOptions()

Checks if all input values are correct and returns the LDAP attributes which should be changed.

public checkSelfServiceOptions(string $fields, array<string|int, mixed> $attributes, bool $passwordChangeOnly, array<string|int, mixed> $readOnlyFields) : array<string|int, mixed>


Return values:
messages: array of parameters to create status messages
add: array of attributes to add
del: array of attributes to remove
mod: array of attributes to modify
info: array of values with informational value (e.g. to be used later by pre/postModify actions)

Calling this method does not require the existence of an enclosing .

Parameters
$fields : string

input fields

$attributes : array<string|int, mixed>

LDAP attributes

$passwordChangeOnly : bool

indicates that the user is only allowed to change his password and no LDAP content is readable

$readOnlyFields : array<string|int, mixed>

list of read-only fields

Return values
array<string|int, mixed>

messages and attributes (array('messages' => [], 'add' => array('mail' => array('test@test.com')), 'del' => [], 'mod' => [], 'info' => []))

checkSelfServiceSettings()

Checks if the self service settings are valid.

public checkSelfServiceSettings(array<string|int, mixed> &$options, selfServiceProfile &$profile) : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

If the input data is invalid the return value is an array that contains arrays to build StatusMessages (message type, message head, message text). If no errors occurred the function returns an empty array.

Parameters
$options : array<string|int, mixed>

hash array (option name => value) that contains the input. The option values are all arrays containing one or more elements.

$profile : selfServiceProfile

self service profile

Return values
array<string|int, mixed>

error messages

delete_attributes()

This function returns an array with the same syntax as save_attributes().

public delete_attributes() : array<string|int, mixed>

Calling this method requires the existence of an enclosing .

It allows additional LDAP changes when an account is deleted.

Return values
array<string|int, mixed>

of LDAP operations, same as for save_attributes()

display_html_accountexpires()

This function will create the meta HTML code to show a page to change account expiration.

public display_html_accountexpires() : htmlElement
Return values
htmlElement

meta HTML code

display_html_attributes()

Returns the HTML meta data for the main account page.

public display_html_attributes() : htmlElement
Return values
htmlElement

HTML meta data

display_html_delete()

This function creates meta HTML code which will be displayed when an account should be deleted.

public display_html_delete() : htmlElement

Calling this method requires the existence of an enclosing .

This can be used to interact with the user, e.g. should the home directory be deleted? The output of all modules is displayed on a single page.

Tags
see
htmlElement
Return values
htmlElement

meta HTML object

display_html_manager()

This function will create the meta HTML code to show a page to change the manager attribute.

public display_html_manager() : htmlElement
Return values
htmlElement

HTML meta data

display_html_photo()

Displays the photo upload page.

public display_html_photo() : array<string|int, mixed>
Return values
array<string|int, mixed>

meta HTML code

display_html_userWorkstations()

This function will create the HTML page to edit the allowed workstations.

public display_html_userWorkstations() : htmlElement
Return values
htmlElement

meta HTML code

doUploadPostActions()

This function is responsible to do additional tasks after the account has been created in LDAP (e.g. modifying group memberships, adding Quota etc..).

public doUploadPostActions(mixed &$data, mixed $ids, mixed $failed, mixed &$temp, mixed &$accounts, mixed $selectedModules, mixed $type) : array<string|int, mixed>
Parameters
$data : mixed

array containing one account in each element

$ids : mixed

maps the column names to keys for the sub arrays (array(<column_name> => ))

$failed : mixed

list of account numbers which could not be successfully uploaded to LDAP

$temp : mixed

variable to store temporary data between two post actions

$accounts : mixed

list of LDAP entries

$selectedModules : mixed

selected account modules

$type : mixed

account type

Tags
see
baseModule::doUploadPostActions()
Return values
array<string|int, mixed>

current status
array (
'status' => 'finished' | 'inProgress' // defines if all operations are complete
'progress' => 0..100 // the progress of the operations in percent
'errors' => array // list of arrays which are used to generate StatusMessages
)

doUploadPreActions()

Runs any actions that need to be done before an LDAP entry is created.

public doUploadPreActions(array<string|int, mixed> $attributes, ConfiguredType $type) : array<string|int, mixed>
Parameters
$attributes : array<string|int, mixed>

LDAP attributes of this entry (attributes are provided as reference, handle modifications of $attributes with care)

$type : ConfiguredType

account type

Return values
array<string|int, mixed>

array which contains status messages. Each entry is an array containing the status message parameters.

get_alias()

Returns an alias name for the module.

public get_alias() : string

Calling this method does not require the existence of an enclosing .

This function returns a more descriptive string than the class name. Alias names are used for the buttons on the account pages and the module selection in the configuration wizard.
Please take care that your alias name is not too long. It may contain any character but should not include parts that may be interpreted by the browser (e.g. '<' or '>'). If you use different aliases dependent on the account type please make sure that there is a general alias for unknown types.

Tags
see
baseModule::get_metaData()
Return values
string

alias name

get_configOptions()

Returns a list of configuration options.

public get_configOptions(mixed $scopes, mixed $allScopes) : mixed
Parameters
$scopes : mixed

account types (user, group, host)

$allScopes : mixed

list of all active account modules and their account type id (module => array(type id))

Tags
see
baseModule::get_configOptions()
Return values
mixed

htmlElement or array of htmlElement

get_dependencies()

This function returns a list with all depending and conflicting modules.

public get_dependencies() : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

The return value is an array with two sub arrays, "depends" and "conflicts". All values of the conflict array are string values with module names. All values of the depends array are either string values with module names or arrays which include only string values with module names.
If an element of the depends array is itself an array, this means that your module depends on one of these modules.

Example: return array("depends" => array("posixAccount", array("qmail", "sendmail")), "conflicts" => array("exim"))

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

list of dependencies and conflicts

get_help()

This function returns the help entry array for a specific help id.

public get_help(string $id) : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

The result is an hashtable with the following keys:

  • Headline (required)
    The headline of this help entry. Can consist of any alphanumeric characters. No HTML/CSS elements are allowed.
  • Text (required)
    The text of the help entry which may contain any alphanumeric characters.
  • SeeAlso (optional)
    A reference to another related web site. It must be an array containing a field called "text" with the link text that should be displayed and a field called "link" which is the link target.

Example:

array('Headline' => 'This is the head line', 'Text' => 'Help content', 'SeeAlso' => array('text' => 'LAM homepage', 'link' => 'http://www.ldap-account-manager.org/'))
Parameters
$id : string

The id string for the help entry needed.

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

The desired help entry.

get_ldap_filter()

Returns an LDAP filter for the account lists

public get_ldap_filter(string $typeId) : string

Calling this method does not require the existence of an enclosing .

Returns an array('or' => '...', 'and' => '...') that is used to build the LDAP filter. Usually, this is used to filter object classes. All "or" filter parts of the base modules are combined with OR and then combined with the "and" parts.
The resulting LDAP filter will look like this: (&(|(OR1)(OR2)(OR3))(AND1)(AND2)(AND3))

Example: return array('or' => '(objectClass=posixAccount)', 'and' => '(!(uid=*$))')

Parameters
$typeId : string

account type id

Tags
see
baseModule::get_metaData()
Return values
string

LDAP filter

get_metaData()

Returns meta data that is interpreted by parent class

public get_metaData() : array<string|int, mixed>
Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

array with meta data

get_pdfEntries()

Returns the PDF entries for this module.

public get_pdfEntries(mixed $pdfKeys, mixed $typeId) : array<string|int, PDFEntry>
Parameters
$pdfKeys : mixed

list of PDF keys that are included in document

$typeId : mixed

type id (user, group, host)

Tags
see
baseModule::get_pdfEntries()
Return values
array<string|int, PDFEntry>

list of key => PDFEntry

get_pdfFields()

Returns a hashtable with all entries that may be printed out in the PDF.

public get_pdfFields(string $typeId) : array<string|int, mixed>
Parameters
$typeId : string

type id (user, group, host)

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

PDF entries as key => label

get_profileOptions()

This function defines what attributes will be used in the account profiles and their appearance in the profile editor.

public get_profileOptions(mixed $typeId) : htmlElement
Parameters
$typeId : mixed

type id (user, group, host, ...)

Return values
htmlElement

meta HTML object

get_RDNAttributes()

Returns a hash array containing a list of possible LDAP attributes that can be used to form the RDN (Relative Distinguished Name).

public get_RDNAttributes(string $typeId) : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

The returned elements have this form: =>
is the name of the LDAP attribute
defines the priority of the attribute (can be "low", "normal", "high")

Example: return array('uid' => 'normal', 'cn' => 'low')

Parameters
$typeId : string

account type

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

list of attributes

get_scope()

Returns the account type of this module (user, group, host)

public get_scope() : string
Return values
string

account type

get_uploadColumns()

Returns an array containing all input columns for the file upload.

public get_uploadColumns(array<string|int, mixed> $selectedModules, ConfiguredType &$type) : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

This function returns an array which contains subarrays which represent an upload column. Syntax of column arrays:

array(
string: name, // fixed non-translated name which is used as column name (should be of format: _)
string: description, // short descriptive name
string: help, // help ID
string: example, // example value
string: values, // possible input values (optional)
string: default, // default value (optional)
boolean: required // true, if user must set a value for this column
boolean: unique // true if all values of this column must be different values (optional, default: "false")
)

Parameters
$selectedModules : array<string|int, mixed>

list of selected account modules

$type : ConfiguredType

account type

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

column list

get_uploadPreDepends()

Returns a list of module names which must be processed in building the account before this module.

public get_uploadPreDepends() : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

The named modules may not be active, LAM will check this automatically.

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

list of module names

getAccountStatusDetails()

Returns the list of account status detail lines.

public getAccountStatusDetails(ConfiguredType $type, array<string|int, mixed>|null &$attributes) : array<string|int, AccountStatusDetails>
Parameters
$type : ConfiguredType

account type

$attributes : array<string|int, mixed>|null

LDAP attributes (use account container attributes if not provided)

Tags
inheritDoc
Return values
array<string|int, AccountStatusDetails>

status details

getAccountStatusPossibleLockOptions()

Returns a list of options how the account could be locked.

public getAccountStatusPossibleLockOptions(ConfiguredType $type, array<string|int, mixed>|null &$attributes) : array<string|int, AccountStatusDetails>
Parameters
$type : ConfiguredType

type

$attributes : array<string|int, mixed>|null

LDAP attributes

Tags
inheritDoc
Return values
array<string|int, AccountStatusDetails>

lock options

getAccountStatusRequiredAttributes()

Returns the list of LDAP attributes that must be read to get the account status.

public getAccountStatusRequiredAttributes(ConfiguredType $type) : array<string|int, mixed>
Parameters
$type : ConfiguredType

type

Tags
inheritDoc
Return values
array<string|int, mixed>

attribute names

getAttributes()

Returns the LDAP attributes which are managed in this module.

public getAttributes() : array<string|int, mixed>
Return values
array<string|int, mixed>

attributes

getButtonStatus()

Controls if the module button the account page is visible and activated.

public getButtonStatus() : string

Calling this method requires the existence of an enclosing .

Possible return values:

  • enabled: button is visible and active
  • disabled: button is visible and deactivated (greyed)
  • hidden: no button will be shown
Return values
string

status ("enabled", "disabled", "hidden")

getDomainPolicyAttribute()

Returns the value of a domain policy attribute.

public static getDomainPolicyAttribute(string $attributeName) : array<string|int, mixed>
Parameters
$attributeName : string

attribute name

Return values
array<string|int, mixed>

value

getFileTime()

Returns a value in file time (100 ns since 1601-01-01).

public static getFileTime(int $value) : DateTime
Parameters
$value : int

time value as int

Return values
DateTime

time value

getGlobalConfigOptions()

Returns a list of config options for LAM's main configuration.

public getGlobalConfigOptions(array<string|int, mixed> $currentSettings) : array<string|int, htmlElement>
Parameters
$currentSettings : array<string|int, mixed>

current settings

Return values
array<string|int, htmlElement>

config options

getGroupList()

Returns the list of groups.

public getGroupList() : array<string|int, mixed>
Return values
array<string|int, mixed>

DNs of Windows groups

getIcon()

Returns the path to the module icon.

public getIcon() : unknown

The path must be relative to graphics (e.g. key.png) or an URL (/icons/icon.png or http://server/icon.png). You can also set $this->meta['icon']. The preferred size is 32x32px.

Tags
see
baseModule::get_metaData()
Return values
unknown

getLDAPAliases()

Returns a list of aliases for LDAP attributes.

public getLDAPAliases(string $typeId) : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

All alias attributes will be renamed to the given attribute names.

Parameters
$typeId : string

type id (user, group, host)

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

list of aliases like array("alias name" => "attribute name")

getLinkToSpecialSelfServicePage()

This allows modules to create a link to a module specific page for the self service.

public getLinkToSpecialSelfServicePage(array<string|int, mixed> $settings) : string

The link is shown on the login page of the self service. You can use this to provide e.g. a page to reset passwords.

Parameters
$settings : array<string|int, mixed>

self service settings

Return values
string

link text (null if no special page used)

getListAttributeDescriptions()

Returns a list of attribute descriptions for the account list.

public getListAttributeDescriptions(ConfiguredType $type) : array<string|int, mixed>
Parameters
$type : ConfiguredType

type

Tags
inheritDoc
Return values
array<string|int, mixed>

attribute name => description label

getListFilterFunction()

Returns a callable if there should be a custom filtering for the given attribute name.

public getListFilterFunction(string $attributeName) : callable|null
Parameters
$attributeName : string

attribute name

Return values
callable|null

custom function for filtering (?array $values, ?string $filterValue)

getListRenderFunction()

Returns a callable if there should be a custom display for the given attribute name.

public getListRenderFunction(string $attributeName) : callable|null
Parameters
$attributeName : string

attribute name

Tags
inheritDoc
Return values
callable|null

custom function for rendering (array $entry, string $attribute)

getManagedAttributes()

Returns a list of LDAP attributes which are managed by this module.

public getManagedAttributes(string $typeId) : array<string|int, mixed>

All attribute names will be renamed to match the given spelling.

Parameters
$typeId : string

type id (user, group, host)

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

list of attributes

getManagedHiddenAttributes()

Returns a list of operational LDAP attributes which are managed by this module and need to be explicitly set for LDAP search.

public getManagedHiddenAttributes(string $typeId) : array<string|int, mixed>
Parameters
$typeId : string

account type id

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

list of hidden attributes

getManagedObjectClasses()

Returns a list of managed object classes for this module.

public getManagedObjectClasses(string $typeId) : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

This is used to fix spelling errors in LDAP-Entries (e.g. if "posixACCOUNT" is read instead of "posixAccount" from LDAP).

Example: return array('posixAccount')

Parameters
$typeId : string

type id (user, group, host)

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

list of object classes

getOriginalAttributes()

Returns the LDAP attributes which are managed in this module (with unchanged values).

public getOriginalAttributes() : array<string|int, mixed>
Return values
array<string|int, mixed>

attributes

getPasswordLocked()

Returns if the account is currently deactivated.

public static getPasswordLocked(array<string|int, mixed> $attrs) : DateTime|false
Parameters
$attrs : array<string|int, mixed>

LDAP attributes

Return values
DateTime|false

false or locked till

getPasswordQuickChangeChanges()

Returns a list of LDAP attribute changes to perform.

public getPasswordQuickChangeChanges(string $password) : array<string|int, mixed>
Parameters
$password : string

new password

Tags
inheritDoc
Return values
array<string|int, mixed>

LDAP attribute values (attr_name => array(attr_value))

getPasswordQuickChangeIsPasswordInHistory()

Returns if the password is not same as an old password from history.

public getPasswordQuickChangeIsPasswordInHistory(string $password) : bool
Parameters
$password : string

new password

Tags
inheritDoc
Return values
bool

is in history

getPasswordQuickChangePasswordStrengthAttributes()

Returns additional attribute values to check when password strength is validated.

public getPasswordQuickChangePasswordStrengthAttributes() : array<string|int, mixed>
Tags
inheritDoc
Return values
array<string|int, mixed>

attribute values

getPasswordQuickChangePasswordStrengthUserName()

Returns the user name if known to be validated for password strength.

public getPasswordQuickChangePasswordStrengthUserName() : string|null
Tags
inheritDoc
Return values
string|null

user name

getRequiredExtensions()

This function returns a list of PHP extensions (e.g. hash) which are needed by this module.

public getRequiredExtensions() : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

extensions

getSelfServiceFields()

Returns a list of possible input fields and their descriptions.

public getSelfServiceFields() : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

Format: array( => )

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

fields

getSelfServiceOptions()

Returns the meta HTML code for each input field.

public getSelfServiceOptions(array<string|int, mixed> $fields, array<string|int, mixed> $attributes, bool $passwordChangeOnly, array<string|int, mixed> $readOnlyFields) : array<string|int, mixed>

format: array( => array(<META HTML>), ...) It is not possible to display help links.

Parameters
$fields : array<string|int, mixed>

list of active fields

$attributes : array<string|int, mixed>

attributes of LDAP account

$passwordChangeOnly : bool

indicates that the user is only allowed to change his password and no LDAP content is readable

$readOnlyFields : array<string|int, mixed>

list of read-only fields

Return values
array<string|int, mixed>

list of meta HTML elements (field name => htmlResponsiveRow)

getSelfServiceSearchAttributes()

This function returns a list of possible LDAP attributes (e.g. uid, cn, ...) which can be used to search for LDAP objects.

public getSelfServiceSearchAttributes() : array<string|int, mixed>

Calling this method does not require the existence of an enclosing .

Tags
see
baseModule::get_metaData()
Return values
array<string|int, mixed>

attributes

getSelfServiceSettings()

Returns a list of self service configuration settings.

public getSelfServiceSettings(selfServiceProfile $profile) : htmlElement

Calling this method does not require the existence of an enclosing .

The name attributes are used as keywords to load and save settings. We recommend to use the module name as prefix for them (e.g. posixAccount_homeDirectory) to avoid naming conflicts.

Parameters
$profile : selfServiceProfile

currently edited profile

Tags
see
baseModule::get_metaData()
see
htmlElement
Return values
htmlElement

meta HTML object

getSupportedJobs()

Returns a list of jobs that can be run.

public getSupportedJobs(LAMConfig &$config) : array<string|int, mixed>
Parameters
$config : LAMConfig

configuration

Return values
array<string|int, mixed>

list of jobs

getWildCardReplacements()

Returns a list of wildcards that can be replaced in input fields.

public getWildCardReplacements() : array<string|int, mixed>
Return values
array<string|int, mixed>

replacements as wildcard => value

handleAjaxRequest()

Manages AJAX requests.

public handleAjaxRequest() : mixed

This function may be called with or without an account container.

Return values
mixed

hasOnlyVirtualChildren()

Defines if the LDAP entry has only virtual child entries. This is the case for e.g. LDAP views.

public hasOnlyVirtualChildren() : bool
Return values
bool

has only virtual children

init()

Initializes the module after it became part of an accountContainer

public init(string $base) : mixed
Parameters
$base : string

the name of the accountContainer object ($_SESSION[$base])

Return values
mixed

is_base_module()

Returns true if your module is a base module and otherwise false.

public is_base_module() : bool

Calling this method does not require the existence of an enclosing .

Every account type needs exactly one base module. A base module manages a structural object class. E.g. the inetOrgPerson module is a base module since its object class is structural.

Tags
see
baseModule::get_metaData()
Return values
bool

true if base module (defaults to false if no meta data is provided)

isAccountExpired()

Returns if the given account is expired.

public static isAccountExpired(array<string|int, mixed> $attrs) : bool
Parameters
$attrs : array<string|int, mixed>

LDAP attributes

Return values
bool

expired

isDeactivated()

Returns if the account is currently deactivated.

public static isDeactivated(array<string|int, mixed> $attrs) : bool
Parameters
$attrs : array<string|int, mixed>

LDAP attributes

Return values
bool

is deactivated

isNeverExpiring()

Returns if the account never expires.

public static isNeverExpiring(array<string|int, mixed> $attrs) : bool
Parameters
$attrs : array<string|int, mixed>

LDAP attributes

Return values
bool

never expires

isSmartCardRequired()

Returns if the account requires a smartcard to login.

public static isSmartCardRequired(array<string|int, mixed> $attrs) : bool
Parameters
$attrs : array<string|int, mixed>

LDAP attributes

Return values
bool

requires a smartcard

load_attributes()

This function loads all needed LDAP attributes.

public load_attributes(array<string|int, mixed> $attr) : mixed
Parameters
$attr : array<string|int, mixed>

list of attributes

Return values
mixed

load_Messages()

This function fills the $messages variable with output messages from this module.

public load_Messages() : mixed
Return values
mixed

load_profile()

Loads the values of an account profile into internal variables.

public load_profile(array<string|int, mixed> $profile) : mixed
Parameters
$profile : array<string|int, mixed>

hash array with profile values (identifier => value)

Return values
mixed

loadAttributesFromAccountCopy()

Loads the LDAP data from an account to copy.

public loadAttributesFromAccountCopy(array<string|int, mixed> $ldapAttributes[, array<string|int, mixed> $attributesToIgnore = [] ]) : void
Parameters
$ldapAttributes : array<string|int, mixed>

LDAP attributes of copy

$attributesToIgnore : array<string|int, mixed> = []

list of attributes to ignore during load (defaults to self::ATTRIBUTES_TO_IGNORE_ON_COPY_DEFAULT)

Return values
void

managesPasswordAttributes()

This method specifies if a module manages password attributes. The module alias will then appear as option in the GUI.

public managesPasswordAttributes() : bool


If the module only wants to get notified about password changes then return false.

Return values
bool

true if this module manages password attributes

module_complete()

This function is used to check if all settings for this module have been made.

public module_complete() : bool

Calling this method requires the existence of an enclosing .

This function tells LAM if it can create/modify the LDAP account. If your module needs any additional input then set this to false. The user will be notified that your module needs more input.
This method's return value defaults to true.

Return values
bool

true, if settings are complete

module_ready()

This function is used to check if this module page can be displayed.

public module_ready() : bool

Calling this method requires the existence of an enclosing .

Your module might depend on input of other modules. This function determines if the user can change to your module page or not. The return value is true if your module accepts input, otherwise false.
This method's return value defaults to true.

Return values
bool

true, if page can be displayed

passwordChangeRequested()

This function is called whenever the password should be changed. Account modules must change their password attributes only if the modules list contains their module name.

public passwordChangeRequested(string $password, array<string|int, mixed> $modules, bool $forcePasswordChange) : array<string|int, mixed>
Parameters
$password : string

new password

$modules : array<string|int, mixed>

list of modules for which the password should be changed

$forcePasswordChange : bool

force the user to change his password at next login

Return values
array<string|int, mixed>

list of error messages if any as parameter array for StatusMessage e.g. return array(array('ERROR', 'Password change failed.'))

postDeleteActions()

Allows the module to run commands after the LDAP entry is deleted.

public postDeleteActions() : array<string|int, mixed>

Calling this method requires the existence of an enclosing .

Return values
array<string|int, mixed>

Array which contains status messages. Each entry is an array containing the status message parameters.

postModifyActions()

Runs the postmodify actions.

public postModifyActions(bool $newAccount, array<string|int, mixed> $attributes) : array<string|int, mixed>
Parameters
$newAccount : bool
$attributes : array<string|int, mixed>

LDAP attributes of this entry

Tags
see
baseModule::postModifyActions()
Return values
array<string|int, mixed>

array which contains status messages. Each entry is an array containing the status message parameters.

postModifySelfService()

Allows the module to run commands after the LDAP entry is changed or created.

public postModifySelfService(bool $newAccount, array<string|int, mixed> $attributes) : bool
Parameters
$newAccount : bool

is new account or existing one

$attributes : array<string|int, mixed>

LDAP attributes of this entry

Return values
bool

true, if no problems occurred

preDeleteActions()

Allows the module to run commands before the LDAP entry is deleted.

public preDeleteActions() : array<string|int, mixed>

Calling this method requires the existence of an enclosing .

Return values
array<string|int, mixed>

Array which contains status messages. Each entry is an array containing the status message parameters.

preModifyActions()

Allows the module to run commands before the LDAP entry is changed or created.

public preModifyActions(bool $newAccount, array<string|int, mixed> &$attributes) : array<string|int, mixed>

Calling this method requires the existence of an enclosing .

The modification is aborted if an error message is returned.

Parameters
$newAccount : bool

new account

$attributes : array<string|int, mixed>

LDAP attributes of this entry (added/modified attributes are provided as reference, handle modifications of $attributes with care)

Return values
array<string|int, mixed>

array which contains status messages. Each entry is an array containing the status message parameters.

preModifySelfService()

Allows the module to run commands before the LDAP entry is changed or created.

public preModifySelfService(bool $newAccount, array<string|int, mixed> $attributes) : bool

An error message should be printed if the function returns false.

Parameters
$newAccount : bool

is new account or existing one

$attributes : array<string|int, mixed>

LDAP attributes of this entry

Return values
bool

true, if no problems occurred

process_accountexpires()

Processes user input of the account expiration page.

public process_accountexpires() : array<string|int, mixed>
Return values
array<string|int, mixed>

list of info/error messages

process_attributes()

Processes user input of the primary module page.

public process_attributes() : array<string|int, mixed>

It checks if all input values are correct and updates the associated LDAP attributes.

Return values
array<string|int, mixed>

list of info/error messages

process_group()

Processes user input of the group selection page.

public process_group() : array<string|int, mixed>

It checks if all input values are correct and updates the associated LDAP attributes.

Return values
array<string|int, mixed>

list of info/error messages

process_manager()

Processes user input of the manager page.

public process_manager() : array<string|int, mixed>

It checks if all input values are correct and updates the associated LDAP attributes.

Return values
array<string|int, mixed>

list of info/error messages

process_photo()

Sets a new photo.

public process_photo() : mixed
Return values
mixed

process_userWorkstations()

Processes user input of the workstation page.

public process_userWorkstations() : array<string|int, mixed>

It checks if all input values are correct and updates the associated LDAP attributes.

Return values
array<string|int, mixed>

list of info/error messages

pwdAttributeValue()

Creates the LDAP password value.

public static pwdAttributeValue(string $password) : mixed
Parameters
$password : string

password

Return values
mixed

runGlobalCronActions()

Runs any global cron actions.

public runGlobalCronActions(bool $isDryRun) : void
Parameters
$isDryRun : bool

dry-run active

Tags
throws
LAMException

error during execution

Return values
void

save_attributes()

Returns a list of modifications which have to be made to the LDAP account.

public save_attributes() : array<string|int, mixed>
Return values
array<string|int, mixed>

list of modifications
This function returns an array with 3 entries:
array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
DN is the DN to change. It may be possible to change several DNs (e.g. create a new user and add him to some groups via attribute memberUid)
"add" are attributes which have to be added to LDAP entry
"remove" are attributes which have to be removed from LDAP entry
"modify" are attributes which have to been modified in LDAP entry
"info" are values with informational value (e.g. to be used later by pre/postModify actions)

setExpirationDate()

Sets the expiration date of this account.

public setExpirationDate(string $year, string $month, string $day) : mixed

If all parameters are null the expiration date will be removed.

Parameters
$year : string

year (e.g. 2040)

$month : string

month (e.g. 8)

$day : string

day (e.g. 27)

Return values
mixed

setIsDeactivated()

Sets if the account is currently deactivated.

public setIsDeactivated(bool $deactivated[, array<string|int, mixed> &$attrs = null ]) : mixed
Parameters
$deactivated : bool

is deactivated

$attrs : array<string|int, mixed> = null

LDAP attributes to modify (default $this->attributes)

Return values
mixed

setIsNeverExpiring()

Sets if the account never expires.

public static setIsNeverExpiring(array<string|int, mixed> &$attrs, bool $neverExpires) : mixed
Parameters
$attrs : array<string|int, mixed>

LDAP attributes to modify

$neverExpires : bool

never expires

Return values
mixed

setIsSmartCardRequired()

Sets if the account requires a smartcard to login.

public static setIsSmartCardRequired(array<string|int, mixed> &$attrs, bool $requireCard) : mixed
Parameters
$attrs : array<string|int, mixed>

LDAP attributes to modify

$requireCard : bool

requires a smartcard

Return values
mixed

supportsAdminInterface()

Specifies if this module supports the LAM admin interface.

public supportsAdminInterface() : bool

The LAM admin interface are the pages that allow to manage e.g. users and groups. In contrast there is also the LAM self service interface. Most modules support the admin interface.

Return values
bool

support admin interface

supportsForcePasswordChange()

Specifies if this module supports to force that a user must change his password on next login.

public supportsForcePasswordChange() : bool
Return values
bool

force password change supported

supportsGlobalCronJob()

Specifies if the module supports global cron job actions.

public supportsGlobalCronJob() : bool
Return values
bool

supports cron

supportsPasswordQuickChangePage()

Specifies if the module support password quick change for the current account.

public supportsPasswordQuickChangePage() : bool
Tags
inheritDoc
Return values
bool

password quick change page supported

unlockPassword()

Unlocks the user password. This resets 'lockoutTime' to 0.

public unlockPassword([array<string|int, mixed>|null &$attributes = null ]) : mixed
Parameters
$attributes : array<string|int, mixed>|null = null

LDAP attributes

Return values
mixed

addDoubleSelectionArea()

Adds an area with two multi-select fields with buttons to move items from right to left and vice-versa.

protected addDoubleSelectionArea(htmlResponsiveRow &$container, string $labelFirst, string $labelSecond, array<string|int, string> $optionsFirst, array<string|int, string> $selectedFirst, array<string|int, string> $optionsSecond, array<string|int, string> $selectedSecond, string $namePrefix[, bool $rightToLeftText = false ][, bool $showFilter = false ]) : mixed

The options of the selects must be presorted.
Names:

  • First select: $namePrefix_1
  • Second select: $namePrefix_2
  • Button move left: $namePrefix_left
  • Button move right: $namePrefix_right
Parameters
$container : htmlResponsiveRow

row

$labelFirst : string

label of first select

$labelSecond : string

label of second select

$optionsFirst : array<string|int, string>

options of first select ('label' => 'value')

$selectedFirst : array<string|int, string>

selected options of first select

$optionsSecond : array<string|int, string>

options of first select ('label' => 'value')

$selectedSecond : array<string|int, string>

selected options of second select

$namePrefix : string

prefix for select field and button names

$rightToLeftText : bool = false

sets the text direction in select to right to left

$showFilter : bool = false

displays a live filter

Return values
mixed

addMultiValueInputTextField()

Adds a text input field that may contain multiple values to the given htmlResponsiveRow.

protected addMultiValueInputTextField(htmlResponsiveRow &$container, string $attrName, string $label[, bool $required = false ][, int $length = null ][, bool $isTextArea = false ][, array<string|int, mixed> $autoCompleteValues = null ][, int $fieldSize = null ][, array<string|int, mixed> &$htmlIDs = null ][, string $cssClasses = '' ]) : mixed

The field name will be the same as the attribute name plus a counting number (e.g. street_0). The last field will be followed by a button to add a new value. This is named add_{attribute name} (e.g. add_street). There must be a help entry with the attribute name as ID. A new line will also be added after this entry so multiple calls will show the fields one below the other.

Parameters
$container : htmlResponsiveRow

parent container

$attrName : string

attribute name

$label : string

label name

$required : bool = false

this is a required field (default false)

$length : int = null

field length

$isTextArea : bool = false

show as text area (default false)

$autoCompleteValues : array<string|int, mixed> = null

values for auto-completion

$fieldSize : int = null

field size

$htmlIDs : array<string|int, mixed> = null

reference to array where to add the generated HTML IDs of the input fields

$cssClasses : string = ''

additional CSS classes of input fields

Return values
mixed

addMultiValueSelectField()

Adds a select field type that may contain multiple values to the given htmlTable.

protected addMultiValueSelectField(htmlResponsiveRow &$container, string $attrName, string $label, array<string|int, mixed> $options[, bool $hasDescriptiveOptions = false ][, bool $required = false ][, int $fieldSize = 1 ][, array<string|int, mixed> &$htmlIDs = null ]) : mixed

The field name will be the same as the attribute name plus a counting number (e.g. street_0). The last field will be followed by a button to add a new value. This is named add_{attribute name} (e.g. add_street). There must be a help entry with the attribute name as ID. A new line will also be added after this entry so multiple calls will show the fields one below the other.

Parameters
$container : htmlResponsiveRow

parent container

$attrName : string

attribute name

$label : string

label name

$options : array<string|int, mixed>

options for the selects

$hasDescriptiveOptions : bool = false

has descriptive options

$required : bool = false

this is a required field (default false)

$fieldSize : int = 1

field size

$htmlIDs : array<string|int, mixed> = null

reference to array where to add the generated HTML IDs of the input fields

Return values
mixed

addMultiValueSelfServiceTextField()

Adds a simple text input field for the self service.

protected addMultiValueSelfServiceTextField(array<string|int, mixed> &$container, string $name, string $label, array<string|int, mixed> &$fields, array<string|int, mixed> &$attributes, array<string|int, mixed> &$readOnlyFields[, bool $required = false ][, bool $isTextArea = false ][, string $attributeName = null ]) : mixed

The field name will be the same as the class name plus "_" plus attribute name (e.g. posixAccount_cn).

Parameters
$container : array<string|int, mixed>

array that is used as return value for getSelfServiceOptions()

$name : string

attribute name (== field name)

$label : string

label to display in front of input field

$fields : array<string|int, mixed>

list of active fields

$attributes : array<string|int, mixed>

attributes of LDAP account

$readOnlyFields : array<string|int, mixed>

list of read-only fields

$required : bool = false

field is required

$isTextArea : bool = false

display as text area

$attributeName : string = null

attribute name (defaults to $name)

Return values
mixed

addSimpleInputTextField()

Adds a simple text input field to the given htmlResponsiveRow.

protected & addSimpleInputTextField(htmlResponsiveRow &$container, string $attrName, string $label[, bool $required = false ][, int $length = null ][, bool $isTextArea = false ][, array<string|int, mixed> $autoCompleteValues = null ]) : mixed

The field name will be the same as the attribute name. There must also be a help entry with the attribute name as ID. A new line will also be added after this entry so multiple calls will show the fields one below the other.

Parameters
$container : htmlResponsiveRow

parent container

$attrName : string

attribute name

$label : string

label name

$required : bool = false

this is a required field (default false)

$length : int = null

field length

$isTextArea : bool = false

show as text area (default false)

$autoCompleteValues : array<string|int, mixed> = null

values for auto-completion

Return values
mixed

reference to htmlResponsiveInputField/htmlResponsiveInputTextarea

addSimplePDFField()

Adds a simple PDF entry to the given array.

protected addSimplePDFField(array<string|int, mixed> &$result, string $name, string $label[, string $attrName = null ][, string $delimiter = ', ' ]) : mixed
Parameters
$result : array<string|int, mixed>

result array (entry will be added here)

$name : string

ID

$label : string

label name

$attrName : string = null

attribute name (default: =$name)

$delimiter : string = ', '

delimiter if multiple attribute values exist (default: ", ")

Return values
mixed

addSimpleReadOnlyField()

Adds a simple read-only field to the given container.

protected addSimpleReadOnlyField(htmlResponsiveRow &$container, string $attrName, string $label) : mixed
Parameters
$container : htmlResponsiveRow

parent container

$attrName : string

attribute name

$label : string

field label

Return values
mixed

addSimpleSelfServiceTextField()

Adds a simple text input field for the self service.

protected addSimpleSelfServiceTextField(array<string|int, mixed> &$container, string $name, string $label, array<string|int, mixed> &$fields, array<string|int, mixed> &$attributes, array<string|int, mixed> &$readOnlyFields[, bool $required = false ][, bool $isTextArea = false ][, string $attributeName = null ]) : mixed

The field name will be the same as the class name plus "_" plus attribute name (e.g. posixAccount_cn).

Parameters
$container : array<string|int, mixed>

array that is used as return value for getSelfServiceOptions()

$name : string

attribute name (== field name)

$label : string

label to display in front of input field

$fields : array<string|int, mixed>

list of active fields

$attributes : array<string|int, mixed>

attributes of LDAP account

$readOnlyFields : array<string|int, mixed>

list of read-only fields

$required : bool = false

field is required

$isTextArea : bool = false

display as text area

$attributeName : string = null

attribute name (defaults to $name)

Return values
mixed

checkMultiValueSelfServiceTextField()

Checks the input value of a self service multi-value text field.

protected checkMultiValueSelfServiceTextField(array<string|int, mixed> &$container, string $name, array<string|int, mixed> &$attributes, string $fields, array<string|int, mixed> &$readOnlyFields[, string $validationID = null ][, array<string|int, mixed> $validationMessage = null ][, array<string|int, mixed> $requiredMessage = null ][, string $attributeName = null ]) : mixed

The field name must be the same as the class name plus "_" plus attribute name (e.g. posixAccount_cn). If validation is used then there must exist a message named [{attribute name}][0] (e.g. $this->messages['street'][0]).

Parameters
$container : array<string|int, mixed>

return value of checkSelfServiceOptions()

$name : string

attribute name

$attributes : array<string|int, mixed>

LDAP attributes

$fields : string

input fields

$readOnlyFields : array<string|int, mixed>

list of read-only fields

$validationID : string = null

validation ID for get_preg()

$validationMessage : array<string|int, mixed> = null

validation message data (defaults to $this->messages[$name][0])

$requiredMessage : array<string|int, mixed> = null

message data when no value is set by user (no check if null)

$attributeName : string = null

attribute name (defaults to $name)

Return values
mixed

checkSimpleSelfServiceTextField()

Checks the input value of a self service text field.

protected checkSimpleSelfServiceTextField(array<string|int, mixed> &$container, string $name, array<string|int, mixed> &$attributes, string $fields, array<string|int, mixed> &$readOnlyFields[, string $validationID = null ][, array<string|int, mixed> $validationMessage = null ][, array<string|int, mixed> $requiredMessage = null ][, string $attributeName = null ]) : mixed

The field name must be the same as the class name plus "_" plus attribute name (e.g. posixAccount_cn). If validation is used then there must exist a message named [{attribute name}][0] (e.g. $this->messages['street'][0]).

Parameters
$container : array<string|int, mixed>

return value of checkSelfServiceOptions()

$name : string

attribute name

$attributes : array<string|int, mixed>

LDAP attributes

$fields : string

input fields

$readOnlyFields : array<string|int, mixed>

list of read-only fields

$validationID : string = null

validation ID for get_preg()

$validationMessage : array<string|int, mixed> = null

validation message data (defaults to $this->messages[$name][0])

$requiredMessage : array<string|int, mixed> = null

message data when no value is set by user (no check if null)

$attributeName : string = null

attribute name (defaults to $name)

Return values
mixed

getSelfServiceLabel()

Returns the field label. This can be either the given default label or an override value from profile.

protected getSelfServiceLabel(string $fieldID, string $defaultLabel) : string
Parameters
$fieldID : string

field ID

$defaultLabel : string

default label text

Return values
string

label

isBooleanConfigOptionSet()

Returns if the given configuration option is set.

protected isBooleanConfigOptionSet(string $optionName[, bool $default = false ]) : bool

This function returns false if the configuration options cannot be read.

Parameters
$optionName : string

name of the option

$default : bool = false

default value if config option is not set at all (default: false)

Return values
bool

true if option is set

mapSimpleUploadField()

Maps simple upload fields directly to LDAP attribute values.

protected mapSimpleUploadField(array<string|int, mixed> &$rawAccounts, array<string|int, mixed> &$ids, array<string|int, mixed> &$partialAccounts, string $position, string $colName, string $attrName[, string|array<string|int, string> $regex = null ][, array<string|int, mixed> $message = [] ][, array<string|int, mixed> &$errors = [] ][, string $regexSplit = null ]) : mixed
Parameters
$rawAccounts : array<string|int, mixed>

the user input data, contains one subarray for each account.

$ids : array<string|int, mixed>

list of IDs for column position (e.g. "posixAccount_uid" => 5)

$partialAccounts : array<string|int, mixed>

list of hash arrays (name => value) which are later added to LDAP

$position : string

current position in CSV

$colName : string

column name

$attrName : string

LDAP attribute name

$regex : string|array<string|int, string> = null

for get_preg() (e.g. 'ascii')

$message : array<string|int, mixed> = []

error message to add if regex does not match

$errors : array<string|int, mixed> = []

list of error messages if any

$regexSplit : string = null

multiple values are separated and can be split with this preg_split expression (e.g. "/;[ ]?/")

Return values
mixed

processMultiValueInputTextField()

Validates a multi-value text field.

protected processMultiValueInputTextField(string $attrName, array<string|int, mixed> &$errors[, string $validationID = null ][, bool $required = false ]) : mixed

The input fields must be created with function addMultiValueInputTextField(). If validation is used then there must exist a message named [{attribute name}][0] (e.g. $this->messages['street'][0]).

Parameters
$attrName : string

attribute name

$errors : array<string|int, mixed>

errors array where to put validation errors

$validationID : string = null

validation ID for function get_preg() (default: null, null means no validation)

$required : bool = false

the field is required (default: false)

Return values
mixed

processMultiValueSelectField()

Validates a multi-value select field.

protected processMultiValueSelectField(string $attrName) : mixed

The select fields must be created with function addMultiValueSelectField().

Parameters
$attrName : string

attribute name

Return values
mixed

processSimpleTextInput()

Validates a text field.

protected processSimpleTextInput(string $attrName, array<string|int, mixed> &$errors[, bool $required = false ][, string $validationID = null ]) : mixed

If validation is used then there must exist a message named [{attribute name}][0] (e.g. $this->messages['street'][0]).

Parameters
$attrName : string

attribute name

$errors : array<string|int, mixed>

errors array where to put validation errors

$required : bool = false

value required

$validationID : string = null

validation ID for function get_preg() (default: null, null means no validation)

Return values
mixed

buildExpirationDate()

Builds the value for the expiration date.

private buildExpirationDate(int $year, int $month, int $day) : mixed
Parameters
$year : int

year

$month : int

month

$day : int

day

Return values
mixed

checkUploadRegex()

Checks the upload value against a list of regular expressions.

private checkUploadRegex(array<string|int, string> $regexIDs, string $value, array<string|int, mixed> $message, int $position, array<string|int, mixed> &$errors) : value
Parameters
$regexIDs : array<string|int, string>

regular expression IDs for get_preg()

$value : string

value to check

$message : array<string|int, mixed>

error message array if not matching

$position : int

upload position

$errors : array<string|int, mixed>

error messages

Tags
see
get_preg()
Return values
value

is ok

findGroups()

Finds all existing groups.

private findGroups() : array<string|int, mixed>
Return values
array<string|int, mixed>

group DNs

formatAccountExpires()

Returns the formatted value for the account expiration date.

private formatAccountExpires([array<string|int, mixed> $attributes = null ]) : string
Parameters
$attributes : array<string|int, mixed> = null

user attributes ($this->attributes if null)

Return values
string

date or -

formatFileTime()

Formats a value in file time (100 ns since 1601-01-01).

private formatFileTime(int $value) : string
Parameters
$value : int

time value

Return values
string

formatted value

formatGroupName()

Formats a group name for the display.

private formatGroupName(string $cn, string $dn) : string
Parameters
$cn : string

common name

$dn : string

DN

Return values
string

formatted name

formatLastLogonTimestamp()

Returns the formatted value for last login.

private formatLastLogonTimestamp() : string
Return values
string

last login or " - "

formatPwdLastSet()

Returns the formatted value for last password change.

private formatPwdLastSet([array<string|int, mixed> $attributes = null ]) : string
Parameters
$attributes : array<string|int, mixed> = null

user attributes ($this->attributes if null)

Return values
string

last password change or " - "

getCns()

Returns a list of all CNs in LDAP.

private getCns() : array<string|int, mixed>
Return values
array<string|int, mixed>

CN list

getDomainLockoutDuration()

Returns the domain lockout duration for this DN.

private static getDomainLockoutDuration() : mixed
Return values
mixed

getDomains()

Gets the list of possible domains from the config setting.

private getDomains() : array<string|int, mixed>
Return values
array<string|int, mixed>

domain list

getHostList()

Returns a list of existing hosts.

private getHostList() : array<string|int, mixed>
Return values
array<string|int, mixed>

host names

getUserNames()

Returns a list of all user names in LDAP.

private getUserNames() : array<string|int, mixed>
Return values
array<string|int, mixed>

user names

groupDisplayContainsDn()

Returns if the group display name contains the DN.

private groupDisplayContainsDn() : bool
Return values
bool

contains DN.

initCache()

Loads cached data from LDAP such as departmets etc.

private initCache() : mixed
Return values
mixed

manageWorkDetails()

Returns if any of the work details attributes should be managed.

private manageWorkDetails() : bool
Return values
bool

has any work attributes to manage

manualSyncGonToWindows()

Syncs the group of names to Windows.

private manualSyncGonToWindows() : mixed
Return values
mixed

manualSyncUnixToWindows()

Syncs the Unix groups to Windows.

private manualSyncUnixToWindows() : mixed
Return values
mixed

setSelfServicePassword()

Sets the user password in self service.

private setSelfServicePassword(array<string|int, mixed> &$return) : mixed

Since the change requires the old password we need to run ldapmodify for this task.

Enter description here ...

Parameters
$return : array<string|int, mixed>

return value for checkSelfServiceOptions() (used to add message if any)

Return values
mixed

uploadPhoto()

Uploads the photo file.

private uploadPhoto() : array<string|int, mixed>
Return values
array<string|int, mixed>

error messages if any

Search results