1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/monitoring.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
62 var $show_details = FALSE;
64 /* Department migration attributes */
65 var $users_migration_dialog= FALSE;
66 var $users_to_migrate = array();
68 /* Create Acl attributes */
69 var $acl_create_dialog = FALSE;
70 var $acl_create_type = "group";
71 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
72 var $acl_create_changes = ""; // Contains ldif information about changes
73 var $acl_create_confirmed= FALSE;
75 /* Checks initialised ? */
76 var $checks_initialised = FALSE;
78 /* Users outside to people ou */
79 var $outside_users = array();
80 var $outside_users_dialog = FALSE;
82 /* Users outside to groups ou */
83 var $outside_groups = array();
84 var $outside_groups_dialog = FALSE;
86 /* Win-Workstations outside to reserved ou */
87 var $outside_winstations = array();
88 var $outside_winstations_dialog = FALSE;
90 /* check for multiple use of same uidNumber */
91 var $check_uidNumbers = array();
92 var $check_uidNumbers_dialog = FALSE;
94 /* check for multiple use of same gidNumber */
95 var $check_gidNumbers = array();
96 var $check_gidNumbers_dialog = FALSE;
99 function Step_Migrate()
100 {
101 $this->update_strings();
102 }
104 function update_strings()
105 {
106 $this->s_title = _("LDAP inspection");
107 $this->s_title_long = _("LDAP inspection");
108 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
109 }
111 function initialize_checks()
112 {
113 $this->checks = array();
114 $this->checks['root']['TITLE'] = _("Checking for root object");
115 $this->checks['root']['STATUS'] = FALSE;
116 $this->checks['root']['STATUS_MSG']= "";
117 $this->checks['root']['ERROR_MSG'] = "";
118 $this->checkBase();
120 $this->checks['permissions']['TITLE'] = _("Checking permissions on LDAP database");
121 $this->checks['permissions']['STATUS'] = FALSE;
122 $this->checks['permissions']['STATUS_MSG']= "";
123 $this->checks['permissions']['ERROR_MSG'] = "";
124 $this->check_ldap_permissions();
126 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible deparmtments");
127 $this->checks['deps_visible']['STATUS'] = FALSE;
128 $this->checks['deps_visible']['STATUS_MSG']= "";
129 $this->checks['deps_visible']['ERROR_MSG'] = "";
130 $this->check_organizationalUnits();
132 $this->checks['users_visible']['TITLE'] = _("Checking for invisible users");
133 $this->checks['users_visible']['STATUS'] = FALSE;
134 $this->checks['users_visible']['STATUS_MSG']= "";
135 $this->checks['users_visible']['ERROR_MSG'] = "";
136 $this->check_gosaAccounts();
138 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
139 $this->checks['acls']['STATUS'] = FALSE;
140 $this->checks['acls']['STATUS_MSG']= "";
141 $this->checks['acls']['ERROR_MSG'] = "";
142 $this->check_administrativeAccount();
144 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree");
145 $this->checks['outside_users']['STATUS'] = FALSE;
146 $this->checks['outside_users']['STATUS_MSG']= "";
147 $this->checks['outside_users']['ERROR_MSG'] = "";
148 $this->search_outside_users();
150 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree");
151 $this->checks['outside_groups']['STATUS'] = FALSE;
152 $this->checks['outside_groups']['STATUS_MSG']= "";
153 $this->checks['outside_groups']['ERROR_MSG'] = "";
154 $this->search_outside_groups();
156 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation tree");
157 $this->checks['outside_winstations']['STATUS'] = FALSE;
158 $this->checks['outside_winstations']['STATUS_MSG']= "";
159 $this->checks['outside_winstations']['ERROR_MSG'] = "";
160 $this->search_outside_winstations();
162 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicate uid numbers");
163 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
164 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
165 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
166 $this->check_uidNumber();
168 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate gid numbers");
169 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
170 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
171 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
172 $this->check_gidNumber();
173 }
176 /* Check if there are uidNumbers which are used more than once.
177 */
178 function check_uidNumber()
179 {
180 $cv = $this->parent->captured_values;
181 $ldap = new LDAP($cv['admin'],
182 $cv['password'],
183 $cv['connection'],
184 FALSE,
185 $cv['tls']);
187 $ldap->cd($cv['base']);
188 $res = $ldap->search("uidNumber=*",array("dn","uidNumber"));
189 if(!$res){
190 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
191 $this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
192 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
193 return(false);
194 }
196 $this->check_uidNumbers= array();
197 $tmp = array();
198 while($attrs = $ldap->fetch()){
199 $tmp[$attrs['uidNumber'][0]][] = $attrs;
200 }
202 foreach($tmp as $id => $entries){
203 if(count($entries) > 1){
204 foreach($entries as $entry){
205 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
206 }
207 }
208 }
210 if($this->check_uidNumbers){
211 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
212 $this->checks['uidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
213 $this->checks['uidNumber_usage']['ERROR_MSG'] =
214 sprintf(_("Found %s duplicate values for attribute 'uidNumber'."),count($this->check_uidNumbers));
215 return(false);
216 }else{
217 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
218 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
219 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
220 return(TRUE);
221 }
222 }
225 /* Check if there are duplicated gidNumbers present in ldap
226 */
227 function check_gidNumber()
228 {
229 $cv = $this->parent->captured_values;
230 $ldap = new LDAP($cv['admin'],
231 $cv['password'],
232 $cv['connection'],
233 FALSE,
234 $cv['tls']);
236 $ldap->cd($cv['base']);
237 $res = $ldap->search("(&(objectClass=posixGroup)(gidNumber=*))",array("dn","gidNumber"));
238 if(!$res){
239 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
240 $this->checks['gidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
241 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
242 return(false);
243 }
245 $this->check_gidNumbers= array();
246 $tmp = array();
247 while($attrs = $ldap->fetch()){
248 $tmp[$attrs['gidNumber'][0]][] = $attrs;
249 }
251 foreach($tmp as $id => $entries){
252 if(count($entries) > 1){
253 foreach($entries as $entry){
254 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
255 }
256 }
257 }
259 if($this->check_gidNumbers){
260 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
261 $this->checks['gidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
262 $this->checks['gidNumber_usage']['ERROR_MSG'] =
263 sprintf(_("Found %s duplicate values for attribute 'gidNumber'."),count($this->check_gidNumbers));
264 return(false);
265 }else{
266 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
267 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
268 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
269 return(TRUE);
270 }
271 }
274 /* Search for winstations outside the winstation ou
275 */
276 function search_outside_winstations()
277 {
278 $cv = $this->parent->captured_values;
279 $ldap = new LDAP($cv['admin'],
280 $cv['password'],
281 $cv['connection'],
282 FALSE,
283 $cv['tls']);
285 /* Get winstation ou */
286 if($cv['generic_settings']['wws_ou_active']) {
287 $winstation_ou = $cv['generic_settings']['ws_ou'];
288 }else{
289 $winstation_ou = "ou=winstations";
290 }
292 if($cv['samba_version'] == 3){
293 $oc = "sambaSamAccount";
294 }else{
295 $oc = "sambaAccount";
296 }
298 $ldap->cd($cv['base']);
299 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
300 if(!$res){
301 $this->checks['outside_winstations']['STATUS'] = FALSE;
302 $this->checks['outside_winstations']['STATUS_MSG']= _("LDAP query failed");
303 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
304 return(false);
305 }
307 $this->outside_winstations = array();
308 while($attrs = $ldap->fetch()){
309 if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
310 $attrs['selected'] = FALSE;
311 $attrs['ldif'] = "";
312 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
313 }
314 }
316 if(count($this->outside_winstations)){
317 $this->checks['outside_winstations']['STATUS'] = FALSE;
318 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
319 $this->checks['outside_winstations']['ERROR_MSG'] =
320 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
321 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."...'>";
322 return(false);
323 }else{
324 $this->checks['outside_winstations']['STATUS'] = TRUE;
325 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
326 $this->checks['outside_winstations']['ERROR_MSG'] = "";
327 return(TRUE);
328 }
329 }
332 /* Search for groups outside the group ou
333 */
334 function search_outside_groups()
335 {
336 $cv = $this->parent->captured_values;
337 $ldap = new LDAP($cv['admin'],
338 $cv['password'],
339 $cv['connection'],
340 FALSE,
341 $cv['tls']);
343 $group_ou = $cv['groupou'];
344 $ldap->cd($cv['base']);
345 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
346 if(!$res){
347 $this->checks['outside_groups']['STATUS'] = FALSE;
348 $this->checks['outside_groups']['STATUS_MSG']= _("LDAP query failed");
349 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
350 return(false);
351 }
354 $this->outside_groups = array();
355 while($attrs = $ldap->fetch()){
356 if((!preg_match("/^[^,]+,".normalizePreg($group_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
357 $attrs['selected'] = FALSE;
358 $attrs['ldif'] = "";
359 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
360 }
361 }
363 if(count($this->outside_groups)){
364 $this->checks['outside_groups']['STATUS'] = FALSE;
365 $this->checks['outside_groups']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
366 $this->checks['outside_groups']['ERROR_MSG'] =
367 sprintf(_("Found %s groups outside the configured tree '%s'."),count($this->outside_groups),$group_ou);
368 $this->checks['outside_groups']['ERROR_MSG'].= " <input type='submit' name='outside_groups_dialog' value='"._("Move")."...'>";
369 return(false);
370 }else{
371 $this->checks['outside_groups']['STATUS'] = TRUE;
372 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
373 $this->checks['outside_groups']['ERROR_MSG'] = "";
374 return(TRUE);
375 }
376 }
379 /* Search for users outside the people ou
380 */
381 function search_outside_users()
382 {
383 $cv = $this->parent->captured_values;
384 $ldap = new LDAP($cv['admin'],
385 $cv['password'],
386 $cv['connection'],
387 FALSE,
388 $cv['tls']);
389 $people_ou = $cv['peopleou'];
390 $ldap->cd($cv['base']);
391 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
392 if(!$res){
393 $this->checks['outside_users']['STATUS'] = FALSE;
394 $this->checks['outside_users']['STATUS_MSG']= _("LDAP query failed");
395 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
396 return(false);
397 }
400 $this->outside_users = array();
401 while($attrs = $ldap->fetch()){
402 if((!preg_match("/^[^,]+,".normalizePreg($people_ou)."/",$attrs['dn']) && !preg_match("/,dc=addressbook,/",$attrs['dn']))){
403 $attrs['selected'] = FALSE;
404 $attrs['ldif'] = "";
405 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
406 }
407 }
409 if(count($this->outside_users)){
410 $this->checks['outside_users']['STATUS'] = FALSE;
411 $this->checks['outside_users']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
412 $this->checks['outside_users']['ERROR_MSG'] =
413 sprintf(_("Found %s user(s) outside the configured tree '%s'."),count($this->outside_users),$people_ou);
414 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Move")."...'>";
415 return(false);
416 }else{
417 $this->checks['outside_users']['STATUS'] = TRUE;
418 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
419 $this->checks['outside_users']['ERROR_MSG'] = "";
420 return(TRUE);
421 }
422 }
425 /* Check ldap accessibility
426 * Create and remove a dummy object,
427 * to ensure that we have the necessary permissions
428 */
429 function check_ldap_permissions()
430 {
431 $cv = $this->parent->captured_values;
432 $ldap = new LDAP($cv['admin'],
433 $cv['password'],
434 $cv['connection'],
435 FALSE,
436 $cv['tls']);
438 /* Create dummy entry
439 */
440 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
441 $dn = "ou=".$name.",".$cv['base'];
442 $testEntry= array();
443 $testEntry['objectClass'][]= "top";
444 $testEntry['objectClass'][]= "organizationalUnit";
445 $testEntry['objectClass'][]= "gosaDepartment";
446 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
447 $testEntry['ou'] = $name;
449 /* check if simple ldap cat will be successful
450 */
451 $res = $ldap->cat($cv['base']);
452 if(!$res){
453 $this->checks['permissions']['STATUS'] = FALSE;
454 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
455 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
456 return(false);
457 }
459 /* Try to create dummy object
460 */
461 $ldap->cd ($dn);
462 $ldap->create_missing_trees($dn);
463 $res = $ldap->add($testEntry);
464 $ldap->cat($dn);
465 if(!$ldap->count()){
466 gosa_log($ldap->get_error());
467 $this->checks['permissions']['STATUS'] = FALSE;
468 $this->checks['permissions']['STATUS_MSG']= _("Failed");
469 $this->checks['permissions']['ERROR_MSG'] =
470 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
471 return(false);
472 }
474 /* Try to remove created entry
475 */
476 $res = $ldap->rmDir($dn);
477 $ldap->cat($dn);
478 if($ldap->count()){
479 gosa_log($ldap->get_error());
480 $this->checks['permissions']['STATUS'] = FALSE;
481 $this->checks['permissions']['STATUS_MSG']= _("Failed");
482 $this->checks['permissions']['ERROR_MSG'] =
483 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
484 return(false);
485 }
487 /* Create & remove of dummy object was successful */
488 $this->checks['permissions']['STATUS'] = TRUE;
489 $this->checks['permissions']['STATUS_MSG']= _("Ok");
490 $this->checks['permissions']['ERROR_MSG'] = "";
491 return(true);
492 }
495 /* Check if there are users which will
496 * be invisible for GOsa
497 */
498 function check_gosaAccounts()
499 {
500 /* Remember old list of ivisible users, to be able to set
501 * the 'html checked' status for the checkboxes again
502 */
503 $cnt_ok = 0;
504 $old = $this->users_to_migrate;
505 $this->users_to_migrate = array();
507 /* Get collected configuration settings */
508 $cv = $this->parent->captured_values;
510 /* Establish ldap connection */
511 $ldap = new LDAP($cv['admin'],
512 $cv['password'],
513 $cv['connection'],
514 FALSE,
515 $cv['tls']);
517 /* Get all invisible users
518 */
519 $ldap->cd($cv['base']);
520 $res =$ldap->search("(&(|(objectClass=posixAccount)(&(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))(!(objectClass=gosaAccount))(uid=*))",array("sn","givenName","cn","uid"));
521 while($attrs = $ldap->fetch()){
522 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
523 $attrs['checked'] = FALSE;
524 $attrs['before'] = "";
525 $attrs['after'] = "";
527 /* Set objects to selected, that were selected before reload */
528 if(isset($old[base64_encode($attrs['dn'])])){
529 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
530 }
531 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
532 }
533 }
535 /* No invisible */
536 if(!$res){
537 $this->checks['users_visible']['STATUS'] = FALSE;
538 $this->checks['users_visible']['STATUS_MSG']= _("LDAP query failed");
539 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
540 }elseif(count($this->users_to_migrate) == 0){
541 $this->checks['users_visible']['STATUS'] = TRUE;
542 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
543 $this->checks['users_visible']['ERROR_MSG'] = "";
544 }else{
545 $this->checks['users_visible']['STATUS'] = FALSE;
546 $this->checks['users_visible']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
547 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s user(s) that will not be visible in GOsa."),
548 count($this->users_to_migrate));
549 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."...'>";
550 }
551 }
554 /* Start user account migration
555 */
556 function migrate_gosaAccounts($only_ldif = FALSE)
557 {
558 $this->show_details= $only_ldif;
560 /* Get collected configuration settings */
561 $cv = $this->parent->captured_values;
563 /* Establish ldap connection */
564 $ldap = new LDAP($cv['admin'],
565 $cv['password'],
566 $cv['connection'],
567 FALSE,
568 $cv['tls']);
570 /* Add gosaAccount objectClass to the selected users
571 */
572 foreach($this->users_to_migrate as $key => $dep){
573 if($dep['checked']){
575 /* Get old objectClasses */
576 $ldap->cat($dep['dn'],array("objectClass"));
577 $attrs = $ldap->fetch();
579 /* Create new objectClass array */
580 $new_attrs = array();
581 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
582 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
583 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
584 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
585 }
586 }
588 /* Set info attributes for current object,
589 * or write changes to the ldap database
590 */
591 if($only_ldif){
592 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
593 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
594 }else{
595 $ldap->cd($attrs['dn']);
596 if(!$ldap->modify($new_attrs)){
597 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
598 return(false);
599 }
600 }
601 }
602 }
603 return(TRUE);
604 }
607 /* Check if there are invisible organizational Units
608 */
609 function check_organizationalUnits()
610 {
611 $cnt_ok = 0;
612 $old = $this->deps_to_migrate;
613 $this->deps_to_migrate = array();
615 /* Get collected configuration settings */
616 $cv = $this->parent->captured_values;
618 /* Establish ldap connection */
619 $ldap = new LDAP($cv['admin'],
620 $cv['password'],
621 $cv['connection'],
622 FALSE,
623 $cv['tls']);
625 /* Skip GOsa internal departments */
626 $skip_dns = array("/^ou=people,/","/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
627 "/^ou=apps,/","/^ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
628 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
629 "/(,|)ou=winstations,/");
632 /* Get all invisible departments */
633 $ldap->cd($cv['base']);
634 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
635 while($attrs = $ldap->fetch()){
636 $attrs['checked'] = FALSE;
637 $attrs['before'] = "";
638 $attrs['after'] = "";
640 /* Set objects to selected, that were selected before reload */
641 if(isset($old[base64_encode($attrs['dn'])])){
642 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
643 }
644 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
645 }
647 /* Filter returned list of departments and ensure that
648 * GOsa internal departments will not be listed
649 */
650 foreach($this->deps_to_migrate as $key => $attrs){
651 $dn = $attrs['dn'];
652 $skip = false;
653 foreach($skip_dns as $skip_dn){
654 if(preg_match($skip_dn,$dn)){
655 $skip = true;
656 }
657 }
658 if($skip){
659 unset($this->deps_to_migrate[$key]);
660 }
661 }
663 /* If we have no invisible departments found
664 * tell the user that everything is ok
665 */
666 if(!$res){
667 $this->checks['deps_visible']['STATUS'] = FALSE;
668 $this->checks['deps_visible']['STATUS_MSG']= _("LDAP query failed");
669 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
670 }elseif(count($this->deps_to_migrate) == 0 ){
671 $this->checks['deps_visible']['STATUS'] = TRUE;
672 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
673 $this->checks['deps_visible']['ERROR_MSG'] = "";
674 }else{
675 $this->checks['deps_visible']['STATUS'] = TRUE;
676 $this->checks['deps_visible']['STATUS_MSG']= '<font style="color:#FFA500">'._("Warning").'</font>';
677 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s department(s) that will not be visible in GOsa."),count($this->deps_to_migrate));
678 $this->checks['deps_visible']['ERROR_MSG'] .= " <input type='submit' name='deps_visible_migrate' value='"._("Migrate")."...'>";
679 }
680 }
684 /* Start deparmtment migration */
685 function migrate_organizationalUnits($only_ldif = FALSE)
686 {
687 $this->show_details= $only_ldif;
689 /* Get collected configuration settings */
690 $cv = $this->parent->captured_values;
692 /* Establish ldap connection */
693 $ldap = new LDAP($cv['admin'],
694 $cv['password'],
695 $cv['connection'],
696 FALSE,
697 $cv['tls']);
699 /* Add gosaDepartment objectClass to each selected entry
700 */
701 foreach($this->deps_to_migrate as $key => $dep){
702 if($dep['checked']){
704 /* Get current objectClasses */
705 $ldap->cat($dep['dn'],array("objectClass","description"));
706 $attrs = $ldap->fetch();
708 /* Create new objectClass attribute including gosaDepartment*/
709 $new_attrs = array();
710 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
711 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
712 }
713 $new_attrs['objectClass'][] = "gosaDepartment";
715 /* Append description it is missing */
716 if(!isset($attrs['description'])){
717 $new_attrs['description'][] = "GOsa department";
718 }
720 /* Depending on the parameter >only_diff< we save the changes as ldif
721 * or we write our changes directly to the ldap database
722 */
723 if($only_ldif){
724 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
725 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
726 }else{
727 $ldap->cd($attrs['dn']);
728 if(!$ldap->modify($new_attrs)){
729 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
730 return(false);
731 }
732 }
733 }
734 }
735 return(TRUE);
736 }
739 /* Check Acls if there is at least one object with acls defined
740 */
741 function check_administrativeAccount()
742 {
743 /* Establish ldap connection */
744 $cv = $this->parent->captured_values;
745 $ldap = new LDAP($cv['admin'],
746 $cv['password'],
747 $cv['connection'],
748 FALSE,
749 $cv['tls']);
751 /* Search for groups that have complete permissions */
752 $ldap->cd($cv['base']);
753 $res = $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
755 /* If ldap search failed, set error message */
756 if(!$res){
757 $this->checks['acls']['STATUS'] = FALSE;
758 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
759 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
760 }else{
762 /* */
763 $found = FALSE;
764 $debug = "";
765 $admin_groups = array();
767 /* Get all returned groups */
768 while($attrs = $ldap->fetch()){
769 $admin_groups[]= $attrs;
770 }
772 /* Walk through groups and check if memberUid exists in ldap database */
773 foreach($admin_groups as $group){
775 $debug .= "<b>".$group['cn'][0].":</b><br>";
777 $count_member = $group['memberUid']['count'];
779 /* Check every single group member */
780 for($i = 0 ; $i < $count_member ; $i++){
781 $debug .= $group['memberUid'][$i];
783 /* Check if user exists */
784 $ldap->search("(&(objectClass=gosaAccount)(uid=".$group['memberUid'][$i]."))",array("dn"));
785 $cnt= $ldap->count();
787 /* Update found-status if there is a member available */
788 if($cnt == 1){
789 $debug .= " <i>->Found</i><br>";
790 $found = TRUE;
791 }elseif($cnt == 0 ){
792 $debug .= " <font color='red'>-> NOT Found</font><br>";
793 }else{
794 $debug .= " <font color='red'>-> Found more than once -.- </font><br>";
795 }
796 }
798 }
799 # For debugging
800 # echo $debug."<br>----------------<br>";
802 if($found){
803 $this->checks['acls']['STATUS'] = TRUE;
804 $this->checks['acls']['STATUS_MSG']= _("Ok");
805 $this->checks['acls']['ERROR_MSG'] = "";
806 }else{
807 $this->checks['acls']['STATUS'] = FALSE;
808 $this->checks['acls']['STATUS_MSG']= _("Failed");
809 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
810 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
811 }
812 }
813 return($ldap->count()>=1);
814 }
818 function create_admin($only_ldif = FALSE)
819 {
820 /* Reset '' */
821 $this->acl_create_changes="";
823 /* Object that should receive admin acls */
824 $dn = $this->acl_create_selected;
826 /* Get collected configuration settings */
827 $cv = $this->parent->captured_values;
829 /* Establish ldap connection */
830 $ldap = new LDAP($cv['admin'],
831 $cv['password'],
832 $cv['connection'],
833 FALSE,
834 $cv['tls']);
836 $ldap->cd($cv['base']);
837 $ldap->cat($dn,array("objectClass","cn","uid"));
838 $object_attrs = $ldap->fetch();
839 $type = "none";
841 /* Check object that should receive admin acls */
842 if(in_array("gosaAccount",$object_attrs['objectClass'])){
843 $type = "user";
844 }elseif(in_array("posixGroup",$object_attrs['objectClass'])){
845 $type = "group";
846 }
848 /* If a user should get administrative acls, we
849 * should check if there is an administrational group
850 * and just assign the user to it.
851 * If there is no such group, we must create one.
852 */
853 if($type == "user"){
855 $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid"));
856 if($ldap->count()){
857 $fetched_attrs = $ldap->fetch();
858 $attrs_admin_group = $this->cleanup_array($fetched_attrs);
859 $attrs_admin_group_new = $attrs_admin_group;
861 if(!isset($attrs_admin_group_new['memberUid'])){
862 $attrs_admin_group_new['memberUid'] = array();
863 }
864 if(!in_array($object_attrs['uid'][0],$attrs_admin_group_new['memberUid'])){
865 $attrs_admin_group_new['memberUid'][] = $object_attrs['uid'][0];
866 }
868 if($only_ldif){
869 $this->acl_create_changes = _("Appending user to to group administrational group: \n");
870 $this->acl_create_changes.= "\n"._("Before").":\n";
871 $this->acl_create_changes.= $fetched_attrs['dn']."\n";
872 $this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group)."\n";
873 $this->acl_create_changes.= "\n"._("After").":\n";
874 $this->acl_create_changes.= $fetched_attrs['dn']."\n";
875 $this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group_new)."\n";
876 }else{
877 $ldap->cd($fetched_attrs['dn']);
878 $ldap->modify($attrs_admin_group_new);
879 if(!preg_match("/success/i",$ldap->get_error())){
880 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
881 return(FALSE);
882 }
883 }
885 }else{
886 $new_group_dn = "cn=GOsa Administrators,".$cv['groupou'].",".$cv['base'];
887 $new_group_attrs['objectClass'] = array("gosaObject","posixGroup");
888 $new_group_attrs['cn'] = "GOsa Administrators";
889 $new_group_attrs['gosaSubtreeACL'] = ":all";
890 $new_group_attrs['gidNumber'] = "999";
891 $new_group_attrs['memberUid'] = array($object_attrs['uid'][0]);
893 if($only_ldif){
894 $this->acl_create_changes = _("Creating new administrational group: \n\n");
895 $this->acl_create_changes.= $new_group_dn."\n";
896 $this->acl_create_changes.= $this->array_to_ldif($new_group_attrs);
897 }else{
898 $ldap->cd($cv['base']);
899 $ldap->create_missing_trees($cv['groupou'].",".$cv['base']);
900 $ldap->cd($new_group_dn);
901 $res = $ldap->add($new_group_attrs);
902 if(!$res){
903 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
904 return(FALSE);
905 }
906 }
907 }
908 }
909 return(TRUE);
910 }
913 function create_admin_user()
914 {
915 $pw1 = $pw2 = "";
917 if(isset($_POST['new_user_password'])){
918 $pw1 = $_POST['new_user_password'];
919 }
920 if(isset($_POST['new_user_password2'])){
921 $pw2 = $_POST['new_user_password2'];
922 }
924 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
925 print_red(_("Specified passwords are empty or not equal."));
926 return false;
927 }
929 /* Establish ldap connection */
930 $cv = $this->parent->captured_values;
931 $ldap = new LDAP($cv['admin'],
932 $cv['password'],
933 $cv['connection'],
934 FALSE,
935 $cv['tls']);
937 /* Get current base attributes */
938 $ldap->cd($cv['base']);
940 if($cv['peopledn'] == "cn"){
941 $dn = "cn=System Administrator,".$cv['peopleou'].",".$cv['base'];
942 }else{
943 $dn = "uid=admin,".$cv['peopleou'].",".$cv['base'];
944 }
946 $methods = @passwordMethod::get_available_methods_if_not_loaded();
947 $p_m = $methods[$cv['encryption']];
948 $p_c = new $p_m(array());
949 $hash = $p_c->generate_hash($pw2);
951 $new_user=array();
952 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
953 $new_user['givenName'] = "System";
954 $new_user['sn'] = "Administrator";
955 $new_user['cn'] = "System Administrator";
956 $new_user['uid'] = "admin";
957 $new_user['userPassword'] = $hash;
959 $ldap->cd($cv['base']);
960 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
961 $ldap->cd($dn);
962 $res = $ldap->add($new_user);
963 $this->acl_create_selected = $dn;
964 $this->create_admin();
966 if(!$res){
967 print_red($ldap->get_error());
968 return(FALSE);
969 }
971 $this->acl_create_dialog=FALSE;
972 $this->check_administrativeAccount();
973 return(TRUE);
974 }
977 function migrate_outside_winstations($perform = FALSE)
978 {
979 /* Establish ldap connection */
980 $cv = $this->parent->captured_values;
981 $ldap = new LDAP($cv['admin'],
982 $cv['password'],
983 $cv['connection'],
984 FALSE,
985 $cv['tls']);
987 $ldap->cd($cv['base']);
989 /* Check if there was a destination department posted */
990 if(isset($_POST['move_winstation_to'])){
991 $destination_dep = $_POST['move_winstation_to'];
992 }else{
993 print_red(_("Couldn't move users to specified department."));
994 return(false);
995 }
997 foreach($this->outside_winstations as $b_dn => $data){
998 $this->outside_winstations[$b_dn]['ldif'] ="";
999 if($data['selected']){
1000 $dn = base64_decode($b_dn);
1001 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1002 if(!$perform){
1003 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1006 /* Check if there are references to this object */
1007 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1008 $refs = "";
1009 while($attrs = $ldap->fetch()){
1010 $ref_dn = $attrs['dn'];
1011 $refs .= "<br />\t".$ref_dn;
1012 }
1013 if(!empty($refs)){
1014 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1015 }
1017 }else{
1018 $this->move($dn,$d_dn);
1019 }
1020 }
1021 }
1022 }
1025 function migrate_outside_groups($perform = FALSE)
1026 {
1027 /* Establish ldap connection */
1028 $cv = $this->parent->captured_values;
1029 $ldap = new LDAP($cv['admin'],
1030 $cv['password'],
1031 $cv['connection'],
1032 FALSE,
1033 $cv['tls']);
1035 $ldap->cd($cv['base']);
1037 /* Check if there was a destination department posted */
1038 if(isset($_POST['move_group_to'])){
1039 $destination_dep = $_POST['move_group_to'];
1040 }else{
1041 print_red(_("Couldn't move users to specified department."));
1042 return(false);
1043 }
1045 foreach($this->outside_groups as $b_dn => $data){
1046 $this->outside_groups[$b_dn]['ldif'] ="";
1047 if($data['selected']){
1048 $dn = base64_decode($b_dn);
1049 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1050 if(!$perform){
1051 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1054 /* Check if there are references to this object */
1055 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1056 $refs = "";
1057 while($attrs = $ldap->fetch()){
1058 $ref_dn = $attrs['dn'];
1059 $refs .= "<br />\t".$ref_dn;
1060 }
1061 if(!empty($refs)){
1062 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1063 }
1065 }else{
1066 $this->move($dn,$d_dn);
1067 }
1068 }
1069 }
1070 }
1073 function migrate_outside_users($perform = FALSE)
1074 {
1075 /* Establish ldap connection */
1076 $cv = $this->parent->captured_values;
1077 $ldap = new LDAP($cv['admin'],
1078 $cv['password'],
1079 $cv['connection'],
1080 FALSE,
1081 $cv['tls']);
1083 $ldap->cd($cv['base']);
1085 /* Check if there was a destination department posted */
1086 if(isset($_POST['move_user_to'])){
1087 $destination_dep = $_POST['move_user_to'];
1088 }else{
1089 print_red(_("Couldn't move users to specified department."));
1090 return(false);
1091 }
1093 foreach($this->outside_users as $b_dn => $data){
1094 $this->outside_users[$b_dn]['ldif'] ="";
1095 if($data['selected']){
1096 $dn = base64_decode($b_dn);
1097 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1098 if(!$perform){
1099 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1101 /* Check if there are references to this object */
1102 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1103 $refs = "";
1104 while($attrs = $ldap->fetch()){
1105 $ref_dn = $attrs['dn'];
1106 $refs .= "<br />\t".$ref_dn;
1107 }
1108 if(!empty($refs)){
1109 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("The following references will be updated").":</i>".$refs;
1110 }
1112 }else{
1113 $this->move($dn,$d_dn);
1114 }
1115 }
1116 }
1117 }
1120 function execute()
1121 {
1122 /* Initialise checks if this is the first call */
1123 if(!$this->checks_initialised || isset($_POST['reload'])){
1124 $this->initialize_checks();
1125 $this->checks_initialised = TRUE;
1126 }
1128 /*************
1129 * Winstations outside the group ou
1130 *************/
1132 if(isset($_POST['outside_winstations_dialog_cancel'])){
1133 $this->outside_winstations_dialog = FALSE;
1134 $this->dialog = FALSE;
1135 $this->show_details = FALSE;
1136 }
1138 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1139 $this->migrate_outside_winstations(FALSE);
1140 }
1142 if(isset($_POST['outside_winstations_dialog_perform'])){
1143 $this->migrate_outside_winstations(TRUE);
1144 $this->search_outside_winstations();
1145 $this->dialog = FALSE;
1146 $this->show_details = FALSE;
1147 $this->outside_winstations_dialog = FALSE;
1148 }
1150 if(isset($_POST['outside_winstations_dialog'])){
1151 $this->outside_winstations_dialog = TRUE;
1152 $this->dialog = TRUE;
1153 }
1155 if($this->outside_winstations_dialog){
1156 $smarty = get_smarty();
1157 $smarty->assign("ous",$this->get_all_winstation_ous());
1158 $smarty->assign("method","outside_winstations");
1159 $smarty->assign("outside_winstations",$this->outside_winstations);
1160 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1161 }
1162 /*************
1163 * Groups outside the group ou
1164 *************/
1166 if(isset($_POST['outside_groups_dialog_cancel'])){
1167 $this->outside_groups_dialog = FALSE;
1168 $this->show_details = FALSE;
1169 $this->dialog = FALSE;
1170 }
1172 if(isset($_POST['outside_groups_dialog_whats_done'])){
1173 $this->show_details= TRUE;
1174 $this->migrate_outside_groups(FALSE);
1175 }
1177 if(isset($_POST['outside_groups_dialog_refresh'])){
1178 $this->show_details= FALSE;
1179 }
1181 if(isset($_POST['outside_groups_dialog_perform'])){
1182 $this->migrate_outside_groups(TRUE);
1183 $this->dialog = FALSE;
1184 $this->show_details = FALSE;
1185 $this->outside_groups_dialog = FALSE;
1186 $this->initialize_checks();
1187 }
1189 if(isset($_POST['outside_groups_dialog'])){
1190 $this->outside_groups_dialog = TRUE;
1191 $this->dialog = TRUE;
1192 }
1194 if($this->outside_groups_dialog){
1195 $smarty = get_smarty();
1196 $smarty->assign("ous",$this->get_all_group_ous());
1197 $smarty->assign("method","outside_groups");
1198 $smarty->assign("outside_groups",$this->outside_groups);
1199 $smarty->assign("group_details", $this->show_details);
1200 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1201 }
1203 /*************
1204 * User outside the people ou
1205 *************/
1207 if(isset($_POST['outside_users_dialog_cancel'])){
1208 $this->outside_users_dialog = FALSE;
1209 $this->dialog = FALSE;
1210 $this->show_details = FALSE;
1211 }
1213 if(isset($_POST['outside_users_dialog_whats_done'])){
1214 $this->show_details= TRUE;
1215 $this->migrate_outside_users(FALSE);
1216 }
1218 if(isset($_POST['outside_users_dialog_perform'])){
1219 $this->migrate_outside_users(TRUE);
1220 $this->initialize_checks();
1221 $this->dialog = FALSE;
1222 $this->show_details = FALSE;
1223 $this->outside_users_dialog = FALSE;
1224 }
1226 if (isset($_POST['outside_users_dialog_refresh'])){
1227 $this->show_details= FALSE;
1228 }
1230 if(isset($_POST['outside_users_dialog'])){
1231 $this->outside_users_dialog = TRUE;
1232 $this->dialog = TRUE;
1233 }
1235 if($this->outside_users_dialog){
1236 $smarty = get_smarty();
1237 $smarty->assign("ous",$this->get_all_people_ous());
1238 $smarty->assign("method","outside_users");
1239 $smarty->assign("outside_users",$this->outside_users);
1240 $smarty->assign("user_details", $this->show_details);
1241 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1242 }
1244 /*************
1245 * Root object check
1246 *************/
1248 if(isset($_POST['retry_root_create'])){
1250 $state = $this->checks['root']['STATUS'];
1251 $this->checkBase(FALSE);
1252 if($state != $this->checks['root']['STATUS']){
1253 $this->initialize_checks();
1254 }
1255 }
1257 /*************
1258 * User Migration handling
1259 *************/
1261 if(isset($_POST['retry_acls'])){
1262 $this->check_administrativeAccount();
1263 }
1265 if(isset($_POST['create_acls'])){
1266 $this->acl_create_dialog = TRUE;
1267 $this->dialog = TRUE;
1268 }
1270 if(isset($_POST['create_acls_cancel'])){
1271 $this->acl_create_dialog = FALSE;
1272 $this->dialog = FALSE;
1273 $this->show_details = FALSE;
1274 }
1276 if(isset($_POST['create_acls_create_confirmed'])){
1277 if($this->create_admin()){
1278 $this->acl_create_dialog = FALSE;
1279 $this->dialog = FALSE;
1280 $this->show_details = FALSE;
1281 $this->initialize_checks();
1282 }
1283 }
1285 if(isset($_POST['create_acls_create'])){
1286 $this->create_admin(TRUE);
1287 }
1289 if(isset($_POST['create_admin_user'])){
1290 if($this->create_admin_user()){
1291 $this->dialog = FALSE;
1292 $this->show_details = FALSE;
1293 }
1294 }
1296 if($this->acl_create_dialog){
1297 $smarty = get_smarty();
1298 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1299 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1300 $smarty->assign("users" ,$this->get_user_list());
1301 $smarty->assign("users_cnt" ,count($this->get_user_list()));
1302 // $smarty->assign("groups",$this->get_group_list());
1303 // $smarty->assign("groups_cnt",count($this->get_group_list()));
1304 $smarty->assign("type" ,$this->acl_create_type);
1305 $smarty->assign("method","create_acls");
1306 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1307 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1308 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1309 }
1311 /*************
1312 * User Migration handling
1313 *************/
1315 /* Refresh list of deparments */
1316 if(isset($_POST['users_visible_migrate_refresh'])){
1317 $this->check_gosaAccounts();
1318 }
1320 /* Open migration dialog */
1321 if(isset($_POST['users_visible_migrate'])){
1322 $this->show_details= FALSE;
1323 $this->users_migration_dialog = TRUE;
1324 $this->dialog =TRUE;
1325 }
1327 /* Close migration dialog */
1328 if(isset($_POST['users_visible_migrate_close'])){
1329 $this->users_migration_dialog = FALSE;
1330 $this->dialog =FALSE;
1331 $this->show_details = FALSE;
1332 }
1334 /* Start migration */
1335 if(isset($_POST['users_visible_migrate_migrate'])){
1336 if($this->migrate_gosaAccounts()){
1337 $this->initialize_checks();
1338 $this->dialog = FALSE;
1339 $this->show_details = FALSE;
1340 $this->users_migration_dialog = FALSE;
1341 }
1342 }
1344 /* Start migration */
1345 if(isset($_POST['users_visible_migrate_whatsdone'])){
1346 $this->migrate_gosaAccounts(TRUE);
1347 }
1349 /* Display migration dialog */
1350 if($this->users_migration_dialog){
1351 $smarty = get_smarty();
1352 $smarty->assign("users_to_migrate",$this->users_to_migrate);
1353 $smarty->assign("method","migrate_users");
1354 $smarty->assign("user_details", $this->show_details);
1355 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1356 }
1359 /*************
1360 * Department Migration handling
1361 *************/
1363 /* Refresh list of deparments */
1364 if(isset($_POST['deps_visible_migrate_refresh'])){
1365 $this->check_organizationalUnits();
1366 $this->show_details= FALSE;
1367 }
1369 /* Open migration dialog */
1370 if(isset($_POST['deps_visible_migrate'])){
1371 $this->dep_migration_dialog = TRUE;
1372 $this->dialog =TRUE;
1373 }
1375 /* Close migration dialog */
1376 if(isset($_POST['deps_visible_migrate_close'])){
1377 $this->dep_migration_dialog = FALSE;
1378 $this->dialog =FALSE;
1379 $this->show_details = FALSE;
1380 }
1382 /* Start migration */
1383 if(isset($_POST['deps_visible_migrate_migrate'])){
1384 if($this->migrate_organizationalUnits()){
1385 $this->show_details= FALSE;
1386 $this->check_organizationalUnits();
1387 $this->dialog = FALSE;
1388 $this->dep_migration_dialog = FALSE;
1389 }
1390 }
1392 /* Start migration */
1393 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1394 $this->migrate_organizationalUnits(TRUE);
1395 }
1397 /* Display migration dialog */
1398 if($this->dep_migration_dialog){
1399 $smarty = get_smarty();
1400 $smarty->assign("deps_to_migrate",$this->deps_to_migrate);
1401 $smarty->assign("method","migrate_deps");
1402 $smarty->assign("deps_details", $this->show_details);
1403 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1404 }
1406 $smarty = get_smarty();
1407 $smarty->assign("checks",$this->checks);
1408 $smarty->assign("method","default");
1409 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1410 }
1413 function save_object()
1414 {
1415 $this->is_completed= TRUE;
1417 /* Capture all selected winstations from outside_winstations_dialog */
1418 if($this->outside_winstations_dialog){
1419 foreach($this->outside_winstations as $dn => $data){
1420 if(isset($_POST['select_winstation_'.$dn])){
1421 $this->outside_winstations[$dn]['selected'] = TRUE;
1422 }else{
1423 $this->outside_winstations[$dn]['selected'] = FALSE;
1424 }
1425 }
1426 }
1428 /* Capture all selected groups from outside_groups_dialog */
1429 if($this->outside_groups_dialog){
1430 foreach($this->outside_groups as $dn => $data){
1431 if(isset($_POST['select_group_'.$dn])){
1432 $this->outside_groups[$dn]['selected'] = TRUE;
1433 }else{
1434 $this->outside_groups[$dn]['selected'] = FALSE;
1435 }
1436 }
1437 }
1439 /* Capture all selected users from outside_users_dialog */
1440 if($this->outside_users_dialog){
1441 foreach($this->outside_users as $dn => $data){
1442 if(isset($_POST['select_user_'.$dn])){
1443 $this->outside_users[$dn]['selected'] = TRUE;
1444 }else{
1445 $this->outside_users[$dn]['selected'] = FALSE;
1446 }
1447 }
1448 }
1450 /* Get "create acl" dialog posts */
1451 if($this->acl_create_dialog){
1452 if(isset($_POST['create_acls_create'])){
1453 if(isset($_POST['create_acls_selected'])){
1454 $this->acl_create_selected = base64_decode($_POST['create_acls_selected']);
1455 }else{
1456 $this->acl_create_selected = "";
1457 }
1458 }
1460 if(isset($_POST['create_acls_create_abort'])){
1461 $this->acl_create_selected = "";
1462 }
1464 if(isset($_POST['acl_create_type'])){
1465 $this->acl_create_type = $_POST['acl_create_type'];
1466 }
1467 }
1469 /* Get selected departments */
1470 if($this->dep_migration_dialog){
1471 foreach($this->deps_to_migrate as $id => $data){
1472 if(isset($_POST['migrate_'.$id])){
1473 $this->deps_to_migrate[$id]['checked'] = TRUE;
1474 }else{
1475 $this->deps_to_migrate[$id]['checked'] = FALSE;
1476 }
1477 }
1478 }
1480 /* Get selected users */
1481 if($this->users_migration_dialog){
1482 foreach($this->users_to_migrate as $id => $data){
1483 if(isset($_POST['migrate_'.$id])){
1484 $this->users_to_migrate[$id]['checked'] = TRUE;
1485 }else{
1486 $this->users_to_migrate[$id]['checked'] = FALSE;
1487 }
1488 }
1489 }
1490 }
1493 /* Check if the root object exists.
1494 * If the parameter just_check is true, then just check if the
1495 * root object is missing and update the info messages.
1496 * If the Parameter is false, try to create a new root object.
1497 */
1498 function checkBase($just_check = TRUE)
1499 {
1500 /* Get collected setup informations */
1501 $cv = $this->parent->captured_values;
1503 /* Establish ldap connection */
1504 $ldap = new LDAP($cv['admin'],
1505 $cv['password'],
1506 $cv['connection'],
1507 FALSE,
1508 $cv['tls']);
1510 /* Check if root object exists */
1511 $ldap->cd($cv['base']);
1512 $res = $ldap->search("(objectClass=*)");
1513 $err = ldap_errno($ldap->cid);
1515 if( !$res ||
1516 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1517 $err == 0x40) { # LDAP_NAMING_VIOLATION
1519 /* Root object doesn't exists
1520 */
1521 if($just_check){
1522 $this->checks['root']['STATUS'] = FALSE;
1523 $this->checks['root']['STATUS_MSG']= _("Failed");
1524 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
1525 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1526 return(FALSE);
1527 }else{
1529 /* Add root object */
1530 $ldap->cd($cv['base']);
1531 $res = $ldap->create_missing_trees($cv['base']);
1533 /* If adding failed, tell the user */
1534 if(!$res){
1535 $this->checks['root']['STATUS'] = FALSE;
1536 $this->checks['root']['STATUS_MSG']= _("Failed");
1537 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
1538 $this->checks['root']['ERROR_MSG'].= " <input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1539 return($res);;
1540 }
1541 }
1542 }
1544 /* Create & remove of dummy object was successful */
1545 $this->checks['root']['STATUS'] = TRUE;
1546 $this->checks['root']['STATUS_MSG']= _("Ok");
1547 }
1550 /* Return ldif information for a
1551 * given attribute array
1552 */
1553 function array_to_ldif($atts)
1554 {
1555 $ret = "";
1556 unset($atts['count']);
1557 unset($atts['dn']);
1558 foreach($atts as $name => $value){
1559 if(is_numeric($name)) {
1560 continue;
1561 }
1562 if(is_array($value)){
1563 unset($value['count']);
1564 foreach($value as $a_val){
1565 $ret .= $name.": ". $a_val."\n";
1566 }
1567 }else{
1568 $ret .= $name.": ". $value."\n";
1569 }
1570 }
1571 return(preg_replace("/\n$/","",$ret));
1572 }
1575 function get_user_list()
1576 {
1577 /* Get collected configuration settings */
1578 $cv = $this->parent->captured_values;
1580 /* Establish ldap connection */
1581 $ldap = new LDAP($cv['admin'],
1582 $cv['password'],
1583 $cv['connection'],
1584 FALSE,
1585 $cv['tls']);
1587 $ldap->cd($cv['base']);
1588 $ldap->search("(objectClass=gosaAccount)",array("dn"));
1590 $tmp = array();
1591 while($attrs = $ldap->fetch()){
1592 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1593 }
1594 return($tmp);
1595 }
1598 function get_all_people_ous()
1599 {
1600 /* Get collected configuration settings */
1601 $cv = $this->parent->captured_values;
1603 /* Establish ldap connection */
1604 $ldap = new LDAP($cv['admin'],
1605 $cv['password'],
1606 $cv['connection'],
1607 FALSE,
1608 $cv['tls']);
1610 $ldap->cd($cv['base']);
1611 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1613 if($ldap->count() == 0 ){
1614 $add_dn = $cv['peopleou'].",".$cv['base'];
1615 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1616 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1617 $add = array();
1618 $add['objectClass'] = array("organizationalUnit");
1619 $add[$naming_attr] = $naming_value;
1621 $ldap->cd($cv['base']);
1622 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1623 $ldap->cd($add_dn);
1624 $ldap->add($add);
1625 }
1627 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1628 $tmp = array();
1629 while($attrs= $ldap->fetch()){
1630 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1631 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1632 }
1633 }
1634 return($tmp);
1635 }
1637 function get_all_winstation_ous()
1638 {
1639 /* Get collected configuration settings */
1640 $cv = $this->parent->captured_values;
1642 /* Establish ldap connection */
1643 $ldap = new LDAP($cv['admin'],
1644 $cv['password'],
1645 $cv['connection'],
1646 FALSE,
1647 $cv['tls']);
1649 /* Get winstation ou */
1650 if($cv['generic_settings']['wws_ou_active']) {
1651 $winstation_ou = $cv['generic_settings']['ws_ou'];
1652 }else{
1653 $winstation_ou = "ou=winstations";
1654 }
1656 $ldap->cd($cv['base']);
1657 $ldap->search("(".$winstation_ou.")",array("dn"));
1659 if($ldap->count() == 0 ){
1660 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
1661 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1662 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1663 $add = array();
1664 $add['objectClass'] = array("organizationalUnit");
1665 $add[$naming_attr] = $naming_value;
1667 $ldap->cd($cv['base']);
1668 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1669 $ldap->cd($add_dn);
1670 $ldap->add($add);
1671 }
1673 $ldap->search("(".$winstation_ou.")",array("dn"));
1674 $tmp = array();
1675 while($attrs= $ldap->fetch()){
1676 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1677 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1678 }
1679 }
1680 return($tmp);
1681 }
1684 function get_all_group_ous()
1685 {
1686 /* Get collected configuration settings */
1687 $cv = $this->parent->captured_values;
1689 /* Establish ldap connection */
1690 $ldap = new LDAP($cv['admin'],
1691 $cv['password'],
1692 $cv['connection'],
1693 FALSE,
1694 $cv['tls']);
1696 $ldap->cd($cv['base']);
1697 $ldap->search("(".$cv['groupou'].")",array("dn"));
1699 if($ldap->count() == 0 ){
1700 $add_dn = $cv['groupou'].",".$cv['base'];
1701 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1702 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1703 $add = array();
1704 $add['objectClass'] = array("organizationalUnit");
1705 $add[$naming_attr] = $naming_value;
1707 $ldap->cd($cv['base']);
1708 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1709 $ldap->cd($add_dn);
1710 $ldap->add($add);
1711 }
1713 $ldap->search("(".$cv['groupou'].")",array("dn"));
1714 $tmp = array();
1715 while($attrs= $ldap->fetch()){
1716 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1717 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1718 }
1719 }
1720 return($tmp);
1721 }
1724 function get_group_list()
1725 {
1726 /* Get collected configuration settings */
1727 $cv = $this->parent->captured_values;
1729 /* Establish ldap connection */
1730 $ldap = new LDAP($cv['admin'],
1731 $cv['password'],
1732 $cv['connection'],
1733 FALSE,
1734 $cv['tls']);
1736 $ldap->cd($cv['base']);
1737 $ldap->search("(objectClass=posixGroup)",array("dn"));
1739 $tmp = array();
1740 while($attrs = $ldap->fetch()){
1741 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1742 }
1743 return($tmp);
1744 }
1747 function move($source,$destination)
1748 {
1749 /* Get collected configuration settings */
1750 $cv = $this->parent->captured_values;
1752 /* Establish ldap connection */
1753 $ldap = new LDAP($cv['admin'],
1754 $cv['password'],
1755 $cv['connection'],
1756 FALSE,
1757 $cv['tls']);
1759 /* Update object references in gosaGroupOfNames */
1760 $ogs_to_fix = array();
1761 $ldap->cd($cv['base']);
1762 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($source).'))', array('cn','member'));
1763 while ($attrs= $ldap->fetch()){
1764 $dn = $attrs['dn'];
1765 $attrs = $this->cleanup_array($attrs);
1766 $member_new = array($destination);
1767 foreach($attrs['member'] as $member){
1768 if($member != $source){
1769 $member_new[] = $member;
1770 }
1771 }
1772 $attrs['member'] = $member_new;
1773 $ogs_to_fix[$dn] = $attrs;
1774 }
1776 /* Copy source to destination dn */
1777 $ldap->cat($source);
1778 $new_data = $this->cleanup_array($ldap->fetch());
1779 $ldap->cd($destination);
1780 $res = $ldap->add($new_data);
1782 /* Display warning if copy failed */
1783 if(!$res){
1784 print_red(_("Failed to copy '%s' to '%s'. LDAP says '%s'."),$source,$destination,$ldap->get_error());
1785 }else{
1786 $res = $ldap->rmDir($source);
1787 show_ldap_error($ldap->get_error(),_("Something went wrong while copying dns."));
1789 /* Object is copied, so update its references */
1790 foreach($ogs_to_fix as $dn => $data){
1791 $ldap->cd($dn);
1792 $ldap->modify($data);
1793 }
1794 }
1795 }
1798 /* Cleanup ldap result to be able to write it be to ldap */
1799 function cleanup_array($attrs)
1800 {
1801 foreach($attrs as $key => $value) {
1802 if(is_numeric($key) || in_array($key,array("count","dn"))){
1803 unset($attrs[$key]);
1804 }
1805 if(is_array($value) && isset($value['count'])){
1806 unset($attrs[$key]['count']);
1807 }
1808 }
1809 return($attrs);
1810 }
1811 }
1813 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1814 ?>