public function move($entry, $newdn, $target_ldap = null)
{
if (is_string($entry)) {
if ($target_ldap && $target_ldap !== $this) {
throw new Horde_Ldap_Exception('Unable to perform cross directory move: operation requires a Horde_Ldap_Entry object');
}
$entry = $this->getEntry($entry);
}
if (!$entry instanceof Horde_Ldap_Entry) {
throw new Horde_Ldap_Exception('Parameter $entry is expected to be a Horde_Ldap_Entry object! (If DN was passed, conversion failed)');
}
if ($target_ldap && !$target_ldap instanceof Horde_Ldap) {
throw new Horde_Ldap_Exception('Parameter $target_ldap is expected to be a Horde_Ldap object!');
}
if (!$target_ldap || $target_ldap === $this) {
/* Local move. */
$entry->dn($newdn);
$entry->setLDAP($this);
$entry->update();
return;
}
/* Cross directory move. */
if ($target_ldap->exists($newdn)) {
throw new Horde_Ldap_Exception('Unable to perform cross directory move: entry does exist in target directory');
}
$entry->dn($newdn);
try {
$target_ldap->add($entry);
} catch (Exception $e) {
throw new Horde_Ldap_Exception('Unable to perform cross directory move: ' . $e->getMessage() . ' in target directory');
}
try {
$this->delete($entry->currentDN());
} catch (Exception $e) {
try {
$add_error_string = '';
/* Undo add. */
$target_ldap->delete($entry);
} catch (Exception $e) {
$add_error_string = ' Additionally, the deletion (undo add) of $entry in target directory failed.';
}
throw new Horde_Ldap_Exception('Unable to perform cross directory move: ' . $e->getMessage() . ' in source directory.' . $add_error_string);
}
$entry->setLDAP($target_ldap);
} /**
* Update a set of authentication credentials.
*
* @todo Clean this up for Horde 5.
*
* @param string $oldID The old userId.
* @param string $newID The new userId.
* @param array $credentials The new credentials.
* @param string $olddn The old user DN.
* @param string $newdn The new user DN.
*
* @throws Horde_Auth_Exception
*/
public function updateUser($oldID, $newID, $credentials, $olddn = null, $newdn = null)
{
if (!empty($this->_params['ad'])) {
throw new Horde_Auth_Exception(__CLASS__ . ': Updating users is not supported for Active Directory.');
}
if (is_null($olddn)) {
/* Search for the user's full DN. */
try {
$dn = $this->_ldap->findUserDN($oldID);
} catch (Horde_Exception_Ldap $e) {
throw new Horde_Auth_Exception($e);
}
$olddn = $dn;
$newdn = preg_replace('/uid=.*?,/', 'uid=' . $newID . ',', $dn, 1);
$shadow = $this->_lookupShadow($dn);
/* If shadowmin hasn't yet expired only change when we are
administrator */
if ($shadow['shadowlastchange'] && $shadow['shadowmin'] && $shadow['shadowlastchange'] + $shadow['shadowmin'] > time() / 86400) {
throw new Horde_Auth_Exception('Minimum password age has not yet expired');
}
/* Set the lastchange field */
if ($shadow['shadowlastchange']) {
$entry['shadowlastchange'] = floor(time() / 86400);
}
/* Encrypt the new password */
$entry['userpassword'] = Horde_Auth::getCryptedPassword($credentials['password'], '', $this->_params['encryption'], 'true');
} else {
$entry = $credentials;
unset($entry['dn']);
}
try {
if ($oldID != $newID) {
$this->_ldap->move($olddn, $newdn);
$this->_ldap->modify($newdn, array('replace' => $entry));
} else {
$this->_ldap->modify($olddn, array('replace' => $entry));
}
} catch (Horde_Ldap_Exception $e) {
throw new Horde_Auth_Exception(sprintf(__CLASS__ . ': Unable to update user "%s"', $newID));
}
}
