1 <?php
3 class group extends plugin
4 {
5 /* CLI vars */
6 var $cli_summary= "Handling of GOsa's base group object";
7 var $cli_description= "Some longer text\nfor help";
8 var $cli_parameters= array("eins" => "Eins ist toll", "zwei" => "Zwei ist noch besser");
10 /* Group attributes */
11 var $cn= "";
12 var $description= "";
13 var $gidNumber= "";
14 var $memberUid= array();
16 /* Helpers */
17 var $base= "";
18 var $force_gid= FALSE;
19 var $fon_group= FALSE;
20 var $smbgroup= FALSE;
21 var $groupType= FALSE;
22 var $samba3= FALSE;
23 var $sambaSID= "";
24 var $sambaDomainName= "DEFAULT";
25 var $SID= "";
26 var $ridBase= 0;
27 var $members= array();
28 var $users= array();
29 var $member= array();
30 var $allusers= array();
31 var $saved_gidNumber= "";
32 var $oldgroupType= "";
33 var $orig_dn= "";
34 var $orig_cn= "";
35 var $has_mailAccount= FALSE;
36 var $group_dialog= FALSE;
37 var $nagios_group =FALSE;
38 var $sambaGroupType;
39 var $dialog;
40 var $rfc2307bis= FALSE;
41 var $OnlyShowFirstEntries =200;
42 var $dnMapping= array();
43 var $view_logged = FALSE;
44 var $allowGroupsWithSameNameInOtherSubtrees = true;
46 /* attribute list for save action */
47 var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID");
48 var $objectclasses= array("top", "posixGroup");
50 var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
52 function group (&$config, $dn= NULL)
53 {
54 /* Set rfc2307bis flag */
55 if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){
56 $this->rfc2307bis= TRUE;
57 $this->attributes[]= "member";
58 $this->objectclasses[]= "groupOfNames";
59 }
61 plugin::plugin ($config, $dn);
63 /* Load attributes depending on the samba version */
64 $this->samba3= ($config->current['SAMBAVERSION'] == 3);
65 $this->orig_dn= $dn;
66 $this->orig_cn= $this->cn;
68 /* Get member list */
69 if (isset($this->attrs['memberUid'][0])){
70 $tmp= array();
71 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
72 $tmp[]= $this->attrs['memberUid'][$i];
73 }
74 $this->memberUid= $tmp;
75 sort ($this->memberUid);
76 }
78 /* Save gidNumber for later use */
79 if (isset($this->attrs['gidNumber'])){
80 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
81 }
83 /* Is a samba group? */
84 if (isset($this->attrs['objectClass'])){
85 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == FALSE ){
86 $this->smbgroup= FALSE;
87 } else {
88 $this->smbgroup= TRUE;
89 if (isset($this->attrs['sambaSID'])){
90 $this->sambaSID= $this->attrs['sambaSID'][0];
91 }
92 }
93 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == FALSE ){
94 $this->fon_group= FALSE;
95 } else {
96 $this->fon_group= TRUE;
97 }
98 if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == FALSE ){
99 $this->nagios_group= FALSE;
100 } else {
101 $this->nagios_group= TRUE;
102 }
103 }
105 /* Set mail flag */
106 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
107 $this->has_mailAccount= TRUE;
108 }
110 /* Get samba Domain in case of samba 3 */
111 if ($this->samba3 && $this->sambaSID != ""){
112 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
113 $ldap= $this->config->get_ldap_link();
114 $ldap->cd($this->config->current['BASE']);
115 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
116 if ($ldap->count() != 0){
117 $attrs= $ldap->fetch();
118 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
120 /* Get domain name for SID */
121 $this->sambaDomainName= "DEFAULT";
122 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
123 if ($val['SID'] == $this->SID){
124 $this->sambaDomainName= $key;
125 break;
126 }
127 }
128 } else {
129 if (isset($this->config->current['RIDBASE'])){
130 $this->sambaDomainName= "DEFAULT";
131 $this->ridBase= $this->config->current['RIDBASE'];
132 $this->SID= $this->config->current['SID'];
133 } else {
134 print_red(_("Can't find this groups SID in LDAP or in your configuration file!"));
135 }
136 }
138 /* Get group type */
139 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
140 if ($this->groupType < 500 || $this->groupType > 553){
141 $this->groupType= 0;
142 }
143 $this->oldgroupType= $this->groupType;
144 }
146 /* Get global filter config */
147 if (!session::is_set("gufilter")){
148 $ui= get_userinfo();
149 $base= get_base_from_people($ui->dn);
150 $gufilter= array( "dselect" => $base,
151 "regex" => "*");
152 session::set("gufilter", $gufilter);
153 }
154 $gufilter= session::get('gufilter');
155 $gufilter['SubSearchGroup'] = false;
156 session::set('gufilter',$gufilter);
158 if ($this->dn == "new"){
159 if(session::is_set('CurrentMainBase')){
160 $this->base = session::get('CurrentMainBase');
161 }else{
162 $ui= get_userinfo();
163 $this->base= dn2base($ui->dn);
164 }
165 } else {
167 /* Get object base */
168 $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
169 }
171 /* This is always an account */
172 $this->is_account= TRUE;
173 $this->reload();
174 }
176 function execute()
177 {
178 /* Call parent execute */
179 plugin::execute();
181 /* Log view */
182 if($this->is_account && !$this->view_logged){
183 $this->view_logged = TRUE;
184 new log("view","groups/".get_class($this),$this->dn);
185 }
187 /* Do we represent a valid group? */
188 if (!$this->is_account && $this->parent === NULL){
189 $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
190 _("This 'dn' is no group.")."</b>";
191 return ($display);
192 }
194 /* Delete user from group */
195 if (isset($_POST['del_users']) && isset($_POST['members'])){
196 foreach ($_POST['members'] as $value){
197 unset ($this->members["$value"]);
198 $this->removeUser($value);
199 }
200 $this->reload();
201 }
203 /* Add objects? */
204 if (isset($_POST["edit_membership"])){
205 $this->group_dialog= TRUE;
206 $this->dialog= TRUE;
207 }
209 /* Add objects finished? */
210 if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
211 $this->group_dialog= FALSE;
212 $this->dialog= FALSE;
213 }
215 /* Add user to group */
216 if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
217 foreach ($_POST['users'] as $value){
218 $this->members["$value"]= $this->allusers[$value];
219 asort($this->members);
220 $this->addUser($value);
221 }
222 $this->reload();
223 }
225 /* Base select dialog */
226 $once = true;
227 foreach($_POST as $name => $value){
228 if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
230 $once = false;
231 $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
232 $this->dialog->setCurrentBase($this->base);
233 }
234 }
236 /* Dialog handling */
237 if(is_object($this->dialog)){
238 /* Must be called before save_object */
239 $this->dialog->save_object();
241 if($this->dialog->isClosed()){
242 $this->dialog = false;
243 }elseif($this->dialog->isSelected()){
245 /* Check if selected base is valid */
246 $tmp = $this->get_allowed_bases();
247 if(isset($tmp[$this->dialog->isSelected()])){
248 $this->base = $this->dialog->isSelected();
249 }
250 $this->dialog= false;
251 }else{
252 return($this->dialog->execute());
253 }
254 }
256 /* Assign templating stuff */
257 $smarty= get_smarty();
258 if ($this->samba3){
259 $smarty->assign("samba3", "true");
260 } else {
261 $smarty->assign("samba3", "");
262 }
264 if($this->config->search("nagiosaccount", "CLASS",array('menu'))){
265 $smarty->assign("nagios",true);
266 }else{
267 $smarty->assign("nagios",false);
268 }
270 if($this->config->search("phoneAccount", "CLASS",array('menu'))){
271 $smarty->assign("pickupGroup",true);
272 }else{
273 $smarty->assign("pickupGroup",false);
274 }
276 /* Manage object add dialog */
277 if ($this->group_dialog){
279 /* Save data */
280 $gufilter= session::get("gufilter");
281 foreach( array("dselect", "regex") as $type){
282 if (isset($_POST[$type])){
283 $gufilter[$type]= $_POST[$type];
284 }
285 }
286 if(isset($_POST['regex'])){
287 if(isset($_POST['SubSearchGroup'])){
288 $gufilter['SubSearchGroup'] = true;
289 }else{
290 $gufilter['SubSearchGroup'] = false;
291 }
292 }
294 if (isset($_GET['search'])){
295 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
296 if ($s == "**"){
297 $s= "*";
298 }
299 $gufilter['regex']= $s;
300 }
301 session::set("gufilter", $gufilter);
302 $this->reload();
304 /* Show dialog */
305 $smarty->assign("search_image", get_template_path('images/search.png'));
306 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
307 $smarty->assign("tree_image", get_template_path('images/tree.png'));
309 $smarty->assign("deplist", $this->get_allowed_bases("users/user"));
310 $smarty->assign("alphabet", generate_alphabet());
311 foreach( array("dselect", "regex","SubSearchGroup") as $type){
312 $smarty->assign("$type", $gufilter[$type]);
313 }
314 $smarty->assign("hint", print_sizelimit_warning());
315 $smarty->assign("users", $this->displayUsers);
316 $smarty->assign("apply", apply_filter());
317 $display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
318 return ($display);
319 }
321 $smarty->assign("bases", $this->get_allowed_bases());
322 $smarty->assign("base_select", $this->base);
324 if ($this->samba3){
325 $domains= array();
326 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
327 $domains[$name]= $name;
328 }
329 $smarty->assign("sambaDomains", $domains);
330 $smarty->assign("sambaDomainName", $this->sambaDomainName);
331 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
332 514 => _("Domain guests"));
334 /* Don't loose special groups! If not key'ed above, add it to
335 the combo box... */
336 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
337 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
338 }
340 $smarty->assign("groupTypes", $groupTypes);
341 $smarty->assign("groupType", $this->groupType);
342 }
344 /* Members and users */
345 $smarty->assign("members", $this->members);
347 /* Checkboxes */
348 foreach (array("force_gid", "smbgroup") as $val){
349 if ($this->$val == "1"){
350 $smarty->assign("$val", "checked");
351 } else {
352 $smarty->assign("$val", "");
353 }
354 }
355 if ($this->force_gid != "1"){
356 $smarty->assign("forceMode", "disabled");
357 }else{
358 $smarty->assign("forceMode", "");
359 }
360 if ($this->fon_group){
361 $smarty->assign("fon_group", "checked");
362 } else {
363 $smarty->assign("fon_group", "");
364 }
366 if ($this->nagios_group){
367 $smarty->assign("nagios_group", "checked");
368 } else {
369 $smarty->assign("nagios_group", "");
370 }
372 /* Fields */
373 foreach (array("cn", "description", "gidNumber") as $val){
374 $smarty->assign("$val", $this->$val);
375 }
377 $tmp = $this->plInfo();
378 foreach($tmp['plProvidedAcls'] as $name => $translation){
379 $smarty->assign($name."ACL",$this->getacl($name));
380 }
382 if($this->acl_is_writeable("base")){
383 $smarty->assign("baseSelect",true);
384 }else{
385 $smarty->assign("baseSelect",false);
386 }
388 /* Show main page */
389 $smarty->assign("alphabet", generate_alphabet(10));
390 $smarty->assign("search_image", get_template_path('images/search.png'));
391 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
392 $smarty->assign("tree_image", get_template_path('images/tree.png'));
393 $smarty->assign("deplist", $this->config->idepartments);
394 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
395 }
397 function addUser($uid)
398 {
399 $this->memberUid[]= $uid;
400 $this->memberUid= array_unique($this->memberUid);
401 }
403 function removeUser($uid)
404 {
405 $temp= array();
406 foreach ($this->memberUid as $value){
407 if ($value != $uid){
408 $temp[]= $value;
409 }
410 }
411 $this->memberUid= $temp;
412 }
415 /* Reload data */
416 function reload()
417 {
418 /* Fix regex string */
419 $gufilter = session::get("gufilter");
420 $regex = normalizeLdap($gufilter['regex']);
421 $MaxUser = $this->OnlyShowFirstEntries;
423 /* Prepare ldap link */
424 $ldap= $this->config->get_ldap_link();
425 $ldap->cd($gufilter['dselect']);
428 /* Resolve still unresolved memberuids to fill the list with sn/giveName attributes
429 (Store gathered sn/givenName informations in $this->allusers too,
430 to be prepared when adding/deleting users)
431 */
432 $filter = "";
433 foreach ($this->memberUid as $value){
434 if(!isset($this->members[$value])){
435 $filter .= "(uid=".normalizeLdap($value).")";
436 }
437 }
438 if(!empty($filter)){
439 $ldap->cd($this->config->current['BASE']);
440 $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
441 while($attrs = $ldap->fetch()){
442 $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
443 $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
444 $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
445 }
446 }
448 /* check if all uids are resolved */
449 foreach ($this->memberUid as $value){
450 if(!isset($this->members[$value])){
451 $this->members[$value] = _("! unknown id")." [".$value."]";
452 }
453 }
455 /* Create display list of users matching regex & filter
456 */
457 $this->displayUsers = array();
458 $filter = "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$))(|(uid=".$regex.")(sn=".$regex.")(givenName=".$regex.")))";
460 /* Search in current tree or within subtrees depending on the checkbox from filter section */
461 if($gufilter['SubSearchGroup']){
462 $flag = GL_SIZELIMIT | GL_SUBSEARCH;
463 $base = $gufilter['dselect'];
464 }else{
465 $flag = GL_SIZELIMIT ;
466 $base = get_people_ou().$gufilter['dselect'];
467 }
468 $i = 0;
471 $res = get_list($filter,"users",$base,array("dn", "uid", "sn", "givenName"),$flag);
473 /* Fetch all users and skip already used users */
474 foreach($res as $attrs){
475 if(in_array($attrs['uid'][0], $this->memberUid)) {
476 continue;
477 }
478 $i ++;
479 if($i > $MaxUser) {
480 break;
481 }
482 $this->dnMapping[$attrs['uid'][0]]= $attrs["dn"];
483 $this->allusers[$attrs['uid'][0]] = $this->createResultName($attrs);
484 $this->displayUsers[$attrs['uid'][0]] = $this->createResultName($attrs);
485 }
487 /* If more than max users are found, display a message to warn the user */
488 if(($i == $MaxUser)){
489 print_red(sprintf(_("Your search method returned more than '%s' users, only '%s' users are shown.") , $MaxUser,$MaxUser));
490 }
492 /* Sort lists */
493 natcasesort($this->members);
494 reset($this->members);
495 natcasesort ($this->displayUsers);
496 reset ($this->displayUsers);
497 }
500 /* Create display name, this was used so often that it is excluded into a seperate function */
501 function createResultName($attrs)
502 {
503 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
504 $ret = $attrs["sn"][0].", ".$attrs["givenName"][0]." [".$attrs["uid"][0]."]";
505 } else {
506 $ret= $attrs['uid'][0];
507 }
508 return($ret);
509 }
512 function remove_from_parent()
513 {
514 plugin::remove_from_parent();
516 $ldap= $this->config->get_ldap_link();
517 $ldap->rmdir($this->dn);
518 show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn));
520 new log("remove","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
522 /* Delete references to object groups */
523 $ldap->cd ($this->config->current['BASE']);
524 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".$this->dn."))", array("cn"));
525 while ($ldap->fetch()){
526 $og= new ogroup($this->config, $ldap->getDN());
527 unset($og->member[$this->dn]);
528 $og->save ();
529 }
531 /* Remove ACL dependencies too,
532 */
533 $ldap = $this->config->get_ldap_link();
534 $ldap->cd($this->config->current['BASE']);
535 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($this->dn)."*))",array("gosaAclEntry","dn"));
536 while($attrs = $ldap->fetch()){
537 $acl = new acl($this->config,$this->parent,$attrs['dn']);
538 foreach($acl->gosaAclEntry as $id => $entry){
539 foreach($entry['members'] as $m_id => $member){
540 if($m_id == "G:".$this->dn || $m_id == "U:".$this->dn){
541 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
542 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$this->dn,$attrs['dn']));
543 }
544 }
545 }
546 $acl -> save();
547 }
549 /* Remove ACL dependencies too,
550 */
551 $tmp = new acl($this->config,$this->parent,$this->dn);
552 $tmp->remove_acl();
554 /* Send signal to the world that we've done */
555 $this->handle_post_events("remove");
556 }
559 /* Save data to object */
560 function save_object()
561 {
562 /* Save additional values for possible next step */
563 if (isset($_POST['groupedit'])){
565 /* Create a base backup and reset the
566 base directly after calling plugin::save_object();
567 Base will be set seperatly a few lines below */
568 $base_tmp = $this->base;
569 plugin::save_object();
570 $this->base = $base_tmp;
572 $this->force_gid= 0;
574 /* Only reset sambagroup flag if we are able to write this flag */
575 if($this->acl_is_writeable("sambaGroupType")){
576 $this->smbgroup = 0;
577 }
579 /* Get base selection */
580 if(isset($_POST['base'])){
581 $tmp = $this->get_allowed_bases();
582 if(isset($tmp[$_POST['base']])){
583 $this->base = $_POST['base'];
584 }
585 }
587 foreach (array(
588 "force_gid" => "gidNumber",
589 "smbgroup" => "sambaGroupType") as $val => $aclname) {
590 if ($this->acl_is_writeable($aclname) && isset($_POST["$val"])){
591 $this->$val= $_POST["$val"];
592 }
593 }
595 /* Save sambaDomain attribute */
596 if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
597 $this->sambaDomainName= $_POST['sambaDomainName'];
598 $this->groupType= $_POST['groupType'];
599 }
601 /* Save fon attribute */
602 if ($this->acl_is_writeable("fon_group")){
603 if (isset ($_POST['fon_group'])){
604 $this->fon_group= TRUE;
605 } else {
606 $this->fon_group= FALSE;
607 }
608 }
609 if ($this->acl_is_writeable("nagios_group")){
610 if (isset ($_POST['nagios_group'])){
611 $this->nagios_group= TRUE;
612 } else {
613 $this->nagios_group= FALSE;
614 }
615 }
616 }
617 }
620 /* Save to LDAP */
621 function save()
622 {
624 /* ID handling */
625 if ($this->force_gid == 0){
626 if ($this->saved_gidNumber != ""){
627 $this->gidNumber= $this->saved_gidNumber;
628 } else {
629 /* Calculate new, lock uids */
630 $wait= 10;
631 while (get_lock("uidnumber") != ""){
632 sleep (1);
634 /* timed out? */
635 if ($wait-- == 0){
636 break;
637 }
638 }
639 add_lock ("uidnumber", "gosa");
640 $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
641 }
642 }
644 plugin::save();
646 /* Remove objectClass for samba/phone support */
647 $tmp= array();
648 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
649 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
650 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
651 $this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
652 $this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
653 $tmp[]= $this->attrs['objectClass'][$i];
654 }
655 }
656 $this->attrs['objectClass']= $tmp;
657 $ldap= $this->config->get_ldap_link();
659 /* Add samba group functionality */
660 if ($this->samba3 && $this->smbgroup){
662 /* Fixed undefined index ...
663 */
664 $this->SID = $this->ridBase = "";
665 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
666 $this->SID = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
667 }else{
668 print_red(sprintf(_("No configured SID found for '%s'."),$this->sambaDomainName));
669 }
670 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'])){
671 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
672 }else{
673 print_red(sprintf(_("No configured RIDBASE found for '%s'."),$this->sambaDomainName));
674 }
676 $this->attrs['objectClass'][]= 'sambaGroupMapping';
677 $this->attrs['sambaGroupType']= "2";
679 /* Check if we need to create a special entry */
680 if ($this->groupType == 0){
682 if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
683 $gidNumber= $this->gidNumber;
684 while(TRUE){
685 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
686 $ldap->cd($this->config->current['BASE']);
687 $ldap->search("(sambaSID=$sid)",array("sambaSID"));
688 if ($ldap->count() == 0){
689 break;
690 }
691 $gidNumber++;
692 }
693 $this->attrs['sambaSID']= $sid;
694 $this->sambaSID= $sid;
695 }
697 } else {
698 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
699 }
701 /* User wants me to fake the idMappings? This is useful for
702 making winbind resolve the group names in a reasonable amount
703 of time in combination with larger databases. */
704 if (isset($this->config->current['SAMBAIDMAPPING']) &&
705 preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
706 $this->attrs['objectClass'][]= "sambaIdmapEntry";
707 }
709 }
711 /* Add phone functionality */
712 if ($this->fon_group){
713 $this->attrs['objectClass'][]= "goFonPickupGroup";
714 }
716 /* Add nagios functionality */
717 if ($this->nagios_group){
718 $this->attrs['objectClass'][]= "nagiosContactGroup";
719 }
721 /* Take members array */
722 if (count ($this->memberUid)){
723 $this->attrs['memberUid']= array_unique($this->memberUid);
724 }
726 /* New accounts need proper 'dn', propagate it to remaining objects */
727 if ($this->dn == 'new'){
728 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
729 }
731 /* Add member dn's for RFC2307bis Support */
732 if ($this->rfc2307bis){
733 if (count($this->memberUid)){
734 $this->attrs['member'] = array();
735 foreach($this->attrs['memberUid'] as $uid) {
736 $this->attrs['member'][]= $this->dnMapping[$uid];
737 }
738 } else {
739 $this->attrs['member'][]= $this->dn;
740 }
741 }
743 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
744 new entries. So do a check first... */
745 $ldap->cat ($this->dn, array('dn'));
746 if ($ldap->fetch()){
747 /* Modify needs array() to remove values :-( */
748 if (!count ($this->memberUid)){
749 $this->attrs['memberUid']= array();
750 }
751 if ($this->samba3){
752 if (!$this->smbgroup){
753 $this->attrs['sambaGroupType']= array();
754 $this->attrs['sambaSID']= array();
755 }
756 }
757 $mode= "modify";
758 } else {
759 $mode= "add";
760 $ldap->cd($this->config->current['BASE']);
761 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
762 }
764 /* Write back to ldap */
765 $ldap->cd($this->dn);
766 $this->cleanup();
767 $ldap->$mode($this->attrs);
769 /* Remove ACL dependencies too,
770 */
771 if($this->dn != $this->orig_dn && $this->orig_dn != "new"){
772 $tmp = new acl($this->config,$this->parent,$this->dn);
773 $tmp->update_acl_membership($this->orig_dn,$this->dn);
774 }
776 if($this->initially_was_account){
777 new log("modify","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
778 }else{
779 new log("create","groups/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
780 }
782 $ret= 0;
783 if ( show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn))){
784 $ret= 1;
785 }
787 /* Remove uid lock */
788 del_lock ("uidnumber");
790 /* Post that we've done*/
791 $this->handle_post_events($mode);
793 return ($ret);
794 }
796 function check()
797 {
798 /* Call common method to give check the hook */
799 $message= plugin::check();
801 /* Permissions for that base? */
802 if ($this->base != ""){
803 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
804 } else {
805 $new_dn= $this->dn;
806 }
808 /* must: cn */
809 if ($this->cn == "" && $this->acl_is_writeable("cn")){
810 $message[]= "The required field 'Name' is not set.";
811 }
813 /* Check for valid input */
814 if (!is_uid($this->cn)){
815 $message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
816 }
818 if($this->allowGroupsWithSameNameInOtherSubtrees == true){
820 /* Check for used 'cn' */
821 $ldap= $this->config->get_ldap_link();
822 if(($this->cn != $this->orig_cn) || ($this->orig_dn == "new")){
823 $ldap->cd(get_groups_ou().$this->base);
824 $ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
825 if ($ldap->count() != 0){
826 $message[]= _("Value specified as 'Name' is already used.");
827 }
828 }
830 }else{
832 /* Check for used 'cn' */
833 $ldap= $this->config->get_ldap_link();
834 $ldap->cd($this->config->current['BASE']);
835 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
836 if ($ldap->count() != 0){
838 /* New entry? */
839 if ($this->dn == 'new'){
840 $message[]= _("Value specified as 'Name' is already used.");
841 }
843 /* Moved? */
844 elseif ($new_dn != $this->orig_dn){
845 $ldap->fetch();
846 if ($ldap->getDN() != $this->orig_dn){
847 $message[]= _("Value specified as 'Name' is already used.");
848 }
849 }
850 }
851 }
853 /* Check ID */
854 if ($this->force_gid == "1"){
855 if (!is_id($this->gidNumber)){
856 $message[]= _("Value specified as 'GID' is not valid.");
857 } else {
858 if ($this->gidNumber < $this->config->current['MINID']){
859 $message[]= _("Value specified as 'GID' is too small.");
860 }
862 }
863 }
865 return ($message);
866 }
868 function get_next_id($attrib, $dn)
869 {
870 $ids= array();
871 $ldap= $this->config->get_ldap_link();
873 $ldap->cd ($this->config->current['BASE']);
874 if (preg_match('/gidNumber/i', $attrib)){
875 $oc= "posixGroup";
876 } else {
877 $oc= "posixAccount";
878 }
879 $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
881 /* Get list of ids */
882 while ($attrs= $ldap->fetch()){
883 $ids[]= (int)$attrs["$attrib"][0];
884 }
886 /* Find out next free id near to UID_BASE */
887 if (!isset($this->config->current['BASE_HOOK'])){
888 $base= $this->config->current['UIDBASE'];
889 } else {
890 /* Call base hook */
891 $base= get_base_from_hook($dn, $attrib);
892 }
893 for ($id= $base; $id++; $id < pow(2,32)){
894 if (!in_array($id, $ids)){
895 return ($id);
896 }
897 }
899 /* Check if id reached maximum */
900 if ($id >= pow(2,32)){
901 print_red(_("Too many users, can't allocate a free ID!"));
902 exit;
903 }
904 }
906 function getCopyDialog()
907 {
908 $vars = array("cn");
910 if($this ->force_gid){
911 $used = " checked ";
912 $dis = "";
913 }else{
914 $used = "";
915 $dis = " disabled ";
916 }
918 $smarty = get_smarty();
919 $smarty->assign("used",$used);
920 $smarty->assign("dis" ,$dis);
921 $smarty->assign("cn" ,$this->cn);
922 $smarty->assign("gidNumber",$this->gidNumber);
923 $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
924 $ret = array();
925 $ret['string'] = $str;
926 $ret['status'] = "";
927 return($ret);
928 }
930 function saveCopyDialog()
931 {
932 if(isset($_POST['cn'])){
933 $this->cn = $_POST['cn'];
934 }
935 if(isset($_POST['force_gid'])){
936 $this->force_gid = 1;
937 $this->gidNumber= $_POST['gidNumber'];
938 }else{
939 $this->force_gid = 0;
940 $this->gidNumber = false;
941 }
942 }
945 /* Return plugin informations for acl handling */
946 static function plInfo()
947 {
948 return (array(
949 "plShortName" => _("Generic"),
950 "plDescription" => _("Generic group settings"),
951 "plSelfModify" => FALSE,
952 "plDepends" => array(),
953 "plPriority" => 0,
954 "plSection" => array("admin"),
955 "plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
957 "plProvidedAcls" => array(
958 "cn" => _("Name"),
959 "base" => _("Base"),
960 "description" => _("Description"),
962 "fonGroup" => _("Phone pickup group"),
963 "nagiosGroup" => _("Nagios group"),
965 "gidNumber" => _("GID"),
966 "memberUid" => _("Group member"),
967 "sambaGroupType" => _("Samba group type"),
968 "sambaDomainName" => _("Samba domain name"),
969 "sambaSID" => _("Samba SID"))
970 ));
971 }
972 }
974 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
975 ?>