config= $config; $ldap= $this->config->get_ldap_link(); $ldap->cat($userdn,array('sn', 'givenName', 'uid', 'gidNumber', 'preferredLanguage', 'gosaUnitTag')); $attrs= $ldap->fetch(); if (isset($attrs['givenName'][0]) && isset($attrs['sn'][0])){ $this->cn= $attrs['givenName'][0]." ".$attrs['sn'][0]; } else { $this->cn= $attrs['uid'][0]; } if (isset($attrs['gidNumber'][0])){ $this->gidNumber= $attrs['gidNumber'][0]; } /* Assign user language */ if (isset($attrs['preferredLanguage'][0])){ $this->language= $attrs['preferredLanguage'][0]; } if (isset($attrs['gosaUnitTag'][0])){ $this->gosaUnitTag= $attrs['gosaUnitTag'][0]; } $this->dn= $userdn; $this->uid= $attrs['uid'][0]; $this->ip= $_SERVER['REMOTE_ADDR']; } function loadACL() { $ldap= $this->config->get_ldap_link(); /* Load ACL's from all groups we're in */ $this->subtreeACL= array(); $ldap->cd($this->config->current['BASE']); if ($this->gidNumber == -1){ $ldap->search("(&(objectClass=posixGroup)(objectClass=gosaObject)". "(memberUid=$this->username))"); } else { $ldap->search("(&(objectClass=posixGroup)(objectClass=gosaObject)". "(|(memberUid=$this->username)(gidNumber=$this->gidNumber)))"); } while($attrs = $ldap->fetch()){ $base= preg_replace('/^[^,]+,ou=[^,]+,/i', "",$ldap->getDN()); $base= preg_replace("/[ ]*,[ ]*/", ",", $base); for ($i= 0; $i<$attrs["gosaSubtreeACL"]["count"]; $i++){ $this->subtreeACL[$base][]= $attrs["gosaSubtreeACL"][$i]; } } #echo "NEW ACL LOADING --------------------------------------------------------------------------------------------
"; $this->ACL= array(); $this->groups= array(); $ldap= $this->config->get_ldap_link(); $ldap->cd($this->config->current['BASE']); /* Get member groups... */ $ldap->search("(&(objectClass=posixGroup)(memberUid=".$this->uid."))", array('dn')); while ($attrs= $ldap->fetch()){ $this->groups[$attrs['dn']]= $attrs['dn']; } /* Crawl through ACLs and move relevant to the tree */ $ldap->search("(objectClass=gosaACL)", array('dn', 'gosaAclEntry')); $aclp= array(); $aclc= array(); while ($attrs= $ldap->fetch()){ /* Insert links in ACL array */ $aclp[$attrs['dn']]= substr_count($attrs['dn'], ','); $aclc[$attrs['dn']]= array(); $ol= array(); for($i= 0; $i<$attrs['gosaAclEntry']['count']; $i++){ $ol= array_merge($ol, acl::explodeAcl($attrs['gosaAclEntry'][$i])); } $aclc[$attrs['dn']]= $ol; } /* ACL's read, sort for tree depth */ asort($aclp); /* Sort in tree order */ foreach ($aclp as $dn => $acl){ /* Check if we need to keep this ACL */ foreach($aclc[$dn] as $idx => $type){ $interresting= FALSE; /* No members? This is good for all users... */ if (!count($type['members'])){ $interresting= TRUE; } /* Inspect members... */ foreach ($type['members'] as $grp => $grpdsc){ /* Some group inside the members that is relevant for us? */ if (in_array_ics(preg_replace('/^G:/', '', $grp), $this->groups)){ $interresting= TRUE; } /* User inside the members? */ if (preg_replace('/^U:/', '', $grp) == $this->dn){ $interresting= TRUE; } } if ($interresting){ if (!isset($this->ACL[$dn])){ $this->ACL[$dn]= array(); } $this->ACL[$dn][$idx]= $type; } } } } function get_permissions($dn, $object= "", $attribute= "") { echo "Evaluating permissions for $dn, object $object/$attribute
"; } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>