1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/monitoring.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
62 var $show_details = FALSE;
64 /* Department migration attributes */
65 var $users_migration_dialog= FALSE;
66 var $users_to_migrate = array();
68 /* Create Acl attributes */
69 var $acl_create_dialog = FALSE;
70 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
71 var $acl_create_changes = ""; // Contains ldif information about changes
72 var $acl_create_confirmed= FALSE;
74 /* Checks initialised ? */
75 var $checks_initialised = FALSE;
77 /* Users outside to people ou */
78 var $outside_users = array();
79 var $outside_users_dialog = FALSE;
81 /* Users outside to groups ou */
82 var $outside_groups = array();
83 var $outside_groups_dialog = FALSE;
85 /* Win-Workstations outside to reserved ou */
86 var $outside_winstations = array();
87 var $outside_winstations_dialog = FALSE;
89 /* check for multiple use of same uidNumber */
90 var $check_uidNumbers = array();
91 var $check_uidNumbers_dialog = FALSE;
93 /* check for multiple use of same gidNumber */
94 var $check_gidNumbers = array();
95 var $check_gidNumbers_dialog = FALSE;
98 function Step_Migrate()
99 {
100 $this->update_strings();
101 }
103 function update_strings()
104 {
105 $this->s_title = _("LDAP inspection");
106 $this->s_title_long = _("LDAP inspection");
107 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
108 }
110 function initialize_checks()
111 {
112 $this->checks = array();
113 $this->checks['root']['TITLE'] = _("Checking for root object");
114 $this->checks['root']['STATUS'] = FALSE;
115 $this->checks['root']['STATUS_MSG']= "";
116 $this->checks['root']['ERROR_MSG'] = "";
117 $this->checkBase();
119 $this->checks['permissions']['TITLE'] = _("Checking permissions on LDAP database");
120 $this->checks['permissions']['STATUS'] = FALSE;
121 $this->checks['permissions']['STATUS_MSG']= "";
122 $this->checks['permissions']['ERROR_MSG'] = "";
123 $this->check_ldap_permissions();
125 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible deparmtments");
126 $this->checks['deps_visible']['STATUS'] = FALSE;
127 $this->checks['deps_visible']['STATUS_MSG']= "";
128 $this->checks['deps_visible']['ERROR_MSG'] = "";
129 $this->check_organizationalUnits();
131 $this->checks['users_visible']['TITLE'] = _("Checking for invisible users");
132 $this->checks['users_visible']['STATUS'] = FALSE;
133 $this->checks['users_visible']['STATUS_MSG']= "";
134 $this->checks['users_visible']['ERROR_MSG'] = "";
135 $this->check_gosaAccounts();
137 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
138 $this->checks['acls']['STATUS'] = FALSE;
139 $this->checks['acls']['STATUS_MSG']= "";
140 $this->checks['acls']['ERROR_MSG'] = "";
141 $this->check_administrativeAccount();
143 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree");
144 $this->checks['outside_users']['STATUS'] = FALSE;
145 $this->checks['outside_users']['STATUS_MSG']= "";
146 $this->checks['outside_users']['ERROR_MSG'] = "";
147 $this->search_outside_users();
149 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree");
150 $this->checks['outside_groups']['STATUS'] = FALSE;
151 $this->checks['outside_groups']['STATUS_MSG']= "";
152 $this->checks['outside_groups']['ERROR_MSG'] = "";
153 $this->search_outside_groups();
155 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation tree");
156 $this->checks['outside_winstations']['STATUS'] = FALSE;
157 $this->checks['outside_winstations']['STATUS_MSG']= "";
158 $this->checks['outside_winstations']['ERROR_MSG'] = "";
159 $this->search_outside_winstations();
161 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicate uid numbers");
162 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
163 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
164 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
165 $this->check_uidNumber();
167 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate gid numbers");
168 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
169 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
170 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
171 $this->check_gidNumber();
172 }
175 /* Check if there are uidNumbers which are used more than once.
176 */
177 function check_uidNumber()
178 {
179 $cv = $this->parent->captured_values;
180 $ldap = new LDAP($cv['admin'],
181 $cv['password'],
182 $cv['connection'],
183 FALSE,
184 $cv['tls']);
186 $ldap->cd($cv['base']);
187 $res = $ldap->search("uidNumber=*",array("dn","uidNumber"));
188 if(!$res){
189 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
190 $this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
191 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
192 return(false);
193 }
195 $this->check_uidNumbers= array();
196 $tmp = array();
197 while($attrs = $ldap->fetch()){
198 $tmp[$attrs['uidNumber'][0]][] = $attrs;
199 }
201 foreach($tmp as $id => $entries){
202 if(count($entries) > 1){
203 foreach($entries as $entry){
204 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
205 }
206 }
207 }
209 if($this->check_uidNumbers){
210 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
211 $this->checks['uidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
212 $this->checks['uidNumber_usage']['ERROR_MSG'] =
213 sprintf(_("Found %s duplicate values for attribute 'uidNumber'."),count($this->check_uidNumbers));
214 return(false);
215 }else{
216 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
217 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
218 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
219 return(TRUE);
220 }
221 }
224 /* Check if there are duplicated gidNumbers present in ldap
225 */
226 function check_gidNumber()
227 {
228 $cv = $this->parent->captured_values;
229 $ldap = new LDAP($cv['admin'],
230 $cv['password'],
231 $cv['connection'],
232 FALSE,
233 $cv['tls']);
235 $ldap->cd($cv['base']);
236 $res = $ldap->search("(&(objectClass=posixGroup)(gidNumber=*))",array("dn","gidNumber"));
237 if(!$res){
238 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
239 $this->checks['gidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
240 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
241 return(false);
242 }
244 $this->check_gidNumbers= array();
245 $tmp = array();
246 while($attrs = $ldap->fetch()){
247 $tmp[$attrs['gidNumber'][0]][] = $attrs;
248 }
250 foreach($tmp as $id => $entries){
251 if(count($entries) > 1){
252 foreach($entries as $entry){
253 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
254 }
255 }
256 }
258 if($this->check_gidNumbers){
259 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
260 $this->checks['gidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
261 $this->checks['gidNumber_usage']['ERROR_MSG'] =
262 sprintf(_("Found %s duplicate values for attribute 'gidNumber'."),count($this->check_gidNumbers));
263 return(false);
264 }else{
265 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
266 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
267 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
268 return(TRUE);
269 }
270 }
273 /* Search for winstations outside the winstation ou
274 */
275 function search_outside_winstations()
276 {
277 $cv = $this->parent->captured_values;
278 $ldap = new LDAP($cv['admin'],
279 $cv['password'],
280 $cv['connection'],
281 FALSE,
282 $cv['tls']);
284 /* Get winstation ou */
285 if($cv['generic_settings']['wws_ou_active']) {
286 $winstation_ou = $cv['generic_settings']['ws_ou'];
287 }else{
288 $winstation_ou = "ou=winstations";
289 }
291 if($cv['samba_version'] == 3){
292 $oc = "sambaSamAccount";
293 }else{
294 $oc = "sambaAccount";
295 }
297 $ldap->cd($cv['base']);
298 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
299 if(!$res){
300 $this->checks['outside_winstations']['STATUS'] = FALSE;
301 $this->checks['outside_winstations']['STATUS_MSG']= _("LDAP query failed");
302 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
303 return(false);
304 }
306 $this->outside_winstations = array();
307 while($attrs = $ldap->fetch()){
308 if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
309 $attrs['selected'] = FALSE;
310 $attrs['ldif'] = "";
311 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
312 }
313 }
315 if(count($this->outside_winstations)){
316 $this->checks['outside_winstations']['STATUS'] = FALSE;
317 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
318 $this->checks['outside_winstations']['ERROR_MSG'] =
319 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
320 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."...'>";
321 return(false);
322 }else{
323 $this->checks['outside_winstations']['STATUS'] = TRUE;
324 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
325 $this->checks['outside_winstations']['ERROR_MSG'] = "";
326 return(TRUE);
327 }
328 }
331 /* Search for groups outside the group ou
332 */
333 function search_outside_groups()
334 {
335 $cv = $this->parent->captured_values;
336 $ldap = new LDAP($cv['admin'],
337 $cv['password'],
338 $cv['connection'],
339 FALSE,
340 $cv['tls']);
342 $group_ou = $cv['groupou'];
343 $ldap->cd($cv['base']);
345 /***********
346 * Get all gosaDepartments to be able to
347 * validate correct ldap tree position of every single user
348 ***********/
349 $valid_deps = array();
350 $valid_deps['/'] = $cv['base'];
351 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
352 while($attrs = $ldap->fetch()){
353 $valid_deps[$attrs['ou'][0]] = $attrs['dn'];
354 }
356 /***********
357 * Get all groups
358 ***********/
359 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
360 if(!$res){
361 $this->checks['outside_groups']['STATUS'] = FALSE;
362 $this->checks['outside_groups']['STATUS_MSG']= _("LDAP query failed");
363 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
364 return(false);
365 }
367 while($attrs = $ldap->fetch()){
368 $group_db_base = preg_replace("/^[^,]+,".normalizePreg($group_ou)."/","",$attrs['dn']);
370 /* Check if entry is not an addressbook only user
371 * and verify that he is in a valid department
372 */
373 if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$group_db_base) &&
374 !in_array($group_db_base,$valid_deps)
375 ){
376 $attrs['selected'] = FALSE;
377 $attrs['ldif'] = "";
378 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
379 }
380 }
382 if(count($this->outside_groups)){
383 $this->checks['outside_groups']['STATUS'] = FALSE;
384 $this->checks['outside_groups']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
385 $this->checks['outside_groups']['ERROR_MSG'] =
386 sprintf(_("Found %s groups outside the configured tree '%s'."),count($this->outside_groups),$group_ou);
387 $this->checks['outside_groups']['ERROR_MSG'].= " <input type='submit' name='outside_groups_dialog' value='"._("Move")."...'>";
388 return(false);
389 }else{
390 $this->checks['outside_groups']['STATUS'] = TRUE;
391 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
392 $this->checks['outside_groups']['ERROR_MSG'] = "";
393 return(TRUE);
394 }
395 }
398 /* Search for users outside the people ou
399 */
400 function search_outside_users()
401 {
402 $cv = $this->parent->captured_values;
403 $ldap = new LDAP($cv['admin'],
404 $cv['password'],
405 $cv['connection'],
406 FALSE,
407 $cv['tls']);
409 $ldap->cd($cv['base']);
412 /***********
413 * Get all gosaDepartments to be able to
414 * validate correct ldap tree position of every single user
415 ***********/
416 $valid_deps = array();
417 $valid_deps['/'] = $cv['base'];
418 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
419 while($attrs = $ldap->fetch()){
420 $valid_deps[$attrs['ou'][0]] = $attrs['dn'];
421 }
423 /***********
424 * Search for all users
425 ***********/
426 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
427 if(!$res){
428 $this->checks['outside_users']['STATUS'] = FALSE;
429 $this->checks['outside_users']['STATUS_MSG']= _("LDAP query failed");
430 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
431 return(false);
432 }
434 /***********
435 * Check if returned users are within a valid GOsa deparmtment. (peopleou,gosaDepartment,base)
436 ***********/
437 $this->outside_users = array();
438 $people_ou = trim($cv['peopleou']);
439 if(!empty($people_ou)){
440 $people_ou = $people_ou.",";
441 }
443 while($attrs = $ldap->fetch()){
444 $people_db_base = preg_replace("/^[^,]+,".normalizePreg($people_ou)."/","",$attrs['dn']);
446 /* Check if entry is not an addressbook only user
447 * and verify that he is in a valid department
448 */
449 if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$people_db_base) &&
450 !in_array($people_db_base,$valid_deps)
451 ){
452 $attrs['selected'] = FALSE;
453 $attrs['ldif'] = "";
454 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
455 }
456 }
458 if(count($this->outside_users)){
459 $this->checks['outside_users']['STATUS'] = FALSE;
460 $this->checks['outside_users']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
461 $this->checks['outside_users']['ERROR_MSG'] =
462 sprintf(_("Found %s user(s) outside the configured tree '%s'."),count($this->outside_users),$people_ou);
463 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Move")."...'>";
464 return(false);
465 }else{
466 $this->checks['outside_users']['STATUS'] = TRUE;
467 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
468 $this->checks['outside_users']['ERROR_MSG'] = "";
469 return(TRUE);
470 }
471 }
474 /* Check ldap accessibility
475 * Create and remove a dummy object,
476 * to ensure that we have the necessary permissions
477 */
478 function check_ldap_permissions()
479 {
480 $cv = $this->parent->captured_values;
481 $ldap = new LDAP($cv['admin'],
482 $cv['password'],
483 $cv['connection'],
484 FALSE,
485 $cv['tls']);
487 /* Create dummy entry
488 */
489 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
490 $dn = "ou=".$name.",".$cv['base'];
491 $testEntry= array();
492 $testEntry['objectClass'][]= "top";
493 $testEntry['objectClass'][]= "organizationalUnit";
494 $testEntry['objectClass'][]= "gosaDepartment";
495 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
496 $testEntry['ou'] = $name;
498 /* check if simple ldap cat will be successful
499 */
500 $res = $ldap->cat($cv['base']);
501 if(!$res){
502 $this->checks['permissions']['STATUS'] = FALSE;
503 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
504 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
505 return(false);
506 }
508 /* Try to create dummy object
509 */
510 $ldap->cd ($dn);
511 $ldap->create_missing_trees($dn);
512 $res = $ldap->add($testEntry);
513 $ldap->cat($dn);
514 if(!$ldap->count()){
515 gosa_log($ldap->get_error());
516 $this->checks['permissions']['STATUS'] = FALSE;
517 $this->checks['permissions']['STATUS_MSG']= _("Failed");
518 $this->checks['permissions']['ERROR_MSG'] =
519 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
520 return(false);
521 }
523 /* Try to remove created entry
524 */
525 $res = $ldap->rmDir($dn);
526 $ldap->cat($dn);
527 if($ldap->count()){
528 gosa_log($ldap->get_error());
529 $this->checks['permissions']['STATUS'] = FALSE;
530 $this->checks['permissions']['STATUS_MSG']= _("Failed");
531 $this->checks['permissions']['ERROR_MSG'] =
532 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
533 return(false);
534 }
536 /* Create & remove of dummy object was successful */
537 $this->checks['permissions']['STATUS'] = TRUE;
538 $this->checks['permissions']['STATUS_MSG']= _("Ok");
539 $this->checks['permissions']['ERROR_MSG'] = "";
540 return(true);
541 }
544 /* Check if there are users which will
545 * be invisible for GOsa
546 */
547 function check_gosaAccounts()
548 {
549 /* Remember old list of ivisible users, to be able to set
550 * the 'html checked' status for the checkboxes again
551 */
552 $cnt_ok = 0;
553 $old = $this->users_to_migrate;
554 $this->users_to_migrate = array();
556 /* Get collected configuration settings */
557 $cv = $this->parent->captured_values;
559 /* Establish ldap connection */
560 $ldap = new LDAP($cv['admin'],
561 $cv['password'],
562 $cv['connection'],
563 FALSE,
564 $cv['tls']);
566 /* Get all invisible users
567 */
568 $ldap->cd($cv['base']);
569 $res =$ldap->search("(&(|(objectClass=posixAccount)(&(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))(!(objectClass=gosaAccount))(uid=*))",array("sn","givenName","cn","uid"));
570 while($attrs = $ldap->fetch()){
571 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
572 $attrs['checked'] = FALSE;
573 $attrs['before'] = "";
574 $attrs['after'] = "";
576 /* Set objects to selected, that were selected before reload */
577 if(isset($old[base64_encode($attrs['dn'])])){
578 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
579 }
580 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
581 }
582 }
584 /* No invisible */
585 if(!$res){
586 $this->checks['users_visible']['STATUS'] = FALSE;
587 $this->checks['users_visible']['STATUS_MSG']= _("LDAP query failed");
588 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
589 }elseif(count($this->users_to_migrate) == 0){
590 $this->checks['users_visible']['STATUS'] = TRUE;
591 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
592 $this->checks['users_visible']['ERROR_MSG'] = "";
593 }else{
594 $this->checks['users_visible']['STATUS'] = FALSE;
595 $this->checks['users_visible']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
596 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s user(s) that will not be visible in GOsa."),
597 count($this->users_to_migrate));
598 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."...'>";
599 }
600 }
603 /* Start user account migration
604 */
605 function migrate_gosaAccounts($only_ldif = FALSE)
606 {
607 $this->show_details= $only_ldif;
609 /* Get collected configuration settings */
610 $cv = $this->parent->captured_values;
612 /* Establish ldap connection */
613 $ldap = new LDAP($cv['admin'],
614 $cv['password'],
615 $cv['connection'],
616 FALSE,
617 $cv['tls']);
619 /* Add gosaAccount objectClass to the selected users
620 */
621 foreach($this->users_to_migrate as $key => $dep){
622 if($dep['checked']){
624 /* Get old objectClasses */
625 $ldap->cat($dep['dn'],array("objectClass"));
626 $attrs = $ldap->fetch();
628 /* Create new objectClass array */
629 $new_attrs = array();
630 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
631 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
632 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
633 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
634 }
635 }
637 /* Set info attributes for current object,
638 * or write changes to the ldap database
639 */
640 if($only_ldif){
641 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
642 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
643 }else{
644 $ldap->cd($attrs['dn']);
645 if(!$ldap->modify($new_attrs)){
646 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
647 return(false);
648 }
649 }
650 }
651 }
652 return(TRUE);
653 }
656 /* Check if there are invisible organizational Units
657 */
658 function check_organizationalUnits()
659 {
660 $cnt_ok = 0;
661 $old = $this->deps_to_migrate;
662 $this->deps_to_migrate = array();
664 /* Get collected configuration settings */
665 $cv = $this->parent->captured_values;
667 /* Establish ldap connection */
668 $ldap = new LDAP($cv['admin'],
669 $cv['password'],
670 $cv['connection'],
671 FALSE,
672 $cv['tls']);
674 /* Skip GOsa internal departments */
675 $skip_dns = array("/".$cv['peopleou']."/","/".$cv['groupou']."/","/^ou=people,/",
676 "/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
677 "/(,|)ou=apps,/","/(,|)ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
678 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
679 "/(,|)ou=winstations,/");
681 /* Get all invisible departments */
682 $ldap->cd($cv['base']);
683 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
684 while($attrs = $ldap->fetch()){
685 $attrs['checked'] = FALSE;
686 $attrs['before'] = "";
687 $attrs['after'] = "";
689 /* Set objects to selected, that were selected before reload */
690 if(isset($old[base64_encode($attrs['dn'])])){
691 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
692 }
693 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
694 }
696 /* Filter returned list of departments and ensure that
697 * GOsa internal departments will not be listed
698 */
699 foreach($this->deps_to_migrate as $key => $attrs){
700 $dn = $attrs['dn'];
701 $skip = false;
702 foreach($skip_dns as $skip_dn){
703 if(preg_match($skip_dn,$dn)){
704 $skip = true;
705 }
706 }
707 if($skip){
708 unset($this->deps_to_migrate[$key]);
709 }
710 }
712 /* If we have no invisible departments found
713 * tell the user that everything is ok
714 */
715 if(!$res){
716 $this->checks['deps_visible']['STATUS'] = FALSE;
717 $this->checks['deps_visible']['STATUS_MSG']= _("LDAP query failed");
718 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
719 }elseif(count($this->deps_to_migrate) == 0 ){
720 $this->checks['deps_visible']['STATUS'] = TRUE;
721 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
722 $this->checks['deps_visible']['ERROR_MSG'] = "";
723 }else{
724 $this->checks['deps_visible']['STATUS'] = TRUE;
725 $this->checks['deps_visible']['STATUS_MSG']= '<font style="color:#FFA500">'._("Warning").'</font>';
726 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s department(s) that will not be visible in GOsa."),count($this->deps_to_migrate));
727 $this->checks['deps_visible']['ERROR_MSG'] .= " <input type='submit' name='deps_visible_migrate' value='"._("Migrate")."...'>";
728 }
729 }
733 /* Start deparmtment migration */
734 function migrate_organizationalUnits($only_ldif = FALSE)
735 {
736 $this->show_details= $only_ldif;
738 /* Get collected configuration settings */
739 $cv = $this->parent->captured_values;
741 /* Establish ldap connection */
742 $ldap = new LDAP($cv['admin'],
743 $cv['password'],
744 $cv['connection'],
745 FALSE,
746 $cv['tls']);
748 /* Add gosaDepartment objectClass to each selected entry
749 */
750 foreach($this->deps_to_migrate as $key => $dep){
751 if($dep['checked']){
753 /* Get current objectClasses */
754 $ldap->cat($dep['dn'],array("objectClass","description"));
755 $attrs = $ldap->fetch();
757 /* Create new objectClass attribute including gosaDepartment*/
758 $new_attrs = array();
759 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
760 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
761 }
762 $new_attrs['objectClass'][] = "gosaDepartment";
764 /* Append description it is missing */
765 if(!isset($attrs['description'])){
766 $new_attrs['description'][] = "GOsa department";
767 }
769 /* Depending on the parameter >only_diff< we save the changes as ldif
770 * or we write our changes directly to the ldap database
771 */
772 if($only_ldif){
773 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
774 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
775 }else{
776 $ldap->cd($attrs['dn']);
777 if(!$ldap->modify($new_attrs)){
778 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
779 return(false);
780 }
781 }
782 }
783 }
784 return(TRUE);
785 }
788 /* Check Acls if there is at least one object with acls defined
789 */
790 function check_administrativeAccount()
791 {
792 /* Establish ldap connection */
793 $cv = $this->parent->captured_values;
794 $ldap = new LDAP($cv['admin'],
795 $cv['password'],
796 $cv['connection'],
797 FALSE,
798 $cv['tls']);
800 /* Search for groups that have complete permissions */
801 $ldap->cd($cv['base']);
802 $res = $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
804 /* If ldap search failed, set error message */
805 if(!$res){
806 $this->checks['acls']['STATUS'] = FALSE;
807 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
808 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
809 }else{
811 /* */
812 $found = FALSE;
813 $debug = "";
814 $admin_groups = array();
816 /* Get all returned groups */
817 while($attrs = $ldap->fetch()){
818 $admin_groups[]= $attrs;
819 }
821 /* Walk through groups and check if memberUid exists in ldap database */
822 foreach($admin_groups as $group){
824 $debug .= "<b>".$group['cn'][0].":</b><br>";
826 $count_member = $group['memberUid']['count'];
828 /* Check every single group member */
829 for($i = 0 ; $i < $count_member ; $i++){
830 $debug .= $group['memberUid'][$i];
832 /* Check if user exists */
833 $ldap->search("(&(objectClass=gosaAccount)(uid=".$group['memberUid'][$i]."))",array("dn"));
834 $cnt= $ldap->count();
836 /* Update found-status if there is a member available */
837 if($cnt == 1){
838 $debug .= " <i>->Found</i><br>";
839 $found = TRUE;
840 }elseif($cnt == 0 ){
841 $debug .= " <font color='red'>-> NOT Found</font><br>";
842 }else{
843 $debug .= " <font color='red'>-> Found more than once -.- </font><br>";
844 }
845 }
847 }
848 # For debugging
849 # echo $debug."<br>----------------<br>";
851 if($found){
852 $this->checks['acls']['STATUS'] = TRUE;
853 $this->checks['acls']['STATUS_MSG']= _("Ok");
854 $this->checks['acls']['ERROR_MSG'] = "";
855 }else{
856 $this->checks['acls']['STATUS'] = FALSE;
857 $this->checks['acls']['STATUS_MSG']= _("Failed");
858 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
859 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
860 }
861 }
862 return($ldap->count()>=1);
863 }
867 function create_admin($only_ldif = FALSE)
868 {
869 /* Reset '' */
870 $this->acl_create_changes="";
872 /* Object that should receive admin acls */
873 $dn = $this->acl_create_selected;
875 /* Get collected configuration settings */
876 $cv = $this->parent->captured_values;
878 /* Establish ldap connection */
879 $ldap = new LDAP($cv['admin'],
880 $cv['password'],
881 $cv['connection'],
882 FALSE,
883 $cv['tls']);
885 $ldap->cd($cv['base']);
886 $ldap->cat($dn,array("objectClass","cn","uid"));
887 $object_attrs = $ldap->fetch();
888 $type = "none";
890 /* Check object that should receive admin acls */
891 if(in_array("gosaAccount",$object_attrs['objectClass'])){
892 $type = "user";
893 }elseif(in_array("posixGroup",$object_attrs['objectClass'])){
894 $type = "group";
895 }
897 /* If a user should get administrative acls, we
898 * should check if there is an administrational group
899 * and just assign the user to it.
900 * If there is no such group, we must create one.
901 */
902 if($type == "user"){
904 $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid"));
905 if($ldap->count()){
906 $fetched_attrs = $ldap->fetch();
907 $attrs_admin_group = $this->cleanup_array($fetched_attrs);
908 $attrs_admin_group_new = $attrs_admin_group;
910 if(!isset($attrs_admin_group_new['memberUid'])){
911 $attrs_admin_group_new['memberUid'] = array();
912 }
913 if(!in_array($object_attrs['uid'][0],$attrs_admin_group_new['memberUid'])){
914 $attrs_admin_group_new['memberUid'][] = $object_attrs['uid'][0];
915 }
917 if($only_ldif){
918 $this->acl_create_changes = _("Appending user to group administrational group:")." \n";
919 $this->acl_create_changes.= "\n"._("Before").":\n";
920 $this->acl_create_changes.= $fetched_attrs['dn']."\n";
921 $this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group)."\n";
922 $this->acl_create_changes.= "\n"._("After").":\n";
923 $this->acl_create_changes.= $fetched_attrs['dn']."\n";
924 $this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group_new)."\n";
925 }else{
926 $ldap->cd($fetched_attrs['dn']);
927 $ldap->modify($attrs_admin_group_new);
928 if(!preg_match("/success/i",$ldap->get_error())){
929 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
930 return(FALSE);
931 }
932 }
934 }else{
936 $group_ou = trim($cv['groupou']);
937 if(!empty($group_ou)){
938 $group_ou = trim($group_ou).",";
939 }
941 $new_group_dn = "cn=GOsa Administrators,".$group_ou.$cv['base'];
942 $new_group_attrs['objectClass'] = array("gosaObject","posixGroup");
943 $new_group_attrs['cn'] = "GOsa Administrators";
944 $new_group_attrs['gosaSubtreeACL'] = ":all";
945 $new_group_attrs['gidNumber'] = "999";
946 $new_group_attrs['memberUid'] = array($object_attrs['uid'][0]);
948 if($only_ldif){
949 $this->acl_create_changes = _("Creating new administrational group:")." \n\n";
950 $this->acl_create_changes.= $new_group_dn."\n";
951 $this->acl_create_changes.= $this->array_to_ldif($new_group_attrs);
952 }else{
953 $ldap->cd($cv['base']);
954 $ldap->create_missing_trees($group_ou.$cv['base']);
955 $ldap->cd($new_group_dn);
956 $res = $ldap->add($new_group_attrs);
957 if(!$res){
958 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
959 return(FALSE);
960 }
961 }
962 }
963 }
964 return(TRUE);
965 }
968 function create_admin_user()
969 {
970 $pw1 = $pw2 = "";
971 $uid = "";
973 if(isset($_POST['new_user_uid'])){
974 $uid = $_POST['new_user_uid'];
975 }
977 if(isset($_POST['new_user_password'])){
978 $pw1 = $_POST['new_user_password'];
979 }
980 if(isset($_POST['new_user_password2'])){
981 $pw2 = $_POST['new_user_password2'];
982 }
984 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
985 print_red(_("Specified passwords are empty or not equal."));
986 return false;
987 }
989 if(!is_uid($uid) || empty($uid)){
990 print_red(_("Please specify a valid uid."));
991 return false;
992 }
994 /* Establish ldap connection */
995 $cv = $this->parent->captured_values;
996 $ldap = new LDAP($cv['admin'],
997 $cv['password'],
998 $cv['connection'],
999 FALSE,
1000 $cv['tls']);
1002 /* Get current base attributes */
1003 $ldap->cd($cv['base']);
1005 $people_ou = trim($cv['peopleou']);
1006 if(!empty($people_ou)){
1007 $people_ou = trim($people_ou).",";
1008 }
1010 if($cv['peopledn'] == "cn"){
1011 $dn = "cn=System Administrator,".$people_ou.$cv['base'];
1012 }else{
1013 $dn = "uid=".$uid.",".$people_ou.$cv['base'];
1014 }
1016 $methods = @passwordMethod::get_available_methods_if_not_loaded();
1017 $p_m = $methods[$cv['encryption']];
1018 $p_c = new $p_m(array());
1019 $hash = $p_c->generate_hash($pw2);
1021 $new_user=array();
1022 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
1023 $new_user['givenName'] = "System";
1024 $new_user['sn'] = "Administrator";
1025 $new_user['cn'] = "System Administrator";
1026 $new_user['uid'] = $uid;
1027 $new_user['userPassword'] = $hash;
1029 $ldap->cd($cv['base']);
1030 $ldap->cat($dn,array("dn"));
1031 if($ldap->count()){
1032 print_red(sprintf(_("Could not add administrative user, there is already an object with the same dn '%s' in your ldap database."),
1033 $dn));
1034 return(FALSE);
1035 }
1037 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
1038 $ldap->cd($dn);
1039 $res = $ldap->add($new_user);
1040 $this->acl_create_selected = $dn;
1041 $this->create_admin();
1043 if(!$res){
1044 print_red($ldap->get_error());
1045 return(FALSE);
1046 }
1048 $this->acl_create_dialog=FALSE;
1049 $this->check_administrativeAccount();
1050 return(TRUE);
1051 }
1054 function migrate_outside_winstations($perform = FALSE)
1055 {
1056 /* Establish ldap connection */
1057 $cv = $this->parent->captured_values;
1058 $ldap = new LDAP($cv['admin'],
1059 $cv['password'],
1060 $cv['connection'],
1061 FALSE,
1062 $cv['tls']);
1064 $ldap->cd($cv['base']);
1066 /* Check if there was a destination department posted */
1067 if(isset($_POST['move_winstation_to'])){
1068 $destination_dep = $_POST['move_winstation_to'];
1069 }else{
1070 print_red(_("Couldn't move users to specified department."));
1071 return(false);
1072 }
1074 foreach($this->outside_winstations as $b_dn => $data){
1075 $this->outside_winstations[$b_dn]['ldif'] ="";
1076 if($data['selected']){
1077 $dn = base64_decode($b_dn);
1078 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1079 if(!$perform){
1080 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1083 /* Check if there are references to this object */
1084 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1085 $refs = "";
1086 while($attrs = $ldap->fetch()){
1087 $ref_dn = $attrs['dn'];
1088 $refs .= "<br />\t".$ref_dn;
1089 }
1090 if(!empty($refs)){
1091 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1092 }
1094 }else{
1095 $this->move($dn,$d_dn);
1096 }
1097 }
1098 }
1099 }
1102 function migrate_outside_groups($perform = FALSE)
1103 {
1104 /* Establish ldap connection */
1105 $cv = $this->parent->captured_values;
1106 $ldap = new LDAP($cv['admin'],
1107 $cv['password'],
1108 $cv['connection'],
1109 FALSE,
1110 $cv['tls']);
1112 $ldap->cd($cv['base']);
1114 /* Check if there was a destination department posted */
1115 if(isset($_POST['move_group_to'])){
1116 $destination_dep = $_POST['move_group_to'];
1117 }else{
1118 print_red(_("Couldn't move users to specified department."));
1119 return(false);
1120 }
1122 foreach($this->outside_groups as $b_dn => $data){
1123 $this->outside_groups[$b_dn]['ldif'] ="";
1124 if($data['selected']){
1125 $dn = base64_decode($b_dn);
1126 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1127 if(!$perform){
1128 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1131 /* Check if there are references to this object */
1132 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1133 $refs = "";
1134 while($attrs = $ldap->fetch()){
1135 $ref_dn = $attrs['dn'];
1136 $refs .= "<br />\t".$ref_dn;
1137 }
1138 if(!empty($refs)){
1139 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1140 }
1142 }else{
1143 $this->move($dn,$d_dn);
1144 }
1145 }
1146 }
1147 }
1150 function migrate_outside_users($perform = FALSE)
1151 {
1152 /* Establish ldap connection */
1153 $cv = $this->parent->captured_values;
1154 $ldap = new LDAP($cv['admin'],
1155 $cv['password'],
1156 $cv['connection'],
1157 FALSE,
1158 $cv['tls']);
1160 $ldap->cd($cv['base']);
1162 /* Check if there was a destination department posted */
1163 if(isset($_POST['move_user_to'])){
1164 $destination_dep = $_POST['move_user_to'];
1165 }else{
1166 print_red(_("Couldn't move users to specified department."));
1167 return(false);
1168 }
1170 foreach($this->outside_users as $b_dn => $data){
1171 $this->outside_users[$b_dn]['ldif'] ="";
1172 if($data['selected']){
1173 $dn = base64_decode($b_dn);
1174 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1175 if(!$perform){
1176 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1178 /* Check if there are references to this object */
1179 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1180 $refs = "";
1181 while($attrs = $ldap->fetch()){
1182 $ref_dn = $attrs['dn'];
1183 $refs .= "<br />\t".$ref_dn;
1184 }
1185 if(!empty($refs)){
1186 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("The following references will be updated").":</i>".$refs;
1187 }
1189 }else{
1190 $this->move($dn,$d_dn);
1191 }
1192 }
1193 }
1194 }
1197 function execute()
1198 {
1199 /* Initialise checks if this is the first call */
1200 if(!$this->checks_initialised || isset($_POST['reload'])){
1201 $this->initialize_checks();
1202 $this->checks_initialised = TRUE;
1203 }
1205 /*************
1206 * Winstations outside the group ou
1207 *************/
1209 if(isset($_POST['outside_winstations_dialog_cancel'])){
1210 $this->outside_winstations_dialog = FALSE;
1211 $this->dialog = FALSE;
1212 $this->show_details = FALSE;
1213 }
1215 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1216 $this->migrate_outside_winstations(FALSE);
1217 }
1219 if(isset($_POST['outside_winstations_dialog_perform'])){
1220 $this->migrate_outside_winstations(TRUE);
1221 $this->search_outside_winstations();
1222 $this->dialog = FALSE;
1223 $this->show_details = FALSE;
1224 $this->outside_winstations_dialog = FALSE;
1225 }
1227 if(isset($_POST['outside_winstations_dialog'])){
1228 $this->outside_winstations_dialog = TRUE;
1229 $this->dialog = TRUE;
1230 }
1232 if($this->outside_winstations_dialog){
1233 $smarty = get_smarty();
1234 $smarty->assign("ous",$this->get_all_winstation_ous());
1235 $smarty->assign("method","outside_winstations");
1236 $smarty->assign("outside_winstations",$this->outside_winstations);
1237 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1238 }
1239 /*************
1240 * Groups outside the group ou
1241 *************/
1243 if(isset($_POST['outside_groups_dialog_cancel'])){
1244 $this->outside_groups_dialog = FALSE;
1245 $this->show_details = FALSE;
1246 $this->dialog = FALSE;
1247 }
1249 if(isset($_POST['outside_groups_dialog_whats_done'])){
1250 $this->show_details= TRUE;
1251 $this->migrate_outside_groups(FALSE);
1252 }
1254 if(isset($_POST['outside_groups_dialog_refresh'])){
1255 $this->show_details= FALSE;
1256 }
1258 if(isset($_POST['outside_groups_dialog_perform'])){
1259 $this->migrate_outside_groups(TRUE);
1260 $this->dialog = FALSE;
1261 $this->show_details = FALSE;
1262 $this->outside_groups_dialog = FALSE;
1263 $this->initialize_checks();
1264 }
1266 if(isset($_POST['outside_groups_dialog'])){
1267 $this->outside_groups_dialog = TRUE;
1268 $this->dialog = TRUE;
1269 }
1271 if($this->outside_groups_dialog){
1272 $smarty = get_smarty();
1273 $smarty->assign("ous",$this->get_all_group_ous());
1274 $smarty->assign("method","outside_groups");
1275 $smarty->assign("outside_groups",$this->outside_groups);
1276 $smarty->assign("group_details", $this->show_details);
1277 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1278 }
1280 /*************
1281 * User outside the people ou
1282 *************/
1284 if(isset($_POST['outside_users_dialog_cancel'])){
1285 $this->outside_users_dialog = FALSE;
1286 $this->dialog = FALSE;
1287 $this->show_details = FALSE;
1288 }
1290 if(isset($_POST['outside_users_dialog_whats_done'])){
1291 $this->show_details= TRUE;
1292 $this->migrate_outside_users(FALSE);
1293 }
1295 if(isset($_POST['outside_users_dialog_perform'])){
1296 $this->migrate_outside_users(TRUE);
1297 $this->initialize_checks();
1298 $this->dialog = FALSE;
1299 $this->show_details = FALSE;
1300 $this->outside_users_dialog = FALSE;
1301 }
1303 if (isset($_POST['outside_users_dialog_refresh'])){
1304 $this->show_details= FALSE;
1305 }
1307 if(isset($_POST['outside_users_dialog'])){
1308 $this->outside_users_dialog = TRUE;
1309 $this->dialog = TRUE;
1310 }
1312 if($this->outside_users_dialog){
1313 $smarty = get_smarty();
1314 $smarty->assign("ous",$this->get_all_people_ous());
1315 $smarty->assign("method","outside_users");
1316 $smarty->assign("outside_users",$this->outside_users);
1317 $smarty->assign("user_details", $this->show_details);
1318 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1319 }
1321 /*************
1322 * Root object check
1323 *************/
1325 if(isset($_POST['retry_root_create'])){
1327 $state = $this->checks['root']['STATUS'];
1328 $this->checkBase(FALSE);
1329 if($state != $this->checks['root']['STATUS']){
1330 $this->initialize_checks();
1331 }
1332 }
1334 /*************
1335 * User Migration handling
1336 *************/
1338 if(isset($_POST['retry_acls'])){
1339 $this->check_administrativeAccount();
1340 }
1342 if(isset($_POST['create_acls'])){
1343 $this->acl_create_dialog = TRUE;
1344 $this->dialog = TRUE;
1345 }
1347 if(isset($_POST['create_acls_cancel'])){
1348 $this->acl_create_dialog = FALSE;
1349 $this->dialog = FALSE;
1350 $this->show_details = FALSE;
1351 }
1353 # if(isset($_POST['create_acls_create_confirmed'])){
1354 # if($this->create_admin()){
1355 # $this->acl_create_dialog = FALSE;
1356 # $this->dialog = FALSE;
1357 # $this->show_details = FALSE;
1358 # $this->initialize_checks();
1359 # }
1360 # }
1362 if(isset($_POST['create_acls_create'])){
1363 $this->create_admin(TRUE);
1364 }
1366 if(isset($_POST['create_admin_user'])){
1367 if($this->create_admin_user()){
1368 $this->dialog = FALSE;
1369 $this->show_details = FALSE;
1370 }
1371 }
1373 if($this->acl_create_dialog){
1374 $smarty = get_smarty();
1376 $uid = "admin";
1377 if(isset($_POST['new_user_uid'])){
1378 $uid = $_POST['new_user_uid'];
1379 }
1381 $smarty->assign("new_user_uid",$uid);
1382 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1383 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1384 $smarty->assign("method","create_acls");
1385 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1386 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1387 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1388 }
1390 /*************
1391 * User Migration handling
1392 *************/
1394 /* Refresh list of deparments */
1395 if(isset($_POST['users_visible_migrate_refresh'])){
1396 $this->check_gosaAccounts();
1397 }
1399 /* Open migration dialog */
1400 if(isset($_POST['users_visible_migrate'])){
1401 $this->show_details= FALSE;
1402 $this->users_migration_dialog = TRUE;
1403 $this->dialog =TRUE;
1404 }
1406 /* Close migration dialog */
1407 if(isset($_POST['users_visible_migrate_close'])){
1408 $this->users_migration_dialog = FALSE;
1409 $this->dialog =FALSE;
1410 $this->show_details = FALSE;
1411 }
1413 /* Start migration */
1414 if(isset($_POST['users_visible_migrate_migrate'])){
1415 if($this->migrate_gosaAccounts()){
1416 $this->initialize_checks();
1417 $this->dialog = FALSE;
1418 $this->show_details = FALSE;
1419 $this->users_migration_dialog = FALSE;
1420 }
1421 }
1423 /* Start migration */
1424 if(isset($_POST['users_visible_migrate_whatsdone'])){
1425 $this->migrate_gosaAccounts(TRUE);
1426 }
1428 /* Display migration dialog */
1429 if($this->users_migration_dialog){
1430 $smarty = get_smarty();
1431 $smarty->assign("users_to_migrate",$this->users_to_migrate);
1432 $smarty->assign("method","migrate_users");
1433 $smarty->assign("user_details", $this->show_details);
1434 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1435 }
1438 /*************
1439 * Department Migration handling
1440 *************/
1442 /* Refresh list of deparments */
1443 if(isset($_POST['deps_visible_migrate_refresh'])){
1444 $this->check_organizationalUnits();
1445 $this->show_details= FALSE;
1446 }
1448 /* Open migration dialog */
1449 if(isset($_POST['deps_visible_migrate'])){
1450 $this->dep_migration_dialog = TRUE;
1451 $this->dialog =TRUE;
1452 }
1454 /* Close migration dialog */
1455 if(isset($_POST['deps_visible_migrate_close'])){
1456 $this->dep_migration_dialog = FALSE;
1457 $this->dialog =FALSE;
1458 $this->show_details = FALSE;
1459 }
1461 /* Start migration */
1462 if(isset($_POST['deps_visible_migrate_migrate'])){
1463 if($this->migrate_organizationalUnits()){
1464 $this->show_details= FALSE;
1465 $this->check_organizationalUnits();
1466 $this->dialog = FALSE;
1467 $this->dep_migration_dialog = FALSE;
1468 }
1469 }
1471 /* Start migration */
1472 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1473 $this->migrate_organizationalUnits(TRUE);
1474 }
1476 /* Display migration dialog */
1477 if($this->dep_migration_dialog){
1478 $smarty = get_smarty();
1479 $smarty->assign("deps_to_migrate",$this->deps_to_migrate);
1480 $smarty->assign("method","migrate_deps");
1481 $smarty->assign("deps_details", $this->show_details);
1482 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1483 }
1485 $smarty = get_smarty();
1486 $smarty->assign("checks",$this->checks);
1487 $smarty->assign("method","default");
1488 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1489 }
1492 function save_object()
1493 {
1494 $this->is_completed= TRUE;
1496 /* Capture all selected winstations from outside_winstations_dialog */
1497 if($this->outside_winstations_dialog){
1498 foreach($this->outside_winstations as $dn => $data){
1499 if(isset($_POST['select_winstation_'.$dn])){
1500 $this->outside_winstations[$dn]['selected'] = TRUE;
1501 }else{
1502 $this->outside_winstations[$dn]['selected'] = FALSE;
1503 }
1504 }
1505 }
1507 /* Capture all selected groups from outside_groups_dialog */
1508 if($this->outside_groups_dialog){
1509 foreach($this->outside_groups as $dn => $data){
1510 if(isset($_POST['select_group_'.$dn])){
1511 $this->outside_groups[$dn]['selected'] = TRUE;
1512 }else{
1513 $this->outside_groups[$dn]['selected'] = FALSE;
1514 }
1515 }
1516 }
1518 /* Capture all selected users from outside_users_dialog */
1519 if($this->outside_users_dialog){
1520 foreach($this->outside_users as $dn => $data){
1521 if(isset($_POST['select_user_'.$dn])){
1522 $this->outside_users[$dn]['selected'] = TRUE;
1523 }else{
1524 $this->outside_users[$dn]['selected'] = FALSE;
1525 }
1526 }
1527 }
1529 /* Get "create acl" dialog posts */
1530 if($this->acl_create_dialog){
1532 if(isset($_POST['create_acls_create_abort'])){
1533 $this->acl_create_selected = "";
1534 }
1535 }
1537 /* Get selected departments */
1538 if($this->dep_migration_dialog){
1539 foreach($this->deps_to_migrate as $id => $data){
1540 if(isset($_POST['migrate_'.$id])){
1541 $this->deps_to_migrate[$id]['checked'] = TRUE;
1542 }else{
1543 $this->deps_to_migrate[$id]['checked'] = FALSE;
1544 }
1545 }
1546 }
1548 /* Get selected users */
1549 if($this->users_migration_dialog){
1550 foreach($this->users_to_migrate as $id => $data){
1551 if(isset($_POST['migrate_'.$id])){
1552 $this->users_to_migrate[$id]['checked'] = TRUE;
1553 }else{
1554 $this->users_to_migrate[$id]['checked'] = FALSE;
1555 }
1556 }
1557 }
1558 }
1561 /* Check if the root object exists.
1562 * If the parameter just_check is true, then just check if the
1563 * root object is missing and update the info messages.
1564 * If the Parameter is false, try to create a new root object.
1565 */
1566 function checkBase($just_check = TRUE)
1567 {
1568 /* Get collected setup informations */
1569 $cv = $this->parent->captured_values;
1571 /* Establish ldap connection */
1572 $ldap = new LDAP($cv['admin'],
1573 $cv['password'],
1574 $cv['connection'],
1575 FALSE,
1576 $cv['tls']);
1578 /* Check if root object exists */
1579 $ldap->cd($cv['base']);
1580 $res = $ldap->search("(objectClass=*)");
1581 $err = ldap_errno($ldap->cid);
1583 if( !$res ||
1584 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1585 $err == 0x40) { # LDAP_NAMING_VIOLATION
1587 /* Root object doesn't exists
1588 */
1589 if($just_check){
1590 $this->checks['root']['STATUS'] = FALSE;
1591 $this->checks['root']['STATUS_MSG']= _("Failed");
1592 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
1593 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1594 return(FALSE);
1595 }else{
1597 /* Add root object */
1598 $ldap->cd($cv['base']);
1599 $res = $ldap->create_missing_trees($cv['base']);
1601 /* If adding failed, tell the user */
1602 if(!$res){
1603 $this->checks['root']['STATUS'] = FALSE;
1604 $this->checks['root']['STATUS_MSG']= _("Failed");
1605 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
1606 $this->checks['root']['ERROR_MSG'].= " <input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1607 return($res);;
1608 }
1609 }
1610 }
1612 /* Create & remove of dummy object was successful */
1613 $this->checks['root']['STATUS'] = TRUE;
1614 $this->checks['root']['STATUS_MSG']= _("Ok");
1615 }
1618 /* Return ldif information for a
1619 * given attribute array
1620 */
1621 function array_to_ldif($atts)
1622 {
1623 $ret = "";
1624 unset($atts['count']);
1625 unset($atts['dn']);
1626 foreach($atts as $name => $value){
1627 if(is_numeric($name)) {
1628 continue;
1629 }
1630 if(is_array($value)){
1631 unset($value['count']);
1632 foreach($value as $a_val){
1633 $ret .= $name.": ". $a_val."\n";
1634 }
1635 }else{
1636 $ret .= $name.": ". $value."\n";
1637 }
1638 }
1639 return(preg_replace("/\n$/","",$ret));
1640 }
1643 function get_user_list()
1644 {
1645 /* Get collected configuration settings */
1646 $cv = $this->parent->captured_values;
1648 /* Establish ldap connection */
1649 $ldap = new LDAP($cv['admin'],
1650 $cv['password'],
1651 $cv['connection'],
1652 FALSE,
1653 $cv['tls']);
1655 $ldap->cd($cv['base']);
1656 $ldap->search("(objectClass=gosaAccount)",array("dn"));
1658 $tmp = array();
1659 while($attrs = $ldap->fetch()){
1660 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1661 }
1662 return($tmp);
1663 }
1666 function get_all_people_ous()
1667 {
1668 /* Get collected configuration settings */
1669 $cv = $this->parent->captured_values;
1670 $people_ou = trim($cv['peopleou']);
1672 /* Establish ldap connection */
1673 $ldap = new LDAP($cv['admin'],
1674 $cv['password'],
1675 $cv['connection'],
1676 FALSE,
1677 $cv['tls']);
1680 /*****************
1681 * If people ou is NOT empty
1682 * search for for all objects matching the given container
1683 *****************/
1684 if(!empty($people_ou)){
1685 $ldap->search("(".$people_ou.")",array("dn"));
1687 /* Create people ou if there is currently none */
1688 if($ldap->count() == 0 ){
1689 $add_dn = $cv['peopleou'].",".$cv['base'];
1690 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1691 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1692 $add = array();
1693 $add['objectClass'] = array("organizationalUnit");
1694 $add[$naming_attr] = $naming_value;
1695 $ldap->cd($cv['base']);
1696 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1697 $ldap->cd($add_dn);
1698 $ldap->add($add);
1699 }
1701 /* Create result */
1702 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1703 $tmp = array();
1704 while($attrs= $ldap->fetch()){
1705 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1706 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1707 }
1708 }
1709 } else{
1711 /************
1712 * If people ou is empty
1713 * Get all valid gosaDepartments
1714 ************/
1715 $ldap->cd($cv['base']);
1716 $tmp = array();
1717 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
1718 $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
1719 while($attrs = $ldap->fetch()){
1720 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
1721 }
1722 }
1723 return($tmp);
1724 }
1727 function get_all_winstation_ous()
1728 {
1729 /* Get collected configuration settings */
1730 $cv = $this->parent->captured_values;
1732 /* Establish ldap connection */
1733 $ldap = new LDAP($cv['admin'],
1734 $cv['password'],
1735 $cv['connection'],
1736 FALSE,
1737 $cv['tls']);
1739 /* Get winstation ou */
1740 if($cv['generic_settings']['wws_ou_active']) {
1741 $winstation_ou = $cv['generic_settings']['ws_ou'];
1742 }else{
1743 $winstation_ou = "ou=winstations";
1744 }
1746 $ldap->cd($cv['base']);
1747 $ldap->search("(".$winstation_ou.")",array("dn"));
1749 if($ldap->count() == 0 ){
1750 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
1751 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1752 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1753 $add = array();
1754 $add['objectClass'] = array("organizationalUnit");
1755 $add[$naming_attr] = $naming_value;
1757 $ldap->cd($cv['base']);
1758 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1759 $ldap->cd($add_dn);
1760 $ldap->add($add);
1761 }
1763 $ldap->search("(".$winstation_ou.")",array("dn"));
1764 $tmp = array();
1765 while($attrs= $ldap->fetch()){
1766 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1767 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1768 }
1769 }
1770 return($tmp);
1771 }
1774 function get_all_group_ous()
1775 {
1776 /* Get collected configuration settings */
1777 $cv = $this->parent->captured_values;
1779 /* Establish ldap connection */
1780 $ldap = new LDAP($cv['admin'],
1781 $cv['password'],
1782 $cv['connection'],
1783 FALSE,
1784 $cv['tls']);
1786 $group_ou = trim($cv['groupou']);
1787 if(!empty($group_ou)){
1788 $group_ou = trim($group_ou);
1789 }
1791 /************
1792 * If group ou is NOT empty
1793 * Get all valid group ous, create one if necessary
1794 ************/
1795 $ldap->cd($cv['base']);
1796 if(!empty($group_ou)){
1797 $ldap->search("(".$group_ou.")",array("dn"));
1798 if($ldap->count() == 0 ){
1799 $add_dn = $group_ou.$cv['base'];
1800 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1801 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1802 $add = array();
1803 $add['objectClass'] = array("organizationalUnit");
1804 $add[$naming_attr] = $naming_value;
1806 $ldap->cd($cv['base']);
1807 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1808 $ldap->cd($add_dn);
1809 $ldap->add($add);
1810 }
1811 $ldap->search("(".$group_ou.")",array("dn"));
1812 $tmp = array();
1813 while($attrs= $ldap->fetch()){
1814 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1815 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1816 }
1817 }
1818 }else{
1819 /************
1820 * If group ou is empty
1821 * Get all valid gosaDepartments
1822 ************/
1823 $ldap->cd($cv['base']);
1824 $tmp = array();
1825 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
1826 $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
1827 while($attrs = $ldap->fetch()){
1828 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
1829 }
1830 }
1831 return($tmp);
1832 }
1835 function get_group_list()
1836 {
1837 /* Get collected configuration settings */
1838 $cv = $this->parent->captured_values;
1840 /* Establish ldap connection */
1841 $ldap = new LDAP($cv['admin'],
1842 $cv['password'],
1843 $cv['connection'],
1844 FALSE,
1845 $cv['tls']);
1847 $ldap->cd($cv['base']);
1848 $ldap->search("(objectClass=posixGroup)",array("dn"));
1850 $tmp = array();
1851 while($attrs = $ldap->fetch()){
1852 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1853 }
1854 return($tmp);
1855 }
1858 function move($source,$destination)
1859 {
1860 /* Get collected configuration settings */
1861 $cv = $this->parent->captured_values;
1863 /* Establish ldap connection */
1864 $ldap = new LDAP($cv['admin'],
1865 $cv['password'],
1866 $cv['connection'],
1867 FALSE,
1868 $cv['tls']);
1870 /* Update object references in gosaGroupOfNames */
1871 $ogs_to_fix = array();
1872 $ldap->cd($cv['base']);
1873 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($source).'))', array('cn','member'));
1874 while ($attrs= $ldap->fetch()){
1875 $dn = $attrs['dn'];
1876 $attrs = $this->cleanup_array($attrs);
1877 $member_new = array($destination);
1878 foreach($attrs['member'] as $member){
1879 if($member != $source){
1880 $member_new[] = $member;
1881 }
1882 }
1883 $attrs['member'] = $member_new;
1884 $ogs_to_fix[$dn] = $attrs;
1885 }
1887 /* Copy source to destination dn */
1888 $ldap->cat($source);
1889 $new_data = $this->cleanup_array($ldap->fetch());
1890 $ldap->cd($destination);
1891 $res = $ldap->add($new_data);
1893 /* Display warning if copy failed */
1894 if(!$res){
1895 print_red(_("Failed to copy '%s' to '%s'. LDAP says '%s'."),$source,$destination,$ldap->get_error());
1896 }else{
1897 $res = $ldap->rmDir($source);
1898 show_ldap_error($ldap->get_error(),_("Something went wrong while copying dns."));
1900 /* Object is copied, so update its references */
1901 foreach($ogs_to_fix as $dn => $data){
1902 $ldap->cd($dn);
1903 $ldap->modify($data);
1904 }
1905 }
1906 }
1909 /* Cleanup ldap result to be able to write it be to ldap */
1910 function cleanup_array($attrs)
1911 {
1912 foreach($attrs as $key => $value) {
1913 if(is_numeric($key) || in_array($key,array("count","dn"))){
1914 unset($attrs[$key]);
1915 }
1916 if(is_array($value) && isset($value['count'])){
1917 unset($attrs[$key]['count']);
1918 }
1919 }
1920 return($attrs);
1921 }
1922 }
1924 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1925 ?>