$errmsg
\n";
log_action("error: ".$errmsg);
}
function log_action($errmsg)
{
global $LOGFILE, $REMOTE_ADDR, $PHP_AUTH_USER;
$fd = fopen("$LOGFILE", "a");
fwrite($fd, "[".date("H:i:s d/M/Y")."] $PHP_AUTH_USER@$REMOTE_ADDR $errmsg\n");
fclose($fd);
}
# Use this function to determine contraints on objects and returns a set
# of characters with the following meaning:
# o: binddn owns the object
# a: binddn is administrator
# m: binddn is member
function check_constraint($dn = "")
{
global $ldap, $binddn, $BASEDN;
$result = "";
$num_owners = 0;
if (strlen($dn)>0) {
// get owners for this object
$query = ldap_read($ldap, $dn, "(objectclass=*)", array("owner"));
$entries = ldap_get_entries($ldap, $query);
ldap_free_result($query);
$num_owners = $entries[0][owner][count];
for ($i = 0; $i<$num_owners; $i++) {
if ($entries[0][owner][$i]==$binddn) {
$result .= "o";
$num_owners = 0;
}
}
}
// get administrators for BASEDN
$query = ldap_read($ldap, $BASEDN, "(objectclass=*)", array("administrator", "member"));
$entries = ldap_get_entries($ldap, $query);
ldap_free_result($query);
for ($i = 0; $i<$entries[0][administrator][count]; $i++) {
if ($entries[0][administrator][$i]==$binddn) {
$result .= "a";
break;
}
}
if ($num_owners==0) {
// only objects owned by nobody except binddn are granted to members
for ($i = 0; $i<$entries[0][member][count]; $i++) {
if ($entries[0][member][$i]==$binddn) {
$result .= "m";
break;
}
}
}
print "";
return $result;
}
?>