1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/monitoring.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
62 var $show_details = FALSE;
64 /* Department migration attributes */
65 var $users_migration_dialog= FALSE;
66 var $users_to_migrate = array();
68 /* Create Acl attributes */
69 var $acl_create_dialog = FALSE;
70 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
71 var $acl_create_changes = ""; // Contains ldif information about changes
72 var $acl_create_confirmed= FALSE;
74 /* Checks initialised ? */
75 var $checks_initialised = FALSE;
77 /* Users outside to people ou */
78 var $outside_users = array();
79 var $outside_users_dialog = FALSE;
81 /* Users outside to groups ou */
82 var $outside_groups = array();
83 var $outside_groups_dialog = FALSE;
85 /* Win-Workstations outside to reserved ou */
86 var $outside_winstations = array();
87 var $outside_winstations_dialog = FALSE;
89 /* check for multiple use of same uidNumber */
90 var $check_uidNumbers = array();
91 var $check_uidNumbers_dialog = FALSE;
93 /* check for multiple use of same gidNumber */
94 var $check_gidNumbers = array();
95 var $check_gidNumbers_dialog = FALSE;
98 function Step_Migrate()
99 {
100 $this->update_strings();
101 }
103 function update_strings()
104 {
105 $this->s_title = _("LDAP inspection");
106 $this->s_title_long = _("LDAP inspection");
107 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
108 }
110 function initialize_checks()
111 {
112 $this->checks = array();
113 $this->checks['root']['TITLE'] = _("Checking for root object");
114 $this->checks['root']['STATUS'] = FALSE;
115 $this->checks['root']['STATUS_MSG']= "";
116 $this->checks['root']['ERROR_MSG'] = "";
117 $this->checkBase();
119 $this->checks['permissions']['TITLE'] = _("Checking permissions on LDAP database");
120 $this->checks['permissions']['STATUS'] = FALSE;
121 $this->checks['permissions']['STATUS_MSG']= "";
122 $this->checks['permissions']['ERROR_MSG'] = "";
123 $this->check_ldap_permissions();
125 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible deparmtments");
126 $this->checks['deps_visible']['STATUS'] = FALSE;
127 $this->checks['deps_visible']['STATUS_MSG']= "";
128 $this->checks['deps_visible']['ERROR_MSG'] = "";
129 $this->check_organizationalUnits();
131 $this->checks['users_visible']['TITLE'] = _("Checking for invisible users");
132 $this->checks['users_visible']['STATUS'] = FALSE;
133 $this->checks['users_visible']['STATUS_MSG']= "";
134 $this->checks['users_visible']['ERROR_MSG'] = "";
135 $this->check_gosaAccounts();
137 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
138 $this->checks['acls']['STATUS'] = FALSE;
139 $this->checks['acls']['STATUS_MSG']= "";
140 $this->checks['acls']['ERROR_MSG'] = "";
141 $this->check_administrativeAccount();
143 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree");
144 $this->checks['outside_users']['STATUS'] = FALSE;
145 $this->checks['outside_users']['STATUS_MSG']= "";
146 $this->checks['outside_users']['ERROR_MSG'] = "";
147 $this->search_outside_users();
149 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree");
150 $this->checks['outside_groups']['STATUS'] = FALSE;
151 $this->checks['outside_groups']['STATUS_MSG']= "";
152 $this->checks['outside_groups']['ERROR_MSG'] = "";
153 $this->search_outside_groups();
155 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation tree");
156 $this->checks['outside_winstations']['STATUS'] = FALSE;
157 $this->checks['outside_winstations']['STATUS_MSG']= "";
158 $this->checks['outside_winstations']['ERROR_MSG'] = "";
159 $this->search_outside_winstations();
161 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicate uid numbers");
162 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
163 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
164 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
165 $this->check_uidNumber();
167 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate gid numbers");
168 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
169 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
170 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
171 $this->check_gidNumber();
172 }
175 /* Check if there are uidNumbers which are used more than once.
176 */
177 function check_uidNumber()
178 {
179 $cv = $this->parent->captured_values;
180 $ldap = new LDAP($cv['admin'],
181 $cv['password'],
182 $cv['connection'],
183 FALSE,
184 $cv['tls']);
186 $ldap->cd($cv['base']);
187 $res = $ldap->search("uidNumber=*",array("dn","uidNumber"));
188 if(!$res){
189 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
190 $this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
191 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
192 return(false);
193 }
195 $this->check_uidNumbers= array();
196 $tmp = array();
197 while($attrs = $ldap->fetch()){
198 $tmp[$attrs['uidNumber'][0]][] = $attrs;
199 }
201 foreach($tmp as $id => $entries){
202 if(count($entries) > 1){
203 foreach($entries as $entry){
204 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
205 }
206 }
207 }
209 if($this->check_uidNumbers){
210 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
211 $this->checks['uidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
212 $this->checks['uidNumber_usage']['ERROR_MSG'] =
213 sprintf(_("Found %s duplicate values for attribute 'uidNumber'."),count($this->check_uidNumbers));
214 return(false);
215 }else{
216 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
217 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
218 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
219 return(TRUE);
220 }
221 }
224 /* Check if there are duplicated gidNumbers present in ldap
225 */
226 function check_gidNumber()
227 {
228 $cv = $this->parent->captured_values;
229 $ldap = new LDAP($cv['admin'],
230 $cv['password'],
231 $cv['connection'],
232 FALSE,
233 $cv['tls']);
235 $ldap->cd($cv['base']);
236 $res = $ldap->search("(&(objectClass=posixGroup)(gidNumber=*))",array("dn","gidNumber"));
237 if(!$res){
238 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
239 $this->checks['gidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
240 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
241 return(false);
242 }
244 $this->check_gidNumbers= array();
245 $tmp = array();
246 while($attrs = $ldap->fetch()){
247 $tmp[$attrs['gidNumber'][0]][] = $attrs;
248 }
250 foreach($tmp as $id => $entries){
251 if(count($entries) > 1){
252 foreach($entries as $entry){
253 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
254 }
255 }
256 }
258 if($this->check_gidNumbers){
259 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
260 $this->checks['gidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
261 $this->checks['gidNumber_usage']['ERROR_MSG'] =
262 sprintf(_("Found %s duplicate values for attribute 'gidNumber'."),count($this->check_gidNumbers));
263 return(false);
264 }else{
265 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
266 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
267 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
268 return(TRUE);
269 }
270 }
273 /* Search for winstations outside the winstation ou
274 */
275 function search_outside_winstations()
276 {
277 $cv = $this->parent->captured_values;
278 $ldap = new LDAP($cv['admin'],
279 $cv['password'],
280 $cv['connection'],
281 FALSE,
282 $cv['tls']);
284 /* Get winstation ou */
285 if($cv['generic_settings']['wws_ou_active']) {
286 $winstation_ou = $cv['generic_settings']['ws_ou'];
287 }else{
288 $winstation_ou = "ou=winstations";
289 }
291 if($cv['samba_version'] == 3){
292 $oc = "sambaSamAccount";
293 }else{
294 $oc = "sambaAccount";
295 }
297 $ldap->cd($cv['base']);
298 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
299 if(!$res){
300 $this->checks['outside_winstations']['STATUS'] = FALSE;
301 $this->checks['outside_winstations']['STATUS_MSG']= _("LDAP query failed");
302 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
303 return(false);
304 }
306 $this->outside_winstations = array();
307 while($attrs = $ldap->fetch()){
308 if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
309 $attrs['selected'] = FALSE;
310 $attrs['ldif'] = "";
311 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
312 }
313 }
315 if(count($this->outside_winstations)){
316 $this->checks['outside_winstations']['STATUS'] = FALSE;
317 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
318 $this->checks['outside_winstations']['ERROR_MSG'] =
319 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
320 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."...'>";
321 return(false);
322 }else{
323 $this->checks['outside_winstations']['STATUS'] = TRUE;
324 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
325 $this->checks['outside_winstations']['ERROR_MSG'] = "";
326 return(TRUE);
327 }
328 }
331 /* Search for groups outside the group ou
332 */
333 function search_outside_groups()
334 {
335 $cv = $this->parent->captured_values;
336 $ldap = new LDAP($cv['admin'],
337 $cv['password'],
338 $cv['connection'],
339 FALSE,
340 $cv['tls']);
342 $group_ou = $cv['groupou'];
343 $ldap->cd($cv['base']);
344 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
345 if(!$res){
346 $this->checks['outside_groups']['STATUS'] = FALSE;
347 $this->checks['outside_groups']['STATUS_MSG']= _("LDAP query failed");
348 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
349 return(false);
350 }
353 $this->outside_groups = array();
354 while($attrs = $ldap->fetch()){
355 if((!preg_match("/^[^,]+,".normalizePreg($group_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
356 $attrs['selected'] = FALSE;
357 $attrs['ldif'] = "";
358 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
359 }
360 }
362 if(count($this->outside_groups)){
363 $this->checks['outside_groups']['STATUS'] = FALSE;
364 $this->checks['outside_groups']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
365 $this->checks['outside_groups']['ERROR_MSG'] =
366 sprintf(_("Found %s groups outside the configured tree '%s'."),count($this->outside_groups),$group_ou);
367 $this->checks['outside_groups']['ERROR_MSG'].= " <input type='submit' name='outside_groups_dialog' value='"._("Move")."...'>";
368 return(false);
369 }else{
370 $this->checks['outside_groups']['STATUS'] = TRUE;
371 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
372 $this->checks['outside_groups']['ERROR_MSG'] = "";
373 return(TRUE);
374 }
375 }
378 /* Search for users outside the people ou
379 */
380 function search_outside_users()
381 {
382 $cv = $this->parent->captured_values;
383 $ldap = new LDAP($cv['admin'],
384 $cv['password'],
385 $cv['connection'],
386 FALSE,
387 $cv['tls']);
388 $people_ou = $cv['peopleou'];
389 $ldap->cd($cv['base']);
390 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
391 if(!$res){
392 $this->checks['outside_users']['STATUS'] = FALSE;
393 $this->checks['outside_users']['STATUS_MSG']= _("LDAP query failed");
394 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
395 return(false);
396 }
399 $this->outside_users = array();
400 while($attrs = $ldap->fetch()){
401 if((!preg_match("/^[^,]+,".normalizePreg($people_ou)."/",$attrs['dn']) && !preg_match("/,dc=addressbook,/",$attrs['dn']))){
402 $attrs['selected'] = FALSE;
403 $attrs['ldif'] = "";
404 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
405 }
406 }
408 if(count($this->outside_users)){
409 $this->checks['outside_users']['STATUS'] = FALSE;
410 $this->checks['outside_users']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
411 $this->checks['outside_users']['ERROR_MSG'] =
412 sprintf(_("Found %s user(s) outside the configured tree '%s'."),count($this->outside_users),$people_ou);
413 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Move")."...'>";
414 return(false);
415 }else{
416 $this->checks['outside_users']['STATUS'] = TRUE;
417 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
418 $this->checks['outside_users']['ERROR_MSG'] = "";
419 return(TRUE);
420 }
421 }
424 /* Check ldap accessibility
425 * Create and remove a dummy object,
426 * to ensure that we have the necessary permissions
427 */
428 function check_ldap_permissions()
429 {
430 $cv = $this->parent->captured_values;
431 $ldap = new LDAP($cv['admin'],
432 $cv['password'],
433 $cv['connection'],
434 FALSE,
435 $cv['tls']);
437 /* Create dummy entry
438 */
439 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
440 $dn = "ou=".$name.",".$cv['base'];
441 $testEntry= array();
442 $testEntry['objectClass'][]= "top";
443 $testEntry['objectClass'][]= "organizationalUnit";
444 $testEntry['objectClass'][]= "gosaDepartment";
445 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
446 $testEntry['ou'] = $name;
448 /* check if simple ldap cat will be successful
449 */
450 $res = $ldap->cat($cv['base']);
451 if(!$res){
452 $this->checks['permissions']['STATUS'] = FALSE;
453 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
454 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
455 return(false);
456 }
458 /* Try to create dummy object
459 */
460 $ldap->cd ($dn);
461 $ldap->create_missing_trees($dn);
462 $res = $ldap->add($testEntry);
463 $ldap->cat($dn);
464 if(!$ldap->count()){
465 gosa_log($ldap->get_error());
466 $this->checks['permissions']['STATUS'] = FALSE;
467 $this->checks['permissions']['STATUS_MSG']= _("Failed");
468 $this->checks['permissions']['ERROR_MSG'] =
469 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
470 return(false);
471 }
473 /* Try to remove created entry
474 */
475 $res = $ldap->rmDir($dn);
476 $ldap->cat($dn);
477 if($ldap->count()){
478 gosa_log($ldap->get_error());
479 $this->checks['permissions']['STATUS'] = FALSE;
480 $this->checks['permissions']['STATUS_MSG']= _("Failed");
481 $this->checks['permissions']['ERROR_MSG'] =
482 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
483 return(false);
484 }
486 /* Create & remove of dummy object was successful */
487 $this->checks['permissions']['STATUS'] = TRUE;
488 $this->checks['permissions']['STATUS_MSG']= _("Ok");
489 $this->checks['permissions']['ERROR_MSG'] = "";
490 return(true);
491 }
494 /* Check if there are users which will
495 * be invisible for GOsa
496 */
497 function check_gosaAccounts()
498 {
499 /* Remember old list of ivisible users, to be able to set
500 * the 'html checked' status for the checkboxes again
501 */
502 $cnt_ok = 0;
503 $old = $this->users_to_migrate;
504 $this->users_to_migrate = array();
506 /* Get collected configuration settings */
507 $cv = $this->parent->captured_values;
509 /* Establish ldap connection */
510 $ldap = new LDAP($cv['admin'],
511 $cv['password'],
512 $cv['connection'],
513 FALSE,
514 $cv['tls']);
516 /* Get all invisible users
517 */
518 $ldap->cd($cv['base']);
519 $res =$ldap->search("(&(|(objectClass=posixAccount)(&(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))(!(objectClass=gosaAccount))(uid=*))",array("sn","givenName","cn","uid"));
520 while($attrs = $ldap->fetch()){
521 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
522 $attrs['checked'] = FALSE;
523 $attrs['before'] = "";
524 $attrs['after'] = "";
526 /* Set objects to selected, that were selected before reload */
527 if(isset($old[base64_encode($attrs['dn'])])){
528 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
529 }
530 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
531 }
532 }
534 /* No invisible */
535 if(!$res){
536 $this->checks['users_visible']['STATUS'] = FALSE;
537 $this->checks['users_visible']['STATUS_MSG']= _("LDAP query failed");
538 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
539 }elseif(count($this->users_to_migrate) == 0){
540 $this->checks['users_visible']['STATUS'] = TRUE;
541 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
542 $this->checks['users_visible']['ERROR_MSG'] = "";
543 }else{
544 $this->checks['users_visible']['STATUS'] = FALSE;
545 $this->checks['users_visible']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
546 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s user(s) that will not be visible in GOsa."),
547 count($this->users_to_migrate));
548 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."...'>";
549 }
550 }
553 /* Start user account migration
554 */
555 function migrate_gosaAccounts($only_ldif = FALSE)
556 {
557 $this->show_details= $only_ldif;
559 /* Get collected configuration settings */
560 $cv = $this->parent->captured_values;
562 /* Establish ldap connection */
563 $ldap = new LDAP($cv['admin'],
564 $cv['password'],
565 $cv['connection'],
566 FALSE,
567 $cv['tls']);
569 /* Add gosaAccount objectClass to the selected users
570 */
571 foreach($this->users_to_migrate as $key => $dep){
572 if($dep['checked']){
574 /* Get old objectClasses */
575 $ldap->cat($dep['dn'],array("objectClass"));
576 $attrs = $ldap->fetch();
578 /* Create new objectClass array */
579 $new_attrs = array();
580 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
581 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
582 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
583 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
584 }
585 }
587 /* Set info attributes for current object,
588 * or write changes to the ldap database
589 */
590 if($only_ldif){
591 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
592 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
593 }else{
594 $ldap->cd($attrs['dn']);
595 if(!$ldap->modify($new_attrs)){
596 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
597 return(false);
598 }
599 }
600 }
601 }
602 return(TRUE);
603 }
606 /* Check if there are invisible organizational Units
607 */
608 function check_organizationalUnits()
609 {
610 $cnt_ok = 0;
611 $old = $this->deps_to_migrate;
612 $this->deps_to_migrate = array();
614 /* Get collected configuration settings */
615 $cv = $this->parent->captured_values;
617 /* Establish ldap connection */
618 $ldap = new LDAP($cv['admin'],
619 $cv['password'],
620 $cv['connection'],
621 FALSE,
622 $cv['tls']);
624 /* Skip GOsa internal departments */
625 $skip_dns = array("/^ou=people,/","/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
626 "/^ou=apps,/","/^ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
627 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
628 "/(,|)ou=winstations,/");
631 /* Get all invisible departments */
632 $ldap->cd($cv['base']);
633 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
634 while($attrs = $ldap->fetch()){
635 $attrs['checked'] = FALSE;
636 $attrs['before'] = "";
637 $attrs['after'] = "";
639 /* Set objects to selected, that were selected before reload */
640 if(isset($old[base64_encode($attrs['dn'])])){
641 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
642 }
643 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
644 }
646 /* Filter returned list of departments and ensure that
647 * GOsa internal departments will not be listed
648 */
649 foreach($this->deps_to_migrate as $key => $attrs){
650 $dn = $attrs['dn'];
651 $skip = false;
652 foreach($skip_dns as $skip_dn){
653 if(preg_match($skip_dn,$dn)){
654 $skip = true;
655 }
656 }
657 if($skip){
658 unset($this->deps_to_migrate[$key]);
659 }
660 }
662 /* If we have no invisible departments found
663 * tell the user that everything is ok
664 */
665 if(!$res){
666 $this->checks['deps_visible']['STATUS'] = FALSE;
667 $this->checks['deps_visible']['STATUS_MSG']= _("LDAP query failed");
668 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
669 }elseif(count($this->deps_to_migrate) == 0 ){
670 $this->checks['deps_visible']['STATUS'] = TRUE;
671 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
672 $this->checks['deps_visible']['ERROR_MSG'] = "";
673 }else{
674 $this->checks['deps_visible']['STATUS'] = TRUE;
675 $this->checks['deps_visible']['STATUS_MSG']= '<font style="color:#FFA500">'._("Warning").'</font>';
676 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s department(s) that will not be visible in GOsa."),count($this->deps_to_migrate));
677 $this->checks['deps_visible']['ERROR_MSG'] .= " <input type='submit' name='deps_visible_migrate' value='"._("Migrate")."...'>";
678 }
679 }
683 /* Start deparmtment migration */
684 function migrate_organizationalUnits($only_ldif = FALSE)
685 {
686 $this->show_details= $only_ldif;
688 /* Get collected configuration settings */
689 $cv = $this->parent->captured_values;
691 /* Establish ldap connection */
692 $ldap = new LDAP($cv['admin'],
693 $cv['password'],
694 $cv['connection'],
695 FALSE,
696 $cv['tls']);
698 /* Add gosaDepartment objectClass to each selected entry
699 */
700 foreach($this->deps_to_migrate as $key => $dep){
701 if($dep['checked']){
703 /* Get current objectClasses */
704 $ldap->cat($dep['dn'],array("objectClass","description"));
705 $attrs = $ldap->fetch();
707 /* Create new objectClass attribute including gosaDepartment*/
708 $new_attrs = array();
709 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
710 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
711 }
712 $new_attrs['objectClass'][] = "gosaDepartment";
714 /* Append description it is missing */
715 if(!isset($attrs['description'])){
716 $new_attrs['description'][] = "GOsa department";
717 }
719 /* Depending on the parameter >only_diff< we save the changes as ldif
720 * or we write our changes directly to the ldap database
721 */
722 if($only_ldif){
723 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
724 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
725 }else{
726 $ldap->cd($attrs['dn']);
727 if(!$ldap->modify($new_attrs)){
728 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
729 return(false);
730 }
731 }
732 }
733 }
734 return(TRUE);
735 }
738 /* Check Acls if there is at least one object with acls defined
739 */
740 function check_administrativeAccount()
741 {
742 /* Establish ldap connection */
743 $cv = $this->parent->captured_values;
744 $ldap = new LDAP($cv['admin'],
745 $cv['password'],
746 $cv['connection'],
747 FALSE,
748 $cv['tls']);
750 /* Search for groups that have complete permissions */
751 $ldap->cd($cv['base']);
752 $res = $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
754 /* If ldap search failed, set error message */
755 if(!$res){
756 $this->checks['acls']['STATUS'] = FALSE;
757 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
758 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
759 }else{
761 /* */
762 $found = FALSE;
763 $debug = "";
764 $admin_groups = array();
766 /* Get all returned groups */
767 while($attrs = $ldap->fetch()){
768 $admin_groups[]= $attrs;
769 }
771 /* Walk through groups and check if memberUid exists in ldap database */
772 foreach($admin_groups as $group){
774 $debug .= "<b>".$group['cn'][0].":</b><br>";
776 $count_member = $group['memberUid']['count'];
778 /* Check every single group member */
779 for($i = 0 ; $i < $count_member ; $i++){
780 $debug .= $group['memberUid'][$i];
782 /* Check if user exists */
783 $ldap->search("(&(objectClass=gosaAccount)(uid=".$group['memberUid'][$i]."))",array("dn"));
784 $cnt= $ldap->count();
786 /* Update found-status if there is a member available */
787 if($cnt == 1){
788 $debug .= " <i>->Found</i><br>";
789 $found = TRUE;
790 }elseif($cnt == 0 ){
791 $debug .= " <font color='red'>-> NOT Found</font><br>";
792 }else{
793 $debug .= " <font color='red'>-> Found more than once -.- </font><br>";
794 }
795 }
797 }
798 # For debugging
799 # echo $debug."<br>----------------<br>";
801 if($found){
802 $this->checks['acls']['STATUS'] = TRUE;
803 $this->checks['acls']['STATUS_MSG']= _("Ok");
804 $this->checks['acls']['ERROR_MSG'] = "";
805 }else{
806 $this->checks['acls']['STATUS'] = FALSE;
807 $this->checks['acls']['STATUS_MSG']= _("Failed");
808 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
809 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
810 }
811 }
812 return($ldap->count()>=1);
813 }
817 function create_admin($only_ldif = FALSE)
818 {
819 /* Reset '' */
820 $this->acl_create_changes="";
822 /* Object that should receive admin acls */
823 $dn = $this->acl_create_selected;
825 /* Get collected configuration settings */
826 $cv = $this->parent->captured_values;
828 /* Establish ldap connection */
829 $ldap = new LDAP($cv['admin'],
830 $cv['password'],
831 $cv['connection'],
832 FALSE,
833 $cv['tls']);
835 $ldap->cd($cv['base']);
836 $ldap->cat($dn,array("objectClass","cn","uid"));
837 $object_attrs = $ldap->fetch();
838 $type = "none";
840 /* Check object that should receive admin acls */
841 if(in_array("gosaAccount",$object_attrs['objectClass'])){
842 $type = "user";
843 }elseif(in_array("posixGroup",$object_attrs['objectClass'])){
844 $type = "group";
845 }
847 /* If a user should get administrative acls, we
848 * should check if there is an administrational group
849 * and just assign the user to it.
850 * If there is no such group, we must create one.
851 */
852 if($type == "user"){
854 $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid"));
855 if($ldap->count()){
856 $fetched_attrs = $ldap->fetch();
857 $attrs_admin_group = $this->cleanup_array($fetched_attrs);
858 $attrs_admin_group_new = $attrs_admin_group;
860 if(!isset($attrs_admin_group_new['memberUid'])){
861 $attrs_admin_group_new['memberUid'] = array();
862 }
863 if(!in_array($object_attrs['uid'][0],$attrs_admin_group_new['memberUid'])){
864 $attrs_admin_group_new['memberUid'][] = $object_attrs['uid'][0];
865 }
867 if($only_ldif){
868 $this->acl_create_changes = _("Appending user to to group administrational group: \n");
869 $this->acl_create_changes.= "\n"._("Before").":\n";
870 $this->acl_create_changes.= $fetched_attrs['dn']."\n";
871 $this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group)."\n";
872 $this->acl_create_changes.= "\n"._("After").":\n";
873 $this->acl_create_changes.= $fetched_attrs['dn']."\n";
874 $this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group_new)."\n";
875 }else{
876 $ldap->cd($fetched_attrs['dn']);
877 $ldap->modify($attrs_admin_group_new);
878 if(!preg_match("/success/i",$ldap->get_error())){
879 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
880 return(FALSE);
881 }
882 }
884 }else{
886 $group_ou = trim($cv['groupou']);
887 if(!empty($group_ou)){
888 $group_ou = trim($group_ou).",";
889 }
891 $new_group_dn = "cn=GOsa Administrators,".$group_ou.$cv['base'];
892 $new_group_attrs['objectClass'] = array("gosaObject","posixGroup");
893 $new_group_attrs['cn'] = "GOsa Administrators";
894 $new_group_attrs['gosaSubtreeACL'] = ":all";
895 $new_group_attrs['gidNumber'] = "999";
896 $new_group_attrs['memberUid'] = array($object_attrs['uid'][0]);
898 if($only_ldif){
899 $this->acl_create_changes = _("Creating new administrational group: \n\n");
900 $this->acl_create_changes.= $new_group_dn."\n";
901 $this->acl_create_changes.= $this->array_to_ldif($new_group_attrs);
902 }else{
903 $ldap->cd($cv['base']);
904 $ldap->create_missing_trees($cv['groupou'].",".$cv['base']);
905 $ldap->cd($new_group_dn);
906 $res = $ldap->add($new_group_attrs);
907 if(!$res){
908 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
909 return(FALSE);
910 }
911 }
912 }
913 }
914 return(TRUE);
915 }
918 function create_admin_user()
919 {
920 $pw1 = $pw2 = "";
921 $uid = "";
923 if(isset($_POST['new_user_uid'])){
924 $uid = $_POST['new_user_uid'];
925 }
927 if(isset($_POST['new_user_password'])){
928 $pw1 = $_POST['new_user_password'];
929 }
930 if(isset($_POST['new_user_password2'])){
931 $pw2 = $_POST['new_user_password2'];
932 }
934 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
935 print_red(_("Specified passwords are empty or not equal."));
936 return false;
937 }
939 if(!is_uid($uid) || empty($uid)){
940 print_red(_("Please specify a valid uid."));
941 return false;
942 }
944 /* Establish ldap connection */
945 $cv = $this->parent->captured_values;
946 $ldap = new LDAP($cv['admin'],
947 $cv['password'],
948 $cv['connection'],
949 FALSE,
950 $cv['tls']);
952 /* Get current base attributes */
953 $ldap->cd($cv['base']);
955 $people_ou = trim($cv['peopleou']);
956 if(!empty($people_ou)){
957 $people_ou = trim($people_ou).",";
958 }
960 if($cv['peopledn'] == "cn"){
961 $dn = "cn=System Administrator,".$people_ou.$cv['base'];
962 }else{
963 $dn = "uid=".$uid.",".$people_ou.$cv['base'];
964 }
966 $methods = @passwordMethod::get_available_methods_if_not_loaded();
967 $p_m = $methods[$cv['encryption']];
968 $p_c = new $p_m(array());
969 $hash = $p_c->generate_hash($pw2);
971 $new_user=array();
972 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
973 $new_user['givenName'] = "System";
974 $new_user['sn'] = "Administrator";
975 $new_user['cn'] = "System Administrator";
976 $new_user['uid'] = $uid;
977 $new_user['userPassword'] = $hash;
979 $ldap->cd($cv['base']);
980 $ldap->cat($dn,array("dn"));
981 if($ldap->count()){
982 print_red(sprintf(_("Could not add administrative user, there is already an object with the same dn '%s' in your ldap database."),
983 $dn));
984 return(FALSE);
985 }
987 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
988 $ldap->cd($dn);
989 $res = $ldap->add($new_user);
990 $this->acl_create_selected = $dn;
991 $this->create_admin();
993 if(!$res){
994 print_red($ldap->get_error());
995 return(FALSE);
996 }
998 $this->acl_create_dialog=FALSE;
999 $this->check_administrativeAccount();
1000 return(TRUE);
1001 }
1004 function migrate_outside_winstations($perform = FALSE)
1005 {
1006 /* Establish ldap connection */
1007 $cv = $this->parent->captured_values;
1008 $ldap = new LDAP($cv['admin'],
1009 $cv['password'],
1010 $cv['connection'],
1011 FALSE,
1012 $cv['tls']);
1014 $ldap->cd($cv['base']);
1016 /* Check if there was a destination department posted */
1017 if(isset($_POST['move_winstation_to'])){
1018 $destination_dep = $_POST['move_winstation_to'];
1019 }else{
1020 print_red(_("Couldn't move users to specified department."));
1021 return(false);
1022 }
1024 foreach($this->outside_winstations as $b_dn => $data){
1025 $this->outside_winstations[$b_dn]['ldif'] ="";
1026 if($data['selected']){
1027 $dn = base64_decode($b_dn);
1028 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1029 if(!$perform){
1030 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1033 /* Check if there are references to this object */
1034 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1035 $refs = "";
1036 while($attrs = $ldap->fetch()){
1037 $ref_dn = $attrs['dn'];
1038 $refs .= "<br />\t".$ref_dn;
1039 }
1040 if(!empty($refs)){
1041 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1042 }
1044 }else{
1045 $this->move($dn,$d_dn);
1046 }
1047 }
1048 }
1049 }
1052 function migrate_outside_groups($perform = FALSE)
1053 {
1054 /* Establish ldap connection */
1055 $cv = $this->parent->captured_values;
1056 $ldap = new LDAP($cv['admin'],
1057 $cv['password'],
1058 $cv['connection'],
1059 FALSE,
1060 $cv['tls']);
1062 $ldap->cd($cv['base']);
1064 /* Check if there was a destination department posted */
1065 if(isset($_POST['move_group_to'])){
1066 $destination_dep = $_POST['move_group_to'];
1067 }else{
1068 print_red(_("Couldn't move users to specified department."));
1069 return(false);
1070 }
1072 foreach($this->outside_groups as $b_dn => $data){
1073 $this->outside_groups[$b_dn]['ldif'] ="";
1074 if($data['selected']){
1075 $dn = base64_decode($b_dn);
1076 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1077 if(!$perform){
1078 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1081 /* Check if there are references to this object */
1082 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1083 $refs = "";
1084 while($attrs = $ldap->fetch()){
1085 $ref_dn = $attrs['dn'];
1086 $refs .= "<br />\t".$ref_dn;
1087 }
1088 if(!empty($refs)){
1089 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1090 }
1092 }else{
1093 $this->move($dn,$d_dn);
1094 }
1095 }
1096 }
1097 }
1100 function migrate_outside_users($perform = FALSE)
1101 {
1102 /* Establish ldap connection */
1103 $cv = $this->parent->captured_values;
1104 $ldap = new LDAP($cv['admin'],
1105 $cv['password'],
1106 $cv['connection'],
1107 FALSE,
1108 $cv['tls']);
1110 $ldap->cd($cv['base']);
1112 /* Check if there was a destination department posted */
1113 if(isset($_POST['move_user_to'])){
1114 $destination_dep = $_POST['move_user_to'];
1115 }else{
1116 print_red(_("Couldn't move users to specified department."));
1117 return(false);
1118 }
1120 foreach($this->outside_users as $b_dn => $data){
1121 $this->outside_users[$b_dn]['ldif'] ="";
1122 if($data['selected']){
1123 $dn = base64_decode($b_dn);
1124 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1125 if(!$perform){
1126 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1128 /* Check if there are references to this object */
1129 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1130 $refs = "";
1131 while($attrs = $ldap->fetch()){
1132 $ref_dn = $attrs['dn'];
1133 $refs .= "<br />\t".$ref_dn;
1134 }
1135 if(!empty($refs)){
1136 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("The following references will be updated").":</i>".$refs;
1137 }
1139 }else{
1140 $this->move($dn,$d_dn);
1141 }
1142 }
1143 }
1144 }
1147 function execute()
1148 {
1149 /* Initialise checks if this is the first call */
1150 if(!$this->checks_initialised || isset($_POST['reload'])){
1151 $this->initialize_checks();
1152 $this->checks_initialised = TRUE;
1153 }
1155 /*************
1156 * Winstations outside the group ou
1157 *************/
1159 if(isset($_POST['outside_winstations_dialog_cancel'])){
1160 $this->outside_winstations_dialog = FALSE;
1161 $this->dialog = FALSE;
1162 $this->show_details = FALSE;
1163 }
1165 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1166 $this->migrate_outside_winstations(FALSE);
1167 }
1169 if(isset($_POST['outside_winstations_dialog_perform'])){
1170 $this->migrate_outside_winstations(TRUE);
1171 $this->search_outside_winstations();
1172 $this->dialog = FALSE;
1173 $this->show_details = FALSE;
1174 $this->outside_winstations_dialog = FALSE;
1175 }
1177 if(isset($_POST['outside_winstations_dialog'])){
1178 $this->outside_winstations_dialog = TRUE;
1179 $this->dialog = TRUE;
1180 }
1182 if($this->outside_winstations_dialog){
1183 $smarty = get_smarty();
1184 $smarty->assign("ous",$this->get_all_winstation_ous());
1185 $smarty->assign("method","outside_winstations");
1186 $smarty->assign("outside_winstations",$this->outside_winstations);
1187 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1188 }
1189 /*************
1190 * Groups outside the group ou
1191 *************/
1193 if(isset($_POST['outside_groups_dialog_cancel'])){
1194 $this->outside_groups_dialog = FALSE;
1195 $this->show_details = FALSE;
1196 $this->dialog = FALSE;
1197 }
1199 if(isset($_POST['outside_groups_dialog_whats_done'])){
1200 $this->show_details= TRUE;
1201 $this->migrate_outside_groups(FALSE);
1202 }
1204 if(isset($_POST['outside_groups_dialog_refresh'])){
1205 $this->show_details= FALSE;
1206 }
1208 if(isset($_POST['outside_groups_dialog_perform'])){
1209 $this->migrate_outside_groups(TRUE);
1210 $this->dialog = FALSE;
1211 $this->show_details = FALSE;
1212 $this->outside_groups_dialog = FALSE;
1213 $this->initialize_checks();
1214 }
1216 if(isset($_POST['outside_groups_dialog'])){
1217 $this->outside_groups_dialog = TRUE;
1218 $this->dialog = TRUE;
1219 }
1221 if($this->outside_groups_dialog){
1222 $smarty = get_smarty();
1223 $smarty->assign("ous",$this->get_all_group_ous());
1224 $smarty->assign("method","outside_groups");
1225 $smarty->assign("outside_groups",$this->outside_groups);
1226 $smarty->assign("group_details", $this->show_details);
1227 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1228 }
1230 /*************
1231 * User outside the people ou
1232 *************/
1234 if(isset($_POST['outside_users_dialog_cancel'])){
1235 $this->outside_users_dialog = FALSE;
1236 $this->dialog = FALSE;
1237 $this->show_details = FALSE;
1238 }
1240 if(isset($_POST['outside_users_dialog_whats_done'])){
1241 $this->show_details= TRUE;
1242 $this->migrate_outside_users(FALSE);
1243 }
1245 if(isset($_POST['outside_users_dialog_perform'])){
1246 $this->migrate_outside_users(TRUE);
1247 $this->initialize_checks();
1248 $this->dialog = FALSE;
1249 $this->show_details = FALSE;
1250 $this->outside_users_dialog = FALSE;
1251 }
1253 if (isset($_POST['outside_users_dialog_refresh'])){
1254 $this->show_details= FALSE;
1255 }
1257 if(isset($_POST['outside_users_dialog'])){
1258 $this->outside_users_dialog = TRUE;
1259 $this->dialog = TRUE;
1260 }
1262 if($this->outside_users_dialog){
1263 $smarty = get_smarty();
1264 $smarty->assign("ous",$this->get_all_people_ous());
1265 $smarty->assign("method","outside_users");
1266 $smarty->assign("outside_users",$this->outside_users);
1267 $smarty->assign("user_details", $this->show_details);
1268 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1269 }
1271 /*************
1272 * Root object check
1273 *************/
1275 if(isset($_POST['retry_root_create'])){
1277 $state = $this->checks['root']['STATUS'];
1278 $this->checkBase(FALSE);
1279 if($state != $this->checks['root']['STATUS']){
1280 $this->initialize_checks();
1281 }
1282 }
1284 /*************
1285 * User Migration handling
1286 *************/
1288 if(isset($_POST['retry_acls'])){
1289 $this->check_administrativeAccount();
1290 }
1292 if(isset($_POST['create_acls'])){
1293 $this->acl_create_dialog = TRUE;
1294 $this->dialog = TRUE;
1295 }
1297 if(isset($_POST['create_acls_cancel'])){
1298 $this->acl_create_dialog = FALSE;
1299 $this->dialog = FALSE;
1300 $this->show_details = FALSE;
1301 }
1303 # if(isset($_POST['create_acls_create_confirmed'])){
1304 # if($this->create_admin()){
1305 # $this->acl_create_dialog = FALSE;
1306 # $this->dialog = FALSE;
1307 # $this->show_details = FALSE;
1308 # $this->initialize_checks();
1309 # }
1310 # }
1312 if(isset($_POST['create_acls_create'])){
1313 $this->create_admin(TRUE);
1314 }
1316 if(isset($_POST['create_admin_user'])){
1317 if($this->create_admin_user()){
1318 $this->dialog = FALSE;
1319 $this->show_details = FALSE;
1320 }
1321 }
1323 if($this->acl_create_dialog){
1324 $smarty = get_smarty();
1326 $uid = "admin";
1327 if(isset($_POST['new_user_uid'])){
1328 $uid = $_POST['new_user_uid'];
1329 }
1331 $smarty->assign("new_user_uid",$uid);
1332 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1333 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1334 $smarty->assign("method","create_acls");
1335 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1336 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1337 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1338 }
1340 /*************
1341 * User Migration handling
1342 *************/
1344 /* Refresh list of deparments */
1345 if(isset($_POST['users_visible_migrate_refresh'])){
1346 $this->check_gosaAccounts();
1347 }
1349 /* Open migration dialog */
1350 if(isset($_POST['users_visible_migrate'])){
1351 $this->show_details= FALSE;
1352 $this->users_migration_dialog = TRUE;
1353 $this->dialog =TRUE;
1354 }
1356 /* Close migration dialog */
1357 if(isset($_POST['users_visible_migrate_close'])){
1358 $this->users_migration_dialog = FALSE;
1359 $this->dialog =FALSE;
1360 $this->show_details = FALSE;
1361 }
1363 /* Start migration */
1364 if(isset($_POST['users_visible_migrate_migrate'])){
1365 if($this->migrate_gosaAccounts()){
1366 $this->initialize_checks();
1367 $this->dialog = FALSE;
1368 $this->show_details = FALSE;
1369 $this->users_migration_dialog = FALSE;
1370 }
1371 }
1373 /* Start migration */
1374 if(isset($_POST['users_visible_migrate_whatsdone'])){
1375 $this->migrate_gosaAccounts(TRUE);
1376 }
1378 /* Display migration dialog */
1379 if($this->users_migration_dialog){
1380 $smarty = get_smarty();
1381 $smarty->assign("users_to_migrate",$this->users_to_migrate);
1382 $smarty->assign("method","migrate_users");
1383 $smarty->assign("user_details", $this->show_details);
1384 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1385 }
1388 /*************
1389 * Department Migration handling
1390 *************/
1392 /* Refresh list of deparments */
1393 if(isset($_POST['deps_visible_migrate_refresh'])){
1394 $this->check_organizationalUnits();
1395 $this->show_details= FALSE;
1396 }
1398 /* Open migration dialog */
1399 if(isset($_POST['deps_visible_migrate'])){
1400 $this->dep_migration_dialog = TRUE;
1401 $this->dialog =TRUE;
1402 }
1404 /* Close migration dialog */
1405 if(isset($_POST['deps_visible_migrate_close'])){
1406 $this->dep_migration_dialog = FALSE;
1407 $this->dialog =FALSE;
1408 $this->show_details = FALSE;
1409 }
1411 /* Start migration */
1412 if(isset($_POST['deps_visible_migrate_migrate'])){
1413 if($this->migrate_organizationalUnits()){
1414 $this->show_details= FALSE;
1415 $this->check_organizationalUnits();
1416 $this->dialog = FALSE;
1417 $this->dep_migration_dialog = FALSE;
1418 }
1419 }
1421 /* Start migration */
1422 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1423 $this->migrate_organizationalUnits(TRUE);
1424 }
1426 /* Display migration dialog */
1427 if($this->dep_migration_dialog){
1428 $smarty = get_smarty();
1429 $smarty->assign("deps_to_migrate",$this->deps_to_migrate);
1430 $smarty->assign("method","migrate_deps");
1431 $smarty->assign("deps_details", $this->show_details);
1432 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1433 }
1435 $smarty = get_smarty();
1436 $smarty->assign("checks",$this->checks);
1437 $smarty->assign("method","default");
1438 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1439 }
1442 function save_object()
1443 {
1444 $this->is_completed= TRUE;
1446 /* Capture all selected winstations from outside_winstations_dialog */
1447 if($this->outside_winstations_dialog){
1448 foreach($this->outside_winstations as $dn => $data){
1449 if(isset($_POST['select_winstation_'.$dn])){
1450 $this->outside_winstations[$dn]['selected'] = TRUE;
1451 }else{
1452 $this->outside_winstations[$dn]['selected'] = FALSE;
1453 }
1454 }
1455 }
1457 /* Capture all selected groups from outside_groups_dialog */
1458 if($this->outside_groups_dialog){
1459 foreach($this->outside_groups as $dn => $data){
1460 if(isset($_POST['select_group_'.$dn])){
1461 $this->outside_groups[$dn]['selected'] = TRUE;
1462 }else{
1463 $this->outside_groups[$dn]['selected'] = FALSE;
1464 }
1465 }
1466 }
1468 /* Capture all selected users from outside_users_dialog */
1469 if($this->outside_users_dialog){
1470 foreach($this->outside_users as $dn => $data){
1471 if(isset($_POST['select_user_'.$dn])){
1472 $this->outside_users[$dn]['selected'] = TRUE;
1473 }else{
1474 $this->outside_users[$dn]['selected'] = FALSE;
1475 }
1476 }
1477 }
1479 /* Get "create acl" dialog posts */
1480 if($this->acl_create_dialog){
1482 if(isset($_POST['create_acls_create_abort'])){
1483 $this->acl_create_selected = "";
1484 }
1485 }
1487 /* Get selected departments */
1488 if($this->dep_migration_dialog){
1489 foreach($this->deps_to_migrate as $id => $data){
1490 if(isset($_POST['migrate_'.$id])){
1491 $this->deps_to_migrate[$id]['checked'] = TRUE;
1492 }else{
1493 $this->deps_to_migrate[$id]['checked'] = FALSE;
1494 }
1495 }
1496 }
1498 /* Get selected users */
1499 if($this->users_migration_dialog){
1500 foreach($this->users_to_migrate as $id => $data){
1501 if(isset($_POST['migrate_'.$id])){
1502 $this->users_to_migrate[$id]['checked'] = TRUE;
1503 }else{
1504 $this->users_to_migrate[$id]['checked'] = FALSE;
1505 }
1506 }
1507 }
1508 }
1511 /* Check if the root object exists.
1512 * If the parameter just_check is true, then just check if the
1513 * root object is missing and update the info messages.
1514 * If the Parameter is false, try to create a new root object.
1515 */
1516 function checkBase($just_check = TRUE)
1517 {
1518 /* Get collected setup informations */
1519 $cv = $this->parent->captured_values;
1521 /* Establish ldap connection */
1522 $ldap = new LDAP($cv['admin'],
1523 $cv['password'],
1524 $cv['connection'],
1525 FALSE,
1526 $cv['tls']);
1528 /* Check if root object exists */
1529 $ldap->cd($cv['base']);
1530 $res = $ldap->search("(objectClass=*)");
1531 $err = ldap_errno($ldap->cid);
1533 if( !$res ||
1534 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1535 $err == 0x40) { # LDAP_NAMING_VIOLATION
1537 /* Root object doesn't exists
1538 */
1539 if($just_check){
1540 $this->checks['root']['STATUS'] = FALSE;
1541 $this->checks['root']['STATUS_MSG']= _("Failed");
1542 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
1543 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1544 return(FALSE);
1545 }else{
1547 /* Add root object */
1548 $ldap->cd($cv['base']);
1549 $res = $ldap->create_missing_trees($cv['base']);
1551 /* If adding failed, tell the user */
1552 if(!$res){
1553 $this->checks['root']['STATUS'] = FALSE;
1554 $this->checks['root']['STATUS_MSG']= _("Failed");
1555 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
1556 $this->checks['root']['ERROR_MSG'].= " <input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1557 return($res);;
1558 }
1559 }
1560 }
1562 /* Create & remove of dummy object was successful */
1563 $this->checks['root']['STATUS'] = TRUE;
1564 $this->checks['root']['STATUS_MSG']= _("Ok");
1565 }
1568 /* Return ldif information for a
1569 * given attribute array
1570 */
1571 function array_to_ldif($atts)
1572 {
1573 $ret = "";
1574 unset($atts['count']);
1575 unset($atts['dn']);
1576 foreach($atts as $name => $value){
1577 if(is_numeric($name)) {
1578 continue;
1579 }
1580 if(is_array($value)){
1581 unset($value['count']);
1582 foreach($value as $a_val){
1583 $ret .= $name.": ". $a_val."\n";
1584 }
1585 }else{
1586 $ret .= $name.": ". $value."\n";
1587 }
1588 }
1589 return(preg_replace("/\n$/","",$ret));
1590 }
1593 function get_user_list()
1594 {
1595 /* Get collected configuration settings */
1596 $cv = $this->parent->captured_values;
1598 /* Establish ldap connection */
1599 $ldap = new LDAP($cv['admin'],
1600 $cv['password'],
1601 $cv['connection'],
1602 FALSE,
1603 $cv['tls']);
1605 $ldap->cd($cv['base']);
1606 $ldap->search("(objectClass=gosaAccount)",array("dn"));
1608 $tmp = array();
1609 while($attrs = $ldap->fetch()){
1610 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1611 }
1612 return($tmp);
1613 }
1616 function get_all_people_ous()
1617 {
1618 /* Get collected configuration settings */
1619 $cv = $this->parent->captured_values;
1621 /* Establish ldap connection */
1622 $ldap = new LDAP($cv['admin'],
1623 $cv['password'],
1624 $cv['connection'],
1625 FALSE,
1626 $cv['tls']);
1628 $ldap->cd($cv['base']);
1629 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1631 if($ldap->count() == 0 ){
1632 $add_dn = $cv['peopleou'].",".$cv['base'];
1633 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1634 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1635 $add = array();
1636 $add['objectClass'] = array("organizationalUnit");
1637 $add[$naming_attr] = $naming_value;
1639 $ldap->cd($cv['base']);
1640 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1641 $ldap->cd($add_dn);
1642 $ldap->add($add);
1643 }
1645 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1646 $tmp = array();
1647 while($attrs= $ldap->fetch()){
1648 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1649 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1650 }
1651 }
1652 return($tmp);
1653 }
1655 function get_all_winstation_ous()
1656 {
1657 /* Get collected configuration settings */
1658 $cv = $this->parent->captured_values;
1660 /* Establish ldap connection */
1661 $ldap = new LDAP($cv['admin'],
1662 $cv['password'],
1663 $cv['connection'],
1664 FALSE,
1665 $cv['tls']);
1667 /* Get winstation ou */
1668 if($cv['generic_settings']['wws_ou_active']) {
1669 $winstation_ou = $cv['generic_settings']['ws_ou'];
1670 }else{
1671 $winstation_ou = "ou=winstations";
1672 }
1674 $ldap->cd($cv['base']);
1675 $ldap->search("(".$winstation_ou.")",array("dn"));
1677 if($ldap->count() == 0 ){
1678 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
1679 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1680 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1681 $add = array();
1682 $add['objectClass'] = array("organizationalUnit");
1683 $add[$naming_attr] = $naming_value;
1685 $ldap->cd($cv['base']);
1686 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1687 $ldap->cd($add_dn);
1688 $ldap->add($add);
1689 }
1691 $ldap->search("(".$winstation_ou.")",array("dn"));
1692 $tmp = array();
1693 while($attrs= $ldap->fetch()){
1694 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1695 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1696 }
1697 }
1698 return($tmp);
1699 }
1702 function get_all_group_ous()
1703 {
1704 /* Get collected configuration settings */
1705 $cv = $this->parent->captured_values;
1707 /* Establish ldap connection */
1708 $ldap = new LDAP($cv['admin'],
1709 $cv['password'],
1710 $cv['connection'],
1711 FALSE,
1712 $cv['tls']);
1714 $ldap->cd($cv['base']);
1715 $ldap->search("(".$cv['groupou'].")",array("dn"));
1717 if($ldap->count() == 0 ){
1718 $add_dn = $cv['groupou'].",".$cv['base'];
1719 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1720 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1721 $add = array();
1722 $add['objectClass'] = array("organizationalUnit");
1723 $add[$naming_attr] = $naming_value;
1725 $ldap->cd($cv['base']);
1726 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1727 $ldap->cd($add_dn);
1728 $ldap->add($add);
1729 }
1731 $ldap->search("(".$cv['groupou'].")",array("dn"));
1732 $tmp = array();
1733 while($attrs= $ldap->fetch()){
1734 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1735 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1736 }
1737 }
1738 return($tmp);
1739 }
1742 function get_group_list()
1743 {
1744 /* Get collected configuration settings */
1745 $cv = $this->parent->captured_values;
1747 /* Establish ldap connection */
1748 $ldap = new LDAP($cv['admin'],
1749 $cv['password'],
1750 $cv['connection'],
1751 FALSE,
1752 $cv['tls']);
1754 $ldap->cd($cv['base']);
1755 $ldap->search("(objectClass=posixGroup)",array("dn"));
1757 $tmp = array();
1758 while($attrs = $ldap->fetch()){
1759 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1760 }
1761 return($tmp);
1762 }
1765 function move($source,$destination)
1766 {
1767 /* Get collected configuration settings */
1768 $cv = $this->parent->captured_values;
1770 /* Establish ldap connection */
1771 $ldap = new LDAP($cv['admin'],
1772 $cv['password'],
1773 $cv['connection'],
1774 FALSE,
1775 $cv['tls']);
1777 /* Update object references in gosaGroupOfNames */
1778 $ogs_to_fix = array();
1779 $ldap->cd($cv['base']);
1780 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($source).'))', array('cn','member'));
1781 while ($attrs= $ldap->fetch()){
1782 $dn = $attrs['dn'];
1783 $attrs = $this->cleanup_array($attrs);
1784 $member_new = array($destination);
1785 foreach($attrs['member'] as $member){
1786 if($member != $source){
1787 $member_new[] = $member;
1788 }
1789 }
1790 $attrs['member'] = $member_new;
1791 $ogs_to_fix[$dn] = $attrs;
1792 }
1794 /* Copy source to destination dn */
1795 $ldap->cat($source);
1796 $new_data = $this->cleanup_array($ldap->fetch());
1797 $ldap->cd($destination);
1798 $res = $ldap->add($new_data);
1800 /* Display warning if copy failed */
1801 if(!$res){
1802 print_red(_("Failed to copy '%s' to '%s'. LDAP says '%s'."),$source,$destination,$ldap->get_error());
1803 }else{
1804 $res = $ldap->rmDir($source);
1805 show_ldap_error($ldap->get_error(),_("Something went wrong while copying dns."));
1807 /* Object is copied, so update its references */
1808 foreach($ogs_to_fix as $dn => $data){
1809 $ldap->cd($dn);
1810 $ldap->modify($data);
1811 }
1812 }
1813 }
1816 /* Cleanup ldap result to be able to write it be to ldap */
1817 function cleanup_array($attrs)
1818 {
1819 foreach($attrs as $key => $value) {
1820 if(is_numeric($key) || in_array($key,array("count","dn"))){
1821 unset($attrs[$key]);
1822 }
1823 if(is_array($value) && isset($value['count'])){
1824 unset($attrs[$key]['count']);
1825 }
1826 }
1827 return($attrs);
1828 }
1829 }
1831 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1832 ?>