0852d27b1af75cf0e65bcf25fd6a14f6277a1c52
1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/monitoring.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
62 var $show_details = FALSE;
64 /* Department migration attributes */
65 var $users_migration_dialog= FALSE;
66 var $users_to_migrate = array();
68 /* Create Acl attributes */
69 var $acl_create_dialog = FALSE;
70 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
71 var $acl_create_changes = ""; // Contains ldif information about changes
72 var $acl_create_confirmed= FALSE;
74 /* Checks initialised ? */
75 var $checks_initialised = FALSE;
77 /* Users outside to people ou */
78 var $outside_users = array();
79 var $outside_users_dialog = FALSE;
81 /* Users outside to groups ou */
82 var $outside_groups = array();
83 var $outside_groups_dialog = FALSE;
85 /* Win-Workstations outside to reserved ou */
86 var $outside_winstations = array();
87 var $outside_winstations_dialog = FALSE;
89 /* check for multiple use of same uidNumber */
90 var $check_uidNumbers = array();
91 var $check_uidNumbers_dialog = FALSE;
93 /* check for multiple use of same gidNumber */
94 var $check_gidNumbers = array();
95 var $check_gidNumbers_dialog = FALSE;
98 function Step_Migrate()
99 {
100 $this->update_strings();
101 }
103 function update_strings()
104 {
105 $this->s_title = _("LDAP inspection");
106 $this->s_title_long = _("LDAP inspection");
107 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
108 }
110 function initialize_checks()
111 {
112 $this->checks = array();
113 $this->checks['root']['TITLE'] = _("Checking for root object");
114 $this->checks['root']['STATUS'] = FALSE;
115 $this->checks['root']['STATUS_MSG']= "";
116 $this->checks['root']['ERROR_MSG'] = "";
117 $this->checkBase();
119 $this->checks['permissions']['TITLE'] = _("Checking permissions on LDAP database");
120 $this->checks['permissions']['STATUS'] = FALSE;
121 $this->checks['permissions']['STATUS_MSG']= "";
122 $this->checks['permissions']['ERROR_MSG'] = "";
123 $this->check_ldap_permissions();
125 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible deparmtments");
126 $this->checks['deps_visible']['STATUS'] = FALSE;
127 $this->checks['deps_visible']['STATUS_MSG']= "";
128 $this->checks['deps_visible']['ERROR_MSG'] = "";
129 $this->check_organizationalUnits();
131 $this->checks['users_visible']['TITLE'] = _("Checking for invisible users");
132 $this->checks['users_visible']['STATUS'] = FALSE;
133 $this->checks['users_visible']['STATUS_MSG']= "";
134 $this->checks['users_visible']['ERROR_MSG'] = "";
135 $this->check_gosaAccounts();
137 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
138 $this->checks['acls']['STATUS'] = FALSE;
139 $this->checks['acls']['STATUS_MSG']= "";
140 $this->checks['acls']['ERROR_MSG'] = "";
141 $this->check_administrativeAccount();
143 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree");
144 $this->checks['outside_users']['STATUS'] = FALSE;
145 $this->checks['outside_users']['STATUS_MSG']= "";
146 $this->checks['outside_users']['ERROR_MSG'] = "";
147 $this->search_outside_users();
149 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree");
150 $this->checks['outside_groups']['STATUS'] = FALSE;
151 $this->checks['outside_groups']['STATUS_MSG']= "";
152 $this->checks['outside_groups']['ERROR_MSG'] = "";
153 $this->search_outside_groups();
155 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation tree");
156 $this->checks['outside_winstations']['STATUS'] = FALSE;
157 $this->checks['outside_winstations']['STATUS_MSG']= "";
158 $this->checks['outside_winstations']['ERROR_MSG'] = "";
159 $this->search_outside_winstations();
161 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicate uid numbers");
162 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
163 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
164 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
165 $this->check_uidNumber();
167 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate gid numbers");
168 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
169 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
170 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
171 $this->check_gidNumber();
172 }
175 /* Check if there are uidNumbers which are used more than once.
176 */
177 function check_uidNumber()
178 {
179 $cv = $this->parent->captured_values;
180 $ldap = new LDAP($cv['admin'],
181 $cv['password'],
182 $cv['connection'],
183 FALSE,
184 $cv['tls']);
186 $ldap->cd($cv['base']);
187 $res = $ldap->search("uidNumber=*",array("dn","uidNumber"));
188 if(!$res){
189 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
190 $this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
191 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
192 return(false);
193 }
195 $this->check_uidNumbers= array();
196 $tmp = array();
197 while($attrs = $ldap->fetch()){
198 $tmp[$attrs['uidNumber'][0]][] = $attrs;
199 }
201 foreach($tmp as $id => $entries){
202 if(count($entries) > 1){
203 foreach($entries as $entry){
204 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
205 }
206 }
207 }
209 if($this->check_uidNumbers){
210 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
211 $this->checks['uidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
212 $this->checks['uidNumber_usage']['ERROR_MSG'] =
213 sprintf(_("Found %s duplicate values for attribute 'uidNumber'."),count($this->check_uidNumbers));
214 return(false);
215 }else{
216 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
217 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
218 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
219 return(TRUE);
220 }
221 }
224 /* Check if there are duplicated gidNumbers present in ldap
225 */
226 function check_gidNumber()
227 {
228 $cv = $this->parent->captured_values;
229 $ldap = new LDAP($cv['admin'],
230 $cv['password'],
231 $cv['connection'],
232 FALSE,
233 $cv['tls']);
235 $ldap->cd($cv['base']);
236 $res = $ldap->search("(&(objectClass=posixGroup)(gidNumber=*))",array("dn","gidNumber"));
237 if(!$res){
238 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
239 $this->checks['gidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
240 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
241 return(false);
242 }
244 $this->check_gidNumbers= array();
245 $tmp = array();
246 while($attrs = $ldap->fetch()){
247 $tmp[$attrs['gidNumber'][0]][] = $attrs;
248 }
250 foreach($tmp as $id => $entries){
251 if(count($entries) > 1){
252 foreach($entries as $entry){
253 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
254 }
255 }
256 }
258 if($this->check_gidNumbers){
259 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
260 $this->checks['gidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
261 $this->checks['gidNumber_usage']['ERROR_MSG'] =
262 sprintf(_("Found %s duplicate values for attribute 'gidNumber'."),count($this->check_gidNumbers));
263 return(false);
264 }else{
265 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
266 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
267 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
268 return(TRUE);
269 }
270 }
273 /* Search for winstations outside the winstation ou
274 */
275 function search_outside_winstations()
276 {
277 $cv = $this->parent->captured_values;
278 $ldap = new LDAP($cv['admin'],
279 $cv['password'],
280 $cv['connection'],
281 FALSE,
282 $cv['tls']);
284 /* Get winstation ou */
285 if($cv['generic_settings']['wws_ou_active']) {
286 $winstation_ou = $cv['generic_settings']['ws_ou'];
287 }else{
288 $winstation_ou = "ou=winstations";
289 }
291 if($cv['samba_version'] == 3){
292 $oc = "sambaSamAccount";
293 }else{
294 $oc = "sambaAccount";
295 }
297 $ldap->cd($cv['base']);
298 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
299 if(!$res){
300 $this->checks['outside_winstations']['STATUS'] = FALSE;
301 $this->checks['outside_winstations']['STATUS_MSG']= _("LDAP query failed");
302 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
303 return(false);
304 }
306 $this->outside_winstations = array();
307 while($attrs = $ldap->fetch()){
308 if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
309 $attrs['selected'] = FALSE;
310 $attrs['ldif'] = "";
311 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
312 }
313 }
315 if(count($this->outside_winstations)){
316 $this->checks['outside_winstations']['STATUS'] = FALSE;
317 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
318 $this->checks['outside_winstations']['ERROR_MSG'] =
319 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
320 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."...'>";
321 return(false);
322 }else{
323 $this->checks['outside_winstations']['STATUS'] = TRUE;
324 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
325 $this->checks['outside_winstations']['ERROR_MSG'] = "";
326 return(TRUE);
327 }
328 }
331 /* Search for groups outside the group ou
332 */
333 function search_outside_groups()
334 {
335 $cv = $this->parent->captured_values;
336 $ldap = new LDAP($cv['admin'],
337 $cv['password'],
338 $cv['connection'],
339 FALSE,
340 $cv['tls']);
342 $group_ou = $cv['groupou'];
343 $ldap->cd($cv['base']);
344 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
345 if(!$res){
346 $this->checks['outside_groups']['STATUS'] = FALSE;
347 $this->checks['outside_groups']['STATUS_MSG']= _("LDAP query failed");
348 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
349 return(false);
350 }
353 $this->outside_groups = array();
354 while($attrs = $ldap->fetch()){
355 if((!preg_match("/^[^,]+,".normalizePreg($group_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
356 $attrs['selected'] = FALSE;
357 $attrs['ldif'] = "";
358 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
359 }
360 }
362 if(count($this->outside_groups)){
363 $this->checks['outside_groups']['STATUS'] = FALSE;
364 $this->checks['outside_groups']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
365 $this->checks['outside_groups']['ERROR_MSG'] =
366 sprintf(_("Found %s groups outside the configured tree '%s'."),count($this->outside_groups),$group_ou);
367 $this->checks['outside_groups']['ERROR_MSG'].= " <input type='submit' name='outside_groups_dialog' value='"._("Move")."...'>";
368 return(false);
369 }else{
370 $this->checks['outside_groups']['STATUS'] = TRUE;
371 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
372 $this->checks['outside_groups']['ERROR_MSG'] = "";
373 return(TRUE);
374 }
375 }
378 /* Search for users outside the people ou
379 */
380 function search_outside_users()
381 {
382 $cv = $this->parent->captured_values;
383 $ldap = new LDAP($cv['admin'],
384 $cv['password'],
385 $cv['connection'],
386 FALSE,
387 $cv['tls']);
389 $ldap->cd($cv['base']);
392 /***********
393 * Get all gosaDepartments to be able to
394 * validate correct ldap tree position of every single user
395 ***********/
396 $valid_deps = array();
397 $valid_deps['/'] = $cv['base'];
398 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
399 while($attrs = $ldap->fetch()){
400 $valid_deps[$attrs['ou'][0]] = $attrs['dn'];
401 }
403 /***********
404 * Search for all users
405 ***********/
406 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
407 if(!$res){
408 $this->checks['outside_users']['STATUS'] = FALSE;
409 $this->checks['outside_users']['STATUS_MSG']= _("LDAP query failed");
410 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
411 return(false);
412 }
414 /***********
415 * Check if returned users are within a valid GOsa deparmtment. (peopleou,gosaDepartment,base)
416 ***********/
417 $this->outside_users = array();
418 $people_ou = trim($cv['peopleou']);
419 if(!empty($people_ou)){
420 $people_ou = $people_ou.",";
421 }
423 while($attrs = $ldap->fetch()){
424 $people_db_base = preg_replace("/^[^,]+,".normalizePreg($people_ou)."/","",$attrs['dn']);
426 /* Check if entry is not an addressbook only user
427 * and verify that he is in a valid department
428 */
429 if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$people_db_base) &&
430 !in_array($people_db_base,$valid_deps)
431 ){
432 $attrs['selected'] = FALSE;
433 $attrs['ldif'] = "";
434 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
435 }
436 }
438 if(count($this->outside_users)){
439 $this->checks['outside_users']['STATUS'] = FALSE;
440 $this->checks['outside_users']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
441 $this->checks['outside_users']['ERROR_MSG'] =
442 sprintf(_("Found %s user(s) outside the configured tree '%s'."),count($this->outside_users),$people_ou);
443 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Move")."...'>";
444 return(false);
445 }else{
446 $this->checks['outside_users']['STATUS'] = TRUE;
447 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
448 $this->checks['outside_users']['ERROR_MSG'] = "";
449 return(TRUE);
450 }
451 }
454 /* Check ldap accessibility
455 * Create and remove a dummy object,
456 * to ensure that we have the necessary permissions
457 */
458 function check_ldap_permissions()
459 {
460 $cv = $this->parent->captured_values;
461 $ldap = new LDAP($cv['admin'],
462 $cv['password'],
463 $cv['connection'],
464 FALSE,
465 $cv['tls']);
467 /* Create dummy entry
468 */
469 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
470 $dn = "ou=".$name.",".$cv['base'];
471 $testEntry= array();
472 $testEntry['objectClass'][]= "top";
473 $testEntry['objectClass'][]= "organizationalUnit";
474 $testEntry['objectClass'][]= "gosaDepartment";
475 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
476 $testEntry['ou'] = $name;
478 /* check if simple ldap cat will be successful
479 */
480 $res = $ldap->cat($cv['base']);
481 if(!$res){
482 $this->checks['permissions']['STATUS'] = FALSE;
483 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
484 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
485 return(false);
486 }
488 /* Try to create dummy object
489 */
490 $ldap->cd ($dn);
491 $ldap->create_missing_trees($dn);
492 $res = $ldap->add($testEntry);
493 $ldap->cat($dn);
494 if(!$ldap->count()){
495 gosa_log($ldap->get_error());
496 $this->checks['permissions']['STATUS'] = FALSE;
497 $this->checks['permissions']['STATUS_MSG']= _("Failed");
498 $this->checks['permissions']['ERROR_MSG'] =
499 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
500 return(false);
501 }
503 /* Try to remove created entry
504 */
505 $res = $ldap->rmDir($dn);
506 $ldap->cat($dn);
507 if($ldap->count()){
508 gosa_log($ldap->get_error());
509 $this->checks['permissions']['STATUS'] = FALSE;
510 $this->checks['permissions']['STATUS_MSG']= _("Failed");
511 $this->checks['permissions']['ERROR_MSG'] =
512 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
513 return(false);
514 }
516 /* Create & remove of dummy object was successful */
517 $this->checks['permissions']['STATUS'] = TRUE;
518 $this->checks['permissions']['STATUS_MSG']= _("Ok");
519 $this->checks['permissions']['ERROR_MSG'] = "";
520 return(true);
521 }
524 /* Check if there are users which will
525 * be invisible for GOsa
526 */
527 function check_gosaAccounts()
528 {
529 /* Remember old list of ivisible users, to be able to set
530 * the 'html checked' status for the checkboxes again
531 */
532 $cnt_ok = 0;
533 $old = $this->users_to_migrate;
534 $this->users_to_migrate = array();
536 /* Get collected configuration settings */
537 $cv = $this->parent->captured_values;
539 /* Establish ldap connection */
540 $ldap = new LDAP($cv['admin'],
541 $cv['password'],
542 $cv['connection'],
543 FALSE,
544 $cv['tls']);
546 /* Get all invisible users
547 */
548 $ldap->cd($cv['base']);
549 $res =$ldap->search("(&(|(objectClass=posixAccount)(&(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))(!(objectClass=gosaAccount))(uid=*))",array("sn","givenName","cn","uid"));
550 while($attrs = $ldap->fetch()){
551 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
552 $attrs['checked'] = FALSE;
553 $attrs['before'] = "";
554 $attrs['after'] = "";
556 /* Set objects to selected, that were selected before reload */
557 if(isset($old[base64_encode($attrs['dn'])])){
558 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
559 }
560 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
561 }
562 }
564 /* No invisible */
565 if(!$res){
566 $this->checks['users_visible']['STATUS'] = FALSE;
567 $this->checks['users_visible']['STATUS_MSG']= _("LDAP query failed");
568 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
569 }elseif(count($this->users_to_migrate) == 0){
570 $this->checks['users_visible']['STATUS'] = TRUE;
571 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
572 $this->checks['users_visible']['ERROR_MSG'] = "";
573 }else{
574 $this->checks['users_visible']['STATUS'] = FALSE;
575 $this->checks['users_visible']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
576 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s user(s) that will not be visible in GOsa."),
577 count($this->users_to_migrate));
578 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."...'>";
579 }
580 }
583 /* Start user account migration
584 */
585 function migrate_gosaAccounts($only_ldif = FALSE)
586 {
587 $this->show_details= $only_ldif;
589 /* Get collected configuration settings */
590 $cv = $this->parent->captured_values;
592 /* Establish ldap connection */
593 $ldap = new LDAP($cv['admin'],
594 $cv['password'],
595 $cv['connection'],
596 FALSE,
597 $cv['tls']);
599 /* Add gosaAccount objectClass to the selected users
600 */
601 foreach($this->users_to_migrate as $key => $dep){
602 if($dep['checked']){
604 /* Get old objectClasses */
605 $ldap->cat($dep['dn'],array("objectClass"));
606 $attrs = $ldap->fetch();
608 /* Create new objectClass array */
609 $new_attrs = array();
610 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
611 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
612 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
613 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
614 }
615 }
617 /* Set info attributes for current object,
618 * or write changes to the ldap database
619 */
620 if($only_ldif){
621 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
622 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
623 }else{
624 $ldap->cd($attrs['dn']);
625 if(!$ldap->modify($new_attrs)){
626 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
627 return(false);
628 }
629 }
630 }
631 }
632 return(TRUE);
633 }
636 /* Check if there are invisible organizational Units
637 */
638 function check_organizationalUnits()
639 {
640 $cnt_ok = 0;
641 $old = $this->deps_to_migrate;
642 $this->deps_to_migrate = array();
644 /* Get collected configuration settings */
645 $cv = $this->parent->captured_values;
647 /* Establish ldap connection */
648 $ldap = new LDAP($cv['admin'],
649 $cv['password'],
650 $cv['connection'],
651 FALSE,
652 $cv['tls']);
654 /* Skip GOsa internal departments */
655 $skip_dns = array("/^ou=people,/","/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
656 "/^ou=apps,/","/^ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
657 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
658 "/(,|)ou=winstations,/");
661 /* Get all invisible departments */
662 $ldap->cd($cv['base']);
663 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
664 while($attrs = $ldap->fetch()){
665 $attrs['checked'] = FALSE;
666 $attrs['before'] = "";
667 $attrs['after'] = "";
669 /* Set objects to selected, that were selected before reload */
670 if(isset($old[base64_encode($attrs['dn'])])){
671 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
672 }
673 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
674 }
676 /* Filter returned list of departments and ensure that
677 * GOsa internal departments will not be listed
678 */
679 foreach($this->deps_to_migrate as $key => $attrs){
680 $dn = $attrs['dn'];
681 $skip = false;
682 foreach($skip_dns as $skip_dn){
683 if(preg_match($skip_dn,$dn)){
684 $skip = true;
685 }
686 }
687 if($skip){
688 unset($this->deps_to_migrate[$key]);
689 }
690 }
692 /* If we have no invisible departments found
693 * tell the user that everything is ok
694 */
695 if(!$res){
696 $this->checks['deps_visible']['STATUS'] = FALSE;
697 $this->checks['deps_visible']['STATUS_MSG']= _("LDAP query failed");
698 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
699 }elseif(count($this->deps_to_migrate) == 0 ){
700 $this->checks['deps_visible']['STATUS'] = TRUE;
701 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
702 $this->checks['deps_visible']['ERROR_MSG'] = "";
703 }else{
704 $this->checks['deps_visible']['STATUS'] = TRUE;
705 $this->checks['deps_visible']['STATUS_MSG']= '<font style="color:#FFA500">'._("Warning").'</font>';
706 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s department(s) that will not be visible in GOsa."),count($this->deps_to_migrate));
707 $this->checks['deps_visible']['ERROR_MSG'] .= " <input type='submit' name='deps_visible_migrate' value='"._("Migrate")."...'>";
708 }
709 }
713 /* Start deparmtment migration */
714 function migrate_organizationalUnits($only_ldif = FALSE)
715 {
716 $this->show_details= $only_ldif;
718 /* Get collected configuration settings */
719 $cv = $this->parent->captured_values;
721 /* Establish ldap connection */
722 $ldap = new LDAP($cv['admin'],
723 $cv['password'],
724 $cv['connection'],
725 FALSE,
726 $cv['tls']);
728 /* Add gosaDepartment objectClass to each selected entry
729 */
730 foreach($this->deps_to_migrate as $key => $dep){
731 if($dep['checked']){
733 /* Get current objectClasses */
734 $ldap->cat($dep['dn'],array("objectClass","description"));
735 $attrs = $ldap->fetch();
737 /* Create new objectClass attribute including gosaDepartment*/
738 $new_attrs = array();
739 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
740 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
741 }
742 $new_attrs['objectClass'][] = "gosaDepartment";
744 /* Append description it is missing */
745 if(!isset($attrs['description'])){
746 $new_attrs['description'][] = "GOsa department";
747 }
749 /* Depending on the parameter >only_diff< we save the changes as ldif
750 * or we write our changes directly to the ldap database
751 */
752 if($only_ldif){
753 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
754 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
755 }else{
756 $ldap->cd($attrs['dn']);
757 if(!$ldap->modify($new_attrs)){
758 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
759 return(false);
760 }
761 }
762 }
763 }
764 return(TRUE);
765 }
768 /* Check Acls if there is at least one object with acls defined
769 */
770 function check_administrativeAccount()
771 {
772 /* Establish ldap connection */
773 $cv = $this->parent->captured_values;
774 $ldap = new LDAP($cv['admin'],
775 $cv['password'],
776 $cv['connection'],
777 FALSE,
778 $cv['tls']);
780 /* Search for groups that have complete permissions */
781 $ldap->cd($cv['base']);
782 $res = $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
784 /* If ldap search failed, set error message */
785 if(!$res){
786 $this->checks['acls']['STATUS'] = FALSE;
787 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
788 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
789 }else{
791 /* */
792 $found = FALSE;
793 $debug = "";
794 $admin_groups = array();
796 /* Get all returned groups */
797 while($attrs = $ldap->fetch()){
798 $admin_groups[]= $attrs;
799 }
801 /* Walk through groups and check if memberUid exists in ldap database */
802 foreach($admin_groups as $group){
804 $debug .= "<b>".$group['cn'][0].":</b><br>";
806 $count_member = $group['memberUid']['count'];
808 /* Check every single group member */
809 for($i = 0 ; $i < $count_member ; $i++){
810 $debug .= $group['memberUid'][$i];
812 /* Check if user exists */
813 $ldap->search("(&(objectClass=gosaAccount)(uid=".$group['memberUid'][$i]."))",array("dn"));
814 $cnt= $ldap->count();
816 /* Update found-status if there is a member available */
817 if($cnt == 1){
818 $debug .= " <i>->Found</i><br>";
819 $found = TRUE;
820 }elseif($cnt == 0 ){
821 $debug .= " <font color='red'>-> NOT Found</font><br>";
822 }else{
823 $debug .= " <font color='red'>-> Found more than once -.- </font><br>";
824 }
825 }
827 }
828 # For debugging
829 # echo $debug."<br>----------------<br>";
831 if($found){
832 $this->checks['acls']['STATUS'] = TRUE;
833 $this->checks['acls']['STATUS_MSG']= _("Ok");
834 $this->checks['acls']['ERROR_MSG'] = "";
835 }else{
836 $this->checks['acls']['STATUS'] = FALSE;
837 $this->checks['acls']['STATUS_MSG']= _("Failed");
838 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
839 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
840 }
841 }
842 return($ldap->count()>=1);
843 }
847 function create_admin($only_ldif = FALSE)
848 {
849 /* Reset '' */
850 $this->acl_create_changes="";
852 /* Object that should receive admin acls */
853 $dn = $this->acl_create_selected;
855 /* Get collected configuration settings */
856 $cv = $this->parent->captured_values;
858 /* Establish ldap connection */
859 $ldap = new LDAP($cv['admin'],
860 $cv['password'],
861 $cv['connection'],
862 FALSE,
863 $cv['tls']);
865 $ldap->cd($cv['base']);
866 $ldap->cat($dn,array("objectClass","cn","uid"));
867 $object_attrs = $ldap->fetch();
868 $type = "none";
870 /* Check object that should receive admin acls */
871 if(in_array("gosaAccount",$object_attrs['objectClass'])){
872 $type = "user";
873 }elseif(in_array("posixGroup",$object_attrs['objectClass'])){
874 $type = "group";
875 }
877 /* If a user should get administrative acls, we
878 * should check if there is an administrational group
879 * and just assign the user to it.
880 * If there is no such group, we must create one.
881 */
882 if($type == "user"){
884 $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid"));
885 if($ldap->count()){
886 $fetched_attrs = $ldap->fetch();
887 $attrs_admin_group = $this->cleanup_array($fetched_attrs);
888 $attrs_admin_group_new = $attrs_admin_group;
890 if(!isset($attrs_admin_group_new['memberUid'])){
891 $attrs_admin_group_new['memberUid'] = array();
892 }
893 if(!in_array($object_attrs['uid'][0],$attrs_admin_group_new['memberUid'])){
894 $attrs_admin_group_new['memberUid'][] = $object_attrs['uid'][0];
895 }
897 if($only_ldif){
898 $this->acl_create_changes = _("Appending user to to group administrational group: \n");
899 $this->acl_create_changes.= "\n"._("Before").":\n";
900 $this->acl_create_changes.= $fetched_attrs['dn']."\n";
901 $this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group)."\n";
902 $this->acl_create_changes.= "\n"._("After").":\n";
903 $this->acl_create_changes.= $fetched_attrs['dn']."\n";
904 $this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group_new)."\n";
905 }else{
906 $ldap->cd($fetched_attrs['dn']);
907 $ldap->modify($attrs_admin_group_new);
908 if(!preg_match("/success/i",$ldap->get_error())){
909 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
910 return(FALSE);
911 }
912 }
914 }else{
916 $group_ou = trim($cv['groupou']);
917 if(!empty($group_ou)){
918 $group_ou = trim($group_ou).",";
919 }
921 $new_group_dn = "cn=GOsa Administrators,".$group_ou.$cv['base'];
922 $new_group_attrs['objectClass'] = array("gosaObject","posixGroup");
923 $new_group_attrs['cn'] = "GOsa Administrators";
924 $new_group_attrs['gosaSubtreeACL'] = ":all";
925 $new_group_attrs['gidNumber'] = "999";
926 $new_group_attrs['memberUid'] = array($object_attrs['uid'][0]);
928 if($only_ldif){
929 $this->acl_create_changes = _("Creating new administrational group: \n\n");
930 $this->acl_create_changes.= $new_group_dn."\n";
931 $this->acl_create_changes.= $this->array_to_ldif($new_group_attrs);
932 }else{
933 $ldap->cd($cv['base']);
934 $ldap->create_missing_trees($cv['groupou'].",".$cv['base']);
935 $ldap->cd($new_group_dn);
936 $res = $ldap->add($new_group_attrs);
937 if(!$res){
938 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
939 return(FALSE);
940 }
941 }
942 }
943 }
944 return(TRUE);
945 }
948 function create_admin_user()
949 {
950 $pw1 = $pw2 = "";
951 $uid = "";
953 if(isset($_POST['new_user_uid'])){
954 $uid = $_POST['new_user_uid'];
955 }
957 if(isset($_POST['new_user_password'])){
958 $pw1 = $_POST['new_user_password'];
959 }
960 if(isset($_POST['new_user_password2'])){
961 $pw2 = $_POST['new_user_password2'];
962 }
964 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
965 print_red(_("Specified passwords are empty or not equal."));
966 return false;
967 }
969 if(!is_uid($uid) || empty($uid)){
970 print_red(_("Please specify a valid uid."));
971 return false;
972 }
974 /* Establish ldap connection */
975 $cv = $this->parent->captured_values;
976 $ldap = new LDAP($cv['admin'],
977 $cv['password'],
978 $cv['connection'],
979 FALSE,
980 $cv['tls']);
982 /* Get current base attributes */
983 $ldap->cd($cv['base']);
985 $people_ou = trim($cv['peopleou']);
986 if(!empty($people_ou)){
987 $people_ou = trim($people_ou).",";
988 }
990 if($cv['peopledn'] == "cn"){
991 $dn = "cn=System Administrator,".$people_ou.$cv['base'];
992 }else{
993 $dn = "uid=".$uid.",".$people_ou.$cv['base'];
994 }
996 $methods = @passwordMethod::get_available_methods_if_not_loaded();
997 $p_m = $methods[$cv['encryption']];
998 $p_c = new $p_m(array());
999 $hash = $p_c->generate_hash($pw2);
1001 $new_user=array();
1002 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
1003 $new_user['givenName'] = "System";
1004 $new_user['sn'] = "Administrator";
1005 $new_user['cn'] = "System Administrator";
1006 $new_user['uid'] = $uid;
1007 $new_user['userPassword'] = $hash;
1009 $ldap->cd($cv['base']);
1010 $ldap->cat($dn,array("dn"));
1011 if($ldap->count()){
1012 print_red(sprintf(_("Could not add administrative user, there is already an object with the same dn '%s' in your ldap database."),
1013 $dn));
1014 return(FALSE);
1015 }
1017 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
1018 $ldap->cd($dn);
1019 $res = $ldap->add($new_user);
1020 $this->acl_create_selected = $dn;
1021 $this->create_admin();
1023 if(!$res){
1024 print_red($ldap->get_error());
1025 return(FALSE);
1026 }
1028 $this->acl_create_dialog=FALSE;
1029 $this->check_administrativeAccount();
1030 return(TRUE);
1031 }
1034 function migrate_outside_winstations($perform = FALSE)
1035 {
1036 /* Establish ldap connection */
1037 $cv = $this->parent->captured_values;
1038 $ldap = new LDAP($cv['admin'],
1039 $cv['password'],
1040 $cv['connection'],
1041 FALSE,
1042 $cv['tls']);
1044 $ldap->cd($cv['base']);
1046 /* Check if there was a destination department posted */
1047 if(isset($_POST['move_winstation_to'])){
1048 $destination_dep = $_POST['move_winstation_to'];
1049 }else{
1050 print_red(_("Couldn't move users to specified department."));
1051 return(false);
1052 }
1054 foreach($this->outside_winstations as $b_dn => $data){
1055 $this->outside_winstations[$b_dn]['ldif'] ="";
1056 if($data['selected']){
1057 $dn = base64_decode($b_dn);
1058 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1059 if(!$perform){
1060 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1063 /* Check if there are references to this object */
1064 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1065 $refs = "";
1066 while($attrs = $ldap->fetch()){
1067 $ref_dn = $attrs['dn'];
1068 $refs .= "<br />\t".$ref_dn;
1069 }
1070 if(!empty($refs)){
1071 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1072 }
1074 }else{
1075 $this->move($dn,$d_dn);
1076 }
1077 }
1078 }
1079 }
1082 function migrate_outside_groups($perform = FALSE)
1083 {
1084 /* Establish ldap connection */
1085 $cv = $this->parent->captured_values;
1086 $ldap = new LDAP($cv['admin'],
1087 $cv['password'],
1088 $cv['connection'],
1089 FALSE,
1090 $cv['tls']);
1092 $ldap->cd($cv['base']);
1094 /* Check if there was a destination department posted */
1095 if(isset($_POST['move_group_to'])){
1096 $destination_dep = $_POST['move_group_to'];
1097 }else{
1098 print_red(_("Couldn't move users to specified department."));
1099 return(false);
1100 }
1102 foreach($this->outside_groups as $b_dn => $data){
1103 $this->outside_groups[$b_dn]['ldif'] ="";
1104 if($data['selected']){
1105 $dn = base64_decode($b_dn);
1106 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1107 if(!$perform){
1108 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1111 /* Check if there are references to this object */
1112 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1113 $refs = "";
1114 while($attrs = $ldap->fetch()){
1115 $ref_dn = $attrs['dn'];
1116 $refs .= "<br />\t".$ref_dn;
1117 }
1118 if(!empty($refs)){
1119 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1120 }
1122 }else{
1123 $this->move($dn,$d_dn);
1124 }
1125 }
1126 }
1127 }
1130 function migrate_outside_users($perform = FALSE)
1131 {
1132 /* Establish ldap connection */
1133 $cv = $this->parent->captured_values;
1134 $ldap = new LDAP($cv['admin'],
1135 $cv['password'],
1136 $cv['connection'],
1137 FALSE,
1138 $cv['tls']);
1140 $ldap->cd($cv['base']);
1142 /* Check if there was a destination department posted */
1143 if(isset($_POST['move_user_to'])){
1144 $destination_dep = $_POST['move_user_to'];
1145 }else{
1146 print_red(_("Couldn't move users to specified department."));
1147 return(false);
1148 }
1150 foreach($this->outside_users as $b_dn => $data){
1151 $this->outside_users[$b_dn]['ldif'] ="";
1152 if($data['selected']){
1153 $dn = base64_decode($b_dn);
1154 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1155 if(!$perform){
1156 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1158 /* Check if there are references to this object */
1159 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1160 $refs = "";
1161 while($attrs = $ldap->fetch()){
1162 $ref_dn = $attrs['dn'];
1163 $refs .= "<br />\t".$ref_dn;
1164 }
1165 if(!empty($refs)){
1166 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("The following references will be updated").":</i>".$refs;
1167 }
1169 }else{
1170 $this->move($dn,$d_dn);
1171 }
1172 }
1173 }
1174 }
1177 function execute()
1178 {
1179 /* Initialise checks if this is the first call */
1180 if(!$this->checks_initialised || isset($_POST['reload'])){
1181 $this->initialize_checks();
1182 $this->checks_initialised = TRUE;
1183 }
1185 /*************
1186 * Winstations outside the group ou
1187 *************/
1189 if(isset($_POST['outside_winstations_dialog_cancel'])){
1190 $this->outside_winstations_dialog = FALSE;
1191 $this->dialog = FALSE;
1192 $this->show_details = FALSE;
1193 }
1195 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1196 $this->migrate_outside_winstations(FALSE);
1197 }
1199 if(isset($_POST['outside_winstations_dialog_perform'])){
1200 $this->migrate_outside_winstations(TRUE);
1201 $this->search_outside_winstations();
1202 $this->dialog = FALSE;
1203 $this->show_details = FALSE;
1204 $this->outside_winstations_dialog = FALSE;
1205 }
1207 if(isset($_POST['outside_winstations_dialog'])){
1208 $this->outside_winstations_dialog = TRUE;
1209 $this->dialog = TRUE;
1210 }
1212 if($this->outside_winstations_dialog){
1213 $smarty = get_smarty();
1214 $smarty->assign("ous",$this->get_all_winstation_ous());
1215 $smarty->assign("method","outside_winstations");
1216 $smarty->assign("outside_winstations",$this->outside_winstations);
1217 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1218 }
1219 /*************
1220 * Groups outside the group ou
1221 *************/
1223 if(isset($_POST['outside_groups_dialog_cancel'])){
1224 $this->outside_groups_dialog = FALSE;
1225 $this->show_details = FALSE;
1226 $this->dialog = FALSE;
1227 }
1229 if(isset($_POST['outside_groups_dialog_whats_done'])){
1230 $this->show_details= TRUE;
1231 $this->migrate_outside_groups(FALSE);
1232 }
1234 if(isset($_POST['outside_groups_dialog_refresh'])){
1235 $this->show_details= FALSE;
1236 }
1238 if(isset($_POST['outside_groups_dialog_perform'])){
1239 $this->migrate_outside_groups(TRUE);
1240 $this->dialog = FALSE;
1241 $this->show_details = FALSE;
1242 $this->outside_groups_dialog = FALSE;
1243 $this->initialize_checks();
1244 }
1246 if(isset($_POST['outside_groups_dialog'])){
1247 $this->outside_groups_dialog = TRUE;
1248 $this->dialog = TRUE;
1249 }
1251 if($this->outside_groups_dialog){
1252 $smarty = get_smarty();
1253 $smarty->assign("ous",$this->get_all_group_ous());
1254 $smarty->assign("method","outside_groups");
1255 $smarty->assign("outside_groups",$this->outside_groups);
1256 $smarty->assign("group_details", $this->show_details);
1257 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1258 }
1260 /*************
1261 * User outside the people ou
1262 *************/
1264 if(isset($_POST['outside_users_dialog_cancel'])){
1265 $this->outside_users_dialog = FALSE;
1266 $this->dialog = FALSE;
1267 $this->show_details = FALSE;
1268 }
1270 if(isset($_POST['outside_users_dialog_whats_done'])){
1271 $this->show_details= TRUE;
1272 $this->migrate_outside_users(FALSE);
1273 }
1275 if(isset($_POST['outside_users_dialog_perform'])){
1276 $this->migrate_outside_users(TRUE);
1277 $this->initialize_checks();
1278 $this->dialog = FALSE;
1279 $this->show_details = FALSE;
1280 $this->outside_users_dialog = FALSE;
1281 }
1283 if (isset($_POST['outside_users_dialog_refresh'])){
1284 $this->show_details= FALSE;
1285 }
1287 if(isset($_POST['outside_users_dialog'])){
1288 $this->outside_users_dialog = TRUE;
1289 $this->dialog = TRUE;
1290 }
1292 if($this->outside_users_dialog){
1293 $smarty = get_smarty();
1294 $smarty->assign("ous",$this->get_all_people_ous());
1295 $smarty->assign("method","outside_users");
1296 $smarty->assign("outside_users",$this->outside_users);
1297 $smarty->assign("user_details", $this->show_details);
1298 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1299 }
1301 /*************
1302 * Root object check
1303 *************/
1305 if(isset($_POST['retry_root_create'])){
1307 $state = $this->checks['root']['STATUS'];
1308 $this->checkBase(FALSE);
1309 if($state != $this->checks['root']['STATUS']){
1310 $this->initialize_checks();
1311 }
1312 }
1314 /*************
1315 * User Migration handling
1316 *************/
1318 if(isset($_POST['retry_acls'])){
1319 $this->check_administrativeAccount();
1320 }
1322 if(isset($_POST['create_acls'])){
1323 $this->acl_create_dialog = TRUE;
1324 $this->dialog = TRUE;
1325 }
1327 if(isset($_POST['create_acls_cancel'])){
1328 $this->acl_create_dialog = FALSE;
1329 $this->dialog = FALSE;
1330 $this->show_details = FALSE;
1331 }
1333 # if(isset($_POST['create_acls_create_confirmed'])){
1334 # if($this->create_admin()){
1335 # $this->acl_create_dialog = FALSE;
1336 # $this->dialog = FALSE;
1337 # $this->show_details = FALSE;
1338 # $this->initialize_checks();
1339 # }
1340 # }
1342 if(isset($_POST['create_acls_create'])){
1343 $this->create_admin(TRUE);
1344 }
1346 if(isset($_POST['create_admin_user'])){
1347 if($this->create_admin_user()){
1348 $this->dialog = FALSE;
1349 $this->show_details = FALSE;
1350 }
1351 }
1353 if($this->acl_create_dialog){
1354 $smarty = get_smarty();
1356 $uid = "admin";
1357 if(isset($_POST['new_user_uid'])){
1358 $uid = $_POST['new_user_uid'];
1359 }
1361 $smarty->assign("new_user_uid",$uid);
1362 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1363 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1364 $smarty->assign("method","create_acls");
1365 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1366 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1367 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1368 }
1370 /*************
1371 * User Migration handling
1372 *************/
1374 /* Refresh list of deparments */
1375 if(isset($_POST['users_visible_migrate_refresh'])){
1376 $this->check_gosaAccounts();
1377 }
1379 /* Open migration dialog */
1380 if(isset($_POST['users_visible_migrate'])){
1381 $this->show_details= FALSE;
1382 $this->users_migration_dialog = TRUE;
1383 $this->dialog =TRUE;
1384 }
1386 /* Close migration dialog */
1387 if(isset($_POST['users_visible_migrate_close'])){
1388 $this->users_migration_dialog = FALSE;
1389 $this->dialog =FALSE;
1390 $this->show_details = FALSE;
1391 }
1393 /* Start migration */
1394 if(isset($_POST['users_visible_migrate_migrate'])){
1395 if($this->migrate_gosaAccounts()){
1396 $this->initialize_checks();
1397 $this->dialog = FALSE;
1398 $this->show_details = FALSE;
1399 $this->users_migration_dialog = FALSE;
1400 }
1401 }
1403 /* Start migration */
1404 if(isset($_POST['users_visible_migrate_whatsdone'])){
1405 $this->migrate_gosaAccounts(TRUE);
1406 }
1408 /* Display migration dialog */
1409 if($this->users_migration_dialog){
1410 $smarty = get_smarty();
1411 $smarty->assign("users_to_migrate",$this->users_to_migrate);
1412 $smarty->assign("method","migrate_users");
1413 $smarty->assign("user_details", $this->show_details);
1414 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1415 }
1418 /*************
1419 * Department Migration handling
1420 *************/
1422 /* Refresh list of deparments */
1423 if(isset($_POST['deps_visible_migrate_refresh'])){
1424 $this->check_organizationalUnits();
1425 $this->show_details= FALSE;
1426 }
1428 /* Open migration dialog */
1429 if(isset($_POST['deps_visible_migrate'])){
1430 $this->dep_migration_dialog = TRUE;
1431 $this->dialog =TRUE;
1432 }
1434 /* Close migration dialog */
1435 if(isset($_POST['deps_visible_migrate_close'])){
1436 $this->dep_migration_dialog = FALSE;
1437 $this->dialog =FALSE;
1438 $this->show_details = FALSE;
1439 }
1441 /* Start migration */
1442 if(isset($_POST['deps_visible_migrate_migrate'])){
1443 if($this->migrate_organizationalUnits()){
1444 $this->show_details= FALSE;
1445 $this->check_organizationalUnits();
1446 $this->dialog = FALSE;
1447 $this->dep_migration_dialog = FALSE;
1448 }
1449 }
1451 /* Start migration */
1452 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1453 $this->migrate_organizationalUnits(TRUE);
1454 }
1456 /* Display migration dialog */
1457 if($this->dep_migration_dialog){
1458 $smarty = get_smarty();
1459 $smarty->assign("deps_to_migrate",$this->deps_to_migrate);
1460 $smarty->assign("method","migrate_deps");
1461 $smarty->assign("deps_details", $this->show_details);
1462 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1463 }
1465 $smarty = get_smarty();
1466 $smarty->assign("checks",$this->checks);
1467 $smarty->assign("method","default");
1468 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1469 }
1472 function save_object()
1473 {
1474 $this->is_completed= TRUE;
1476 /* Capture all selected winstations from outside_winstations_dialog */
1477 if($this->outside_winstations_dialog){
1478 foreach($this->outside_winstations as $dn => $data){
1479 if(isset($_POST['select_winstation_'.$dn])){
1480 $this->outside_winstations[$dn]['selected'] = TRUE;
1481 }else{
1482 $this->outside_winstations[$dn]['selected'] = FALSE;
1483 }
1484 }
1485 }
1487 /* Capture all selected groups from outside_groups_dialog */
1488 if($this->outside_groups_dialog){
1489 foreach($this->outside_groups as $dn => $data){
1490 if(isset($_POST['select_group_'.$dn])){
1491 $this->outside_groups[$dn]['selected'] = TRUE;
1492 }else{
1493 $this->outside_groups[$dn]['selected'] = FALSE;
1494 }
1495 }
1496 }
1498 /* Capture all selected users from outside_users_dialog */
1499 if($this->outside_users_dialog){
1500 foreach($this->outside_users as $dn => $data){
1501 if(isset($_POST['select_user_'.$dn])){
1502 $this->outside_users[$dn]['selected'] = TRUE;
1503 }else{
1504 $this->outside_users[$dn]['selected'] = FALSE;
1505 }
1506 }
1507 }
1509 /* Get "create acl" dialog posts */
1510 if($this->acl_create_dialog){
1512 if(isset($_POST['create_acls_create_abort'])){
1513 $this->acl_create_selected = "";
1514 }
1515 }
1517 /* Get selected departments */
1518 if($this->dep_migration_dialog){
1519 foreach($this->deps_to_migrate as $id => $data){
1520 if(isset($_POST['migrate_'.$id])){
1521 $this->deps_to_migrate[$id]['checked'] = TRUE;
1522 }else{
1523 $this->deps_to_migrate[$id]['checked'] = FALSE;
1524 }
1525 }
1526 }
1528 /* Get selected users */
1529 if($this->users_migration_dialog){
1530 foreach($this->users_to_migrate as $id => $data){
1531 if(isset($_POST['migrate_'.$id])){
1532 $this->users_to_migrate[$id]['checked'] = TRUE;
1533 }else{
1534 $this->users_to_migrate[$id]['checked'] = FALSE;
1535 }
1536 }
1537 }
1538 }
1541 /* Check if the root object exists.
1542 * If the parameter just_check is true, then just check if the
1543 * root object is missing and update the info messages.
1544 * If the Parameter is false, try to create a new root object.
1545 */
1546 function checkBase($just_check = TRUE)
1547 {
1548 /* Get collected setup informations */
1549 $cv = $this->parent->captured_values;
1551 /* Establish ldap connection */
1552 $ldap = new LDAP($cv['admin'],
1553 $cv['password'],
1554 $cv['connection'],
1555 FALSE,
1556 $cv['tls']);
1558 /* Check if root object exists */
1559 $ldap->cd($cv['base']);
1560 $res = $ldap->search("(objectClass=*)");
1561 $err = ldap_errno($ldap->cid);
1563 if( !$res ||
1564 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1565 $err == 0x40) { # LDAP_NAMING_VIOLATION
1567 /* Root object doesn't exists
1568 */
1569 if($just_check){
1570 $this->checks['root']['STATUS'] = FALSE;
1571 $this->checks['root']['STATUS_MSG']= _("Failed");
1572 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
1573 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1574 return(FALSE);
1575 }else{
1577 /* Add root object */
1578 $ldap->cd($cv['base']);
1579 $res = $ldap->create_missing_trees($cv['base']);
1581 /* If adding failed, tell the user */
1582 if(!$res){
1583 $this->checks['root']['STATUS'] = FALSE;
1584 $this->checks['root']['STATUS_MSG']= _("Failed");
1585 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
1586 $this->checks['root']['ERROR_MSG'].= " <input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1587 return($res);;
1588 }
1589 }
1590 }
1592 /* Create & remove of dummy object was successful */
1593 $this->checks['root']['STATUS'] = TRUE;
1594 $this->checks['root']['STATUS_MSG']= _("Ok");
1595 }
1598 /* Return ldif information for a
1599 * given attribute array
1600 */
1601 function array_to_ldif($atts)
1602 {
1603 $ret = "";
1604 unset($atts['count']);
1605 unset($atts['dn']);
1606 foreach($atts as $name => $value){
1607 if(is_numeric($name)) {
1608 continue;
1609 }
1610 if(is_array($value)){
1611 unset($value['count']);
1612 foreach($value as $a_val){
1613 $ret .= $name.": ". $a_val."\n";
1614 }
1615 }else{
1616 $ret .= $name.": ". $value."\n";
1617 }
1618 }
1619 return(preg_replace("/\n$/","",$ret));
1620 }
1623 function get_user_list()
1624 {
1625 /* Get collected configuration settings */
1626 $cv = $this->parent->captured_values;
1628 /* Establish ldap connection */
1629 $ldap = new LDAP($cv['admin'],
1630 $cv['password'],
1631 $cv['connection'],
1632 FALSE,
1633 $cv['tls']);
1635 $ldap->cd($cv['base']);
1636 $ldap->search("(objectClass=gosaAccount)",array("dn"));
1638 $tmp = array();
1639 while($attrs = $ldap->fetch()){
1640 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1641 }
1642 return($tmp);
1643 }
1646 function get_all_people_ous()
1647 {
1648 /* Get collected configuration settings */
1649 $cv = $this->parent->captured_values;
1651 /* Establish ldap connection */
1652 $ldap = new LDAP($cv['admin'],
1653 $cv['password'],
1654 $cv['connection'],
1655 FALSE,
1656 $cv['tls']);
1658 $ldap->cd($cv['base']);
1659 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1661 if($ldap->count() == 0 ){
1662 $add_dn = $cv['peopleou'].",".$cv['base'];
1663 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1664 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1665 $add = array();
1666 $add['objectClass'] = array("organizationalUnit");
1667 $add[$naming_attr] = $naming_value;
1669 $ldap->cd($cv['base']);
1670 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1671 $ldap->cd($add_dn);
1672 $ldap->add($add);
1673 }
1675 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1676 $tmp = array();
1677 while($attrs= $ldap->fetch()){
1678 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1679 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1680 }
1681 }
1682 return($tmp);
1683 }
1685 function get_all_winstation_ous()
1686 {
1687 /* Get collected configuration settings */
1688 $cv = $this->parent->captured_values;
1690 /* Establish ldap connection */
1691 $ldap = new LDAP($cv['admin'],
1692 $cv['password'],
1693 $cv['connection'],
1694 FALSE,
1695 $cv['tls']);
1697 /* Get winstation ou */
1698 if($cv['generic_settings']['wws_ou_active']) {
1699 $winstation_ou = $cv['generic_settings']['ws_ou'];
1700 }else{
1701 $winstation_ou = "ou=winstations";
1702 }
1704 $ldap->cd($cv['base']);
1705 $ldap->search("(".$winstation_ou.")",array("dn"));
1707 if($ldap->count() == 0 ){
1708 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
1709 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1710 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1711 $add = array();
1712 $add['objectClass'] = array("organizationalUnit");
1713 $add[$naming_attr] = $naming_value;
1715 $ldap->cd($cv['base']);
1716 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1717 $ldap->cd($add_dn);
1718 $ldap->add($add);
1719 }
1721 $ldap->search("(".$winstation_ou.")",array("dn"));
1722 $tmp = array();
1723 while($attrs= $ldap->fetch()){
1724 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1725 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1726 }
1727 }
1728 return($tmp);
1729 }
1732 function get_all_group_ous()
1733 {
1734 /* Get collected configuration settings */
1735 $cv = $this->parent->captured_values;
1737 /* Establish ldap connection */
1738 $ldap = new LDAP($cv['admin'],
1739 $cv['password'],
1740 $cv['connection'],
1741 FALSE,
1742 $cv['tls']);
1744 $ldap->cd($cv['base']);
1745 $ldap->search("(".$cv['groupou'].")",array("dn"));
1747 if($ldap->count() == 0 ){
1748 $add_dn = $cv['groupou'].",".$cv['base'];
1749 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1750 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1751 $add = array();
1752 $add['objectClass'] = array("organizationalUnit");
1753 $add[$naming_attr] = $naming_value;
1755 $ldap->cd($cv['base']);
1756 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1757 $ldap->cd($add_dn);
1758 $ldap->add($add);
1759 }
1761 $ldap->search("(".$cv['groupou'].")",array("dn"));
1762 $tmp = array();
1763 while($attrs= $ldap->fetch()){
1764 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1765 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1766 }
1767 }
1768 return($tmp);
1769 }
1772 function get_group_list()
1773 {
1774 /* Get collected configuration settings */
1775 $cv = $this->parent->captured_values;
1777 /* Establish ldap connection */
1778 $ldap = new LDAP($cv['admin'],
1779 $cv['password'],
1780 $cv['connection'],
1781 FALSE,
1782 $cv['tls']);
1784 $ldap->cd($cv['base']);
1785 $ldap->search("(objectClass=posixGroup)",array("dn"));
1787 $tmp = array();
1788 while($attrs = $ldap->fetch()){
1789 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1790 }
1791 return($tmp);
1792 }
1795 function move($source,$destination)
1796 {
1797 /* Get collected configuration settings */
1798 $cv = $this->parent->captured_values;
1800 /* Establish ldap connection */
1801 $ldap = new LDAP($cv['admin'],
1802 $cv['password'],
1803 $cv['connection'],
1804 FALSE,
1805 $cv['tls']);
1807 /* Update object references in gosaGroupOfNames */
1808 $ogs_to_fix = array();
1809 $ldap->cd($cv['base']);
1810 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($source).'))', array('cn','member'));
1811 while ($attrs= $ldap->fetch()){
1812 $dn = $attrs['dn'];
1813 $attrs = $this->cleanup_array($attrs);
1814 $member_new = array($destination);
1815 foreach($attrs['member'] as $member){
1816 if($member != $source){
1817 $member_new[] = $member;
1818 }
1819 }
1820 $attrs['member'] = $member_new;
1821 $ogs_to_fix[$dn] = $attrs;
1822 }
1824 /* Copy source to destination dn */
1825 $ldap->cat($source);
1826 $new_data = $this->cleanup_array($ldap->fetch());
1827 $ldap->cd($destination);
1828 $res = $ldap->add($new_data);
1830 /* Display warning if copy failed */
1831 if(!$res){
1832 print_red(_("Failed to copy '%s' to '%s'. LDAP says '%s'."),$source,$destination,$ldap->get_error());
1833 }else{
1834 $res = $ldap->rmDir($source);
1835 show_ldap_error($ldap->get_error(),_("Something went wrong while copying dns."));
1837 /* Object is copied, so update its references */
1838 foreach($ogs_to_fix as $dn => $data){
1839 $ldap->cd($dn);
1840 $ldap->modify($data);
1841 }
1842 }
1843 }
1846 /* Cleanup ldap result to be able to write it be to ldap */
1847 function cleanup_array($attrs)
1848 {
1849 foreach($attrs as $key => $value) {
1850 if(is_numeric($key) || in_array($key,array("count","dn"))){
1851 unset($attrs[$key]);
1852 }
1853 if(is_array($value) && isset($value['count'])){
1854 unset($attrs[$key]['count']);
1855 }
1856 }
1857 return($attrs);
1858 }
1859 }
1861 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1862 ?>