Fixed kerberos path again. Default Ubuntu installs do indeed use /var/lib/krb5kdc. Really should try to autodetect that.
<?php
define('NEED_ADMIN', 1);
require('includes/starthere.php');
// POSTed actions
if ( !empty($_SERVER['PATH_INFO']) )
{
$pi = explode('/', trim($_SERVER['PATH_INFO'], '/'));
switch($pi[0])
{
case 'disable':
if ( !isset($pi[1]) )
break;
$user =& $pi[1];
$userinfo = ldap_get_user($user);
if ( !$userinfo )
break;
disable_user($user);
queue_message(E_NOTICE, "{$userinfo['cn']}'s account was disabled.");
break;
case 'enable':
if ( !isset($pi[1]) )
break;
$user =& $pi[1];
$userinfo = ldap_get_user($user);
if ( !$userinfo )
break;
enable_user($user);
queue_message(E_NOTICE, "{$userinfo['cn']}'s account was enabled.");
break;
case 'delete':
if ( !isset($pi[1]) )
break;
$user =& $pi[1];
$userinfo = ldap_get_user($user);
if ( !$userinfo )
break;
delete_user($user);
queue_message(E_NOTICE, "{$userinfo['cn']}'s account was deleted.");
break;
case 'create':
if ( empty($_POST) )
{
queue_message(E_ERROR, "Bad request");
break;
}
// basic re-validation
if ( $_POST['password'] !== $_POST['password_confirm'] )
{
queue_message(E_ERROR, "Passwords do not match");
break;
}
if ( empty($_POST['cn']) )
$_POST['cn'] = "{$_POST['givenName']} {$_POST['surname']}";
if ( empty($_POST['uid']) )
$_POST['uid'] = sprintf("%s%s", strtolower($_POST['givenName']{0}), strtolower(preg_replace('/[^A-Za-z0-9]/', '', $_POST['surname'])));
if ( create_user($_POST['uid'], $_POST['password'], $_POST['givenName'], $_POST['surname'], $_POST['cn'], $_POST['title']) )
queue_message(E_NOTICE, "{$_POST['cn']}'s account has been created!");
else
queue_message(E_ERROR, "Failed to create account");
break;
case 'resetpw':
if ( empty($_POST) )
{
queue_message(E_ERROR, "Bad request");
break;
}
// basic re-validation
if ( $_POST['password'] !== $_POST['password_confirm'] || empty($_POST['uid']) )
{
queue_message(E_ERROR, "Passwords do not match");
break;
}
$userinfo = ldap_get_user($_POST['uid']);
if ( !$userinfo )
break;
if ( reset_password($_POST['uid'], $_POST['password']) )
queue_message(E_NOTICE, "{$userinfo['cn']}'s password has been reset.");
else
queue_message(E_ERROR, "Failed to reset password");
break;
case 'edit':
if ( !isset($pi[1]) )
break;
$user =& $pi[1];
$userinfo = ldap_get_user($user);
if ( !$userinfo )
break;
if ( !empty($_POST) )
{
if ( ldap_update_user($user, $_POST['entry']) )
{
queue_message(E_NOTICE, "Updated user \"{$_POST['entry']['cn'][0]}\".");
redirect('/users');
}
}
display_template('useredit', array(
'this_user' => $userinfo
, 'readonly' => $ldap_readonly_attrs
, 'field_names' => $ldap_field_names
, 'dn' => ldap_make_user_dn($user)
));
exit;
break;
}
}
// list users, and fill with enabled status for the UI
$users = ldap_list_users();
foreach ( $users as $username => &$u )
{
$u['enabled'] = is_user_enabled($username);
}
unset($u);
// Present the UI
display_template('users', array(
'users' => $users
));