__construct()
build_uploadAccounts()
canSelfServiceFieldBeReadOnly()
can_manage()
checkSelfServiceOptions()
checkSelfServiceSettings()
check_configOptions()
check_profileOptions()
delete_attributes()
displaySpecialSelfServicePage()
display_html_attributes()
display_html_delete()
doUploadPostActions()
doUploadPreActions()
getAttributes()
getButtonStatus()
getIcon()
getLDAPAliases()
getLinkToSpecialSelfServicePage()
getManagedAttributes()
getManagedObjectClasses()
getOriginalAttributes()
getRequiredExtensions()
getSelfServiceFields()
getSelfServiceOptions()
getSelfServiceSearchAttributes()
getSelfServiceSettings()
get_RDNAttributes()
get_alias()
get_configOptions()
get_dependencies()
get_help()
get_ldap_filter()
get_metaData()
get_pdfEntries()
get_pdfFields()
get_profileOptions()
get_scope()
get_uploadColumns()
get_uploadPreDepends()
handleAjaxRequest()
init()
is_base_module()
load_Messages()
load_attributes()
load_profile()
module_complete()
module_ready()
postDeleteActions()
postModifyActions()
postModifySelfService()
preDeleteActions()
preModifyActions()
preModifySelfService()
process_attributes()
save_attributes()
supportsAdminInterface()
addMultiValueInputTextField()
addSimpleInputTextField()
addSimplePDFField()
addSimpleSelfServiceTextField()
checkSimpleSelfServiceTextField()
getAccountContainer()
isBooleanConfigOptionSet()
processMultiValueInputTextField()
$attributes
$autoAddObjectClasses
$messages
$meta
$moduleSettings
$orig
$selfServiceSettings
$affiliationTypes
$base
$scope
Manages the eduPerson extension for user accounts.
It implements the complete module interface and uses meta-data
provided by the account modules for its functions.
Location and naming of modules
All LAM modules are placed in lib/modules/ and are named "
You can avoid to override many functions by using get_metaData().
All module classes should extend the baseModule class.
| package | modules |
|---|---|
| author | Roland Gruber |
__construct(string $scope)
stringaccount type (user, group, host)
build_uploadAccounts(array $rawAccounts, array $ids, array $partialAccounts, array $selectedModules) : array
Calling this method does not require the existence of an enclosing accountContainer.
Returns an array which contains subarrays to generate StatusMessages if any errors occured.
arraylist of hash arrays (name => value) from user input
arraylist of IDs for column position (e.g. "posixAccount_uid" => 5)
arraylist of hash arrays (name => value) which are later added to LDAP
arraylist of selected account modules
arraylist of error messages if anycanSelfServiceFieldBeReadOnly(String $fieldID, \selfServiceProfile $profile)
| inherited_from | \baseModule::canSelfServiceFieldBeReadOnly() |
|---|
Stringfield identifier
can_manage() : boolean
Calling this method does not require the existence of an enclosing accountContainer.
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::can_manage() |
booleantrue if module fitscheckSelfServiceOptions(string $fields, array $attributes, boolean $passwordChangeOnly, array $readOnlyFields) : array
Return values:
messages: array of parameters to create status messages
add: array of attributes to add
del: array of attributes to remove
mod: array of attributes to modify
info: array of values with informational value (e.g. to be used later by pre/postModify actions)
Calling this method does not require the existence of an enclosing accountContainer.
| inherited_from | \baseModule::checkSelfServiceOptions() |
|---|
stringinput fields
arrayLDAP attributes
booleanindicates that the user is only allowed to change his password and no LDAP content is readable
arraylist of read-only fields
arraymessages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))checkSelfServiceSettings(array $options, \selfServiceProfile $profile) : array
Calling this method does not require the existence of an enclosing accountContainer.
If the input data is invalid the return value is an array that contains arrays
to build StatusMessages (message type, message head, message text). If no errors
occured the function returns an empty array.
| inherited_from | \baseModule::checkSelfServiceSettings() |
|---|
arrayhash array (option name => value) that contains the input. The option values are all arrays containing one or more elements.
arrayerror messagescheck_configOptions(array $scopes, array $options) : array
Calling this method does not require the existence of an enclosing accountContainer.
If the input data is invalid the return value is an array that contains subarrays to build StatusMessages ('message type', 'message head', 'message text').
If no errors occured the function returns an empty array.
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::check_configOptions() |
arraylist of account types which are used
arrayhash array (option name => value) that contains the input. The option values are all arrays containing one or more elements.
arraylist of error messagescheck_profileOptions(array $options) : array
Calling this method does not require the existence of an enclosing accountContainer.
$options is an hash array (option name => value) that contains the user input.
The option values are all arrays containing one or more elements.
If the input data is invalid the return value is an array that contains arrays
to build StatusMessages (message type, message head, message text). If no errors occured
the function returns an empty array.
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::check_profileOptions() |
arraya hash array (name => value) containing the user input
arraylist of error messages (array(type, title, text)) to generate StatusMessages, if anydelete_attributes() : \List
Calling this method requires the existence of an enclosing accountContainer.
It allows additional LDAP changes when an account is deleted.
| inherited_from | \baseModule::delete_attributes() |
|---|
\Listof LDAP operations, same as for save_attributes()displaySpecialSelfServicePage(\selfServiceProfile $profile) : \htmlElement
| see | \global\htmlElement |
|---|---|
| inherited_from | \baseModule::displaySpecialSelfServicePage() |
\htmlElementmeta HTML objectdisplay_html_attributes() : \htmlElement
Calling this method requires the existence of an enclosing accountContainer.
\htmlElementHTML meta datadisplay_html_delete() : \htmlElement
Calling this method requires the existence of an enclosing accountContainer.
This can be used to interact with the user, e.g. should the home directory be deleted? The output
of all modules is displayed on a single page.
| see | \global\htmlElement |
|---|---|
| inherited_from | \baseModule::display_html_delete() |
\htmlElementmeta HTML objectdoUploadPostActions(array $data, array $ids, array $failed, array $temp, array $accounts) : array
modifying group memberships, adding Quota etc..).
Calling this method does not require the existence of an enclosing accountContainer.
This function is called as long as the returned status is 'finished'. Please make sure
that one function call lasts no longer than 3-4 seconds. Otherwise the upload may fail
because the time limit is exceeded. You should not make more than one LDAP operation in
each call.
| inherited_from | \baseModule::doUploadPostActions() |
|---|
arrayarray containing one account in each element
arraymaps the column names to keys for the sub arrays (array(
arraylist of account numbers which could not be successfully uploaded to LDAP
arrayvariable to store temporary data between two post actions
arraylist of LDAP entries
arraycurrent status doUploadPreActions(array $attributes) : array
| inherited_from | \baseModule::doUploadPreActions() |
|---|
arrayLDAP attributes of this entry (attributes are provided as reference, handle modifications of $attributes with care)
arrayarray which contains status messages. Each entry is an array containing the status message parameters.getAttributes() : array
| inherited_from | \baseModule::getAttributes() |
|---|
arrayattributesgetButtonStatus() : string
Calling this method requires the existence of an enclosing accountContainer.
Possible return values:
| inherited_from | \baseModule::getButtonStatus() |
|---|
stringstatus ("enabled", "disabled", "hidden")getIcon() : \unknown
The path must be releative to graphics (e.g. key.png). You can also set $this->meta['icon']. The preferred size is 32x32px.
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::getIcon() |
\unknowngetLDAPAliases() : array
Calling this method does not require the existence of an enclosing accountContainer.
All alias attributes will be renamed to the given attribute names.
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::getLDAPAliases() |
arraylist of aliases like array("alias name" => "attribute name")getLinkToSpecialSelfServicePage(array $settings) : String
The link is shown on the login page of the self service. You can use this to provide e.g. a page to reset passwords.
| inherited_from | \baseModule::getLinkToSpecialSelfServicePage() |
|---|
arrayself service settings
Stringlink text (null if no special page used)getManagedAttributes() : array
All attribute names will be renamed to match the given spelling.
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::getManagedAttributes() |
arraylist of attributesgetManagedObjectClasses() : array
Calling this method does not require the existence of an enclosing accountContainer.
This is used to fix spelling errors in LDAP-Entries (e.g. if "posixACCOUNT" is read instead of "posixAccount" from LDAP).
Example: return array('posixAccount')
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::getManagedObjectClasses() |
arraylist of object classesgetOriginalAttributes() : array
| inherited_from | \baseModule::getOriginalAttributes() |
|---|
arrayattributesgetRequiredExtensions() : array
hash) which are needed by this module.
Calling this method does not require the existence of an enclosing accountContainer.
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::getRequiredExtensions() |
arrayextensionsgetSelfServiceFields() : array
Calling this method does not require the existence of an enclosing accountContainer.
Format: array(
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::getSelfServiceFields() |
arrayfieldsgetSelfServiceOptions(array $fields, array $attributes, boolean $passwordChangeOnly, array $readOnlyFields) : array
Calling this method does not require the existence of an enclosing accountContainer.
It is not possible to display help links.
| see | \global\htmlElement |
|---|---|
| inherited_from | \baseModule::getSelfServiceOptions() |
arraylist of active fields
arrayattributes of LDAP account
booleanindicates that the user is only allowed to change his password and no LDAP content is readable
arraylist of read-only fields
arraylist of meta HTML elements (field name => htmlTableRow)getSelfServiceSearchAttributes() : array
uid, cn, ...) which can be used to search for LDAP objects.
Calling this method does not require the existence of an enclosing accountContainer.
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::getSelfServiceSearchAttributes() |
arrayattributesgetSelfServiceSettings(\selfServiceProfile $profile) : \htmlElement
Calling this method does not require the existence of an enclosing accountContainer.
The name attributes are used as keywords to load
and save settings. We recommend to use the module name as prefix for them
(e.g. posixAccount_homeDirectory) to avoid naming conflicts.
| see | \global\baseModule::get_metaData() |
|---|---|
| see | \global\htmlElement |
| inherited_from | \baseModule::getSelfServiceSettings() |
\htmlElementmeta HTML objectget_RDNAttributes() : array
Calling this method does not require the existence of an enclosing accountContainer.
The returned elements have this form:
Example: return array('uid' => 'normal', 'cn' => 'low')
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::get_RDNAttributes() |
arraylist of attributesget_alias() : string
Calling this method does not require the existence of an enclosing accountContainer.
This function returns a more descriptive string than the class name. Alias names are used for the buttons on the account pages and the module selection in the configuration wizard.
Please take care that your alias name is not too long. It may contain any character but should not include parts that may be interpreted by the browser (e.g. '<' or '>').
If you use different aliases dependent on the account type please make sure that there is a general alias for unknown types.
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::get_alias() |
stringalias nameget_configOptions(array $scopes, array $allScopes) : mixed
Calling this method does not require the existence of an enclosing accountContainer.
The field names are used as keywords to load and save settings.
We recommend to use the module name as prefix for them (e.g. posixAccount_homeDirectory) to avoid naming conflicts.
| see | \global\baseModule::get_metaData() |
|---|---|
| see | \global\htmlElement |
| inherited_from | \baseModule::get_configOptions() |
arrayaccount types (user, group, host)
arraylist of all active account modules and their scopes (module => array(scopes))
mixedhtmlElement or array of htmlElementget_dependencies() : array
Calling this method does not require the existence of an enclosing accountContainer.
The return value is an array with two sub arrays, "depends" and "conflicts".
All values of the conflict array are string values with module names. All values of the depends
array are either string values with module names or arrays which include only string values with
module names.
If an element of the depends array is itself an array, this means that your module
depends on one of these modules.
Example: return array("depends" => array("posixAccount", array("qmail", "sendmail")), "conflicts" => array("exim"))
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::get_dependencies() |
arraylist of dependencies and conflictsget_help(string $id) : array
Calling this method does not require the existence of an enclosing accountContainer.
The result is an hashtable with the following keys:
Example:
array('Headline' => 'This is the head line', 'Text' => 'Help content', 'SeeAlso' => array('text' => 'LAM homepage', 'link' => 'http://www.ldap-account-manager.org/'))
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::get_help() |
stringThe id string for the help entry needed.
arrayThe desired help entry.get_ldap_filter() : string
Calling this method does not require the existence of an enclosing accountContainer.
Returns an array('or' => '...', 'and' => '...') that is used to build the LDAP filter. Usually, this is used to filter object classes.
All "or" filter parts of the base modules are combined with OR and then combined with the "and" parts.
The resulting LDAP filter will look like this: (&(|(OR1)(OR2)(OR3))(AND1)(AND2)(AND3))
Example: return array('or' => '(objectClass=posixAccount)', 'and' => '(!(uid=*$))')
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::get_ldap_filter() |
stringLDAP filterget_pdfEntries() : array
arraylist of possible PDF entriesget_pdfFields() : array
Calling this method does not require the existence of an enclosing accountContainer.
This method must be overwritten in case that there are non static values
to be returned. The $this->meta['PDF_fields'] array may be used for static content.
Format of returned hashtable:
This function uses XML formatted commands to define the PDF output. Each part in the PDF
document is surrounded by "
Inside the
Special commands:
Examples:
Simple name+value lines:
In most cases you will just want to display a single line per attribute with its name and value.
'myAttribute' => '
This will give the following PDF output:
Attribute name: 12345
Multiline values:
Sometimes you have multivalued attributes where it is not applicable to write all values in one line but
where you want to list your values one below the other or show a table. This can be done by using the
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::get_pdfFields() |
arrayPDF entriesget_profileOptions() : \htmlElement
Calling this method does not require the existence of an enclosing accountContainer.
The return value is an object implementing htmlElement.
The field name are used as keywords to load
and save profiles. We recommend to use the module name as prefix for them
(e.g. posixAccount_homeDirectory) to avoid naming conflicts.
| see | \global\baseModule::get_metaData() |
|---|---|
| see | \global\htmlElement |
| inherited_from | \baseModule::get_profileOptions() |
\htmlElementmeta HTML objectget_scope() : string
| inherited_from | \baseModule::get_scope() |
|---|
stringaccount typeget_uploadColumns(array $selectedModules) : array
Calling this method does not require the existence of an enclosing accountContainer.
This funtion returns an array which contains subarrays which represent an upload column.
Syntax of column arrays:
array(
string: name, // fixed non-translated name which is used as column name (should be of format:
string: description, // short descriptive name
string: help, // help ID
string: example, // example value
string: values, // possible input values (optional)
string: default, // default value (optional)
boolean: required // true, if user must set a value for this column
boolean: unique // true if all values of this column must be different values (optional, default: "false")
)
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::get_uploadColumns() |
arraylist of selected account modules
arraycolumn listget_uploadPreDepends() : array
Calling this method does not require the existence of an enclosing accountContainer.
The named modules may not be active, LAM will check this automatically.
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::get_uploadPreDepends() |
arraylist of module nameshandleAjaxRequest()
This function may be called with or without an account container.
| inherited_from | \baseModule::handleAjaxRequest() |
|---|
init(string $base)
Calling this method requires the existence of an enclosing accountContainer.
| inherited_from | \baseModule::init() |
|---|
stringthe name of the {@link accountContainer} object ($_SESSION[$base])
is_base_module() : boolean
Calling this method does not require the existence of an enclosing accountContainer.
Every account type needs exactly one base module. A base module manages a structural object class.
E.g. the inetOrgPerson module is a base module since its object class is structural.
| see | \global\baseModule::get_metaData() |
|---|---|
| inherited_from | \baseModule::is_base_module() |
booleantrue if base module (defaults to false if no meta data is provided)load_Messages()
Calling this method requires the existence of an enclosing accountContainer.
load_attributes(array $attributes)
Calling this method requires the existence of an enclosing accountContainer.
By default this method loads the object classes and accounts which are specified in getManagedObjectClasses()
and getManagedAttributes().
| inherited_from | \baseModule::load_attributes() |
|---|
arrayarray like the array returned by get_ldap_attributes(dn of account) but without count indices
load_profile(array $profile)
Calling this method does not require the existence of an enclosing accountContainer.
arrayhash array with profile values (identifier => value)
module_complete() : boolean
Calling this method requires the existence of an enclosing accountContainer.
This function tells LAM if it can create/modify the LDAP account. If your module needs any
additional input then set this to false. The user will be notified that your module needs
more input.
This method's return value defaults to true.
booleantrue, if all is okmodule_ready() : boolean
Calling this method requires the existence of an enclosing accountContainer.
Your module might depend on input of other modules. This function determines if the user
can change to your module page or not. The return value is true if your module accepts
input, otherwise false.
This method's return value defaults to true.
| inherited_from | \baseModule::module_ready() |
|---|
booleantrue, if page can be displayedpostDeleteActions() : array
Calling this method requires the existence of an enclosing accountContainer.
| inherited_from | \baseModule::postDeleteActions() |
|---|
arrayArray which contains status messages. Each entry is an array containing the status message parameters.postModifyActions(boolean $newAccount, array $attributes) : array
Calling this method requires the existence of an enclosing accountContainer.
| inherited_from | \baseModule::postModifyActions() |
|---|
booleannew account
arrayLDAP attributes of this entry
arrayarray which contains status messages. Each entry is an array containing the status message parameters.postModifySelfService(array $attributes) : boolean
| inherited_from | \baseModule::postModifySelfService() |
|---|
arrayLDAP attributes of this entry
booleantrue, if no problems occuredpreDeleteActions() : array
Calling this method requires the existence of an enclosing accountContainer.
| inherited_from | \baseModule::preDeleteActions() |
|---|
arrayArray which contains status messages. Each entry is an array containing the status message parameters.preModifyActions(boolean $newAccount, array $attributes) : array
Calling this method requires the existence of an enclosing accountContainer.
The modification is aborted if an error message is returned.
| inherited_from | \baseModule::preModifyActions() |
|---|
booleannew account
arrayLDAP attributes of this entry (added/modified attributes are provided as reference, handle modifications of $attributes with care)
arrayarray which contains status messages. Each entry is an array containing the status message parameters.preModifySelfService(array $attributes) : boolean
An error message should be printed if the function returns false.
| inherited_from | \baseModule::preModifySelfService() |
|---|
arrayLDAP attributes of this entry
booleantrue, if no problems occuredprocess_attributes() : array
It checks if all input values are correct and updates the associated LDAP attributes.
arraylist of info/error messagessave_attributes() : array
Calling this method requires the existence of an enclosing accountContainer.
This function returns an array with 3 entries:
array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
DN is the DN to change. It is possible to change several DNs (e.g. create a new user and add him
to some groups via attribute memberUid)
"add" are attributes which have to be added to the LDAP entry
"remove" are attributes which have to be removed from the LDAP entry
"modify" are attributes which have to be modified in the LDAP entry
"notchanged" are attributes which stay unchanged
"info" values with informational value (e.g. to be used later by pre/postModify actions)
This builds the required comands from $this-attributes and $this->orig.
| inherited_from | \baseModule::save_attributes() |
|---|
arraylist of modificationssupportsAdminInterface() : boolean
The LAM admin interface are the pages that allow to manage e.g. users and groups. In contrast there is also the LAM self service interface. Most modules support the admin interface.
| inherited_from | \baseModule::supportsAdminInterface() |
|---|
booleansupport admin interfaceaddMultiValueInputTextField(\htmlTable $container, String $attrName, String $label, boolean $required, integer $length)
The field name will be the same as the attribute name plus a counting number (e.g. street_0). The last field will be followed by a button to add a new value. This is named add_{attribute name} (e.g. add_street). There must be a help entry with the attribute name as ID. A new line will also be added after this entry so multiple calls will show the fields one below the other.
| inherited_from | \baseModule::addMultiValueInputTextField() |
|---|
Stringattribute name
Stringlabel name
booleanthis is a required field (default false)
integerfield length
addSimpleInputTextField(\htmlTable $container, String $attrName, String $label, boolean $required, integer $length, boolean $isTextArea)
The field name will be the same as the attribute name. There must also be a help entry with the attribute name as ID. A new line will also be added after this entry so multiple calls will show the fields one below the other.
| inherited_from | \baseModule::addSimpleInputTextField() |
|---|
Stringattribute name
Stringlabel name
booleanthis is a required field (default false)
integerfield length
booleanshow as text area (default false)
addSimplePDFField(array $result, String $name, String $label, String $attrName, String $delimiter)
| inherited_from | \baseModule::addSimplePDFField() |
|---|
arrayresult array (entry will be added here)
StringID
Stringlabel name
Stringattribute name (default: =$name)
Stringdelimiter if multiple attribute values exist (default: ", ")
addSimpleSelfServiceTextField(array $container, String $name, String $label, array $fields, array $attributes, array $readOnlyFields, boolean $required, boolean $isTextArea)
The field name will be the same as the class name plus "_" plus attribute name (e.g. posixAccount_cn).
| inherited_from | \baseModule::addSimpleSelfServiceTextField() |
|---|
arrayarray that is used as return value for getSelfServiceOptions()
Stringattribute name (== field name)
Stringlabel to display in front of input field
arraylist of active fields
arrayattributes of LDAP account
arraylist of read-only fields
booleanfield is required
booleandisplay as text area
checkSimpleSelfServiceTextField(array $container, String $name, array $attributes, string $fields, array $readOnlyFields, String $validationID)
The field name must be the same as the class name plus "_" plus attribute name (e.g. posixAccount_cn). If validation is used then there must exist a message named [{attribute name}][0] (e.g. $this->messages['street'][0]).
| inherited_from | \baseModule::checkSimpleSelfServiceTextField() |
|---|
arrayreturn value of checkSelfServiceOptions()
Stringattribute name
arrayLDAP attributes
stringinput fields
arraylist of read-only fields
Stringvalidation ID for get_preg()
getAccountContainer() : \accountContainer
| see | \global\accountContainer |
|---|---|
| inherited_from | \baseModule::getAccountContainer() |
\accountContaineraccountContainer objectisBooleanConfigOptionSet(String $optionName) : boolean
This function returns false if the configuration options cannot be read.
| inherited_from | \baseModule::isBooleanConfigOptionSet() |
|---|
Stringname of the option
booleantrue if option is setprocessMultiValueInputTextField(String $attrName, array $errors, String $validationID)
The input fields must be created with function addMultiValueInputTextField(). If validation is used then there must exist a message named [{attribute name}][0] (e.g. $this->messages['street'][0]).
| inherited_from | \baseModule::processMultiValueInputTextField() |
|---|
Stringattribute name
arrayerrors array where to put validation errors
Stringvalidation ID for function get_preg() (default: null, null means no validation)
$attributes
| inherited_from | \baseModule::$$attributes |
|---|
$autoAddObjectClasses
| inherited_from | \baseModule::$$autoAddObjectClasses |
|---|
$moduleSettings
| inherited_from | \baseModule::$$moduleSettings |
|---|
$orig
| inherited_from | \baseModule::$$orig |
|---|
$selfServiceSettings
| inherited_from | \baseModule::$$selfServiceSettings |
|---|
$affiliationTypes
$base
| inherited_from | \baseModule::$$base |
|---|
$scope
| inherited_from | \baseModule::$$scope |
|---|