1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/setup/migrate.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
62 var $show_details = FALSE;
64 /* Department migration attributes */
65 var $users_migration_dialog= FALSE;
66 var $users_to_migrate = array();
68 /* Create Acl attributes */
69 var $acl_create_dialog = FALSE;
70 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
71 var $acl_create_changes = ""; // Contains ldif information about changes
72 var $acl_create_confirmed= FALSE;
74 /* Checks initialised ? */
75 var $checks_initialised = FALSE;
77 /* Users outside to people ou */
78 var $outside_users = array();
79 var $outside_users_dialog = FALSE;
81 /* Users outside to groups ou */
82 var $outside_groups = array();
83 var $outside_groups_dialog = FALSE;
85 /* Device migration */
86 var $device_dialog = FALSE;
87 var $device = array();
89 /* Service migration */
90 var $service_dialog = FALSE;
91 var $service = array();
93 /* Group menus */
94 var $menu_dialog = FALSE;
95 var $menu = array();
97 /* Win-Workstations outside to reserved ou */
98 var $outside_winstations = array();
99 var $outside_winstations_dialog = FALSE;
101 /* check for multiple use of same uidNumber */
102 var $check_uidNumbers = array();
103 var $check_uidNumbers_dialog = FALSE;
105 /* check for multiple use of same gidNumber */
106 var $check_gidNumbers = array();
107 var $check_gidNumbers_dialog = FALSE;
109 var $group_list = array();
111 /* Migrateable users */
112 var $migrate_users = array();
113 var $acl_migrate_dialog = FALSE;
114 var $migrate_acl_base_entry = "";
116 /* Root object classes */
117 var $rootOC_migrate_dialog = FALSE;
118 var $rootOC_details = array();
120 function Step_Migrate()
121 {
122 $this->update_strings();
123 }
125 function update_strings()
126 {
127 $this->s_title = _("LDAP inspection");
128 $this->s_title_long = _("LDAP inspection");
129 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
130 }
132 function initialize_checks()
133 {
134 $this->checks = array();
135 $this->checks['root']['TITLE'] = _("Checking for root object");
136 $this->checks['root']['STATUS'] = FALSE;
137 $this->checks['root']['STATUS_MSG']= "";
138 $this->checks['root']['ERROR_MSG'] = "";
139 $this->checkBase();
141 $this->checks['rootOC']['TITLE'] = _("Inspecting object classes in root object");
142 $this->checks['rootOC']['STATUS'] = FALSE;
143 $this->checks['rootOC']['STATUS_MSG']= "";
144 $this->checks['rootOC']['ERROR_MSG'] = "";
145 $this->checkBaseOC();
147 $this->checks['permissions']['TITLE'] = _("Checking permission for LDAP database");
148 $this->checks['permissions']['STATUS'] = FALSE;
149 $this->checks['permissions']['STATUS_MSG']= "";
150 $this->checks['permissions']['ERROR_MSG'] = "";
151 $this->check_ldap_permissions();
153 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible departments");
154 $this->checks['deps_visible']['STATUS'] = FALSE;
155 $this->checks['deps_visible']['STATUS_MSG']= "";
156 $this->checks['deps_visible']['ERROR_MSG'] = "";
158 $this->checks['users_visible']['TITLE'] = _("Checking for invisible users");
159 $this->checks['users_visible']['STATUS'] = FALSE;
160 $this->checks['users_visible']['STATUS_MSG']= "";
161 $this->checks['users_visible']['ERROR_MSG'] = "";
162 $this->check_gosaAccounts();
164 $this->migrate_users = array();
165 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
166 $this->checks['acls']['STATUS'] = FALSE;
167 $this->checks['acls']['STATUS_MSG']= "";
168 $this->checks['acls']['ERROR_MSG'] = "";
169 $this->check_administrativeAccount();
171 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree");
172 $this->checks['outside_users']['STATUS'] = FALSE;
173 $this->checks['outside_users']['STATUS_MSG']= "";
174 $this->checks['outside_users']['ERROR_MSG'] = "";
175 $this->search_outside_users();
177 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree");
178 $this->checks['outside_groups']['STATUS'] = FALSE;
179 $this->checks['outside_groups']['STATUS_MSG']= "";
180 $this->checks['outside_groups']['ERROR_MSG'] = "";
181 $this->search_outside_groups();
182 $this->check_organizationalUnits();
184 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation tree");
185 $this->checks['outside_winstations']['STATUS'] = FALSE;
186 $this->checks['outside_winstations']['STATUS_MSG']= "";
187 $this->checks['outside_winstations']['ERROR_MSG'] = "";
188 $this->search_outside_winstations();
190 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicated UID numbers");
191 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
192 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
193 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
194 $this->check_uidNumber();
196 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate GID numbers");
197 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
198 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
199 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
200 $this->check_gidNumber();
202 $this->checks['old_style_devices']['TITLE'] = _("Checking for old style USB devices");
203 $this->checks['old_style_devices']['STATUS'] = FALSE;
204 $this->checks['old_style_devices']['STATUS_MSG']= "";
205 $this->checks['old_style_devices']['ERROR_MSG'] = "";
206 $this->check_usb_devices();
208 $this->checks['old_style_services']['TITLE'] = _("Checking for old services that have to be migrated");
209 $this->checks['old_style_services']['STATUS'] = FALSE;
210 $this->checks['old_style_services']['STATUS_MSG']= "";
211 $this->checks['old_style_services']['ERROR_MSG'] = "";
212 $this->check_services();
214 $this->checks['old_style_menus']['TITLE'] = _("Checking for old style application menus");
215 $this->checks['old_style_menus']['STATUS'] = FALSE;
216 $this->checks['old_style_menus']['STATUS_MSG']= "";
217 $this->checks['old_style_menus']['ERROR_MSG'] = "";
218 $this->check_menus();
219 }
222 /* Check if there are uidNumbers which are used more than once.
223 */
224 function check_uidNumber()
225 {
226 /* Establish ldap connection */
227 $cv = $this->parent->captured_values;
228 $ldap_l = new LDAP($cv['admin'],
229 $cv['password'],
230 $cv['connection'],
231 FALSE,
232 $cv['tls']);
234 $ldap = new ldapMultiplexer($ldap_l);
236 $ldap->cd($cv['base']);
237 $res = $ldap->search("(&(objectClass=posixAccount)(uidNumber=*))",array("dn","uidNumber"));
238 if(!$res){
239 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
240 $this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
241 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
242 return(false);
243 }
245 $this->check_uidNumbers= array();
246 $tmp = array();
247 while($attrs = $ldap->fetch()){
248 $tmp[$attrs['uidNumber'][0]][] = $attrs;
249 }
251 foreach($tmp as $id => $entries){
252 if(count($entries) > 1){
253 foreach($entries as $entry){
254 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
255 }
256 }
257 }
259 if($this->check_uidNumbers){
260 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
261 $this->checks['uidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
262 $this->checks['uidNumber_usage']['ERROR_MSG'] =
263 sprintf(_("Found %s duplicate values for attribute 'uidNumber'."),count($this->check_uidNumbers));
264 return(false);
265 }else{
266 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
267 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
268 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
269 return(TRUE);
270 }
271 }
274 /* Check if there are duplicated gidNumbers present in ldap
275 */
276 function check_gidNumber()
277 {
278 /* Establish ldap connection */
279 $cv = $this->parent->captured_values;
280 $ldap_l = new LDAP($cv['admin'],
281 $cv['password'],
282 $cv['connection'],
283 FALSE,
284 $cv['tls']);
286 $ldap = new ldapMultiplexer($ldap_l);
288 $ldap->cd($cv['base']);
289 $res = $ldap->search("(&(objectClass=posixGroup)(gidNumber=*))",array("dn","gidNumber"));
290 if(!$res){
291 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
292 $this->checks['gidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
293 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
294 return(false);
295 }
297 $this->check_gidNumbers= array();
298 $tmp = array();
299 while($attrs = $ldap->fetch()){
300 $tmp[$attrs['gidNumber'][0]][] = $attrs;
301 }
303 foreach($tmp as $id => $entries){
304 if(count($entries) > 1){
305 foreach($entries as $entry){
306 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
307 }
308 }
309 }
311 if($this->check_gidNumbers){
312 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
313 $this->checks['gidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
314 $this->checks['gidNumber_usage']['ERROR_MSG'] =
315 sprintf(_("Found %s duplicate values for attribute 'gidNumber'."),count($this->check_gidNumbers));
316 return(false);
317 }else{
318 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
319 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
320 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
321 return(TRUE);
322 }
323 }
326 /* Search for winstations outside the winstation ou
327 */
328 function search_outside_winstations()
329 {
330 /* Establish ldap connection */
331 $cv = $this->parent->captured_values;
332 $ldap_l = new LDAP($cv['admin'],
333 $cv['password'],
334 $cv['connection'],
335 FALSE,
336 $cv['tls']);
338 $ldap = new ldapMultiplexer($ldap_l);
340 /* Get winstation ou */
341 if($cv['generic_settings']['wws_ou_active']) {
342 $winstation_ou = $cv['generic_settings']['wws_ou'];
343 }else{
344 $winstation_ou = "ou=winstations";
345 }
347 if($cv['samba_version'] == 3){
348 $oc = "sambaSamAccount";
349 }else{
350 $oc = "sambaAccount";
351 }
353 $ldap->cd($cv['base']);
354 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
355 if(!$res){
356 $this->checks['outside_winstations']['STATUS'] = FALSE;
357 $this->checks['outside_winstations']['STATUS_MSG']= _("LDAP query failed");
358 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
359 return(false);
360 }
362 $this->outside_winstations = array();
363 while($attrs = $ldap->fetch()){
364 if((!preg_match("/^[^,]+,".preg_quote($winstation_ou, '/')."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
365 $attrs['selected'] = FALSE;
366 $attrs['ldif'] = "";
367 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
368 }
369 }
371 if(count($this->outside_winstations)){
372 $this->checks['outside_winstations']['STATUS'] = FALSE;
373 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
374 $this->checks['outside_winstations']['ERROR_MSG'] =
375 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
376 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."...'>";
377 return(false);
378 }else{
379 $this->checks['outside_winstations']['STATUS'] = TRUE;
380 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
381 $this->checks['outside_winstations']['ERROR_MSG'] = "";
382 return(TRUE);
383 }
384 }
387 /* Search for groups outside the group ou
388 */
389 function search_outside_groups()
390 {
391 /* Establish ldap connection */
392 $cv = $this->parent->captured_values;
393 $ldap_l = new LDAP($cv['admin'],
394 $cv['password'],
395 $cv['connection'],
396 FALSE,
397 $cv['tls']);
399 $ldap = new ldapMultiplexer($ldap_l);
401 $group_ou = $cv['groupou'];
402 $ldap->cd($cv['base']);
404 /***********
405 * Get all gosaDepartments to be able to
406 * validate correct ldap tree position of every single user
407 ***********/
408 $valid_deps = array();
409 $valid_deps['/'] = $cv['base'];
410 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
411 while($attrs = $ldap->fetch()){
412 $valid_deps[] = $attrs['dn'];
413 }
415 /***********
416 * Get all groups
417 ***********/
418 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
419 if(!$res){
420 $this->checks['outside_groups']['STATUS'] = FALSE;
421 $this->checks['outside_groups']['STATUS_MSG']= _("LDAP query failed");
422 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
423 return(false);
424 }
426 $this->outside_groups = array();
427 $this->groups_list = array();;
428 while($attrs = $ldap->fetch()){
429 $group_db_base = preg_replace("/^[^,]+,".preg_quote($group_ou, '/')."+,/i","",$attrs['dn']);
431 /* Check if entry is not an addressbook only user
432 * and verify that he is in a valid department
433 */
434 if( !preg_match("/".preg_quote("dc=addressbook,", '/')."/",$group_db_base) &&
435 !in_array_strict($group_db_base,$valid_deps)
436 ){
437 $attrs['selected'] = FALSE;
438 $attrs['ldif'] = "";
439 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
440 }
441 $this->group_list[] = $attrs['dn'];
442 }
444 if(count($this->outside_groups)){
445 $this->checks['outside_groups']['STATUS'] = FALSE;
446 $this->checks['outside_groups']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
447 $this->checks['outside_groups']['ERROR_MSG'] =
448 sprintf(_("Found %s groups outside the configured tree '%s'."),count($this->outside_groups),$group_ou);
449 $this->checks['outside_groups']['ERROR_MSG'].= " <input type='submit' name='outside_groups_dialog' value='"._("Move")."...'>";
450 return(false);
451 }else{
452 $this->checks['outside_groups']['STATUS'] = TRUE;
453 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
454 $this->checks['outside_groups']['ERROR_MSG'] = "";
455 return(TRUE);
456 }
457 }
459 /* Search for users outside the people ou
460 */
461 function search_outside_users()
462 {
463 /* Establish ldap connection */
464 $cv = $this->parent->captured_values;
465 $ldap_l = new LDAP($cv['admin'],
466 $cv['password'],
467 $cv['connection'],
468 FALSE,
469 $cv['tls']);
471 $ldap = new ldapMultiplexer($ldap_l);
472 $ldap->cd($cv['base']);
475 /***********
476 * Get all gosaDepartments to be able to
477 * validate correct ldap tree position of every single user
478 ***********/
479 $valid_deps = array();
480 $valid_deps['/'] = $cv['base'];
481 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
482 while($attrs = $ldap->fetch()){
483 $valid_deps[] = $attrs['dn'];
484 }
486 /***********
487 * Search for all users
488 ***********/
489 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
490 if(!$res){
491 $this->checks['outside_users']['STATUS'] = FALSE;
492 $this->checks['outside_users']['STATUS_MSG']= _("LDAP query failed");
493 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
494 return(false);
495 }
497 /***********
498 * Check if returned users are within a valid GOsa deparmtment. (peopleou,gosaDepartment,base)
499 ***********/
500 $this->outside_users = array();
501 $people_ou = trim($cv['peopleou']);
502 if(!empty($people_ou)){
503 $people_ou = $people_ou.",";
504 }
506 while($attrs = $ldap->fetch()){
507 $people_db_base = preg_replace("/^[^,]+,".preg_quote($people_ou, '/')."/i","",$attrs['dn']);
509 /* Check if entry is not an addressbook only user
510 * and verify that he is in a valid department
511 */
512 if( !preg_match("/dc=addressbook,/",$people_db_base) &&
513 !in_array_strict($people_db_base,$valid_deps)
514 ){
515 $attrs['selected'] = FALSE;
516 $attrs['ldif'] = "";
517 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
518 }
519 }
521 if(count($this->outside_users)){
522 $this->checks['outside_users']['STATUS'] = FALSE;
523 $this->checks['outside_users']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
524 $this->checks['outside_users']['ERROR_MSG'] =
525 sprintf(_("Found %s user(s) outside the configured tree '%s'."),count($this->outside_users),$people_ou);
526 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Move")."...'>";
527 return(false);
528 }else{
529 $this->checks['outside_users']['STATUS'] = TRUE;
530 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
531 $this->checks['outside_users']['ERROR_MSG'] = "";
532 return(TRUE);
533 }
534 }
537 /* Check ldap accessibility
538 * Create and remove a dummy object,
539 * to ensure that we have the necessary permissions
540 */
541 function check_ldap_permissions()
542 {
543 /* Establish ldap connection */
544 $cv = $this->parent->captured_values;
545 $ldap_l = new LDAP($cv['admin'],
546 $cv['password'],
547 $cv['connection'],
548 FALSE,
549 $cv['tls']);
551 $ldap = new ldapMultiplexer($ldap_l);
553 /* Create dummy entry
554 */
555 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
556 $dn = "ou=".$name.",".$cv['base'];
557 $testEntry= array();
558 $testEntry['objectClass'][]= "top";
559 $testEntry['objectClass'][]= "organizationalUnit";
560 $testEntry['objectClass'][]= "gosaDepartment";
561 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
562 $testEntry['ou'] = $name;
564 /* check if simple ldap cat will be successful
565 */
566 $res = $ldap->cat($cv['base']);
567 if(!$res){
568 $this->checks['permissions']['STATUS'] = FALSE;
569 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
570 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
571 return(false);
572 }
574 /* Try to create dummy object
575 */
576 $ldap->cd ($dn);
577 $res = $ldap->add($testEntry);
578 $ldap->cat($dn);
579 if(!$ldap->count()){
580 new log("view","setup/".get_class($this),$dn,array(),$ldap->get_error());
582 $this->checks['permissions']['STATUS'] = FALSE;
583 $this->checks['permissions']['STATUS_MSG']= _("Failed");
584 $this->checks['permissions']['ERROR_MSG'] =
585 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
586 return(false);
587 }
589 /* Try to remove created entry
590 */
591 $res = $ldap->rmDir($dn);
592 $ldap->cat($dn);
593 if($ldap->count()){
594 new log("view","setup/".get_class($this),$dn,array(),$ldap->get_error());
595 $this->checks['permissions']['STATUS'] = FALSE;
596 $this->checks['permissions']['STATUS_MSG']= _("Failed");
597 $this->checks['permissions']['ERROR_MSG'] =
598 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
599 return(false);
600 }
602 /* Create & remove of dummy object was successful */
603 $this->checks['permissions']['STATUS'] = TRUE;
604 $this->checks['permissions']['STATUS_MSG']= _("Ok");
605 $this->checks['permissions']['ERROR_MSG'] = "";
606 return(true);
607 }
610 /* Check if there are users which will
611 * be invisible for GOsa
612 */
613 function check_gosaAccounts()
614 {
615 /* Remember old list of ivisible users, to be able to set
616 * the 'html checked' status for the checkboxes again
617 */
618 $cnt_ok = 0;
619 $old = $this->users_to_migrate;
620 $this->users_to_migrate = array();
622 /* Establish ldap connection */
623 $cv = $this->parent->captured_values;
624 $ldap_l = new LDAP($cv['admin'],
625 $cv['password'],
626 $cv['connection'],
627 FALSE,
628 $cv['tls']);
630 $ldap = new ldapMultiplexer($ldap_l);
632 /* Get all invisible users
633 */
634 $ldap->cd($cv['base']);
635 $res =$ldap->search("(&(|(objectClass=posixAccount)(&(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))(!(objectClass=gosaAccount))(uid=*))",array("sn","givenName","cn","uid"));
636 while($attrs = $ldap->fetch()){
637 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
638 $attrs['checked'] = FALSE;
639 $attrs['before'] = "";
640 $attrs['after'] = "";
642 /* Set objects to selected, that were selected before reload */
643 if(isset($old[base64_encode($attrs['dn'])])){
644 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
645 }
646 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
647 }
648 }
650 /* No invisible */
651 if(!$res){
652 $this->checks['users_visible']['STATUS'] = FALSE;
653 $this->checks['users_visible']['STATUS_MSG']= _("LDAP query failed");
654 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
655 }elseif(count($this->users_to_migrate) == 0){
656 $this->checks['users_visible']['STATUS'] = TRUE;
657 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
658 $this->checks['users_visible']['ERROR_MSG'] = "";
659 }else{
660 $this->checks['users_visible']['STATUS'] = FALSE;
661 $this->checks['users_visible']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
662 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s user(s) that will not be visible in GOsa."),
663 count($this->users_to_migrate));
664 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."...'>";
665 }
666 }
669 /* Start user account migration
670 */
671 function migrate_gosaAccounts($only_ldif = FALSE)
672 {
673 $this->show_details= $only_ldif;
675 /* Establish ldap connection */
676 $cv = $this->parent->captured_values;
677 $ldap_l = new LDAP($cv['admin'],
678 $cv['password'],
679 $cv['connection'],
680 FALSE,
681 $cv['tls']);
683 $ldap = new ldapMultiplexer($ldap_l);
685 /* Add gosaAccount objectClass to the selected users
686 */
687 foreach($this->users_to_migrate as $key => $dep){
688 if($dep['checked']){
690 /* Get old objectClasses */
691 $ldap->cat($dep['dn'],array("objectClass"));
692 $attrs = $ldap->fetch();
694 /* Create new objectClass array */
695 $new_attrs = array();
696 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson","person");
697 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
698 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
699 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
700 }
701 }
703 /* Set info attributes for current object,
704 * or write changes to the ldap database
705 */
706 if($only_ldif){
707 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
708 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
709 }else{
710 $ldap->cd($attrs['dn']);
711 if(!$ldap->modify($new_attrs)){
712 msg_dialog::display(_("Migration error"), sprintf(_("Cannot migrate department '%s':")."<br><br><i>%s</i>",LDAP::fix($attrs['dn']),$ldap->get_error()), ERROR_DIALOG);
713 return(false);
714 }
715 }
716 }
717 }
718 return(TRUE);
719 }
722 /* Check if there are invisible organizational Units
723 */
724 function check_organizationalUnits()
725 {
726 $cnt_ok = 0;
727 $old = $this->deps_to_migrate;
728 $this->deps_to_migrate = array();
730 /* Establish ldap connection */
731 $cv = $this->parent->captured_values;
732 $ldap_l = new LDAP($cv['admin'],
733 $cv['password'],
734 $cv['connection'],
735 FALSE,
736 $cv['tls']);
738 $ldap = new ldapMultiplexer($ldap_l);
740 /* Skip GOsa internal departments */
741 $skip_dns = array("/".$cv['peopleou']."/","/".$cv['groupou']."/","/^ou=people,/","/^ou=groups,/","/^ou=sudoers,/",
742 "/(,|)ou=configs,/","/(,|)ou=systems,/",
743 "/(,|)ou=apps,/","/(,|)ou=mime,/","/(,|)ou=devices/","/^ou=aclroles,/","/^ou=incoming,/",
744 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
745 "/(,|)ou=winstations,/","/(,|)ou=roles,/");
749 /* Get all invisible departments */
750 $ldap->cd($cv['base']);
751 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
752 while($attrs = $ldap->fetch()){
753 $attrs['checked'] = FALSE;
754 $attrs['before'] = "";
755 $attrs['after'] = "";
757 /* Set objects to selected, that were selected before reload */
758 if(isset($old[base64_encode($attrs['dn'])])){
759 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
760 }
761 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
762 }
764 /* Filter returned list of departments and ensure that
765 * GOsa internal departments will not be listed
766 */
767 foreach($this->deps_to_migrate as $key => $attrs){
768 $dn = $attrs['dn'];
769 $skip = false;;
771 /* Check if this object is an application release object
772 e.g. groups-> application menus.
773 */
774 if(preg_match("/^.*,[ ]*cn=/",$dn)){
775 $cn_dn = preg_replace("/^.*,[ ]*cn=/","cn=",$dn);
776 if(in_array_strict($cn_dn,$this->group_list)){
777 $skip = true;
778 }
779 }
781 foreach($skip_dns as $skip_dn){
782 if(preg_match($skip_dn,$dn)){
783 $skip = true;
784 }
785 }
786 if($skip){
787 unset($this->deps_to_migrate[$key]);
788 }
789 }
791 /* If we have no invisible departments found
792 * tell the user that everything is ok
793 */
794 if(!$res){
795 $this->checks['deps_visible']['STATUS'] = FALSE;
796 $this->checks['deps_visible']['STATUS_MSG']= _("LDAP query failed");
797 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
798 }elseif(count($this->deps_to_migrate) == 0 ){
799 $this->checks['deps_visible']['STATUS'] = TRUE;
800 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
801 $this->checks['deps_visible']['ERROR_MSG'] = "";
802 }else{
803 $this->checks['deps_visible']['STATUS'] = TRUE;
804 $this->checks['deps_visible']['STATUS_MSG']= '<font style="color:#FFA500">'._("Warning").'</font>';
805 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s department(s) that will not be visible in GOsa."),count($this->deps_to_migrate));
806 $this->checks['deps_visible']['ERROR_MSG'] .= " <input type='submit' name='deps_visible_migrate' value='"._("Migrate")."...'>";
807 }
808 }
812 /* Start deparmtment migration */
813 function migrate_organizationalUnits($only_ldif = FALSE)
814 {
815 $this->show_details= $only_ldif;
817 /* Establish ldap connection */
818 $cv = $this->parent->captured_values;
819 $ldap_l = new LDAP($cv['admin'],
820 $cv['password'],
821 $cv['connection'],
822 FALSE,
823 $cv['tls']);
825 $ldap = new ldapMultiplexer($ldap_l);
827 /* Add gosaDepartment objectClass to each selected entry
828 */
829 foreach($this->deps_to_migrate as $key => $dep){
830 if($dep['checked']){
832 /* Get current objectClasses */
833 $ldap->cat($dep['dn'],array("objectClass","description"));
834 $attrs = $ldap->fetch();
836 /* Create new objectClass attribute including gosaDepartment*/
837 $new_attrs = array();
838 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
839 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
840 }
841 $new_attrs['objectClass'][] = "gosaDepartment";
843 /* Append description it is missing */
844 if(!isset($attrs['description'])){
845 $new_attrs['description'][] = "GOsa department";
846 }
848 /* Depending on the parameter >only_diff< we save the changes as ldif
849 * or we write our changes directly to the ldap database
850 */
851 if($only_ldif){
852 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
853 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
854 }else{
855 $ldap->cd($attrs['dn']);
856 if(!$ldap->modify($new_attrs)){
857 msg_dialog::display(_("Migration error"), sprintf(_("Cannot migrate department '%s':")."<br><br><i>%s</i>",LDAP::fix($attrs['dn']), $ldap->get_error()), ERROR_DIALOG);
858 return(false);
859 }
860 }
861 }
862 }
863 return(TRUE);
864 }
867 /* Check Acls if there is at least one object with acls defined
868 */
869 function check_administrativeAccount()
870 {
871 /* Reset settings
872 */
873 $GOsa_26_found = FALSE;
874 $this->migrate_users = array();
875 $this->acl_migrate_dialog = FALSE;
876 $this->migrate_acl_base_entry = "";
878 /* Establish ldap connection */
879 $cv = $this->parent->captured_values;
880 $ldap_l = new LDAP($cv['admin'],
881 $cv['password'],
882 $cv['connection'],
883 FALSE,
884 $cv['tls']);
886 $ldap = new ldapMultiplexer($ldap_l);
887 $ldap->cd($cv['base']);
888 $res = $ldap->cat($cv['base']);
890 if(!$res){
891 $this->checks['acls']['STATUS'] = FALSE;
892 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
893 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
894 }else{
895 $GOsa_26_found = false; // GOsa 2.6 Account found
896 $GOsa_25_found = false; // GOsa 2.5 Account found, allow migration
898 $username = "";
899 $attrs = $ldap->fetch();
901 /* Collect a list of available GOsa users and groups
902 */
903 $users = array();
904 $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)".
905 "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn"));
906 while($user_attrs = $ldap->fetch()){
907 $users[$user_attrs['dn']] = $user_attrs['uid'][0];
908 $rusers[$user_attrs['uid'][0]] = $user_attrs['dn'];
909 }
910 $groups = array();
911 $ldap->search("objectClass=posixGroup",array("cn","dn"));
912 while($group_attrs = $ldap->fetch()){
913 $groups[$group_attrs['dn']] = $group_attrs['cn'][0];
914 }
916 /* Check if a valid GOsa 2.6 admin exists
917 -> gosaAclEntry for an existing and accessible user.
918 */
919 $valid_users = "";
920 $valid_groups = "";
921 if(isset($attrs['gosaAclEntry'])){
922 $acls = $attrs['gosaAclEntry'];
923 for($i = 0 ; $i < $acls['count'] ; $i++){
924 $acl = $acls[$i];
925 $tmp = explode(":",$acl);
927 if($tmp[1] == "psub"){
928 $members = explode(",",$tmp[2]);
929 foreach($members as $member){
930 $member = base64_decode($member);
931 if(isset($users[$member])){
932 if(preg_match("/all;cmdrw/i",$tmp[3])){
933 $valid_users .= $users[$member].", ";
934 $GOsa_26_found = TRUE;
935 }
936 }
937 if(isset($groups[$member])){
938 if(preg_match("/all;cmdrw/i",$tmp[3])){
939 $ldap->cat($member);
940 $group_attrs = $ldap->fetch();
941 $val_users = "";
942 if(isset($group_attrs['memberUid'])){
943 for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){
944 if(isset($rusers[$group_attrs['memberUid'][$e]])){
945 $val_users .= $group_attrs['memberUid'][$e].", ";
946 }
947 }
948 }
949 if(!empty($val_users)){
950 $valid_groups .= $groups[$member]."(<i>".trim($val_users,", ")."</i>), ";
951 $GOsa_26_found = TRUE;
952 }
953 }
954 }
955 }
956 }elseif($tmp[1] == "role"){
958 /* Check if acl owner is a valid GOsa user account */
959 $ldap->cat(base64_decode($tmp[2]),array("gosaAclTemplate"));
960 $ret = $ldap->fetch();
962 if(isset($ret['gosaAclTemplate'])){
963 $cnt = $ret['gosaAclTemplate']['count'];
964 for($e = 0 ; $e < $cnt ; $e++){
966 $a_str = $ret['gosaAclTemplate'][$e];
967 if(preg_match("/^[0-9]*:psub:/",$a_str) && preg_match("/:all;cmdrw$/",$a_str)){
969 $members = explode(",",$tmp[3]);
970 foreach($members as $member){
971 $member = base64_decode($member);
973 if(isset($users[$member])){
974 $valid_users .= $users[$member].", ";
975 $GOsa_26_found = TRUE;
976 }
977 if(isset($groups[$member])){
978 $ldap->cat($member);
979 $group_attrs = $ldap->fetch();
980 $val_users = "";
981 if(isset($group_attrs['memberUid'])){
982 for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){
983 if(isset($rusers[$group_attrs['memberUid'][$e]])){
984 $val_users .= $group_attrs['memberUid'][$e].", ";
985 }
986 }
987 }
988 if(!empty($val_users)){
989 $valid_groups .= $groups[$member]."(<i>".trim($val_users,", ")."</i>), ";
990 $GOsa_26_found = TRUE;
991 }
992 }
993 }
994 }
995 }
996 }
997 }
998 }
999 }
1001 /* Try to find an old GOsa 2.5 administrative account that may be migrated
1002 */
1003 if(!$GOsa_26_found){
1004 $valid_users = "";
1005 $valid_groups = "";
1006 $ldap->cd($cv['base']);
1007 $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
1008 while($p_group = $ldap->fetch()){
1009 $val_users = "";
1010 for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){
1011 $user = $p_group['memberUid'][$e];
1012 if(isset($rusers[$user])){
1013 $val_users .= $user.", ";
1014 }
1015 }
1016 if(!empty($val_users)){
1017 $valid_groups .= $groups[$p_group['dn']]."(<i>".trim($val_users,", ")."</i>), ";
1018 $GOsa_25_found = TRUE;
1019 }
1020 }
1021 }
1024 /* Print out results
1025 */
1026 if($GOsa_25_found){
1027 $str = "";
1028 if(!empty($valid_groups)){
1029 $str.= "<i>".sprintf(_("GOsa 2.5 administrative accounts found: %s"),trim($valid_groups,", "))."</i><br>";
1030 }
1031 $this->checks['acls']['STATUS'] = FALSE;
1032 $this->checks['acls']['STATUS_MSG']= _("Failed");
1033 $this->checks['acls']['ERROR_MSG'] = $str;
1034 $this->checks['acls']['ERROR_MSG'].= _("There is no valid GOsa 2.6 administrator account inside your LDAP.")." ";
1035 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='migrate_acls' value='"._("Migrate")."'>";
1036 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
1037 }elseif($GOsa_26_found){
1038 $str = "";
1039 if(!empty($valid_users)){
1040 $str.= "<b>"._("Users")."</b>: ".trim($valid_users,", ")."<br>";
1041 }
1042 if(!empty($valid_groups)){
1043 $str.= "<b>"._("Groups")."</b>: ".trim($valid_groups,", ")."<br>";
1044 }
1045 $this->checks['acls']['STATUS'] = TRUE;
1046 $this->checks['acls']['STATUS_MSG']= _("Ok");
1047 $this->checks['acls']['ERROR_MSG'] = $str;
1048 }else{
1049 $this->checks['acls']['STATUS'] = FALSE;
1050 $this->checks['acls']['STATUS_MSG']= _("Failed");
1051 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
1052 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
1053 }
1054 }
1056 // Reload base OC
1057 $this->checkBaseOC();
1058 return($GOsa_26_found);
1059 }
1063 function create_admin($only_ldif = FALSE)
1064 {
1065 /* Reset '' */
1066 $this->acl_create_changes="";
1068 /* Object that should receive admin acls */
1069 $dn = $this->acl_create_selected;
1071 /* Get collected configuration settings */
1072 $cv = $this->parent->captured_values;
1074 /* On first call check for rid/sid base */
1075 $ldap_l = new LDAP($cv['admin'],
1076 $cv['password'],
1077 $cv['connection'],
1078 FALSE,
1079 $cv['tls']);
1081 $ldap = new ldapMultiplexer($ldap_l);
1083 /* Get current base attributes */
1084 $ldap->cd($cv['base']);
1085 $ldap->cat($cv['base'],array("dn","objectClass","gosaAclEntry"));
1086 $attrs = $ldap->fetch();
1088 /* Add acls for the selcted user to the base */
1089 $attrs_new = array();
1090 $attrs_new['objectClass'] = array("gosaACL");
1092 for($i = 0; $i < $attrs['objectClass']['count']; $i ++){
1093 if(!in_array_ics($attrs['objectClass'][$i],$attrs_new['objectClass'])){
1094 $attrs_new['objectClass'][] = $attrs['objectClass'][$i];
1095 }
1096 }
1098 $acl = "0:psub:".base64_encode($dn).":all;cmdrw";
1099 $attrs_new['gosaAclEntry'][] = $acl;
1100 if(isset($attrs['gosaAclEntry'])){
1101 for($i = 0 ; $i < $attrs['gosaAclEntry']['count']; $i ++){
1103 $prio = preg_replace("/[:].*$/","",$attrs['gosaAclEntry'][$i]);
1104 $rest = preg_replace("/^[^:]/","",$attrs['gosaAclEntry'][$i]);
1106 $data = ($prio+1).$rest;
1107 $attrs_new['gosaAclEntry'][] = $data;
1108 }
1109 }
1111 if($only_ldif){
1112 $this->acl_create_changes ="\n".($ldap->fix($cv['base']))."\n";
1113 $this->acl_create_changes.=$this->array_to_ldif($attrs)."\n";
1114 $this->acl_create_changes.="\n".($ldap->fix($cv['base']))."\n";
1115 $this->acl_create_changes.=$this->array_to_ldif($attrs_new);
1116 }else{
1118 $ldap->cd($cv['base']);
1119 if(!$ldap->modify($attrs_new)){
1120 msg_dialog::display(_("Migration error"), sprintf(_("Cannot add ACL for user '%s':")."<br><br><i>%s</i>", LDAP::fix($dn), $ldap->get_error()), ERROR_DIALOG);
1121 return(FALSE);
1122 }else{
1123 return(TRUE);
1124 }
1125 }
1126 }
1129 function create_admin_user()
1130 {
1131 $pw1 = $pw2 = "";
1132 $uid = "";
1134 /* On first call check for rid/sid base */
1135 $cv = $this->parent->captured_values;
1136 $ldap_l = new LDAP($cv['admin'],
1137 $cv['password'],
1138 $cv['connection'],
1139 FALSE,
1140 $cv['tls']);
1142 $ldap = new ldapMultiplexer($ldap_l);
1144 if(isset($_POST['new_user_uid'])){
1145 $uid = $_POST['new_user_uid'];
1146 }
1147 if(isset($_POST['new_user_password'])){
1148 $pw1 = $_POST['new_user_password'];
1149 }
1150 if(isset($_POST['new_user_password2'])){
1151 $pw2 = $_POST['new_user_password2'];
1152 }
1155 $ldap->cd($cv['base']);
1156 $ldap->search("(uid=".$uid.")");
1157 if($ldap->count()){
1158 msg_dialog::display(_("Input error"),msgPool::duplicated(_("Uid")), ERROR_DIALOG);
1159 return false;
1160 }
1162 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
1163 msg_dialog::display(_("Password error"), _("Provided passwords do not match!"), ERROR_DIALOG);
1164 return false;
1165 }
1167 if(!tests::is_uid($uid) || empty($uid)){
1168 msg_dialog::display(_("Input error"), _("Specify a valid user ID!"), ERROR_DIALOG);
1169 return false;
1170 }
1173 /* Get current base attributes */
1174 $ldap->cd($cv['base']);
1176 $people_ou = trim($cv['peopleou']);
1177 if(!empty($people_ou)){
1178 $people_ou = trim($people_ou).",";
1179 }
1181 if($cv['peopledn'] == "cn"){
1182 $dn = "cn=System Administrator-".$uid.",".$people_ou.$cv['base'];
1183 }else{
1184 $dn = "uid=".$uid.",".$people_ou.$cv['base'];
1185 }
1187 $hash = passwordMethod::make_hash($pw2, $cv['encryption']);
1189 $new_user=array();
1190 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
1191 $new_user['givenName'] = "System";
1192 $new_user['sn'] = "Administrator";
1193 $new_user['cn'] = "System Administrator-".$uid;
1194 $new_user['uid'] = $uid;
1195 $new_user['userPassword'] = $hash;
1197 $ldap->cd($cv['base']);
1199 $ldap->cat($dn,array("dn"));
1200 if($ldap->count()){
1201 msg_dialog::display(_("Error"), sprintf(_("Adding an administrative user failed: object '%s' already exists!"), LDAP::fix($dn)), ERROR_DIALOG);
1202 return(FALSE);
1203 }
1205 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
1206 $ldap->cd($dn);
1207 $res = $ldap->add($new_user);
1208 $this->acl_create_selected = $dn;
1209 $this->create_admin();
1211 if(!$res){
1212 msg_dialog::display(_("LDAP error"), $ldap->get_error(), ERROR_DIALOG);
1213 return(FALSE);
1214 }
1216 $this->acl_create_dialog=FALSE;
1217 $this->check_administrativeAccount();
1218 return(TRUE);
1219 }
1222 function migrate_outside_winstations($perform = FALSE)
1223 {
1224 /* Establish ldap connection */
1225 $cv = $this->parent->captured_values;
1226 $ldap_l = new LDAP($cv['admin'],
1227 $cv['password'],
1228 $cv['connection'],
1229 FALSE,
1230 $cv['tls']);
1232 $ldap = new ldapMultiplexer($ldap_l);
1234 $ldap->cd($cv['base']);
1236 /* Check if there was a destination department posted */
1237 if(isset($_POST['move_winstation_to'])){
1238 $destination_dep = $_POST['move_winstation_to'];
1239 }else{
1240 msg_dialog::display(_("LDAP error"), _("Cannot move users to the requested department!"), ERROR_DIALOG);
1241 return(false);
1242 }
1244 foreach($this->outside_winstations as $b_dn => $data){
1245 $this->outside_winstations[$b_dn]['ldif'] ="";
1246 if($data['selected']){
1247 $dn = base64_decode($b_dn);
1248 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1249 if(!$perform){
1250 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".($ldap->fix($dn))."<br>"._("to").":<br>\t".($ldap->fix($d_dn));
1253 /* Check if there are references to this object */
1254 $ldap->search("(&(member=".LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1255 $refs = "";
1256 while($attrs = $ldap->fetch()){
1257 $ref_dn = $attrs['dn'];
1258 $refs .= "<br />\t".$ref_dn;
1259 }
1260 if(!empty($refs)){
1261 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1262 }
1264 }else{
1265 $this->move($dn,$d_dn);
1266 }
1267 }
1268 }
1269 }
1272 function migrate_outside_groups($perform = FALSE)
1273 {
1274 /* Establish ldap connection */
1275 $cv = $this->parent->captured_values;
1276 $ldap_l = new LDAP($cv['admin'],
1277 $cv['password'],
1278 $cv['connection'],
1279 FALSE,
1280 $cv['tls']);
1282 $ldap = new ldapMultiplexer($ldap_l);
1283 $ldap->cd($cv['base']);
1285 /* Check if there was a destination department posted */
1286 if(isset($_POST['move_group_to'])){
1287 $destination_dep = $_POST['move_group_to'];
1288 }else{
1289 msg_dialog::display(_("LDAP error"), _("Cannot move users to the requested department!"), ERROR_DIALOG);
1290 return(false);
1291 }
1293 foreach($this->outside_groups as $b_dn => $data){
1294 $this->outside_groups[$b_dn]['ldif'] ="";
1295 if($data['selected']){
1296 $dn = base64_decode($b_dn);
1297 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1298 if(!$perform){
1300 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".($ldap->fix($dn))."<br>"._("to").":<br>\t".($ldap->fix($d_dn));
1302 /* Check if there are references to this object */
1303 $ldap->search("(&(member=".LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1304 $refs = "";
1305 while($attrs = $ldap->fetch()){
1306 $ref_dn = $attrs['dn'];
1307 $refs .= "<br />\t".$ref_dn;
1308 }
1309 if(!empty($refs)){
1310 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1311 }
1313 }else{
1314 $this->move($dn,$d_dn);
1315 }
1316 }
1317 }
1318 }
1321 function migrate_outside_users($perform = FALSE)
1322 {
1323 /* Establish ldap connection */
1324 $cv = $this->parent->captured_values;
1325 $ldap_l = new LDAP($cv['admin'],
1326 $cv['password'],
1327 $cv['connection'],
1328 FALSE,
1329 $cv['tls']);
1331 $ldap = new ldapMultiplexer($ldap_l);
1332 $ldap->cd($cv['base']);
1334 /* Check if there was a destination department posted */
1335 if(isset($_POST['move_user_to'])){
1336 $destination_dep = $_POST['move_user_to'];
1337 }else{
1338 msg_dialog::display(_("LDAP error"), _("Cannot move users to the requested department!"), ERROR_DIALOG);
1339 return(false);
1340 }
1342 foreach($this->outside_users as $b_dn => $data){
1343 $this->outside_users[$b_dn]['ldif'] ="";
1344 if($data['selected']){
1345 $dn = base64_decode($b_dn);
1346 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1347 if(!$perform){
1348 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".($ldap->fix($dn))."<br>"._("to").":<br>\t".($ldap->fix($d_dn));
1350 /* Check if there are references to this object */
1351 $ldap->search("(&(member=".LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1352 $refs = "";
1353 while($attrs = $ldap->fetch()){
1354 $ref_dn = $attrs['dn'];
1355 $refs .= "<br />\t".$ref_dn;
1356 }
1357 if(!empty($refs)){
1358 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("The following references will be updated").":</i>".$refs;
1359 }
1361 }else{
1362 $this->move($dn,$d_dn);
1363 }
1364 }
1365 }
1366 }
1369 function execute()
1370 {
1371 /* Initialise checks if this is the first call */
1372 if(!$this->checks_initialised || isset($_POST['reload'])){
1373 $this->initialize_checks();
1374 $this->checks_initialised = TRUE;
1375 }
1377 /*************
1378 * Winstations outside the group ou
1379 *************/
1381 if(isset($_POST['outside_winstations_dialog_cancel'])){
1382 $this->outside_winstations_dialog = FALSE;
1383 $this->dialog = FALSE;
1384 $this->show_details = FALSE;
1385 }
1387 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1388 $this->migrate_outside_winstations(FALSE);
1389 }
1391 if(isset($_POST['outside_winstations_dialog_perform'])){
1392 $this->migrate_outside_winstations(TRUE);
1393 $this->search_outside_winstations();
1394 $this->dialog = FALSE;
1395 $this->show_details = FALSE;
1396 $this->outside_winstations_dialog = FALSE;
1397 }
1399 if(isset($_POST['outside_winstations_dialog'])){
1400 $this->outside_winstations_dialog = TRUE;
1401 $this->dialog = TRUE;
1402 }
1404 if($this->outside_winstations_dialog){
1406 /* Fix displayed dn syntax */
1407 $tmp = $this->outside_winstations;
1408 foreach($tmp as $key => $data){
1409 $tmp[$key]['dn'] = LDAP::fix($data['dn']);
1410 }
1412 $smarty = get_smarty();
1413 $smarty->assign("ous",$this->get_all_winstation_ous());
1414 $smarty->assign("method","outside_winstations");
1415 $smarty->assign("outside_winstations",$tmp);
1416 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1417 }
1418 /*************
1419 * Groups outside the group ou
1420 *************/
1422 if(isset($_POST['outside_groups_dialog_cancel'])){
1423 $this->outside_groups_dialog = FALSE;
1424 $this->show_details = FALSE;
1425 $this->dialog = FALSE;
1426 }
1428 if(isset($_POST['outside_groups_dialog_whats_done'])){
1429 $this->show_details= TRUE;
1430 $this->migrate_outside_groups(FALSE);
1431 }
1433 if(isset($_POST['outside_groups_dialog_refresh'])){
1434 $this->show_details= FALSE;
1435 }
1437 if(isset($_POST['outside_groups_dialog_perform'])){
1438 $this->migrate_outside_groups(TRUE);
1439 $this->dialog = FALSE;
1440 $this->show_details = FALSE;
1441 $this->outside_groups_dialog = FALSE;
1442 $this->initialize_checks();
1443 }
1445 if(isset($_POST['outside_groups_dialog'])){
1446 $this->outside_groups_dialog = TRUE;
1447 $this->dialog = TRUE;
1448 }
1450 if($this->outside_groups_dialog){
1452 /* Fix displayed dn syntax */
1453 $tmp = $this->outside_groups;
1454 foreach($tmp as $key => $data){
1455 $tmp[$key]['dn'] = LDAP::fix($data['dn']);
1456 }
1458 $smarty = get_smarty();
1459 $smarty->assign("ous",$this->get_all_group_ous());
1460 $smarty->assign("method","outside_groups");
1461 $smarty->assign("outside_groups",$tmp);
1462 $smarty->assign("group_details", $this->show_details);
1463 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1464 }
1466 /*************
1467 * User outside the people ou
1468 *************/
1470 if(isset($_POST['outside_users_dialog_cancel'])){
1471 $this->outside_users_dialog = FALSE;
1472 $this->dialog = FALSE;
1473 $this->show_details = FALSE;
1474 }
1476 if(isset($_POST['outside_users_dialog_whats_done'])){
1477 $this->show_details= TRUE;
1478 $this->migrate_outside_users(FALSE);
1479 }
1481 if(isset($_POST['outside_users_dialog_perform'])){
1482 $this->migrate_outside_users(TRUE);
1483 $this->initialize_checks();
1484 $this->dialog = FALSE;
1485 $this->show_details = FALSE;
1486 $this->outside_users_dialog = FALSE;
1487 }
1489 if (isset($_POST['outside_users_dialog_refresh'])){
1490 $this->show_details= FALSE;
1491 }
1493 if(isset($_POST['outside_users_dialog'])){
1494 $this->outside_users_dialog = TRUE;
1495 $this->dialog = TRUE;
1496 }
1498 if($this->outside_users_dialog){
1500 /* Fix displayed dn syntax */
1501 $tmp = $this->outside_users;
1502 foreach($tmp as $key => $data){
1503 $tmp[$key]['dn'] = LDAP::fix($data['dn']);
1504 }
1506 $smarty = get_smarty();
1507 $smarty->assign("ous",$this->get_all_people_ous());
1508 $smarty->assign("method","outside_users");
1509 $smarty->assign("outside_users",$tmp);
1510 $smarty->assign("user_details", $this->show_details);
1511 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1512 }
1514 /*************
1515 * Root object check
1516 *************/
1518 if(isset($_POST['retry_root_create'])){
1520 $state = $this->checks['root']['STATUS'];
1521 $this->checkBase(FALSE);
1522 if($state != $this->checks['root']['STATUS']){
1523 $this->initialize_checks();
1524 }
1525 }
1527 /*************
1528 * Root object class check
1529 *************/
1531 if(isset($_POST['root_add_objectclasses'])){
1532 $this->rootOC_migrate_dialog = TRUE;
1533 $this->dialog = TRUE;
1534 }
1535 if(isset($_POST['rootOC_dialog_cancel'])){
1536 $this->rootOC_migrate_dialog = FALSE;
1537 $this->dialog = FALSE;
1538 }
1539 if(isset($_POST['rootOC_migrate_start'])){
1540 if($this->checkBaseOC(FALSE)){
1541 $this->checkBaseOC(); // Update overview info
1542 $this->dialog = FALSE;
1543 $this->rootOC_migrate_dialog = FALSE;
1544 }
1545 }
1548 if($this->rootOC_migrate_dialog){
1549 $smarty = get_smarty();
1550 $smarty->assign("details",$this->rootOC_details);
1551 $smarty->assign("method","rootOC_migrate_dialog");
1552 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1553 }
1555 /*************
1556 * Administrative Account -- Migrate/Create
1557 *************/
1559 if(isset($_POST['retry_acls'])){
1560 $this->check_administrativeAccount();
1561 }
1563 /* Dialog handling */
1564 if(isset($_POST['create_acls'])){
1565 $this->acl_create_dialog = TRUE;
1566 $this->dialog = TRUE;
1567 }
1569 if(isset($_POST['migrate_acls'])){
1570 $this->acl_migrate_dialog = TRUE;
1571 $this->dialog = TRUE;
1572 }
1574 if(isset($_POST['create_acls_cancel']) || isset($_POST['migrate_acls_cancel'])){
1575 $this->acl_create_dialog = FALSE;
1576 $this->acl_migrate_dialog = FALSE;
1577 $this->dialog = FALSE;
1578 $this->show_details = FALSE;
1579 }
1581 /* Account creation */
1582 if(isset($_POST['create_acls_create'])){
1583 $this->create_admin(TRUE);
1584 }
1586 if(isset($_POST['create_admin_user'])){
1587 if($this->create_admin_user()){
1588 $this->dialog = FALSE;
1589 $this->show_details = FALSE;
1590 }
1591 }
1593 /* Add admin acls for the selected users to the ldap base.
1594 */
1595 if($this->acl_migrate_dialog && isset($_POST['migrate_admin_user'])){
1597 /* Update ldap and reload check infos
1598 */
1599 $this->migrate_selected_admin_users();
1600 $this->dialog = FALSE;
1601 $this->acl_migrate_dialog = FALSE;
1603 }elseif($this->acl_migrate_dialog){
1605 /* Display admin migration dialog.
1606 */
1607 $this->migrate_users();
1608 $smarty = get_smarty();
1610 /* Do we have to display the changes
1611 */
1612 $details = isset($_POST['details']) && $_POST['details'];
1613 if(isset($_POST['migrate_acls_show_changes'])){
1614 $details = TRUE;
1615 }elseif(isset($_POST['migrate_acls_hide_changes'])){
1616 $details = FALSE;
1617 }
1619 $smarty->assign("migrate_acl_base_entry", $this->migrate_acl_base_entry);
1620 $smarty->assign("details", $details);
1621 $smarty->assign("method","migrate_acls");
1622 $smarty->assign("migrateable_users",$this->migrate_users);
1623 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1624 }
1626 if($this->acl_create_dialog){
1627 $smarty = get_smarty();
1628 $uid = "admin";
1629 if(isset($_POST['new_user_uid'])){
1630 $uid = $_POST['new_user_uid'];
1631 }
1632 $smarty->assign("new_user_uid",$uid);
1633 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1634 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1635 $smarty->assign("method","create_acls");
1636 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1637 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1638 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1639 }
1641 /*************
1642 * User Migration handling
1643 *************/
1645 /* Refresh list of deparments */
1646 if(isset($_POST['users_visible_migrate_refresh'])){
1647 $this->check_gosaAccounts();
1648 }
1650 /* Open migration dialog */
1651 if(isset($_POST['users_visible_migrate'])){
1652 $this->show_details= FALSE;
1653 $this->users_migration_dialog = TRUE;
1654 $this->dialog =TRUE;
1655 }
1657 /* Close migration dialog */
1658 if(isset($_POST['users_visible_migrate_close'])){
1659 $this->users_migration_dialog = FALSE;
1660 $this->dialog =FALSE;
1661 $this->show_details = FALSE;
1662 }
1664 /* Start migration */
1665 if(isset($_POST['users_visible_migrate_migrate'])){
1666 if($this->migrate_gosaAccounts()){
1667 $this->initialize_checks();
1668 $this->dialog = FALSE;
1669 $this->show_details = FALSE;
1670 $this->users_migration_dialog = FALSE;
1671 }
1672 }
1674 /* Start migration */
1675 if(isset($_POST['users_visible_migrate_whatsdone'])){
1676 $this->migrate_gosaAccounts(TRUE);
1677 }
1679 /* Display migration dialog */
1680 if($this->users_migration_dialog){
1682 /* Fix displayed dn syntax */
1683 $tmp = $this->users_to_migrate;
1684 foreach($tmp as $key => $data){
1685 $tmp[$key]['dn'] = LDAP::fix($data['dn']);
1686 }
1688 $smarty = get_smarty();
1689 $smarty->assign("users_to_migrate",$tmp);
1690 $smarty->assign("method","migrate_users");
1691 $smarty->assign("user_details", $this->show_details);
1692 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1693 }
1696 /*************
1697 * Department Migration handling
1698 *************/
1700 /* Refresh list of deparments */
1701 if(isset($_POST['deps_visible_migrate_refresh'])){
1702 $this->check_organizationalUnits();
1703 $this->show_details= FALSE;
1704 }
1706 /* Open migration dialog */
1707 if(isset($_POST['deps_visible_migrate'])){
1708 $this->dep_migration_dialog = TRUE;
1709 $this->dialog =TRUE;
1710 }
1712 /* Close migration dialog */
1713 if(isset($_POST['deps_visible_migrate_close'])){
1714 $this->dep_migration_dialog = FALSE;
1715 $this->dialog =FALSE;
1716 $this->show_details = FALSE;
1717 }
1719 /* Start migration */
1720 if(isset($_POST['deps_visible_migrate_migrate'])){
1721 if($this->migrate_organizationalUnits()){
1722 $this->show_details= FALSE;
1723 $this->check_organizationalUnits();
1724 $this->dialog = FALSE;
1725 $this->dep_migration_dialog = FALSE;
1726 }
1727 }
1729 /* Start migration */
1730 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1731 $this->migrate_organizationalUnits(TRUE);
1732 }
1734 /* Display migration dialog */
1735 if($this->dep_migration_dialog){
1736 $smarty = get_smarty();
1738 /* Fix displayed dn syntax */
1739 $tmp = $this->deps_to_migrate;
1740 foreach($tmp as $key => $data){
1741 $tmp[$key]['dn'] = LDAP::fix($data['dn']);
1742 }
1744 $smarty->assign("deps_to_migrate",$tmp);
1745 $smarty->assign("method","migrate_deps");
1746 $smarty->assign("deps_details", $this->show_details);
1747 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1748 }
1751 /*************
1752 * Device migration
1753 *************/
1755 if($this->device_dialog) {
1756 $this->check_device_posts();
1757 }
1759 if(isset($_POST['device_dialog_cancel'])){
1760 $this->device_dialog = FALSE;
1761 $this->show_details = FALSE;
1762 $this->dialog = FALSE;
1763 }
1765 if(isset($_POST['device_dialog_whats_done'])){
1766 $this->show_details= TRUE;
1767 }
1769 if(isset($_POST['device_dialog_refresh'])){
1770 $this->show_details= FALSE;
1771 }
1773 if(isset($_POST['migrate_devices'])){
1774 $this->migrate_usb_devices();
1775 # $this->dialog = FALSE;
1776 # $this->show_details = FALSE;
1777 # $this->device_dialog = FALSE;
1778 # $this->initialize_checks();
1779 }
1781 if(isset($_POST['device_dialog'])){
1782 $this->device_dialog = TRUE;
1783 $this->dialog = TRUE;
1784 }
1786 if($this->device_dialog){
1787 $smarty = get_smarty();
1788 $smarty->assign("method","devices");
1789 $smarty->assign("devices",$this->device);
1790 $smarty->assign("device_details", $this->show_details);
1791 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1792 }
1795 /*************
1796 * Service migration
1797 *************/
1799 if($this->service_dialog) {
1800 $this->check_service_posts();
1801 }
1803 if(isset($_POST['service_dialog_cancel'])){
1804 $this->service_dialog = FALSE;
1805 $this->show_details = FALSE;
1806 $this->dialog = FALSE;
1807 }
1809 if(isset($_POST['service_dialog_whats_done'])){
1810 $this->show_details= TRUE;
1811 }
1813 if(isset($_POST['service_dialog_refresh'])){
1814 $this->show_details= FALSE;
1815 }
1817 if(isset($_POST['migrate_services'])){
1818 $this->migrate_services();
1819 # $this->dialog = FALSE;
1820 # $this->show_details = FALSE;
1821 # $this->service_dialog = FALSE;
1822 # $this->initialize_checks();
1823 }
1825 if(isset($_POST['service_dialog'])){
1826 $this->service_dialog = TRUE;
1827 $this->dialog = TRUE;
1828 }
1830 if($this->service_dialog){
1831 $smarty = get_smarty();
1832 $smarty->assign("method","services");
1833 $smarty->assign("services",$this->service);
1834 $smarty->assign("service_details", $this->show_details);
1835 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1836 }
1839 /*************
1840 * Menu migration
1841 *************/
1843 if($this->menu_dialog) {
1844 $this->check_menu_posts();
1845 }
1847 if(isset($_POST['menu_dialog_cancel'])){
1848 $this->menu_dialog = FALSE;
1849 $this->show_details = FALSE;
1850 $this->dialog = FALSE;
1851 }
1853 if(isset($_POST['menu_dialog_whats_done'])){
1854 $this->show_details= TRUE;
1855 }
1857 if(isset($_POST['menu_dialog_refresh'])){
1858 $this->show_details= FALSE;
1859 }
1861 if(isset($_POST['migrate_menus'])){
1862 $this->migrate_menus();
1863 # $this->dialog = FALSE;
1864 # $this->show_details = FALSE;
1865 # $this->menu_dialog = FALSE;
1866 # $this->initialize_checks();
1867 }
1869 if(isset($_POST['menu_dialog'])){
1870 $this->menu_dialog = TRUE;
1871 $this->dialog = TRUE;
1872 }
1874 if($this->menu_dialog){
1875 $smarty = get_smarty();
1876 $smarty->assign("method","menus");
1877 $smarty->assign("menus",$this->menu);
1878 $smarty->assign("menu_details", $this->show_details);
1879 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1880 }
1882 $smarty = get_smarty();
1883 $smarty->assign("checks",$this->checks);
1884 $smarty->assign("method","default");
1885 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1886 }
1889 function save_object()
1890 {
1891 $this->is_completed= TRUE;
1893 /* Capture all selected winstations from outside_winstations_dialog */
1894 if($this->outside_winstations_dialog){
1895 foreach($this->outside_winstations as $dn => $data){
1896 if(isset($_POST['select_winstation_'.$dn])){
1897 $this->outside_winstations[$dn]['selected'] = TRUE;
1898 }else{
1899 $this->outside_winstations[$dn]['selected'] = FALSE;
1900 }
1901 }
1902 }
1904 /* Capture all selected groups from outside_groups_dialog */
1905 if($this->outside_groups_dialog){
1906 foreach($this->outside_groups as $dn => $data){
1907 if(isset($_POST['select_group_'.$dn])){
1908 $this->outside_groups[$dn]['selected'] = TRUE;
1909 }else{
1910 $this->outside_groups[$dn]['selected'] = FALSE;
1911 }
1912 }
1913 }
1915 /* Capture all selected users from outside_users_dialog */
1916 if($this->outside_users_dialog){
1917 foreach($this->outside_users as $dn => $data){
1918 if(isset($_POST['select_user_'.$dn])){
1919 $this->outside_users[$dn]['selected'] = TRUE;
1920 }else{
1921 $this->outside_users[$dn]['selected'] = FALSE;
1922 }
1923 }
1924 }
1926 /* Get "create acl" dialog posts */
1927 if($this->acl_create_dialog){
1929 if(isset($_POST['create_acls_create_abort'])){
1930 $this->acl_create_selected = "";
1931 }
1932 }
1934 /* Get selected departments */
1935 if($this->dep_migration_dialog){
1936 foreach($this->deps_to_migrate as $id => $data){
1937 if(isset($_POST['migrate_'.$id])){
1938 $this->deps_to_migrate[$id]['checked'] = TRUE;
1939 }else{
1940 $this->deps_to_migrate[$id]['checked'] = FALSE;
1941 }
1942 }
1943 }
1945 /* Get selected users */
1946 if($this->users_migration_dialog){
1947 foreach($this->users_to_migrate as $id => $data){
1948 if(isset($_POST['migrate_'.$id])){
1949 $this->users_to_migrate[$id]['checked'] = TRUE;
1950 }else{
1951 $this->users_to_migrate[$id]['checked'] = FALSE;
1952 }
1953 }
1954 }
1955 }
1958 /* Check if the root object exists.
1959 * If the parameter just_check is true, then just check if the
1960 * root object is missing and update the info messages.
1961 * If the Parameter is false, try to create a new root object.
1962 */
1963 function checkBase($just_check = TRUE)
1964 {
1965 /* Establish ldap connection */
1966 $cv = $this->parent->captured_values;
1967 $ldap_l = new LDAP($cv['admin'],
1968 $cv['password'],
1969 $cv['connection'],
1970 FALSE,
1971 $cv['tls']);
1973 $ldap = new ldapMultiplexer($ldap_l);
1975 /* Check if root object exists */
1976 $ldap->cd($cv['base']);
1977 $ldap->set_size_limit(1);
1978 $res = $ldap->search("(objectClass=*)");
1979 $ldap->set_size_limit(0);
1980 $err = ldap_errno($ldap->cid);
1982 if( !$res ||
1983 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1984 $err == 0x40) { # LDAP_NAMING_VIOLATION
1986 /* Root object doesn't exists
1987 */
1988 if($just_check){
1989 $this->checks['root']['STATUS'] = FALSE;
1990 $this->checks['root']['STATUS_MSG']= _("Failed");
1991 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
1992 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1993 return(FALSE);
1994 }else{
1996 /* Add root object */
1997 $ldap->cd($cv['base']);
1998 $res = $ldap->create_missing_trees($cv['base']);
2000 /* If adding failed, tell the user */
2001 if(!$res){
2002 $this->checks['root']['STATUS'] = FALSE;
2003 $this->checks['root']['STATUS_MSG']= _("Failed");
2004 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
2005 $this->checks['root']['ERROR_MSG'].= " <input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
2006 return($res);;
2007 }
2008 }
2009 }
2011 /* Create & remove of dummy object was successful */
2012 $this->checks['root']['STATUS'] = TRUE;
2013 $this->checks['root']['STATUS_MSG']= _("Ok");
2014 }
2017 /* Check if the root object includes the required object classes, e.g. gosaDepartment is required for ACLs.
2018 * If the parameter just_check is true, then just check for the OCs.
2019 * If the Parameter is false, try to add the required object classes.
2020 */
2021 function checkBaseOC($just_check = TRUE)
2022 {
2023 /* Establish ldap connection */
2024 $cv = $this->parent->captured_values;
2025 $ldap_l = new LDAP($cv['admin'],
2026 $cv['password'],
2027 $cv['connection'],
2028 FALSE,
2029 $cv['tls']);
2031 $ldap = new ldapMultiplexer($ldap_l);
2033 /* Check if root object exists */
2034 $ldap->cd($cv['base']);
2035 $ldap->cat($cv['base']);
2036 if(!$ldap->count()){
2037 $this->checks['rootOC']['STATUS'] = FALSE;
2038 $this->checks['rootOC']['STATUS_MSG']= _("LDAP query failed");
2039 $this->checks['rootOC']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
2040 return;
2041 }
2043 $attrs = $ldap->fetch();
2045 /* Root object doesn't exists
2046 */
2047 if(!in_array_strict("gosaDepartment",$attrs['objectClass'])){
2048 if($just_check){
2050 $this->rootOC_details = array();
2051 $mods = array();
2053 /* Get list of possible container objects, to be able to detect naming
2054 * attributes and missing attribute types.
2055 */
2056 if(!class_available("departmentManagement")){
2057 $this->checks['rootOC']['STATUS'] = FALSE;
2058 $this->checks['rootOC']['STATUS_MSG']= _("Failed");
2059 $this->checks['rootOC']['ERROR_MSG'] = sprintf(_("Missing GOsa object class '%s'!"),"departmentManagement").
2060 " "._("Please check your installation.");
2061 return;
2062 }
2064 /* Try to detect base class type, e.g. is it a dcObject.
2065 */
2066 $dep_types = departmentManagement::get_support_departments();
2067 $dep_type ="";
2068 foreach($dep_types as $dep_name => $dep_class){
2069 if(in_array_strict($dep_class['CLASS'], $attrs['objectClass'])){
2070 $dep_type = $dep_name;
2071 break;
2072 }
2073 }
2075 /* If no known base class was detect, abort with message
2076 */
2077 if(empty($dep_type)){
2078 $this->checks['rootOC']['STATUS'] = FALSE;
2079 $this->checks['rootOC']['STATUS_MSG']= _("Failed");
2080 $this->checks['rootOC']['ERROR_MSG'] =
2081 sprintf(_("Cannot handle the structural object type of your root object. Please try to add the object class '%s' manually."),"gosaDepartment");
2082 return;
2083 }
2085 /* Create 'current' and 'target' object properties, to be able to display
2086 * a set of modifications required to create a valid GOsa department.
2087 */
2088 $str = "dn: ".$cv['base']."\n";
2089 for($i = 0 ; $i<$attrs['objectClass']['count'];$i++){
2090 $str .= "objectClass: ".$attrs['objectClass'][$i]."\n";
2091 }
2092 $this->rootOC_details['current'] = $str;
2094 /* Create target infos
2095 */
2096 $str = "dn: ".$cv['base']."\n";
2097 for($i = 0 ; $i<$attrs['objectClass']['count'];$i++){
2098 $str .= "objectClass: ".$attrs['objectClass'][$i]."\n";
2099 $mods['objectClass'][] = $attrs['objectClass'][$i];
2100 }
2101 $mods['objectClass'][] = "gosaDepartment";
2102 $str .= "<b>objectClass: gosaDepartment</b>\n";
2104 /* Append attribute 'ou', it is required by gosaDepartment
2105 */
2106 if(!isset($attrs['ou'])){
2107 $val = "GOsa";
2108 if(isset($attrs[$dep_types[$dep_type]['ATTR']][0])){
2109 $val = $attrs[$dep_types[$dep_type]['ATTR']][0];
2110 }
2111 $str .= "<b>ou: ".$val."</b>\n";
2112 $mods['ou'] =$val;
2113 }
2115 /*Append description, it is required by gosaDepartment too.
2116 */
2117 if(!isset($attrs['description'])){
2118 $val = "GOsa";
2119 if(isset($attrs[$dep_types[$dep_type]['ATTR']][0])){
2120 $val = $attrs[$dep_types[$dep_type]['ATTR']][0];
2121 }
2122 $str .= "<b>description: ".$val."</b>\n";
2123 $mods['description'] = $val;
2124 }
2125 $this->rootOC_details['target'] = $str;
2126 $this->rootOC_details['mods'] = $mods;
2128 /* Add button that allows to open the migration details
2129 */
2130 $this->checks['rootOC']['STATUS'] = FALSE;
2131 $this->checks['rootOC']['STATUS_MSG']= _("Failed");
2132 $this->checks['rootOC']['ERROR_MSG'] = " <input type='submit'
2133 name='root_add_objectclasses' value='"._("Migrate")."'>";
2135 return(FALSE);
2136 }else{
2138 /* Add root object */
2139 $ldap->cd($cv['base']);
2140 if(isset($this->rootOC_details['mods'])){
2141 $res = $ldap->modify($this->rootOC_details['mods']);
2142 if(!$res){
2143 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $cv['base'], LDAP_MOD, get_class()));
2144 }
2145 $this->checkBaseOC();
2146 $this->check_administrativeAccount();
2147 return($res);
2148 }else{
2149 trigger_error("No modifications to make... ");
2150 }
2151 }
2152 return(TRUE);
2153 }
2155 /* Create & remove of dummy object was successful */
2156 $this->checks['rootOC']['STATUS'] = TRUE;
2157 $this->checks['rootOC']['STATUS_MSG']= _("Ok");
2158 $this->checks['rootOC']['ERROR_MSG'] = "";
2159 }
2162 /* Return ldif information for a
2163 * given attribute array
2164 */
2165 function array_to_ldif($atts)
2166 {
2167 $ret = "";
2168 unset($atts['count']);
2169 unset($atts['dn']);
2170 foreach($atts as $name => $value){
2171 if(is_numeric($name)) {
2172 continue;
2173 }
2174 if(is_array($value)){
2175 unset($value['count']);
2176 foreach($value as $a_val){
2177 $ret .= $name.": ". $a_val."\n";
2178 }
2179 }else{
2180 $ret .= $name.": ". $value."\n";
2181 }
2182 }
2183 return(preg_replace("/\n$/","",$ret));
2184 }
2187 function get_user_list()
2188 {
2189 /* Establish ldap connection */
2190 $cv = $this->parent->captured_values;
2191 $ldap_l = new LDAP($cv['admin'],
2192 $cv['password'],
2193 $cv['connection'],
2194 FALSE,
2195 $cv['tls']);
2197 $ldap = new ldapMultiplexer($ldap_l);
2198 $ldap->cd($cv['base']);
2199 $ldap->search("(objectClass=gosaAccount)",array("dn"));
2201 $tmp = array();
2202 while($attrs = $ldap->fetch()){
2203 $tmp[base64_encode($attrs['dn'])] = LDAP::fix($attrs['dn']);
2204 }
2205 return($tmp);
2206 }
2209 function get_all_people_ous()
2210 {
2211 /* Get collected configuration settings */
2212 $cv = $this->parent->captured_values;
2213 $people_ou = trim($cv['peopleou']);
2215 /* Establish ldap connection */
2216 $cv = $this->parent->captured_values;
2217 $ldap_l = new LDAP($cv['admin'],
2218 $cv['password'],
2219 $cv['connection'],
2220 FALSE,
2221 $cv['tls']);
2223 $ldap = new ldapMultiplexer($ldap_l);
2225 /*****************
2226 * If people ou is NOT empty
2227 * search for for all objects matching the given container
2228 *****************/
2229 if(!empty($people_ou)){
2230 $ldap->search("(".$people_ou.")",array("dn"));
2232 /* Create people ou if there is currently none */
2233 if($ldap->count() == 0 ){
2234 $add_dn = $cv['peopleou'].",".$cv['base'];
2235 $naming_attr = preg_replace("/=.*$/","",$add_dn);
2236 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
2237 $add = array();
2238 $add['objectClass'] = array("organizationalUnit");
2239 $add[$naming_attr] = $naming_value;
2240 $ldap->cd($cv['base']);
2241 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
2242 $ldap->cd($add_dn);
2243 $ldap->add($add);
2244 }
2246 /* Create result */
2247 $ldap->search("(".$cv['peopleou'].")",array("dn"));
2248 $tmp = array();
2249 while($attrs= $ldap->fetch()){
2250 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
2251 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
2252 }
2253 }
2254 } else{
2256 /************
2257 * If people ou is empty
2258 * Get all valid gosaDepartments
2259 ************/
2260 $ldap->cd($cv['base']);
2261 $tmp = array();
2262 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
2263 $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
2264 while($attrs = $ldap->fetch()){
2265 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
2266 }
2267 }
2268 return($tmp);
2269 }
2272 function get_all_winstation_ous()
2273 {
2274 /* Establish ldap connection */
2275 $cv = $this->parent->captured_values;
2276 $ldap_l = new LDAP($cv['admin'],
2277 $cv['password'],
2278 $cv['connection'],
2279 FALSE,
2280 $cv['tls']);
2282 $ldap = new ldapMultiplexer($ldap_l);
2284 /* Get winstation ou */
2285 if($cv['generic_settings']['wws_ou_active']) {
2286 $winstation_ou = $cv['generic_settings']['wws_ou'];
2287 }else{
2288 $winstation_ou = "ou=winstations";
2289 }
2291 $ldap->cd($cv['base']);
2292 $ldap->search("(".$winstation_ou.")",array("dn"));
2294 if($ldap->count() == 0 ){
2295 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
2296 $naming_attr = preg_replace("/=.*$/","",$add_dn);
2297 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
2298 $add = array();
2299 $add['objectClass'] = array("organizationalUnit");
2300 $add[$naming_attr] = $naming_value;
2302 $ldap->cd($cv['base']);
2303 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
2304 $ldap->cd($add_dn);
2305 $ldap->add($add);
2306 }
2308 $ldap->search("(".$winstation_ou.")",array("dn"));
2309 $tmp = array();
2310 while($attrs= $ldap->fetch()){
2311 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
2312 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
2313 }
2314 }
2315 return($tmp);
2316 }
2319 function get_all_group_ous()
2320 {
2321 /* Establish ldap connection */
2322 $cv = $this->parent->captured_values;
2323 $ldap_l = new LDAP($cv['admin'],
2324 $cv['password'],
2325 $cv['connection'],
2326 FALSE,
2327 $cv['tls']);
2329 $ldap = new ldapMultiplexer($ldap_l);
2331 $group_ou = trim($cv['groupou']);
2332 if(!empty($group_ou)){
2333 $group_ou = trim($group_ou);
2334 }
2336 /************
2337 * If group ou is NOT empty
2338 * Get all valid group ous, create one if necessary
2339 ************/
2340 $ldap->cd($cv['base']);
2341 if(!empty($group_ou)){
2342 $ldap->search("(".$group_ou.")",array("dn"));
2343 if($ldap->count() == 0 ){
2344 $add_dn = $group_ou.$cv['base'];
2345 $naming_attr = preg_replace("/=.*$/","",$add_dn);
2346 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
2347 $add = array();
2348 $add['objectClass'] = array("organizationalUnit");
2349 $add[$naming_attr] = $naming_value;
2351 $ldap->cd($cv['base']);
2352 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
2353 $ldap->cd($add_dn);
2354 $ldap->add($add);
2355 }
2356 $ldap->search("(".$group_ou.")",array("dn"));
2357 $tmp = array();
2358 while($attrs= $ldap->fetch()){
2359 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
2360 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
2361 }
2362 }
2363 }else{
2364 /************
2365 * If group ou is empty
2366 * Get all valid gosaDepartments
2367 ************/
2368 $ldap->cd($cv['base']);
2369 $tmp = array();
2370 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
2371 $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
2372 while($attrs = $ldap->fetch()){
2373 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
2374 }
2375 }
2376 return($tmp);
2377 }
2380 function get_group_list()
2381 {
2382 /* Establish ldap connection */
2383 $cv = $this->parent->captured_values;
2384 $ldap_l = new LDAP($cv['admin'],
2385 $cv['password'],
2386 $cv['connection'],
2387 FALSE,
2388 $cv['tls']);
2390 $ldap = new ldapMultiplexer($ldap_l);
2392 $ldap->cd($cv['base']);
2393 $ldap->search("(objectClass=posixGroup)",array("dn"));
2395 $tmp = array();
2396 while($attrs = $ldap->fetch()){
2397 $tmp[base64_encode($attrs['dn'])] = LDAP::fix($attrs['dn']);
2398 }
2399 return($tmp);
2400 }
2403 function move($source,$destination)
2404 {
2405 /* Establish ldap connection */
2406 $cv = $this->parent->captured_values;
2407 $ldap_l = new LDAP($cv['admin'],
2408 $cv['password'],
2409 $cv['connection'],
2410 FALSE,
2411 $cv['tls']);
2413 $ldap = new ldapMultiplexer($ldap_l);
2415 /* Update object references in gosaGroupOfNames */
2416 $ogs_to_fix = array();
2417 $ldap->cd($cv['base']);
2418 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::prepare4filter($source).'))', array('cn','member'));
2419 while ($attrs= $ldap->fetch()){
2420 $dn = $attrs['dn'];
2421 $attrs = $this->cleanup_array($attrs);
2422 $member_new = array($destination);
2423 foreach($attrs['member'] as $member){
2424 if($member != $source){
2425 $member_new[] = $member;
2426 }
2427 }
2428 $attrs['member'] = $member_new;
2429 $ogs_to_fix[$dn] = $attrs;
2430 }
2432 /* Copy source to destination dn */
2433 $ldap->cat($source);
2434 $new_data = $this->cleanup_array($ldap->fetch());
2435 $ldap->cd($destination);
2436 $res = $ldap->add($new_data);
2438 /* Display warning if copy failed */
2439 if(!$res){
2440 msg_dialog::display(_("LDAP error"), sprintf(_("Copy '%s' to '%s' failed:")."<br><br><i>%s</i>", LDAP::fix($source), LDAP::fix($destination), $ldap->get_error()), ERROR_DIALOG);
2441 }else{
2442 $res = $ldap->rmDir($source);
2443 if (!$ldap->success()){
2444 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $source, LDAP_DEL, get_class()));
2445 }
2447 /* Object is copied, so update its references */
2448 foreach($ogs_to_fix as $dn => $data){
2449 $ldap->cd($dn);
2450 $ldap->modify($data);
2451 }
2452 }
2453 }
2456 /* Cleanup ldap result to be able to write it be to ldap */
2457 function cleanup_array($attrs)
2458 {
2459 foreach($attrs as $key => $value) {
2460 if(is_numeric($key) || in_array_strict($key,array("count","dn"))){
2461 unset($attrs[$key]);
2462 }
2463 if(is_array($value) && isset($value['count'])){
2464 unset($attrs[$key]['count']);
2465 }
2466 }
2467 return($attrs);
2468 }
2471 /*! \brief Act in posts from the device migration dialog
2472 */
2473 function check_device_posts()
2474 {
2475 foreach($this->device as $key => $device){
2476 if(isset($_POST["migrate_".$key])){
2477 $this->device[$key]['DETAILS'] =TRUE;
2478 }else{
2479 $this->device[$key]['DETAILS'] =FALSE;
2480 }
2481 }
2482 }
2485 /*! \brief Check for old style (gosa-2.5) devices.
2486 Save readable informations and a list of migratable devices
2487 in $this->devices.
2488 */
2489 function check_usb_devices ()
2490 {
2491 /* Establish ldap connection */
2492 $cv = $this->parent->captured_values;
2493 $ldap_l = new LDAP($cv['admin'],
2494 $cv['password'],
2495 $cv['connection'],
2496 FALSE,
2497 $cv['tls']);
2499 $ldap = new ldapMultiplexer($ldap_l);
2500 $ldap->cd($cv['base']);
2501 $res = $ldap->search("(&(|(objectClass=posixAccount)(objectClass=posixGroup))(gotoHotplugDevice=*))",
2502 array("cn","gotoHotplugDevice","gosaUnitTag"));
2504 if(!$res){
2505 $this->checks['old_style_devices']['STATUS'] = FALSE;
2506 $this->checks['old_style_devices']['STATUS_MSG']= _("LDAP query failed");
2507 $this->checks['old_style_devices']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
2508 return;
2509 }
2512 /* If adding failed, tell the user */
2513 if($ldap->count()){
2515 $this->device = array();
2516 while($attrs = $ldap->fetch()){
2518 for ($j= 0; $j < $attrs['gotoHotplugDevice']['count']; $j++){
2520 $after = "";
2521 $current= "";
2523 $entry= $attrs['gotoHotplugDevice'][$j];
2525 @list($name,$desc,$serial,$vendor,$product) = explode('|', $entry);
2527 $add = 1;
2528 $new_name = $name;
2529 while(isset($dest[$new_name])){
2530 $new_name = $name."_".$add;
2531 $add ++;
2532 }
2533 $name = $new_name;
2534 $newdn= "cn=$name,ou=devices,".preg_replace('/^[^,]+,/', '', $attrs['dn']);
2536 if (!isset($dest[$name])){
2537 $dest[$name]= $newdn;
2539 $current.= "dn: ".$attrs['dn']."\n";
2541 for ($c= 0; $c < $attrs['gotoHotplugDevice']['count']; $c++){
2542 if($c == $j){
2543 $current.= "<b>gotoHotplugDevice: ".$attrs['gotoHotplugDevice'][$c]."</b>\n";
2544 }else{
2545 $current.= "gotoHotplugDevice: ".$attrs['gotoHotplugDevice'][$c]."\n";
2546 }
2547 }
2549 $after.= "dn: $newdn\n";
2550 $after.= "changetype: add\n";
2551 $after.= "objectClass: top\n";
2552 $after.= "objectClass: gotoDevice\n";
2553 if (isset($attrs['gosaunittag'][0])){
2554 $after.= "objectClass: gosaAdminiafter\n";
2555 $after.= "gosaUnitTag: ".$attrs['gosaunittag'][0]."\n";
2556 }
2557 $after.= "cn: $name\n";
2558 $after.= "gotoHotplugDevice: $desc|$serial|$vendor|$product\n\n";
2560 $this->device[] = array(
2561 'CURRENT' => $current,
2562 'AFTER' => $after,
2563 'OLD_DEVICE' => $entry,
2564 'DN' => $attrs['dn'],
2565 'NEW_DN' => $newdn,
2566 'DEVICE_NAME' => $name,
2567 'DETAILS' => FALSE);
2568 }
2569 }
2570 }
2572 $this->checks['old_style_devices']['STATUS'] = FALSE;
2573 $this->checks['old_style_devices']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
2574 $this->checks['old_style_devices']['ERROR_MSG'] =
2575 sprintf(_("There are %s devices that need to be migrated."),count($this->device)).
2576 "<input type='submit' name='device_dialog' value='"._("Migrate")."'>";
2577 }else{
2578 $this->checks['old_style_devices']['STATUS'] = TRUE;
2579 $this->checks['old_style_devices']['STATUS_MSG']= _("Ok");
2580 $this->checks['old_style_devices']['ERROR_MSG'] = "";
2581 }
2582 }
2585 /*! \brief Migrate all selected devices.
2586 Execute all required ldap actions to migrate the
2587 selected devices.
2588 */
2589 function migrate_usb_devices ()
2590 {
2591 /* Establish ldap connection */
2592 $cv = $this->parent->captured_values;
2593 $ldap_l = new LDAP($cv['admin'],
2594 $cv['password'],
2595 $cv['connection'],
2596 FALSE,
2597 $cv['tls']);
2599 $ldap = new ldapMultiplexer($ldap_l);
2601 /* Walk through migrateable devices and initiate migration for all
2602 devices that are checked (DETAILS==TRUE)
2603 */
2604 foreach($this->device as $key => $device){
2605 if($device['DETAILS']){
2607 /* Get source object and verify that the specified device is a
2608 member attribute of it.
2609 */
2610 $ldap->cd($cv['base']);
2611 $ldap->cat($device['DN']);
2612 $attrs = $ldap->fetch();
2613 if(in_array_strict($device['OLD_DEVICE'],$attrs['gotoHotplugDevice'])){
2615 /* Create new hotplug device object 'gotoDevice'
2616 */
2617 @list($name,$desc,$serial,$vendor,$product) = explode('|', $device['OLD_DEVICE']);
2618 $newdn = $device['NEW_DN'];
2619 $new_attr = array();
2620 $new_attr['cn'] = $device['DEVICE_NAME'];
2621 $new_attr['objectClass'] = array('top','gotoDevice');
2622 $new_attr['gotoHotplugDevice'] = "$desc|$serial|$vendor|$product";
2624 /* Add new object
2625 */
2626 $ldap->cd($cv['base']);
2627 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$newdn));
2628 $ldap->cd($newdn);
2629 $ldap->add($new_attr);
2631 /* Throw an error message if the action failed.
2632 */
2633 if(!$ldap->success()){
2634 msg_dialog::display(_("LDAP error"),
2635 sprintf(_("Adding '%s' to the LDAP failed: %s"),
2636 "<b>".LDAP::fix($newdn)."</b>",
2637 "<br><br><i>".$ldap->get_error()."</i>"), ERROR_DIALOG);
2638 }else{
2640 /* Remove old style device definition from source object.
2641 */
2642 $update['gotoHotplugDevice'] = array();
2643 for($i = 0 ; $i < $attrs['gotoHotplugDevice']['count'] ; $i++){
2644 if($attrs['gotoHotplugDevice'][$i] == $device['OLD_DEVICE']){
2645 continue;
2646 }
2647 $update['gotoHotplugDevice'][] = $attrs['gotoHotplugDevice'][$i];
2648 }
2650 $ldap->cd($device['DN']);
2651 $ldap->modify($update);
2652 $ldap->cat($device['DN'],array("gotoHotplugDevice"));
2653 if(!$ldap->success()){
2654 msg_dialog::display(_("LDAP error"),
2655 sprintf(_("Updating '%s' failed: %s"),
2656 "<b>".LDAP::fix($device['DN'])."</b>",
2657 "<br><br><i>".$ldap->get_error()."</b>"), ERROR_DIALOG);
2658 }else{
2659 unset($this->device[$key]);
2660 }
2661 }
2662 }
2663 }
2664 }
2665 $this->check_usb_devices();
2666 }
2669 /*! \brief Check for old style (gosa-2.5) services that have to be migrated
2670 to be useable in gosa-2.6.
2671 All required changes are stored in $this->service, also some
2672 readable informations describing the actions required
2673 to migrate the service
2674 */
2675 function check_services()
2676 {
2677 /* Establish ldap connection */
2678 $cv = $this->parent->captured_values;
2679 $ldap_l = new LDAP($cv['admin'],
2680 $cv['password'],
2681 $cv['connection'],
2682 FALSE,
2683 $cv['tls']);
2685 $ldap = new ldapMultiplexer($ldap_l);
2686 $this->service = array();
2688 /* Check for Ldap services that must be migrated
2689 */
2690 $ldap->cd($cv['base']);
2691 $res = $ldap->search("(objectClass=goLdapServer)", array("goLdapBase", "cn"));
2693 /* Check if we were able to query the ldap server
2694 */
2695 if(!$res){
2696 $this->checks['old_style_services']['STATUS'] = FALSE;
2697 $this->checks['old_style_services']['STATUS_MSG']= _("LDAP query failed");
2698 $this->checks['old_style_services']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
2699 return;
2700 }
2702 /* Walk through each configured ldap server
2703 and check if it is configured correctly.
2704 */
2705 while($attrs = $ldap->fetch()){
2706 $dn= $attrs['dn'];
2707 $uri= $attrs['goLdapBase'][0];
2708 if (! preg_match("!^ldaps?://!", $uri)){
2709 $this->service[] = array(
2710 "TYPE" => "modify" ,
2711 "DN" => $dn,
2712 "DETAILS" => FALSE,
2713 "ATTRS" => array("goLdapBase" => "ldap://".$attrs['cn'][0]."/$uri"),
2714 "CURRENT" => "goLdapBase: ".$uri,
2715 "AFTER" => "goLdapBase: "."ldap://".$attrs['cn'][0]."/$uri");
2716 }
2717 }
2719 /* Other sevices following here later ...maybe
2720 */
2722 /* Update status message
2723 */
2724 if(count($this->service)){
2725 $this->checks['old_style_services']['STATUS'] = FALSE;
2726 $this->checks['old_style_services']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
2727 $this->checks['old_style_services']['ERROR_MSG'] =
2728 sprintf(_("There are %s services that need to be migrated."),
2729 count($this->service)).
2730 "<input type='submit' name='service_dialog' value='"._("Migrate")."'>";
2731 }else{
2732 $this->checks['old_style_services']['STATUS'] = TRUE;
2733 $this->checks['old_style_services']['STATUS_MSG']= _("Ok");
2734 $this->checks['old_style_services']['ERROR_MSG'] = "";
2735 }
2736 }
2740 /*! \brief Migrate selected services.
2741 This function executes the commands collected by the
2742 service_check() function.
2743 */
2744 function migrate_services()
2745 {
2746 /* Establish ldap connection
2747 */
2748 $cv = $this->parent->captured_values;
2749 $ldap_l = new LDAP($cv['admin'],
2750 $cv['password'],
2751 $cv['connection'],
2752 FALSE,
2753 $cv['tls']);
2755 $ldap = new ldapMultiplexer($ldap_l);
2757 /* Handle each service
2758 */
2759 foreach($this->service as $key => $service){
2760 if($service['DETAILS']){
2762 /* Handle modify requests
2763 */
2764 if($service['TYPE'] == "modify"){
2765 $ldap->cd($service['DN']);
2766 $ldap->modify($service['ATTRS']);
2768 /* Check if everything done was successful
2769 */
2770 if(!$ldap->success()){
2771 msg_dialog::display(_("LDAP error"),
2772 sprintf(_("Updating '%s' failed: %s"),
2773 "<b>".LDAP::fix($service['DN'])."</b>",
2774 "<br><br><i>".$ldap->get_error()."</b>"), ERROR_DIALOG);
2775 }else{
2777 /* Remove action from list
2778 */
2779 unset($this->service[$key]);
2780 }
2781 }
2782 }
2783 }
2785 /* Update the service migration status
2786 */
2787 $this->check_services();
2788 }
2791 /*! \brief Ensure that posts made on the service migration dialog
2792 are processed.
2793 */
2794 function check_service_posts()
2795 {
2796 foreach($this->service as $key => $service){
2797 if(isset($_POST["migrate_".$key])){
2798 $this->service[$key]['DETAILS'] =TRUE;
2799 }else{
2800 $this->service[$key]['DETAILS'] =FALSE;
2801 }
2802 }
2803 }
2806 /*! \brief This function checks the given ldap for old style (gosa-2.5)
2807 menu entries and will prepare a list of actions that are required
2808 to migrate them to gosa-2.6.
2809 All required actions and some readable informations are stored in
2810 $this->menu.
2811 */
2812 function check_menus()
2813 {
2814 /* Establish ldap connection
2815 */
2816 $cv = $this->parent->captured_values;
2817 $ldap_l = new LDAP($cv['admin'],
2818 $cv['password'],
2819 $cv['connection'],
2820 FALSE,
2821 $cv['tls']);
2823 $ldap = new ldapMultiplexer($ldap_l);
2825 /* First detect all release names
2826 */
2827 $ldap->cd($cv['base']);
2828 $res = $ldap->search("(&(objectClass=organizational)(objectClass=FAIbranch))",array("ou","objectClass"));
2830 /* Check if we were able to query the ldap server
2831 */
2832 if(!$res){
2833 $this->checks['old_style_menus']['STATUS'] = FALSE;
2834 $this->checks['old_style_menus']['STATUS_MSG']= _("LDAP query failed");
2835 $this->checks['old_style_menus']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
2836 return;
2837 }
2839 /* Create application -> parameter mapping, used later to detect
2840 which configured parameter belongs to which application entry.
2841 */
2842 $amap= array();
2843 $todo = array();
2844 $ldap->cd($cv['base']);
2845 $ldap->search("(objectClass=gosaApplication)", array("cn", "gosaApplicationParameter"));
2846 while($info = $ldap->fetch()){
2847 if (isset($info['gosaApplicationParameter']['count'])){
2848 for ($j= 0; $j < $info['gosaApplicationParameter']['count']; $j++){
2849 $p= preg_replace("/^([^:]+):.*$/", "$1", $info['gosaApplicationParameter'][$j]);
2851 if(!isset($amap[$info['cn'][0]]) || !in_array_strict($p, $amap[$info['cn'][0]])){
2852 $amap[$info['cn'][0]][]= $p;
2853 }
2854 }
2855 } else {
2856 $amap[$info['cn'][0]]= array();
2857 }
2858 }
2860 /* Search for all groups that have an old style application menu configured.
2861 */
2862 $appgroups = array();
2863 $ldap->cd($cv['base']);
2864 $ldap->search("(&(objectClass=gosaApplicationGroup)(objectClass=posixGroup)(FAIrelease=*))",
2865 array("gosaMemberApplication","gosaApplicationParameter","FAIrelease","objectClass","gosaUnitTag"));
2867 /* Create readable prefix for "What will be done" infos
2868 */
2869 $s_add = "<i>"._("Add")."</i>\t";
2870 $s_del = "<i>"._("Remove")."</i>\t";
2872 /* Walk through all found old-style menu configurations.
2873 -Prepare ldap update list $data
2874 -Prepare printable changes $after/$current
2875 */
2876 while($info = $ldap->fetch()){
2878 $data = array();
2879 $current = "";
2880 $after ="";
2882 /* Get unit tag
2883 */
2884 $tag ="";
2885 if(isset($info['gosaUnitTag'])){
2886 $tag = $info['gosaUnitTag'][0];
2887 }
2889 /* Collect application parameter for this group
2890 */
2891 $params= array();
2892 if(isset($info['gosaApplicationParameter'])){
2893 for ($i= 0; $i < $info['gosaApplicationParameter']['count']; $i++){
2894 $name= preg_replace("/^([^:]+):.*$/", "$1", $info['gosaApplicationParameter'][$i]);
2895 $params[$name]= $info['gosaApplicationParameter'][$i];
2896 }
2897 }
2899 /* Create release container for each release/subrelease.
2900 eg. "sisa/1.0.0":
2901 . "ou=siga, ..."
2902 . "ou=1.0.0,ou=siga, .."
2903 */
2904 $release = "";
2905 $r = $info['FAIrelease'][0];
2906 $z = explode("/",$r);
2907 foreach($z as $part){
2909 if(!empty($part)){
2910 $release = "ou=".$part.",".$release;
2912 /* Append release department information to "What will be done" info
2913 */
2914 $release_dn = $release.$info['dn'];
2915 $after .= $s_add."dn: $release_dn\n";
2916 $after .= $s_add."objectClass: top\n";
2917 $after .= $s_add."objectClass: FAIbranch\n";
2918 $after .= $s_add."objectClass: organizationalUnit\n";
2920 /* Append UnitTag
2921 */
2922 if($tag != ""){
2923 $after .= $s_add."objectClass: gosaAdministrativeUnitTag\n";
2924 $after .= $s_add."gosaUnitTag: $tag\n";
2925 }
2926 $after .= $s_add."ou: $part\n";
2928 /* Append release data to ldap actions
2929 */
2930 $d = array();
2931 $d['objectClass'] = array("top","FAIbranch","organizationalUnit");
2932 if(!empty($tag)){
2933 $d['objectClass'][] = "gosaAdministrativeUnitTag";
2934 $d['gosaUnitTag'] = $tag;
2935 }
2936 $d['ou'] = $part;
2937 $data['ADD'][$release_dn]= $d;
2938 }
2939 }
2941 /* Add member applications to the array.
2942 */
2943 $current .= "dn: ".$info['dn']."\n";
2944 $menu_structure = array();
2945 for ($i= 0; $i < $info['gosaMemberApplication']['count']; $i++){
2946 list($name, $location, $priority)= explode("|", $info['gosaMemberApplication'][$i]);
2948 /* Create location dn
2949 */
2950 $location_dn ="";
2951 if(!empty($location)){
2952 $location_dn ="cn=".$location.",";
2953 }
2955 /* Append old style element to current detail informations
2956 */
2957 $current .= $s_del."gosaMemberApplication: ".$info['gosaMemberApplication'][$i]."\n";
2959 /* Append ldap update action to remove the old menu entry attributes
2960 */
2961 unset($info['objectClass']['count']);
2962 $d = array();
2963 $d['gosaMemberApplication'] = array();
2964 $d['gosaApplicationParameter'] = array();
2965 if(isset($info['FAIrelease'])){
2966 $d['FAIrelease'] = array();
2967 }
2968 $d['objectClass'] = array_remove_entries(array("gosaApplicationGroup","FAIreleaseTag"),$info['objectClass']);
2969 $data['MODIFY'][$info['dn']] = $d;
2971 /* Create new application menu structure
2972 */
2973 if (isset($amap[$name])){
2975 /* Append missing menu structure to "What is done info"
2976 */
2977 if(!isset($menu_structure[$location]) && !empty($location)){
2978 $menu_structure[$location] = TRUE;
2979 $after .= "\n";
2980 $after .= $s_add."dn: $location_dn$release_dn\n";
2981 $after .= $s_add."objectClass: gotoSubmenuEntry\n";
2983 /* Append UnitTag
2984 */
2985 if($tag != ""){
2986 $after .= $s_add."objectClass: gosaAdministrativeUnitTag\n";
2987 $after .= $s_add."gosaUnitTag: $tag\n";
2988 }
2989 $after .= $s_add."cn: $location\n";
2991 /* Create ldap entry to append
2992 */
2993 $d = array();
2994 $d['cn'] = $location;
2995 $d['objectClass'] = array("gotoSubmenuEntry");
2996 if(!empty($tag)){
2997 $d['objectClass'][] = "gosaAdministrativeUnitTag";
2998 $d['gosaUnitTag'] = $tag;
2999 }
3000 $data['ADD'][$location_dn.$release_dn] = $d;
3001 }
3004 /* Append missing menu entry for "What is done info".
3005 */
3006 if(!empty($name)){
3007 $after .= "\n";
3008 $after .= $s_add."dn: cn=$name,$location_dn$release_dn\n";
3009 $after .= $s_add."objectClass: gotoMenuEntry\n";
3010 if($tag != ""){
3011 $after .= $s_add."objectClass: gosaAdministrativeUnitTag\n";
3012 $after .= $s_add."gosaUnitTag: $tag\n";
3013 }
3014 $after .= $s_add."cn: $name\n";
3015 $after .= $s_add."gosaApplicationPriority: $priority\n";
3017 /* Create ldap entry
3018 */
3019 $d= array();
3020 $d['objectClass'] = array("gotoMenuEntry");
3021 if(!empty($tag)){
3022 $d['objectClass'][] = "gosaAdministrativeUnitTag";
3023 $d['gosaUnitTag'] = $tag;
3024 }
3025 $d['cn'] = $name;
3026 $d['gosaApplicationPriority'] = $priority;
3028 foreach ($amap[$name] as $n){
3029 if (isset($params[$n])){
3030 $after .= $s_add."gosaApplicationParameter: ".$params[$n]."\n";
3031 $d['gosaApplicationParameter'][] = $params[$n];
3032 }
3033 }
3034 $data['ADD']["cn=$name,$location_dn$release_dn"] = $d;
3035 }
3036 }
3037 }
3039 /* Updated todo list
3040 */
3041 $todo[] = array(
3042 "DETAILS" => FALSE,
3043 "DN" => $info['dn'],
3044 "AFTER" => $after,
3045 "CURRENT" => $current,
3046 "TODO" => $data
3047 );
3048 }
3050 /* Remember checks.
3051 */
3052 $this->menu = $todo;
3054 /* Check if we were able to query the ldap server
3055 */
3056 if(count($this->menu)){
3057 $this->checks['old_style_menus']['STATUS'] = FALSE;
3058 $this->checks['old_style_menus']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
3059 $this->checks['old_style_menus']['ERROR_MSG'] = sprintf(_("There are %s application menus which have to be migrated."),
3060 count($this->menu))."<input type='submit' name='menu_dialog' value='"._("Migrate")."'>";
3061 }else{
3062 $this->checks['old_style_menus']['STATUS'] = TRUE;
3063 $this->checks['old_style_menus']['STATUS_MSG']= _("Ok");
3064 $this->checks['old_style_menus']['ERROR_MSG'] = "";
3065 }
3066 }
3069 /*! \brief Handle posts for the menu_dialog
3070 Ensure that checked checkboxes stay checked.
3071 */
3072 function check_menu_posts()
3073 {
3074 foreach($this->menu as $key => $menu){
3075 if(isset($_POST["migrate_".$key])){
3076 $this->menu[$key]['DETAILS'] =TRUE;
3077 }else{
3078 $this->menu[$key]['DETAILS'] =FALSE;
3079 }
3080 }
3081 }
3084 /*! \brief This function updates old-style application menus to
3085 valid 2.6 application menus.
3086 All selected menus will be converted (DETAILS = TRUE).
3087 The ldap actions collected by check_menus() will be executed.
3088 */
3089 function migrate_menus()
3090 {
3092 /* Establish ldap connection
3093 */
3094 $cv = $this->parent->captured_values;
3095 $ldap_l = new LDAP($cv['admin'],
3096 $cv['password'],
3097 $cv['connection'],
3098 FALSE,
3099 $cv['tls']);
3101 $ldap = new ldapMultiplexer($ldap_l);
3102 $ldap->cd($cv['base']);
3104 /* Walk through menus and detect selected menu
3105 */
3106 foreach($this->menu as $key => $menu){
3107 if($menu['DETAILS']) {
3109 /* Excute all LDAP-ADD actions
3110 */
3111 $success = TRUE;
3112 foreach($menu['TODO']['ADD'] as $dn => $data){
3113 $ldap->cd($cv['base']);
3114 if(!$ldap->dn_exists($dn)){
3115 $ldap->cd($dn);
3116 $ldap->add($data);
3117 if (!$ldap->success()){
3118 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_ADD, get_class()));
3119 $success = FALSE;
3120 }
3121 }
3122 }
3124 /* Execute all LDAP-MODIFY actions
3125 */
3126 foreach($menu['TODO']['MODIFY'] as $dn => $data){
3127 $ldap->cd($cv['base']);
3128 if($ldap->dn_exists($dn)){
3129 $ldap->cd($dn);
3130 $ldap->modify($data);
3131 if (!$ldap->success()){
3132 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()));
3133 $success = FALSE;
3134 }
3135 }
3136 }
3138 /* If every action was successful, remove this entry from the list
3139 */
3140 if($success){
3141 unset($this->menu[$key]);
3142 }
3143 }
3144 }
3146 /* Udpate migration status for application menus
3147 */
3148 $this->check_menus();
3149 }
3152 function migrate_selected_admin_users()
3153 {
3154 /* Updated ui selection */
3155 $this->migrate_users();
3157 /* Establish ldap connection */
3158 $cv = $this->parent->captured_values;
3159 $ldap_l = new LDAP($cv['admin'],
3160 $cv['password'],
3161 $cv['connection'],
3162 FALSE,
3163 $cv['tls']);
3165 $ldap = new ldapMultiplexer($ldap_l);
3166 $ldap->cd($cv['base']);
3168 /* Get current ACL configuration for the ldap base
3169 */
3170 $ldap->cat($cv['base']);
3171 $base_attrs = $ldap->fetch();
3172 $acl_entries= array();
3173 $acl_id = -1;
3174 if(isset($base_attrs['gosaAclEntry'])){
3175 for($i=0; $i < $base_attrs['gosaAclEntry']['count']; $i ++){
3176 $acl_entries[] = $base_attrs['gosaAclEntry'][$i];
3177 $cur_id = preg_replace("/^([0-9]*):.*$/","\\1",$base_attrs['gosaAclEntry'][$i]);
3178 if($cur_id > $acl_id){
3179 $acl_id = $cur_id;
3180 }
3181 }
3182 }
3184 /* Append ACLs selected in the migrate admin account dialog
3185 */
3186 foreach($this->migrate_users as $entry){
3187 if($entry['checked']){
3188 $acl_id ++;
3189 $acl_entries[] = $acl_id.$entry['change'];
3190 }
3191 }
3193 /* Check if the required objectClasses are available
3194 */
3195 $ocs = array();
3196 for($i=0;$i< $base_attrs['objectClass']['count']; $i++){
3197 $ocs[] = $base_attrs['objectClass'][$i];
3198 }
3199 if(!in_array_strict("gosaACL",$ocs)){
3200 $ocs[] = "gosaACL";
3201 }
3203 /* Try to write changes
3204 */
3205 if(count($acl_entries)){
3206 $new_entry['gosaAclEntry'] = $acl_entries;
3207 $new_entry['objectClass'] = $ocs;
3208 $ldap->cd($cv['base']);
3209 $ldap->modify($new_entry);
3210 if(!$ldap->success()){
3211 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
3212 $this->checks['acls']['STATUS'] = FALSE;
3213 $this->checks['acls']['STATUS_MSG']= _("Failed");
3214 $this->checks['acls']['ERROR_MSG'] = "<br>".msgPool::ldaperror($cv['base'],$ldap->get_error(),LDAP_MOD);
3215 }else{
3216 $this->check_administrativeAccount();
3217 }
3218 }
3219 }
3222 function migrate_users()
3223 {
3224 /* Collect a list of available GOsa users and groups
3225 */
3227 /* Establish ldap connection */
3228 $cv = $this->parent->captured_values;
3229 $ldap_l = new LDAP($cv['admin'],
3230 $cv['password'],
3231 $cv['connection'],
3232 FALSE,
3233 $cv['tls']);
3235 $ldap = new ldapMultiplexer($ldap_l);
3236 $ldap->cd($cv['base']);
3238 $users = array();
3239 $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)".
3240 "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn"));
3241 while($user_attrs = $ldap->fetch()){
3242 $users[$user_attrs['dn']] = $user_attrs['uid'][0];
3243 $rusers[$user_attrs['uid'][0]] = $user_attrs['dn'];
3244 }
3245 $groups = array();
3246 $ldap->search("objectClass=posixGroup",array("cn","dn"));
3247 while($group_attrs = $ldap->fetch()){
3248 $groups[$group_attrs['dn']] = $group_attrs['cn'][0];
3249 }
3251 foreach($this->migrate_users as $id => $data){
3252 $this->migrate_users[$id]['checked'] = isset($_POST['migrate_admin_'.$id]);
3253 }
3255 /* Try to find an old GOsa 2.5 administrative account that may be migrated
3256 */
3257 if(!count($this->migrate_users)){
3258 $ldap->cat($cv['base']);
3259 $base_data = $ldap->fetch();
3260 $base_entry = "dn: ".$base_data['dn']."\n";
3261 for($i=0;$i<$base_data['objectClass']['count'];$i++){
3262 $base_entry .= "objectClass: ".$base_data['objectClass'][$i]."\n";
3263 }
3264 if(!in_array_strict("gosaACL",$base_data['objectClass'])){
3265 $base_entry .= "<b>objectClass: gosaACL</b>\n";
3266 }
3267 if(isset($base_data['gosaAclEntry'])){
3268 for($i=0;$i<$base_data['gosaAclEntry']['count'];$i++){
3269 $base_entry .= "gosaAclEntry: ".$base_data['gosaAclEntry'][$i]."\n";
3270 }
3271 }
3272 $this->migrate_acl_base_entry = $base_entry;
3273 $ldap->cd($cv['base']);
3274 $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
3275 while($p_group = $ldap->fetch()){
3276 for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){
3277 $user = $p_group['memberUid'][$e];
3278 if(isset($rusers[$user])){
3279 $bsp_acl_entry = "gosaAclEntry: #:psub:".base64_encode($rusers[$user]).":all;cmdrw\n";
3280 $entry = array();
3281 $entry['uid'] = $user;
3282 $entry['dn'] = $rusers[$user];
3283 $entry['details'] = $bsp_acl_entry;
3284 $entry['checked'] = FALSE;
3285 $entry['change'] = ":psub:".base64_encode($rusers[$user]).":all;cmdrw";
3286 $this->migrate_users[] = $entry;
3287 }
3288 }
3289 }
3290 }
3291 }
3292 }
3293 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
3294 ?>