1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/monitoring.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
62 var $show_details = FALSE;
64 /* Department migration attributes */
65 var $users_migration_dialog= FALSE;
66 var $users_to_migrate = array();
68 /* Create Acl attributes */
69 var $acl_create_dialog = FALSE;
70 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
71 var $acl_create_changes = ""; // Contains ldif information about changes
72 var $acl_create_confirmed= FALSE;
74 /* Checks initialised ? */
75 var $checks_initialised = FALSE;
77 /* Users outside to people ou */
78 var $outside_users = array();
79 var $outside_users_dialog = FALSE;
81 /* Users outside to groups ou */
82 var $outside_groups = array();
83 var $outside_groups_dialog = FALSE;
85 /* Win-Workstations outside to reserved ou */
86 var $outside_winstations = array();
87 var $outside_winstations_dialog = FALSE;
89 /* check for multiple use of same uidNumber */
90 var $check_uidNumbers = array();
91 var $check_uidNumbers_dialog = FALSE;
93 /* check for multiple use of same gidNumber */
94 var $check_gidNumbers = array();
95 var $check_gidNumbers_dialog = FALSE;
98 function Step_Migrate()
99 {
100 $this->update_strings();
101 }
103 function update_strings()
104 {
105 $this->s_title = _("LDAP inspection");
106 $this->s_title_long = _("LDAP inspection");
107 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
108 }
110 function initialize_checks()
111 {
112 $this->checks = array();
113 $this->checks['root']['TITLE'] = _("Checking for root object");
114 $this->checks['root']['STATUS'] = FALSE;
115 $this->checks['root']['STATUS_MSG']= "";
116 $this->checks['root']['ERROR_MSG'] = "";
117 $this->checkBase();
119 $this->checks['permissions']['TITLE'] = _("Checking permissions on LDAP database");
120 $this->checks['permissions']['STATUS'] = FALSE;
121 $this->checks['permissions']['STATUS_MSG']= "";
122 $this->checks['permissions']['ERROR_MSG'] = "";
123 $this->check_ldap_permissions();
125 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible departments");
126 $this->checks['deps_visible']['STATUS'] = FALSE;
127 $this->checks['deps_visible']['STATUS_MSG']= "";
128 $this->checks['deps_visible']['ERROR_MSG'] = "";
129 $this->check_organizationalUnits();
131 $this->checks['users_visible']['TITLE'] = _("Checking for invisible users");
132 $this->checks['users_visible']['STATUS'] = FALSE;
133 $this->checks['users_visible']['STATUS_MSG']= "";
134 $this->checks['users_visible']['ERROR_MSG'] = "";
135 $this->check_gosaAccounts();
137 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
138 $this->checks['acls']['STATUS'] = FALSE;
139 $this->checks['acls']['STATUS_MSG']= "";
140 $this->checks['acls']['ERROR_MSG'] = "";
141 $this->check_administrativeAccount();
143 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree");
144 $this->checks['outside_users']['STATUS'] = FALSE;
145 $this->checks['outside_users']['STATUS_MSG']= "";
146 $this->checks['outside_users']['ERROR_MSG'] = "";
147 $this->search_outside_users();
149 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree");
150 $this->checks['outside_groups']['STATUS'] = FALSE;
151 $this->checks['outside_groups']['STATUS_MSG']= "";
152 $this->checks['outside_groups']['ERROR_MSG'] = "";
153 $this->search_outside_groups();
155 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation tree");
156 $this->checks['outside_winstations']['STATUS'] = FALSE;
157 $this->checks['outside_winstations']['STATUS_MSG']= "";
158 $this->checks['outside_winstations']['ERROR_MSG'] = "";
159 $this->search_outside_winstations();
161 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicated UID numbers");
162 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
163 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
164 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
165 $this->check_uidNumber();
167 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate GID numbers");
168 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
169 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
170 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
171 $this->check_gidNumber();
172 }
175 /* Check if there are uidNumbers which are used more than once.
176 */
177 function check_uidNumber()
178 {
179 /* Establish ldap connection */
180 $cv = $this->parent->captured_values;
181 $ldap_l = new LDAP($cv['admin'],
182 $cv['password'],
183 $cv['connection'],
184 FALSE,
185 $cv['tls']);
187 $ldap = new ldapMultiplexer($ldap_l);
189 $ldap->cd($cv['base']);
190 $res = $ldap->search("uidNumber=*",array("dn","uidNumber"));
191 if(!$res){
192 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
193 $this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
194 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
195 return(false);
196 }
198 $this->check_uidNumbers= array();
199 $tmp = array();
200 while($attrs = $ldap->fetch()){
201 $tmp[$attrs['uidNumber'][0]][] = $attrs;
202 }
204 foreach($tmp as $id => $entries){
205 if(count($entries) > 1){
206 foreach($entries as $entry){
207 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
208 }
209 }
210 }
212 if($this->check_uidNumbers){
213 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
214 $this->checks['uidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
215 $this->checks['uidNumber_usage']['ERROR_MSG'] =
216 sprintf(_("Found %s duplicate values for attribute 'uidNumber'."),count($this->check_uidNumbers));
217 return(false);
218 }else{
219 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
220 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
221 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
222 return(TRUE);
223 }
224 }
227 /* Check if there are duplicated gidNumbers present in ldap
228 */
229 function check_gidNumber()
230 {
231 /* Establish ldap connection */
232 $cv = $this->parent->captured_values;
233 $ldap_l = new LDAP($cv['admin'],
234 $cv['password'],
235 $cv['connection'],
236 FALSE,
237 $cv['tls']);
239 $ldap = new ldapMultiplexer($ldap_l);
241 $ldap->cd($cv['base']);
242 $res = $ldap->search("(&(objectClass=posixGroup)(gidNumber=*))",array("dn","gidNumber"));
243 if(!$res){
244 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
245 $this->checks['gidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
246 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
247 return(false);
248 }
250 $this->check_gidNumbers= array();
251 $tmp = array();
252 while($attrs = $ldap->fetch()){
253 $tmp[$attrs['gidNumber'][0]][] = $attrs;
254 }
256 foreach($tmp as $id => $entries){
257 if(count($entries) > 1){
258 foreach($entries as $entry){
259 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
260 }
261 }
262 }
264 if($this->check_gidNumbers){
265 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
266 $this->checks['gidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
267 $this->checks['gidNumber_usage']['ERROR_MSG'] =
268 sprintf(_("Found %s duplicate values for attribute 'gidNumber'."),count($this->check_gidNumbers));
269 return(false);
270 }else{
271 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
272 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
273 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
274 return(TRUE);
275 }
276 }
279 /* Search for winstations outside the winstation ou
280 */
281 function search_outside_winstations()
282 {
283 /* Establish ldap connection */
284 $cv = $this->parent->captured_values;
285 $ldap_l = new LDAP($cv['admin'],
286 $cv['password'],
287 $cv['connection'],
288 FALSE,
289 $cv['tls']);
291 $ldap = new ldapMultiplexer($ldap_l);
293 /* Get winstation ou */
294 if($cv['generic_settings']['wws_ou_active']) {
295 $winstation_ou = $cv['generic_settings']['ws_ou'];
296 }else{
297 $winstation_ou = "ou=winstations";
298 }
300 if($cv['samba_version'] == 3){
301 $oc = "sambaSamAccount";
302 }else{
303 $oc = "sambaAccount";
304 }
306 $ldap->cd($cv['base']);
307 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
308 if(!$res){
309 $this->checks['outside_winstations']['STATUS'] = FALSE;
310 $this->checks['outside_winstations']['STATUS_MSG']= _("LDAP query failed");
311 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
312 return(false);
313 }
315 $this->outside_winstations = array();
316 while($attrs = $ldap->fetch()){
317 if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
318 $attrs['selected'] = FALSE;
319 $attrs['ldif'] = "";
320 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
321 }
322 }
324 if(count($this->outside_winstations)){
325 $this->checks['outside_winstations']['STATUS'] = FALSE;
326 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
327 $this->checks['outside_winstations']['ERROR_MSG'] =
328 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
329 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."...'>";
330 return(false);
331 }else{
332 $this->checks['outside_winstations']['STATUS'] = TRUE;
333 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
334 $this->checks['outside_winstations']['ERROR_MSG'] = "";
335 return(TRUE);
336 }
337 }
340 /* Search for groups outside the group ou
341 */
342 function search_outside_groups()
343 {
344 /* Establish ldap connection */
345 $cv = $this->parent->captured_values;
346 $ldap_l = new LDAP($cv['admin'],
347 $cv['password'],
348 $cv['connection'],
349 FALSE,
350 $cv['tls']);
352 $ldap = new ldapMultiplexer($ldap_l);
354 $group_ou = $cv['groupou'];
355 $ldap->cd($cv['base']);
357 /***********
358 * Get all gosaDepartments to be able to
359 * validate correct ldap tree position of every single user
360 ***********/
361 $valid_deps = array();
362 $valid_deps['/'] = $cv['base'];
363 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
364 while($attrs = $ldap->fetch()){
365 $valid_deps[] = $attrs['dn'];
366 }
368 /***********
369 * Get all groups
370 ***********/
371 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
372 if(!$res){
373 $this->checks['outside_groups']['STATUS'] = FALSE;
374 $this->checks['outside_groups']['STATUS_MSG']= _("LDAP query failed");
375 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
376 return(false);
377 }
379 $this->outside_groups = array();
380 while($attrs = $ldap->fetch()){
381 $group_db_base = preg_replace("/^[^,]+,".normalizePreg($group_ou)."+,/i","",$attrs['dn']);
383 /* Check if entry is not an addressbook only user
384 * and verify that he is in a valid department
385 */
386 if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$group_db_base) &&
387 !in_array($group_db_base,$valid_deps)
388 ){
389 $attrs['selected'] = FALSE;
390 $attrs['ldif'] = "";
391 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
392 }
393 }
395 if(count($this->outside_groups)){
396 $this->checks['outside_groups']['STATUS'] = FALSE;
397 $this->checks['outside_groups']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
398 $this->checks['outside_groups']['ERROR_MSG'] =
399 sprintf(_("Found %s groups outside the configured tree '%s'."),count($this->outside_groups),$group_ou);
400 $this->checks['outside_groups']['ERROR_MSG'].= " <input type='submit' name='outside_groups_dialog' value='"._("Move")."...'>";
401 return(false);
402 }else{
403 $this->checks['outside_groups']['STATUS'] = TRUE;
404 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
405 $this->checks['outside_groups']['ERROR_MSG'] = "";
406 return(TRUE);
407 }
408 }
410 /* Search for users outside the people ou
411 */
412 function search_outside_users()
413 {
414 /* Establish ldap connection */
415 $cv = $this->parent->captured_values;
416 $ldap_l = new LDAP($cv['admin'],
417 $cv['password'],
418 $cv['connection'],
419 FALSE,
420 $cv['tls']);
422 $ldap = new ldapMultiplexer($ldap_l);
423 $ldap->cd($cv['base']);
426 /***********
427 * Get all gosaDepartments to be able to
428 * validate correct ldap tree position of every single user
429 ***********/
430 $valid_deps = array();
431 $valid_deps['/'] = $cv['base'];
432 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
433 while($attrs = $ldap->fetch()){
434 $valid_deps[] = $attrs['dn'];
435 }
437 /***********
438 * Search for all users
439 ***********/
440 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
441 if(!$res){
442 $this->checks['outside_users']['STATUS'] = FALSE;
443 $this->checks['outside_users']['STATUS_MSG']= _("LDAP query failed");
444 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
445 return(false);
446 }
448 /***********
449 * Check if returned users are within a valid GOsa deparmtment. (peopleou,gosaDepartment,base)
450 ***********/
451 $this->outside_users = array();
452 $people_ou = trim($cv['peopleou']);
453 if(!empty($people_ou)){
454 $people_ou = $people_ou.",";
455 }
457 while($attrs = $ldap->fetch()){
458 $people_db_base = preg_replace("/^[^,]+,".normalizePreg($people_ou)."/i","",$attrs['dn']);
460 /* Check if entry is not an addressbook only user
461 * and verify that he is in a valid department
462 */
463 if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$people_db_base) &&
464 !in_array($people_db_base,$valid_deps)
465 ){
466 $attrs['selected'] = FALSE;
467 $attrs['ldif'] = "";
468 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
469 }
470 }
472 if(count($this->outside_users)){
473 $this->checks['outside_users']['STATUS'] = FALSE;
474 $this->checks['outside_users']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
475 $this->checks['outside_users']['ERROR_MSG'] =
476 sprintf(_("Found %s user(s) outside the configured tree '%s'."),count($this->outside_users),$people_ou);
477 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Move")."...'>";
478 return(false);
479 }else{
480 $this->checks['outside_users']['STATUS'] = TRUE;
481 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
482 $this->checks['outside_users']['ERROR_MSG'] = "";
483 return(TRUE);
484 }
485 }
488 /* Check ldap accessibility
489 * Create and remove a dummy object,
490 * to ensure that we have the necessary permissions
491 */
492 function check_ldap_permissions()
493 {
494 /* Establish ldap connection */
495 $cv = $this->parent->captured_values;
496 $ldap_l = new LDAP($cv['admin'],
497 $cv['password'],
498 $cv['connection'],
499 FALSE,
500 $cv['tls']);
502 $ldap = new ldapMultiplexer($ldap_l);
504 /* Create dummy entry
505 */
506 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
507 $dn = "ou=".$name.",".$cv['base'];
508 $testEntry= array();
509 $testEntry['objectClass'][]= "top";
510 $testEntry['objectClass'][]= "organizationalUnit";
511 $testEntry['objectClass'][]= "gosaDepartment";
512 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
513 $testEntry['ou'] = $name;
515 /* check if simple ldap cat will be successful
516 */
517 $res = $ldap->cat($cv['base']);
518 if(!$res){
519 $this->checks['permissions']['STATUS'] = FALSE;
520 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
521 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
522 return(false);
523 }
525 /* Try to create dummy object
526 */
527 $ldap->cd ($dn);
528 $ldap->create_missing_trees($dn);
529 $res = $ldap->add($testEntry);
530 $ldap->cat($dn);
531 if(!$ldap->count()){
532 new log("view","setup/".get_class($this),$dn,array(),$ldap->get_error());
534 $this->checks['permissions']['STATUS'] = FALSE;
535 $this->checks['permissions']['STATUS_MSG']= _("Failed");
536 $this->checks['permissions']['ERROR_MSG'] =
537 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
538 return(false);
539 }
541 /* Try to remove created entry
542 */
543 $res = $ldap->rmDir($dn);
544 $ldap->cat($dn);
545 if($ldap->count()){
546 new log("view","setup/".get_class($this),$dn,array(),$ldap->get_error());
547 $this->checks['permissions']['STATUS'] = FALSE;
548 $this->checks['permissions']['STATUS_MSG']= _("Failed");
549 $this->checks['permissions']['ERROR_MSG'] =
550 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
551 return(false);
552 }
554 /* Create & remove of dummy object was successful */
555 $this->checks['permissions']['STATUS'] = TRUE;
556 $this->checks['permissions']['STATUS_MSG']= _("Ok");
557 $this->checks['permissions']['ERROR_MSG'] = "";
558 return(true);
559 }
562 /* Check if there are users which will
563 * be invisible for GOsa
564 */
565 function check_gosaAccounts()
566 {
567 /* Remember old list of ivisible users, to be able to set
568 * the 'html checked' status for the checkboxes again
569 */
570 $cnt_ok = 0;
571 $old = $this->users_to_migrate;
572 $this->users_to_migrate = array();
574 /* Establish ldap connection */
575 $cv = $this->parent->captured_values;
576 $ldap_l = new LDAP($cv['admin'],
577 $cv['password'],
578 $cv['connection'],
579 FALSE,
580 $cv['tls']);
582 $ldap = new ldapMultiplexer($ldap_l);
584 /* Get all invisible users
585 */
586 $ldap->cd($cv['base']);
587 $res =$ldap->search("(&(|(objectClass=posixAccount)(&(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))(!(objectClass=gosaAccount))(uid=*))",array("sn","givenName","cn","uid"));
588 while($attrs = $ldap->fetch()){
589 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
590 $attrs['checked'] = FALSE;
591 $attrs['before'] = "";
592 $attrs['after'] = "";
594 /* Set objects to selected, that were selected before reload */
595 if(isset($old[base64_encode($attrs['dn'])])){
596 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
597 }
598 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
599 }
600 }
602 /* No invisible */
603 if(!$res){
604 $this->checks['users_visible']['STATUS'] = FALSE;
605 $this->checks['users_visible']['STATUS_MSG']= _("LDAP query failed");
606 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
607 }elseif(count($this->users_to_migrate) == 0){
608 $this->checks['users_visible']['STATUS'] = TRUE;
609 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
610 $this->checks['users_visible']['ERROR_MSG'] = "";
611 }else{
612 $this->checks['users_visible']['STATUS'] = FALSE;
613 $this->checks['users_visible']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
614 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s user(s) that will not be visible in GOsa."),
615 count($this->users_to_migrate));
616 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."...'>";
617 }
618 }
621 /* Start user account migration
622 */
623 function migrate_gosaAccounts($only_ldif = FALSE)
624 {
625 $this->show_details= $only_ldif;
627 /* Establish ldap connection */
628 $cv = $this->parent->captured_values;
629 $ldap_l = new LDAP($cv['admin'],
630 $cv['password'],
631 $cv['connection'],
632 FALSE,
633 $cv['tls']);
635 $ldap = new ldapMultiplexer($ldap_l);
637 /* Add gosaAccount objectClass to the selected users
638 */
639 foreach($this->users_to_migrate as $key => $dep){
640 if($dep['checked']){
642 /* Get old objectClasses */
643 $ldap->cat($dep['dn'],array("objectClass"));
644 $attrs = $ldap->fetch();
646 /* Create new objectClass array */
647 $new_attrs = array();
648 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
649 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
650 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
651 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
652 }
653 }
655 /* Set info attributes for current object,
656 * or write changes to the ldap database
657 */
658 if($only_ldif){
659 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
660 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
661 }else{
662 $ldap->cd($attrs['dn']);
663 if(!$ldap->modify($new_attrs)){
664 msg_dialog::display(_("Migration error"), sprintf(_("Cannot migrate department '%s':")."<br><br><i>%s</i>",LDAP::fix($attrs['dn']),$ldap->get_error()), ERROR_DIALOG);
665 return(false);
666 }
667 }
668 }
669 }
670 return(TRUE);
671 }
674 /* Check if there are invisible organizational Units
675 */
676 function check_organizationalUnits()
677 {
678 $cnt_ok = 0;
679 $old = $this->deps_to_migrate;
680 $this->deps_to_migrate = array();
682 /* Establish ldap connection */
683 $cv = $this->parent->captured_values;
684 $ldap_l = new LDAP($cv['admin'],
685 $cv['password'],
686 $cv['connection'],
687 FALSE,
688 $cv['tls']);
690 $ldap = new ldapMultiplexer($ldap_l);
692 /* Skip GOsa internal departments */
693 $skip_dns = array("/".$cv['peopleou']."/","/".$cv['groupou']."/","/^ou=people,/","/^ou=groups,/",
694 "/(,|)ou=configs,/","/(,|)ou=systems,/",
695 "/(,|)ou=apps,/","/(,|)ou=mime,/","/(,|)ou=devices/","/^ou=aclroles,/","/^ou=incoming,/",
696 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
697 "/(,|)ou=winstations,/");
699 /* Get all invisible departments */
700 $ldap->cd($cv['base']);
701 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
702 while($attrs = $ldap->fetch()){
703 $attrs['checked'] = FALSE;
704 $attrs['before'] = "";
705 $attrs['after'] = "";
707 /* Set objects to selected, that were selected before reload */
708 if(isset($old[base64_encode($attrs['dn'])])){
709 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
710 }
711 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
712 }
714 /* Filter returned list of departments and ensure that
715 * GOsa internal departments will not be listed
716 */
717 foreach($this->deps_to_migrate as $key => $attrs){
718 $dn = $attrs['dn'];
719 $skip = false;;
720 foreach($skip_dns as $skip_dn){
721 if(preg_match($skip_dn,$dn)){
722 $skip = true;
723 }
724 }
725 if($skip){
726 unset($this->deps_to_migrate[$key]);
727 }
728 }
730 /* If we have no invisible departments found
731 * tell the user that everything is ok
732 */
733 if(!$res){
734 $this->checks['deps_visible']['STATUS'] = FALSE;
735 $this->checks['deps_visible']['STATUS_MSG']= _("LDAP query failed");
736 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
737 }elseif(count($this->deps_to_migrate) == 0 ){
738 $this->checks['deps_visible']['STATUS'] = TRUE;
739 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
740 $this->checks['deps_visible']['ERROR_MSG'] = "";
741 }else{
742 $this->checks['deps_visible']['STATUS'] = TRUE;
743 $this->checks['deps_visible']['STATUS_MSG']= '<font style="color:#FFA500">'._("Warning").'</font>';
744 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s department(s) that will not be visible in GOsa."),count($this->deps_to_migrate));
745 $this->checks['deps_visible']['ERROR_MSG'] .= " <input type='submit' name='deps_visible_migrate' value='"._("Migrate")."...'>";
746 }
747 }
751 /* Start deparmtment migration */
752 function migrate_organizationalUnits($only_ldif = FALSE)
753 {
754 $this->show_details= $only_ldif;
756 /* Establish ldap connection */
757 $cv = $this->parent->captured_values;
758 $ldap_l = new LDAP($cv['admin'],
759 $cv['password'],
760 $cv['connection'],
761 FALSE,
762 $cv['tls']);
764 $ldap = new ldapMultiplexer($ldap_l);
766 /* Add gosaDepartment objectClass to each selected entry
767 */
768 foreach($this->deps_to_migrate as $key => $dep){
769 if($dep['checked']){
771 /* Get current objectClasses */
772 $ldap->cat($dep['dn'],array("objectClass","description"));
773 $attrs = $ldap->fetch();
775 /* Create new objectClass attribute including gosaDepartment*/
776 $new_attrs = array();
777 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
778 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
779 }
780 $new_attrs['objectClass'][] = "gosaDepartment";
782 /* Append description it is missing */
783 if(!isset($attrs['description'])){
784 $new_attrs['description'][] = "GOsa department";
785 }
787 /* Depending on the parameter >only_diff< we save the changes as ldif
788 * or we write our changes directly to the ldap database
789 */
790 if($only_ldif){
791 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
792 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
793 }else{
794 $ldap->cd($attrs['dn']);
795 if(!$ldap->modify($new_attrs)){
796 msg_dialog::display(_("Migration error"), sprintf(_("Cannot migrate department '%s':")."<br><br><i>%s</i>",LDAP::fix($attrs['dn']), $ldap->get_error()), ERROR_DIALOG);
797 return(false);
798 }
799 }
800 }
801 }
802 return(TRUE);
803 }
806 /* Check Acls if there is at least one object with acls defined
807 */
808 function check_administrativeAccount()
809 {
810 /* Establish ldap connection */
811 $cv = $this->parent->captured_values;
812 $ldap_l = new LDAP($cv['admin'],
813 $cv['password'],
814 $cv['connection'],
815 FALSE,
816 $cv['tls']);
818 $ldap = new ldapMultiplexer($ldap_l);
819 $ldap->cd($cv['base']);
820 $res = $ldap->cat($cv['base']);
822 if(!$res){
823 $this->checks['acls']['STATUS'] = FALSE;
824 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
825 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
826 }else{
827 $found = false;
828 $username = "";
829 $attrs = $ldap->fetch();
830 if(isset($attrs['gosaAclEntry'])){
831 $acls = $attrs['gosaAclEntry'];
832 for($i = 0 ; $i < $acls['count'] ; $i++){
833 $acl = $acls[$i];
834 $tmp = split(":",$acl);
835 if($tmp[1] == "psub"){
836 $members = split(",",$tmp[2]);
837 foreach($members as $member){
838 $member = base64_decode($member);
840 /* Check if acl owner is a valid GOsa user account */
841 $ldap->cat($member,array("objectClass","uid","cn"));
842 $ret = $ldap->fetch();
844 if(isset($ret['objectClass']) && in_array("posixGroup",$ret['objectClass'])){
845 $found = TRUE;
846 $username .= "ACL-Group: ".$ret['cn'][0]."<br>";
847 }elseif(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
848 in_array("organizationalPerson",$ret['objectClass']) &&
849 in_array("inetOrgPerson",$ret['objectClass'])){
850 $found = TRUE;
851 $username .= "ACL: ".$ret['uid'][0]."<br>";
852 }
853 }
854 }elseif($tmp[1] == "role"){
856 /* Check if acl owner is a valid GOsa user account */
857 $ldap->cat(base64_decode($tmp[2]),array("gosaAclTemplate"));
858 $ret = $ldap->fetch();
860 if(isset($ret['gosaAclTemplate'])){
861 $cnt = $ret['gosaAclTemplate']['count'];
862 for($e = 0 ; $e < $cnt ; $e++){
864 $a_str = $ret['gosaAclTemplate'][$e];
865 if(preg_match("/^[0-9]*:psub:/",$a_str) && preg_match("/:all;cmdrw$/",$a_str)){
867 $members = split(",",$tmp[3]);
868 foreach($members as $member){
869 $member = base64_decode($member);
871 /* Check if acl owner is a valid GOsa user account */
872 $ldap->cat($member,array("objectClass","uid"));
873 $ret = $ldap->fetch();
875 if(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
876 in_array("organizationalPerson",$ret['objectClass']) &&
877 in_array("inetOrgPerson",$ret['objectClass'])){
878 $found = TRUE;
879 $username .= "ACL Role: ".$ret['uid'][0]."<br>";
880 }
881 }
882 }
883 }
884 }
885 }
886 }
887 }
889 # For debugging
890 #echo $username;
892 if($found){
893 $this->checks['acls']['STATUS'] = TRUE;
894 $this->checks['acls']['STATUS_MSG']= _("Ok");
895 $this->checks['acls']['ERROR_MSG'] = "";
896 }else{
897 $this->checks['acls']['STATUS'] = FALSE;
898 $this->checks['acls']['STATUS_MSG']= _("Failed");
899 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
900 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
901 }
902 }
903 return($ldap->count()>=1);
904 }
908 function create_admin($only_ldif = FALSE)
909 {
910 /* Reset '' */
911 $this->acl_create_changes="";
913 /* Object that should receive admin acls */
914 $dn = $this->acl_create_selected;
916 /* Get collected configuration settings */
917 $cv = $this->parent->captured_values;
919 /* On first call check for rid/sid base */
920 $ldap_l = new LDAP($cv['admin'],
921 $cv['password'],
922 $cv['connection'],
923 FALSE,
924 $cv['tls']);
926 $ldap = new ldapMultiplexer($ldap_l);
928 /* Get current base attributes */
929 $ldap->cd($cv['base']);
930 $ldap->cat($cv['base'],array("dn","objectClass","gosaAclEntry"));
931 $attrs = $ldap->fetch();
933 /* Add acls for the selcted user to the base */
934 $attrs_new = array();
935 $attrs_new['objectClass'] = array("gosaACL");
937 for($i = 0; $i < $attrs['objectClass']['count']; $i ++){
938 if(!in_array_ics($attrs['objectClass'][$i],$attrs_new['objectClass'])){
939 $attrs_new['objectClass'][] = $attrs['objectClass'][$i];
940 }
941 }
943 $acl = "0:psub:".base64_encode($dn).":all;cmdrw";
944 $attrs_new['gosaAclEntry'][] = $acl;
945 if(isset($attrs['gosaAclEntry'])){
946 for($i = 0 ; $i < $attrs['gosaAclEntry']['count']; $i ++){
948 $prio = preg_replace("/[:].*$/","",$attrs['gosaAclEntry'][$i]);
949 $rest = preg_replace("/^[^:]/","",$attrs['gosaAclEntry'][$i]);
951 $data = ($prio+1).$rest;
952 $attrs_new['gosaAclEntry'][] = $data;
953 }
954 }
956 if($only_ldif){
957 $this->acl_create_changes ="\n".($ldap->fix($cv['base']))."\n";
958 $this->acl_create_changes.=$this->array_to_ldif($attrs)."\n";
959 $this->acl_create_changes.="\n".($ldap->fix($cv['base']))."\n";
960 $this->acl_create_changes.=$this->array_to_ldif($attrs_new);
961 }else{
963 $ldap->cd($cv['base']);
964 if(!$ldap->modify($attrs_new)){
965 msg_dialog::display(_("Migration error"), sprintf(_("Cannot add ACL for user '%s':")."<br><br><i>%s</i>", LDAP::fix($dn), $ldap->get_error()), ERROR_DIALOG);
966 return(FALSE);
967 }else{
968 return(TRUE);
969 }
970 }
971 }
974 function create_admin_user()
975 {
976 $pw1 = $pw2 = "";
977 $uid = "";
979 if(isset($_POST['new_user_uid'])){
980 $uid = $_POST['new_user_uid'];
981 }
982 if(isset($_POST['new_user_password'])){
983 $pw1 = $_POST['new_user_password'];
984 }
985 if(isset($_POST['new_user_password2'])){
986 $pw2 = $_POST['new_user_password2'];
987 }
989 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
990 msg_dialog::display(_("Password error"), _("Provided passwords do not match!"), ERROR_DIALOG);
991 return false;
992 }
994 if(!tests::is_uid($uid) || empty($uid)){
995 msg_dialog::display(_("Input error"), _("Specify a valid user ID!"), ERROR_DIALOG);
996 return false;
997 }
999 /* On first call check for rid/sid base */
1000 $cv = $this->parent->captured_values;
1001 $ldap_l = new LDAP($cv['admin'],
1002 $cv['password'],
1003 $cv['connection'],
1004 FALSE,
1005 $cv['tls']);
1007 $ldap = new ldapMultiplexer($ldap_l);
1009 /* Get current base attributes */
1010 $ldap->cd($cv['base']);
1012 $people_ou = trim($cv['peopleou']);
1013 if(!empty($people_ou)){
1014 $people_ou = trim($people_ou).",";
1015 }
1017 if($cv['peopledn'] == "cn"){
1018 $dn = "cn=System Administrator-".$uid.",".$people_ou.$cv['base'];
1019 }else{
1020 $dn = "uid=".$uid.",".$people_ou.$cv['base'];
1021 }
1023 $hash = passwordMethod::make_hash($pw2, $cv['encryption']);
1025 $new_user=array();
1026 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
1027 $new_user['givenName'] = "System";
1028 $new_user['sn'] = "Administrator";
1029 $new_user['cn'] = "System Administrator-".$uid;
1030 $new_user['uid'] = $uid;
1031 $new_user['userPassword'] = $hash;
1033 $ldap->cd($cv['base']);
1035 $ldap->cat($dn,array("dn"));
1036 if($ldap->count()){
1037 msg_dialog::display(_("Error"), sprintf(_("Adding an administrative user failed: object '%s' already exists!"), LDAP::fix($dn)), ERROR_DIALOG);
1038 return(FALSE);
1039 }
1041 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
1042 $ldap->cd($dn);
1043 $res = $ldap->add($new_user);
1044 $this->acl_create_selected = $dn;
1045 $this->create_admin();
1047 if(!$res){
1048 msg_dialog::display(_("LDAP error"), $ldap->get_error(), ERROR_DIALOG);
1049 return(FALSE);
1050 }
1052 $this->acl_create_dialog=FALSE;
1053 $this->check_administrativeAccount();
1054 return(TRUE);
1055 }
1058 function migrate_outside_winstations($perform = FALSE)
1059 {
1060 /* Establish ldap connection */
1061 $cv = $this->parent->captured_values;
1062 $ldap_l = new LDAP($cv['admin'],
1063 $cv['password'],
1064 $cv['connection'],
1065 FALSE,
1066 $cv['tls']);
1068 $ldap = new ldapMultiplexer($ldap_l);
1070 $ldap->cd($cv['base']);
1072 /* Check if there was a destination department posted */
1073 if(isset($_POST['move_winstation_to'])){
1074 $destination_dep = $_POST['move_winstation_to'];
1075 }else{
1076 msg_dialog::display(_("LDAP error"), _("Cannot move users to the requested department!"), ERROR_DIALOG);
1077 return(false);
1078 }
1080 foreach($this->outside_winstations as $b_dn => $data){
1081 $this->outside_winstations[$b_dn]['ldif'] ="";
1082 if($data['selected']){
1083 $dn = base64_decode($b_dn);
1084 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1085 if(!$perform){
1086 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".($ldap->fix($dn))."<br>"._("to").":<br>\t".($ldap->fix($d_dn));
1089 /* Check if there are references to this object */
1090 $ldap->search("(&(member=".LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1091 $refs = "";
1092 while($attrs = $ldap->fetch()){
1093 $ref_dn = $attrs['dn'];
1094 $refs .= "<br />\t".$ref_dn;
1095 }
1096 if(!empty($refs)){
1097 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1098 }
1100 }else{
1101 $this->move($dn,$d_dn);
1102 }
1103 }
1104 }
1105 }
1108 function migrate_outside_groups($perform = FALSE)
1109 {
1110 /* Establish ldap connection */
1111 $cv = $this->parent->captured_values;
1112 $ldap_l = new LDAP($cv['admin'],
1113 $cv['password'],
1114 $cv['connection'],
1115 FALSE,
1116 $cv['tls']);
1118 $ldap = new ldapMultiplexer($ldap_l);
1119 $ldap->cd($cv['base']);
1121 /* Check if there was a destination department posted */
1122 if(isset($_POST['move_group_to'])){
1123 $destination_dep = $_POST['move_group_to'];
1124 }else{
1125 msg_dialog::display(_("LDAP error"), _("Cannot move users to the requested department!"), ERROR_DIALOG);
1126 return(false);
1127 }
1129 foreach($this->outside_groups as $b_dn => $data){
1130 $this->outside_groups[$b_dn]['ldif'] ="";
1131 if($data['selected']){
1132 $dn = base64_decode($b_dn);
1133 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1134 if(!$perform){
1136 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".($ldap->fix($dn))."<br>"._("to").":<br>\t".($ldap->fix($d_dn));
1138 /* Check if there are references to this object */
1139 $ldap->search("(&(member=".LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1140 $refs = "";
1141 while($attrs = $ldap->fetch()){
1142 $ref_dn = $attrs['dn'];
1143 $refs .= "<br />\t".$ref_dn;
1144 }
1145 if(!empty($refs)){
1146 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1147 }
1149 }else{
1150 $this->move($dn,$d_dn);
1151 }
1152 }
1153 }
1154 }
1157 function migrate_outside_users($perform = FALSE)
1158 {
1159 /* Establish ldap connection */
1160 $cv = $this->parent->captured_values;
1161 $ldap_l = new LDAP($cv['admin'],
1162 $cv['password'],
1163 $cv['connection'],
1164 FALSE,
1165 $cv['tls']);
1167 $ldap = new ldapMultiplexer($ldap_l);
1168 $ldap->cd($cv['base']);
1170 /* Check if there was a destination department posted */
1171 if(isset($_POST['move_user_to'])){
1172 $destination_dep = $_POST['move_user_to'];
1173 }else{
1174 msg_dialog::display(_("LDAP error"), _("Cannot move users to the requested department!"), ERROR_DIALOG);
1175 return(false);
1176 }
1178 foreach($this->outside_users as $b_dn => $data){
1179 $this->outside_users[$b_dn]['ldif'] ="";
1180 if($data['selected']){
1181 $dn = base64_decode($b_dn);
1182 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1183 if(!$perform){
1184 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".($ldap->fix($dn))."<br>"._("to").":<br>\t".($ldap->fix($d_dn));
1186 /* Check if there are references to this object */
1187 $ldap->search("(&(member=".LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1188 $refs = "";
1189 while($attrs = $ldap->fetch()){
1190 $ref_dn = $attrs['dn'];
1191 $refs .= "<br />\t".$ref_dn;
1192 }
1193 if(!empty($refs)){
1194 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("The following references will be updated").":</i>".$refs;
1195 }
1197 }else{
1198 $this->move($dn,$d_dn);
1199 }
1200 }
1201 }
1202 }
1205 function execute()
1206 {
1207 /* Initialise checks if this is the first call */
1208 if(!$this->checks_initialised || isset($_POST['reload'])){
1209 $this->initialize_checks();
1210 $this->checks_initialised = TRUE;
1211 }
1213 /*************
1214 * Winstations outside the group ou
1215 *************/
1217 if(isset($_POST['outside_winstations_dialog_cancel'])){
1218 $this->outside_winstations_dialog = FALSE;
1219 $this->dialog = FALSE;
1220 $this->show_details = FALSE;
1221 }
1223 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1224 $this->migrate_outside_winstations(FALSE);
1225 }
1227 if(isset($_POST['outside_winstations_dialog_perform'])){
1228 $this->migrate_outside_winstations(TRUE);
1229 $this->search_outside_winstations();
1230 $this->dialog = FALSE;
1231 $this->show_details = FALSE;
1232 $this->outside_winstations_dialog = FALSE;
1233 }
1235 if(isset($_POST['outside_winstations_dialog'])){
1236 $this->outside_winstations_dialog = TRUE;
1237 $this->dialog = TRUE;
1238 }
1240 if($this->outside_winstations_dialog){
1242 /* Fix displayed dn syntax */
1243 $tmp = $this->outside_winstations;
1244 foreach($tmp as $key => $data){
1245 $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
1246 }
1248 $smarty = get_smarty();
1249 $smarty->assign("ous",$this->get_all_winstation_ous());
1250 $smarty->assign("method","outside_winstations");
1251 $smarty->assign("outside_winstations",$tmp);
1252 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1253 }
1254 /*************
1255 * Groups outside the group ou
1256 *************/
1258 if(isset($_POST['outside_groups_dialog_cancel'])){
1259 $this->outside_groups_dialog = FALSE;
1260 $this->show_details = FALSE;
1261 $this->dialog = FALSE;
1262 }
1264 if(isset($_POST['outside_groups_dialog_whats_done'])){
1265 $this->show_details= TRUE;
1266 $this->migrate_outside_groups(FALSE);
1267 }
1269 if(isset($_POST['outside_groups_dialog_refresh'])){
1270 $this->show_details= FALSE;
1271 }
1273 if(isset($_POST['outside_groups_dialog_perform'])){
1274 $this->migrate_outside_groups(TRUE);
1275 $this->dialog = FALSE;
1276 $this->show_details = FALSE;
1277 $this->outside_groups_dialog = FALSE;
1278 $this->initialize_checks();
1279 }
1281 if(isset($_POST['outside_groups_dialog'])){
1282 $this->outside_groups_dialog = TRUE;
1283 $this->dialog = TRUE;
1284 }
1286 if($this->outside_groups_dialog){
1288 /* Fix displayed dn syntax */
1289 $tmp = $this->outside_groups;
1290 foreach($tmp as $key => $data){
1291 $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
1292 }
1294 $smarty = get_smarty();
1295 $smarty->assign("ous",$this->get_all_group_ous());
1296 $smarty->assign("method","outside_groups");
1297 $smarty->assign("outside_groups",$tmp);
1298 $smarty->assign("group_details", $this->show_details);
1299 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1300 }
1302 /*************
1303 * User outside the people ou
1304 *************/
1306 if(isset($_POST['outside_users_dialog_cancel'])){
1307 $this->outside_users_dialog = FALSE;
1308 $this->dialog = FALSE;
1309 $this->show_details = FALSE;
1310 }
1312 if(isset($_POST['outside_users_dialog_whats_done'])){
1313 $this->show_details= TRUE;
1314 $this->migrate_outside_users(FALSE);
1315 }
1317 if(isset($_POST['outside_users_dialog_perform'])){
1318 $this->migrate_outside_users(TRUE);
1319 $this->initialize_checks();
1320 $this->dialog = FALSE;
1321 $this->show_details = FALSE;
1322 $this->outside_users_dialog = FALSE;
1323 }
1325 if (isset($_POST['outside_users_dialog_refresh'])){
1326 $this->show_details= FALSE;
1327 }
1329 if(isset($_POST['outside_users_dialog'])){
1330 $this->outside_users_dialog = TRUE;
1331 $this->dialog = TRUE;
1332 }
1334 if($this->outside_users_dialog){
1336 /* Fix displayed dn syntax */
1337 $tmp = $this->outside_users;
1338 foreach($tmp as $key => $data){
1339 $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
1340 }
1342 $smarty = get_smarty();
1343 $smarty->assign("ous",$this->get_all_people_ous());
1344 $smarty->assign("method","outside_users");
1345 $smarty->assign("outside_users",$tmp);
1346 $smarty->assign("user_details", $this->show_details);
1347 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1348 }
1350 /*************
1351 * Root object check
1352 *************/
1354 if(isset($_POST['retry_root_create'])){
1356 $state = $this->checks['root']['STATUS'];
1357 $this->checkBase(FALSE);
1358 if($state != $this->checks['root']['STATUS']){
1359 $this->initialize_checks();
1360 }
1361 }
1363 /*************
1364 * User Migration handling
1365 *************/
1367 if(isset($_POST['retry_acls'])){
1368 $this->check_administrativeAccount();
1369 }
1371 if(isset($_POST['create_acls'])){
1372 $this->acl_create_dialog = TRUE;
1373 $this->dialog = TRUE;
1374 }
1376 if(isset($_POST['create_acls_cancel'])){
1377 $this->acl_create_dialog = FALSE;
1378 $this->dialog = FALSE;
1379 $this->show_details = FALSE;
1380 }
1382 # if(isset($_POST['create_acls_create_confirmed'])){
1383 # if($this->create_admin()){
1384 # $this->acl_create_dialog = FALSE;
1385 # $this->dialog = FALSE;
1386 # $this->show_details = FALSE;
1387 # $this->initialize_checks();
1388 # }
1389 # }
1391 if(isset($_POST['create_acls_create'])){
1392 $this->create_admin(TRUE);
1393 }
1395 if(isset($_POST['create_admin_user'])){
1396 if($this->create_admin_user()){
1397 $this->dialog = FALSE;
1398 $this->show_details = FALSE;
1399 }
1400 }
1402 if($this->acl_create_dialog){
1403 $smarty = get_smarty();
1405 $uid = "admin";
1406 if(isset($_POST['new_user_uid'])){
1407 $uid = $_POST['new_user_uid'];
1408 }
1410 $smarty->assign("new_user_uid",$uid);
1411 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1412 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1413 $smarty->assign("method","create_acls");
1414 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1415 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1416 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1417 }
1419 /*************
1420 * User Migration handling
1421 *************/
1423 /* Refresh list of deparments */
1424 if(isset($_POST['users_visible_migrate_refresh'])){
1425 $this->check_gosaAccounts();
1426 }
1428 /* Open migration dialog */
1429 if(isset($_POST['users_visible_migrate'])){
1430 $this->show_details= FALSE;
1431 $this->users_migration_dialog = TRUE;
1432 $this->dialog =TRUE;
1433 }
1435 /* Close migration dialog */
1436 if(isset($_POST['users_visible_migrate_close'])){
1437 $this->users_migration_dialog = FALSE;
1438 $this->dialog =FALSE;
1439 $this->show_details = FALSE;
1440 }
1442 /* Start migration */
1443 if(isset($_POST['users_visible_migrate_migrate'])){
1444 if($this->migrate_gosaAccounts()){
1445 $this->initialize_checks();
1446 $this->dialog = FALSE;
1447 $this->show_details = FALSE;
1448 $this->users_migration_dialog = FALSE;
1449 }
1450 }
1452 /* Start migration */
1453 if(isset($_POST['users_visible_migrate_whatsdone'])){
1454 $this->migrate_gosaAccounts(TRUE);
1455 }
1457 /* Display migration dialog */
1458 if($this->users_migration_dialog){
1460 /* Fix displayed dn syntax */
1461 $tmp = $this->users_to_migrate;
1462 foreach($tmp as $key => $data){
1463 $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
1464 }
1466 $smarty = get_smarty();
1467 $smarty->assign("users_to_migrate",$tmp);
1468 $smarty->assign("method","migrate_users");
1469 $smarty->assign("user_details", $this->show_details);
1470 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1471 }
1474 /*************
1475 * Department Migration handling
1476 *************/
1478 /* Refresh list of deparments */
1479 if(isset($_POST['deps_visible_migrate_refresh'])){
1480 $this->check_organizationalUnits();
1481 $this->show_details= FALSE;
1482 }
1484 /* Open migration dialog */
1485 if(isset($_POST['deps_visible_migrate'])){
1486 $this->dep_migration_dialog = TRUE;
1487 $this->dialog =TRUE;
1488 }
1490 /* Close migration dialog */
1491 if(isset($_POST['deps_visible_migrate_close'])){
1492 $this->dep_migration_dialog = FALSE;
1493 $this->dialog =FALSE;
1494 $this->show_details = FALSE;
1495 }
1497 /* Start migration */
1498 if(isset($_POST['deps_visible_migrate_migrate'])){
1499 if($this->migrate_organizationalUnits()){
1500 $this->show_details= FALSE;
1501 $this->check_organizationalUnits();
1502 $this->dialog = FALSE;
1503 $this->dep_migration_dialog = FALSE;
1504 }
1505 }
1507 /* Start migration */
1508 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1509 $this->migrate_organizationalUnits(TRUE);
1510 }
1512 /* Display migration dialog */
1513 if($this->dep_migration_dialog){
1514 $smarty = get_smarty();
1516 /* Fix displayed dn syntax */
1517 $tmp = $this->deps_to_migrate;
1518 foreach($tmp as $key => $data){
1519 $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
1520 }
1522 $smarty->assign("deps_to_migrate",$tmp);
1523 $smarty->assign("method","migrate_deps");
1524 $smarty->assign("deps_details", $this->show_details);
1525 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1526 }
1528 $smarty = get_smarty();
1529 $smarty->assign("checks",$this->checks);
1530 $smarty->assign("method","default");
1531 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1532 }
1535 function save_object()
1536 {
1537 $this->is_completed= TRUE;
1539 /* Capture all selected winstations from outside_winstations_dialog */
1540 if($this->outside_winstations_dialog){
1541 foreach($this->outside_winstations as $dn => $data){
1542 if(isset($_POST['select_winstation_'.$dn])){
1543 $this->outside_winstations[$dn]['selected'] = TRUE;
1544 }else{
1545 $this->outside_winstations[$dn]['selected'] = FALSE;
1546 }
1547 }
1548 }
1550 /* Capture all selected groups from outside_groups_dialog */
1551 if($this->outside_groups_dialog){
1552 foreach($this->outside_groups as $dn => $data){
1553 if(isset($_POST['select_group_'.$dn])){
1554 $this->outside_groups[$dn]['selected'] = TRUE;
1555 }else{
1556 $this->outside_groups[$dn]['selected'] = FALSE;
1557 }
1558 }
1559 }
1561 /* Capture all selected users from outside_users_dialog */
1562 if($this->outside_users_dialog){
1563 foreach($this->outside_users as $dn => $data){
1564 if(isset($_POST['select_user_'.$dn])){
1565 $this->outside_users[$dn]['selected'] = TRUE;
1566 }else{
1567 $this->outside_users[$dn]['selected'] = FALSE;
1568 }
1569 }
1570 }
1572 /* Get "create acl" dialog posts */
1573 if($this->acl_create_dialog){
1575 if(isset($_POST['create_acls_create_abort'])){
1576 $this->acl_create_selected = "";
1577 }
1578 }
1580 /* Get selected departments */
1581 if($this->dep_migration_dialog){
1582 foreach($this->deps_to_migrate as $id => $data){
1583 if(isset($_POST['migrate_'.$id])){
1584 $this->deps_to_migrate[$id]['checked'] = TRUE;
1585 }else{
1586 $this->deps_to_migrate[$id]['checked'] = FALSE;
1587 }
1588 }
1589 }
1591 /* Get selected users */
1592 if($this->users_migration_dialog){
1593 foreach($this->users_to_migrate as $id => $data){
1594 if(isset($_POST['migrate_'.$id])){
1595 $this->users_to_migrate[$id]['checked'] = TRUE;
1596 }else{
1597 $this->users_to_migrate[$id]['checked'] = FALSE;
1598 }
1599 }
1600 }
1601 }
1604 /* Check if the root object exists.
1605 * If the parameter just_check is true, then just check if the
1606 * root object is missing and update the info messages.
1607 * If the Parameter is false, try to create a new root object.
1608 */
1609 function checkBase($just_check = TRUE)
1610 {
1611 /* Establish ldap connection */
1612 $cv = $this->parent->captured_values;
1613 $ldap_l = new LDAP($cv['admin'],
1614 $cv['password'],
1615 $cv['connection'],
1616 FALSE,
1617 $cv['tls']);
1619 $ldap = new ldapMultiplexer($ldap_l);
1621 /* Check if root object exists */
1622 $ldap->cd($cv['base']);
1623 $res = $ldap->search("(objectClass=*)");
1624 $err = ldap_errno($ldap->cid);
1626 if( !$res ||
1627 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1628 $err == 0x40) { # LDAP_NAMING_VIOLATION
1630 /* Root object doesn't exists
1631 */
1632 if($just_check){
1633 $this->checks['root']['STATUS'] = FALSE;
1634 $this->checks['root']['STATUS_MSG']= _("Failed");
1635 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
1636 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1637 return(FALSE);
1638 }else{
1640 /* Add root object */
1641 $ldap->cd($cv['base']);
1642 $res = $ldap->create_missing_trees($cv['base']);
1644 /* If adding failed, tell the user */
1645 if(!$res){
1646 $this->checks['root']['STATUS'] = FALSE;
1647 $this->checks['root']['STATUS_MSG']= _("Failed");
1648 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
1649 $this->checks['root']['ERROR_MSG'].= " <input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1650 return($res);;
1651 }
1652 }
1653 }
1655 /* Create & remove of dummy object was successful */
1656 $this->checks['root']['STATUS'] = TRUE;
1657 $this->checks['root']['STATUS_MSG']= _("Ok");
1658 }
1661 /* Return ldif information for a
1662 * given attribute array
1663 */
1664 function array_to_ldif($atts)
1665 {
1666 $ret = "";
1667 unset($atts['count']);
1668 unset($atts['dn']);
1669 foreach($atts as $name => $value){
1670 if(is_numeric($name)) {
1671 continue;
1672 }
1673 if(is_array($value)){
1674 unset($value['count']);
1675 foreach($value as $a_val){
1676 $ret .= $name.": ". $a_val."\n";
1677 }
1678 }else{
1679 $ret .= $name.": ". $value."\n";
1680 }
1681 }
1682 return(preg_replace("/\n$/","",$ret));
1683 }
1686 function get_user_list()
1687 {
1688 /* Establish ldap connection */
1689 $cv = $this->parent->captured_values;
1690 $ldap_l = new LDAP($cv['admin'],
1691 $cv['password'],
1692 $cv['connection'],
1693 FALSE,
1694 $cv['tls']);
1696 $ldap = new ldapMultiplexer($ldap_l);
1697 $ldap->cd($cv['base']);
1698 $ldap->search("(objectClass=gosaAccount)",array("dn"));
1700 $tmp = array();
1701 while($attrs = $ldap->fetch()){
1702 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1703 }
1704 return($tmp);
1705 }
1708 function get_all_people_ous()
1709 {
1710 /* Get collected configuration settings */
1711 $cv = $this->parent->captured_values;
1712 $people_ou = trim($cv['peopleou']);
1714 /* Establish ldap connection */
1715 $cv = $this->parent->captured_values;
1716 $ldap_l = new LDAP($cv['admin'],
1717 $cv['password'],
1718 $cv['connection'],
1719 FALSE,
1720 $cv['tls']);
1722 $ldap = new ldapMultiplexer($ldap_l);
1724 /*****************
1725 * If people ou is NOT empty
1726 * search for for all objects matching the given container
1727 *****************/
1728 if(!empty($people_ou)){
1729 $ldap->search("(".$people_ou.")",array("dn"));
1731 /* Create people ou if there is currently none */
1732 if($ldap->count() == 0 ){
1733 $add_dn = $cv['peopleou'].",".$cv['base'];
1734 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1735 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1736 $add = array();
1737 $add['objectClass'] = array("organizationalUnit");
1738 $add[$naming_attr] = $naming_value;
1739 $ldap->cd($cv['base']);
1740 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1741 $ldap->cd($add_dn);
1742 $ldap->add($add);
1743 }
1745 /* Create result */
1746 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1747 $tmp = array();
1748 while($attrs= $ldap->fetch()){
1749 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1750 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1751 }
1752 }
1753 } else{
1755 /************
1756 * If people ou is empty
1757 * Get all valid gosaDepartments
1758 ************/
1759 $ldap->cd($cv['base']);
1760 $tmp = array();
1761 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
1762 $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
1763 while($attrs = $ldap->fetch()){
1764 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
1765 }
1766 }
1767 return($tmp);
1768 }
1771 function get_all_winstation_ous()
1772 {
1773 /* Establish ldap connection */
1774 $cv = $this->parent->captured_values;
1775 $ldap_l = new LDAP($cv['admin'],
1776 $cv['password'],
1777 $cv['connection'],
1778 FALSE,
1779 $cv['tls']);
1781 $ldap = new ldapMultiplexer($ldap_l);
1783 /* Get winstation ou */
1784 if($cv['generic_settings']['wws_ou_active']) {
1785 $winstation_ou = $cv['generic_settings']['ws_ou'];
1786 }else{
1787 $winstation_ou = "ou=winstations";
1788 }
1790 $ldap->cd($cv['base']);
1791 $ldap->search("(".$winstation_ou.")",array("dn"));
1793 if($ldap->count() == 0 ){
1794 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
1795 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1796 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1797 $add = array();
1798 $add['objectClass'] = array("organizationalUnit");
1799 $add[$naming_attr] = $naming_value;
1801 $ldap->cd($cv['base']);
1802 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1803 $ldap->cd($add_dn);
1804 $ldap->add($add);
1805 }
1807 $ldap->search("(".$winstation_ou.")",array("dn"));
1808 $tmp = array();
1809 while($attrs= $ldap->fetch()){
1810 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1811 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1812 }
1813 }
1814 return($tmp);
1815 }
1818 function get_all_group_ous()
1819 {
1820 /* Establish ldap connection */
1821 $cv = $this->parent->captured_values;
1822 $ldap_l = new LDAP($cv['admin'],
1823 $cv['password'],
1824 $cv['connection'],
1825 FALSE,
1826 $cv['tls']);
1828 $ldap = new ldapMultiplexer($ldap_l);
1830 $group_ou = trim($cv['groupou']);
1831 if(!empty($group_ou)){
1832 $group_ou = trim($group_ou);
1833 }
1835 /************
1836 * If group ou is NOT empty
1837 * Get all valid group ous, create one if necessary
1838 ************/
1839 $ldap->cd($cv['base']);
1840 if(!empty($group_ou)){
1841 $ldap->search("(".$group_ou.")",array("dn"));
1842 if($ldap->count() == 0 ){
1843 $add_dn = $group_ou.$cv['base'];
1844 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1845 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1846 $add = array();
1847 $add['objectClass'] = array("organizationalUnit");
1848 $add[$naming_attr] = $naming_value;
1850 $ldap->cd($cv['base']);
1851 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1852 $ldap->cd($add_dn);
1853 $ldap->add($add);
1854 }
1855 $ldap->search("(".$group_ou.")",array("dn"));
1856 $tmp = array();
1857 while($attrs= $ldap->fetch()){
1858 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1859 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1860 }
1861 }
1862 }else{
1863 /************
1864 * If group ou is empty
1865 * Get all valid gosaDepartments
1866 ************/
1867 $ldap->cd($cv['base']);
1868 $tmp = array();
1869 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
1870 $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
1871 while($attrs = $ldap->fetch()){
1872 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
1873 }
1874 }
1875 return($tmp);
1876 }
1879 function get_group_list()
1880 {
1881 /* Establish ldap connection */
1882 $cv = $this->parent->captured_values;
1883 $ldap_l = new LDAP($cv['admin'],
1884 $cv['password'],
1885 $cv['connection'],
1886 FALSE,
1887 $cv['tls']);
1889 $ldap = new ldapMultiplexer($ldap_l);
1891 $ldap->cd($cv['base']);
1892 $ldap->search("(objectClass=posixGroup)",array("dn"));
1894 $tmp = array();
1895 while($attrs = $ldap->fetch()){
1896 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1897 }
1898 return($tmp);
1899 }
1902 function move($source,$destination)
1903 {
1904 /* Establish ldap connection */
1905 $cv = $this->parent->captured_values;
1906 $ldap_l = new LDAP($cv['admin'],
1907 $cv['password'],
1908 $cv['connection'],
1909 FALSE,
1910 $cv['tls']);
1912 $ldap = new ldapMultiplexer($ldap_l);
1914 /* Update object references in gosaGroupOfNames */
1915 $ogs_to_fix = array();
1916 $ldap->cd($cv['base']);
1917 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::prepare4filter($source).'))', array('cn','member'));
1918 while ($attrs= $ldap->fetch()){
1919 $dn = $attrs['dn'];
1920 $attrs = $this->cleanup_array($attrs);
1921 $member_new = array($destination);
1922 foreach($attrs['member'] as $member){
1923 if($member != $source){
1924 $member_new[] = $member;
1925 }
1926 }
1927 $attrs['member'] = $member_new;
1928 $ogs_to_fix[$dn] = $attrs;
1929 }
1931 /* Copy source to destination dn */
1932 $ldap->cat($source);
1933 $new_data = $this->cleanup_array($ldap->fetch());
1934 $ldap->cd($destination);
1935 $res = $ldap->add($new_data);
1937 /* Display warning if copy failed */
1938 if(!$res){
1939 msg_dialog::display(_("LDAP error"), sprintf(_("Copy '%s' to '%s' failed:")."<br><br><i>%s</i>", LDAP::fix($source), LDAP::fix($destination), $ldap->get_error()), ERROR_DIALOG);
1940 }else{
1941 $res = $ldap->rmDir($source);
1942 if (!$ldap->success()){
1943 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $source, LDAP_DEL, get_class()));
1944 }
1946 /* Object is copied, so update its references */
1947 foreach($ogs_to_fix as $dn => $data){
1948 $ldap->cd($dn);
1949 $ldap->modify($data);
1950 }
1951 }
1952 }
1955 /* Cleanup ldap result to be able to write it be to ldap */
1956 function cleanup_array($attrs)
1957 {
1958 foreach($attrs as $key => $value) {
1959 if(is_numeric($key) || in_array($key,array("count","dn"))){
1960 unset($attrs[$key]);
1961 }
1962 if(is_array($value) && isset($value['count'])){
1963 unset($attrs[$key]['count']);
1964 }
1965 }
1966 return($attrs);
1967 }
1968 }
1970 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1971 ?>