The purpose is to quickly find the full DN of a user so it can be used
to re-bind as this user. This method requires the 'user' configuration
parameter to be set.
| public findUserDN ( string $user ) : string | ||
| $user | string | The user to find. |
| return | string | The user's full DN. |
/**
* Reset a user's password. Used for example when the user does not
* remember the existing password.
*
* @param string $userId The user id for which to reset the password.
*
* @return string The new password on success.
* @throws Horde_Auth_Exception
*/
public function resetPassword($userId)
{
if (!empty($this->_params['ad'])) {
throw new Horde_Auth_Exception(__CLASS__ . ': Updating users is not supported for Active Directory.');
}
/* Search for the user's full DN. */
try {
$dn = $this->_ldap->findUserDN($userId);
} catch (Horde_Exception_Ldap $e) {
throw new Horde_Auth_Exception($e);
}
/* Get a new random password. */
$password = Horde_Auth::genRandomPassword();
/* Encrypt the new password */
$entry = array('userpassword' => Horde_Auth::getCryptedPassword($password, '', $this->_params['encryption'], 'true'));
/* Set the lastchange field */
$shadow = $this->_lookupShadow($dn);
if ($shadow['shadowlastchange']) {
$entry['shadowlastchange'] = floor(time() / 86400);
}
/* Update user entry. */
try {
$this->_ldap->modify($dn, array('replace' => $entry));
} catch (Horde_Ldap_Exception $e) {
throw new Horde_Auth_Exception($e);
}
return $password;
}
/**
* Constructor.
*
* @param string $user The username.
* @param array $params Configuration parameters.
* - 'ldap': (Horde_Ldap) [REQUIRED] The DB instance.
*
* @throws InvalidArgumentException
*/
public function __construct($user, array $params = array())
{
if (!isset($params['ldap'])) {
throw new InvalidArgumentException('Missing ldap parameter.');
}
$this->_ldap = $params['ldap'];
unset($params['ldap']);
try {
$this->_prefsDN = $this->_ldap->findUserDN($user);
} catch (Horde_Ldap_Exception $e) {
throw new Horde_Prefs_Exception($e);
}
try {
// Try do find an existing preference object in an organizational
// unit under the userDN
$search = $this->_ldap->search($this->_prefsDN, Horde_Ldap_Filter::create('objectclass', 'equals', 'hordePerson'), array('attributes' => array('dn'), 'scope' => 'sub'));
if ($search->count() == 1) {
$this->_prefsDN = $search->shiftEntry()->currentDN();
}
} catch (Horde_Ldap_Exception $e) {
}
parent::__construct($user, $params);
}
/**
* Removes a user from a group.
*
* @param mixed $gid A group ID.
* @param string $user A user name.
*
* @throws Horde_Group_Exception
* @throws Horde_Exception_NotFound
*/
public function removeUser($gid, $user)
{
if ($this->readOnly()) {
throw new Horde_Group_Exception('This group backend is read-only.');
}
$attr = $this->_params['memberuid'];
try {
if (!empty($this->_params['attrisdn'])) {
$user = $this->_ldap->findUserDN($user);
}
$entry = $this->_ldap->getEntry($gid, array($attr));
$entry->delete(array($attr => $user));
$this->_rebind(true);
$entry->update();
$this->_rebind(false);
} catch (Horde_Ldap_Exception $e) {
throw new Horde_Group_Exception($e);
}
}
