public function move($entry, $newdn, $target_ldap = null)
{
if (is_string($entry)) {
if ($target_ldap && $target_ldap !== $this) {
throw new Horde_Ldap_Exception('Unable to perform cross directory move: operation requires a Horde_Ldap_Entry object');
}
$entry = $this->getEntry($entry);
}
if (!$entry instanceof Horde_Ldap_Entry) {
throw new Horde_Ldap_Exception('Parameter $entry is expected to be a Horde_Ldap_Entry object! (If DN was passed, conversion failed)');
}
if ($target_ldap && !$target_ldap instanceof Horde_Ldap) {
throw new Horde_Ldap_Exception('Parameter $target_ldap is expected to be a Horde_Ldap object!');
}
if (!$target_ldap || $target_ldap === $this) {
/* Local move. */
$entry->dn($newdn);
$entry->setLDAP($this);
$entry->update();
return;
}
/* Cross directory move. */
if ($target_ldap->exists($newdn)) {
throw new Horde_Ldap_Exception('Unable to perform cross directory move: entry does exist in target directory');
}
$entry->dn($newdn);
try {
$target_ldap->add($entry);
} catch (Exception $e) {
throw new Horde_Ldap_Exception('Unable to perform cross directory move: ' . $e->getMessage() . ' in target directory');
}
try {
$this->delete($entry->currentDN());
} catch (Exception $e) {
try {
$add_error_string = '';
/* Undo add. */
$target_ldap->delete($entry);
} catch (Exception $e) {
$add_error_string = ' Additionally, the deletion (undo add) of $entry in target directory failed.';
}
throw new Horde_Ldap_Exception('Unable to perform cross directory move: ' . $e->getMessage() . ' in source directory.' . $add_error_string);
}
$entry->setLDAP($target_ldap);
}
/** * Update a set of authentication credentials. * * @todo Clean this up for Horde 5. * * @param string $oldID The old userId. * @param string $newID The new userId. * @param array $credentials The new credentials. * @param string $olddn The old user DN. * @param string $newdn The new user DN. * * @throws Horde_Auth_Exception */ public function updateUser($oldID, $newID, $credentials, $olddn = null, $newdn = null) { if (!empty($this->_params['ad'])) { throw new Horde_Auth_Exception(__CLASS__ . ': Updating users is not supported for Active Directory.'); } if (is_null($olddn)) { /* Search for the user's full DN. */ try { $dn = $this->_ldap->findUserDN($oldID); } catch (Horde_Exception_Ldap $e) { throw new Horde_Auth_Exception($e); } $olddn = $dn; $newdn = preg_replace('/uid=.*?,/', 'uid=' . $newID . ',', $dn, 1); $shadow = $this->_lookupShadow($dn); /* If shadowmin hasn't yet expired only change when we are administrator */ if ($shadow['shadowlastchange'] && $shadow['shadowmin'] && $shadow['shadowlastchange'] + $shadow['shadowmin'] > time() / 86400) { throw new Horde_Auth_Exception('Minimum password age has not yet expired'); } /* Set the lastchange field */ if ($shadow['shadowlastchange']) { $entry['shadowlastchange'] = floor(time() / 86400); } /* Encrypt the new password */ $entry['userpassword'] = Horde_Auth::getCryptedPassword($credentials['password'], '', $this->_params['encryption'], 'true'); } else { $entry = $credentials; unset($entry['dn']); } try { if ($oldID != $newID) { $this->_ldap->move($olddn, $newdn); $this->_ldap->modify($newdn, array('replace' => $entry)); } else { $this->_ldap->modify($olddn, array('replace' => $entry)); } } catch (Horde_Ldap_Exception $e) { throw new Horde_Auth_Exception(sprintf(__CLASS__ . ': Unable to update user "%s"', $newID)); } }