[Kolab-devel] change userdata (Organization, Job Title, Address, Password) via php
Matthias Busch
catwiesel at gmx.net
Sun Mar 15 05:44:15 CET 2015
absolutely right...
use lowercase for all, then they work!
the show/save php site is working now. I should add more sanity checks
before it goes live.
but the essence... well here it is, for everyone to use or change...
please note, this is more an example of how you can access kolabs ldap
with php and NOT code for copy paste that will work flawlessly and
without further work...
READ FROM LDAP:
-------------------------------------------------------------------------------------------------------
prerequisite:
- form which will ask for userid (uid) and password (pw), giving it to
the script via POST
- file /etc/www/settings.php with values for $ldap_host = "127.0.0.1";
$ldap_port = 389; $ldap_domain = "dc=domain, dc=tld;
-------------------------------------------------------------------------------------------------------
// RESET LDAP
$ldap_columns = NULL;
$ldap_connection = NULL;
// LOAD FROM OUTSIDE WEBROOT
include('/etc/www/settings.php');
// INIT
$uid = $_POST["uid"];
$ldap_username = "uid=" . $uid;
$ldap_password = $_POST["pw"];
$ldapdn = $ldap_username . ", ou=People, " . $ldap_domain;
// Connect to the LDAP server.
$ldap_connection = ldap_connect($ldap_host, $ldap_port)
or die("<p>Fehler beim Verbinden an LDAP!</p>");
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or
die('<p>Konnte LDAP Protocol nicht setzen</p>');
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0);
// OPEN LDAP CONNECTION
$ldapbind = ldap_bind($ldap_connection, $ldapdn, $ldap_password)
or die("<p>Username or Password wrong</p>");
$filter="(objectclass=*)"; // this command requires some filter
$justthese = array("givenname", "sn", "mail", "mailAlternateAddress",
"alias", "mailQuota", "initials", "o", "title", "preferredLanguage",
"street", "postalCode", "l", "telephoneNumber", "mobile", "pager");
$sr=ldap_read($ldap_connection, $ldapdn, $filter, $justthese);
$entry = ldap_get_entries($ldap_connection, $sr);
// GET VALUES (USE LOWERCASE!!!!)
$givenname = $entry[0]["givenname"][0];
$sn = $entry[0]["sn"][0];
$primail = $entry[0]["mail"][0];
$extmail = $entry[0]["mailalternateaddress"][0];
// alias = array, needs fixing
$alias = $entry[0]["alias"][0];
$quota = $entry[0]["mailquota"][0];
$initials = $entry[0]["initials"][0];
$orga = $entry[0]["o"][0];
$title = $entry[0]["title"][0];
$lang = $entry[0]["preferredlanguage"][0];
$street = $entry[0]["street"][0];
$plz = $entry[0]["postalcode"][0];
$city = $entry[0]["l"][0];
$tel = $entry[0]["telephonenumber"][0];
$mobile = $entry[0]["mobile"][0];
$pager = $entry[0]["pager"][0];
// CLOSE LDAP
ldap_close($ldap_connection);
...
use those variables for showing, filling input fields...
-------------------------------------------------------------------------------------------------------
WRITE TO LDAP
-------------------------------------------------------------------------------------------------------
PREREQUISITE:
- again the /var/www/settings file
- form that gives the POST values
- userid in $_SESSION["uid"] - could be POST value too
- password given via POST as curpw
- if password change wanted, given via POST as newpw and checkpw
-------------------------------------------------------------------------------------------------------
session_start();
$ldap_columns = NULL;
$ldap_connection = NULL;
include('/etc/www/settings.php');
$uid = $_SESSION["uid"];
$ldap_username = "uid=" . $uid;
$ldap_password = $_POST["curpw"];
$ldapdn = $ldap_username . ", ou=People, " . $ldap_domain;
// get POST
$initials["initials"][0] = $_POST["initials"];
$orga["o"][0] = $_POST["orga"];
$title["title"][0] = $_POST["title"];
$lang["preferredlanguage"][0] = $_POST["lang"];
$street["street"][0] = $_POST["street"];
$plz["postalcode"][0] = $_POST["plz"];
$city["l"][0] = $_POST["city"];
$tel["telephonenumber"][0] = $_POST["tel"];
$mobile["mobile"][0] = $_POST["mobile"];
$pager["pager"][0] = $_POST["pager"];
$newpw = $_POST["newpw"];
$checkpw = $_POST["checkpw"];
$curpw = $_POST["curpw"];
$error = NULL; //reset error
// check pw entered?
if ((!isset($curpw)) OR (empty($curpw))) {
die("<p>Das aktuelle Passwort MUSS eingegeben werden, um Daten zu
ändern!</p>");
}
// check pw change
if ((isset($newpw)) AND (!empty($newpw))) { //neues pw eingegeben
// echo "<p>PW change!</p>";
if ($newpw !== $checkpw)
{ die("<p>Das neue Passwort stimmt nicht überein!</p>"); }
elseif (strlen($newpw)<6) // PASS LENGHT AT LEAST 6
{ die("<p>Das neue Passwurt muss mindestens 6 Zeichen lang
sein!</p>"); }
else
{
if ($newpw == $curpw)
{ die("<p>Das neue PW scheint das aktuelle PW zu sein...
Nope!</p>"); }
// generate new passwort ssha
$salt =
substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',4)),0,4);
$pwd = '{SSHA}' . base64_encode(sha1( $newpw.$salt, TRUE ). $salt);
$newpass = array();
$newpass["userPassword"][0]=$pwd;
}
}
// Connect to the LDAP server.
$ldap_connection = ldap_connect($ldap_host, $ldap_port)
or die("<p>Fehler beim Verbinden an LDAP!</p>");
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or
die('<p>Konnte LDAP Protocol nicht setzen</p>');
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0);
// GET LDAP
$ldapbind = ldap_bind($ldap_connection, $ldapdn, $ldap_password)
or die("<p>eingegebene Passwort falsch!</p>");
//write to ldap
ldap_modify($ldap_connection, $ldapdn, $initials);
ldap_modify($ldap_connection, $ldapdn, $orga);
ldap_modify($ldap_connection, $ldapdn, $title);
ldap_modify($ldap_connection, $ldapdn, $lang);
ldap_modify($ldap_connection, $ldapdn, $street);
ldap_modify($ldap_connection, $ldapdn, $plz);
ldap_modify($ldap_connection, $ldapdn, $city);
ldap_modify($ldap_connection, $ldapdn, $tel);
ldap_modify($ldap_connection, $ldapdn, $mobile);
ldap_modify($ldap_connection, $ldapdn, $pager);
// check if pw changed, write to ldap
if ((isset($newpw)) AND (isset($newpass)) AND (isset($pwd)))
{ ldap_modify($ldap_connection, $ldapdn, $newpass); }
//done, close
ldap_close($ldap_connection);
More information about the devel
mailing list