cc2ac4acde48cd26c846a3f2ed10ede68cc0dae9
1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/setup/migrate.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
62 var $show_details = FALSE;
64 /* Department migration attributes */
65 var $users_migration_dialog= FALSE;
66 var $users_to_migrate = array();
68 /* Create Acl attributes */
69 var $acl_create_dialog = FALSE;
70 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
71 var $acl_create_changes = ""; // Contains ldif information about changes
72 var $acl_create_confirmed= FALSE;
74 /* Checks initialised ? */
75 var $checks_initialised = FALSE;
77 /* Users outside to people ou */
78 var $outside_users = array();
79 var $outside_users_dialog = FALSE;
81 /* Users outside to groups ou */
82 var $outside_groups = array();
83 var $outside_groups_dialog = FALSE;
85 /* Device migration */
86 var $device_dialog = FALSE;
87 var $device = array();
89 /* Service migration */
90 var $service_dialog = FALSE;
91 var $service = array();
93 /* Group menus */
94 var $menu_dialog = FALSE;
95 var $menu = array();
97 /* Win-Workstations outside to reserved ou */
98 var $outside_winstations = array();
99 var $outside_winstations_dialog = FALSE;
101 /* check for multiple use of same uidNumber */
102 var $check_uidNumbers = array();
103 var $check_uidNumbers_dialog = FALSE;
105 /* check for multiple use of same gidNumber */
106 var $check_gidNumbers = array();
107 var $check_gidNumbers_dialog = FALSE;
109 var $group_list = array();
111 /* Migrateable users */
112 var $migrate_users = array();
113 var $acl_migrate_dialog = FALSE;
114 var $migrate_acl_base_entry = "";
116 /* Root object classes */
117 var $rootOC_migrate_dialog = FALSE;
118 var $rootOC_details = array();
120 function Step_Migrate()
121 {
122 $this->update_strings();
123 }
125 function update_strings()
126 {
127 $this->s_title = _("LDAP inspection");
128 $this->s_title_long = _("LDAP inspection");
129 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
130 }
132 function initialize_checks()
133 {
134 $this->checks = array();
135 $this->checks['root']['TITLE'] = _("Checking for root object");
136 $this->checks['root']['STATUS'] = FALSE;
137 $this->checks['root']['STATUS_MSG']= "";
138 $this->checks['root']['ERROR_MSG'] = "";
139 $this->checkBase();
141 $this->checks['rootOC']['TITLE'] = _("Inspecting object classes in root object");
142 $this->checks['rootOC']['STATUS'] = FALSE;
143 $this->checks['rootOC']['STATUS_MSG']= "";
144 $this->checks['rootOC']['ERROR_MSG'] = "";
145 $this->checkBaseOC();
147 $this->checks['permissions']['TITLE'] = _("Checking permission for LDAP database");
148 $this->checks['permissions']['STATUS'] = FALSE;
149 $this->checks['permissions']['STATUS_MSG']= "";
150 $this->checks['permissions']['ERROR_MSG'] = "";
151 $this->check_ldap_permissions();
153 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible departments");
154 $this->checks['deps_visible']['STATUS'] = FALSE;
155 $this->checks['deps_visible']['STATUS_MSG']= "";
156 $this->checks['deps_visible']['ERROR_MSG'] = "";
158 $this->checks['users_visible']['TITLE'] = _("Checking for invisible users");
159 $this->checks['users_visible']['STATUS'] = FALSE;
160 $this->checks['users_visible']['STATUS_MSG']= "";
161 $this->checks['users_visible']['ERROR_MSG'] = "";
162 $this->check_gosaAccounts();
164 $this->migrate_users = array();
165 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
166 $this->checks['acls']['STATUS'] = FALSE;
167 $this->checks['acls']['STATUS_MSG']= "";
168 $this->checks['acls']['ERROR_MSG'] = "";
169 $this->check_administrativeAccount();
171 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree");
172 $this->checks['outside_users']['STATUS'] = FALSE;
173 $this->checks['outside_users']['STATUS_MSG']= "";
174 $this->checks['outside_users']['ERROR_MSG'] = "";
175 $this->search_outside_users();
177 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree");
178 $this->checks['outside_groups']['STATUS'] = FALSE;
179 $this->checks['outside_groups']['STATUS_MSG']= "";
180 $this->checks['outside_groups']['ERROR_MSG'] = "";
181 $this->search_outside_groups();
182 $this->check_organizationalUnits();
184 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation tree");
185 $this->checks['outside_winstations']['STATUS'] = FALSE;
186 $this->checks['outside_winstations']['STATUS_MSG']= "";
187 $this->checks['outside_winstations']['ERROR_MSG'] = "";
188 $this->search_outside_winstations();
190 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicated UID numbers");
191 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
192 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
193 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
194 $this->check_uidNumber();
196 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate GID numbers");
197 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
198 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
199 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
200 $this->check_gidNumber();
202 $this->checks['old_style_devices']['TITLE'] = _("Checking for old style USB devices");
203 $this->checks['old_style_devices']['STATUS'] = FALSE;
204 $this->checks['old_style_devices']['STATUS_MSG']= "";
205 $this->checks['old_style_devices']['ERROR_MSG'] = "";
206 $this->check_usb_devices();
208 $this->checks['old_style_services']['TITLE'] = _("Checking for old services that have to be migrated");
209 $this->checks['old_style_services']['STATUS'] = FALSE;
210 $this->checks['old_style_services']['STATUS_MSG']= "";
211 $this->checks['old_style_services']['ERROR_MSG'] = "";
212 $this->check_services();
214 $this->checks['old_style_menus']['TITLE'] = _("Checking for old style application menus");
215 $this->checks['old_style_menus']['STATUS'] = FALSE;
216 $this->checks['old_style_menus']['STATUS_MSG']= "";
217 $this->checks['old_style_menus']['ERROR_MSG'] = "";
218 $this->check_menus();
219 }
222 /* Check if there are uidNumbers which are used more than once.
223 */
224 function check_uidNumber()
225 {
226 /* Establish ldap connection */
227 $cv = $this->parent->captured_values;
228 $ldap_l = new LDAP($cv['admin'],
229 $cv['password'],
230 $cv['connection'],
231 FALSE,
232 $cv['tls']);
234 $ldap = new ldapMultiplexer($ldap_l);
236 $ldap->cd($cv['base']);
237 $res = $ldap->search("(&(objectClass=posixAccount)(uidNumber=*))",array("dn","uidNumber"));
238 if(!$res){
239 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
240 $this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
241 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
242 return(false);
243 }
245 $this->check_uidNumbers= array();
246 $tmp = array();
247 while($attrs = $ldap->fetch()){
248 $tmp[$attrs['uidNumber'][0]][] = $attrs;
249 }
251 foreach($tmp as $id => $entries){
252 if(count($entries) > 1){
253 foreach($entries as $entry){
254 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
255 }
256 }
257 }
259 if($this->check_uidNumbers){
260 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
261 $this->checks['uidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
262 $this->checks['uidNumber_usage']['ERROR_MSG'] =
263 sprintf(_("Found %s duplicate values for attribute 'uidNumber'."),count($this->check_uidNumbers));
264 return(false);
265 }else{
266 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
267 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
268 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
269 return(TRUE);
270 }
271 }
274 /* Check if there are duplicated gidNumbers present in ldap
275 */
276 function check_gidNumber()
277 {
278 /* Establish ldap connection */
279 $cv = $this->parent->captured_values;
280 $ldap_l = new LDAP($cv['admin'],
281 $cv['password'],
282 $cv['connection'],
283 FALSE,
284 $cv['tls']);
286 $ldap = new ldapMultiplexer($ldap_l);
288 $ldap->cd($cv['base']);
289 $res = $ldap->search("(&(objectClass=posixGroup)(gidNumber=*))",array("dn","gidNumber"));
290 if(!$res){
291 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
292 $this->checks['gidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
293 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
294 return(false);
295 }
297 $this->check_gidNumbers= array();
298 $tmp = array();
299 while($attrs = $ldap->fetch()){
300 $tmp[$attrs['gidNumber'][0]][] = $attrs;
301 }
303 foreach($tmp as $id => $entries){
304 if(count($entries) > 1){
305 foreach($entries as $entry){
306 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
307 }
308 }
309 }
311 if($this->check_gidNumbers){
312 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
313 $this->checks['gidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
314 $this->checks['gidNumber_usage']['ERROR_MSG'] =
315 sprintf(_("Found %s duplicate values for attribute 'gidNumber'."),count($this->check_gidNumbers));
316 return(false);
317 }else{
318 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
319 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
320 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
321 return(TRUE);
322 }
323 }
326 /* Search for winstations outside the winstation ou
327 */
328 function search_outside_winstations()
329 {
330 /* Establish ldap connection */
331 $cv = $this->parent->captured_values;
332 $ldap_l = new LDAP($cv['admin'],
333 $cv['password'],
334 $cv['connection'],
335 FALSE,
336 $cv['tls']);
338 $ldap = new ldapMultiplexer($ldap_l);
340 /* Get winstation ou */
341 if($cv['generic_settings']['wws_ou_active']) {
342 $winstation_ou = $cv['generic_settings']['wws_ou'];
343 }else{
344 $winstation_ou = "ou=winstations";
345 }
347 if($cv['samba_version'] == 3){
348 $oc = "sambaSamAccount";
349 }else{
350 $oc = "sambaAccount";
351 }
353 $ldap->cd($cv['base']);
354 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
355 if(!$res){
356 $this->checks['outside_winstations']['STATUS'] = FALSE;
357 $this->checks['outside_winstations']['STATUS_MSG']= _("LDAP query failed");
358 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
359 return(false);
360 }
362 $this->outside_winstations = array();
363 while($attrs = $ldap->fetch()){
364 if((!preg_match("/^[^,]+,".preg_quote($winstation_ou, '/')."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
365 $attrs['selected'] = FALSE;
366 $attrs['ldif'] = "";
367 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
368 }
369 }
371 if(count($this->outside_winstations)){
372 $this->checks['outside_winstations']['STATUS'] = FALSE;
373 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
374 $this->checks['outside_winstations']['ERROR_MSG'] =
375 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
376 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."...'>";
377 return(false);
378 }else{
379 $this->checks['outside_winstations']['STATUS'] = TRUE;
380 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
381 $this->checks['outside_winstations']['ERROR_MSG'] = "";
382 return(TRUE);
383 }
384 }
387 /* Search for groups outside the group ou
388 */
389 function search_outside_groups()
390 {
391 /* Establish ldap connection */
392 $cv = $this->parent->captured_values;
393 $ldap_l = new LDAP($cv['admin'],
394 $cv['password'],
395 $cv['connection'],
396 FALSE,
397 $cv['tls']);
399 $ldap = new ldapMultiplexer($ldap_l);
401 $group_ou = $cv['groupou'];
402 $ldap->cd($cv['base']);
404 /***********
405 * Get all gosaDepartments to be able to
406 * validate correct ldap tree position of every single user
407 ***********/
408 $valid_deps = array();
409 $valid_deps['/'] = $cv['base'];
410 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
411 while($attrs = $ldap->fetch()){
412 $valid_deps[] = $attrs['dn'];
413 }
415 /***********
416 * Get all groups
417 ***********/
418 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
419 if(!$res){
420 $this->checks['outside_groups']['STATUS'] = FALSE;
421 $this->checks['outside_groups']['STATUS_MSG']= _("LDAP query failed");
422 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
423 return(false);
424 }
426 $this->outside_groups = array();
427 $this->groups_list = array();;
428 while($attrs = $ldap->fetch()){
429 $group_db_base = preg_replace("/^[^,]+,".preg_quote($group_ou, '/')."+,/i","",$attrs['dn']);
431 /* Check if entry is not an addressbook only user
432 * and verify that he is in a valid department
433 */
434 if( !preg_match("/".preg_quote("dc=addressbook,", '/')."/",$group_db_base) &&
435 !in_array($group_db_base,$valid_deps)
436 ){
437 $attrs['selected'] = FALSE;
438 $attrs['ldif'] = "";
439 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
440 }
441 $this->group_list[] = $attrs['dn'];
442 }
444 if(count($this->outside_groups)){
445 $this->checks['outside_groups']['STATUS'] = FALSE;
446 $this->checks['outside_groups']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
447 $this->checks['outside_groups']['ERROR_MSG'] =
448 sprintf(_("Found %s groups outside the configured tree '%s'."),count($this->outside_groups),$group_ou);
449 $this->checks['outside_groups']['ERROR_MSG'].= " <input type='submit' name='outside_groups_dialog' value='"._("Move")."...'>";
450 return(false);
451 }else{
452 $this->checks['outside_groups']['STATUS'] = TRUE;
453 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
454 $this->checks['outside_groups']['ERROR_MSG'] = "";
455 return(TRUE);
456 }
457 }
459 /* Search for users outside the people ou
460 */
461 function search_outside_users()
462 {
463 /* Establish ldap connection */
464 $cv = $this->parent->captured_values;
465 $ldap_l = new LDAP($cv['admin'],
466 $cv['password'],
467 $cv['connection'],
468 FALSE,
469 $cv['tls']);
471 $ldap = new ldapMultiplexer($ldap_l);
472 $ldap->cd($cv['base']);
475 /***********
476 * Get all gosaDepartments to be able to
477 * validate correct ldap tree position of every single user
478 ***********/
479 $valid_deps = array();
480 $valid_deps['/'] = $cv['base'];
481 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
482 while($attrs = $ldap->fetch()){
483 $valid_deps[] = $attrs['dn'];
484 }
486 /***********
487 * Search for all users
488 ***********/
489 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
490 if(!$res){
491 $this->checks['outside_users']['STATUS'] = FALSE;
492 $this->checks['outside_users']['STATUS_MSG']= _("LDAP query failed");
493 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
494 return(false);
495 }
497 /***********
498 * Check if returned users are within a valid GOsa deparmtment. (peopleou,gosaDepartment,base)
499 ***********/
500 $this->outside_users = array();
501 $people_ou = trim($cv['peopleou']);
502 if(!empty($people_ou)){
503 $people_ou = $people_ou.",";
504 }
506 while($attrs = $ldap->fetch()){
507 $people_db_base = preg_replace("/^[^,]+,".preg_quote($people_ou, '/')."/i","",$attrs['dn']);
509 /* Check if entry is not an addressbook only user
510 * and verify that he is in a valid department
511 */
512 if( !preg_match("/dc=addressbook,/",$people_db_base) &&
513 !in_array($people_db_base,$valid_deps)
514 ){
515 $attrs['selected'] = FALSE;
516 $attrs['ldif'] = "";
517 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
518 }
519 }
521 if(count($this->outside_users)){
522 $this->checks['outside_users']['STATUS'] = FALSE;
523 $this->checks['outside_users']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
524 $this->checks['outside_users']['ERROR_MSG'] =
525 sprintf(_("Found %s user(s) outside the configured tree '%s'."),count($this->outside_users),$people_ou);
526 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Move")."...'>";
527 return(false);
528 }else{
529 $this->checks['outside_users']['STATUS'] = TRUE;
530 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
531 $this->checks['outside_users']['ERROR_MSG'] = "";
532 return(TRUE);
533 }
534 }
537 /* Check ldap accessibility
538 * Create and remove a dummy object,
539 * to ensure that we have the necessary permissions
540 */
541 function check_ldap_permissions()
542 {
543 /* Establish ldap connection */
544 $cv = $this->parent->captured_values;
545 $ldap_l = new LDAP($cv['admin'],
546 $cv['password'],
547 $cv['connection'],
548 FALSE,
549 $cv['tls']);
551 $ldap = new ldapMultiplexer($ldap_l);
553 /* Create dummy entry
554 */
555 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
556 $dn = "ou=".$name.",".$cv['base'];
557 $testEntry= array();
558 $testEntry['objectClass'][]= "top";
559 $testEntry['objectClass'][]= "organizationalUnit";
560 $testEntry['objectClass'][]= "gosaDepartment";
561 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
562 $testEntry['ou'] = $name;
564 /* check if simple ldap cat will be successful
565 */
566 $res = $ldap->cat($cv['base']);
567 if(!$res){
568 $this->checks['permissions']['STATUS'] = FALSE;
569 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
570 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
571 return(false);
572 }
574 /* Try to create dummy object
575 */
576 $ldap->cd ($dn);
577 $res = $ldap->add($testEntry);
578 $ldap->cat($dn);
579 if(!$ldap->count()){
580 new log("view","setup/".get_class($this),$dn,array(),$ldap->get_error());
582 $this->checks['permissions']['STATUS'] = FALSE;
583 $this->checks['permissions']['STATUS_MSG']= _("Failed");
584 $this->checks['permissions']['ERROR_MSG'] =
585 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
586 return(false);
587 }
589 /* Try to remove created entry
590 */
591 $res = $ldap->rmDir($dn);
592 $ldap->cat($dn);
593 if($ldap->count()){
594 new log("view","setup/".get_class($this),$dn,array(),$ldap->get_error());
595 $this->checks['permissions']['STATUS'] = FALSE;
596 $this->checks['permissions']['STATUS_MSG']= _("Failed");
597 $this->checks['permissions']['ERROR_MSG'] =
598 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
599 return(false);
600 }
602 /* Create & remove of dummy object was successful */
603 $this->checks['permissions']['STATUS'] = TRUE;
604 $this->checks['permissions']['STATUS_MSG']= _("Ok");
605 $this->checks['permissions']['ERROR_MSG'] = "";
606 return(true);
607 }
610 /* Check if there are users which will
611 * be invisible for GOsa
612 */
613 function check_gosaAccounts()
614 {
615 /* Remember old list of ivisible users, to be able to set
616 * the 'html checked' status for the checkboxes again
617 */
618 $cnt_ok = 0;
619 $old = $this->users_to_migrate;
620 $this->users_to_migrate = array();
622 /* Establish ldap connection */
623 $cv = $this->parent->captured_values;
624 $ldap_l = new LDAP($cv['admin'],
625 $cv['password'],
626 $cv['connection'],
627 FALSE,
628 $cv['tls']);
630 $ldap = new ldapMultiplexer($ldap_l);
632 /* Get all invisible users
633 */
634 $ldap->cd($cv['base']);
635 $res =$ldap->search("(&(|(objectClass=posixAccount)(&(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))(!(objectClass=gosaAccount))(uid=*))",array("sn","givenName","cn","uid"));
636 while($attrs = $ldap->fetch()){
637 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
638 $attrs['checked'] = FALSE;
639 $attrs['before'] = "";
640 $attrs['after'] = "";
642 /* Set objects to selected, that were selected before reload */
643 if(isset($old[base64_encode($attrs['dn'])])){
644 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
645 }
646 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
647 }
648 }
650 /* No invisible */
651 if(!$res){
652 $this->checks['users_visible']['STATUS'] = FALSE;
653 $this->checks['users_visible']['STATUS_MSG']= _("LDAP query failed");
654 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
655 }elseif(count($this->users_to_migrate) == 0){
656 $this->checks['users_visible']['STATUS'] = TRUE;
657 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
658 $this->checks['users_visible']['ERROR_MSG'] = "";
659 }else{
660 $this->checks['users_visible']['STATUS'] = FALSE;
661 $this->checks['users_visible']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
662 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s user(s) that will not be visible in GOsa."),
663 count($this->users_to_migrate));
664 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."...'>";
665 }
666 }
669 /* Start user account migration
670 */
671 function migrate_gosaAccounts($only_ldif = FALSE)
672 {
673 $this->show_details= $only_ldif;
675 /* Establish ldap connection */
676 $cv = $this->parent->captured_values;
677 $ldap_l = new LDAP($cv['admin'],
678 $cv['password'],
679 $cv['connection'],
680 FALSE,
681 $cv['tls']);
683 $ldap = new ldapMultiplexer($ldap_l);
685 /* Add gosaAccount objectClass to the selected users
686 */
687 foreach($this->users_to_migrate as $key => $dep){
688 if($dep['checked']){
690 /* Get old objectClasses */
691 $ldap->cat($dep['dn'],array("objectClass"));
692 $attrs = $ldap->fetch();
694 /* Create new objectClass array */
695 $new_attrs = array();
696 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson","person");
697 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
698 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
699 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
700 }
701 }
703 /* Set info attributes for current object,
704 * or write changes to the ldap database
705 */
706 if($only_ldif){
707 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
708 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
709 }else{
710 $ldap->cd($attrs['dn']);
711 if(!$ldap->modify($new_attrs)){
712 msg_dialog::display(_("Migration error"), sprintf(_("Cannot migrate department '%s':")."<br><br><i>%s</i>",LDAP::fix($attrs['dn']),$ldap->get_error()), ERROR_DIALOG);
713 return(false);
714 }
715 }
716 }
717 }
718 return(TRUE);
719 }
722 /* Check if there are invisible organizational Units
723 */
724 function check_organizationalUnits()
725 {
726 $cnt_ok = 0;
727 $old = $this->deps_to_migrate;
728 $this->deps_to_migrate = array();
730 /* Establish ldap connection */
731 $cv = $this->parent->captured_values;
732 $ldap_l = new LDAP($cv['admin'],
733 $cv['password'],
734 $cv['connection'],
735 FALSE,
736 $cv['tls']);
738 $ldap = new ldapMultiplexer($ldap_l);
740 /* Skip GOsa internal departments */
741 $skip_dns = array("/".$cv['peopleou']."/","/".$cv['groupou']."/","/^ou=people,/","/^ou=groups,/","/^ou=sudoers,/",
742 "/(,|)ou=configs,/","/(,|)ou=systems,/",
743 "/(,|)ou=apps,/","/(,|)ou=mime,/","/(,|)ou=devices/","/^ou=aclroles,/","/^ou=incoming,/",
744 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
745 "/(,|)ou=winstations,/");
747 /* Get all invisible departments */
748 $ldap->cd($cv['base']);
749 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
750 while($attrs = $ldap->fetch()){
751 $attrs['checked'] = FALSE;
752 $attrs['before'] = "";
753 $attrs['after'] = "";
755 /* Set objects to selected, that were selected before reload */
756 if(isset($old[base64_encode($attrs['dn'])])){
757 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
758 }
759 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
760 }
762 /* Filter returned list of departments and ensure that
763 * GOsa internal departments will not be listed
764 */
765 foreach($this->deps_to_migrate as $key => $attrs){
766 $dn = $attrs['dn'];
767 $skip = false;;
769 /* Check if this object is an application release object
770 e.g. groups-> application menus.
771 */
772 if(preg_match("/^.*,[ ]*cn=/",$dn)){
773 $cn_dn = preg_replace("/^.*,[ ]*cn=/","cn=",$dn);
774 if(in_array($cn_dn,$this->group_list)){
775 $skip = true;
776 }
777 }
779 foreach($skip_dns as $skip_dn){
780 if(preg_match($skip_dn,$dn)){
781 $skip = true;
782 }
783 }
784 if($skip){
785 unset($this->deps_to_migrate[$key]);
786 }
787 }
789 /* If we have no invisible departments found
790 * tell the user that everything is ok
791 */
792 if(!$res){
793 $this->checks['deps_visible']['STATUS'] = FALSE;
794 $this->checks['deps_visible']['STATUS_MSG']= _("LDAP query failed");
795 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
796 }elseif(count($this->deps_to_migrate) == 0 ){
797 $this->checks['deps_visible']['STATUS'] = TRUE;
798 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
799 $this->checks['deps_visible']['ERROR_MSG'] = "";
800 }else{
801 $this->checks['deps_visible']['STATUS'] = TRUE;
802 $this->checks['deps_visible']['STATUS_MSG']= '<font style="color:#FFA500">'._("Warning").'</font>';
803 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s department(s) that will not be visible in GOsa."),count($this->deps_to_migrate));
804 $this->checks['deps_visible']['ERROR_MSG'] .= " <input type='submit' name='deps_visible_migrate' value='"._("Migrate")."...'>";
805 }
806 }
810 /* Start deparmtment migration */
811 function migrate_organizationalUnits($only_ldif = FALSE)
812 {
813 $this->show_details= $only_ldif;
815 /* Establish ldap connection */
816 $cv = $this->parent->captured_values;
817 $ldap_l = new LDAP($cv['admin'],
818 $cv['password'],
819 $cv['connection'],
820 FALSE,
821 $cv['tls']);
823 $ldap = new ldapMultiplexer($ldap_l);
825 /* Add gosaDepartment objectClass to each selected entry
826 */
827 foreach($this->deps_to_migrate as $key => $dep){
828 if($dep['checked']){
830 /* Get current objectClasses */
831 $ldap->cat($dep['dn'],array("objectClass","description"));
832 $attrs = $ldap->fetch();
834 /* Create new objectClass attribute including gosaDepartment*/
835 $new_attrs = array();
836 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
837 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
838 }
839 $new_attrs['objectClass'][] = "gosaDepartment";
841 /* Append description it is missing */
842 if(!isset($attrs['description'])){
843 $new_attrs['description'][] = "GOsa department";
844 }
846 /* Depending on the parameter >only_diff< we save the changes as ldif
847 * or we write our changes directly to the ldap database
848 */
849 if($only_ldif){
850 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
851 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
852 }else{
853 $ldap->cd($attrs['dn']);
854 if(!$ldap->modify($new_attrs)){
855 msg_dialog::display(_("Migration error"), sprintf(_("Cannot migrate department '%s':")."<br><br><i>%s</i>",LDAP::fix($attrs['dn']), $ldap->get_error()), ERROR_DIALOG);
856 return(false);
857 }
858 }
859 }
860 }
861 return(TRUE);
862 }
865 /* Check Acls if there is at least one object with acls defined
866 */
867 function check_administrativeAccount()
868 {
869 /* Reset settings
870 */
871 $GOsa_26_found = FALSE;
872 $this->migrate_users = array();
873 $this->acl_migrate_dialog = FALSE;
874 $this->migrate_acl_base_entry = "";
876 /* Establish ldap connection */
877 $cv = $this->parent->captured_values;
878 $ldap_l = new LDAP($cv['admin'],
879 $cv['password'],
880 $cv['connection'],
881 FALSE,
882 $cv['tls']);
884 $ldap = new ldapMultiplexer($ldap_l);
885 $ldap->cd($cv['base']);
886 $res = $ldap->cat($cv['base']);
888 if(!$res){
889 $this->checks['acls']['STATUS'] = FALSE;
890 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
891 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
892 }else{
893 $GOsa_26_found = false; // GOsa 2.6 Account found
894 $GOsa_25_found = false; // GOsa 2.5 Account found, allow migration
896 $username = "";
897 $attrs = $ldap->fetch();
899 /* Collect a list of available GOsa users and groups
900 */
901 $users = array();
902 $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)".
903 "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn"));
904 while($user_attrs = $ldap->fetch()){
905 $users[$user_attrs['dn']] = $user_attrs['uid'][0];
906 $rusers[$user_attrs['uid'][0]] = $user_attrs['dn'];
907 }
908 $groups = array();
909 $ldap->search("objectClass=posixGroup",array("cn","dn"));
910 while($group_attrs = $ldap->fetch()){
911 $groups[$group_attrs['dn']] = $group_attrs['cn'][0];
912 }
914 /* Check if a valid GOsa 2.6 admin exists
915 -> gosaAclEntry for an existing and accessible user.
916 */
917 $valid_users = "";
918 $valid_groups = "";
919 if(isset($attrs['gosaAclEntry'])){
920 $acls = $attrs['gosaAclEntry'];
921 for($i = 0 ; $i < $acls['count'] ; $i++){
922 $acl = $acls[$i];
923 $tmp = explode(":",$acl);
925 if($tmp[1] == "psub"){
926 $members = explode(",",$tmp[2]);
927 foreach($members as $member){
928 $member = base64_decode($member);
929 if(isset($users[$member])){
930 if(preg_match("/all;cmdrw/i",$tmp[3])){
931 $valid_users .= $users[$member].", ";
932 $GOsa_26_found = TRUE;
933 }
934 }
935 if(isset($groups[$member])){
936 if(preg_match("/all;cmdrw/i",$tmp[3])){
937 $ldap->cat($member);
938 $group_attrs = $ldap->fetch();
939 $val_users = "";
940 if(isset($group_attrs['memberUid'])){
941 for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){
942 if(isset($rusers[$group_attrs['memberUid'][$e]])){
943 $val_users .= $group_attrs['memberUid'][$e].", ";
944 }
945 }
946 }
947 if(!empty($val_users)){
948 $valid_groups .= $groups[$member]."(<i>".trim($val_users,", ")."</i>), ";
949 $GOsa_26_found = TRUE;
950 }
951 }
952 }
953 }
954 }elseif($tmp[1] == "role"){
956 /* Check if acl owner is a valid GOsa user account */
957 $ldap->cat(base64_decode($tmp[2]),array("gosaAclTemplate"));
958 $ret = $ldap->fetch();
960 if(isset($ret['gosaAclTemplate'])){
961 $cnt = $ret['gosaAclTemplate']['count'];
962 for($e = 0 ; $e < $cnt ; $e++){
964 $a_str = $ret['gosaAclTemplate'][$e];
965 if(preg_match("/^[0-9]*:psub:/",$a_str) && preg_match("/:all;cmdrw$/",$a_str)){
967 $members = explode(",",$tmp[3]);
968 foreach($members as $member){
969 $member = base64_decode($member);
971 if(isset($users[$member])){
972 $valid_users .= $users[$member].", ";
973 $GOsa_26_found = TRUE;
974 }
975 if(isset($groups[$member])){
976 $ldap->cat($member);
977 $group_attrs = $ldap->fetch();
978 $val_users = "";
979 if(isset($group_attrs['memberUid'])){
980 for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){
981 if(isset($rusers[$group_attrs['memberUid'][$e]])){
982 $val_users .= $group_attrs['memberUid'][$e].", ";
983 }
984 }
985 }
986 if(!empty($val_users)){
987 $valid_groups .= $groups[$member]."(<i>".trim($val_users,", ")."</i>), ";
988 $GOsa_26_found = TRUE;
989 }
990 }
991 }
992 }
993 }
994 }
995 }
996 }
997 }
999 /* Try to find an old GOsa 2.5 administrative account that may be migrated
1000 */
1001 if(!$GOsa_26_found){
1002 $valid_users = "";
1003 $valid_groups = "";
1004 $ldap->cd($cv['base']);
1005 $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
1006 while($p_group = $ldap->fetch()){
1007 $val_users = "";
1008 for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){
1009 $user = $p_group['memberUid'][$e];
1010 if(isset($rusers[$user])){
1011 $val_users .= $user.", ";
1012 }
1013 }
1014 if(!empty($val_users)){
1015 $valid_groups .= $groups[$p_group['dn']]."(<i>".trim($val_users,", ")."</i>), ";
1016 $GOsa_25_found = TRUE;
1017 }
1018 }
1019 }
1022 /* Print out results
1023 */
1024 if($GOsa_25_found){
1025 $str = "";
1026 if(!empty($valid_groups)){
1027 $str.= "<i>".sprintf(_("GOsa 2.5 administrative accounts found: %s"),trim($valid_groups,", "))."</i><br>";
1028 }
1029 $this->checks['acls']['STATUS'] = FALSE;
1030 $this->checks['acls']['STATUS_MSG']= _("Failed");
1031 $this->checks['acls']['ERROR_MSG'] = $str;
1032 $this->checks['acls']['ERROR_MSG'].= _("There is no valid GOsa 2.6 administrator account inside your LDAP.")." ";
1033 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='migrate_acls' value='"._("Migrate")."'>";
1034 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
1035 }elseif($GOsa_26_found){
1036 $str = "";
1037 if(!empty($valid_users)){
1038 $str.= "<b>"._("Users")."</b>: ".trim($valid_users,", ")."<br>";
1039 }
1040 if(!empty($valid_groups)){
1041 $str.= "<b>"._("Groups")."</b>: ".trim($valid_groups,", ")."<br>";
1042 }
1043 $this->checks['acls']['STATUS'] = TRUE;
1044 $this->checks['acls']['STATUS_MSG']= _("Ok");
1045 $this->checks['acls']['ERROR_MSG'] = $str;
1046 }else{
1047 $this->checks['acls']['STATUS'] = FALSE;
1048 $this->checks['acls']['STATUS_MSG']= _("Failed");
1049 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
1050 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
1051 }
1052 }
1054 // Reload base OC
1055 $this->checkBaseOC();
1056 return($GOsa_26_found);
1057 }
1061 function create_admin($only_ldif = FALSE)
1062 {
1063 /* Reset '' */
1064 $this->acl_create_changes="";
1066 /* Object that should receive admin acls */
1067 $dn = $this->acl_create_selected;
1069 /* Get collected configuration settings */
1070 $cv = $this->parent->captured_values;
1072 /* On first call check for rid/sid base */
1073 $ldap_l = new LDAP($cv['admin'],
1074 $cv['password'],
1075 $cv['connection'],
1076 FALSE,
1077 $cv['tls']);
1079 $ldap = new ldapMultiplexer($ldap_l);
1081 /* Get current base attributes */
1082 $ldap->cd($cv['base']);
1083 $ldap->cat($cv['base'],array("dn","objectClass","gosaAclEntry"));
1084 $attrs = $ldap->fetch();
1086 /* Add acls for the selcted user to the base */
1087 $attrs_new = array();
1088 $attrs_new['objectClass'] = array("gosaACL");
1090 for($i = 0; $i < $attrs['objectClass']['count']; $i ++){
1091 if(!in_array_ics($attrs['objectClass'][$i],$attrs_new['objectClass'])){
1092 $attrs_new['objectClass'][] = $attrs['objectClass'][$i];
1093 }
1094 }
1096 $acl = "0:psub:".base64_encode($dn).":all;cmdrw";
1097 $attrs_new['gosaAclEntry'][] = $acl;
1098 if(isset($attrs['gosaAclEntry'])){
1099 for($i = 0 ; $i < $attrs['gosaAclEntry']['count']; $i ++){
1101 $prio = preg_replace("/[:].*$/","",$attrs['gosaAclEntry'][$i]);
1102 $rest = preg_replace("/^[^:]/","",$attrs['gosaAclEntry'][$i]);
1104 $data = ($prio+1).$rest;
1105 $attrs_new['gosaAclEntry'][] = $data;
1106 }
1107 }
1109 if($only_ldif){
1110 $this->acl_create_changes ="\n".($ldap->fix($cv['base']))."\n";
1111 $this->acl_create_changes.=$this->array_to_ldif($attrs)."\n";
1112 $this->acl_create_changes.="\n".($ldap->fix($cv['base']))."\n";
1113 $this->acl_create_changes.=$this->array_to_ldif($attrs_new);
1114 }else{
1116 $ldap->cd($cv['base']);
1117 if(!$ldap->modify($attrs_new)){
1118 msg_dialog::display(_("Migration error"), sprintf(_("Cannot add ACL for user '%s':")."<br><br><i>%s</i>", LDAP::fix($dn), $ldap->get_error()), ERROR_DIALOG);
1119 return(FALSE);
1120 }else{
1121 return(TRUE);
1122 }
1123 }
1124 }
1127 function create_admin_user()
1128 {
1129 $pw1 = $pw2 = "";
1130 $uid = "";
1132 /* On first call check for rid/sid base */
1133 $cv = $this->parent->captured_values;
1134 $ldap_l = new LDAP($cv['admin'],
1135 $cv['password'],
1136 $cv['connection'],
1137 FALSE,
1138 $cv['tls']);
1140 $ldap = new ldapMultiplexer($ldap_l);
1142 if(isset($_POST['new_user_uid'])){
1143 $uid = $_POST['new_user_uid'];
1144 }
1145 if(isset($_POST['new_user_password'])){
1146 $pw1 = $_POST['new_user_password'];
1147 }
1148 if(isset($_POST['new_user_password2'])){
1149 $pw2 = $_POST['new_user_password2'];
1150 }
1153 $ldap->cd($cv['base']);
1154 $ldap->search("(uid=".$uid.")");
1155 if($ldap->count()){
1156 msg_dialog::display(_("Input error"),msgPool::duplicated(_("Uid")), ERROR_DIALOG);
1157 return false;
1158 }
1160 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
1161 msg_dialog::display(_("Password error"), _("Provided passwords do not match!"), ERROR_DIALOG);
1162 return false;
1163 }
1165 if(!tests::is_uid($uid) || empty($uid)){
1166 msg_dialog::display(_("Input error"), _("Specify a valid user ID!"), ERROR_DIALOG);
1167 return false;
1168 }
1171 /* Get current base attributes */
1172 $ldap->cd($cv['base']);
1174 $people_ou = trim($cv['peopleou']);
1175 if(!empty($people_ou)){
1176 $people_ou = trim($people_ou).",";
1177 }
1179 if($cv['peopledn'] == "cn"){
1180 $dn = "cn=System Administrator-".$uid.",".$people_ou.$cv['base'];
1181 }else{
1182 $dn = "uid=".$uid.",".$people_ou.$cv['base'];
1183 }
1185 $hash = passwordMethod::make_hash($pw2, $cv['encryption']);
1187 $new_user=array();
1188 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
1189 $new_user['givenName'] = "System";
1190 $new_user['sn'] = "Administrator";
1191 $new_user['cn'] = "System Administrator-".$uid;
1192 $new_user['uid'] = $uid;
1193 $new_user['userPassword'] = $hash;
1195 $ldap->cd($cv['base']);
1197 $ldap->cat($dn,array("dn"));
1198 if($ldap->count()){
1199 msg_dialog::display(_("Error"), sprintf(_("Adding an administrative user failed: object '%s' already exists!"), LDAP::fix($dn)), ERROR_DIALOG);
1200 return(FALSE);
1201 }
1203 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
1204 $ldap->cd($dn);
1205 $res = $ldap->add($new_user);
1206 $this->acl_create_selected = $dn;
1207 $this->create_admin();
1209 if(!$res){
1210 msg_dialog::display(_("LDAP error"), $ldap->get_error(), ERROR_DIALOG);
1211 return(FALSE);
1212 }
1214 $this->acl_create_dialog=FALSE;
1215 $this->check_administrativeAccount();
1216 return(TRUE);
1217 }
1220 function migrate_outside_winstations($perform = FALSE)
1221 {
1222 /* Establish ldap connection */
1223 $cv = $this->parent->captured_values;
1224 $ldap_l = new LDAP($cv['admin'],
1225 $cv['password'],
1226 $cv['connection'],
1227 FALSE,
1228 $cv['tls']);
1230 $ldap = new ldapMultiplexer($ldap_l);
1232 $ldap->cd($cv['base']);
1234 /* Check if there was a destination department posted */
1235 if(isset($_POST['move_winstation_to'])){
1236 $destination_dep = $_POST['move_winstation_to'];
1237 }else{
1238 msg_dialog::display(_("LDAP error"), _("Cannot move users to the requested department!"), ERROR_DIALOG);
1239 return(false);
1240 }
1242 foreach($this->outside_winstations as $b_dn => $data){
1243 $this->outside_winstations[$b_dn]['ldif'] ="";
1244 if($data['selected']){
1245 $dn = base64_decode($b_dn);
1246 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1247 if(!$perform){
1248 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".($ldap->fix($dn))."<br>"._("to").":<br>\t".($ldap->fix($d_dn));
1251 /* Check if there are references to this object */
1252 $ldap->search("(&(member=".LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1253 $refs = "";
1254 while($attrs = $ldap->fetch()){
1255 $ref_dn = $attrs['dn'];
1256 $refs .= "<br />\t".$ref_dn;
1257 }
1258 if(!empty($refs)){
1259 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1260 }
1262 }else{
1263 $this->move($dn,$d_dn);
1264 }
1265 }
1266 }
1267 }
1270 function migrate_outside_groups($perform = FALSE)
1271 {
1272 /* Establish ldap connection */
1273 $cv = $this->parent->captured_values;
1274 $ldap_l = new LDAP($cv['admin'],
1275 $cv['password'],
1276 $cv['connection'],
1277 FALSE,
1278 $cv['tls']);
1280 $ldap = new ldapMultiplexer($ldap_l);
1281 $ldap->cd($cv['base']);
1283 /* Check if there was a destination department posted */
1284 if(isset($_POST['move_group_to'])){
1285 $destination_dep = $_POST['move_group_to'];
1286 }else{
1287 msg_dialog::display(_("LDAP error"), _("Cannot move users to the requested department!"), ERROR_DIALOG);
1288 return(false);
1289 }
1291 foreach($this->outside_groups as $b_dn => $data){
1292 $this->outside_groups[$b_dn]['ldif'] ="";
1293 if($data['selected']){
1294 $dn = base64_decode($b_dn);
1295 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1296 if(!$perform){
1298 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".($ldap->fix($dn))."<br>"._("to").":<br>\t".($ldap->fix($d_dn));
1300 /* Check if there are references to this object */
1301 $ldap->search("(&(member=".LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1302 $refs = "";
1303 while($attrs = $ldap->fetch()){
1304 $ref_dn = $attrs['dn'];
1305 $refs .= "<br />\t".$ref_dn;
1306 }
1307 if(!empty($refs)){
1308 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1309 }
1311 }else{
1312 $this->move($dn,$d_dn);
1313 }
1314 }
1315 }
1316 }
1319 function migrate_outside_users($perform = FALSE)
1320 {
1321 /* Establish ldap connection */
1322 $cv = $this->parent->captured_values;
1323 $ldap_l = new LDAP($cv['admin'],
1324 $cv['password'],
1325 $cv['connection'],
1326 FALSE,
1327 $cv['tls']);
1329 $ldap = new ldapMultiplexer($ldap_l);
1330 $ldap->cd($cv['base']);
1332 /* Check if there was a destination department posted */
1333 if(isset($_POST['move_user_to'])){
1334 $destination_dep = $_POST['move_user_to'];
1335 }else{
1336 msg_dialog::display(_("LDAP error"), _("Cannot move users to the requested department!"), ERROR_DIALOG);
1337 return(false);
1338 }
1340 foreach($this->outside_users as $b_dn => $data){
1341 $this->outside_users[$b_dn]['ldif'] ="";
1342 if($data['selected']){
1343 $dn = base64_decode($b_dn);
1344 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1345 if(!$perform){
1346 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".($ldap->fix($dn))."<br>"._("to").":<br>\t".($ldap->fix($d_dn));
1348 /* Check if there are references to this object */
1349 $ldap->search("(&(member=".LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1350 $refs = "";
1351 while($attrs = $ldap->fetch()){
1352 $ref_dn = $attrs['dn'];
1353 $refs .= "<br />\t".$ref_dn;
1354 }
1355 if(!empty($refs)){
1356 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("The following references will be updated").":</i>".$refs;
1357 }
1359 }else{
1360 $this->move($dn,$d_dn);
1361 }
1362 }
1363 }
1364 }
1367 function execute()
1368 {
1369 /* Initialise checks if this is the first call */
1370 if(!$this->checks_initialised || isset($_POST['reload'])){
1371 $this->initialize_checks();
1372 $this->checks_initialised = TRUE;
1373 }
1375 /*************
1376 * Winstations outside the group ou
1377 *************/
1379 if(isset($_POST['outside_winstations_dialog_cancel'])){
1380 $this->outside_winstations_dialog = FALSE;
1381 $this->dialog = FALSE;
1382 $this->show_details = FALSE;
1383 }
1385 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1386 $this->migrate_outside_winstations(FALSE);
1387 }
1389 if(isset($_POST['outside_winstations_dialog_perform'])){
1390 $this->migrate_outside_winstations(TRUE);
1391 $this->search_outside_winstations();
1392 $this->dialog = FALSE;
1393 $this->show_details = FALSE;
1394 $this->outside_winstations_dialog = FALSE;
1395 }
1397 if(isset($_POST['outside_winstations_dialog'])){
1398 $this->outside_winstations_dialog = TRUE;
1399 $this->dialog = TRUE;
1400 }
1402 if($this->outside_winstations_dialog){
1404 /* Fix displayed dn syntax */
1405 $tmp = $this->outside_winstations;
1406 foreach($tmp as $key => $data){
1407 $tmp[$key]['dn'] = LDAP::fix($data['dn']);
1408 }
1410 $smarty = get_smarty();
1411 $smarty->assign("ous",$this->get_all_winstation_ous());
1412 $smarty->assign("method","outside_winstations");
1413 $smarty->assign("outside_winstations",$tmp);
1414 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1415 }
1416 /*************
1417 * Groups outside the group ou
1418 *************/
1420 if(isset($_POST['outside_groups_dialog_cancel'])){
1421 $this->outside_groups_dialog = FALSE;
1422 $this->show_details = FALSE;
1423 $this->dialog = FALSE;
1424 }
1426 if(isset($_POST['outside_groups_dialog_whats_done'])){
1427 $this->show_details= TRUE;
1428 $this->migrate_outside_groups(FALSE);
1429 }
1431 if(isset($_POST['outside_groups_dialog_refresh'])){
1432 $this->show_details= FALSE;
1433 }
1435 if(isset($_POST['outside_groups_dialog_perform'])){
1436 $this->migrate_outside_groups(TRUE);
1437 $this->dialog = FALSE;
1438 $this->show_details = FALSE;
1439 $this->outside_groups_dialog = FALSE;
1440 $this->initialize_checks();
1441 }
1443 if(isset($_POST['outside_groups_dialog'])){
1444 $this->outside_groups_dialog = TRUE;
1445 $this->dialog = TRUE;
1446 }
1448 if($this->outside_groups_dialog){
1450 /* Fix displayed dn syntax */
1451 $tmp = $this->outside_groups;
1452 foreach($tmp as $key => $data){
1453 $tmp[$key]['dn'] = LDAP::fix($data['dn']);
1454 }
1456 $smarty = get_smarty();
1457 $smarty->assign("ous",$this->get_all_group_ous());
1458 $smarty->assign("method","outside_groups");
1459 $smarty->assign("outside_groups",$tmp);
1460 $smarty->assign("group_details", $this->show_details);
1461 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1462 }
1464 /*************
1465 * User outside the people ou
1466 *************/
1468 if(isset($_POST['outside_users_dialog_cancel'])){
1469 $this->outside_users_dialog = FALSE;
1470 $this->dialog = FALSE;
1471 $this->show_details = FALSE;
1472 }
1474 if(isset($_POST['outside_users_dialog_whats_done'])){
1475 $this->show_details= TRUE;
1476 $this->migrate_outside_users(FALSE);
1477 }
1479 if(isset($_POST['outside_users_dialog_perform'])){
1480 $this->migrate_outside_users(TRUE);
1481 $this->initialize_checks();
1482 $this->dialog = FALSE;
1483 $this->show_details = FALSE;
1484 $this->outside_users_dialog = FALSE;
1485 }
1487 if (isset($_POST['outside_users_dialog_refresh'])){
1488 $this->show_details= FALSE;
1489 }
1491 if(isset($_POST['outside_users_dialog'])){
1492 $this->outside_users_dialog = TRUE;
1493 $this->dialog = TRUE;
1494 }
1496 if($this->outside_users_dialog){
1498 /* Fix displayed dn syntax */
1499 $tmp = $this->outside_users;
1500 foreach($tmp as $key => $data){
1501 $tmp[$key]['dn'] = LDAP::fix($data['dn']);
1502 }
1504 $smarty = get_smarty();
1505 $smarty->assign("ous",$this->get_all_people_ous());
1506 $smarty->assign("method","outside_users");
1507 $smarty->assign("outside_users",$tmp);
1508 $smarty->assign("user_details", $this->show_details);
1509 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1510 }
1512 /*************
1513 * Root object check
1514 *************/
1516 if(isset($_POST['retry_root_create'])){
1518 $state = $this->checks['root']['STATUS'];
1519 $this->checkBase(FALSE);
1520 if($state != $this->checks['root']['STATUS']){
1521 $this->initialize_checks();
1522 }
1523 }
1525 /*************
1526 * Root object class check
1527 *************/
1529 if(isset($_POST['root_add_objectclasses'])){
1530 $this->rootOC_migrate_dialog = TRUE;
1531 $this->dialog = TRUE;
1532 }
1533 if(isset($_POST['rootOC_dialog_cancel'])){
1534 $this->rootOC_migrate_dialog = FALSE;
1535 $this->dialog = FALSE;
1536 }
1537 if(isset($_POST['rootOC_migrate_start'])){
1538 if($this->checkBaseOC(FALSE)){
1539 $this->checkBaseOC(); // Update overview info
1540 $this->dialog = FALSE;
1541 $this->rootOC_migrate_dialog = FALSE;
1542 }
1543 }
1546 if($this->rootOC_migrate_dialog){
1547 $smarty = get_smarty();
1548 $smarty->assign("details",$this->rootOC_details);
1549 $smarty->assign("method","rootOC_migrate_dialog");
1550 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1551 }
1553 /*************
1554 * Administrative Account -- Migrate/Create
1555 *************/
1557 if(isset($_POST['retry_acls'])){
1558 $this->check_administrativeAccount();
1559 }
1561 /* Dialog handling */
1562 if(isset($_POST['create_acls'])){
1563 $this->acl_create_dialog = TRUE;
1564 $this->dialog = TRUE;
1565 }
1567 if(isset($_POST['migrate_acls'])){
1568 $this->acl_migrate_dialog = TRUE;
1569 $this->dialog = TRUE;
1570 }
1572 if(isset($_POST['create_acls_cancel']) || isset($_POST['migrate_acls_cancel'])){
1573 $this->acl_create_dialog = FALSE;
1574 $this->acl_migrate_dialog = FALSE;
1575 $this->dialog = FALSE;
1576 $this->show_details = FALSE;
1577 }
1579 /* Account creation */
1580 if(isset($_POST['create_acls_create'])){
1581 $this->create_admin(TRUE);
1582 }
1584 if(isset($_POST['create_admin_user'])){
1585 if($this->create_admin_user()){
1586 $this->dialog = FALSE;
1587 $this->show_details = FALSE;
1588 }
1589 }
1591 /* Add admin acls for the selected users to the ldap base.
1592 */
1593 if($this->acl_migrate_dialog && isset($_POST['migrate_admin_user'])){
1595 /* Update ldap and reload check infos
1596 */
1597 $this->migrate_selected_admin_users();
1598 $this->dialog = FALSE;
1599 $this->acl_migrate_dialog = FALSE;
1601 }elseif($this->acl_migrate_dialog){
1603 /* Display admin migration dialog.
1604 */
1605 $this->migrate_users();
1606 $smarty = get_smarty();
1608 /* Do we have to display the changes
1609 */
1610 $details = isset($_POST['details']) && $_POST['details'];
1611 if(isset($_POST['migrate_acls_show_changes'])){
1612 $details = TRUE;
1613 }elseif(isset($_POST['migrate_acls_hide_changes'])){
1614 $details = FALSE;
1615 }
1617 $smarty->assign("migrate_acl_base_entry", $this->migrate_acl_base_entry);
1618 $smarty->assign("details", $details);
1619 $smarty->assign("method","migrate_acls");
1620 $smarty->assign("migrateable_users",$this->migrate_users);
1621 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1622 }
1624 if($this->acl_create_dialog){
1625 $smarty = get_smarty();
1626 $uid = "admin";
1627 if(isset($_POST['new_user_uid'])){
1628 $uid = $_POST['new_user_uid'];
1629 }
1630 $smarty->assign("new_user_uid",$uid);
1631 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1632 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1633 $smarty->assign("method","create_acls");
1634 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1635 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1636 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1637 }
1639 /*************
1640 * User Migration handling
1641 *************/
1643 /* Refresh list of deparments */
1644 if(isset($_POST['users_visible_migrate_refresh'])){
1645 $this->check_gosaAccounts();
1646 }
1648 /* Open migration dialog */
1649 if(isset($_POST['users_visible_migrate'])){
1650 $this->show_details= FALSE;
1651 $this->users_migration_dialog = TRUE;
1652 $this->dialog =TRUE;
1653 }
1655 /* Close migration dialog */
1656 if(isset($_POST['users_visible_migrate_close'])){
1657 $this->users_migration_dialog = FALSE;
1658 $this->dialog =FALSE;
1659 $this->show_details = FALSE;
1660 }
1662 /* Start migration */
1663 if(isset($_POST['users_visible_migrate_migrate'])){
1664 if($this->migrate_gosaAccounts()){
1665 $this->initialize_checks();
1666 $this->dialog = FALSE;
1667 $this->show_details = FALSE;
1668 $this->users_migration_dialog = FALSE;
1669 }
1670 }
1672 /* Start migration */
1673 if(isset($_POST['users_visible_migrate_whatsdone'])){
1674 $this->migrate_gosaAccounts(TRUE);
1675 }
1677 /* Display migration dialog */
1678 if($this->users_migration_dialog){
1680 /* Fix displayed dn syntax */
1681 $tmp = $this->users_to_migrate;
1682 foreach($tmp as $key => $data){
1683 $tmp[$key]['dn'] = LDAP::fix($data['dn']);
1684 }
1686 $smarty = get_smarty();
1687 $smarty->assign("users_to_migrate",$tmp);
1688 $smarty->assign("method","migrate_users");
1689 $smarty->assign("user_details", $this->show_details);
1690 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1691 }
1694 /*************
1695 * Department Migration handling
1696 *************/
1698 /* Refresh list of deparments */
1699 if(isset($_POST['deps_visible_migrate_refresh'])){
1700 $this->check_organizationalUnits();
1701 $this->show_details= FALSE;
1702 }
1704 /* Open migration dialog */
1705 if(isset($_POST['deps_visible_migrate'])){
1706 $this->dep_migration_dialog = TRUE;
1707 $this->dialog =TRUE;
1708 }
1710 /* Close migration dialog */
1711 if(isset($_POST['deps_visible_migrate_close'])){
1712 $this->dep_migration_dialog = FALSE;
1713 $this->dialog =FALSE;
1714 $this->show_details = FALSE;
1715 }
1717 /* Start migration */
1718 if(isset($_POST['deps_visible_migrate_migrate'])){
1719 if($this->migrate_organizationalUnits()){
1720 $this->show_details= FALSE;
1721 $this->check_organizationalUnits();
1722 $this->dialog = FALSE;
1723 $this->dep_migration_dialog = FALSE;
1724 }
1725 }
1727 /* Start migration */
1728 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1729 $this->migrate_organizationalUnits(TRUE);
1730 }
1732 /* Display migration dialog */
1733 if($this->dep_migration_dialog){
1734 $smarty = get_smarty();
1736 /* Fix displayed dn syntax */
1737 $tmp = $this->deps_to_migrate;
1738 foreach($tmp as $key => $data){
1739 $tmp[$key]['dn'] = LDAP::fix($data['dn']);
1740 }
1742 $smarty->assign("deps_to_migrate",$tmp);
1743 $smarty->assign("method","migrate_deps");
1744 $smarty->assign("deps_details", $this->show_details);
1745 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1746 }
1749 /*************
1750 * Device migration
1751 *************/
1753 if($this->device_dialog) {
1754 $this->check_device_posts();
1755 }
1757 if(isset($_POST['device_dialog_cancel'])){
1758 $this->device_dialog = FALSE;
1759 $this->show_details = FALSE;
1760 $this->dialog = FALSE;
1761 }
1763 if(isset($_POST['device_dialog_whats_done'])){
1764 $this->show_details= TRUE;
1765 }
1767 if(isset($_POST['device_dialog_refresh'])){
1768 $this->show_details= FALSE;
1769 }
1771 if(isset($_POST['migrate_devices'])){
1772 $this->migrate_usb_devices();
1773 # $this->dialog = FALSE;
1774 # $this->show_details = FALSE;
1775 # $this->device_dialog = FALSE;
1776 # $this->initialize_checks();
1777 }
1779 if(isset($_POST['device_dialog'])){
1780 $this->device_dialog = TRUE;
1781 $this->dialog = TRUE;
1782 }
1784 if($this->device_dialog){
1785 $smarty = get_smarty();
1786 $smarty->assign("method","devices");
1787 $smarty->assign("devices",$this->device);
1788 $smarty->assign("device_details", $this->show_details);
1789 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1790 }
1793 /*************
1794 * Service migration
1795 *************/
1797 if($this->service_dialog) {
1798 $this->check_service_posts();
1799 }
1801 if(isset($_POST['service_dialog_cancel'])){
1802 $this->service_dialog = FALSE;
1803 $this->show_details = FALSE;
1804 $this->dialog = FALSE;
1805 }
1807 if(isset($_POST['service_dialog_whats_done'])){
1808 $this->show_details= TRUE;
1809 }
1811 if(isset($_POST['service_dialog_refresh'])){
1812 $this->show_details= FALSE;
1813 }
1815 if(isset($_POST['migrate_services'])){
1816 $this->migrate_services();
1817 # $this->dialog = FALSE;
1818 # $this->show_details = FALSE;
1819 # $this->service_dialog = FALSE;
1820 # $this->initialize_checks();
1821 }
1823 if(isset($_POST['service_dialog'])){
1824 $this->service_dialog = TRUE;
1825 $this->dialog = TRUE;
1826 }
1828 if($this->service_dialog){
1829 $smarty = get_smarty();
1830 $smarty->assign("method","services");
1831 $smarty->assign("services",$this->service);
1832 $smarty->assign("service_details", $this->show_details);
1833 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1834 }
1837 /*************
1838 * Menu migration
1839 *************/
1841 if($this->menu_dialog) {
1842 $this->check_menu_posts();
1843 }
1845 if(isset($_POST['menu_dialog_cancel'])){
1846 $this->menu_dialog = FALSE;
1847 $this->show_details = FALSE;
1848 $this->dialog = FALSE;
1849 }
1851 if(isset($_POST['menu_dialog_whats_done'])){
1852 $this->show_details= TRUE;
1853 }
1855 if(isset($_POST['menu_dialog_refresh'])){
1856 $this->show_details= FALSE;
1857 }
1859 if(isset($_POST['migrate_menus'])){
1860 $this->migrate_menus();
1861 # $this->dialog = FALSE;
1862 # $this->show_details = FALSE;
1863 # $this->menu_dialog = FALSE;
1864 # $this->initialize_checks();
1865 }
1867 if(isset($_POST['menu_dialog'])){
1868 $this->menu_dialog = TRUE;
1869 $this->dialog = TRUE;
1870 }
1872 if($this->menu_dialog){
1873 $smarty = get_smarty();
1874 $smarty->assign("method","menus");
1875 $smarty->assign("menus",$this->menu);
1876 $smarty->assign("menu_details", $this->show_details);
1877 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1878 }
1880 $smarty = get_smarty();
1881 $smarty->assign("checks",$this->checks);
1882 $smarty->assign("method","default");
1883 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1884 }
1887 function save_object()
1888 {
1889 $this->is_completed= TRUE;
1891 /* Capture all selected winstations from outside_winstations_dialog */
1892 if($this->outside_winstations_dialog){
1893 foreach($this->outside_winstations as $dn => $data){
1894 if(isset($_POST['select_winstation_'.$dn])){
1895 $this->outside_winstations[$dn]['selected'] = TRUE;
1896 }else{
1897 $this->outside_winstations[$dn]['selected'] = FALSE;
1898 }
1899 }
1900 }
1902 /* Capture all selected groups from outside_groups_dialog */
1903 if($this->outside_groups_dialog){
1904 foreach($this->outside_groups as $dn => $data){
1905 if(isset($_POST['select_group_'.$dn])){
1906 $this->outside_groups[$dn]['selected'] = TRUE;
1907 }else{
1908 $this->outside_groups[$dn]['selected'] = FALSE;
1909 }
1910 }
1911 }
1913 /* Capture all selected users from outside_users_dialog */
1914 if($this->outside_users_dialog){
1915 foreach($this->outside_users as $dn => $data){
1916 if(isset($_POST['select_user_'.$dn])){
1917 $this->outside_users[$dn]['selected'] = TRUE;
1918 }else{
1919 $this->outside_users[$dn]['selected'] = FALSE;
1920 }
1921 }
1922 }
1924 /* Get "create acl" dialog posts */
1925 if($this->acl_create_dialog){
1927 if(isset($_POST['create_acls_create_abort'])){
1928 $this->acl_create_selected = "";
1929 }
1930 }
1932 /* Get selected departments */
1933 if($this->dep_migration_dialog){
1934 foreach($this->deps_to_migrate as $id => $data){
1935 if(isset($_POST['migrate_'.$id])){
1936 $this->deps_to_migrate[$id]['checked'] = TRUE;
1937 }else{
1938 $this->deps_to_migrate[$id]['checked'] = FALSE;
1939 }
1940 }
1941 }
1943 /* Get selected users */
1944 if($this->users_migration_dialog){
1945 foreach($this->users_to_migrate as $id => $data){
1946 if(isset($_POST['migrate_'.$id])){
1947 $this->users_to_migrate[$id]['checked'] = TRUE;
1948 }else{
1949 $this->users_to_migrate[$id]['checked'] = FALSE;
1950 }
1951 }
1952 }
1953 }
1956 /* Check if the root object exists.
1957 * If the parameter just_check is true, then just check if the
1958 * root object is missing and update the info messages.
1959 * If the Parameter is false, try to create a new root object.
1960 */
1961 function checkBase($just_check = TRUE)
1962 {
1963 /* Establish ldap connection */
1964 $cv = $this->parent->captured_values;
1965 $ldap_l = new LDAP($cv['admin'],
1966 $cv['password'],
1967 $cv['connection'],
1968 FALSE,
1969 $cv['tls']);
1971 $ldap = new ldapMultiplexer($ldap_l);
1973 /* Check if root object exists */
1974 $ldap->cd($cv['base']);
1975 $ldap->set_size_limit(1);
1976 $res = $ldap->search("(objectClass=*)");
1977 $ldap->set_size_limit(0);
1978 $err = ldap_errno($ldap->cid);
1980 if( !$res ||
1981 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1982 $err == 0x40) { # LDAP_NAMING_VIOLATION
1984 /* Root object doesn't exists
1985 */
1986 if($just_check){
1987 $this->checks['root']['STATUS'] = FALSE;
1988 $this->checks['root']['STATUS_MSG']= _("Failed");
1989 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
1990 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1991 return(FALSE);
1992 }else{
1994 /* Add root object */
1995 $ldap->cd($cv['base']);
1996 $res = $ldap->create_missing_trees($cv['base']);
1998 /* If adding failed, tell the user */
1999 if(!$res){
2000 $this->checks['root']['STATUS'] = FALSE;
2001 $this->checks['root']['STATUS_MSG']= _("Failed");
2002 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
2003 $this->checks['root']['ERROR_MSG'].= " <input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
2004 return($res);;
2005 }
2006 }
2007 }
2009 /* Create & remove of dummy object was successful */
2010 $this->checks['root']['STATUS'] = TRUE;
2011 $this->checks['root']['STATUS_MSG']= _("Ok");
2012 }
2015 /* Check if the root object includes the required object classes, e.g. gosaDepartment is required for ACLs.
2016 * If the parameter just_check is true, then just check for the OCs.
2017 * If the Parameter is false, try to add the required object classes.
2018 */
2019 function checkBaseOC($just_check = TRUE)
2020 {
2021 /* Establish ldap connection */
2022 $cv = $this->parent->captured_values;
2023 $ldap_l = new LDAP($cv['admin'],
2024 $cv['password'],
2025 $cv['connection'],
2026 FALSE,
2027 $cv['tls']);
2029 $ldap = new ldapMultiplexer($ldap_l);
2031 /* Check if root object exists */
2032 $ldap->cd($cv['base']);
2033 $ldap->cat($cv['base']);
2034 if(!$ldap->count()){
2035 $this->checks['rootOC']['STATUS'] = FALSE;
2036 $this->checks['rootOC']['STATUS_MSG']= _("LDAP query failed");
2037 $this->checks['rootOC']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
2038 return;
2039 }
2041 $attrs = $ldap->fetch();
2043 /* Root object doesn't exists
2044 */
2045 if(!in_array("gosaDepartment",$attrs['objectClass'])){
2046 if($just_check){
2048 $this->rootOC_details = array();
2049 $mods = array();
2051 /* Get list of possible container objects, to be able to detect naming
2052 * attributes and missing attribute types.
2053 */
2054 if(!class_available("departmentManagement")){
2055 $this->checks['rootOC']['STATUS'] = FALSE;
2056 $this->checks['rootOC']['STATUS_MSG']= _("Failed");
2057 $this->checks['rootOC']['ERROR_MSG'] = sprintf(_("Missing GOsa object class '%s'!"),"departmentManagement").
2058 " "._("Please check your installation.");
2059 return;
2060 }
2062 /* Try to detect base class type, e.g. is it a dcObject.
2063 */
2064 $dep_types = departmentManagement::get_support_departments();
2065 $dep_type ="";
2066 foreach($dep_types as $dep_name => $dep_class){
2067 if(in_array($dep_class['CLASS'], $attrs['objectClass'])){
2068 $dep_type = $dep_name;
2069 break;
2070 }
2071 }
2073 /* If no known base class was detect, abort with message
2074 */
2075 if(empty($dep_type)){
2076 $this->checks['rootOC']['STATUS'] = FALSE;
2077 $this->checks['rootOC']['STATUS_MSG']= _("Failed");
2078 $this->checks['rootOC']['ERROR_MSG'] =
2079 sprintf(_("Cannot handle the structural object type of your root object. Please try to add the object class '%s' manually."),"gosaDepartment");
2080 return;
2081 }
2083 /* Create 'current' and 'target' object properties, to be able to display
2084 * a set of modifications required to create a valid GOsa department.
2085 */
2086 $str = "dn: ".$cv['base']."\n";
2087 for($i = 0 ; $i<$attrs['objectClass']['count'];$i++){
2088 $str .= "objectClass: ".$attrs['objectClass'][$i]."\n";
2089 }
2090 $this->rootOC_details['current'] = $str;
2092 /* Create target infos
2093 */
2094 $str = "dn: ".$cv['base']."\n";
2095 for($i = 0 ; $i<$attrs['objectClass']['count'];$i++){
2096 $str .= "objectClass: ".$attrs['objectClass'][$i]."\n";
2097 $mods['objectClass'][] = $attrs['objectClass'][$i];
2098 }
2099 $mods['objectClass'][] = "gosaDepartment";
2100 $str .= "<b>objectClass: gosaDepartment</b>\n";
2102 /* Append attribute 'ou', it is required by gosaDepartment
2103 */
2104 if(!isset($attrs['ou'])){
2105 $val = "GOsa";
2106 if(isset($attrs[$dep_types[$dep_type]['ATTR']][0])){
2107 $val = $attrs[$dep_types[$dep_type]['ATTR']][0];
2108 }
2109 $str .= "<b>ou: ".$val."</b>\n";
2110 $mods['ou'] =$val;
2111 }
2113 /*Append description, it is required by gosaDepartment too.
2114 */
2115 if(!isset($attrs['description'])){
2116 $val = "GOsa";
2117 if(isset($attrs[$dep_types[$dep_type]['ATTR']][0])){
2118 $val = $attrs[$dep_types[$dep_type]['ATTR']][0];
2119 }
2120 $str .= "<b>description: ".$val."</b>\n";
2121 $mods['description'] = $val;
2122 }
2123 $this->rootOC_details['target'] = $str;
2124 $this->rootOC_details['mods'] = $mods;
2126 /* Add button that allows to open the migration details
2127 */
2128 $this->checks['rootOC']['STATUS'] = FALSE;
2129 $this->checks['rootOC']['STATUS_MSG']= _("Failed");
2130 $this->checks['rootOC']['ERROR_MSG'] = " <input type='submit'
2131 name='root_add_objectclasses' value='"._("Migrate")."'>";
2133 return(FALSE);
2134 }else{
2136 /* Add root object */
2137 $ldap->cd($cv['base']);
2138 if(isset($this->rootOC_details['mods'])){
2139 $res = $ldap->modify($this->rootOC_details['mods']);
2140 if(!$res){
2141 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $cv['base'], LDAP_MOD, get_class()));
2142 }
2143 $this->checkBaseOC();
2144 $this->check_administrativeAccount();
2145 return($res);
2146 }else{
2147 trigger_error("No modifications to make... ");
2148 }
2149 }
2150 return(TRUE);
2151 }
2153 /* Create & remove of dummy object was successful */
2154 $this->checks['rootOC']['STATUS'] = TRUE;
2155 $this->checks['rootOC']['STATUS_MSG']= _("Ok");
2156 $this->checks['rootOC']['ERROR_MSG'] = "";
2157 }
2160 /* Return ldif information for a
2161 * given attribute array
2162 */
2163 function array_to_ldif($atts)
2164 {
2165 $ret = "";
2166 unset($atts['count']);
2167 unset($atts['dn']);
2168 foreach($atts as $name => $value){
2169 if(is_numeric($name)) {
2170 continue;
2171 }
2172 if(is_array($value)){
2173 unset($value['count']);
2174 foreach($value as $a_val){
2175 $ret .= $name.": ". $a_val."\n";
2176 }
2177 }else{
2178 $ret .= $name.": ". $value."\n";
2179 }
2180 }
2181 return(preg_replace("/\n$/","",$ret));
2182 }
2185 function get_user_list()
2186 {
2187 /* Establish ldap connection */
2188 $cv = $this->parent->captured_values;
2189 $ldap_l = new LDAP($cv['admin'],
2190 $cv['password'],
2191 $cv['connection'],
2192 FALSE,
2193 $cv['tls']);
2195 $ldap = new ldapMultiplexer($ldap_l);
2196 $ldap->cd($cv['base']);
2197 $ldap->search("(objectClass=gosaAccount)",array("dn"));
2199 $tmp = array();
2200 while($attrs = $ldap->fetch()){
2201 $tmp[base64_encode($attrs['dn'])] = LDAP::fix($attrs['dn']);
2202 }
2203 return($tmp);
2204 }
2207 function get_all_people_ous()
2208 {
2209 /* Get collected configuration settings */
2210 $cv = $this->parent->captured_values;
2211 $people_ou = trim($cv['peopleou']);
2213 /* Establish ldap connection */
2214 $cv = $this->parent->captured_values;
2215 $ldap_l = new LDAP($cv['admin'],
2216 $cv['password'],
2217 $cv['connection'],
2218 FALSE,
2219 $cv['tls']);
2221 $ldap = new ldapMultiplexer($ldap_l);
2223 /*****************
2224 * If people ou is NOT empty
2225 * search for for all objects matching the given container
2226 *****************/
2227 if(!empty($people_ou)){
2228 $ldap->search("(".$people_ou.")",array("dn"));
2230 /* Create people ou if there is currently none */
2231 if($ldap->count() == 0 ){
2232 $add_dn = $cv['peopleou'].",".$cv['base'];
2233 $naming_attr = preg_replace("/=.*$/","",$add_dn);
2234 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
2235 $add = array();
2236 $add['objectClass'] = array("organizationalUnit");
2237 $add[$naming_attr] = $naming_value;
2238 $ldap->cd($cv['base']);
2239 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
2240 $ldap->cd($add_dn);
2241 $ldap->add($add);
2242 }
2244 /* Create result */
2245 $ldap->search("(".$cv['peopleou'].")",array("dn"));
2246 $tmp = array();
2247 while($attrs= $ldap->fetch()){
2248 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
2249 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
2250 }
2251 }
2252 } else{
2254 /************
2255 * If people ou is empty
2256 * Get all valid gosaDepartments
2257 ************/
2258 $ldap->cd($cv['base']);
2259 $tmp = array();
2260 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
2261 $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
2262 while($attrs = $ldap->fetch()){
2263 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
2264 }
2265 }
2266 return($tmp);
2267 }
2270 function get_all_winstation_ous()
2271 {
2272 /* Establish ldap connection */
2273 $cv = $this->parent->captured_values;
2274 $ldap_l = new LDAP($cv['admin'],
2275 $cv['password'],
2276 $cv['connection'],
2277 FALSE,
2278 $cv['tls']);
2280 $ldap = new ldapMultiplexer($ldap_l);
2282 /* Get winstation ou */
2283 if($cv['generic_settings']['wws_ou_active']) {
2284 $winstation_ou = $cv['generic_settings']['wws_ou'];
2285 }else{
2286 $winstation_ou = "ou=winstations";
2287 }
2289 $ldap->cd($cv['base']);
2290 $ldap->search("(".$winstation_ou.")",array("dn"));
2292 if($ldap->count() == 0 ){
2293 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
2294 $naming_attr = preg_replace("/=.*$/","",$add_dn);
2295 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
2296 $add = array();
2297 $add['objectClass'] = array("organizationalUnit");
2298 $add[$naming_attr] = $naming_value;
2300 $ldap->cd($cv['base']);
2301 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
2302 $ldap->cd($add_dn);
2303 $ldap->add($add);
2304 }
2306 $ldap->search("(".$winstation_ou.")",array("dn"));
2307 $tmp = array();
2308 while($attrs= $ldap->fetch()){
2309 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
2310 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
2311 }
2312 }
2313 return($tmp);
2314 }
2317 function get_all_group_ous()
2318 {
2319 /* Establish ldap connection */
2320 $cv = $this->parent->captured_values;
2321 $ldap_l = new LDAP($cv['admin'],
2322 $cv['password'],
2323 $cv['connection'],
2324 FALSE,
2325 $cv['tls']);
2327 $ldap = new ldapMultiplexer($ldap_l);
2329 $group_ou = trim($cv['groupou']);
2330 if(!empty($group_ou)){
2331 $group_ou = trim($group_ou);
2332 }
2334 /************
2335 * If group ou is NOT empty
2336 * Get all valid group ous, create one if necessary
2337 ************/
2338 $ldap->cd($cv['base']);
2339 if(!empty($group_ou)){
2340 $ldap->search("(".$group_ou.")",array("dn"));
2341 if($ldap->count() == 0 ){
2342 $add_dn = $group_ou.$cv['base'];
2343 $naming_attr = preg_replace("/=.*$/","",$add_dn);
2344 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
2345 $add = array();
2346 $add['objectClass'] = array("organizationalUnit");
2347 $add[$naming_attr] = $naming_value;
2349 $ldap->cd($cv['base']);
2350 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
2351 $ldap->cd($add_dn);
2352 $ldap->add($add);
2353 }
2354 $ldap->search("(".$group_ou.")",array("dn"));
2355 $tmp = array();
2356 while($attrs= $ldap->fetch()){
2357 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
2358 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
2359 }
2360 }
2361 }else{
2362 /************
2363 * If group ou is empty
2364 * Get all valid gosaDepartments
2365 ************/
2366 $ldap->cd($cv['base']);
2367 $tmp = array();
2368 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
2369 $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
2370 while($attrs = $ldap->fetch()){
2371 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
2372 }
2373 }
2374 return($tmp);
2375 }
2378 function get_group_list()
2379 {
2380 /* Establish ldap connection */
2381 $cv = $this->parent->captured_values;
2382 $ldap_l = new LDAP($cv['admin'],
2383 $cv['password'],
2384 $cv['connection'],
2385 FALSE,
2386 $cv['tls']);
2388 $ldap = new ldapMultiplexer($ldap_l);
2390 $ldap->cd($cv['base']);
2391 $ldap->search("(objectClass=posixGroup)",array("dn"));
2393 $tmp = array();
2394 while($attrs = $ldap->fetch()){
2395 $tmp[base64_encode($attrs['dn'])] = LDAP::fix($attrs['dn']);
2396 }
2397 return($tmp);
2398 }
2401 function move($source,$destination)
2402 {
2403 /* Establish ldap connection */
2404 $cv = $this->parent->captured_values;
2405 $ldap_l = new LDAP($cv['admin'],
2406 $cv['password'],
2407 $cv['connection'],
2408 FALSE,
2409 $cv['tls']);
2411 $ldap = new ldapMultiplexer($ldap_l);
2413 /* Update object references in gosaGroupOfNames */
2414 $ogs_to_fix = array();
2415 $ldap->cd($cv['base']);
2416 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::prepare4filter($source).'))', array('cn','member'));
2417 while ($attrs= $ldap->fetch()){
2418 $dn = $attrs['dn'];
2419 $attrs = $this->cleanup_array($attrs);
2420 $member_new = array($destination);
2421 foreach($attrs['member'] as $member){
2422 if($member != $source){
2423 $member_new[] = $member;
2424 }
2425 }
2426 $attrs['member'] = $member_new;
2427 $ogs_to_fix[$dn] = $attrs;
2428 }
2430 /* Copy source to destination dn */
2431 $ldap->cat($source);
2432 $new_data = $this->cleanup_array($ldap->fetch());
2433 $ldap->cd($destination);
2434 $res = $ldap->add($new_data);
2436 /* Display warning if copy failed */
2437 if(!$res){
2438 msg_dialog::display(_("LDAP error"), sprintf(_("Copy '%s' to '%s' failed:")."<br><br><i>%s</i>", LDAP::fix($source), LDAP::fix($destination), $ldap->get_error()), ERROR_DIALOG);
2439 }else{
2440 $res = $ldap->rmDir($source);
2441 if (!$ldap->success()){
2442 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $source, LDAP_DEL, get_class()));
2443 }
2445 /* Object is copied, so update its references */
2446 foreach($ogs_to_fix as $dn => $data){
2447 $ldap->cd($dn);
2448 $ldap->modify($data);
2449 }
2450 }
2451 }
2454 /* Cleanup ldap result to be able to write it be to ldap */
2455 function cleanup_array($attrs)
2456 {
2457 foreach($attrs as $key => $value) {
2458 if(is_numeric($key) || in_array($key,array("count","dn"))){
2459 unset($attrs[$key]);
2460 }
2461 if(is_array($value) && isset($value['count'])){
2462 unset($attrs[$key]['count']);
2463 }
2464 }
2465 return($attrs);
2466 }
2469 /*! \brief Act in posts from the device migration dialog
2470 */
2471 function check_device_posts()
2472 {
2473 foreach($this->device as $key => $device){
2474 if(isset($_POST["migrate_".$key])){
2475 $this->device[$key]['DETAILS'] =TRUE;
2476 }else{
2477 $this->device[$key]['DETAILS'] =FALSE;
2478 }
2479 }
2480 }
2483 /*! \brief Check for old style (gosa-2.5) devices.
2484 Save readable informations and a list of migratable devices
2485 in $this->devices.
2486 */
2487 function check_usb_devices ()
2488 {
2489 /* Establish ldap connection */
2490 $cv = $this->parent->captured_values;
2491 $ldap_l = new LDAP($cv['admin'],
2492 $cv['password'],
2493 $cv['connection'],
2494 FALSE,
2495 $cv['tls']);
2497 $ldap = new ldapMultiplexer($ldap_l);
2498 $ldap->cd($cv['base']);
2499 $res = $ldap->search("(&(|(objectClass=posixAccount)(objectClass=posixGroup))(gotoHotplugDevice=*))",
2500 array("cn","gotoHotplugDevice","gosaUnitTag"));
2502 if(!$res){
2503 $this->checks['old_style_devices']['STATUS'] = FALSE;
2504 $this->checks['old_style_devices']['STATUS_MSG']= _("LDAP query failed");
2505 $this->checks['old_style_devices']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
2506 return;
2507 }
2510 /* If adding failed, tell the user */
2511 if($ldap->count()){
2513 $this->device = array();
2514 while($attrs = $ldap->fetch()){
2516 for ($j= 0; $j < $attrs['gotoHotplugDevice']['count']; $j++){
2518 $after = "";
2519 $current= "";
2521 $entry= $attrs['gotoHotplugDevice'][$j];
2523 @list($name,$desc,$serial,$vendor,$product) = explode('|', $entry);
2525 $add = 1;
2526 $new_name = $name;
2527 while(isset($dest[$new_name])){
2528 $new_name = $name."_".$add;
2529 $add ++;
2530 }
2531 $name = $new_name;
2532 $newdn= "cn=$name,ou=devices,".preg_replace('/^[^,]+,/', '', $attrs['dn']);
2534 if (!isset($dest[$name])){
2535 $dest[$name]= $newdn;
2537 $current.= "dn: ".$attrs['dn']."\n";
2539 for ($c= 0; $c < $attrs['gotoHotplugDevice']['count']; $c++){
2540 if($c == $j){
2541 $current.= "<b>gotoHotplugDevice: ".$attrs['gotoHotplugDevice'][$c]."</b>\n";
2542 }else{
2543 $current.= "gotoHotplugDevice: ".$attrs['gotoHotplugDevice'][$c]."\n";
2544 }
2545 }
2547 $after.= "dn: $newdn\n";
2548 $after.= "changetype: add\n";
2549 $after.= "objectClass: top\n";
2550 $after.= "objectClass: gotoDevice\n";
2551 if (isset($attrs['gosaunittag'][0])){
2552 $after.= "objectClass: gosaAdminiafter\n";
2553 $after.= "gosaUnitTag: ".$attrs['gosaunittag'][0]."\n";
2554 }
2555 $after.= "cn: $name\n";
2556 $after.= "gotoHotplugDevice: $desc|$serial|$vendor|$product\n\n";
2558 $this->device[] = array(
2559 'CURRENT' => $current,
2560 'AFTER' => $after,
2561 'OLD_DEVICE' => $entry,
2562 'DN' => $attrs['dn'],
2563 'NEW_DN' => $newdn,
2564 'DEVICE_NAME' => $name,
2565 'DETAILS' => FALSE);
2566 }
2567 }
2568 }
2570 $this->checks['old_style_devices']['STATUS'] = FALSE;
2571 $this->checks['old_style_devices']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
2572 $this->checks['old_style_devices']['ERROR_MSG'] =
2573 sprintf(_("There are %s devices that need to be migrated."),count($this->device)).
2574 "<input type='submit' name='device_dialog' value='"._("Migrate")."'>";
2575 }else{
2576 $this->checks['old_style_devices']['STATUS'] = TRUE;
2577 $this->checks['old_style_devices']['STATUS_MSG']= _("Ok");
2578 $this->checks['old_style_devices']['ERROR_MSG'] = "";
2579 }
2580 }
2583 /*! \brief Migrate all selected devices.
2584 Execute all required ldap actions to migrate the
2585 selected devices.
2586 */
2587 function migrate_usb_devices ()
2588 {
2589 /* Establish ldap connection */
2590 $cv = $this->parent->captured_values;
2591 $ldap_l = new LDAP($cv['admin'],
2592 $cv['password'],
2593 $cv['connection'],
2594 FALSE,
2595 $cv['tls']);
2597 $ldap = new ldapMultiplexer($ldap_l);
2599 /* Walk through migrateable devices and initiate migration for all
2600 devices that are checked (DETAILS==TRUE)
2601 */
2602 foreach($this->device as $key => $device){
2603 if($device['DETAILS']){
2605 /* Get source object and verify that the specified device is a
2606 member attribute of it.
2607 */
2608 $ldap->cd($cv['base']);
2609 $ldap->cat($device['DN']);
2610 $attrs = $ldap->fetch();
2611 if(in_array($device['OLD_DEVICE'],$attrs['gotoHotplugDevice'])){
2613 /* Create new hotplug device object 'gotoDevice'
2614 */
2615 @list($name,$desc,$serial,$vendor,$product) = explode('|', $device['OLD_DEVICE']);
2616 $newdn = $device['NEW_DN'];
2617 $new_attr = array();
2618 $new_attr['cn'] = $device['DEVICE_NAME'];
2619 $new_attr['objectClass'] = array('top','gotoDevice');
2620 $new_attr['gotoHotplugDevice'] = "$desc|$serial|$vendor|$product";
2622 /* Add new object
2623 */
2624 $ldap->cd($cv['base']);
2625 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$newdn));
2626 $ldap->cd($newdn);
2627 $ldap->add($new_attr);
2629 /* Throw an error message if the action failed.
2630 */
2631 if(!$ldap->success()){
2632 msg_dialog::display(_("LDAP error"),
2633 sprintf(_("Adding '%s' to the LDAP failed: %s"),
2634 "<b>".LDAP::fix($newdn)."</b>",
2635 "<br><br><i>".$ldap->get_error()."</i>"), ERROR_DIALOG);
2636 }else{
2638 /* Remove old style device definition from source object.
2639 */
2640 $update['gotoHotplugDevice'] = array();
2641 for($i = 0 ; $i < $attrs['gotoHotplugDevice']['count'] ; $i++){
2642 if($attrs['gotoHotplugDevice'][$i] == $device['OLD_DEVICE']){
2643 continue;
2644 }
2645 $update['gotoHotplugDevice'][] = $attrs['gotoHotplugDevice'][$i];
2646 }
2648 $ldap->cd($device['DN']);
2649 $ldap->modify($update);
2650 $ldap->cat($device['DN'],array("gotoHotplugDevice"));
2651 if(!$ldap->success()){
2652 msg_dialog::display(_("LDAP error"),
2653 sprintf(_("Updating '%s' failed: %s"),
2654 "<b>".LDAP::fix($device['DN'])."</b>",
2655 "<br><br><i>".$ldap->get_error()."</b>"), ERROR_DIALOG);
2656 }else{
2657 unset($this->device[$key]);
2658 }
2659 }
2660 }
2661 }
2662 }
2663 $this->check_usb_devices();
2664 }
2667 /*! \brief Check for old style (gosa-2.5) services that have to be migrated
2668 to be useable in gosa-2.6.
2669 All required changes are stored in $this->service, also some
2670 readable informations describing the actions required
2671 to migrate the service
2672 */
2673 function check_services()
2674 {
2675 /* Establish ldap connection */
2676 $cv = $this->parent->captured_values;
2677 $ldap_l = new LDAP($cv['admin'],
2678 $cv['password'],
2679 $cv['connection'],
2680 FALSE,
2681 $cv['tls']);
2683 $ldap = new ldapMultiplexer($ldap_l);
2684 $this->service = array();
2686 /* Check for Ldap services that must be migrated
2687 */
2688 $ldap->cd($cv['base']);
2689 $res = $ldap->search("(objectClass=goLdapServer)", array("goLdapBase", "cn"));
2691 /* Check if we were able to query the ldap server
2692 */
2693 if(!$res){
2694 $this->checks['old_style_services']['STATUS'] = FALSE;
2695 $this->checks['old_style_services']['STATUS_MSG']= _("LDAP query failed");
2696 $this->checks['old_style_services']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
2697 return;
2698 }
2700 /* Walk through each configured ldap server
2701 and check if it is configured correctly.
2702 */
2703 while($attrs = $ldap->fetch()){
2704 $dn= $attrs['dn'];
2705 $uri= $attrs['goLdapBase'][0];
2706 if (! preg_match("!^ldaps?://!", $uri)){
2707 $this->service[] = array(
2708 "TYPE" => "modify" ,
2709 "DN" => $dn,
2710 "DETAILS" => FALSE,
2711 "ATTRS" => array("goLdapBase" => "ldap://".$attrs['cn'][0]."/$uri"),
2712 "CURRENT" => "goLdapBase: ".$uri,
2713 "AFTER" => "goLdapBase: "."ldap://".$attrs['cn'][0]."/$uri");
2714 }
2715 }
2717 /* Other sevices following here later ...maybe
2718 */
2720 /* Update status message
2721 */
2722 if(count($this->service)){
2723 $this->checks['old_style_services']['STATUS'] = FALSE;
2724 $this->checks['old_style_services']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
2725 $this->checks['old_style_services']['ERROR_MSG'] =
2726 sprintf(_("There are %s services that need to be migrated."),
2727 count($this->service)).
2728 "<input type='submit' name='service_dialog' value='"._("Migrate")."'>";
2729 }else{
2730 $this->checks['old_style_services']['STATUS'] = TRUE;
2731 $this->checks['old_style_services']['STATUS_MSG']= _("Ok");
2732 $this->checks['old_style_services']['ERROR_MSG'] = "";
2733 }
2734 }
2738 /*! \brief Migrate selected services.
2739 This function executes the commands collected by the
2740 service_check() function.
2741 */
2742 function migrate_services()
2743 {
2744 /* Establish ldap connection
2745 */
2746 $cv = $this->parent->captured_values;
2747 $ldap_l = new LDAP($cv['admin'],
2748 $cv['password'],
2749 $cv['connection'],
2750 FALSE,
2751 $cv['tls']);
2753 $ldap = new ldapMultiplexer($ldap_l);
2755 /* Handle each service
2756 */
2757 foreach($this->service as $key => $service){
2758 if($service['DETAILS']){
2760 /* Handle modify requests
2761 */
2762 if($service['TYPE'] == "modify"){
2763 $ldap->cd($service['DN']);
2764 $ldap->modify($service['ATTRS']);
2766 /* Check if everything done was successful
2767 */
2768 if(!$ldap->success()){
2769 msg_dialog::display(_("LDAP error"),
2770 sprintf(_("Updating '%s' failed: %s"),
2771 "<b>".LDAP::fix($service['DN'])."</b>",
2772 "<br><br><i>".$ldap->get_error()."</b>"), ERROR_DIALOG);
2773 }else{
2775 /* Remove action from list
2776 */
2777 unset($this->service[$key]);
2778 }
2779 }
2780 }
2781 }
2783 /* Update the service migration status
2784 */
2785 $this->check_services();
2786 }
2789 /*! \brief Ensure that posts made on the service migration dialog
2790 are processed.
2791 */
2792 function check_service_posts()
2793 {
2794 foreach($this->service as $key => $service){
2795 if(isset($_POST["migrate_".$key])){
2796 $this->service[$key]['DETAILS'] =TRUE;
2797 }else{
2798 $this->service[$key]['DETAILS'] =FALSE;
2799 }
2800 }
2801 }
2804 /*! \brief This function checks the given ldap for old style (gosa-2.5)
2805 menu entries and will prepare a list of actions that are required
2806 to migrate them to gosa-2.6.
2807 All required actions and some readable informations are stored in
2808 $this->menu.
2809 */
2810 function check_menus()
2811 {
2812 /* Establish ldap connection
2813 */
2814 $cv = $this->parent->captured_values;
2815 $ldap_l = new LDAP($cv['admin'],
2816 $cv['password'],
2817 $cv['connection'],
2818 FALSE,
2819 $cv['tls']);
2821 $ldap = new ldapMultiplexer($ldap_l);
2823 /* First detect all release names
2824 */
2825 $ldap->cd($cv['base']);
2826 $res = $ldap->search("(&(objectClass=organizational)(objectClass=FAIbranch))",array("ou","objectClass"));
2828 /* Check if we were able to query the ldap server
2829 */
2830 if(!$res){
2831 $this->checks['old_style_menus']['STATUS'] = FALSE;
2832 $this->checks['old_style_menus']['STATUS_MSG']= _("LDAP query failed");
2833 $this->checks['old_style_menus']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
2834 return;
2835 }
2837 /* Create application -> parameter mapping, used later to detect
2838 which configured parameter belongs to which application entry.
2839 */
2840 $amap= array();
2841 $todo = array();
2842 $ldap->cd($cv['base']);
2843 $ldap->search("(objectClass=gosaApplication)", array("cn", "gosaApplicationParameter"));
2844 while($info = $ldap->fetch()){
2845 if (isset($info['gosaApplicationParameter']['count'])){
2846 for ($j= 0; $j < $info['gosaApplicationParameter']['count']; $j++){
2847 $p= preg_replace("/^([^:]+):.*$/", "$1", $info['gosaApplicationParameter'][$j]);
2849 if(!isset($amap[$info['cn'][0]]) || !in_array($p, $amap[$info['cn'][0]])){
2850 $amap[$info['cn'][0]][]= $p;
2851 }
2852 }
2853 } else {
2854 $amap[$info['cn'][0]]= array();
2855 }
2856 }
2858 /* Search for all groups that have an old style application menu configured.
2859 */
2860 $appgroups = array();
2861 $ldap->cd($cv['base']);
2862 $ldap->search("(&(objectClass=gosaApplicationGroup)(objectClass=posixGroup)(FAIrelease=*))",
2863 array("gosaMemberApplication","gosaApplicationParameter","FAIrelease","objectClass","gosaUnitTag"));
2865 /* Create readable prefix for "What will be done" infos
2866 */
2867 $s_add = "<i>"._("Add")."</i>\t";
2868 $s_del = "<i>"._("Remove")."</i>\t";
2870 /* Walk through all found old-style menu configurations.
2871 -Prepare ldap update list $data
2872 -Prepare printable changes $after/$current
2873 */
2874 while($info = $ldap->fetch()){
2876 $data = array();
2877 $current = "";
2878 $after ="";
2880 /* Get unit tag
2881 */
2882 $tag ="";
2883 if(isset($info['gosaUnitTag'])){
2884 $tag = $info['gosaUnitTag'][0];
2885 }
2887 /* Collect application parameter for this group
2888 */
2889 $params= array();
2890 if(isset($info['gosaApplicationParameter'])){
2891 for ($i= 0; $i < $info['gosaApplicationParameter']['count']; $i++){
2892 $name= preg_replace("/^([^:]+):.*$/", "$1", $info['gosaApplicationParameter'][$i]);
2893 $params[$name]= $info['gosaApplicationParameter'][$i];
2894 }
2895 }
2897 /* Create release container for each release/subrelease.
2898 eg. "sisa/1.0.0":
2899 . "ou=siga, ..."
2900 . "ou=1.0.0,ou=siga, .."
2901 */
2902 $release = "";
2903 $r = $info['FAIrelease'][0];
2904 $z = explode("/",$r);
2905 foreach($z as $part){
2907 if(!empty($part)){
2908 $release = "ou=".$part.",".$release;
2910 /* Append release department information to "What will be done" info
2911 */
2912 $release_dn = $release.$info['dn'];
2913 $after .= $s_add."dn: $release_dn\n";
2914 $after .= $s_add."objectClass: top\n";
2915 $after .= $s_add."objectClass: FAIbranch\n";
2916 $after .= $s_add."objectClass: organizationalUnit\n";
2918 /* Append UnitTag
2919 */
2920 if($tag != ""){
2921 $after .= $s_add."objectClass: gosaAdministrativeUnitTag\n";
2922 $after .= $s_add."gosaUnitTag: $tag\n";
2923 }
2924 $after .= $s_add."ou: $part\n";
2926 /* Append release data to ldap actions
2927 */
2928 $d = array();
2929 $d['objectClass'] = array("top","FAIbranch","organizationalUnit");
2930 if(!empty($tag)){
2931 $d['objectClass'][] = "gosaAdministrativeUnitTag";
2932 $d['gosaUnitTag'] = $tag;
2933 }
2934 $d['ou'] = $part;
2935 $data['ADD'][$release_dn]= $d;
2936 }
2937 }
2939 /* Add member applications to the array.
2940 */
2941 $current .= "dn: ".$info['dn']."\n";
2942 $menu_structure = array();
2943 for ($i= 0; $i < $info['gosaMemberApplication']['count']; $i++){
2944 list($name, $location, $priority)= explode("|", $info['gosaMemberApplication'][$i]);
2946 /* Create location dn
2947 */
2948 $location_dn ="";
2949 if(!empty($location)){
2950 $location_dn ="cn=".$location.",";
2951 }
2953 /* Append old style element to current detail informations
2954 */
2955 $current .= $s_del."gosaMemberApplication: ".$info['gosaMemberApplication'][$i]."\n";
2957 /* Append ldap update action to remove the old menu entry attributes
2958 */
2959 unset($info['objectClass']['count']);
2960 $d = array();
2961 $d['gosaMemberApplication'] = array();
2962 $d['gosaApplicationParameter'] = array();
2963 if(isset($info['FAIrelease'])){
2964 $d['FAIrelease'] = array();
2965 }
2966 $d['objectClass'] = array_remove_entries(array("gosaApplicationGroup","FAIreleaseTag"),$info['objectClass']);
2967 $data['MODIFY'][$info['dn']] = $d;
2969 /* Create new application menu structure
2970 */
2971 if (isset($amap[$name])){
2973 /* Append missing menu structure to "What is done info"
2974 */
2975 if(!isset($menu_structure[$location]) && !empty($location)){
2976 $menu_structure[$location] = TRUE;
2977 $after .= "\n";
2978 $after .= $s_add."dn: $location_dn$release_dn\n";
2979 $after .= $s_add."objectClass: gotoSubmenuEntry\n";
2981 /* Append UnitTag
2982 */
2983 if($tag != ""){
2984 $after .= $s_add."objectClass: gosaAdministrativeUnitTag\n";
2985 $after .= $s_add."gosaUnitTag: $tag\n";
2986 }
2987 $after .= $s_add."cn: $location\n";
2989 /* Create ldap entry to append
2990 */
2991 $d = array();
2992 $d['cn'] = $location;
2993 $d['objectClass'] = array("gotoSubmenuEntry");
2994 if(!empty($tag)){
2995 $d['objectClass'][] = "gosaAdministrativeUnitTag";
2996 $d['gosaUnitTag'] = $tag;
2997 }
2998 $data['ADD'][$location_dn.$release_dn] = $d;
2999 }
3002 /* Append missing menu entry for "What is done info".
3003 */
3004 if(!empty($name)){
3005 $after .= "\n";
3006 $after .= $s_add."dn: cn=$name,$location_dn$release_dn\n";
3007 $after .= $s_add."objectClass: gotoMenuEntry\n";
3008 if($tag != ""){
3009 $after .= $s_add."objectClass: gosaAdministrativeUnitTag\n";
3010 $after .= $s_add."gosaUnitTag: $tag\n";
3011 }
3012 $after .= $s_add."cn: $name\n";
3013 $after .= $s_add."gosaApplicationPriority: $priority\n";
3015 /* Create ldap entry
3016 */
3017 $d= array();
3018 $d['objectClass'] = array("gotoMenuEntry");
3019 if(!empty($tag)){
3020 $d['objectClass'][] = "gosaAdministrativeUnitTag";
3021 $d['gosaUnitTag'] = $tag;
3022 }
3023 $d['cn'] = $name;
3024 $d['gosaApplicationPriority'] = $priority;
3026 foreach ($amap[$name] as $n){
3027 if (isset($params[$n])){
3028 $after .= $s_add."gosaApplicationParameter: ".$params[$n]."\n";
3029 $d['gosaApplicationParameter'][] = $params[$n];
3030 }
3031 }
3032 $data['ADD']["cn=$name,$location_dn$release_dn"] = $d;
3033 }
3034 }
3035 }
3037 /* Updated todo list
3038 */
3039 $todo[] = array(
3040 "DETAILS" => FALSE,
3041 "DN" => $info['dn'],
3042 "AFTER" => $after,
3043 "CURRENT" => $current,
3044 "TODO" => $data
3045 );
3046 }
3048 /* Remember checks.
3049 */
3050 $this->menu = $todo;
3052 /* Check if we were able to query the ldap server
3053 */
3054 if(count($this->menu)){
3055 $this->checks['old_style_menus']['STATUS'] = FALSE;
3056 $this->checks['old_style_menus']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
3057 $this->checks['old_style_menus']['ERROR_MSG'] = sprintf(_("There are %s application menus which have to be migrated."),
3058 count($this->menu))."<input type='submit' name='menu_dialog' value='"._("Migrate")."'>";
3059 }else{
3060 $this->checks['old_style_menus']['STATUS'] = TRUE;
3061 $this->checks['old_style_menus']['STATUS_MSG']= _("Ok");
3062 $this->checks['old_style_menus']['ERROR_MSG'] = "";
3063 }
3064 }
3067 /*! \brief Handle posts for the menu_dialog
3068 Ensure that checked checkboxes stay checked.
3069 */
3070 function check_menu_posts()
3071 {
3072 foreach($this->menu as $key => $menu){
3073 if(isset($_POST["migrate_".$key])){
3074 $this->menu[$key]['DETAILS'] =TRUE;
3075 }else{
3076 $this->menu[$key]['DETAILS'] =FALSE;
3077 }
3078 }
3079 }
3082 /*! \brief This function updates old-style application menus to
3083 valid 2.6 application menus.
3084 All selected menus will be converted (DETAILS = TRUE).
3085 The ldap actions collected by check_menus() will be executed.
3086 */
3087 function migrate_menus()
3088 {
3090 /* Establish ldap connection
3091 */
3092 $cv = $this->parent->captured_values;
3093 $ldap_l = new LDAP($cv['admin'],
3094 $cv['password'],
3095 $cv['connection'],
3096 FALSE,
3097 $cv['tls']);
3099 $ldap = new ldapMultiplexer($ldap_l);
3100 $ldap->cd($cv['base']);
3102 /* Walk through menus and detect selected menu
3103 */
3104 foreach($this->menu as $key => $menu){
3105 if($menu['DETAILS']) {
3107 /* Excute all LDAP-ADD actions
3108 */
3109 $success = TRUE;
3110 foreach($menu['TODO']['ADD'] as $dn => $data){
3111 $ldap->cd($cv['base']);
3112 if(!$ldap->dn_exists($dn)){
3113 $ldap->cd($dn);
3114 $ldap->add($data);
3115 if (!$ldap->success()){
3116 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_ADD, get_class()));
3117 $success = FALSE;
3118 }
3119 }
3120 }
3122 /* Execute all LDAP-MODIFY actions
3123 */
3124 foreach($menu['TODO']['MODIFY'] as $dn => $data){
3125 $ldap->cd($cv['base']);
3126 if($ldap->dn_exists($dn)){
3127 $ldap->cd($dn);
3128 $ldap->modify($data);
3129 if (!$ldap->success()){
3130 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()));
3131 $success = FALSE;
3132 }
3133 }
3134 }
3136 /* If every action was successful, remove this entry from the list
3137 */
3138 if($success){
3139 unset($this->menu[$key]);
3140 }
3141 }
3142 }
3144 /* Udpate migration status for application menus
3145 */
3146 $this->check_menus();
3147 }
3150 function migrate_selected_admin_users()
3151 {
3152 /* Updated ui selection */
3153 $this->migrate_users();
3155 /* Establish ldap connection */
3156 $cv = $this->parent->captured_values;
3157 $ldap_l = new LDAP($cv['admin'],
3158 $cv['password'],
3159 $cv['connection'],
3160 FALSE,
3161 $cv['tls']);
3163 $ldap = new ldapMultiplexer($ldap_l);
3164 $ldap->cd($cv['base']);
3166 /* Get current ACL configuration for the ldap base
3167 */
3168 $ldap->cat($cv['base']);
3169 $base_attrs = $ldap->fetch();
3170 $acl_entries= array();
3171 $acl_id = -1;
3172 if(isset($base_attrs['gosaAclEntry'])){
3173 for($i=0; $i < $base_attrs['gosaAclEntry']['count']; $i ++){
3174 $acl_entries[] = $base_attrs['gosaAclEntry'][$i];
3175 $cur_id = preg_replace("/^([0-9]*):.*$/","\\1",$base_attrs['gosaAclEntry'][$i]);
3176 if($cur_id > $acl_id){
3177 $acl_id = $cur_id;
3178 }
3179 }
3180 }
3182 /* Append ACLs selected in the migrate admin account dialog
3183 */
3184 foreach($this->migrate_users as $entry){
3185 if($entry['checked']){
3186 $acl_id ++;
3187 $acl_entries[] = $acl_id.$entry['change'];
3188 }
3189 }
3191 /* Check if the required objectClasses are available
3192 */
3193 $ocs = array();
3194 for($i=0;$i< $base_attrs['objectClass']['count']; $i++){
3195 $ocs[] = $base_attrs['objectClass'][$i];
3196 }
3197 if(!in_array("gosaACL",$ocs)){
3198 $ocs[] = "gosaACL";
3199 }
3201 /* Try to write changes
3202 */
3203 if(count($acl_entries)){
3204 $new_entry['gosaAclEntry'] = $acl_entries;
3205 $new_entry['objectClass'] = $ocs;
3206 $ldap->cd($cv['base']);
3207 $ldap->modify($new_entry);
3208 if(!$ldap->success()){
3209 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
3210 $this->checks['acls']['STATUS'] = FALSE;
3211 $this->checks['acls']['STATUS_MSG']= _("Failed");
3212 $this->checks['acls']['ERROR_MSG'] = "<br>".msgPool::ldaperror($cv['base'],$ldap->get_error(),LDAP_MOD);
3213 }else{
3214 $this->check_administrativeAccount();
3215 }
3216 }
3217 }
3220 function migrate_users()
3221 {
3222 /* Collect a list of available GOsa users and groups
3223 */
3225 /* Establish ldap connection */
3226 $cv = $this->parent->captured_values;
3227 $ldap_l = new LDAP($cv['admin'],
3228 $cv['password'],
3229 $cv['connection'],
3230 FALSE,
3231 $cv['tls']);
3233 $ldap = new ldapMultiplexer($ldap_l);
3234 $ldap->cd($cv['base']);
3236 $users = array();
3237 $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)".
3238 "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn"));
3239 while($user_attrs = $ldap->fetch()){
3240 $users[$user_attrs['dn']] = $user_attrs['uid'][0];
3241 $rusers[$user_attrs['uid'][0]] = $user_attrs['dn'];
3242 }
3243 $groups = array();
3244 $ldap->search("objectClass=posixGroup",array("cn","dn"));
3245 while($group_attrs = $ldap->fetch()){
3246 $groups[$group_attrs['dn']] = $group_attrs['cn'][0];
3247 }
3249 foreach($this->migrate_users as $id => $data){
3250 $this->migrate_users[$id]['checked'] = isset($_POST['migrate_admin_'.$id]);
3251 }
3253 /* Try to find an old GOsa 2.5 administrative account that may be migrated
3254 */
3255 if(!count($this->migrate_users)){
3256 $ldap->cat($cv['base']);
3257 $base_data = $ldap->fetch();
3258 $base_entry = "dn: ".$base_data['dn']."\n";
3259 for($i=0;$i<$base_data['objectClass']['count'];$i++){
3260 $base_entry .= "objectClass: ".$base_data['objectClass'][$i]."\n";
3261 }
3262 if(!in_array("gosaACL",$base_data['objectClass'])){
3263 $base_entry .= "<b>objectClass: gosaACL</b>\n";
3264 }
3265 if(isset($base_data['gosaAclEntry'])){
3266 for($i=0;$i<$base_data['gosaAclEntry']['count'];$i++){
3267 $base_entry .= "gosaAclEntry: ".$base_data['gosaAclEntry'][$i]."\n";
3268 }
3269 }
3270 $this->migrate_acl_base_entry = $base_entry;
3271 $ldap->cd($cv['base']);
3272 $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
3273 while($p_group = $ldap->fetch()){
3274 for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){
3275 $user = $p_group['memberUid'][$e];
3276 if(isset($rusers[$user])){
3277 $bsp_acl_entry = "gosaAclEntry: #:psub:".base64_encode($rusers[$user]).":all;cmdrw\n";
3278 $entry = array();
3279 $entry['uid'] = $user;
3280 $entry['dn'] = $rusers[$user];
3281 $entry['details'] = $bsp_acl_entry;
3282 $entry['checked'] = FALSE;
3283 $entry['change'] = ":psub:".base64_encode($rusers[$user]).":all;cmdrw";
3284 $this->migrate_users[] = $entry;
3285 }
3286 }
3287 }
3288 }
3289 }
3290 }
3291 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
3292 ?>