API Documentation
Namespaces
Interfaces, Classes, Traits and Enums
- ServerProfilePersistenceStrategy
- Interface to store server profiles.
- passwordService
- This interface needs to be implemented by all account modules which manage passwords.
- AccountStatusProvider
- Provides module information about the status of an LDAP account.
- SelfServicePersistenceStrategy
- Interface for self service profile persistence.
- SelfServiceLoginHandler
- Login handler for self service
- samba3domain
- Represents a Samba 3 domain entry
- moduleCache
- Caches module objects.
- LAMException
- LAM exception with title and message.
- baseModule
- Parent class of all account modules.
- baseType
- This is the parent class of all account types.
- LAMLanguage
- Represents a supported language.
- ServerProfilePersistenceManager
- Manages the persistence of server profiles.
- ServerProfilePersistenceStrategyFiles
- Uses local file system to store server profiles.
- ServerProfilePersistenceStrategyPdo
- Stores server profiles in a database.
- LAMConfig
- This class manages conf files.
- LAMCfgMain
- This class manages config.cfg.
- htmlElement
- Represents a HTML element.
- htmlTable
- Structures elements using a table.
- htmlDataTable
- Table component for client-side controlled data tables.
- htmlDataTableColumn
- Column for data table.
- htmlInputField
- A standard input field.
- htmlHelpLink
- Renders a help link.
- htmlButton
- Simple button.
- htmlAccountPageButton
- Prints a button for the account pages.
- htmlSelect
- Represents a select box.
- htmlRadio
- Represents a radio selection.
- htmlOutputText
- Prints the text and escapes contained HTML code by default.
- htmlInputCheckbox
- Prints the HTML code for a checkbox.
- htmlInputFileUpload
- Prints the HTML code for a file upload field.
- htmlInputTextarea
- Prints the HTML code for a textarea.
- htmlInputColorPicker
- Prints the HTML code for a color picker field.
- htmlResponsiveInputColorPicker
- Color picker with descriptive label and help link.
- htmlImage
- Prints the HTML code for an image.
- htmlSpacer
- Adds an empty space with given width and height.
- htmlStatusMessage
- Prints a status message (e.g. error message).
- htmlTitle
- Generates a title line. This is used for page titles.
- htmlSubTitle
- Generates a subtitle line. This is used to group multiple fields.
- htmlHiddenInput
- Generates a hidden input field.
- htmlLink
- Generates a link.
- htmlContentLink
- Generates a link around a htmlElement.
- htmlGroup
- Groups multiple htmlElements.
- htmlHorizontalLine
- Prints a horizontal line.
- htmlDiv
- Creates a simple DIV element.
- htmlSpan
- Creates a simple SPAN element.
- htmlJavaScript
- Creates a JavaScript element.
- htmlIframe
- Creates a iframe element.
- htmlScript
- Creates a Script element to integrate external JavaScript files.
- htmlLinkCss
- Creates a link element to integrate external CSS files.
- htmlSortableList
- Creates a list of elements that can be sorted by the user via drag'n'drop.
- htmlAccordion
- Creates a list of content elements in accordion style.
- htmlResponsiveRow
- Responsive row with 12 column layout.
- htmlResponsiveCell
- Responsive cell inside htmlResponsiveRow with 12 column layout.
- htmlResponsiveInputField
- A responsive input field that combines label, input field and help.
- htmlResponsiveInputFileUpload
- File upload with descriptive label and help link.
- htmlResponsiveInputTextarea
- Responsive text area with label and help link.
- htmlResponsiveSelect
- Responsive select with label and help link.
- htmlResponsiveRadio
- Responsive select with label and help link.
- htmlResponsiveInputCheckbox
- Responsive checkbox with descriptive label and help link.
- htmlResponsiveTable
- Responsive table.
- htmlCanvas
- Renders a canvas.
- htmlVideo
- Renders a video.
- htmlForm
- Creates a form element for POST.
- htmlList
- Represents a (un)ordered list.
- htmlLabel
- Represents a label.
- htmlProgressbar
- Represents a progress bar.
- Ldap
- Ldap manages connection to LDAP and includes several helper functions.
- lamList
- Generates the list view.
- lamListTool
- Represents a tool which can be included in the account lists.
- lamListOption
- Represents a list configuration option.
- lamBooleanListOption
- Boolean option for list configuration.
- lamSelectListOption
- Boolean option for list configuration.
- account
- Manages the object class "account" for users and hosts.
- asteriskAccount
- Manages the Asterisk extension of user accounts.
- asteriskExtension
- Manages Asterisk extensions.
- asteriskVoicemail
- Manages the Asterisk extension of user accounts.
- authorizedServiceObject
- Provides Authorized Service for accounts.
- courierMailAccount
- Courier mail extension for users.
- courierMailAlias
- Enable the account for Courier Mail Service Aliases
- ddns
- Manages DDNS entries.
- dhcp_settings
- Manages DHCP entries.
- eduPerson
- Manages the eduPerson extension for user accounts.
- fixed_ip
- Manages DHCP host entries.
- freeRadius
- Manages FreeRadius accounts.
- FreeRadiusAccountExpirationCleanupJob
- Job to delete or move users on account expiration.
- FreeRadiusAccountExpirationNotifyJob
- Job to notify users about account expiration.
- generalInformation
- Shows general information like the creation time of an account.
- hostObject
- Manages the hosts to which a user may login.
- ieee802device
- Provides MAC addresses for hosts.
- imapAccess
- Manages mailboxes on an IMAP server.
- inetLocalMailRecipient
- Provides mail routing for users.
- inetOrgPerson
- This module manages LDAP attributes of the object class inetOrgPerson (e.g. name and address).
- kolabGroup
- Manages Kolab group accounts.
- kolabSharedFolder
- Manages Kolab shared folders.
- kolabUser
- Manages Kolab user accounts.
- ldapPublicKey
- Manages SSH public keys.
- nisMailAlias
- Provides NIS mail alias management.
- nisMailAliasUser
- Provides NIS mail alias management.
- nisnetgroup
- Manages entries based on the object class nisNetgroup.
- nisNetGroupHost
- Manages memberships in NIS net groups.
- nisNetGroupUser
- Manages memberships in NIS net groups.
- posixAccount
- Manages the object class "posixAccount" for users and hosts.
- posixGroup
- Manages the object class "posixGroup" for groups.
- puppetClient
- Manages Puppet configuration options.
- pykotaBillingCode
- Manages PyKota billing codes.
- pykotaGroup
- Manages PyKota group accounts.
- pykotaGroupStructural
- Manages PyKota group accounts.
- pykotaPrinter
- Manages PyKota printers.
- pykotaUser
- Manages PyKota user accounts.
- pykotaUserStructural
- Manages PyKota user accounts.
- quota
- Manages quotas for users and groups.
- range
- Manages DHCP ranges for DHCP server.
- sambaDomain
- Manages Samba 3 domain entries.
- sambaGroupMapping
- Manages the object class "sambaGroupMapping" for groups.
- sambaMungedDial
- Manages terminal server settings for Samba 3.
- sambaSamAccount
- Manages the object class "sambaSamAccount" for users and hosts.
- shadowAccount
- Manages the object class "shadowAccount" for users.
- ShadowAccountPasswordNotifyJob
- Job to notify users about password expiration.
- ShadowAccountExpirationNotifyJob
- Job to notify users about account expiration.
- ShadowAccountExpirationCleanupJob
- Job to delete or move users on account expiration.
- systemQuotas
- Manages user quotas with the object class systemQuotas.
- windowsGroup
- Manages Windows AD (e.g. Samba 4) groups.
- windowsHost
- Manages Windows AD (e.g. Samba 4) hosts.
- windowsPosixGroup
- Manages Unix groups in Windows LDAP schema.
- windowsUser
- Manages Windows AD (e.g. Samba 4) users.
- WindowsPasswordNotifyJob
- Job to notify users about password expiration.
- WindowsManagedGroupsNotifyJob
- Job to notify users about their managed groups.
- WindowsAccountExpirationNotifyJob
- Job to notify users about account expiration.
- WindowsAccountExpirationCleanupJob
- Job to delete or move users on account expiration.
- yubiKeyUser
- Manages YubiKey keys.
- accountContainer
- This class includes all modules and attributes of an account.
- PasswordQuickChangeOption
- Option for the password quick change page.
- AccountStatus
- Provides the complete information about the status of an LDAP account.
- AccountStatusDetails
- ScopeAndModuleValidation
- Validation of scope and module names.
- LamTemporaryFilesManager
- Manages temporary files.
- SelfServicePersistence
- Manages reading and writing self-service profiles.
- SelfServicePersistenceStrategyFileSystem
- Uses local file system for storing self service profiles.
- SelfServicePersistenceStrategyPdo
- Uses PDO for storing self service profiles.
- selfServiceProfile
- Includes all settings of a self service profile.
- SelfServiceLdapConnection
- LDAP connection for self service.
- SelfServiceUserPasswordLoginHandler
- Performs login with user and password.
- SelfServiceHttpAuthLoginHandler
- Performs login with HTTP authentication.
- SelfService2FaLoginHandler
- Performs login with pure 2FA.
- LAMTool
- Represents a tool.
- LAMSubTool
- Represents a subtool.
- asteriskExt
- The account type for Asterisk extensions.
- lamAsteriskExtList
- Generates the list view.
- dhcp
- The account type for DHCP
- lamDHCPList
- Generates the list view.
- group
- The account type for group accounts (e.g. Unix and Samba).
- lamGroupList
- Generates the list view.
- host
- The account type for host accounts (e.g. Samba).
- lamHostList
- Generates the list view.
- kolabSharedFolderType
- The account type for Kolab shared folders.
- kolabSharedFolderTypeList
- Generates the list view.
- mailAlias
- The account type for mail aliases.
- lamMailAliasList
- Generates the list view.
- netgroup
- The account type for NIS netgroups.
- lamNetgroupList
- Generates the list view.
- pykotaBillingCodeType
- The account type for PyKota billing codes.
- lamPykotaBillingCodeTypeList
- Generates the list view.
- pykotaPrinterType
- The account type for PyKota printers.
- lamPykotaPrinterTypeList
- Generates the list view.
- smbDomain
- The account type for Samba domains.
- lamSmbDomainList
- Generates the list view.
- user
- The account type for user accounts (e.g. Unix, Samba and Kolab).
- lamUserList
- Generates the list view.
- altSecurityIdentities
- Manages SSH public keys on Windows/Samba 4.
- takUser
- Manages the object class "takUser" for users.
Table of Contents
- ADD = 'add'
- DEL = 'del'
- LAMPDF_FONT_SIZE = 7
- font size
- LAMPDF_FONT_SIZE_BIG = 10
- font size for bigger text
- LAMPDF_LABELWIDTH = 50
- width of a label
- LAMPDF_LINEHEIGHT = 5
- line height
- LAMPDF_LINEWIDTH = 190
- line width
- MOD = 'mod'
- SAMBA_MUNGEDDIAL_FILEHEADER = "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "5000"
- File header
- SAMBA_MUNGEDDIAL_FILEHEADER_OLD = "6d000800200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200064000100" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "50001000"
- File header for old format.
- STAGE_ACTIONS_CALCULATED = 'actionsCalculated'
- STAGE_FINISHED = 'finished'
- STAGE_READ_FINISHED = 'readFinished'
- STAGE_START = 'start'
- STAGE_WRITING = 'writing'
- array_delete() : array<string|int, T>
- This function will return all values from $array without values of $values.
- in_array_ignore_case() : mixed
- Checks if a string exists in an array, ignoring case.
- areArrayContentsEqual() : bool
- Checks if two arrays have the same content.
- natCaseKeySort() : array<string|int, mixed>
- Sorts an array in natural order by its keys.
- ntPassword() : string
- Generates the NT hash of a password.
- pwd_hash() : string
- Returns the hash value of a plain text password.
- getHashType() : string
- Returns the hash type of the given password hash.
- getSupportedHashTypes() : array<string|int, mixed>
- Returns the list of supported hash types (e.g. SSHA).
- generateSalt() : string
- Calculates a password salt of the given length.
- pwd_enable() : string
- Marks an password hash as enabled and returns the new hash string
- pwd_disable() : string
- Marks an password hash as disabled and returns the new hash string
- pwd_is_lockable() : bool
- Checks if a Unix password can be locked.
- pwd_is_enabled() : bool
- Checks if a password hash is enabled/disabled
- generateRandomPassword() : string
- Generates a random password with 14 digits by default.
- generateRandomText() : string
- Generates a random text with 20 letters by default.
- checkPasswordHash() : bool
- Checks if the given password matches the crypto hash.
- getNumberOfCharacterClasses() : int
- Returns the number of character classes in a password.
- search_domains() : array<string|int, mixed>
- Returns an array with all Samba 3 domain entries under the given suffix
- get_preg() : bool
- Checks if a given value matches the selected regular expression.
- convertCommaEscaping() : string
- Converts the comma escaping from Windows to OpenLDAP style.
- connectToLDAP() : mixed
- Connects to an LDAP server using the given URL.
- searchLDAPByAttribute() : array<string|int, mixed>
- This will search the given LDAP suffix for all entries which have the given attribute.
- searchLDAPByFilter() : array<string|int, mixed>
- This will search the given LDAP suffix for all entries which match the given filter.
- searchLDAP() : array<string|int, mixed>
- Runs an LDAP search.
- getLDAPServerHandle() : Connection
- Returns the LDAP server handle.
- searchLDAPPaged() : array<string|int, mixed>
- Runs an LDAP search and uses paging if configured.
- ldapGetDN() : array<string|int, mixed>|null
- Returns the given DN.
- ldapListDN() : array<string|int, mixed>
- Returns the DN and children of a given DN.
- deleteDN() : array<string|int, mixed>
- Deletes a DN and all child entries.
- getCommonLdapControls() : array<string|int, mixed>|null
- Returns a list of LDAP controls for all LDAP calls.
- copyDnRecursive() : void
- Performs a recursive copy from old DN under target DN.
- moveDn() : void
- Moves an LDAP entry.
- getLastLDAPError() : array<string|int, mixed>|null
- Returns the parameters for a StatusMessage of the last LDAP search.
- cleanLDAPResult() : mixed
- Cleans the result of an LDAP search.
- getAbstractDN() : string
- Transforms a DN into a more user friendly format.
- unescapeLdapSpecialCharacters() : string
- Unescapes LDAP special characters for readability.
- unescapeLdapSpecialCharactersCallback() : string
- Callback function for unescaping DN.
- compareDN() : int
- Helper function to sort DNs.
- compareLDAPEntriesByDn() : int
- Helper function to sort LDAP entries by DN.
- lam_base64url_encode() : string
- Does a Base64 encoding that is URL safe.
- lam_base64url_decode() : string
- Does a Base64 decoding that is URL safe.
- formatLDAPTimestamp() : string
- Formats an LDAP time string (e.g. from createTimestamp).
- parseLDAPTimestamp() : DateTime
- Parses an LDAP time stamp and returns a DateTime in current time zone.
- obfuscateText() : string|null
- Simple function to obfuscate strings.
- deobfuscateText() : string|null
- Simple function to deobfuscate strings.
- isObfuscatedText() : bool
- Checks if the given text is obfuscated.
- extractRDNAttribute() : string|null
- Extracts the RDN attribute name from a given DN.
- extractRDNValue() : string|null
- Extracts the RDN attribute value from a given DN.
- extractRDN() : string|null
- Extracts the RDN part of the DN.
- extractDNSuffix() : string|null
- Extracts the DN suffix from a given DN.
- testSmtpConnection() : void
- Checks if the SMTP connection with the given settings is fine.
- sendPasswordMail() : array<string|int, mixed>
- Sends the password mail.
- sendEMail() : mixed
- Sends out an email.
- isCommandlineSafeEmailAddress() : bool
- Checks if an email address is safe for use on commandline
- sendPasswordSms() : array<string|int, mixed>
- Sends the password SMS.
- sendSmsTestMessage() : void
- Sends an SMS test message.
- getSmsPhoneNumber() : string|null
- Returns the SMS phone number of a user.
- getRandomNumber() : int
- Returns a random number.
- getLDAPSSLCertificate() : mixed
- Connects to the LDAP server and extracts the certificates.
- getExtendedLDAPErrorMessage() : string
- Returns the extended LDAP error message if any.
- getDefaultLDAPErrorString() : string
- Returns the default error message to display on the web page.
- ldapIsPasswordExpired() : bool
- Returns if the last LDAP error was due to expired password or forced password change (AD only).
- getExtraInvalidCredentialsMessage() : string
- Tries to get additional information why invalid credentials was returned. E.g. account is locked.
- getCallingURL() : string|null
- Returns the URL under which the page was loaded.
- getTimeZoneOffsetHours() : float
- Returns the offset in hours from the configured time zone to GMT.
- getTimeZone() : DateTimeZone
- Returns the configured time zone.
- getFormattedTime() : mixed
- Returns the current time in formatted form.
- formatSecondsToShortFormat() : string
- Formats a number of seconds to a more human readable format with minutes, hours, etc.
- unformatShortFormatToSeconds() : int|string
- Unformats text like 1m10s back to number of seconds.
- enforceUserIsLoggedIn() : mixed
- Checks if the user is logged in. Stops script execution if not.
- printHeaderContents() : mixed
- Prints the content of the header part.
- printJsIncludes() : mixed
- Prints script tags for all LAM JS files.
- convertUtf8ToUtf16Le() : mixed
- Converts a UTF-8 string to UTF16LE.
- getLAMVersionText() : string
- Returns the text with LAM and its version for header area.
- isDeveloperVersion() : bool
- Returns if the given release is a developer version.
- isValidConfigurationPassword() : bool
- Checks if the configuration password is secure.
- setSSLCaCert() : mixed
- Sets the environment variables for custom SSL CA certificates.
- setlanguage() : mixed
- Sets language settings for automatic translation
- checkChmod() : bool
- Checks whether a specific flag in the rights string is set.
- LAMVersion() : string
- Returns the version number of this LAM installation.
- extractConfigOptionsFromPOST() : array<string|int, mixed>
- Extracts config options from HTTP POST data.
- metaRefresh() : mixed
- Prints a meta refresh page
- isAccountTypeHidden() : bool
- Checks if the given account type is hidden.
- getLanguages() : array<string|int, LAMLanguage>
- Returns a list of all supported languages.
- htmlGetRequiredMarker() : string
- Returns the marker for required values.
- htmlGetRequiredMarkerElement() : htmlSpan
- Returns the marker for required values.
- check_ip() : mixed
- Checks if the given IP is valid.
- getModuleAlias() : string|null
- Returns the alias name of a module
- is_base_module() : bool
- Returns true if the module is a base module
- get_ldap_filter() : string
- Returns the LDAP filter used by the account lists
- getRDNAttributes() : array<string|int, mixed>
- Returns a list of LDAP attributes which can be used to form the RDN.
- getModulesDependencies() : array<string|int, mixed>
- Returns a hash array (module name => dependencies) of all module dependencies
- check_module_depends() : mixed
- Checks if there are missing dependencies between modules.
- check_module_conflicts() : false|array<int, array<string|int, string>>
- Checks if there are conflicts between modules
- getAvailableModules() : array<string|int, string>
- Returns an array with all available user module names
- getAllModules() : array<string|int, baseModule>
- Returns an array with all modules.
- getProfileOptions() : array<string|int, mixed>
- Returns the elements for the profile page.
- checkProfileOptions() : array<string|int, mixed>
- Checks if the profile options are valid
- getConfigOptions() : array<string|int, mixed>
- Returns a hash array (module name => elements) of all module options for the configuration page.
- checkConfigOptions() : array<string|int, mixed>
- Checks if the configuration options are valid
- getHelp() : array<string|int, mixed>
- Returns a help entry from an account module.
- getAvailablePDFFields() : array<string|int, mixed>
- Returns a list of available PDF entries.
- getUploadColumns() : array<string|int, mixed>
- Returns an array containing all input columns for the file upload.
- buildUploadAccounts() : mixed
- This function builds the LDAP accounts for the file upload.
- doUploadPreActions() : array<string|int, mixed>
- Runs any actions that need to be done before an LDAP entry is created.
- doUploadPostActions() : array<string|int, mixed>
- This function executes one post upload action.
- getRequiredExtensions() : array<string|int, mixed>
- Returns true if the module is a base module
- parseHtml() : array<string|int, mixed>
- Takes a list of meta-HTML elements and prints the equivalent HTML output.
- printHelpLink() : mixed
- Prints a LAM help link.
- lam_start_session() : mixed
- Starts a session and sets the cookie options.
- lamDefaultCookieOptions() : array<string|int, mixed>
- startSecureSession() : bool
- Starts a session and checks the environment.
- isFileBasedSession() : bool
- Returns if the session uses files storage.
- checkClientIP() : mixed
- Checks if the client's IP address is on the list of allowed IPs.
- logoffAndBackToLoginPage() : void
- Logs off the user and displays the login page.
- isDebugLoggingEnabled() : bool
- Returns if debug messages are to be logged.
- logNewMessage() : void
- Puts a new message in the log file.
- checkIfWriteAccessIsAllowed() : bool
- Checks if write access to LDAP is allowed.
- checkIfPasswordChangeIsAllowed() : bool
- Checks if passwords may be changed.
- checkIfNewEntriesAreAllowed() : bool
- Checks if it is allowed to create new LDAP entries of the given type.
- checkIfDeleteEntriesIsAllowed() : bool
- Checks if it is allowed to delete LDAP entries of the given type.
- checkPasswordStrength() : true|string
- Checks if the password fulfills the password policies.
- checkPwdWithExternalPasswordService() : bool
- Checks the password against the external password service.
- checkIfToolIsActive() : mixed
- Checks if the given tool is active.
- isLoggedIn() : bool
- Returns if the user is logged in.
- getClientIPForLogging() : string
- Returns the client IP and comma separated proxy IPs if any (HTTP_X_FORWARDED_FOR, HTTP_X_REAL_IP).
- getLamLdapUser() : string
- Returns the login dn of the current user.
- addSecurityTokenToSession() : void
- Adds a security token to the session to prevent CSRF attacks.
- validateSecurityToken() : mixed
- Checks if the security token from SESSION matches POST data.
- addSecurityTokenToMetaHTML() : mixed
- Adds a hidden input field to the given meta HTML table.
- getSecurityTokenName() : string
- Returns the name of the security token parameter.
- getSecurityTokenValue() : string
- Returns the value of the security token parameter.
- setLAMHeaders() : mixed
- Sets the X-Frame-Options and Content-Security-Policy header to prevent clickjacking.
- lamEncrypt() : string
- Encrypts a string
- lamDecrypt() : string
- Decrypts a string
- lamEncryptionAlgo() : string
- Returns the encryption algorithm to use.
- lamLogRemoteMessage() : mixed
- Logs a message to a remote logging service.
- isLAMProVersion() : bool
- Returns if this is a LAM Pro installation.
- getSelfServiceSearchAttributes() : array<string|int, mixed>
- Returns a list of possible search attributes for the self service.
- getSelfServiceFieldSettings() : array<string|int, mixed>
- Returns the field settings for the self service.
- getSelfServiceOptions() : array<string|int, mixed>
- Returns meta HTML code for each self service field.
- checkSelfServiceOptions() : array<string|int, mixed>
- Checks if all input values are correct and returns the LDAP commands which should be executed.
- getSelfServiceSettings() : array<string|int, mixed>
- Returns a hash array (module name => elements) of all module options for the configuration page.
- checkSelfServiceSettings() : array<string|int, mixed>
- Checks if the self service settings are valid
- isSelfService() : bool
- Returns if script runs inside self service.
- openSelfServiceLdapConnection() : Connection|null
- Opens the LDAP connection and returns the handle. No bind is done.
- bindLdapUser() : bool
- Binds the LDAP connections with given user and password.
- StatusMessage() : string
- This function prints a short status message. It can be used to print INFO, WARN and ERROR messages.
- getTools() : array<string|int, mixed>
- Returns the tools which are available for LAM.
Constants
ADD
public
mixed
ADD
= 'add'
DEL
public
mixed
DEL
= 'del'
LAMPDF_FONT_SIZE
font size
public
mixed
LAMPDF_FONT_SIZE
= 7
LAMPDF_FONT_SIZE_BIG
font size for bigger text
public
mixed
LAMPDF_FONT_SIZE_BIG
= 10
LAMPDF_LABELWIDTH
width of a label
public
mixed
LAMPDF_LABELWIDTH
= 50
LAMPDF_LINEHEIGHT
line height
public
mixed
LAMPDF_LINEHEIGHT
= 5
LAMPDF_LINEWIDTH
line width
public
mixed
LAMPDF_LINEWIDTH
= 190
MOD
public
mixed
MOD
= 'mod'
SAMBA_MUNGEDDIAL_FILEHEADER
File header
public
mixed
SAMBA_MUNGEDDIAL_FILEHEADER
= "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "5000"
SAMBA_MUNGEDDIAL_FILEHEADER_OLD
File header for old format.
public
mixed
SAMBA_MUNGEDDIAL_FILEHEADER_OLD
= "6d000800200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200064000100" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "20002000200020002000200020002000" . "50001000"
STAGE_ACTIONS_CALCULATED
public
mixed
STAGE_ACTIONS_CALCULATED
= 'actionsCalculated'
STAGE_FINISHED
public
mixed
STAGE_FINISHED
= 'finished'
STAGE_READ_FINISHED
public
mixed
STAGE_READ_FINISHED
= 'readFinished'
STAGE_START
public
mixed
STAGE_START
= 'start'
STAGE_WRITING
public
mixed
STAGE_WRITING
= 'writing'
Functions
array_delete()
This function will return all values from $array without values of $values.
array_delete(array<string|int, T> $values, array<string|int, T>|null $array) : array<string|int, T>
Parameters
- $values : array<string|int, T>
-
list of values which should be removed
- $array : array<string|int, T>|null
-
list of original values
Tags
Return values
array<string|int, T> —list of remaining values
in_array_ignore_case()
Checks if a string exists in an array, ignoring case.
in_array_ignore_case(string|null $needle, array<string|int, mixed>|null $haystack) : mixed
Parameters
- $needle : string|null
-
search string
- $haystack : array<string|int, mixed>|null
-
array
Return values
mixed —areArrayContentsEqual()
Checks if two arrays have the same content.
areArrayContentsEqual(array<string|int, mixed> $array1, array<string|int, mixed> $array2) : bool
Parameters
- $array1 : array<string|int, mixed>
-
array 1
- $array2 : array<string|int, mixed>
-
array 2
Return values
bool —same content
natCaseKeySort()
Sorts an array in natural order by its keys.
natCaseKeySort(array<string|int, mixed> $toSort) : array<string|int, mixed>
Parameters
- $toSort : array<string|int, mixed>
-
array to sort
Return values
array<string|int, mixed> —sorted array
ntPassword()
Generates the NT hash of a password.
ntPassword(string $password) : string
Parameters
- $password : string
-
password original password
Return values
string —password hash
pwd_hash()
Returns the hash value of a plain text password.
pwd_hash(string|null $password[, bool $enabled = true ][, string $hashType = 'SSHA' ]) : string
Parameters
- $password : string|null
-
the password string
- $enabled : bool = true
-
marks the hash as enabled/disabled (e.g. by prefixing "!")
- $hashType : string = 'SSHA'
-
password hash type (CRYPT, CRYPT-SHA512, SHA, SSHA, MD5, SMD5, PLAIN, K5KEY)
Tags
Return values
string —the password hash
getHashType()
Returns the hash type of the given password hash.
getHashType(string|null $hash) : string
This will return PLAIN if no supported hash type was found.
Parameters
- $hash : string|null
-
password hash
Return values
string —type (e.g. SSHA)
getSupportedHashTypes()
Returns the list of supported hash types (e.g. SSHA).
getSupportedHashTypes() : array<string|int, mixed>
Return values
array<string|int, mixed> —hash types
generateSalt()
Calculates a password salt of the given length.
generateSalt(int $len) : string
Parameters
- $len : int
-
salt length
Return values
string —the salt string
pwd_enable()
Marks an password hash as enabled and returns the new hash string
pwd_enable(string $hash) : string
Parameters
- $hash : string
-
hash value to enable
Return values
string —enabled password hash
pwd_disable()
Marks an password hash as disabled and returns the new hash string
pwd_disable(string $hash) : string
Parameters
- $hash : string
-
hash value to disable
Return values
string —disabled hash value
pwd_is_lockable()
Checks if a Unix password can be locked.
pwd_is_lockable(string $password) : bool
This checks if the password is not plain text but e.g. contains {SSHA}.
Parameters
- $password : string
-
password value
Return values
bool —can be locked
pwd_is_enabled()
Checks if a password hash is enabled/disabled
pwd_is_enabled(string $hash) : bool
Parameters
- $hash : string
-
password hash to check
Return values
bool —true if the password is marked as enabled
generateRandomPassword()
Generates a random password with 14 digits by default.
generateRandomPassword([int $length = 14 ][, bool $checkStrength = true ]) : string
Parameters
- $length : int = 14
-
length of password (defaults to 14)
- $checkStrength : bool = true
-
check if the password matches the policy
Return values
string —password
generateRandomText()
Generates a random text with 20 letters by default.
generateRandomText([int $length = 20 ]) : string
Parameters
- $length : int = 20
-
length of password (defaults to 20)
Return values
string —text
checkPasswordHash()
Checks if the given password matches the crypto hash.
checkPasswordHash(string $type, string $hash, string $password) : bool
Parameters
- $type : string
-
type hash type (must be one of getSupportedHashTypes())
- $hash : string
-
password hash value
- $password : string
-
plain text password to check
Tags
Return values
bool —hash matches
getNumberOfCharacterClasses()
Returns the number of character classes in a password.
getNumberOfCharacterClasses(string|null $password) : int
Parameters
- $password : string|null
-
password
Return values
int —number of classes
search_domains()
Returns an array with all Samba 3 domain entries under the given suffix
search_domains([Connection|null $server = null ][, string $suffix = null ]) : array<string|int, mixed>
Parameters
- $server : Connection|null = null
-
LDAP handle (if null then $_SESSION['ldap']->server() is used)
- $suffix : string = null
-
LDAP suffix to search (if null then $_SESSION['config']->get_Suffix('smbDomain') is used)
Return values
array<string|int, mixed> —list of samba3domain objects
get_preg()
Checks if a given value matches the selected regular expression.
get_preg(string $argument, string $regexp) : bool
Parameters
- $argument : string
-
value to check
- $regexp : string
-
pattern name
Return values
bool —true if matches, otherwise false
convertCommaEscaping()
Converts the comma escaping from Windows to OpenLDAP style.
convertCommaEscaping(string $dn) : string
Parameters
- $dn : string
-
DN
Return values
string —DN
connectToLDAP()
Connects to an LDAP server using the given URL.
connectToLDAP(string $serverURL, mixed $startTLS) : mixed
Parameters
- $serverURL : string
-
URL
- $startTLS : mixed
Return values
mixed —searchLDAPByAttribute()
This will search the given LDAP suffix for all entries which have the given attribute.
searchLDAPByAttribute(string $name, string $value, string|null $objectClass, array<string|int, mixed> $attributes, array<string|int, mixed> $scopes) : array<string|int, mixed>
Parameters
- $name : string
-
attribute name (may be null)
- $value : string
-
attribute value
- $objectClass : string|null
-
object class (may be null)
- $attributes : array<string|int, mixed>
-
list of attributes to return
- $scopes : array<string|int, mixed>
-
account types
Return values
array<string|int, mixed> —list of found entries
searchLDAPByFilter()
This will search the given LDAP suffix for all entries which match the given filter.
searchLDAPByFilter(string $filter, array<string|int, mixed> $attributes, array<string|int, mixed> $scopes[, bool $attrsOnly = false ]) : array<string|int, mixed>
Parameters
- $filter : string
- $attributes : array<string|int, mixed>
-
list of attributes to return
- $scopes : array<string|int, mixed>
-
account types
- $attrsOnly : bool = false
-
get only attributes but no values (default: false)
Return values
array<string|int, mixed> —list of found entries
searchLDAP()
Runs an LDAP search.
searchLDAP(string $suffix, string $filter, array<string|int, mixed> $attributes[, int $limit = -1 ]) : array<string|int, mixed>
Parameters
- $suffix : string
-
LDAP suffix
- $filter : string
-
filter
- $attributes : array<string|int, mixed>
-
list of attributes to return
- $limit : int = -1
-
result limit
Return values
array<string|int, mixed> —list of found entries
getLDAPServerHandle()
Returns the LDAP server handle.
getLDAPServerHandle() : Connection
Return values
Connection —LDAP handle
searchLDAPPaged()
Runs an LDAP search and uses paging if configured.
searchLDAPPaged(Connection $server, string $dn, string $filter, array<string|int, mixed> $attributes, bool $attrsOnly, int $limit) : array<string|int, mixed>
Parameters
- $server : Connection
-
LDAP connection handle
- $dn : string
-
DN
- $filter : string
-
filter
- $attributes : array<string|int, mixed>
-
attribute list
- $attrsOnly : bool
-
return only attribute names
- $limit : int
-
size limit
Return values
array<string|int, mixed> —results
ldapGetDN()
Returns the given DN.
ldapGetDN(string $dn[, array<string|int, mixed> $attributes = ['dn'] ][, Connection $handle = null ]) : array<string|int, mixed>|null
Parameters
- $dn : string
-
DN
- $attributes : array<string|int, mixed> = ['dn']
-
list of attributes to fetch
- $handle : Connection = null
-
LDAP handle (optional for admin interface pages)
Return values
array<string|int, mixed>|null —attributes or null if not found
ldapListDN()
Returns the DN and children of a given DN.
ldapListDN(string $dn[, string $filter = '(objectclass=*)' ][, array<string|int, mixed> $attributes = ['dn'] ][, Connection|null $handle = null ][, int $limit = -1 ]) : array<string|int, mixed>
Parameters
- $dn : string
-
DN
- $filter : string = '(objectclass=*)'
-
LDAP filter
- $attributes : array<string|int, mixed> = ['dn']
-
list of attributes to fetch
- $handle : Connection|null = null
-
LDAP handle (optional for admin interface pages)
- $limit : int = -1
-
result limit
Return values
array<string|int, mixed> —attributes or null if not found
deleteDN()
Deletes a DN and all child entries.
deleteDN(string|null $dn, bool $recursive) : array<string|int, mixed>
Parameters
- $dn : string|null
-
DN to delete
- $recursive : bool
-
recursive delete also child entries
Return values
array<string|int, mixed> —error messages
getCommonLdapControls()
Returns a list of LDAP controls for all LDAP calls.
getCommonLdapControls() : array<string|int, mixed>|null
Return values
array<string|int, mixed>|null —controls
copyDnRecursive()
Performs a recursive copy from old DN under target DN.
copyDnRecursive(string $oldDn, string $targetDn) : void
Parameters
- $oldDn : string
-
old DN to copy
- $targetDn : string
-
copy nodes under this DN
Tags
Return values
void —moveDn()
Moves an LDAP entry.
moveDn(string $oldDn, string $targetDn) : void
Parameters
- $oldDn : string
-
old DN
- $targetDn : string
-
target container DN
Tags
Return values
void —getLastLDAPError()
Returns the parameters for a StatusMessage of the last LDAP search.
getLastLDAPError() : array<string|int, mixed>|null
Return values
array<string|int, mixed>|null —parameters for StatusMessage or null if all was ok
cleanLDAPResult()
Cleans the result of an LDAP search.
cleanLDAPResult(array<string|int, mixed> &$entries) : mixed
This will remove all 'count' entries and also all numeric array keys.
Parameters
- $entries : array<string|int, mixed>
-
LDAP entries in format $entries[entry number][attribute name][attribute values]
Return values
mixed —getAbstractDN()
Transforms a DN into a more user friendly format.
getAbstractDN(string $dn) : string
E.g. "dc=company,dc=de" is transformed to "company > de".
Parameters
- $dn : string
-
DN
Return values
string —transformed DN
unescapeLdapSpecialCharacters()
Unescapes LDAP special characters for readability.
unescapeLdapSpecialCharacters(string $dn) : string
Parameters
- $dn : string
-
escaped DN
Return values
string —unescaped DN
unescapeLdapSpecialCharactersCallback()
Callback function for unescaping DN.
unescapeLdapSpecialCharactersCallback(array<string|int, mixed> $matches) : string
Parameters
- $matches : array<string|int, mixed>
-
HEX value that was found
Return values
string —unescaped string
compareDN()
Helper function to sort DNs.
compareDN(string $a, string $b) : int
Parameters
- $a : string
-
first argument to compare
- $b : string
-
second argument to compare
Return values
int —0 if equal, 1 if $a is greater, -1 if $b is greater
compareLDAPEntriesByDn()
Helper function to sort LDAP entries by DN.
compareLDAPEntriesByDn(array<string|int, mixed> $a, array<string|int, mixed> $b) : int
Parameters
- $a : array<string|int, mixed>
-
first argument to compare
- $b : array<string|int, mixed>
-
second argument to compare
Return values
int —0 if equal, 1 if $a is greater, -1 if $b is greater
lam_base64url_encode()
Does a Base64 encoding that is URL safe.
lam_base64url_encode(string $data) : string
Parameters
- $data : string
-
input
Return values
string —encoded output
lam_base64url_decode()
Does a Base64 decoding that is URL safe.
lam_base64url_decode(string $data) : string
Parameters
- $data : string
-
encoded input
Return values
string —decoded output
formatLDAPTimestamp()
Formats an LDAP time string (e.g. from createTimestamp).
formatLDAPTimestamp(string $time) : string
Parameters
- $time : string
-
LDAP time value
Return values
string —formatted time
parseLDAPTimestamp()
Parses an LDAP time stamp and returns a DateTime in current time zone.
parseLDAPTimestamp(string $time) : DateTime
Parameters
- $time : string
-
LDAP time value
Return values
DateTime —time
obfuscateText()
Simple function to obfuscate strings.
obfuscateText(string|null $text) : string|null
Parameters
- $text : string|null
-
text to obfuscate
Return values
string|null —obfuscated text
deobfuscateText()
Simple function to deobfuscate strings.
deobfuscateText(string|null $text) : string|null
Parameters
- $text : string|null
-
text to deobfuscate
Return values
string|null —deobfuscated text
isObfuscatedText()
Checks if the given text is obfuscated.
isObfuscatedText(string|null $text) : bool
Parameters
- $text : string|null
-
text to check
Return values
bool —obfuscated or not
extractRDNAttribute()
Extracts the RDN attribute name from a given DN.
extractRDNAttribute(string $dn) : string|null
Parameters
- $dn : string
-
DN
Return values
string|null —RDN attribute name
extractRDNValue()
Extracts the RDN attribute value from a given DN.
extractRDNValue(string $dn) : string|null
Parameters
- $dn : string
-
DN
Return values
string|null —RDN attribute value
extractRDN()
Extracts the RDN part of the DN.
extractRDN(string|null $dn) : string|null
Parameters
- $dn : string|null
-
DN
Return values
string|null —RDN part
extractDNSuffix()
Extracts the DN suffix from a given DN.
extractDNSuffix(string|null $dn) : string|null
E.g. ou=people,dc=test,dc=com will result in dc=test,dc=com.
Parameters
- $dn : string|null
-
DN
Return values
string|null —DN suffix
testSmtpConnection()
Checks if the SMTP connection with the given settings is fine.
testSmtpConnection(string $server, string $user, string $password, string $encryption) : void
Parameters
- $server : string
-
SMTP server
- $user : string
-
user name
- $password : string
-
password
- $encryption : string
-
encryption type
Tags
Return values
void —sendPasswordMail()
Sends the password mail.
sendPasswordMail(string $pwd, array<string|int, mixed> $user[, string $recipient = null ]) : array<string|int, mixed>
Parameters
- $pwd : string
-
new password
- $user : array<string|int, mixed>
-
LDAP attributes of user
- $recipient : string = null
-
recipient address (optional, $user['mail'][0] used by default)
Return values
array<string|int, mixed> —list of arrays that can be used to create status messages
sendEMail()
Sends out an email.
sendEMail(string|array<string|int, mixed> $to, string $subject, string $text, string $from, bool $isHTML[, string $replyTo = null ][, string $cc = null ][, string $bcc = null ]) : mixed
Parameters
- $to : string|array<string|int, mixed>
-
TO address
- $subject : string
-
email subject
- $text : string
-
mail body (with \r\n EOL)
- $from : string
-
FROM address
- $isHTML : bool
-
HTML format
- $replyTo : string = null
-
REPLY-TO address (optional)
- $cc : string = null
-
CC address (optional)
- $bcc : string = null
-
BCC address (optional)
Return values
mixed —isCommandlineSafeEmailAddress()
Checks if an email address is safe for use on commandline
isCommandlineSafeEmailAddress( $address) : bool
Parameters
Return values
bool —is safe
sendPasswordSms()
Sends the password SMS.
sendPasswordSms(string $pwd, array<string|int, mixed> $user) : array<string|int, mixed>
Parameters
- $pwd : string
-
new password
- $user : array<string|int, mixed>
-
LDAP attributes of user
Return values
array<string|int, mixed> —list of arrays that can be used to create status messages
sendSmsTestMessage()
Sends an SMS test message.
sendSmsTestMessage(string $providerId, string|null $apiKey, string|null $apiToken, string|null $accountId, string|null $region, string|null $from, string $number) : void
Parameters
- $providerId : string
-
SMS provider ID
- $apiKey : string|null
-
API key
- $apiToken : string|null
-
API token
- $accountId : string|null
-
account ID
- $region : string|null
-
region
- $from : string|null
-
from
- $number : string
-
mobile phone number
Tags
Return values
void —getSmsPhoneNumber()
Returns the SMS phone number of a user.
getSmsPhoneNumber(array<string|int, mixed> $attributes) : string|null
Parameters
- $attributes : array<string|int, mixed>
-
LDAP attributes
Return values
string|null —phone number if found
getRandomNumber()
Returns a random number.
getRandomNumber() : int
Return values
int —random number
getLDAPSSLCertificate()
Connects to the LDAP server and extracts the certificates.
getLDAPSSLCertificate(string $server, string $port) : mixed
Parameters
- $server : string
-
server name
- $port : string
-
server port
Return values
mixed —false on error and certificate if extracted successfully
getExtendedLDAPErrorMessage()
Returns the extended LDAP error message if any.
getExtendedLDAPErrorMessage(Connection $server) : string
Parameters
- $server : Connection
-
LDAP server handle
Return values
string —error message
getDefaultLDAPErrorString()
Returns the default error message to display on the web page.
getDefaultLDAPErrorString(Connection $server) : string
HTML special characters are already escaped.
Parameters
- $server : Connection
-
LDAP server handle
Return values
string —error message
ldapIsPasswordExpired()
Returns if the last LDAP error was due to expired password or forced password change (AD only).
ldapIsPasswordExpired( $server) : bool
Parameters
Return values
bool —password expired
getExtraInvalidCredentialsMessage()
Tries to get additional information why invalid credentials was returned. E.g. account is locked.
getExtraInvalidCredentialsMessage(Connection $ldap, string $userDn) : string
Parameters
- $ldap : Connection
-
LDAP object to connect for getting extra data
- $userDn : string
-
failed DN
Return values
string —extra message
getCallingURL()
Returns the URL under which the page was loaded.
getCallingURL([ $baseUrl = '' ]) : string|null
This includes any GET parameters set.
Parameters
Return values
string|null —URL
getTimeZoneOffsetHours()
Returns the offset in hours from the configured time zone to GMT.
getTimeZoneOffsetHours() : float
Return values
float —offset
getTimeZone()
Returns the configured time zone.
getTimeZone() : DateTimeZone
Return values
DateTimeZone —time zone
getFormattedTime()
Returns the current time in formatted form.
getFormattedTime(string $format) : mixed
Parameters
- $format : string
-
format to use (e.g. 'Y-m-d H:i:s')
Return values
mixed —formatSecondsToShortFormat()
Formats a number of seconds to a more human readable format with minutes, hours, etc.
formatSecondsToShortFormat(int|string $numSeconds) : string
E.g. 70 seconds will return 1m10s.
Parameters
- $numSeconds : int|string
-
number of seconds
Return values
string —formatted number
unformatShortFormatToSeconds()
Unformats text like 1m10s back to number of seconds.
unformatShortFormatToSeconds(string $text) : int|string
Parameters
- $text : string
-
formatted text
Return values
int|string —number of seconds
enforceUserIsLoggedIn()
Checks if the user is logged in. Stops script execution if not.
enforceUserIsLoggedIn([bool $check2ndFactor = true ]) : mixed
Parameters
- $check2ndFactor : bool = true
-
check if the 2nd factor was provided if required
Return values
mixed —printHeaderContents()
Prints the content of the header part.
printHeaderContents(string $title, string $prefix) : mixed
Parameters
- $title : string
-
page title
- $prefix : string
-
prefix to LAM main folder (e.g. "..")
Return values
mixed —printJsIncludes()
Prints script tags for all LAM JS files.
printJsIncludes(string $prefix) : mixed
Parameters
- $prefix : string
-
prefix to LAM main folder (e.g. "..")
Return values
mixed —convertUtf8ToUtf16Le()
Converts a UTF-8 string to UTF16LE.
convertUtf8ToUtf16Le(string|null $input) : mixed
Parameters
- $input : string|null
-
UTF-8 value
Return values
mixed —getLAMVersionText()
Returns the text with LAM and its version for header area.
getLAMVersionText() : string
Return values
string —LAM version text
isDeveloperVersion()
Returns if the given release is a developer version.
isDeveloperVersion(string $version) : bool
Parameters
- $version : string
-
version
Return values
bool —is developer version
isValidConfigurationPassword()
Checks if the configuration password is secure.
isValidConfigurationPassword(string $password) : bool
Parameters
- $password : string
-
password
Return values
bool —is secure
setSSLCaCert()
Sets the environment variables for custom SSL CA certificates.
setSSLCaCert() : mixed
Return values
mixed —setlanguage()
Sets language settings for automatic translation
setlanguage() : mixed
Return values
mixed —checkChmod()
Checks whether a specific flag in the rights string is set.
checkChmod(string $right, string $target, string $chmod) : bool
Parameters
- $right : string
-
read, write or execute
- $target : string
-
owner, group or other
- $chmod : string
-
the chmod rights
Return values
bool —true, if the chmod $right for $target were set
LAMVersion()
Returns the version number of this LAM installation.
LAMVersion() : string
Format:
Major/minor version are always numbers, patch level may contain letters for unofficial releases only (e.g. 0.5.alpha1).
Return values
string —version number
extractConfigOptionsFromPOST()
Extracts config options from HTTP POST data.
extractConfigOptionsFromPOST(array<string|int, mixed> $confTypes) : array<string|int, mixed>
Parameters
- $confTypes : array<string|int, mixed>
-
array (option name => type (e.g. multiselect))
Return values
array<string|int, mixed> —list of config options (name =>[values])
metaRefresh()
Prints a meta refresh page
metaRefresh(string $page) : mixed
Parameters
- $page : string
-
the URL of the target page
Return values
mixed —isAccountTypeHidden()
Checks if the given account type is hidden.
isAccountTypeHidden(string $type) : bool
Parameters
- $type : string
-
account type (e.g. user)
Return values
bool —is hidden
getLanguages()
Returns a list of all supported languages.
getLanguages() : array<string|int, LAMLanguage>
Return values
array<string|int, LAMLanguage> —languages
htmlGetRequiredMarker()
Returns the marker for required values.
htmlGetRequiredMarker() : string
Return values
string —HTML code for required marker
htmlGetRequiredMarkerElement()
Returns the marker for required values.
htmlGetRequiredMarkerElement() : htmlSpan
Return values
htmlSpan —HTML code for required marker
check_ip()
Checks if the given IP is valid.
check_ip(string $ip[, bool $subnet = false ]) : mixed
Parameters
- $ip : string
-
IP address
- $subnet : bool = false
-
IP must be a subnet
Return values
mixed —getModuleAlias()
Returns the alias name of a module
getModuleAlias(string $name, string $scope) : string|null
Parameters
- $name : string
-
the module name
- $scope : string
-
the account type ("user", "group", "host")
Return values
string|null —alias name
is_base_module()
Returns true if the module is a base module
is_base_module(string $name, string $scope) : bool
Parameters
- $name : string
-
the module name
- $scope : string
-
the account type ("user", "group", "host")
Return values
bool —true if base module
get_ldap_filter()
Returns the LDAP filter used by the account lists
get_ldap_filter(string $typeId) : string
Parameters
- $typeId : string
-
the account type ("user", "group", "host")
Return values
string —LDAP filter
getRDNAttributes()
Returns a list of LDAP attributes which can be used to form the RDN.
getRDNAttributes(string $typeId[, array<string|int, mixed> $selectedModules = null ]) : array<string|int, mixed>
The list is already sorted by the priority given by the modules.
Parameters
- $typeId : string
-
account type (user, group, host)
- $selectedModules : array<string|int, mixed> = null
-
return only RDN attributes of these modules
Return values
array<string|int, mixed> —list of LDAP attributes
getModulesDependencies()
Returns a hash array (module name => dependencies) of all module dependencies
getModulesDependencies(string $scope) : array<string|int, mixed>
"dependencies" contains an array with two sub arrays: depends, conflicts
The elements of "depends" are either module names or an array of module names (OR-case).
The elements of conflicts are module names.
Parameters
- $scope : string
-
the account type (user, group, host)
Return values
array<string|int, mixed> —dependencies
check_module_depends()
Checks if there are missing dependencies between modules.
check_module_depends(array<string|int, mixed> $selected, array<string|int, mixed> $deps) : mixed
Parameters
- $selected : array<string|int, mixed>
-
selected module names
- $deps : array<string|int, mixed>
-
module dependencies
Return values
mixed —false if no missing dependency was found, otherwise an array of array(selected module, depending module) if missing dependencies were found
check_module_conflicts()
Checks if there are conflicts between modules
check_module_conflicts(array<string|int, mixed> $selected, array<string|int, mixed> $deps) : false|array<int, array<string|int, string>>
Parameters
- $selected : array<string|int, mixed>
-
selected module names
- $deps : array<string|int, mixed>
-
module dependencies
Return values
false|array<int, array<string|int, string>> —false if no conflict was found, otherwise an array of array(selected module, conflicting module) if conflicts were found
getAvailableModules()
Returns an array with all available user module names
getAvailableModules(string $scope[, bool $mustSupportAdminInterface = false ]) : array<string|int, string>
Parameters
- $scope : string
-
account type (user, group, host)
- $mustSupportAdminInterface : bool = false
-
module must support LAM admin interface (default: false)
Return values
array<string|int, string> —list of possible modules
getAllModules()
Returns an array with all modules.
getAllModules() : array<string|int, baseModule>
Return values
array<string|int, baseModule> —list of modules
getProfileOptions()
Returns the elements for the profile page.
getProfileOptions(string $typeId) : array<string|int, mixed>
Parameters
- $typeId : string
-
account type (user, group, host)
Return values
array<string|int, mixed> —profile elements
checkProfileOptions()
Checks if the profile options are valid
checkProfileOptions(string $typeId, array<string|int, mixed> $options) : array<string|int, mixed>
Parameters
- $typeId : string
-
account type (user, group, host)
- $options : array<string|int, mixed>
-
hash array containing all options (name => array(...))
Return values
array<string|int, mixed> —list of error messages
getConfigOptions()
Returns a hash array (module name => elements) of all module options for the configuration page.
getConfigOptions(array<string|int, mixed> $moduleToScopes) : array<string|int, mixed>
Parameters
- $moduleToScopes : array<string|int, mixed>
-
hash array (module name => array(account types))
Return values
array<string|int, mixed> —configuration options
checkConfigOptions()
Checks if the configuration options are valid
checkConfigOptions(array<string|int, mixed> $moduleToTypeIds, array<string|int, mixed> &$options) : array<string|int, mixed>
Parameters
- $moduleToTypeIds : array<string|int, mixed>
-
hash array (module name => array(account type ids))
- $options : array<string|int, mixed>
-
hash array containing all options (name => array(...))
Return values
array<string|int, mixed> —list of error messages
getHelp()
Returns a help entry from an account module.
getHelp(string|null $module, string $helpID, string $scope) : array<string|int, mixed>
Parameters
- $module : string|null
-
module name
- $helpID : string
-
help identifier
- $scope : string
-
account type
Return values
array<string|int, mixed> —help entry
getAvailablePDFFields()
Returns a list of available PDF entries.
getAvailablePDFFields(string $typeId) : array<string|int, mixed>
Parameters
- $typeId : string
-
account type (user, group, host)
Return values
array<string|int, mixed> —PDF entries (field ID => field label)
getUploadColumns()
Returns an array containing all input columns for the file upload.
getUploadColumns(ConfiguredType &$type, array<string|int, mixed> $selectedModules) : array<string|int, mixed>
Syntax:
array(
string: name, // fixed non-translated name which is used as column name (should be of format:
string: description, // short descriptive name
string: help, // help ID
string: example, // example value
boolean: required // true, if user must set a value for this column
)
Parameters
- $type : ConfiguredType
-
account type
- $selectedModules : array<string|int, mixed>
-
selected account modules
Return values
array<string|int, mixed> —column list
buildUploadAccounts()
This function builds the LDAP accounts for the file upload.
buildUploadAccounts(ConfiguredType $type, array<string|int, mixed> $data, array<string|int, mixed> $ids, array<string|int, mixed> $selectedModules, htmlResponsiveRow $container) : mixed
If there are problems status messages will be printed automatically.
Parameters
- $type : ConfiguredType
-
account type
- $data : array<string|int, mixed>
-
array containing one account in each element
- $ids : array<string|int, mixed>
-
array(<column_name> =>
) - $selectedModules : array<string|int, mixed>
-
selected account modules
- $container : htmlResponsiveRow
-
HTML container
Return values
mixed —array including accounts or false if there were errors
doUploadPreActions()
Runs any actions that need to be done before an LDAP entry is created.
doUploadPreActions(ConfiguredType $type, array<string|int, mixed> $selectedModules, array<string|int, mixed> $attributes) : array<string|int, mixed>
Parameters
- $type : ConfiguredType
-
account type
- $selectedModules : array<string|int, mixed>
-
list of selected account modules
- $attributes : array<string|int, mixed>
-
LDAP attributes of this entry (attributes are provided as reference, handle modifications of $attributes with care)
Return values
array<string|int, mixed> —array which contains status messages. Each entry is an array containing the status message parameters.
doUploadPostActions()
This function executes one post upload action.
doUploadPostActions(ConfiguredType $type, array<string|int, mixed> &$data, array<string|int, mixed> $ids, array<string|int, mixed> $failed, array<string|int, mixed> $selectedModules, array<string|int, mixed> &$accounts) : array<string|int, mixed>
Parameters
- $type : ConfiguredType
-
account type
- $data : array<string|int, mixed>
-
array containing one account in each element
- $ids : array<string|int, mixed>
-
array(<column_name> =>
) - $failed : array<string|int, mixed>
-
list of accounts which were not created successfully
- $selectedModules : array<string|int, mixed>
-
list of selected account modules
- $accounts : array<string|int, mixed>
-
list of LDAP entries
Return values
array<string|int, mixed> —current status
array (
'status' => 'finished' | 'inProgress'
'module' =>
'progress' => 0..100
'errors' => array (<array of parameters for StatusMessage>)
)
getRequiredExtensions()
Returns true if the module is a base module
getRequiredExtensions() : array<string|int, mixed>
Return values
array<string|int, mixed> —required extensions
parseHtml()
Takes a list of meta-HTML elements and prints the equivalent HTML output.
parseHtml(string|null $module, htmlElement|array<string|int, htmlElement>|null $input, array<string|int, mixed> $values, bool $restricted, string|null $scope) : array<string|int, mixed>
The modules are not allowed to display HTML code directly but return meta HTML code. This allows to have a common design for all module pages.
Parameters
- $module : string|null
-
Name of account module
- $input : htmlElement|array<string|int, htmlElement>|null
-
htmlElement or array of htmlElement elements
- $values : array<string|int, mixed>
-
List of values which override the defaults in $input (name => value)
- $restricted : bool
-
If true then no buttons will be displayed
- $scope : string|null
-
Account type
Return values
array<string|int, mixed> —List of input field names and their type (name => type)
printHelpLink()
Prints a LAM help link.
printHelpLink(array<string|int, mixed> $entry, string $number[, string $module = '' ][, string $scope = '' ][, array<string|int, mixed> $classes = [] ]) : mixed
Parameters
- $entry : array<string|int, mixed>
-
help entry
- $number : string
-
help number
- $module : string = ''
-
module name
- $scope : string = ''
-
account scope
- $classes : array<string|int, mixed> = []
-
CSS classes
Return values
mixed —lam_start_session()
Starts a session and sets the cookie options.
lam_start_session() : mixed
Return values
mixed —lamDefaultCookieOptions()
lamDefaultCookieOptions() : array<string|int, mixed>
Return values
array<string|int, mixed> —startSecureSession()
Starts a session and checks the environment.
startSecureSession([bool $redirectToLogin = true ][, bool $initSecureData = false ]) : bool
The script is stopped if one of the checks fail (timeout redirection may be overridden).
Parameters
- $redirectToLogin : bool = true
-
redirect user to login page (default: true)
- $initSecureData : bool = false
-
init verification data like session ID and client IP (default: false)
Return values
bool —true if all ok, false if session expired
isFileBasedSession()
Returns if the session uses files storage.
isFileBasedSession() : bool
Return values
bool —file based session
checkClientIP()
Checks if the client's IP address is on the list of allowed IPs.
checkClientIP() : mixed
The script is stopped if the host is not valid.
Return values
mixed —logoffAndBackToLoginPage()
Logs off the user and displays the login page.
logoffAndBackToLoginPage() : void
Return values
void —isDebugLoggingEnabled()
Returns if debug messages are to be logged.
isDebugLoggingEnabled() : bool
Return values
bool —debug enabled
logNewMessage()
Puts a new message in the log file.
logNewMessage(int $level, string $message) : void
Parameters
- $level : int
-
log level (LOG_DEBUG, LOG_NOTICE, LOG_WARNING, LOG_ERR)
- $message : string
-
log message
Return values
void —checkIfWriteAccessIsAllowed()
Checks if write access to LDAP is allowed.
checkIfWriteAccessIsAllowed([string $scope = null ]) : bool
Parameters
- $scope : string = null
-
account type (e.g. user)
Return values
bool —true, if allowed
checkIfPasswordChangeIsAllowed()
Checks if passwords may be changed.
checkIfPasswordChangeIsAllowed() : bool
Return values
bool —true, if allowed
checkIfNewEntriesAreAllowed()
Checks if it is allowed to create new LDAP entries of the given type.
checkIfNewEntriesAreAllowed(string $scope) : bool
This also checks if general write access is enabled.
Parameters
- $scope : string
-
account type (e.g. 'user')
Return values
bool —true, if new entries are allowed
checkIfDeleteEntriesIsAllowed()
Checks if it is allowed to delete LDAP entries of the given type.
checkIfDeleteEntriesIsAllowed(string $scope) : bool
Parameters
- $scope : string
-
account type (e.g. 'user')
Return values
bool —true, if entries may be deleted
checkPasswordStrength()
Checks if the password fulfills the password policies.
checkPasswordStrength(string $password, string|array<string|int, mixed>|null $userNames, array<string|int, mixed> $otherUserAttrs) : true|string
Parameters
- $password : string
-
password
- $userNames : string|array<string|int, mixed>|null
-
user name(s)
- $otherUserAttrs : array<string|int, mixed>
-
user's first/last name
Return values
true|string —true if ok, string with error message if not valid
checkPwdWithExternalPasswordService()
Checks the password against the external password service.
checkPwdWithExternalPasswordService(LAMCfgMain $cfg, string $password) : bool
Parameters
- $cfg : LAMCfgMain
-
main configuration
- $password : string
-
password
Return values
bool —password accepted as secure
checkIfToolIsActive()
Checks if the given tool is active.
checkIfToolIsActive(string $tool) : mixed
Otherwise, an error message is logged and the execution is stopped (die()).
Parameters
- $tool : string
-
tool class name (e.g. toolFileUpload)
Return values
mixed —isLoggedIn()
Returns if the user is logged in.
isLoggedIn() : bool
Return values
bool —is logged in
getClientIPForLogging()
Returns the client IP and comma separated proxy IPs if any (HTTP_X_FORWARDED_FOR, HTTP_X_REAL_IP).
getClientIPForLogging() : string
Return values
string —client IP (e.g. 10.10.10.10,11.11.11.11)
getLamLdapUser()
Returns the login dn of the current user.
getLamLdapUser() : string
Return values
string —user DN
addSecurityTokenToSession()
Adds a security token to the session to prevent CSRF attacks.
addSecurityTokenToSession([bool $overwrite = true ]) : void
Parameters
- $overwrite : bool = true
-
overwrite existing token
Return values
void —validateSecurityToken()
Checks if the security token from SESSION matches POST data.
validateSecurityToken() : mixed
Return values
mixed —addSecurityTokenToMetaHTML()
Adds a hidden input field to the given meta HTML table.
addSecurityTokenToMetaHTML(htmlTable|htmlGroup|htmlResponsiveRow $container) : mixed
Should be used to add token at the end of table.
Parameters
- $container : htmlTable|htmlGroup|htmlResponsiveRow
-
table
Return values
mixed —getSecurityTokenName()
Returns the name of the security token parameter.
getSecurityTokenName() : string
Return values
string —name
getSecurityTokenValue()
Returns the value of the security token parameter.
getSecurityTokenValue() : string
Return values
string —value
setLAMHeaders()
Sets the X-Frame-Options and Content-Security-Policy header to prevent clickjacking.
setLAMHeaders() : mixed
Return values
mixed —lamEncrypt()
Encrypts a string
lamEncrypt(string $data[, string $prefix = '' ]) : string
Parameters
- $data : string
-
string to encrypt
- $prefix : string = ''
-
prefix for cookie names
Return values
string —encrypted string
lamDecrypt()
Decrypts a string
lamDecrypt(string $data[, string $prefix = '' ]) : string
Parameters
- $data : string
-
string to decrypt
- $prefix : string = ''
-
prefix for cookie names
Return values
string —decrypted string
lamEncryptionAlgo()
Returns the encryption algorithm to use.
lamEncryptionAlgo() : string
Return values
string —algorithm name
lamLogRemoteMessage()
Logs a message to a remote logging service.
lamLogRemoteMessage(int $level, string $message, LAMCfgMain $cfgMain) : mixed
Parameters
- $level : int
-
log level
- $message : string
-
log message
- $cfgMain : LAMCfgMain
-
main configuration
Return values
mixed —isLAMProVersion()
Returns if this is a LAM Pro installation.
isLAMProVersion() : bool
Return values
bool —LAM Pro installation
getSelfServiceSearchAttributes()
Returns a list of possible search attributes for the self service.
getSelfServiceSearchAttributes(string $scope) : array<string|int, mixed>
Parameters
- $scope : string
-
account type
Return values
array<string|int, mixed> —attributes
getSelfServiceFieldSettings()
Returns the field settings for the self service.
getSelfServiceFieldSettings(string $scope) : array<string|int, mixed>
Parameters
- $scope : string
-
account type
Return values
array<string|int, mixed> —settings
getSelfServiceOptions()
Returns meta HTML code for each self service field.
getSelfServiceOptions(string $scope, array<string|int, mixed> $fields, array<string|int, mixed> $attributes, bool $passwordChangeOnly, array<string|int, mixed> $readOnlyFields) : array<string|int, mixed>
Parameters
- $scope : string
-
account type
- $fields : array<string|int, mixed>
-
input fields (array(<moduleName> => array(
, , ...))) - $attributes : array<string|int, mixed>
-
LDAP attributes (attribute names in lower case)
- $passwordChangeOnly : bool
-
indicates that the user is only allowed to change his password and no LDAP content is readable
- $readOnlyFields : array<string|int, mixed>
-
list of read-only fields
Return values
array<string|int, mixed> —meta HTML code (array(<moduleName> => htmlResponsiveRow))
checkSelfServiceOptions()
Checks if all input values are correct and returns the LDAP commands which should be executed.
checkSelfServiceOptions(string $scope, array<string|int, mixed> $fields, array<string|int, mixed> $attributes, bool $passwordChangeOnly, array<string|int, mixed> $readOnlyFields) : array<string|int, mixed>
Parameters
- $scope : string
-
account type
- $fields : array<string|int, mixed>
-
input fields (array(<moduleName> => array(
, , ...))) - $attributes : array<string|int, mixed>
-
LDAP attributes
- $passwordChangeOnly : bool
-
indicates that the user is only allowed to change his password and no LDAP content is readable
- $readOnlyFields : array<string|int, mixed>
-
list of read-only fields
Return values
array<string|int, mixed> —messages and LDAP commands (array('messages' => [], 'add' => [], 'del' => [], 'mod' => []))
getSelfServiceSettings()
Returns a hash array (module name => elements) of all module options for the configuration page.
getSelfServiceSettings(string $scope, selfServiceProfile $profile) : array<string|int, mixed>
Parameters
- $scope : string
-
account type
- $profile : selfServiceProfile
-
currently edited profile
Return values
array<string|int, mixed> —configuration options
checkSelfServiceSettings()
Checks if the self service settings are valid
checkSelfServiceSettings(string $scope, array<string|int, mixed> &$options, selfServiceProfile &$profile) : array<string|int, mixed>
Parameters
- $scope : string
-
account type
- $options : array<string|int, mixed>
-
hash array containing all options (name => array(...))
- $profile : selfServiceProfile
-
profile
Return values
array<string|int, mixed> —list of error messages
isSelfService()
Returns if script runs inside self service.
isSelfService() : bool
Return values
bool —is self service
openSelfServiceLdapConnection()
Opens the LDAP connection and returns the handle. No bind is done.
openSelfServiceLdapConnection(selfServiceProfile $profile) : Connection|null
Parameters
- $profile : selfServiceProfile
-
profile
Return values
Connection|null —LDAP handle or null if connection failed
bindLdapUser()
Binds the LDAP connections with given user and password.
bindLdapUser(Connection $handle, selfServiceProfile $profile, string $userDn, string $password) : bool
Parameters
- $handle : Connection
-
LDAP handle
- $profile : selfServiceProfile
-
profile
- $userDn : string
-
bind DN
- $password : string
-
bind password
Return values
bool —binding successful
StatusMessage()
This function prints a short status message. It can be used to print INFO, WARN and ERROR messages.
StatusMessage(string $MessageTyp, string $MessageHeadline[, string $MessageText = '' ][, array<string|int, mixed>|string|null $MessageVariables = [] ][, bool $returnOutput = false ]) : string
Parameters
- $MessageTyp : string
-
The type of the message to be printed. It must be one of the following types: 'INFO', 'WARN' or 'ERROR'.
Every other type will lead to an error message indicating an invalid message type. - $MessageHeadline : string
-
The headline of the status message.
It may be formatted with special color/link/bold tags. - $MessageText : string = ''
-
The text of the status message.
It may be formatted with special color/link/bold tags. This parameter is optional. - $MessageVariables : array<string|int, mixed>|string|null = []
-
The variables that are used to replace the spacers (%s) in the submitted text. This parameter is optional.
- $returnOutput : bool = false
-
if set to true this function will return the generated HTML code instead of printing it directly (default: false)
Return values
string —HTML code if $returnOutput is set to true, otherwise null
getTools()
Returns the tools which are available for LAM.
getTools() : array<string|int, mixed>
Return values
array<string|int, mixed> —list of LAMTool objects