![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/monitoring.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
62 var $show_details = FALSE;
64 /* Department migration attributes */
65 var $users_migration_dialog= FALSE;
66 var $users_to_migrate = array();
68 /* Create Acl attributes */
69 var $acl_create_dialog = FALSE;
70 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
71 var $acl_create_changes = ""; // Contains ldif information about changes
72 var $acl_create_confirmed= FALSE;
74 /* Checks initialised ? */
75 var $checks_initialised = FALSE;
77 /* Users outside to people ou */
78 var $outside_users = array();
79 var $outside_users_dialog = FALSE;
81 /* Users outside to groups ou */
82 var $outside_groups = array();
83 var $outside_groups_dialog = FALSE;
85 /* Win-Workstations outside to reserved ou */
86 var $outside_winstations = array();
87 var $outside_winstations_dialog = FALSE;
89 /* check for multiple use of same uidNumber */
90 var $check_uidNumbers = array();
91 var $check_uidNumbers_dialog = FALSE;
93 /* check for multiple use of same gidNumber */
94 var $check_gidNumbers = array();
95 var $check_gidNumbers_dialog = FALSE;
98 function Step_Migrate()
99 {
100 $this->update_strings();
101 }
103 function update_strings()
104 {
105 $this->s_title = _("LDAP inspection");
106 $this->s_title_long = _("LDAP inspection");
107 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
108 }
110 function initialize_checks()
111 {
112 $this->checks = array();
113 $this->checks['root']['TITLE'] = _("Checking for root object");
114 $this->checks['root']['STATUS'] = FALSE;
115 $this->checks['root']['STATUS_MSG']= "";
116 $this->checks['root']['ERROR_MSG'] = "";
117 $this->checkBase();
119 $this->checks['permissions']['TITLE'] = _("Checking permissions on LDAP database");
120 $this->checks['permissions']['STATUS'] = FALSE;
121 $this->checks['permissions']['STATUS_MSG']= "";
122 $this->checks['permissions']['ERROR_MSG'] = "";
123 $this->check_ldap_permissions();
125 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible departments");
126 $this->checks['deps_visible']['STATUS'] = FALSE;
127 $this->checks['deps_visible']['STATUS_MSG']= "";
128 $this->checks['deps_visible']['ERROR_MSG'] = "";
129 $this->check_organizationalUnits();
131 $this->checks['users_visible']['TITLE'] = _("Checking for invisible users");
132 $this->checks['users_visible']['STATUS'] = FALSE;
133 $this->checks['users_visible']['STATUS_MSG']= "";
134 $this->checks['users_visible']['ERROR_MSG'] = "";
135 $this->check_gosaAccounts();
137 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
138 $this->checks['acls']['STATUS'] = FALSE;
139 $this->checks['acls']['STATUS_MSG']= "";
140 $this->checks['acls']['ERROR_MSG'] = "";
141 $this->check_administrativeAccount();
143 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree");
144 $this->checks['outside_users']['STATUS'] = FALSE;
145 $this->checks['outside_users']['STATUS_MSG']= "";
146 $this->checks['outside_users']['ERROR_MSG'] = "";
147 $this->search_outside_users();
149 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree");
150 $this->checks['outside_groups']['STATUS'] = FALSE;
151 $this->checks['outside_groups']['STATUS_MSG']= "";
152 $this->checks['outside_groups']['ERROR_MSG'] = "";
153 $this->search_outside_groups();
155 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation tree");
156 $this->checks['outside_winstations']['STATUS'] = FALSE;
157 $this->checks['outside_winstations']['STATUS_MSG']= "";
158 $this->checks['outside_winstations']['ERROR_MSG'] = "";
159 $this->search_outside_winstations();
161 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicated UID numbers");
162 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
163 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
164 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
165 $this->check_uidNumber();
167 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate GID numbers");
168 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
169 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
170 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
171 $this->check_gidNumber();
172 }
175 /* Check if there are uidNumbers which are used more than once.
176 */
177 function check_uidNumber()
178 {
179 /* Establish ldap connection */
180 $cv = $this->parent->captured_values;
181 $ldap_l = new LDAP($cv['admin'],
182 $cv['password'],
183 $cv['connection'],
184 FALSE,
185 $cv['tls']);
187 $ldap = new ldapMultiplexer($ldap_l);
189 $ldap->cd($cv['base']);
190 $res = $ldap->search("uidNumber=*",array("dn","uidNumber"));
191 if(!$res){
192 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
193 $this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
194 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
195 return(false);
196 }
198 $this->check_uidNumbers= array();
199 $tmp = array();
200 while($attrs = $ldap->fetch()){
201 $tmp[$attrs['uidNumber'][0]][] = $attrs;
202 }
204 foreach($tmp as $id => $entries){
205 if(count($entries) > 1){
206 foreach($entries as $entry){
207 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
208 }
209 }
210 }
212 if($this->check_uidNumbers){
213 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
214 $this->checks['uidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
215 $this->checks['uidNumber_usage']['ERROR_MSG'] =
216 sprintf(_("Found %s duplicate values for attribute 'uidNumber'."),count($this->check_uidNumbers));
217 return(false);
218 }else{
219 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
220 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
221 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
222 return(TRUE);
223 }
224 }
227 /* Check if there are duplicated gidNumbers present in ldap
228 */
229 function check_gidNumber()
230 {
231 /* Establish ldap connection */
232 $cv = $this->parent->captured_values;
233 $ldap_l = new LDAP($cv['admin'],
234 $cv['password'],
235 $cv['connection'],
236 FALSE,
237 $cv['tls']);
239 $ldap = new ldapMultiplexer($ldap_l);
241 $ldap->cd($cv['base']);
242 $res = $ldap->search("(&(objectClass=posixGroup)(gidNumber=*))",array("dn","gidNumber"));
243 if(!$res){
244 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
245 $this->checks['gidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
246 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
247 return(false);
248 }
250 $this->check_gidNumbers= array();
251 $tmp = array();
252 while($attrs = $ldap->fetch()){
253 $tmp[$attrs['gidNumber'][0]][] = $attrs;
254 }
256 foreach($tmp as $id => $entries){
257 if(count($entries) > 1){
258 foreach($entries as $entry){
259 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
260 }
261 }
262 }
264 if($this->check_gidNumbers){
265 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
266 $this->checks['gidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
267 $this->checks['gidNumber_usage']['ERROR_MSG'] =
268 sprintf(_("Found %s duplicate values for attribute 'gidNumber'."),count($this->check_gidNumbers));
269 return(false);
270 }else{
271 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
272 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
273 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
274 return(TRUE);
275 }
276 }
279 /* Search for winstations outside the winstation ou
280 */
281 function search_outside_winstations()
282 {
283 /* Establish ldap connection */
284 $cv = $this->parent->captured_values;
285 $ldap_l = new LDAP($cv['admin'],
286 $cv['password'],
287 $cv['connection'],
288 FALSE,
289 $cv['tls']);
291 $ldap = new ldapMultiplexer($ldap_l);
293 /* Get winstation ou */
294 if($cv['generic_settings']['wws_ou_active']) {
295 $winstation_ou = $cv['generic_settings']['ws_ou'];
296 }else{
297 $winstation_ou = "ou=winstations";
298 }
300 if($cv['samba_version'] == 3){
301 $oc = "sambaSamAccount";
302 }else{
303 $oc = "sambaAccount";
304 }
306 $ldap->cd($cv['base']);
307 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
308 if(!$res){
309 $this->checks['outside_winstations']['STATUS'] = FALSE;
310 $this->checks['outside_winstations']['STATUS_MSG']= _("LDAP query failed");
311 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
312 return(false);
313 }
315 $this->outside_winstations = array();
316 while($attrs = $ldap->fetch()){
317 if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
318 $attrs['selected'] = FALSE;
319 $attrs['ldif'] = "";
320 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
321 }
322 }
324 if(count($this->outside_winstations)){
325 $this->checks['outside_winstations']['STATUS'] = FALSE;
326 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
327 $this->checks['outside_winstations']['ERROR_MSG'] =
328 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
329 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."...'>";
330 return(false);
331 }else{
332 $this->checks['outside_winstations']['STATUS'] = TRUE;
333 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
334 $this->checks['outside_winstations']['ERROR_MSG'] = "";
335 return(TRUE);
336 }
337 }
340 /* Search for groups outside the group ou
341 */
342 function search_outside_groups()
343 {
344 /* Establish ldap connection */
345 $cv = $this->parent->captured_values;
346 $ldap_l = new LDAP($cv['admin'],
347 $cv['password'],
348 $cv['connection'],
349 FALSE,
350 $cv['tls']);
352 $ldap = new ldapMultiplexer($ldap_l);
354 $group_ou = $cv['groupou'];
355 $ldap->cd($cv['base']);
357 /***********
358 * Get all gosaDepartments to be able to
359 * validate correct ldap tree position of every single user
360 ***********/
361 $valid_deps = array();
362 $valid_deps['/'] = $cv['base'];
363 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
364 while($attrs = $ldap->fetch()){
365 $valid_deps[] = $attrs['dn'];
366 }
368 /***********
369 * Get all groups
370 ***********/
371 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
372 if(!$res){
373 $this->checks['outside_groups']['STATUS'] = FALSE;
374 $this->checks['outside_groups']['STATUS_MSG']= _("LDAP query failed");
375 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
376 return(false);
377 }
379 $this->outside_groups = array();
380 while($attrs = $ldap->fetch()){
381 $group_db_base = preg_replace("/^[^,]+,".normalizePreg($group_ou)."+,/i","",$attrs['dn']);
383 /* Check if entry is not an addressbook only user
384 * and verify that he is in a valid department
385 */
386 if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$group_db_base) &&
387 !in_array($group_db_base,$valid_deps)
388 ){
389 $attrs['selected'] = FALSE;
390 $attrs['ldif'] = "";
391 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
392 }
393 }
395 if(count($this->outside_groups)){
396 $this->checks['outside_groups']['STATUS'] = FALSE;
397 $this->checks['outside_groups']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
398 $this->checks['outside_groups']['ERROR_MSG'] =
399 sprintf(_("Found %s groups outside the configured tree '%s'."),count($this->outside_groups),$group_ou);
400 $this->checks['outside_groups']['ERROR_MSG'].= " <input type='submit' name='outside_groups_dialog' value='"._("Move")."...'>";
401 return(false);
402 }else{
403 $this->checks['outside_groups']['STATUS'] = TRUE;
404 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
405 $this->checks['outside_groups']['ERROR_MSG'] = "";
406 return(TRUE);
407 }
408 }
410 /* Search for users outside the people ou
411 */
412 function search_outside_users()
413 {
414 /* Establish ldap connection */
415 $cv = $this->parent->captured_values;
416 $ldap_l = new LDAP($cv['admin'],
417 $cv['password'],
418 $cv['connection'],
419 FALSE,
420 $cv['tls']);
422 $ldap = new ldapMultiplexer($ldap_l);
423 $ldap->cd($cv['base']);
426 /***********
427 * Get all gosaDepartments to be able to
428 * validate correct ldap tree position of every single user
429 ***********/
430 $valid_deps = array();
431 $valid_deps['/'] = $cv['base'];
432 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
433 while($attrs = $ldap->fetch()){
434 $valid_deps[] = $attrs['dn'];
435 }
437 /***********
438 * Search for all users
439 ***********/
440 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
441 if(!$res){
442 $this->checks['outside_users']['STATUS'] = FALSE;
443 $this->checks['outside_users']['STATUS_MSG']= _("LDAP query failed");
444 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
445 return(false);
446 }
448 /***********
449 * Check if returned users are within a valid GOsa deparmtment. (peopleou,gosaDepartment,base)
450 ***********/
451 $this->outside_users = array();
452 $people_ou = trim($cv['peopleou']);
453 if(!empty($people_ou)){
454 $people_ou = $people_ou.",";
455 }
457 while($attrs = $ldap->fetch()){
458 $people_db_base = preg_replace("/^[^,]+,".normalizePreg($people_ou)."/i","",$attrs['dn']);
460 /* Check if entry is not an addressbook only user
461 * and verify that he is in a valid department
462 */
463 if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$people_db_base) &&
464 !in_array($people_db_base,$valid_deps)
465 ){
466 $attrs['selected'] = FALSE;
467 $attrs['ldif'] = "";
468 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
469 }
470 }
472 if(count($this->outside_users)){
473 $this->checks['outside_users']['STATUS'] = FALSE;
474 $this->checks['outside_users']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
475 $this->checks['outside_users']['ERROR_MSG'] =
476 sprintf(_("Found %s user(s) outside the configured tree '%s'."),count($this->outside_users),$people_ou);
477 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Move")."...'>";
478 return(false);
479 }else{
480 $this->checks['outside_users']['STATUS'] = TRUE;
481 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
482 $this->checks['outside_users']['ERROR_MSG'] = "";
483 return(TRUE);
484 }
485 }
488 /* Check ldap accessibility
489 * Create and remove a dummy object,
490 * to ensure that we have the necessary permissions
491 */
492 function check_ldap_permissions()
493 {
494 /* Establish ldap connection */
495 $cv = $this->parent->captured_values;
496 $ldap_l = new LDAP($cv['admin'],
497 $cv['password'],
498 $cv['connection'],
499 FALSE,
500 $cv['tls']);
502 $ldap = new ldapMultiplexer($ldap_l);
504 /* Create dummy entry
505 */
506 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
507 $dn = "ou=".$name.",".$cv['base'];
508 $testEntry= array();
509 $testEntry['objectClass'][]= "top";
510 $testEntry['objectClass'][]= "organizationalUnit";
511 $testEntry['objectClass'][]= "gosaDepartment";
512 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
513 $testEntry['ou'] = $name;
515 /* check if simple ldap cat will be successful
516 */
517 $res = $ldap->cat($cv['base']);
518 if(!$res){
519 $this->checks['permissions']['STATUS'] = FALSE;
520 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
521 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
522 return(false);
523 }
525 /* Try to create dummy object
526 */
527 $ldap->cd ($dn);
528 $ldap->create_missing_trees($dn);
529 $res = $ldap->add($testEntry);
530 $ldap->cat($dn);
531 if(!$ldap->count()){
532 new log("view","setup/".get_class($this),$dn,array(),$ldap->get_error());
534 $this->checks['permissions']['STATUS'] = FALSE;
535 $this->checks['permissions']['STATUS_MSG']= _("Failed");
536 $this->checks['permissions']['ERROR_MSG'] =
537 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
538 return(false);
539 }
541 /* Try to remove created entry
542 */
543 $res = $ldap->rmDir($dn);
544 $ldap->cat($dn);
545 if($ldap->count()){
546 new log("view","setup/".get_class($this),$dn,array(),$ldap->get_error());
547 $this->checks['permissions']['STATUS'] = FALSE;
548 $this->checks['permissions']['STATUS_MSG']= _("Failed");
549 $this->checks['permissions']['ERROR_MSG'] =
550 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
551 return(false);
552 }
554 /* Create & remove of dummy object was successful */
555 $this->checks['permissions']['STATUS'] = TRUE;
556 $this->checks['permissions']['STATUS_MSG']= _("Ok");
557 $this->checks['permissions']['ERROR_MSG'] = "";
558 return(true);
559 }
562 /* Check if there are users which will
563 * be invisible for GOsa
564 */
565 function check_gosaAccounts()
566 {
567 /* Remember old list of ivisible users, to be able to set
568 * the 'html checked' status for the checkboxes again
569 */
570 $cnt_ok = 0;
571 $old = $this->users_to_migrate;
572 $this->users_to_migrate = array();
574 /* Establish ldap connection */
575 $cv = $this->parent->captured_values;
576 $ldap_l = new LDAP($cv['admin'],
577 $cv['password'],
578 $cv['connection'],
579 FALSE,
580 $cv['tls']);
582 $ldap = new ldapMultiplexer($ldap_l);
584 /* Get all invisible users
585 */
586 $ldap->cd($cv['base']);
587 $res =$ldap->search("(&(|(objectClass=posixAccount)(&(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))(!(objectClass=gosaAccount))(uid=*))",array("sn","givenName","cn","uid"));
588 while($attrs = $ldap->fetch()){
589 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
590 $attrs['checked'] = FALSE;
591 $attrs['before'] = "";
592 $attrs['after'] = "";
594 /* Set objects to selected, that were selected before reload */
595 if(isset($old[base64_encode($attrs['dn'])])){
596 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
597 }
598 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
599 }
600 }
602 /* No invisible */
603 if(!$res){
604 $this->checks['users_visible']['STATUS'] = FALSE;
605 $this->checks['users_visible']['STATUS_MSG']= _("LDAP query failed");
606 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
607 }elseif(count($this->users_to_migrate) == 0){
608 $this->checks['users_visible']['STATUS'] = TRUE;
609 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
610 $this->checks['users_visible']['ERROR_MSG'] = "";
611 }else{
612 $this->checks['users_visible']['STATUS'] = FALSE;
613 $this->checks['users_visible']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
614 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s user(s) that will not be visible in GOsa."),
615 count($this->users_to_migrate));
616 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."...'>";
617 }
618 }
621 /* Start user account migration
622 */
623 function migrate_gosaAccounts($only_ldif = FALSE)
624 {
625 $this->show_details= $only_ldif;
627 /* Establish ldap connection */
628 $cv = $this->parent->captured_values;
629 $ldap_l = new LDAP($cv['admin'],
630 $cv['password'],
631 $cv['connection'],
632 FALSE,
633 $cv['tls']);
635 $ldap = new ldapMultiplexer($ldap_l);
637 /* Add gosaAccount objectClass to the selected users
638 */
639 foreach($this->users_to_migrate as $key => $dep){
640 if($dep['checked']){
642 /* Get old objectClasses */
643 $ldap->cat($dep['dn'],array("objectClass"));
644 $attrs = $ldap->fetch();
646 /* Create new objectClass array */
647 $new_attrs = array();
648 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
649 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
650 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
651 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
652 }
653 }
655 /* Set info attributes for current object,
656 * or write changes to the ldap database
657 */
658 if($only_ldif){
659 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
660 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
661 }else{
662 $ldap->cd($attrs['dn']);
663 if(!$ldap->modify($new_attrs)){
664 msg_dialog::display(_("Migration error"), sprintf(_("Cannot migrate department '%s':")."<br><br><i>%s</i>",LDAP::fix($attrs['dn']),$ldap->get_error()), ERROR_DIALOG);
665 return(false);
666 }
667 }
668 }
669 }
670 return(TRUE);
671 }
674 /* Check if there are invisible organizational Units
675 */
676 function check_organizationalUnits()
677 {
678 $cnt_ok = 0;
679 $old = $this->deps_to_migrate;
680 $this->deps_to_migrate = array();
682 /* Establish ldap connection */
683 $cv = $this->parent->captured_values;
684 $ldap_l = new LDAP($cv['admin'],
685 $cv['password'],
686 $cv['connection'],
687 FALSE,
688 $cv['tls']);
690 $ldap = new ldapMultiplexer($ldap_l);
692 /* Skip GOsa internal departments */
693 $skip_dns = array("/".$cv['peopleou']."/","/".$cv['groupou']."/","/^ou=people,/","/^ou=groups,/",
694 "/(,|)ou=configs,/","/(,|)ou=systems,/",
695 "/(,|)ou=apps,/","/(,|)ou=mime,/","/(,|)ou=devices/","/^ou=aclroles,/","/^ou=incoming,/",
696 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
697 "/(,|)ou=winstations,/");
699 /* Get all invisible departments */
700 $ldap->cd($cv['base']);
701 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
702 while($attrs = $ldap->fetch()){
703 $attrs['checked'] = FALSE;
704 $attrs['before'] = "";
705 $attrs['after'] = "";
707 /* Set objects to selected, that were selected before reload */
708 if(isset($old[base64_encode($attrs['dn'])])){
709 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
710 }
711 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
712 }
714 /* Filter returned list of departments and ensure that
715 * GOsa internal departments will not be listed
716 */
717 foreach($this->deps_to_migrate as $key => $attrs){
718 $dn = $attrs['dn'];
719 $skip = false;;
720 foreach($skip_dns as $skip_dn){
721 if(preg_match($skip_dn,$dn)){
722 $skip = true;
723 }
724 }
725 if($skip){
726 unset($this->deps_to_migrate[$key]);
727 }
728 }
730 /* If we have no invisible departments found
731 * tell the user that everything is ok
732 */
733 if(!$res){
734 $this->checks['deps_visible']['STATUS'] = FALSE;
735 $this->checks['deps_visible']['STATUS_MSG']= _("LDAP query failed");
736 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
737 }elseif(count($this->deps_to_migrate) == 0 ){
738 $this->checks['deps_visible']['STATUS'] = TRUE;
739 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
740 $this->checks['deps_visible']['ERROR_MSG'] = "";
741 }else{
742 $this->checks['deps_visible']['STATUS'] = TRUE;
743 $this->checks['deps_visible']['STATUS_MSG']= '<font style="color:#FFA500">'._("Warning").'</font>';
744 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s department(s) that will not be visible in GOsa."),count($this->deps_to_migrate));
745 $this->checks['deps_visible']['ERROR_MSG'] .= " <input type='submit' name='deps_visible_migrate' value='"._("Migrate")."...'>";
746 }
747 }
751 /* Start deparmtment migration */
752 function migrate_organizationalUnits($only_ldif = FALSE)
753 {
754 $this->show_details= $only_ldif;
756 /* Establish ldap connection */
757 $cv = $this->parent->captured_values;
758 $ldap_l = new LDAP($cv['admin'],
759 $cv['password'],
760 $cv['connection'],
761 FALSE,
762 $cv['tls']);
764 $ldap = new ldapMultiplexer($ldap_l);
766 /* Add gosaDepartment objectClass to each selected entry
767 */
768 foreach($this->deps_to_migrate as $key => $dep){
769 if($dep['checked']){
771 /* Get current objectClasses */
772 $ldap->cat($dep['dn'],array("objectClass","description"));
773 $attrs = $ldap->fetch();
775 /* Create new objectClass attribute including gosaDepartment*/
776 $new_attrs = array();
777 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
778 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
779 }
780 $new_attrs['objectClass'][] = "gosaDepartment";
782 /* Append description it is missing */
783 if(!isset($attrs['description'])){
784 $new_attrs['description'][] = "GOsa department";
785 }
787 /* Depending on the parameter >only_diff< we save the changes as ldif
788 * or we write our changes directly to the ldap database
789 */
790 if($only_ldif){
791 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
792 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
793 }else{
794 $ldap->cd($attrs['dn']);
795 if(!$ldap->modify($new_attrs)){
796 msg_dialog::display(_("Migration error"), sprintf(_("Cannot migrate department '%s':")."<br><br><i>%s</i>",LDAP::fix($attrs['dn']), $ldap->get_error()), ERROR_DIALOG);
797 return(false);
798 }
799 }
800 }
801 }
802 return(TRUE);
803 }
806 /* Check Acls if there is at least one object with acls defined
807 */
808 function check_administrativeAccount()
809 {
810 /* Establish ldap connection */
811 $cv = $this->parent->captured_values;
812 $ldap_l = new LDAP($cv['admin'],
813 $cv['password'],
814 $cv['connection'],
815 FALSE,
816 $cv['tls']);
818 $ldap = new ldapMultiplexer($ldap_l);
819 $ldap->cd($cv['base']);
820 $res = $ldap->cat($cv['base']);
822 if(!$res){
823 $this->checks['acls']['STATUS'] = FALSE;
824 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
825 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
826 }else{
827 $found = false;
828 $username = "";
829 $attrs = $ldap->fetch();
830 if(isset($attrs['gosaAclEntry'])){
831 $acls = $attrs['gosaAclEntry'];
832 for($i = 0 ; $i < $acls['count'] ; $i++){
833 $acl = $acls[$i];
834 $tmp = split(":",$acl);
835 if($tmp[1] == "psub"){
836 $members = split(",",$tmp[2]);
837 foreach($members as $member){
838 $member = base64_decode($member);
840 /* Check if acl owner is a valid GOsa user account */
841 $ldap->cat($member,array("objectClass","uid","cn"));
842 $ret = $ldap->fetch();
844 if(isset($ret['objectClass']) && in_array("posixGroup",$ret['objectClass'])){
845 $found = TRUE;
846 $username .= "ACL-Group: ".$ret['cn'][0]."<br>";
847 }elseif(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
848 in_array("organizationalPerson",$ret['objectClass']) &&
849 in_array("inetOrgPerson",$ret['objectClass'])){
850 $found = TRUE;
851 $username .= "ACL: ".$ret['uid'][0]."<br>";
852 }
853 }
854 }elseif($tmp[1] == "role"){
856 /* Check if acl owner is a valid GOsa user account */
857 $ldap->cat(base64_decode($tmp[2]),array("gosaAclTemplate"));
858 $ret = $ldap->fetch();
860 if(isset($ret['gosaAclTemplate'])){
861 $cnt = $ret['gosaAclTemplate']['count'];
862 for($e = 0 ; $e < $cnt ; $e++){
864 $a_str = $ret['gosaAclTemplate'][$e];
865 if(preg_match("/^[0-9]*:psub:/",$a_str) && preg_match("/:all;cmdrw$/",$a_str)){
867 $members = split(",",$tmp[3]);
868 foreach($members as $member){
869 $member = base64_decode($member);
871 /* Check if acl owner is a valid GOsa user account */
872 $ldap->cat($member,array("objectClass","uid"));
873 $ret = $ldap->fetch();
875 if(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
876 in_array("organizationalPerson",$ret['objectClass']) &&
877 in_array("inetOrgPerson",$ret['objectClass'])){
878 $found = TRUE;
879 $username .= "ACL Role: ".$ret['uid'][0]."<br>";
880 }
881 }
882 }
883 }
884 }
885 }
886 }
887 }
889 # For debugging
890 #echo $username;
892 if($found){
893 $this->checks['acls']['STATUS'] = TRUE;
894 $this->checks['acls']['STATUS_MSG']= _("Ok");
895 $this->checks['acls']['ERROR_MSG'] = "";
896 }else{
897 $this->checks['acls']['STATUS'] = FALSE;
898 $this->checks['acls']['STATUS_MSG']= _("Failed");
899 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
900 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
901 }
902 }
903 return($ldap->count()>=1);
904 }
908 function create_admin($only_ldif = FALSE)
909 {
910 /* Reset '' */
911 $this->acl_create_changes="";
913 /* Object that should receive admin acls */
914 $dn = $this->acl_create_selected;
916 /* Get collected configuration settings */
917 $cv = $this->parent->captured_values;
919 /* On first call check for rid/sid base */
920 $ldap_l = new LDAP($cv['admin'],
921 $cv['password'],
922 $cv['connection'],
923 FALSE,
924 $cv['tls']);
926 $ldap = new ldapMultiplexer($ldap_l);
928 /* Get current base attributes */
929 $ldap->cd($cv['base']);
930 $ldap->cat($cv['base'],array("dn","objectClass","gosaAclEntry"));
931 $attrs = $ldap->fetch();
933 /* Add acls for the selcted user to the base */
934 $attrs_new = array();
935 $attrs_new['objectClass'] = array("gosaACL");
937 for($i = 0; $i < $attrs['objectClass']['count']; $i ++){
938 if(!in_array_ics($attrs['objectClass'][$i],$attrs_new['objectClass'])){
939 $attrs_new['objectClass'][] = $attrs['objectClass'][$i];
940 }
941 }
943 $acl = "0:psub:".base64_encode($dn).":all;cmdrw";
944 $attrs_new['gosaAclEntry'][] = $acl;
945 if(isset($attrs['gosaAclEntry'])){
946 for($i = 0 ; $i < $attrs['gosaAclEntry']['count']; $i ++){
948 $prio = preg_replace("/[:].*$/","",$attrs['gosaAclEntry'][$i]);
949 $rest = preg_replace("/^[^:]/","",$attrs['gosaAclEntry'][$i]);
951 $data = ($prio+1).$rest;
952 $attrs_new['gosaAclEntry'][] = $data;
953 }
954 }
956 if($only_ldif){
957 $this->acl_create_changes ="\n".($ldap->fix($cv['base']))."\n";
958 $this->acl_create_changes.=$this->array_to_ldif($attrs)."\n";
959 $this->acl_create_changes.="\n".($ldap->fix($cv['base']))."\n";
960 $this->acl_create_changes.=$this->array_to_ldif($attrs_new);
961 }else{
963 $ldap->cd($cv['base']);
964 if(!$ldap->modify($attrs_new)){
965 msg_dialog::display(_("Migration error"), sprintf(_("Cannot add ACL for user '%s':")."<br><br><i>%s</i>", LDAP::fix($dn), $ldap->get_error()), ERROR_DIALOG);
966 return(FALSE);
967 }else{
968 return(TRUE);
969 }
970 }
971 }
974 function create_admin_user()
975 {
976 $pw1 = $pw2 = "";
977 $uid = "";
979 if(isset($_POST['new_user_uid'])){
980 $uid = $_POST['new_user_uid'];
981 }
982 if(isset($_POST['new_user_password'])){
983 $pw1 = $_POST['new_user_password'];
984 }
985 if(isset($_POST['new_user_password2'])){
986 $pw2 = $_POST['new_user_password2'];
987 }
989 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
990 msg_dialog::display(_("Password error"), _("Provided passwords do not match!"), ERROR_DIALOG);
991 return false;
992 }
994 if(!tests::is_uid($uid) || empty($uid)){
995 msg_dialog::display(_("Input error"), _("Specify a valid user ID!"), ERROR_DIALOG);
996 return false;
997 }
999 /* On first call check for rid/sid base */
1000 $cv = $this->parent->captured_values;
1001 $ldap_l = new LDAP($cv['admin'],
1002 $cv['password'],
1003 $cv['connection'],
1004 FALSE,
1005 $cv['tls']);
1007 $ldap = new ldapMultiplexer($ldap_l);
1009 /* Get current base attributes */
1010 $ldap->cd($cv['base']);
1012 $people_ou = trim($cv['peopleou']);
1013 if(!empty($people_ou)){
1014 $people_ou = trim($people_ou).",";
1015 }
1017 if($cv['peopledn'] == "cn"){
1018 $dn = "cn=System Administrator-".$uid.",".$people_ou.$cv['base'];
1019 }else{
1020 $dn = "uid=".$uid.",".$people_ou.$cv['base'];
1021 }
1023 $methods = @passwordMethod::get_available_methods();
1024 $p_m = $methods[$cv['encryption']];
1025 $p_c = new $p_m(array());
1026 $hash = $p_c->generate_hash($pw2);
1028 $new_user=array();
1029 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
1030 $new_user['givenName'] = "System";
1031 $new_user['sn'] = "Administrator";
1032 $new_user['cn'] = "System Administrator-".$uid;
1033 $new_user['uid'] = $uid;
1034 $new_user['userPassword'] = $hash;
1036 $ldap->cd($cv['base']);
1038 $ldap->cat($dn,array("dn"));
1039 if($ldap->count()){
1040 msg_dialog::display(_("Error"), sprintf(_("Adding an administrative user failed: object '%s' already exists!"), LDAP::fix($dn)), ERROR_DIALOG);
1041 return(FALSE);
1042 }
1044 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
1045 $ldap->cd($dn);
1046 $res = $ldap->add($new_user);
1047 $this->acl_create_selected = $dn;
1048 $this->create_admin();
1050 if(!$res){
1051 msg_dialog::display(_("LDAP error"), $ldap->get_error(), ERROR_DIALOG);
1052 return(FALSE);
1053 }
1055 $this->acl_create_dialog=FALSE;
1056 $this->check_administrativeAccount();
1057 return(TRUE);
1058 }
1061 function migrate_outside_winstations($perform = FALSE)
1062 {
1063 /* Establish ldap connection */
1064 $cv = $this->parent->captured_values;
1065 $ldap_l = new LDAP($cv['admin'],
1066 $cv['password'],
1067 $cv['connection'],
1068 FALSE,
1069 $cv['tls']);
1071 $ldap = new ldapMultiplexer($ldap_l);
1073 $ldap->cd($cv['base']);
1075 /* Check if there was a destination department posted */
1076 if(isset($_POST['move_winstation_to'])){
1077 $destination_dep = $_POST['move_winstation_to'];
1078 }else{
1079 msg_dialog::display(_("LDAP error"), _("Cannot move users to the requested department!"), ERROR_DIALOG);
1080 return(false);
1081 }
1083 foreach($this->outside_winstations as $b_dn => $data){
1084 $this->outside_winstations[$b_dn]['ldif'] ="";
1085 if($data['selected']){
1086 $dn = base64_decode($b_dn);
1087 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1088 if(!$perform){
1089 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".($ldap->fix($dn))."<br>"._("to").":<br>\t".($ldap->fix($d_dn));
1092 /* Check if there are references to this object */
1093 $ldap->search("(&(member=".LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1094 $refs = "";
1095 while($attrs = $ldap->fetch()){
1096 $ref_dn = $attrs['dn'];
1097 $refs .= "<br />\t".$ref_dn;
1098 }
1099 if(!empty($refs)){
1100 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1101 }
1103 }else{
1104 $this->move($dn,$d_dn);
1105 }
1106 }
1107 }
1108 }
1111 function migrate_outside_groups($perform = FALSE)
1112 {
1113 /* Establish ldap connection */
1114 $cv = $this->parent->captured_values;
1115 $ldap_l = new LDAP($cv['admin'],
1116 $cv['password'],
1117 $cv['connection'],
1118 FALSE,
1119 $cv['tls']);
1121 $ldap = new ldapMultiplexer($ldap_l);
1122 $ldap->cd($cv['base']);
1124 /* Check if there was a destination department posted */
1125 if(isset($_POST['move_group_to'])){
1126 $destination_dep = $_POST['move_group_to'];
1127 }else{
1128 msg_dialog::display(_("LDAP error"), _("Cannot move users to the requested department!"), ERROR_DIALOG);
1129 return(false);
1130 }
1132 foreach($this->outside_groups as $b_dn => $data){
1133 $this->outside_groups[$b_dn]['ldif'] ="";
1134 if($data['selected']){
1135 $dn = base64_decode($b_dn);
1136 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1137 if(!$perform){
1139 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".($ldap->fix($dn))."<br>"._("to").":<br>\t".($ldap->fix($d_dn));
1141 /* Check if there are references to this object */
1142 $ldap->search("(&(member=".LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1143 $refs = "";
1144 while($attrs = $ldap->fetch()){
1145 $ref_dn = $attrs['dn'];
1146 $refs .= "<br />\t".$ref_dn;
1147 }
1148 if(!empty($refs)){
1149 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1150 }
1152 }else{
1153 $this->move($dn,$d_dn);
1154 }
1155 }
1156 }
1157 }
1160 function migrate_outside_users($perform = FALSE)
1161 {
1162 /* Establish ldap connection */
1163 $cv = $this->parent->captured_values;
1164 $ldap_l = new LDAP($cv['admin'],
1165 $cv['password'],
1166 $cv['connection'],
1167 FALSE,
1168 $cv['tls']);
1170 $ldap = new ldapMultiplexer($ldap_l);
1171 $ldap->cd($cv['base']);
1173 /* Check if there was a destination department posted */
1174 if(isset($_POST['move_user_to'])){
1175 $destination_dep = $_POST['move_user_to'];
1176 }else{
1177 msg_dialog::display(_("LDAP error"), _("Cannot move users to the requested department!"), ERROR_DIALOG);
1178 return(false);
1179 }
1181 foreach($this->outside_users as $b_dn => $data){
1182 $this->outside_users[$b_dn]['ldif'] ="";
1183 if($data['selected']){
1184 $dn = base64_decode($b_dn);
1185 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1186 if(!$perform){
1187 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".($ldap->fix($dn))."<br>"._("to").":<br>\t".($ldap->fix($d_dn));
1189 /* Check if there are references to this object */
1190 $ldap->search("(&(member=".LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1191 $refs = "";
1192 while($attrs = $ldap->fetch()){
1193 $ref_dn = $attrs['dn'];
1194 $refs .= "<br />\t".$ref_dn;
1195 }
1196 if(!empty($refs)){
1197 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("The following references will be updated").":</i>".$refs;
1198 }
1200 }else{
1201 $this->move($dn,$d_dn);
1202 }
1203 }
1204 }
1205 }
1208 function execute()
1209 {
1210 /* Initialise checks if this is the first call */
1211 if(!$this->checks_initialised || isset($_POST['reload'])){
1212 $this->initialize_checks();
1213 $this->checks_initialised = TRUE;
1214 }
1216 /*************
1217 * Winstations outside the group ou
1218 *************/
1220 if(isset($_POST['outside_winstations_dialog_cancel'])){
1221 $this->outside_winstations_dialog = FALSE;
1222 $this->dialog = FALSE;
1223 $this->show_details = FALSE;
1224 }
1226 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1227 $this->migrate_outside_winstations(FALSE);
1228 }
1230 if(isset($_POST['outside_winstations_dialog_perform'])){
1231 $this->migrate_outside_winstations(TRUE);
1232 $this->search_outside_winstations();
1233 $this->dialog = FALSE;
1234 $this->show_details = FALSE;
1235 $this->outside_winstations_dialog = FALSE;
1236 }
1238 if(isset($_POST['outside_winstations_dialog'])){
1239 $this->outside_winstations_dialog = TRUE;
1240 $this->dialog = TRUE;
1241 }
1243 if($this->outside_winstations_dialog){
1245 /* Fix displayed dn syntax */
1246 $tmp = $this->outside_winstations;
1247 foreach($tmp as $key => $data){
1248 $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
1249 }
1251 $smarty = get_smarty();
1252 $smarty->assign("ous",$this->get_all_winstation_ous());
1253 $smarty->assign("method","outside_winstations");
1254 $smarty->assign("outside_winstations",$tmp);
1255 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1256 }
1257 /*************
1258 * Groups outside the group ou
1259 *************/
1261 if(isset($_POST['outside_groups_dialog_cancel'])){
1262 $this->outside_groups_dialog = FALSE;
1263 $this->show_details = FALSE;
1264 $this->dialog = FALSE;
1265 }
1267 if(isset($_POST['outside_groups_dialog_whats_done'])){
1268 $this->show_details= TRUE;
1269 $this->migrate_outside_groups(FALSE);
1270 }
1272 if(isset($_POST['outside_groups_dialog_refresh'])){
1273 $this->show_details= FALSE;
1274 }
1276 if(isset($_POST['outside_groups_dialog_perform'])){
1277 $this->migrate_outside_groups(TRUE);
1278 $this->dialog = FALSE;
1279 $this->show_details = FALSE;
1280 $this->outside_groups_dialog = FALSE;
1281 $this->initialize_checks();
1282 }
1284 if(isset($_POST['outside_groups_dialog'])){
1285 $this->outside_groups_dialog = TRUE;
1286 $this->dialog = TRUE;
1287 }
1289 if($this->outside_groups_dialog){
1291 /* Fix displayed dn syntax */
1292 $tmp = $this->outside_groups;
1293 foreach($tmp as $key => $data){
1294 $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
1295 }
1297 $smarty = get_smarty();
1298 $smarty->assign("ous",$this->get_all_group_ous());
1299 $smarty->assign("method","outside_groups");
1300 $smarty->assign("outside_groups",$tmp);
1301 $smarty->assign("group_details", $this->show_details);
1302 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1303 }
1305 /*************
1306 * User outside the people ou
1307 *************/
1309 if(isset($_POST['outside_users_dialog_cancel'])){
1310 $this->outside_users_dialog = FALSE;
1311 $this->dialog = FALSE;
1312 $this->show_details = FALSE;
1313 }
1315 if(isset($_POST['outside_users_dialog_whats_done'])){
1316 $this->show_details= TRUE;
1317 $this->migrate_outside_users(FALSE);
1318 }
1320 if(isset($_POST['outside_users_dialog_perform'])){
1321 $this->migrate_outside_users(TRUE);
1322 $this->initialize_checks();
1323 $this->dialog = FALSE;
1324 $this->show_details = FALSE;
1325 $this->outside_users_dialog = FALSE;
1326 }
1328 if (isset($_POST['outside_users_dialog_refresh'])){
1329 $this->show_details= FALSE;
1330 }
1332 if(isset($_POST['outside_users_dialog'])){
1333 $this->outside_users_dialog = TRUE;
1334 $this->dialog = TRUE;
1335 }
1337 if($this->outside_users_dialog){
1339 /* Fix displayed dn syntax */
1340 $tmp = $this->outside_users;
1341 foreach($tmp as $key => $data){
1342 $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
1343 }
1345 $smarty = get_smarty();
1346 $smarty->assign("ous",$this->get_all_people_ous());
1347 $smarty->assign("method","outside_users");
1348 $smarty->assign("outside_users",$tmp);
1349 $smarty->assign("user_details", $this->show_details);
1350 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1351 }
1353 /*************
1354 * Root object check
1355 *************/
1357 if(isset($_POST['retry_root_create'])){
1359 $state = $this->checks['root']['STATUS'];
1360 $this->checkBase(FALSE);
1361 if($state != $this->checks['root']['STATUS']){
1362 $this->initialize_checks();
1363 }
1364 }
1366 /*************
1367 * User Migration handling
1368 *************/
1370 if(isset($_POST['retry_acls'])){
1371 $this->check_administrativeAccount();
1372 }
1374 if(isset($_POST['create_acls'])){
1375 $this->acl_create_dialog = TRUE;
1376 $this->dialog = TRUE;
1377 }
1379 if(isset($_POST['create_acls_cancel'])){
1380 $this->acl_create_dialog = FALSE;
1381 $this->dialog = FALSE;
1382 $this->show_details = FALSE;
1383 }
1385 # if(isset($_POST['create_acls_create_confirmed'])){
1386 # if($this->create_admin()){
1387 # $this->acl_create_dialog = FALSE;
1388 # $this->dialog = FALSE;
1389 # $this->show_details = FALSE;
1390 # $this->initialize_checks();
1391 # }
1392 # }
1394 if(isset($_POST['create_acls_create'])){
1395 $this->create_admin(TRUE);
1396 }
1398 if(isset($_POST['create_admin_user'])){
1399 if($this->create_admin_user()){
1400 $this->dialog = FALSE;
1401 $this->show_details = FALSE;
1402 }
1403 }
1405 if($this->acl_create_dialog){
1406 $smarty = get_smarty();
1408 $uid = "admin";
1409 if(isset($_POST['new_user_uid'])){
1410 $uid = $_POST['new_user_uid'];
1411 }
1413 $smarty->assign("new_user_uid",$uid);
1414 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1415 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1416 $smarty->assign("method","create_acls");
1417 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1418 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1419 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1420 }
1422 /*************
1423 * User Migration handling
1424 *************/
1426 /* Refresh list of deparments */
1427 if(isset($_POST['users_visible_migrate_refresh'])){
1428 $this->check_gosaAccounts();
1429 }
1431 /* Open migration dialog */
1432 if(isset($_POST['users_visible_migrate'])){
1433 $this->show_details= FALSE;
1434 $this->users_migration_dialog = TRUE;
1435 $this->dialog =TRUE;
1436 }
1438 /* Close migration dialog */
1439 if(isset($_POST['users_visible_migrate_close'])){
1440 $this->users_migration_dialog = FALSE;
1441 $this->dialog =FALSE;
1442 $this->show_details = FALSE;
1443 }
1445 /* Start migration */
1446 if(isset($_POST['users_visible_migrate_migrate'])){
1447 if($this->migrate_gosaAccounts()){
1448 $this->initialize_checks();
1449 $this->dialog = FALSE;
1450 $this->show_details = FALSE;
1451 $this->users_migration_dialog = FALSE;
1452 }
1453 }
1455 /* Start migration */
1456 if(isset($_POST['users_visible_migrate_whatsdone'])){
1457 $this->migrate_gosaAccounts(TRUE);
1458 }
1460 /* Display migration dialog */
1461 if($this->users_migration_dialog){
1463 /* Fix displayed dn syntax */
1464 $tmp = $this->users_to_migrate;
1465 foreach($tmp as $key => $data){
1466 $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
1467 }
1469 $smarty = get_smarty();
1470 $smarty->assign("users_to_migrate",$tmp);
1471 $smarty->assign("method","migrate_users");
1472 $smarty->assign("user_details", $this->show_details);
1473 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1474 }
1477 /*************
1478 * Department Migration handling
1479 *************/
1481 /* Refresh list of deparments */
1482 if(isset($_POST['deps_visible_migrate_refresh'])){
1483 $this->check_organizationalUnits();
1484 $this->show_details= FALSE;
1485 }
1487 /* Open migration dialog */
1488 if(isset($_POST['deps_visible_migrate'])){
1489 $this->dep_migration_dialog = TRUE;
1490 $this->dialog =TRUE;
1491 }
1493 /* Close migration dialog */
1494 if(isset($_POST['deps_visible_migrate_close'])){
1495 $this->dep_migration_dialog = FALSE;
1496 $this->dialog =FALSE;
1497 $this->show_details = FALSE;
1498 }
1500 /* Start migration */
1501 if(isset($_POST['deps_visible_migrate_migrate'])){
1502 if($this->migrate_organizationalUnits()){
1503 $this->show_details= FALSE;
1504 $this->check_organizationalUnits();
1505 $this->dialog = FALSE;
1506 $this->dep_migration_dialog = FALSE;
1507 }
1508 }
1510 /* Start migration */
1511 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1512 $this->migrate_organizationalUnits(TRUE);
1513 }
1515 /* Display migration dialog */
1516 if($this->dep_migration_dialog){
1517 $smarty = get_smarty();
1519 /* Fix displayed dn syntax */
1520 $tmp = $this->deps_to_migrate;
1521 foreach($tmp as $key => $data){
1522 $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
1523 }
1525 $smarty->assign("deps_to_migrate",$tmp);
1526 $smarty->assign("method","migrate_deps");
1527 $smarty->assign("deps_details", $this->show_details);
1528 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1529 }
1531 $smarty = get_smarty();
1532 $smarty->assign("checks",$this->checks);
1533 $smarty->assign("method","default");
1534 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1535 }
1538 function save_object()
1539 {
1540 $this->is_completed= TRUE;
1542 /* Capture all selected winstations from outside_winstations_dialog */
1543 if($this->outside_winstations_dialog){
1544 foreach($this->outside_winstations as $dn => $data){
1545 if(isset($_POST['select_winstation_'.$dn])){
1546 $this->outside_winstations[$dn]['selected'] = TRUE;
1547 }else{
1548 $this->outside_winstations[$dn]['selected'] = FALSE;
1549 }
1550 }
1551 }
1553 /* Capture all selected groups from outside_groups_dialog */
1554 if($this->outside_groups_dialog){
1555 foreach($this->outside_groups as $dn => $data){
1556 if(isset($_POST['select_group_'.$dn])){
1557 $this->outside_groups[$dn]['selected'] = TRUE;
1558 }else{
1559 $this->outside_groups[$dn]['selected'] = FALSE;
1560 }
1561 }
1562 }
1564 /* Capture all selected users from outside_users_dialog */
1565 if($this->outside_users_dialog){
1566 foreach($this->outside_users as $dn => $data){
1567 if(isset($_POST['select_user_'.$dn])){
1568 $this->outside_users[$dn]['selected'] = TRUE;
1569 }else{
1570 $this->outside_users[$dn]['selected'] = FALSE;
1571 }
1572 }
1573 }
1575 /* Get "create acl" dialog posts */
1576 if($this->acl_create_dialog){
1578 if(isset($_POST['create_acls_create_abort'])){
1579 $this->acl_create_selected = "";
1580 }
1581 }
1583 /* Get selected departments */
1584 if($this->dep_migration_dialog){
1585 foreach($this->deps_to_migrate as $id => $data){
1586 if(isset($_POST['migrate_'.$id])){
1587 $this->deps_to_migrate[$id]['checked'] = TRUE;
1588 }else{
1589 $this->deps_to_migrate[$id]['checked'] = FALSE;
1590 }
1591 }
1592 }
1594 /* Get selected users */
1595 if($this->users_migration_dialog){
1596 foreach($this->users_to_migrate as $id => $data){
1597 if(isset($_POST['migrate_'.$id])){
1598 $this->users_to_migrate[$id]['checked'] = TRUE;
1599 }else{
1600 $this->users_to_migrate[$id]['checked'] = FALSE;
1601 }
1602 }
1603 }
1604 }
1607 /* Check if the root object exists.
1608 * If the parameter just_check is true, then just check if the
1609 * root object is missing and update the info messages.
1610 * If the Parameter is false, try to create a new root object.
1611 */
1612 function checkBase($just_check = TRUE)
1613 {
1614 /* Establish ldap connection */
1615 $cv = $this->parent->captured_values;
1616 $ldap_l = new LDAP($cv['admin'],
1617 $cv['password'],
1618 $cv['connection'],
1619 FALSE,
1620 $cv['tls']);
1622 $ldap = new ldapMultiplexer($ldap_l);
1624 /* Check if root object exists */
1625 $ldap->cd($cv['base']);
1626 $res = $ldap->search("(objectClass=*)");
1627 $err = ldap_errno($ldap->cid);
1629 if( !$res ||
1630 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1631 $err == 0x40) { # LDAP_NAMING_VIOLATION
1633 /* Root object doesn't exists
1634 */
1635 if($just_check){
1636 $this->checks['root']['STATUS'] = FALSE;
1637 $this->checks['root']['STATUS_MSG']= _("Failed");
1638 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
1639 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1640 return(FALSE);
1641 }else{
1643 /* Add root object */
1644 $ldap->cd($cv['base']);
1645 $res = $ldap->create_missing_trees($cv['base']);
1647 /* If adding failed, tell the user */
1648 if(!$res){
1649 $this->checks['root']['STATUS'] = FALSE;
1650 $this->checks['root']['STATUS_MSG']= _("Failed");
1651 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
1652 $this->checks['root']['ERROR_MSG'].= " <input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1653 return($res);;
1654 }
1655 }
1656 }
1658 /* Create & remove of dummy object was successful */
1659 $this->checks['root']['STATUS'] = TRUE;
1660 $this->checks['root']['STATUS_MSG']= _("Ok");
1661 }
1664 /* Return ldif information for a
1665 * given attribute array
1666 */
1667 function array_to_ldif($atts)
1668 {
1669 $ret = "";
1670 unset($atts['count']);
1671 unset($atts['dn']);
1672 foreach($atts as $name => $value){
1673 if(is_numeric($name)) {
1674 continue;
1675 }
1676 if(is_array($value)){
1677 unset($value['count']);
1678 foreach($value as $a_val){
1679 $ret .= $name.": ". $a_val."\n";
1680 }
1681 }else{
1682 $ret .= $name.": ". $value."\n";
1683 }
1684 }
1685 return(preg_replace("/\n$/","",$ret));
1686 }
1689 function get_user_list()
1690 {
1691 /* Establish ldap connection */
1692 $cv = $this->parent->captured_values;
1693 $ldap_l = new LDAP($cv['admin'],
1694 $cv['password'],
1695 $cv['connection'],
1696 FALSE,
1697 $cv['tls']);
1699 $ldap = new ldapMultiplexer($ldap_l);
1700 $ldap->cd($cv['base']);
1701 $ldap->search("(objectClass=gosaAccount)",array("dn"));
1703 $tmp = array();
1704 while($attrs = $ldap->fetch()){
1705 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1706 }
1707 return($tmp);
1708 }
1711 function get_all_people_ous()
1712 {
1713 /* Get collected configuration settings */
1714 $cv = $this->parent->captured_values;
1715 $people_ou = trim($cv['peopleou']);
1717 /* Establish ldap connection */
1718 $cv = $this->parent->captured_values;
1719 $ldap_l = new LDAP($cv['admin'],
1720 $cv['password'],
1721 $cv['connection'],
1722 FALSE,
1723 $cv['tls']);
1725 $ldap = new ldapMultiplexer($ldap_l);
1727 /*****************
1728 * If people ou is NOT empty
1729 * search for for all objects matching the given container
1730 *****************/
1731 if(!empty($people_ou)){
1732 $ldap->search("(".$people_ou.")",array("dn"));
1734 /* Create people ou if there is currently none */
1735 if($ldap->count() == 0 ){
1736 $add_dn = $cv['peopleou'].",".$cv['base'];
1737 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1738 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1739 $add = array();
1740 $add['objectClass'] = array("organizationalUnit");
1741 $add[$naming_attr] = $naming_value;
1742 $ldap->cd($cv['base']);
1743 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1744 $ldap->cd($add_dn);
1745 $ldap->add($add);
1746 }
1748 /* Create result */
1749 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1750 $tmp = array();
1751 while($attrs= $ldap->fetch()){
1752 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1753 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1754 }
1755 }
1756 } else{
1758 /************
1759 * If people ou is empty
1760 * Get all valid gosaDepartments
1761 ************/
1762 $ldap->cd($cv['base']);
1763 $tmp = array();
1764 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
1765 $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
1766 while($attrs = $ldap->fetch()){
1767 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
1768 }
1769 }
1770 return($tmp);
1771 }
1774 function get_all_winstation_ous()
1775 {
1776 /* Establish ldap connection */
1777 $cv = $this->parent->captured_values;
1778 $ldap_l = new LDAP($cv['admin'],
1779 $cv['password'],
1780 $cv['connection'],
1781 FALSE,
1782 $cv['tls']);
1784 $ldap = new ldapMultiplexer($ldap_l);
1786 /* Get winstation ou */
1787 if($cv['generic_settings']['wws_ou_active']) {
1788 $winstation_ou = $cv['generic_settings']['ws_ou'];
1789 }else{
1790 $winstation_ou = "ou=winstations";
1791 }
1793 $ldap->cd($cv['base']);
1794 $ldap->search("(".$winstation_ou.")",array("dn"));
1796 if($ldap->count() == 0 ){
1797 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
1798 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1799 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1800 $add = array();
1801 $add['objectClass'] = array("organizationalUnit");
1802 $add[$naming_attr] = $naming_value;
1804 $ldap->cd($cv['base']);
1805 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1806 $ldap->cd($add_dn);
1807 $ldap->add($add);
1808 }
1810 $ldap->search("(".$winstation_ou.")",array("dn"));
1811 $tmp = array();
1812 while($attrs= $ldap->fetch()){
1813 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1814 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1815 }
1816 }
1817 return($tmp);
1818 }
1821 function get_all_group_ous()
1822 {
1823 /* Establish ldap connection */
1824 $cv = $this->parent->captured_values;
1825 $ldap_l = new LDAP($cv['admin'],
1826 $cv['password'],
1827 $cv['connection'],
1828 FALSE,
1829 $cv['tls']);
1831 $ldap = new ldapMultiplexer($ldap_l);
1833 $group_ou = trim($cv['groupou']);
1834 if(!empty($group_ou)){
1835 $group_ou = trim($group_ou);
1836 }
1838 /************
1839 * If group ou is NOT empty
1840 * Get all valid group ous, create one if necessary
1841 ************/
1842 $ldap->cd($cv['base']);
1843 if(!empty($group_ou)){
1844 $ldap->search("(".$group_ou.")",array("dn"));
1845 if($ldap->count() == 0 ){
1846 $add_dn = $group_ou.$cv['base'];
1847 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1848 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1849 $add = array();
1850 $add['objectClass'] = array("organizationalUnit");
1851 $add[$naming_attr] = $naming_value;
1853 $ldap->cd($cv['base']);
1854 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1855 $ldap->cd($add_dn);
1856 $ldap->add($add);
1857 }
1858 $ldap->search("(".$group_ou.")",array("dn"));
1859 $tmp = array();
1860 while($attrs= $ldap->fetch()){
1861 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1862 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1863 }
1864 }
1865 }else{
1866 /************
1867 * If group ou is empty
1868 * Get all valid gosaDepartments
1869 ************/
1870 $ldap->cd($cv['base']);
1871 $tmp = array();
1872 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
1873 $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
1874 while($attrs = $ldap->fetch()){
1875 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
1876 }
1877 }
1878 return($tmp);
1879 }
1882 function get_group_list()
1883 {
1884 /* Establish ldap connection */
1885 $cv = $this->parent->captured_values;
1886 $ldap_l = new LDAP($cv['admin'],
1887 $cv['password'],
1888 $cv['connection'],
1889 FALSE,
1890 $cv['tls']);
1892 $ldap = new ldapMultiplexer($ldap_l);
1894 $ldap->cd($cv['base']);
1895 $ldap->search("(objectClass=posixGroup)",array("dn"));
1897 $tmp = array();
1898 while($attrs = $ldap->fetch()){
1899 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1900 }
1901 return($tmp);
1902 }
1905 function move($source,$destination)
1906 {
1907 /* Establish ldap connection */
1908 $cv = $this->parent->captured_values;
1909 $ldap_l = new LDAP($cv['admin'],
1910 $cv['password'],
1911 $cv['connection'],
1912 FALSE,
1913 $cv['tls']);
1915 $ldap = new ldapMultiplexer($ldap_l);
1917 /* Update object references in gosaGroupOfNames */
1918 $ogs_to_fix = array();
1919 $ldap->cd($cv['base']);
1920 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::prepare4filter($source).'))', array('cn','member'));
1921 while ($attrs= $ldap->fetch()){
1922 $dn = $attrs['dn'];
1923 $attrs = $this->cleanup_array($attrs);
1924 $member_new = array($destination);
1925 foreach($attrs['member'] as $member){
1926 if($member != $source){
1927 $member_new[] = $member;
1928 }
1929 }
1930 $attrs['member'] = $member_new;
1931 $ogs_to_fix[$dn] = $attrs;
1932 }
1934 /* Copy source to destination dn */
1935 $ldap->cat($source);
1936 $new_data = $this->cleanup_array($ldap->fetch());
1937 $ldap->cd($destination);
1938 $res = $ldap->add($new_data);
1940 /* Display warning if copy failed */
1941 if(!$res){
1942 msg_dialog::display(_("LDAP error"), sprintf(_("Copy '%s' to '%s' failed:")."<br><br><i>%s</i>", LDAP::fix($source), LDAP::fix($destination), $ldap->get_error()), ERROR_DIALOG);
1943 }else{
1944 $res = $ldap->rmDir($source);
1945 if (!$ldap->success()){
1946 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $source, LDAP_DEL, get_class()));
1947 }
1949 /* Object is copied, so update its references */
1950 foreach($ogs_to_fix as $dn => $data){
1951 $ldap->cd($dn);
1952 $ldap->modify($data);
1953 }
1954 }
1955 }
1958 /* Cleanup ldap result to be able to write it be to ldap */
1959 function cleanup_array($attrs)
1960 {
1961 foreach($attrs as $key => $value) {
1962 if(is_numeric($key) || in_array($key,array("count","dn"))){
1963 unset($attrs[$key]);
1964 }
1965 if(is_array($value) && isset($value['count'])){
1966 unset($attrs[$key]['count']);
1967 }
1968 }
1969 return($attrs);
1970 }
1971 }
1973 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1974 ?>