array('add' => array('attribute1' => array('val1', 'val2'),
'attribute2' => array('val1')),
'delete' => array('attribute1'),
'replace' => array('attribute1' => array('val1')),
'changes' => array('add' => ...,
'replace' => ...,
'delete' => array('attribute1', 'attribute2' => array('val1')))
The order of execution is as following:
1. adds from 'add' array
2. deletes from 'delete' array
3. replaces from 'replace' array
4. changes (add, replace, delete) in order of appearance
The function calls the corresponding functions of an Horde_Ldap_Entry
object. A detailed description of array structures can be found there.
Unlike the modification methods provided by the Horde_Ldap_Entry object,
this method will instantly carry out an update() after each operation,
thus modifying "directly" on the server. public function modify($entry, $parms = array())
{
if (is_string($entry)) {
$entry = $this->getEntry($entry);
}
if (!$entry instanceof Horde_Ldap_Entry) {
throw new Horde_Ldap_Exception('Parameter is not a string nor an entry object!');
}
if ($unknown = array_diff(array_keys($parms), array('add', 'delete', 'replace', 'changes'))) {
throw new Horde_Ldap_Exception('Unknown modify action(s): ' . implode(', ', $unknown));
}
/* Perform changes mentioned separately. */
foreach (array('add', 'delete', 'replace') as $action) {
if (!isset($parms[$action])) {
continue;
}
$entry->{$action}($parms[$action]);
$entry->setLDAP($this);
/* Because the ldap_*() functions are called inside
* Horde_Ldap_Entry::update(), we have to trap the error codes
* issued from that if we want to support reconnection. */
while (true) {
try {
$entry->update();
break;
} catch (Exception $e) {
/* We have a failure. What kind? We may be able to
* reconnect and try again. */
if ($this->errorName($e->getCode()) != 'LDAP_OPERATIONS_ERROR' || !$this->_config['auto_reconnect']) {
/* Errors other than the above catched are just passed
* back to the user so he may react upon them. */
throw new Horde_Ldap_Exception('Could not modify entry: ' . $e->getMessage());
}
/* The server has disconnected before trying the operation.
* We should try again, possibly with a different
* server. */
$this->_link = false;
$this->_reconnect();
}
}
}
if (!isset($parms['changes']) || !is_array($parms['changes'])) {
return;
}
/* Perform combined changes in 'changes' array. */
foreach ($parms['changes'] as $action => $value) {
$this->modify($entry, array($action => $value));
}
} /**
* Reset a user's password. Used for example when the user does not
* remember the existing password.
*
* @param string $userId The user id for which to reset the password.
*
* @return string The new password on success.
* @throws Horde_Auth_Exception
*/
public function resetPassword($userId)
{
if (!empty($this->_params['ad'])) {
throw new Horde_Auth_Exception(__CLASS__ . ': Updating users is not supported for Active Directory.');
}
/* Search for the user's full DN. */
try {
$dn = $this->_ldap->findUserDN($userId);
} catch (Horde_Exception_Ldap $e) {
throw new Horde_Auth_Exception($e);
}
/* Get a new random password. */
$password = Horde_Auth::genRandomPassword();
/* Encrypt the new password */
$entry = array('userpassword' => Horde_Auth::getCryptedPassword($password, '', $this->_params['encryption'], 'true'));
/* Set the lastchange field */
$shadow = $this->_lookupShadow($dn);
if ($shadow['shadowlastchange']) {
$entry['shadowlastchange'] = floor(time() / 86400);
}
/* Update user entry. */
try {
$this->_ldap->modify($dn, array('replace' => $entry));
} catch (Horde_Ldap_Exception $e) {
throw new Horde_Auth_Exception($e);
}
return $password;
}
