1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
25 class Step_Migrate extends setup_step
26 {
27 var $header_image = "images/setup/migrate.png";
28 var $checks = array();
30 /* Create Acl attributes */
31 var $acl_create_dialog = FALSE;
32 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
33 var $acl_create_changes = ""; // Contains ldif information about changes
34 var $acl_create_confirmed= FALSE;
36 /* Checks initialised ? */
37 var $checks_initialised = FALSE;
39 /* Root object classes */
40 var $rootOC_migrate_dialog = FALSE;
41 var $rootOC_details = array();
42 var $b_displayCheckbutton = TRUE;
44 function Step_Migrate()
45 {
46 $this->update_strings();
47 }
49 function update_strings()
50 {
51 $this->s_title = _("LDAP inspection");
52 $this->s_title_long = _("LDAP inspection");
53 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
54 }
56 function initialize_checks()
57 {
58 $this->checks = array();
59 $this->checks['root']['TITLE'] = _("Checking for root object");
60 $this->checks['root']['STATUS'] = FALSE;
61 $this->checks['root']['STATUS_MSG']= "";
62 $this->checks['root']['ERROR_MSG'] = "";
63 $this->checkBase();
65 $this->checks['rootOC']['TITLE'] = _("Inspecting object classes in root object");
66 $this->checks['rootOC']['STATUS'] = FALSE;
67 $this->checks['rootOC']['STATUS_MSG']= "";
68 $this->checks['rootOC']['ERROR_MSG'] = "";
69 $this->checkBaseOC();
71 $this->checks['permissions']['TITLE'] = _("Checking permission for LDAP database");
72 $this->checks['permissions']['STATUS'] = FALSE;
73 $this->checks['permissions']['STATUS_MSG']= "";
74 $this->checks['permissions']['ERROR_MSG'] = "";
75 $this->check_ldap_permissions();
77 $this->migrate_users = array();
78 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
79 $this->checks['acls']['STATUS'] = FALSE;
80 $this->checks['acls']['STATUS_MSG']= "";
81 $this->checks['acls']['ERROR_MSG'] = "";
82 $this->check_administrativeAccount();
83 }
86 /* Check ldap accessibility
87 * Create and remove a dummy object,
88 * to ensure that we have the necessary permissions
89 */
90 function check_ldap_permissions()
91 {
92 /* Establish ldap connection */
93 $cv = $this->parent->captured_values;
94 $ldap_l = new LDAP($cv['admin'],
95 $cv['password'],
96 $cv['connection'],
97 FALSE,
98 $cv['tls']);
100 $ldap = new ldapMultiplexer($ldap_l);
102 /* Create dummy entry
103 */
104 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
105 $dn = "ou=".$name.",".$cv['base'];
106 $testEntry= array();
107 $testEntry['objectClass'][]= "top";
108 $testEntry['objectClass'][]= "organizationalUnit";
109 $testEntry['objectClass'][]= "gosaDepartment";
110 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
111 $testEntry['ou'] = $name;
113 /* check if simple ldap cat will be successful
114 */
115 $res = $ldap->cat($cv['base']);
116 if(!$res){
117 $this->checks['permissions']['STATUS'] = FALSE;
118 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
119 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
120 return(false);
121 }
123 /* Try to create dummy object
124 */
125 $ldap->cd ($dn);
126 $res = $ldap->add($testEntry);
127 $ldap->cat($dn);
128 if(!$ldap->count()){
129 new log("view","setup/".get_class($this),$dn,array(),$ldap->get_error());
131 $this->checks['permissions']['STATUS'] = FALSE;
132 $this->checks['permissions']['STATUS_MSG']= _("Failed");
133 $this->checks['permissions']['ERROR_MSG'] =
134 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
135 return(false);
136 }
138 /* Try to remove created entry
139 */
140 $res = $ldap->rmDir($dn);
141 $ldap->cat($dn);
142 if($ldap->count()){
143 new log("view","setup/".get_class($this),$dn,array(),$ldap->get_error());
144 $this->checks['permissions']['STATUS'] = FALSE;
145 $this->checks['permissions']['STATUS_MSG']= _("Failed");
146 $this->checks['permissions']['ERROR_MSG'] =
147 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
148 return(false);
149 }
151 /* Create & remove of dummy object was successful */
152 $this->checks['permissions']['STATUS'] = TRUE;
153 $this->checks['permissions']['STATUS_MSG']= _("Ok");
154 $this->checks['permissions']['ERROR_MSG'] = "";
155 return(true);
156 }
161 /* Check Acls if there is at least one object with acls defined
162 */
163 function check_administrativeAccount()
164 {
165 /* Reset settings
166 */
167 $GOsa_26_found = FALSE;
168 $this->migrate_users = array();
169 $this->acl_migrate_dialog = FALSE;
170 $this->migrate_acl_base_entry = "";
172 /* Establish ldap connection */
173 $cv = $this->parent->captured_values;
174 $ldap_l = new LDAP($cv['admin'],
175 $cv['password'],
176 $cv['connection'],
177 FALSE,
178 $cv['tls']);
180 $ldap = new ldapMultiplexer($ldap_l);
181 $ldap->cd($cv['base']);
182 $res = $ldap->cat($cv['base']);
184 if(!$res){
185 $this->checks['acls']['STATUS'] = FALSE;
186 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
187 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
188 }else{
189 $GOsa_26_found = false; // GOsa 2.6 Account found
191 $username = "";
192 $attrs = $ldap->fetch();
194 /* Collect a list of available GOsa users and groups
195 */
196 $users = array();
197 $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)".
198 "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn"));
199 while($user_attrs = $ldap->fetch()){
200 $users[$user_attrs['dn']] = $user_attrs['uid'][0];
201 $rusers[$user_attrs['uid'][0]] = $user_attrs['dn'];
202 }
203 $groups = array();
204 $ldap->search("objectClass=posixGroup",array("cn","dn"));
205 while($group_attrs = $ldap->fetch()){
206 $groups[$group_attrs['dn']] = $group_attrs['cn'][0];
207 }
209 /* Check if a valid GOsa 2.6 admin exists
210 -> gosaAclEntry for an existing and accessible user.
211 */
212 $valid_users = "";
213 $valid_groups = "";
214 if(isset($attrs['gosaAclEntry'])){
215 $acls = $attrs['gosaAclEntry'];
216 for($i = 0 ; $i < $acls['count'] ; $i++){
217 $acl = $acls[$i];
218 $tmp = explode(":",$acl);
220 if($tmp[1] == "psub"){
221 $members = explode(",",$tmp[2]);
222 foreach($members as $member){
223 $member = base64_decode($member);
224 if(isset($users[$member])){
225 if(preg_match("/all\/all;cmdrw/i",$tmp[3])){
226 $valid_users .= $users[$member].", ";
227 $GOsa_26_found = TRUE;
228 }
229 }
230 if(isset($groups[$member])){
231 if(preg_match("/all\/all;cmdrw/i",$tmp[3])){
232 $ldap->cat($member);
233 $group_attrs = $ldap->fetch();
234 $val_users = "";
235 if(isset($group_attrs['memberUid'])){
236 for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){
237 if(isset($rusers[$group_attrs['memberUid'][$e]])){
238 $val_users .= $group_attrs['memberUid'][$e].", ";
239 }
240 }
241 }
242 if(!empty($val_users)){
243 $valid_groups .= $groups[$member]."(<i>".trim($val_users,", ")."</i>), ";
244 $GOsa_26_found = TRUE;
245 }
246 }
247 }
248 }
249 }elseif($tmp[1] == "role"){
251 /* Check if acl owner is a valid GOsa user account */
252 $ldap->cat(base64_decode($tmp[2]),array("gosaAclTemplate"));
253 $ret = $ldap->fetch();
255 if(isset($ret['gosaAclTemplate'])){
256 $cnt = $ret['gosaAclTemplate']['count'];
257 for($e = 0 ; $e < $cnt ; $e++){
259 $a_str = $ret['gosaAclTemplate'][$e];
260 if(preg_match("/^[0-9]*:psub:/",$a_str) && preg_match("/:all\/all;cmdrw$/",$a_str)){
262 $members = explode(",",$tmp[3]);
263 foreach($members as $member){
264 $member = base64_decode($member);
266 if(isset($users[$member])){
267 $valid_users .= $users[$member].", ";
268 $GOsa_26_found = TRUE;
269 }
270 if(isset($groups[$member])){
271 $ldap->cat($member);
272 $group_attrs = $ldap->fetch();
273 $val_users = "";
274 if(isset($group_attrs['memberUid'])){
275 for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){
276 if(isset($rusers[$group_attrs['memberUid'][$e]])){
277 $val_users .= $group_attrs['memberUid'][$e].", ";
278 }
279 }
280 }
281 if(!empty($val_users)){
282 $valid_groups .= $groups[$member]."(<i>".trim($val_users,", ")."</i>), ";
283 $GOsa_26_found = TRUE;
284 }
285 }
286 }
287 }
288 }
289 }
290 }
291 }
292 }
294 if($GOsa_26_found){
295 $str = "";
296 if(!empty($valid_users)){
297 $str.= "<b>"._("Users")."</b>: ".trim($valid_users,", ")."<br>";
298 }
299 if(!empty($valid_groups)){
300 $str.= "<b>"._("Groups")."</b>: ".trim($valid_groups,", ")."<br>";
301 }
302 $this->checks['acls']['STATUS'] = TRUE;
303 $this->checks['acls']['STATUS_MSG']= _("Ok");
304 $this->checks['acls']['ERROR_MSG'] = $str;
305 }else{
306 $this->checks['acls']['STATUS'] = FALSE;
307 $this->checks['acls']['STATUS_MSG']= _("Failed");
308 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
309 $this->checks['acls']['ERROR_MSG'].= "<button type='submit' name='create_acls'>"._("Create")."</button>";
310 }
311 }
313 // Reload base OC
314 $this->checkBaseOC();
315 return($GOsa_26_found);
316 }
320 function create_admin($only_ldif = FALSE)
321 {
322 /* Reset '' */
323 $this->acl_create_changes="";
325 /* Object that should receive admin acls */
326 $dn = $this->acl_create_selected;
328 /* Get collected configuration settings */
329 $cv = $this->parent->captured_values;
331 /* On first call check for rid/sid base */
332 $ldap_l = new LDAP($cv['admin'],
333 $cv['password'],
334 $cv['connection'],
335 FALSE,
336 $cv['tls']);
338 $ldap = new ldapMultiplexer($ldap_l);
340 /* Get current base attributes */
341 $ldap->cd($cv['base']);
342 $ldap->cat($cv['base'],array("dn","objectClass","gosaAclEntry"));
343 $attrs = $ldap->fetch();
345 /* Add acls for the selcted user to the base */
346 $attrs_new = array();
347 $attrs_new['objectClass'] = array("gosaACL");
349 for($i = 0; $i < $attrs['objectClass']['count']; $i ++){
350 if(!in_array_ics($attrs['objectClass'][$i],$attrs_new['objectClass'])){
351 $attrs_new['objectClass'][] = $attrs['objectClass'][$i];
352 }
353 }
355 $acl = "0:psub:".base64_encode($dn).":all/all;cmdrw";
356 $attrs_new['gosaAclEntry'][] = $acl;
357 if(isset($attrs['gosaAclEntry'])){
358 for($i = 0 ; $i < $attrs['gosaAclEntry']['count']; $i ++){
360 $prio = preg_replace("/[:].*$/","",$attrs['gosaAclEntry'][$i]);
361 $rest = preg_replace("/^[^:]/","",$attrs['gosaAclEntry'][$i]);
363 $data = ($prio+1).$rest;
364 $attrs_new['gosaAclEntry'][] = $data;
365 }
366 }
368 if($only_ldif){
369 $this->acl_create_changes ="\n".($ldap->fix($cv['base']))."\n";
370 $this->acl_create_changes.=$this->array_to_ldif($attrs)."\n";
371 $this->acl_create_changes.="\n".($ldap->fix($cv['base']))."\n";
372 $this->acl_create_changes.=$this->array_to_ldif($attrs_new);
373 }else{
375 $ldap->cd($cv['base']);
376 if(!$ldap->modify($attrs_new)){
377 msg_dialog::display(_("Migration error"), sprintf(_("Cannot add ACL for user '%s':")."<br><br><i>%s</i>", LDAP::fix($dn), $ldap->get_error()), ERROR_DIALOG);
378 return(FALSE);
379 }else{
380 return(TRUE);
381 }
382 }
383 }
386 function create_admin_user()
387 {
388 $pw1 = $pw2 = "";
389 $uid = "";
391 /* On first call check for rid/sid base */
392 $cv = $this->parent->captured_values;
393 $ldap_l = new LDAP($cv['admin'],
394 $cv['password'],
395 $cv['connection'],
396 FALSE,
397 $cv['tls']);
399 $ldap = new ldapMultiplexer($ldap_l);
401 if(isset($_POST['new_user_uid'])){
402 $uid = $_POST['new_user_uid'];
403 }
404 if(isset($_POST['new_user_password'])){
405 $pw1 = $_POST['new_user_password'];
406 }
407 if(isset($_POST['new_user_password2'])){
408 $pw2 = $_POST['new_user_password2'];
409 }
412 $ldap->cd($cv['base']);
413 $ldap->search("(uid=".$uid.")");
414 if($ldap->count()){
415 msg_dialog::display(_("Input error"),msgPool::duplicated(_("Uid")), ERROR_DIALOG);
416 return false;
417 }
419 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
420 msg_dialog::display(_("Password error"), _("Provided passwords do not match!"), ERROR_DIALOG);
421 return false;
422 }
424 if(!tests::is_uid($uid) || empty($uid)){
425 msg_dialog::display(_("Input error"), _("Specify a valid user ID!"), ERROR_DIALOG);
426 return false;
427 }
430 /* Get current base attributes */
431 $ldap->cd($cv['base']);
433 $people_ou = "ou=people,"; // Thats the property default.
434 $dn = "cn=System Administrator-".$uid.",".$people_ou.$cv['base'];
436 $hash = $hash = passwordMethod::make_hash($pw2, 'crypt/md5');
438 $new_user=array();
439 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
440 $new_user['givenName'] = "System";
441 $new_user['sn'] = "Administrator";
442 $new_user['cn'] = "System Administrator-".$uid;
443 $new_user['uid'] = $uid;
444 $new_user['userPassword'] = $hash;
446 $ldap->cd($cv['base']);
448 $ldap->cat($dn,array("dn"));
449 if($ldap->count()){
450 msg_dialog::display(_("Error"), sprintf(_("Adding an administrative user failed: object '%s' already exists!"), LDAP::fix($dn)), ERROR_DIALOG);
451 return(FALSE);
452 }
454 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
455 $ldap->cd($dn);
456 $res = $ldap->add($new_user);
457 $this->acl_create_selected = $dn;
458 $this->create_admin();
460 if(!$res){
461 msg_dialog::display(_("LDAP error"), $ldap->get_error(), ERROR_DIALOG);
462 return(FALSE);
463 }
465 $this->acl_create_dialog=FALSE;
466 $this->check_administrativeAccount();
467 return(TRUE);
468 }
471 function execute()
472 {
473 /* Initialise checks if this is the first call */
474 if(!$this->checks_initialised || isset($_POST['test'])){
475 $this->initialize_checks();
476 $this->checks_initialised = TRUE;
477 }
480 /*************
481 * Root object check
482 *************/
484 if(isset($_POST['retry_root_create'])){
486 $state = $this->checks['root']['STATUS'];
487 $this->checkBase(FALSE);
488 if($state != $this->checks['root']['STATUS']){
489 $this->initialize_checks();
490 }
491 }
493 /*************
494 * Root object class check
495 *************/
497 if(isset($_POST['root_add_objectclasses'])){
498 $this->rootOC_migrate_dialog = TRUE;
499 $this->dialog = TRUE;
500 }
501 if(isset($_POST['rootOC_dialog_cancel'])){
502 $this->rootOC_migrate_dialog = FALSE;
503 $this->dialog = FALSE;
504 }
505 if(isset($_POST['rootOC_migrate_start'])){
506 if($this->checkBaseOC(FALSE)){
507 $this->checkBaseOC(); // Update overview info
508 $this->dialog = FALSE;
509 $this->rootOC_migrate_dialog = FALSE;
510 }
511 }
512 if($this->rootOC_migrate_dialog){
513 $smarty = get_smarty();
514 $smarty->assign("details",$this->rootOC_details);
515 $smarty->assign("method","rootOC_migrate_dialog");
516 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
517 }
519 /*************
520 * Administrative Account -- Migrate/Create
521 *************/
523 if(isset($_POST['retry_acls'])){
524 $this->check_administrativeAccount();
525 }
527 /* Dialog handling */
528 if(isset($_POST['create_acls'])){
529 $this->acl_create_dialog = TRUE;
530 $this->dialog = TRUE;
531 }
533 if(isset($_POST['migrate_acls'])){
534 $this->acl_migrate_dialog = TRUE;
535 $this->dialog = TRUE;
536 }
538 if(isset($_POST['create_acls_cancel']) || isset($_POST['migrate_acls_cancel'])){
539 $this->acl_create_dialog = FALSE;
540 $this->acl_migrate_dialog = FALSE;
541 $this->dialog = FALSE;
542 $this->show_details = FALSE;
543 }
545 /* Account creation */
546 if(isset($_POST['create_acls_create'])){
547 $this->create_admin(TRUE);
548 }
550 if(isset($_POST['create_admin_user'])){
551 if($this->create_admin_user()){
552 $this->dialog = FALSE;
553 $this->show_details = FALSE;
554 }
555 }
557 /* Add admin acls for the selected users to the ldap base.
558 */
559 if($this->acl_migrate_dialog && isset($_POST['migrate_admin_user'])){
561 /* Update ldap and reload check infos
562 */
563 $this->migrate_selected_admin_users();
564 $this->dialog = FALSE;
565 $this->acl_migrate_dialog = FALSE;
567 }elseif($this->acl_migrate_dialog){
569 /* Display admin migration dialog.
570 */
571 $this->migrate_users();
572 $smarty = get_smarty();
574 /* Do we have to display the changes
575 */
576 $details = isset($_POST['details']) && $_POST['details'];
577 if(isset($_POST['migrate_acls_show_changes'])){
578 $details = TRUE;
579 }elseif(isset($_POST['migrate_acls_hide_changes'])){
580 $details = FALSE;
581 }
583 $smarty->assign("migrate_acl_base_entry", $this->migrate_acl_base_entry);
584 $smarty->assign("details", $details);
585 $smarty->assign("method","migrate_acls");
586 $smarty->assign("migrateable_users",$this->migrate_users);
587 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
588 }
590 if($this->acl_create_dialog){
591 $smarty = get_smarty();
592 $uid = "admin";
593 if(isset($_POST['new_user_uid'])){
594 $uid = $_POST['new_user_uid'];
595 }
596 $smarty->assign("new_user_uid",$uid);
597 $smarty->assign("new_user_password",@$_POST['new_user_password']);
598 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
599 $smarty->assign("method","create_acls");
600 $smarty->assign("acl_create_selected",$this->acl_create_selected);
601 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
602 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
603 }
606 $smarty = get_smarty();
607 $smarty->assign("checks",$this->checks);
608 $smarty->assign("method","default");
609 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
610 }
613 function save_object()
614 {
615 $this->is_completed= TRUE;
618 /* Get "create acl" dialog posts */
619 if($this->acl_create_dialog){
621 if(isset($_POST['create_acls_create_abort'])){
622 $this->acl_create_selected = "";
623 }
624 }
626 }
629 /* Check if the root object exists.
630 * If the parameter just_check is true, then just check if the
631 * root object is missing and update the info messages.
632 * If the Parameter is false, try to create a new root object.
633 */
634 function checkBase($just_check = TRUE)
635 {
636 /* Establish ldap connection */
637 $cv = $this->parent->captured_values;
638 $ldap_l = new LDAP($cv['admin'],
639 $cv['password'],
640 $cv['connection'],
641 FALSE,
642 $cv['tls']);
644 $ldap = new ldapMultiplexer($ldap_l);
646 /* Check if root object exists */
647 $ldap->cd($cv['base']);
648 $ldap->set_size_limit(1);
649 $res = $ldap->search("(objectClass=*)");
650 $ldap->set_size_limit(0);
651 $err = ldap_errno($ldap->cid);
653 if( !$res ||
654 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
655 $err == 0x40) { # LDAP_NAMING_VIOLATION
657 /* Root object doesn't exists
658 */
659 if($just_check){
660 $this->checks['root']['STATUS'] = FALSE;
661 $this->checks['root']['STATUS_MSG']= _("Failed");
662 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
663 $this->checks['root']['ERROR_MSG'].= "<button type='submit' name='retry_root_create'>"._("Try to create root object")."</button>";
664 return(FALSE);
665 }else{
667 /* Add root object */
668 $ldap->cd($cv['base']);
669 $res = $ldap->create_missing_trees($cv['base']);
671 /* If adding failed, tell the user */
672 if(!$res){
673 $this->checks['root']['STATUS'] = FALSE;
674 $this->checks['root']['STATUS_MSG']= _("Failed");
675 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
676 $this->checks['root']['ERROR_MSG'].= " <button type='submit' name='retry_root_create'>"._("Try to create root object")."</button>";
677 return($res);;
678 }
679 }
680 }
682 /* Create & remove of dummy object was successful */
683 $this->checks['root']['STATUS'] = TRUE;
684 $this->checks['root']['STATUS_MSG']= _("Ok");
685 }
688 /* Check if the root object includes the required object classes, e.g. gosaDepartment is required for ACLs.
689 * If the parameter just_check is true, then just check for the OCs.
690 * If the Parameter is false, try to add the required object classes.
691 */
692 function checkBaseOC($just_check = TRUE)
693 {
694 /* Establish ldap connection */
695 $cv = $this->parent->captured_values;
696 $ldap_l = new LDAP($cv['admin'],
697 $cv['password'],
698 $cv['connection'],
699 FALSE,
700 $cv['tls']);
702 $ldap = new ldapMultiplexer($ldap_l);
704 /* Check if root object exists */
705 $ldap->cd($cv['base']);
706 $ldap->cat($cv['base']);
707 if(!$ldap->count()){
708 $this->checks['rootOC']['STATUS'] = FALSE;
709 $this->checks['rootOC']['STATUS_MSG']= _("LDAP query failed");
710 $this->checks['rootOC']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
711 return;
712 }
714 $attrs = $ldap->fetch();
716 /* Root object doesn't exists
717 */
718 if(!in_array("gosaDepartment",$attrs['objectClass'])){
719 if($just_check){
721 $this->rootOC_details = array();
722 $mods = array();
724 /* Get list of possible container objects, to be able to detect naming
725 * attributes and missing attribute types.
726 */
727 if(!class_available("departmentManagement")){
728 $this->checks['rootOC']['STATUS'] = FALSE;
729 $this->checks['rootOC']['STATUS_MSG']= _("Failed");
730 $this->checks['rootOC']['ERROR_MSG'] = sprintf(_("Missing GOsa object class '%s'!"),"departmentManagement").
731 " "._("Please check your installation.");
732 return;
733 }
735 /* Try to detect base class type, e.g. is it a dcObject.
736 */
737 $dep_types = departmentManagement::get_support_departments();
738 $dep_type ="";
739 foreach($dep_types as $dep_name => $dep_class){
740 if(in_array($dep_class['CLASS'], $attrs['objectClass'])){
741 $dep_type = $dep_name;
742 break;
743 }
744 }
746 /* If no known base class was detect, abort with message
747 */
748 if(empty($dep_type)){
749 $this->checks['rootOC']['STATUS'] = FALSE;
750 $this->checks['rootOC']['STATUS_MSG']= _("Failed");
751 $this->checks['rootOC']['ERROR_MSG'] =
752 sprintf(_("Cannot handle the structural object type of your root object. Please try to add the object class '%s' manually."),"gosaDepartment");
753 return;
754 }
756 /* Create 'current' and 'target' object properties, to be able to display
757 * a set of modifications required to create a valid GOsa department.
758 */
759 $str = "dn: ".$cv['base']."\n";
760 for($i = 0 ; $i<$attrs['objectClass']['count'];$i++){
761 $str .= "objectClass: ".$attrs['objectClass'][$i]."\n";
762 }
763 $this->rootOC_details['current'] = $str;
765 /* Create target infos
766 */
767 $str = "dn: ".$cv['base']."\n";
768 for($i = 0 ; $i<$attrs['objectClass']['count'];$i++){
769 $str .= "objectClass: ".$attrs['objectClass'][$i]."\n";
770 $mods['objectClass'][] = $attrs['objectClass'][$i];
771 }
772 $mods['objectClass'][] = "gosaDepartment";
773 $str .= "<b>objectClass: gosaDepartment</b>\n";
775 /* Append attribute 'ou', it is required by gosaDepartment
776 */
777 if(!isset($attrs['ou'])){
778 $val = "GOsa";
779 if(isset($attrs[$dep_types[$dep_type]['ATTR']][0])){
780 $val = $attrs[$dep_types[$dep_type]['ATTR']][0];
781 }
782 $str .= "<b>ou: ".$val."</b>\n";
783 $mods['ou'] =$val;
784 }
786 /*Append description, it is required by gosaDepartment too.
787 */
788 if(!isset($attrs['description'])){
789 $val = "GOsa";
790 if(isset($attrs[$dep_types[$dep_type]['ATTR']][0])){
791 $val = $attrs[$dep_types[$dep_type]['ATTR']][0];
792 }
793 $str .= "<b>description: ".$val."</b>\n";
794 $mods['description'] = $val;
795 }
796 $this->rootOC_details['target'] = $str;
797 $this->rootOC_details['mods'] = $mods;
799 /* Add button that allows to open the migration details
800 */
801 $this->checks['rootOC']['STATUS'] = FALSE;
802 $this->checks['rootOC']['STATUS_MSG']= _("Failed");
803 $this->checks['rootOC']['ERROR_MSG'] = " <button type='submit'
804 name='root_add_objectclasses'>"._("Migrate")."</button>";
806 return(FALSE);
807 }else{
809 /* Add root object */
810 $ldap->cd($cv['base']);
811 if(isset($this->rootOC_details['mods'])){
812 $res = $ldap->modify($this->rootOC_details['mods']);
813 if(!$res){
814 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $cv['base'], LDAP_MOD, get_class()));
815 }
816 $this->checkBaseOC();
817 $this->check_administrativeAccount();
818 return($res);
819 }else{
820 trigger_error("No modifications to make... ");
821 }
822 }
823 return(TRUE);
824 }
826 /* Create & remove of dummy object was successful */
827 $this->checks['rootOC']['STATUS'] = TRUE;
828 $this->checks['rootOC']['STATUS_MSG']= _("Ok");
829 $this->checks['rootOC']['ERROR_MSG'] = "";
830 }
833 /* Return ldif information for a
834 * given attribute array
835 */
836 function array_to_ldif($atts)
837 {
838 $ret = "";
839 unset($atts['count']);
840 unset($atts['dn']);
841 foreach($atts as $name => $value){
842 if(is_numeric($name)) {
843 continue;
844 }
845 if(is_array($value)){
846 unset($value['count']);
847 foreach($value as $a_val){
848 $ret .= $name.": ". $a_val."\n";
849 }
850 }else{
851 $ret .= $name.": ". $value."\n";
852 }
853 }
854 return(preg_replace("/\n$/","",$ret));
855 }
858 }
859 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
860 ?>