![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
3 class group extends plugin
4 {
5 /* Group attributes */
6 var $cn= "";
7 var $description= "";
8 var $gidNumber= "";
9 var $memberUid= array();
11 /* Helpers */
12 var $base= "";
13 var $force_gid= FALSE;
14 var $fon_group= FALSE;
15 var $smbgroup= FALSE;
16 var $groupType= FALSE;
17 var $samba3= FALSE;
18 var $sambaSID= "";
19 var $sambaDomainName= "DEFAULT";
20 var $SID= "";
21 var $ridBase= 0;
22 var $members= array();
23 var $users= array();
24 var $member= array();
25 var $allusers= array();
26 var $department= "";
27 var $saved_gidNumber= "";
28 var $savedSID= "";
29 var $oldgroupType= "";
30 var $orig_dn= "";
31 var $orig_cn= "";
32 var $has_mailAccount= FALSE;
33 var $group_dialog= FALSE;
34 var $nagios_group =FALSE;
35 var $sambaGroupType;
36 var $dialog;
37 var $rfc2307bis= FALSE;
38 var $OnlyShowFirstEntries =200;
39 var $dnMapping= array();
41 var $allowGroupsWithSameNameInOtherSubtrees = true;
43 var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
45 /* attribute list for save action */
46 var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID");
47 var $objectclasses= array("top", "posixGroup");
49 function group ($config, $dn= NULL, $parent= NULL)
50 {
51 /* Set rfc2307bis flag */
52 if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){
53 $this->rfc2307bis= TRUE;
54 $this->attributes[]= "member";
55 $this->objectclasses[]= "groupOfNames";
56 }
58 plugin::plugin ($config, $dn, $parent);
60 /* Load attributes depending on the samba version */
61 $this->samba3= ($config->current['SAMBAVERSION'] == 3);
62 $this->orig_dn= $dn;
63 $this->orig_cn= $this->cn;
65 /* Get member list */
66 if (isset($this->attrs['memberUid'][0])){
67 $tmp= array();
68 for ($i= 0; $i<$this->attrs['memberUid']['count']; $i++){
69 $tmp[]= $this->attrs['memberUid'][$i];
70 }
71 $this->memberUid= $tmp;
72 sort ($this->memberUid);
73 }
75 /* Save gidNumber for later use */
76 if (isset($this->attrs['gidNumber'])){
77 $this->saved_gidNumber= $this->attrs['gidNumber'][0];
78 }
80 /* Is a samba group? */
81 if (isset($this->attrs['objectClass'])){
82 if (array_search ('sambaGroupMapping', $this->attrs['objectClass']) == NULL ){
83 $this->smbgroup= FALSE;
84 } else {
85 $this->smbgroup= TRUE;
86 if (isset($this->attrs['sambaSID'])){
87 $this->sambaSID= $this->attrs['sambaSID'][0];
88 }
89 }
90 if (array_search ('goFonPickupGroup', $this->attrs['objectClass']) == NULL ){
91 $this->fon_group= FALSE;
92 } else {
93 $this->fon_group= TRUE;
94 }
95 if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == NULL ){
96 $this->nagios_group= FALSE;
97 } else {
98 $this->nagios_group= TRUE;
99 }
100 }
102 /* Set mail flag */
103 if (isset($this->attrs['objectClass']) && in_array('gosaMailAccount', $this->attrs['objectClass'])){
104 $this->has_mailAccount= TRUE;
105 }
107 /* Get samba Domain in case of samba 3 */
108 if ($this->samba3 && $this->sambaSID != ""){
109 $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
110 $this->savedSID= $this->SID;
111 $ldap= $this->config->get_ldap_link();
112 $ldap->cd($this->config->current['BASE']);
113 $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
114 if ($ldap->count() != 0){
115 $attrs= $ldap->fetch();
116 if(isset($attrs['sambaAlgorithmicRidBase'])){
117 $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
118 } else {
119 $this->ridBase= $this->config->current['RIDBASE'];
120 }
122 /* Get domain name for SID */
123 $this->sambaDomainName= "DEFAULT";
124 foreach ($this->config->data['SERVERS']['SAMBA'] as $key => $val){
125 if ($val['SID'] == $this->SID){
126 $this->sambaDomainName= $key;
127 break;
128 }
129 }
130 } else {
131 if (isset($this->config->current['RIDBASE'])){
132 $this->sambaDomainName= "DEFAULT";
133 $this->ridBase= $this->config->current['RIDBASE'];
134 $this->SID= $this->config->current['SID'];
135 } else {
136 print_red(_("Can't find this groups SID in LDAP or in your configuration file!"));
137 }
138 }
140 /* Get group type */
141 $this->groupType= (int)substr(strrchr($this->sambaSID, "-"), 1);
142 if ($this->groupType < 500 || $this->groupType > 553){
143 $this->groupType= 0;
144 }
145 $this->oldgroupType= $this->groupType;
146 }
148 /* Get global filter config */
149 if (!is_global("gufilter")){
150 $ui= get_userinfo();
151 $base= get_base_from_people($ui->dn);
152 $gufilter= array( "dselect" => $base,
153 "regex" => "*");
154 register_global("gufilter", $gufilter);
155 }
156 $gufilter= get_global('gufilter');
158 $gufilter['SubSearchGroup'] = false;
159 $gufilter['dselect'] = $_SESSION['gufilter']['dselect'];
161 register_global('gufilter',$gufilter);
163 if ($this->dn == "new"){
164 if(isset($_SESSION['CurrentMainBase'])){
165 $this->base= $_SESSION['CurrentMainBase'];
166 }else{
167 $ui= get_userinfo();
168 $this->base= dn2base($ui->dn);
169 }
170 } else {
172 /* Get object base */
173 $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
174 }
176 /* This is always an account */
177 $this->is_account= TRUE;
178 $this->reload();
179 }
181 function execute()
182 {
183 /* Call parent execute */
184 plugin::execute();
186 $ui= get_userinfo();
187 $acla= get_permissions ($ui->dn, $ui->subtreeACL);
188 $this->acl= get_module_permission($acla, "group", $ui->dn);
189 /* Do we represent a valid group? */
190 if (!$this->is_account && $this->parent == NULL){
191 $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
192 _("This 'dn' is no group.")."</b>";
193 return ($display);
194 }
196 /* Delete user from group */
197 if (isset($_POST['del_users']) && isset($_POST['members']) && chkacl($this->acl,"memberUid") ==""){
198 foreach ($_POST['members'] as $value){
199 unset ($this->members["$value"]);
200 $this->removeUser($value);
201 }
202 $this->reload();
203 }
205 /* Add objects? */
206 if (isset($_POST["edit_membership"]) && chkacl($this->acl,"memberUid") ==""){
207 $this->group_dialog= TRUE;
208 $this->dialog= TRUE;
209 }
211 /* Add objects finished? */
212 if (isset($_POST["add_users_finish"]) || isset($_POST["add_users_cancel"])){
213 $this->group_dialog= FALSE;
214 $this->dialog= FALSE;
215 }
217 /* Add user to group */
218 if (isset($_POST['add_users_finish']) && isset($_POST['users'])){
219 foreach ($_POST['users'] as $value){
220 $this->members["$value"]= $this->allusers[$value];
221 asort($this->members);
222 $this->addUser($value);
223 }
224 $this->reload();
225 }
227 /* Base select dialog */
228 $once = true;
229 foreach($_POST as $name => $value){
230 if(preg_match("/^chooseBase/",$name) && $once){
231 $once = false;
232 $this->dialog = new baseSelectDialog($this->config);
233 $this->dialog->setCurrentBase($this->base);
234 }
235 }
237 /* Dialog handling */
238 if(is_object($this->dialog)){
239 /* Must be called before save_object */
240 $this->dialog->save_object();
242 if($this->dialog->isClosed()){
243 $this->dialog = false;
244 }elseif($this->dialog->isSelected()){
245 $this->base = $this->dialog->isSelected();
246 $this->dialog= false;
247 }else{
248 return($this->dialog->execute());
249 }
250 }
252 /* Assign templating stuff */
253 $smarty= get_smarty();
254 if ($this->samba3){
255 $smarty->assign("samba3", "true");
256 } else {
257 $smarty->assign("samba3", "");
258 }
260 if(search_config($this->config->data['MENU'], "nagiosaccount", "CLASS")){
261 $smarty->assign("nagios",true);
262 }else{
263 $smarty->assign("nagios",false);
264 }
266 if(search_config($this->config->data['MENU'], "phoneAccount", "CLASS")){
267 $smarty->assign("pickupGroup",true);
268 }else{
269 $smarty->assign("pickupGroup",false);
270 }
272 /* Manage object add dialog */
273 if ($this->group_dialog){
275 /* Save data */
276 $gufilter= get_global("gufilter");
277 foreach( array("dselect", "regex") as $type){
278 if (isset($_POST[$type])){
279 $gufilter[$type]= $_POST[$type];
280 }
281 }
282 if(isset($_POST['regex'])){
283 if(isset($_POST['SubSearchGroup'])){
284 $gufilter['SubSearchGroup'] = true;
285 }else{
286 $gufilter['SubSearchGroup'] = false;
287 }
288 }
290 if (isset($_GET['search'])){
291 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
292 if ($s == "**"){
293 $s= "*";
294 }
295 $gufilter['regex']= $s;
296 }
297 register_global("gufilter", $gufilter);
298 $this->reload();
300 /* Show dialog */
301 $smarty->assign("search_image", get_template_path('images/search.png'));
302 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
303 $smarty->assign("tree_image", get_template_path('images/tree.png'));
304 $smarty->assign("deplist", $this->config->idepartments);
305 $smarty->assign("alphabet", generate_alphabet());
306 foreach( array("dselect", "regex","SubSearchGroup") as $type){
307 $smarty->assign("$type", $gufilter[$type]);
308 }
309 $smarty->assign("hint", print_sizelimit_warning());
310 $smarty->assign("users", $this->displayUsers);
311 $smarty->assign("apply", apply_filter());
312 $display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
313 return ($display);
314 }
316 /* Bases / Departments */
317 if (isset($_POST['base'])){
318 $this->base= $_POST['base'];
319 }
321 $smarty->assign("bases", $this->config->idepartments);
322 $smarty->assign("base_select", $this->base);
323 $smarty->assign("department", $this->department);
325 if ($this->samba3){
326 $domains= array();
327 foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
328 $domains[$name]= $name;
329 }
330 $smarty->assign("sambaDomains", $domains);
331 $smarty->assign("sambaDomainName", $this->sambaDomainName);
332 $groupTypes= array(0 => _("Samba group"), 512 => _("Domain admins"), 513 => _("Domain users"),
333 514 => _("Domain guests"));
335 /* Don't loose special groups! If not key'ed above, add it to
336 the combo box... */
337 if ($this->groupType >= 500 && $this->groupType <= 553 && !isset($groupTypes[$this->groupType])){
338 $groupTypes[$this->groupType]= sprintf(_("Special group (%d)"), $this->groupType);
339 }
341 $smarty->assign("groupTypes", $groupTypes);
342 $smarty->assign("groupType", $this->groupType);
343 }
345 /* Members and users */
346 $smarty->assign("members", $this->members);
348 /* Checkboxes */
349 foreach (array("force_gid", "smbgroup") as $val){
350 if ($this->$val == "1"){
351 $smarty->assign("$val", "checked");
352 } else {
353 $smarty->assign("$val", "");
354 }
355 }
356 if ($this->force_gid != "1"){
357 $smarty->assign("forceMode", "disabled");
358 }else{
359 $smarty->assign("forceMode", "");
360 }
361 $smarty->assign("force_gidACL", chkacl($this->acl, "gidNumber"));
362 $smarty->assign("sambaDomainNameACL", chkacl($this->acl, "sambaDomainName"));
363 if ($this->fon_group){
364 $smarty->assign("fon_group", "checked");
365 } else {
366 $smarty->assign("fon_group", "");
367 }
368 $smarty->assign("fon_groupACL", chkacl($this->acl, "fon_group"));
370 if ($this->nagios_group){
371 $smarty->assign("nagios_group", "checked");
372 } else {
373 $smarty->assign("nagios_group", "");
374 }
375 $smarty->assign("nagios_groupACL", chkacl($this->acl, "nagios_group"));
377 /* Fields */
378 foreach (array("cn", "description", "gidNumber") as $val){
379 $smarty->assign("$val", $this->$val);
380 $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
381 }
383 /* Missing ACL's */
384 foreach (array("base", "smbgroup", "members") as $val){
385 $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
386 }
388 /* Show main page */
389 $smarty->assign("alphabet", generate_alphabet(10));
390 $smarty->assign("search_image", get_template_path('images/search.png'));
391 $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
392 $smarty->assign("tree_image", get_template_path('images/tree.png'));
393 $smarty->assign("deplist", $this->config->idepartments);
394 return($smarty->fetch (get_template_path('generic.tpl', TRUE)));
395 }
397 function addUser($uid)
398 {
399 $this->memberUid[]= $uid;
400 $this->memberUid= array_unique($this->memberUid);
401 }
403 function removeUser($uid)
404 {
405 $temp= array();
406 foreach ($this->memberUid as $value){
407 if ($value != $uid){
408 $temp[]= $value;
409 }
410 }
411 $this->memberUid= $temp;
412 }
415 /* Reload data */
416 function reload()
417 {
418 /* Fix regex string */
419 $gufilter = get_global("gufilter");
420 $regex = normalizeLdap($gufilter['regex']);
421 $MaxUser = $this->OnlyShowFirstEntries;
423 /* Prepare ldap link */
424 $ldap= $this->config->get_ldap_link();
425 $ldap->cd($gufilter['dselect']);
428 /* Resolve still unresolved memberuids to fill the list with sn/giveName attributes
429 (Store gathered sn/givenName informations in $this->allusers too,
430 to be prepared when adding/deleting users)
431 */
432 $filter = "";
433 foreach ($this->memberUid as $value){
434 if(!isset($this->members[$value])){
435 $filter .= "(uid=".normalizeLdap($value).")";
436 }
437 }
438 if(!empty($filter)){
439 $ldap->cd($this->config->current['BASE']);
440 $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
441 while($attrs = $ldap->fetch()){
442 $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
443 $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
444 $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
445 }
446 }
448 /* check if all uids are resolved */
449 foreach ($this->memberUid as $value){
450 if(!isset($this->members[$value])){
451 $this->members[$value] = _("! unknown id")." [".$value."]";
452 }
453 }
455 /* Create display list of users matching regex & filter
456 */
457 $this->displayUsers = array();
459 /* Set tag attribute if we've tagging activated */
460 $tag= "";
461 $ui= get_userinfo();
462 if ($ui->gosaUnitTag != "" && isset($this->config->current['STRICT_UNITS']) &&
463 preg_match('/TRUE/i', $this->config->current['STRICT_UNITS'])){
464 $tag= "(gosaUnitTag=".$ui->gosaUnitTag.")";
465 }
467 $filter = "(&(objectClass=gosaAccount)$tag(!(objectClass=gosaUserTemplate))(!(uid=*$))(|(uid=".$regex.")(sn=".$regex.")(givenName=".$regex.")))";
469 /* Search in current tree or within subtrees depending on the checkbox from filter section */
470 if($gufilter['SubSearchGroup']){
471 $ldap->search($filter, array("dn", "uid", "sn","givenName"));
472 }else{
473 $ldap->ls ($filter, get_people_ou().$gufilter['dselect'],array("dn", "uid", "sn", "givenName"));
474 }
475 $i = 0;
477 /* Fetch all users and skip already used users */
478 while($attrs = $ldap->fetch()){
479 if(in_array($attrs['uid'][0], $this->memberUid)) {
480 continue;
481 }
482 $i ++;
483 if($i > $MaxUser) {
484 break;
485 }
486 $this->dnMapping[$attrs['uid'][0]]= $attrs["dn"];
487 $this->allusers[$attrs['uid'][0]] = $this->createResultName($attrs);
488 $this->displayUsers[$attrs['uid'][0]] = $this->createResultName($attrs);
489 }
491 /* If more than max users are found, display a message to warn the user */
492 if(($i == $MaxUser)){
493 print_red(sprintf(_("Your search method returned more than '%s' users, only '%s' users are shown.") , $MaxUser,$MaxUser));
494 }
496 /* Sort lists */
497 natcasesort($this->members);
498 reset($this->members);
499 natcasesort ($this->displayUsers);
500 reset ($this->displayUsers);
501 }
504 /* Create display name, this was used so often that it is excluded into a seperate function */
505 function createResultName($attrs)
506 {
507 if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
508 $ret = $attrs["sn"][0].", ".$attrs["givenName"][0]." [".$attrs["uid"][0]."]";
509 } else {
510 $ret= $attrs['uid'][0];
511 }
512 return($ret);
513 }
516 function remove_from_parent()
517 {
518 plugin::remove_from_parent();
520 $ldap= $this->config->get_ldap_link();
521 $ldap->rmdir($this->dn);
522 show_ldap_error($ldap->get_error(), _("Removing group failed"));
524 /* Delete references to object groups */
525 $ldap->cd ($this->config->current['BASE']);
526 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".@LDAP::prepare4filter($this->dn)."))", array("cn"));
527 while ($ldap->fetch()){
528 $og= new ogroup($this->config, $ldap->getDN());
529 unset($og->member[$this->dn]);
530 $og->save ();
531 }
533 /* Send signal to the world that we've done */
534 $this->handle_post_events("remove");
535 }
538 /* Save data to object */
539 function save_object()
540 {
541 /* Save additional values for possible next step */
542 if (isset($_POST['groupedit'])){
544 plugin::save_object();
546 $this->force_gid= 0;
547 $this->smbgroup= 0;
548 foreach (array("force_gid", "department", "base", "smbgroup") as $val) {
549 if (chkacl ($this->acl, "$val") == "" && isset($_POST["$val"])){
550 $this->$val= $_POST["$val"];
551 }
552 }
554 /* Save sambaDomain attribute */
555 if (chkacl ($this->acl, "sambaDomainName") == "" && $this->samba3 &&
556 isset ($_POST['sambaDomainName'])){
558 $this->sambaDomainName= $_POST['sambaDomainName'];
559 $this->groupType= $_POST['groupType'];
560 }
562 /* Save fon attribute */
563 if (chkacl ($this->acl, "fon_group") == ""){
564 if (isset ($_POST['fon_group'])){
565 $this->fon_group= TRUE;
566 } else {
567 $this->fon_group= FALSE;
568 }
569 }
570 if (chkacl ($this->acl, "nagios_group") == ""){
571 if (isset ($_POST['nagios_group'])){
572 $this->nagios_group= TRUE;
573 } else {
574 $this->nagios_group= FALSE;
575 }
576 }
577 }
578 }
581 /* Save to LDAP */
582 function save()
583 {
585 /* ID handling */
586 if ($this->force_gid == 0){
587 if ($this->saved_gidNumber != ""){
588 $this->gidNumber= $this->saved_gidNumber;
589 } else {
590 /* Calculate new, lock uids */
591 $wait= 10;
592 while (get_lock("uidnumber") != ""){
593 sleep (1);
595 /* timed out? */
596 if ($wait-- == 0){
597 break;
598 }
599 }
600 add_lock ("uidnumber", "gosa");
601 $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
602 }
603 }
605 plugin::save();
607 /* Remove objectClass for samba/phone support */
608 $tmp= array();
609 for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
610 if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
611 $this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
612 $this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
613 $this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
614 $tmp[]= $this->attrs['objectClass'][$i];
615 }
616 }
617 $this->attrs['objectClass']= $tmp;
618 $ldap= $this->config->get_ldap_link();
620 /* Add samba group functionality */
621 if ($this->samba3 && $this->smbgroup){
623 /* Fixed undefined index ...
624 */
625 $this->SID = $this->ridBase = "";
626 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
627 $this->SID = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
628 }else{
629 print_red(sprintf(_("No configured SID found for '%s'."),$this->sambaDomainName));
630 }
631 if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'])){
632 $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
633 }else{
634 print_red(sprintf(_("No configured RIDBASE found for '%s'."),$this->sambaDomainName));
635 }
637 $this->attrs['objectClass'][]= 'sambaGroupMapping';
638 $this->attrs['sambaGroupType']= "2";
640 /* Check if we need to create a special entry */
641 if ($this->groupType == 0){
643 if ($this->sambaSID == "" || $this->SID != $this->savedSID || $this->oldgroupType != $this->groupType ){
644 $gidNumber= $this->gidNumber;
645 while(TRUE){
646 $sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
647 $ldap->cd($this->config->current['BASE']);
648 $ldap->search("(sambaSID=$sid)",array("sambaSID"));
649 if ($ldap->count() == 0){
650 break;
651 }
652 $gidNumber++;
653 }
654 $this->attrs['sambaSID']= $sid;
655 $this->sambaSID= $sid;
656 }
658 } else {
659 $this->attrs['sambaSID']=$this->SID."-".$this->groupType;
660 }
662 /* User wants me to fake the idMappings? This is useful for
663 making winbind resolve the group names in a reasonable amount
664 of time in combination with larger databases. */
665 if (isset($this->config->current['SAMBAIDMAPPING']) &&
666 preg_match('/true/i', $this->config->current['SAMBAIDMAPPING'])){
667 $this->attrs['objectClass'][]= "sambaIdmapEntry";
668 }
670 }
672 /* Add phone functionality */
673 if ($this->fon_group){
674 $this->attrs['objectClass'][]= "goFonPickupGroup";
675 }
677 /* Add nagios functionality */
678 if ($this->nagios_group){
679 $this->attrs['objectClass'][]= "nagiosContactGroup";
680 }
682 /* Take members array */
683 if (count ($this->memberUid)){
684 $this->attrs['memberUid']= array_unique($this->memberUid);
685 }
687 /* New accounts need proper 'dn', propagate it to remaining objects */
688 if ($this->dn == 'new'){
689 $this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
690 }
692 /* Add member dn's for RFC2307bis Support */
693 if ($this->rfc2307bis){
694 $this->attrs['member'] = array();
695 if (count($this->memberUid)){
696 foreach($this->attrs['memberUid'] as $uid) {
697 $this->attrs['member'][]= $this->dnMapping[$uid];
698 }
699 } else {
700 $this->attrs['member'][]= $this->dn;
701 }
702 }
704 /* Save data. Using 'modify' implies that the entry is already present, use 'add' for
705 new entries. So do a check first... */
706 $ldap->cat ($this->dn, array('dn'));
707 if ($ldap->fetch()){
708 /* Modify needs array() to remove values :-( */
709 if (!count ($this->memberUid)){
710 $this->attrs['memberUid']= array();
711 }
712 if ($this->samba3){
713 if (!$this->smbgroup){
714 $this->attrs['sambaGroupType']= array();
715 $this->attrs['sambaSID']= array();
716 }
717 }
718 $mode= "modify";
719 } else {
720 $mode= "add";
721 $ldap->cd($this->config->current['BASE']);
722 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
723 }
725 /* Write back to ldap */
726 $ldap->cd($this->dn);
727 $this->cleanup();
728 $ldap->$mode($this->attrs);
730 $ret= 0;
731 if (show_ldap_error($ldap->get_error(), _("Saving group failed"))){
732 $ret= 1;
733 }
735 /* Remove uid lock */
736 del_lock ("uidnumber");
738 /* Post that we've done*/
739 $this->handle_post_events($mode);
741 return ($ret);
742 }
744 function check()
745 {
746 /* Call common method to give check the hook */
747 $message= plugin::check();
749 /* Permissions for that base? */
750 if ($this->base != ""){
751 $new_dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
752 } else {
753 $new_dn= $this->dn;
754 }
756 /* Check permissions */
757 $ui= get_userinfo();
758 $acl= get_permissions ($new_dn, $ui->subtreeACL);
759 $acl= get_module_permission($acl, "group", $new_dn);
760 if ($this->dn == "new" && chkacl($acl, "create") != ""){
761 $message[]= _("You have no permissions to create a group on this 'Base'.");
762 } elseif ($this->dn != $new_dn && $this->dn != "new"){
763 $acl= get_permissions ($new_dn, $ui->subtreeACL);
764 $acl= get_module_permission($acl, "group", $new_dn);
765 if (chkacl($acl, "create") != ""){
766 $message[]= _("You have no permissions to move a group from the original 'Base'.");
767 }
768 }
770 /* must: cn */
771 if ($this->cn == "" && chkacl ($this->acl, "cn") == ""){
772 $message[]= "The required field 'Name' is not set.";
773 }
775 /* Check for valid input */
776 if (!is_uid($this->cn)){
777 $message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
778 }
780 if($this->allowGroupsWithSameNameInOtherSubtrees == true){
782 /* Check for used 'cn' */
783 $ldap= $this->config->get_ldap_link();
784 if(($this->cn != $this->orig_cn) || ($this->orig_dn == "new")){
785 $ldap->cd("ou=groups,".$this->base);
786 $ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
787 if ($ldap->count() != 0){
788 $message[]= _("Value specified as 'Name' is already used.");
789 }
790 }
792 }else{
794 /* Check for used 'cn' */
795 $ldap= $this->config->get_ldap_link();
796 $ldap->cd($this->config->current['BASE']);
797 $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
798 if ($ldap->count() != 0){
800 /* New entry? */
801 if ($this->dn == 'new'){
802 $message[]= _("Value specified as 'Name' is already used.");
803 }
805 /* Moved? */
806 elseif ($new_dn != $this->orig_dn){
807 $ldap->fetch();
808 if ($ldap->getDN() != $this->orig_dn){
809 $message[]= _("Value specified as 'Name' is already used.");
810 }
811 }
812 }
813 }
815 /* Check ID */
816 if ($this->force_gid == "1"){
817 if (!is_id($this->gidNumber)){
818 $message[]= _("Value specified as 'GID' is not valid.");
819 } else {
820 if ($this->gidNumber < $this->config->current['MINID']){
821 $message[]= _("Value specified as 'GID' is too small.");
822 }
824 }
825 }
827 return ($message);
828 }
830 function get_next_id($attrib, $dn)
831 {
832 $ids= array();
833 $ldap= $this->config->get_ldap_link();
835 $ldap->cd ($this->config->current['BASE']);
836 if (preg_match('/gidNumber/i', $attrib)){
837 $oc= "posixGroup";
838 } else {
839 $oc= "posixAccount";
840 }
841 $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
843 /* Get list of ids */
844 while ($attrs= $ldap->fetch()){
845 $ids[]= (int)$attrs["$attrib"][0];
846 }
848 /* Find out next free id near to UID_BASE */
849 if (!isset($this->config->current['BASE_HOOK'])){
850 $base= $this->config->current['UIDBASE'];
851 } else {
852 /* Call base hook */
853 $base= get_base_from_hook($dn, $attrib);
854 }
855 for ($id= $base; $id++; $id < pow(2,32)){
856 if (!in_array($id, $ids)){
857 return ($id);
858 }
859 }
861 /* check if id reached maximum of 32 bit*/
862 if ($id >= pow(2,32)){
863 echo _("Too many groups, can't allocate a free ID!");
864 exit;
865 }
866 }
868 function getCopyDialog()
869 {
870 $vars = array("cn");
872 if($this ->force_gid){
873 $used = " checked ";
874 $dis = "";
875 }else{
876 $used = "";
877 $dis = " disabled ";
878 }
880 $smarty = get_smarty();
881 $smarty->assign("used",$used);
882 $smarty->assign("dis" ,$dis);
883 $smarty->assign("cn" ,$this->cn);
884 $smarty->assign("gidNumber",$this->gidNumber);
885 $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
886 $ret = array();
887 $ret['string'] = $str;
888 $ret['status'] = "";
889 return($ret);
890 }
892 function saveCopyDialog()
893 {
894 if(isset($_POST['cn'])){
895 $this->cn = $_POST['cn'];
896 }
897 if(isset($_POST['force_gid'])){
898 $this->force_gid = 1;
899 $this->gidNumber= $_POST['gidNumber'];
900 }else{
901 $this->force_gid = 0;
902 $this->gidNumber = false;
903 }
904 }
905 }
907 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
908 ?>