1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/monitoring.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
62 var $show_details = FALSE;
64 /* Department migration attributes */
65 var $users_migration_dialog= FALSE;
66 var $users_to_migrate = array();
68 /* Create Acl attributes */
69 var $acl_create_dialog = FALSE;
70 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
71 var $acl_create_changes = ""; // Contains ldif information about changes
72 var $acl_create_confirmed= FALSE;
74 /* Checks initialised ? */
75 var $checks_initialised = FALSE;
77 /* Users outside to people ou */
78 var $outside_users = array();
79 var $outside_users_dialog = FALSE;
81 /* Users outside to groups ou */
82 var $outside_groups = array();
83 var $outside_groups_dialog = FALSE;
85 /* Win-Workstations outside to reserved ou */
86 var $outside_winstations = array();
87 var $outside_winstations_dialog = FALSE;
89 /* check for multiple use of same uidNumber */
90 var $check_uidNumbers = array();
91 var $check_uidNumbers_dialog = FALSE;
93 /* check for multiple use of same gidNumber */
94 var $check_gidNumbers = array();
95 var $check_gidNumbers_dialog = FALSE;
98 function Step_Migrate()
99 {
100 $this->update_strings();
101 }
103 function update_strings()
104 {
105 $this->s_title = _("LDAP inspection");
106 $this->s_title_long = _("LDAP inspection");
107 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
108 }
110 function initialize_checks()
111 {
112 $this->checks = array();
113 $this->checks['root']['TITLE'] = _("Checking for root object");
114 $this->checks['root']['STATUS'] = FALSE;
115 $this->checks['root']['STATUS_MSG']= "";
116 $this->checks['root']['ERROR_MSG'] = "";
117 $this->checkBase();
119 $this->checks['permissions']['TITLE'] = _("Checking permissions on LDAP database");
120 $this->checks['permissions']['STATUS'] = FALSE;
121 $this->checks['permissions']['STATUS_MSG']= "";
122 $this->checks['permissions']['ERROR_MSG'] = "";
123 $this->check_ldap_permissions();
125 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible deparmtments");
126 $this->checks['deps_visible']['STATUS'] = FALSE;
127 $this->checks['deps_visible']['STATUS_MSG']= "";
128 $this->checks['deps_visible']['ERROR_MSG'] = "";
129 $this->check_organizationalUnits();
131 $this->checks['users_visible']['TITLE'] = _("Checking for invisible users");
132 $this->checks['users_visible']['STATUS'] = FALSE;
133 $this->checks['users_visible']['STATUS_MSG']= "";
134 $this->checks['users_visible']['ERROR_MSG'] = "";
135 $this->check_gosaAccounts();
137 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
138 $this->checks['acls']['STATUS'] = FALSE;
139 $this->checks['acls']['STATUS_MSG']= "";
140 $this->checks['acls']['ERROR_MSG'] = "";
141 $this->check_administrativeAccount();
143 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree");
144 $this->checks['outside_users']['STATUS'] = FALSE;
145 $this->checks['outside_users']['STATUS_MSG']= "";
146 $this->checks['outside_users']['ERROR_MSG'] = "";
147 $this->search_outside_users();
149 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree");
150 $this->checks['outside_groups']['STATUS'] = FALSE;
151 $this->checks['outside_groups']['STATUS_MSG']= "";
152 $this->checks['outside_groups']['ERROR_MSG'] = "";
153 $this->search_outside_groups();
155 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation tree");
156 $this->checks['outside_winstations']['STATUS'] = FALSE;
157 $this->checks['outside_winstations']['STATUS_MSG']= "";
158 $this->checks['outside_winstations']['ERROR_MSG'] = "";
159 $this->search_outside_winstations();
161 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicate uid numbers");
162 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
163 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
164 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
165 $this->check_uidNumber();
167 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate gid numbers");
168 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
169 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
170 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
171 $this->check_gidNumber();
172 }
175 /* Check if there are uidNumbers which are used more than once.
176 */
177 function check_uidNumber()
178 {
179 $cv = $this->parent->captured_values;
180 $ldap = new LDAP($cv['admin'],
181 $cv['password'],
182 $cv['connection'],
183 FALSE,
184 $cv['tls']);
186 $ldap->cd($cv['base']);
187 $res = $ldap->search("(&(objectClass=posixAccount)(uidNumber=*))",array("dn","uidNumber"));
188 if(!$res){
189 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
190 $this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
191 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
192 return(false);
193 }
195 $this->check_uidNumbers= array();
196 $tmp = array();
197 while($attrs = $ldap->fetch()){
198 $tmp[$attrs['uidNumber'][0]][] = $attrs;
199 }
201 foreach($tmp as $id => $entries){
202 if(count($entries) > 1){
203 foreach($entries as $entry){
204 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
205 }
206 }
207 }
209 if($this->check_uidNumbers){
210 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
211 $this->checks['uidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
212 $this->checks['uidNumber_usage']['ERROR_MSG'] =
213 sprintf(_("Found %s duplicate values for attribute 'uidNumber'."),count($this->check_uidNumbers));
214 return(false);
215 }else{
216 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
217 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
218 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
219 return(TRUE);
220 }
221 }
224 /* Check if there are duplicated gidNumbers present in ldap
225 */
226 function check_gidNumber()
227 {
228 $cv = $this->parent->captured_values;
229 $ldap = new LDAP($cv['admin'],
230 $cv['password'],
231 $cv['connection'],
232 FALSE,
233 $cv['tls']);
235 $ldap->cd($cv['base']);
236 $res = $ldap->search("(&(objectClass=posixGroup)(gidNumber=*))",array("dn","gidNumber"));
237 if(!$res){
238 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
239 $this->checks['gidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
240 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
241 return(false);
242 }
244 $this->check_gidNumbers= array();
245 $tmp = array();
246 while($attrs = $ldap->fetch()){
247 $tmp[$attrs['gidNumber'][0]][] = $attrs;
248 }
250 foreach($tmp as $id => $entries){
251 if(count($entries) > 1){
252 foreach($entries as $entry){
253 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
254 }
255 }
256 }
258 if($this->check_gidNumbers){
259 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
260 $this->checks['gidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
261 $this->checks['gidNumber_usage']['ERROR_MSG'] =
262 sprintf(_("Found %s duplicate values for attribute 'gidNumber'."),count($this->check_gidNumbers));
263 return(false);
264 }else{
265 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
266 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
267 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
268 return(TRUE);
269 }
270 }
273 /* Search for winstations outside the winstation ou
274 */
275 function search_outside_winstations()
276 {
277 $cv = $this->parent->captured_values;
278 $ldap = new LDAP($cv['admin'],
279 $cv['password'],
280 $cv['connection'],
281 FALSE,
282 $cv['tls']);
284 /* Get winstation ou */
285 if($cv['generic_settings']['wws_ou_active']) {
286 $winstation_ou = $cv['generic_settings']['wws_ou'];
287 }else{
288 $winstation_ou = "ou=winstations";
289 }
291 if($cv['samba_version'] == 3){
292 $oc = "sambaSamAccount";
293 }else{
294 $oc = "sambaAccount";
295 }
297 $ldap->cd($cv['base']);
298 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
299 if(!$res){
300 $this->checks['outside_winstations']['STATUS'] = FALSE;
301 $this->checks['outside_winstations']['STATUS_MSG']= _("LDAP query failed");
302 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
303 return(false);
304 }
306 $this->outside_winstations = array();
307 while($attrs = $ldap->fetch()){
308 if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
309 $attrs['selected'] = FALSE;
310 $attrs['ldif'] = "";
311 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
312 }
313 }
315 if(count($this->outside_winstations)){
316 $this->checks['outside_winstations']['STATUS'] = FALSE;
317 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
318 $this->checks['outside_winstations']['ERROR_MSG'] =
319 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
320 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."...'>";
321 return(false);
322 }else{
323 $this->checks['outside_winstations']['STATUS'] = TRUE;
324 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
325 $this->checks['outside_winstations']['ERROR_MSG'] = "";
326 return(TRUE);
327 }
328 }
331 /* Search for groups outside the group ou
332 */
333 function search_outside_groups()
334 {
335 $cv = $this->parent->captured_values;
336 $ldap = new LDAP($cv['admin'],
337 $cv['password'],
338 $cv['connection'],
339 FALSE,
340 $cv['tls']);
342 $group_ou = $cv['groupou'];
343 $ldap->cd($cv['base']);
345 /***********
346 * Get all gosaDepartments to be able to
347 * validate correct ldap tree position of every single user
348 ***********/
349 $valid_deps = array();
350 $valid_deps['/'] = $cv['base'];
351 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
352 while($attrs = $ldap->fetch()){
353 $valid_deps[] = $attrs['dn'];
354 }
356 /***********
357 * Get all groups
358 ***********/
359 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
360 if(!$res){
361 $this->checks['outside_groups']['STATUS'] = FALSE;
362 $this->checks['outside_groups']['STATUS_MSG']= _("LDAP query failed");
363 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
364 return(false);
365 }
367 $this->outside_groups = array();
368 while($attrs = $ldap->fetch()){
369 $group_db_base = preg_replace("/^[^,]+,".normalizePreg($group_ou)."+,/i","",$attrs['dn']);
371 /* Check if entry is not an addressbook only user
372 * and verify that he is in a valid department
373 */
374 if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$group_db_base) &&
375 !in_array($group_db_base,$valid_deps)
376 ){
377 $attrs['selected'] = FALSE;
378 $attrs['ldif'] = "";
379 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
380 }
381 }
383 if(count($this->outside_groups)){
384 $this->checks['outside_groups']['STATUS'] = FALSE;
385 $this->checks['outside_groups']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
386 $this->checks['outside_groups']['ERROR_MSG'] =
387 sprintf(_("Found %s groups outside the configured tree '%s'."),count($this->outside_groups),$group_ou);
388 $this->checks['outside_groups']['ERROR_MSG'].= " <input type='submit' name='outside_groups_dialog' value='"._("Move")."...'>";
389 return(false);
390 }else{
391 $this->checks['outside_groups']['STATUS'] = TRUE;
392 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
393 $this->checks['outside_groups']['ERROR_MSG'] = "";
394 return(TRUE);
395 }
396 }
399 /* Search for users outside the people ou
400 */
401 function search_outside_users()
402 {
403 $cv = $this->parent->captured_values;
404 $ldap = new LDAP($cv['admin'],
405 $cv['password'],
406 $cv['connection'],
407 FALSE,
408 $cv['tls']);
410 $ldap->cd($cv['base']);
413 /***********
414 * Get all gosaDepartments to be able to
415 * validate correct ldap tree position of every single user
416 ***********/
417 $valid_deps = array();
418 $valid_deps['/'] = $cv['base'];
419 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
420 while($attrs = $ldap->fetch()){
421 $valid_deps[] = $attrs['dn'];
422 }
424 /***********
425 * Search for all users
426 ***********/
427 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
428 if(!$res){
429 $this->checks['outside_users']['STATUS'] = FALSE;
430 $this->checks['outside_users']['STATUS_MSG']= _("LDAP query failed");
431 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
432 return(false);
433 }
435 /***********
436 * Check if returned users are within a valid GOsa deparmtment. (peopleou,gosaDepartment,base)
437 ***********/
438 $this->outside_users = array();
439 $people_ou = trim($cv['peopleou']);
440 if(!empty($people_ou)){
441 $people_ou = $people_ou.",";
442 }
444 while($attrs = $ldap->fetch()){
445 $people_db_base = preg_replace("/^[^,]+,".normalizePreg($people_ou)."/i","",$attrs['dn']);
447 /* Check if entry is not an addressbook only user
448 * and verify that he is in a valid department
449 */
450 if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$people_db_base) &&
451 !in_array($people_db_base,$valid_deps)
452 ){
453 $attrs['selected'] = FALSE;
454 $attrs['ldif'] = "";
455 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
456 }
457 }
459 if(count($this->outside_users)){
460 $this->checks['outside_users']['STATUS'] = FALSE;
461 $this->checks['outside_users']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
462 $this->checks['outside_users']['ERROR_MSG'] =
463 sprintf(_("Found %s user(s) outside the configured tree '%s'."),count($this->outside_users),$people_ou);
464 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Move")."...'>";
465 return(false);
466 }else{
467 $this->checks['outside_users']['STATUS'] = TRUE;
468 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
469 $this->checks['outside_users']['ERROR_MSG'] = "";
470 return(TRUE);
471 }
472 }
475 /* Check ldap accessibility
476 * Create and remove a dummy object,
477 * to ensure that we have the necessary permissions
478 */
479 function check_ldap_permissions()
480 {
481 $cv = $this->parent->captured_values;
482 $ldap = new LDAP($cv['admin'],
483 $cv['password'],
484 $cv['connection'],
485 FALSE,
486 $cv['tls']);
488 /* Create dummy entry
489 */
490 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
491 $dn = "ou=".$name.",".$cv['base'];
492 $testEntry= array();
493 $testEntry['objectClass'][]= "top";
494 $testEntry['objectClass'][]= "organizationalUnit";
495 $testEntry['objectClass'][]= "gosaDepartment";
496 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
497 $testEntry['ou'] = $name;
499 /* check if simple ldap cat will be successful
500 */
501 $res = $ldap->cat($cv['base']);
502 if(!$res){
503 $this->checks['permissions']['STATUS'] = FALSE;
504 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
505 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
506 return(false);
507 }
509 /* Try to create dummy object
510 */
511 $ldap->cd ($dn);
512 $ldap->create_missing_trees($dn);
513 $res = $ldap->add($testEntry);
514 $ldap->cat($dn);
515 if(!$ldap->count()){
516 gosa_log($ldap->get_error());
517 $this->checks['permissions']['STATUS'] = FALSE;
518 $this->checks['permissions']['STATUS_MSG']= _("Failed");
519 $this->checks['permissions']['ERROR_MSG'] =
520 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
521 return(false);
522 }
524 /* Try to remove created entry
525 */
526 $res = $ldap->rmDir($dn);
527 $ldap->cat($dn);
528 if($ldap->count()){
529 gosa_log($ldap->get_error());
530 $this->checks['permissions']['STATUS'] = FALSE;
531 $this->checks['permissions']['STATUS_MSG']= _("Failed");
532 $this->checks['permissions']['ERROR_MSG'] =
533 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
534 return(false);
535 }
537 /* Create & remove of dummy object was successful */
538 $this->checks['permissions']['STATUS'] = TRUE;
539 $this->checks['permissions']['STATUS_MSG']= _("Ok");
540 $this->checks['permissions']['ERROR_MSG'] = "";
541 return(true);
542 }
545 /* Check if there are users which will
546 * be invisible for GOsa
547 */
548 function check_gosaAccounts()
549 {
550 /* Remember old list of ivisible users, to be able to set
551 * the 'html checked' status for the checkboxes again
552 */
553 $cnt_ok = 0;
554 $old = $this->users_to_migrate;
555 $this->users_to_migrate = array();
557 /* Get collected configuration settings */
558 $cv = $this->parent->captured_values;
560 /* Establish ldap connection */
561 $ldap = new LDAP($cv['admin'],
562 $cv['password'],
563 $cv['connection'],
564 FALSE,
565 $cv['tls']);
567 /* Get all invisible users
568 */
569 $ldap->cd($cv['base']);
570 $res =$ldap->search("(&(|(objectClass=posixAccount)(&(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))(!(objectClass=gosaAccount))(uid=*))",array("sn","givenName","cn","uid"));
571 while($attrs = $ldap->fetch()){
572 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
573 $attrs['checked'] = FALSE;
574 $attrs['before'] = "";
575 $attrs['after'] = "";
577 /* Set objects to selected, that were selected before reload */
578 if(isset($old[base64_encode($attrs['dn'])])){
579 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
580 }
581 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
582 }
583 }
585 /* No invisible */
586 if(!$res){
587 $this->checks['users_visible']['STATUS'] = FALSE;
588 $this->checks['users_visible']['STATUS_MSG']= _("LDAP query failed");
589 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
590 }elseif(count($this->users_to_migrate) == 0){
591 $this->checks['users_visible']['STATUS'] = TRUE;
592 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
593 $this->checks['users_visible']['ERROR_MSG'] = "";
594 }else{
595 $this->checks['users_visible']['STATUS'] = FALSE;
596 $this->checks['users_visible']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
597 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s user(s) that will not be visible in GOsa."),
598 count($this->users_to_migrate));
599 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."...'>";
600 }
601 }
604 /* Start user account migration
605 */
606 function migrate_gosaAccounts($only_ldif = FALSE)
607 {
608 $this->show_details= $only_ldif;
610 /* Get collected configuration settings */
611 $cv = $this->parent->captured_values;
613 /* Establish ldap connection */
614 $ldap = new LDAP($cv['admin'],
615 $cv['password'],
616 $cv['connection'],
617 FALSE,
618 $cv['tls']);
620 /* Add gosaAccount objectClass to the selected users
621 */
622 foreach($this->users_to_migrate as $key => $dep){
623 if($dep['checked']){
625 /* Get old objectClasses */
626 $ldap->cat($dep['dn'],array("objectClass"));
627 $attrs = $ldap->fetch();
629 /* Create new objectClass array */
630 $new_attrs = array();
631 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
632 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
633 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
634 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
635 }
636 }
638 /* Set info attributes for current object,
639 * or write changes to the ldap database
640 */
641 if($only_ldif){
642 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
643 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
644 }else{
645 $ldap->cd($attrs['dn']);
646 if(!$ldap->modify($new_attrs)){
647 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
648 return(false);
649 }
650 }
651 }
652 }
653 return(TRUE);
654 }
657 /* Check if there are invisible organizational Units
658 */
659 function check_organizationalUnits()
660 {
661 $cnt_ok = 0;
662 $old = $this->deps_to_migrate;
663 $this->deps_to_migrate = array();
665 /* Get collected configuration settings */
666 $cv = $this->parent->captured_values;
668 /* Establish ldap connection */
669 $ldap = new LDAP($cv['admin'],
670 $cv['password'],
671 $cv['connection'],
672 FALSE,
673 $cv['tls']);
675 /* Skip GOsa internal departments */
676 $skip_dns = array("/".$cv['peopleou']."/","/".$cv['groupou']."/","/^ou=people,/",
677 "/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
678 "/(,|)ou=apps,/","/(,|)ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
679 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
680 "/(,|)ou=winstations,/");
682 /* Get all invisible departments */
683 $ldap->cd($cv['base']);
684 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
685 while($attrs = $ldap->fetch()){
686 $attrs['checked'] = FALSE;
687 $attrs['before'] = "";
688 $attrs['after'] = "";
690 /* Set objects to selected, that were selected before reload */
691 if(isset($old[base64_encode($attrs['dn'])])){
692 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
693 }
694 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
695 }
697 /* Filter returned list of departments and ensure that
698 * GOsa internal departments will not be listed
699 */
700 foreach($this->deps_to_migrate as $key => $attrs){
701 $dn = $attrs['dn'];
702 $skip = false;
703 foreach($skip_dns as $skip_dn){
704 if(preg_match($skip_dn,$dn)){
705 $skip = true;
706 }
707 }
708 if($skip){
709 unset($this->deps_to_migrate[$key]);
710 }
711 }
713 /* If we have no invisible departments found
714 * tell the user that everything is ok
715 */
716 if(!$res){
717 $this->checks['deps_visible']['STATUS'] = FALSE;
718 $this->checks['deps_visible']['STATUS_MSG']= _("LDAP query failed");
719 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
720 }elseif(count($this->deps_to_migrate) == 0 ){
721 $this->checks['deps_visible']['STATUS'] = TRUE;
722 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
723 $this->checks['deps_visible']['ERROR_MSG'] = "";
724 }else{
725 $this->checks['deps_visible']['STATUS'] = TRUE;
726 $this->checks['deps_visible']['STATUS_MSG']= '<font style="color:#FFA500">'._("Warning").'</font>';
727 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s department(s) that will not be visible in GOsa."),count($this->deps_to_migrate));
728 $this->checks['deps_visible']['ERROR_MSG'] .= " <input type='submit' name='deps_visible_migrate' value='"._("Migrate")."...'>";
729 }
730 }
734 /* Start deparmtment migration */
735 function migrate_organizationalUnits($only_ldif = FALSE)
736 {
737 $this->show_details= $only_ldif;
739 /* Get collected configuration settings */
740 $cv = $this->parent->captured_values;
742 /* Establish ldap connection */
743 $ldap = new LDAP($cv['admin'],
744 $cv['password'],
745 $cv['connection'],
746 FALSE,
747 $cv['tls']);
749 /* Add gosaDepartment objectClass to each selected entry
750 */
751 foreach($this->deps_to_migrate as $key => $dep){
752 if($dep['checked']){
754 /* Get current objectClasses */
755 $ldap->cat($dep['dn'],array("objectClass","description"));
756 $attrs = $ldap->fetch();
758 /* Create new objectClass attribute including gosaDepartment*/
759 $new_attrs = array();
760 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
761 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
762 }
763 $new_attrs['objectClass'][] = "gosaDepartment";
765 /* Append description it is missing */
766 if(!isset($attrs['description'])){
767 $new_attrs['description'][] = "GOsa department";
768 }
770 /* Depending on the parameter >only_diff< we save the changes as ldif
771 * or we write our changes directly to the ldap database
772 */
773 if($only_ldif){
774 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
775 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
776 }else{
777 $ldap->cd($attrs['dn']);
778 if(!$ldap->modify($new_attrs)){
779 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
780 return(false);
781 }
782 }
783 }
784 }
785 return(TRUE);
786 }
789 /* Check Acls if there is at least one object with acls defined
790 */
791 function check_administrativeAccount()
792 {
793 /* Establish ldap connection */
794 $cv = $this->parent->captured_values;
795 $ldap = new LDAP($cv['admin'],
796 $cv['password'],
797 $cv['connection'],
798 FALSE,
799 $cv['tls']);
801 /* Search for groups that have complete permissions */
802 $ldap->cd($cv['base']);
803 $res = $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
805 /* If ldap search failed, set error message */
806 if(!$res){
807 $this->checks['acls']['STATUS'] = FALSE;
808 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
809 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
810 }else{
812 /* */
813 $found = FALSE;
814 $debug = "";
815 $admin_groups = array();
817 /* Get all returned groups */
818 while($attrs = $ldap->fetch()){
819 $admin_groups[]= $attrs;
820 }
822 /* Walk through groups and check if memberUid exists in ldap database */
823 foreach($admin_groups as $group){
825 $debug .= "<b>".$group['cn'][0].":</b><br>";
827 $count_member = $group['memberUid']['count'];
829 /* Check every single group member */
830 for($i = 0 ; $i < $count_member ; $i++){
831 $debug .= $group['memberUid'][$i];
833 /* Check if user exists */
834 $ldap->search("(&(objectClass=gosaAccount)(uid=".$group['memberUid'][$i]."))",array("dn"));
835 $cnt= $ldap->count();
837 /* Update found-status if there is a member available */
838 if($cnt == 1){
839 $debug .= " <i>->Found</i><br>";
840 $found = TRUE;
841 }elseif($cnt == 0 ){
842 $debug .= " <font color='red'>-> NOT Found</font><br>";
843 }else{
844 $debug .= " <font color='red'>-> Found more than once -.- </font><br>";
845 }
846 }
848 }
849 # For debugging
850 # echo $debug."<br>----------------<br>";
852 if($found){
853 $this->checks['acls']['STATUS'] = TRUE;
854 $this->checks['acls']['STATUS_MSG']= _("Ok");
855 $this->checks['acls']['ERROR_MSG'] = "";
856 }else{
857 $this->checks['acls']['STATUS'] = FALSE;
858 $this->checks['acls']['STATUS_MSG']= _("Failed");
859 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
860 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
861 }
862 }
863 return($ldap->count()>=1);
864 }
868 function create_admin($only_ldif = FALSE)
869 {
870 /* Reset '' */
871 $this->acl_create_changes="";
873 /* Object that should receive admin acls */
874 $dn = $this->acl_create_selected;
876 /* Get collected configuration settings */
877 $cv = $this->parent->captured_values;
879 /* Establish ldap connection */
880 $ldap = new LDAP($cv['admin'],
881 $cv['password'],
882 $cv['connection'],
883 FALSE,
884 $cv['tls']);
886 $ldap->cd($cv['base']);
887 $ldap->cat($dn,array("objectClass","cn","uid"));
888 $object_attrs = $ldap->fetch();
889 $type = "none";
891 /* Check object that should receive admin acls */
892 if(in_array("gosaAccount",$object_attrs['objectClass'])){
893 $type = "user";
894 }elseif(in_array("posixGroup",$object_attrs['objectClass'])){
895 $type = "group";
896 }
898 /* If a user should get administrative acls, we
899 * should check if there is an administrational group
900 * and just assign the user to it.
901 * If there is no such group, we must create one.
902 */
903 if($type == "user"){
905 $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid"));
906 if($ldap->count()){
907 $fetched_attrs = $ldap->fetch();
908 $attrs_admin_group = $this->cleanup_array($fetched_attrs);
909 $attrs_admin_group_new = $attrs_admin_group;
911 if(!isset($attrs_admin_group_new['memberUid'])){
912 $attrs_admin_group_new['memberUid'] = array();
913 }
914 if(!in_array($object_attrs['uid'][0],$attrs_admin_group_new['memberUid'])){
915 $attrs_admin_group_new['memberUid'][] = $object_attrs['uid'][0];
916 }
917 if ($cv['rfc2307bis']){
918 $attrs_admin_group_new['member'][] = $dn;
919 }
921 if($only_ldif){
922 $this->acl_create_changes = _("Appending user to group administrational group:")." \n";
923 $this->acl_create_changes.= "\n"._("Before").":\n";
924 $this->acl_create_changes.= $fetched_attrs['dn']."\n";
925 $this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group)."\n";
926 $this->acl_create_changes.= "\n"._("After").":\n";
927 $this->acl_create_changes.= $fetched_attrs['dn']."\n";
928 $this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group_new)."\n";
929 }else{
930 $ldap->cd($fetched_attrs['dn']);
931 $ldap->modify($attrs_admin_group_new);
932 if(!preg_match("/success/i",$ldap->get_error())){
933 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
934 return(FALSE);
935 }
936 }
938 } else {
940 $group_ou = trim($cv['groupou']);
941 if(!empty($group_ou)){
942 $group_ou = trim($group_ou).",";
943 }
945 $new_group_dn = "cn=GOsa Administrators,".$group_ou.$cv['base'];
946 if ($cv['rfc2307bis']){
947 $new_group_attrs['objectClass'] = array("gosaObject","posixGroup", "groupOfNames");
948 $new_group_attrs['member'][] = $dn;
949 } else {
950 $new_group_attrs['objectClass'] = array("gosaObject","posixGroup");
951 }
952 $new_group_attrs['cn'] = "GOsa Administrators";
953 $new_group_attrs['gosaSubtreeACL'] = ":all";
954 $new_group_attrs['gidNumber'] = "999";
955 $new_group_attrs['memberUid'] = array($object_attrs['uid'][0]);
957 if($only_ldif){
958 $this->acl_create_changes = _("Creating new administrational group:")." \n\n";
959 $this->acl_create_changes.= $new_group_dn."\n";
960 $this->acl_create_changes.= $this->array_to_ldif($new_group_attrs);
961 }else{
962 $ldap->cd($cv['base']);
963 $ldap->create_missing_trees($group_ou.$cv['base']);
964 $ldap->cd($new_group_dn);
965 $res = $ldap->add($new_group_attrs);
966 if(!$res){
967 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
968 return(FALSE);
969 }
970 }
971 }
972 }
973 return(TRUE);
974 }
977 function create_admin_user()
978 {
979 $pw1 = $pw2 = "";
980 $uid = "";
982 if(isset($_POST['new_user_uid'])){
983 $uid = $_POST['new_user_uid'];
984 }
986 if(isset($_POST['new_user_password'])){
987 $pw1 = $_POST['new_user_password'];
988 }
989 if(isset($_POST['new_user_password2'])){
990 $pw2 = $_POST['new_user_password2'];
991 }
993 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
994 print_red(_("Specified passwords are empty or not equal."));
995 return false;
996 }
998 if(!is_uid($uid) || empty($uid)){
999 print_red(_("Please specify a valid uid."));
1000 return false;
1001 }
1003 /* Establish ldap connection */
1004 $cv = $this->parent->captured_values;
1005 $ldap = new LDAP($cv['admin'],
1006 $cv['password'],
1007 $cv['connection'],
1008 FALSE,
1009 $cv['tls']);
1011 /* Get current base attributes */
1012 $ldap->cd($cv['base']);
1014 $people_ou = trim($cv['peopleou']);
1015 if(!empty($people_ou)){
1016 $people_ou = trim($people_ou).",";
1017 }
1019 if($cv['peopledn'] == "cn"){
1020 $dn = "cn=System Administrator,".$people_ou.$cv['base'];
1021 }else{
1022 $dn = "uid=".$uid.",".$people_ou.$cv['base'];
1023 }
1025 $methods = @passwordMethod::get_available_methods_if_not_loaded();
1026 $p_m = $methods[$cv['encryption']];
1027 $p_c = new $p_m(array());
1028 $hash = $p_c->generate_hash($pw2);
1030 $new_user=array();
1031 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
1032 $new_user['givenName'] = "System";
1033 $new_user['sn'] = "Administrator";
1034 $new_user['cn'] = "System Administrator";
1035 $new_user['uid'] = $uid;
1036 $new_user['userPassword'] = $hash;
1038 $ldap->cd($cv['base']);
1039 $ldap->cat($dn,array("dn"));
1040 if($ldap->count()){
1041 print_red(sprintf(_("Could not add administrative user, there is already an object with the same dn '%s' in your ldap database."),
1042 $dn));
1043 return(FALSE);
1044 }
1046 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
1047 $ldap->cd($dn);
1048 $res = $ldap->add($new_user);
1049 $this->acl_create_selected = $dn;
1050 $this->create_admin(FALSE, $dn);
1052 if(!$res){
1053 print_red($ldap->get_error());
1054 return(FALSE);
1055 }
1057 $this->acl_create_dialog=FALSE;
1058 $this->check_administrativeAccount();
1059 return(TRUE);
1060 }
1063 function migrate_outside_winstations($perform = FALSE)
1064 {
1065 /* Establish ldap connection */
1066 $cv = $this->parent->captured_values;
1067 $ldap = new LDAP($cv['admin'],
1068 $cv['password'],
1069 $cv['connection'],
1070 FALSE,
1071 $cv['tls']);
1073 $ldap->cd($cv['base']);
1075 /* Check if there was a destination department posted */
1076 if(isset($_POST['move_winstation_to'])){
1077 $destination_dep = $_POST['move_winstation_to'];
1078 }else{
1079 print_red(_("Couldn't move users to specified department."));
1080 return(false);
1081 }
1083 foreach($this->outside_winstations as $b_dn => $data){
1084 $this->outside_winstations[$b_dn]['ldif'] ="";
1085 if($data['selected']){
1086 $dn = base64_decode($b_dn);
1087 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1088 if(!$perform){
1089 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1092 /* Check if there are references to this object */
1093 $ldap->search("(&(member=".@LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1094 $refs = "";
1095 while($attrs = $ldap->fetch()){
1096 $ref_dn = $attrs['dn'];
1097 $refs .= "<br />\t".$ref_dn;
1098 }
1099 if(!empty($refs)){
1100 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1101 }
1103 }else{
1104 $this->move($dn,$d_dn);
1105 }
1106 }
1107 }
1108 }
1111 function migrate_outside_groups($perform = FALSE)
1112 {
1113 /* Establish ldap connection */
1114 $cv = $this->parent->captured_values;
1115 $ldap = new LDAP($cv['admin'],
1116 $cv['password'],
1117 $cv['connection'],
1118 FALSE,
1119 $cv['tls']);
1121 $ldap->cd($cv['base']);
1123 /* Check if there was a destination department posted */
1124 if(isset($_POST['move_group_to'])){
1125 $destination_dep = $_POST['move_group_to'];
1126 }else{
1127 print_red(_("Couldn't move users to specified department."));
1128 return(false);
1129 }
1131 foreach($this->outside_groups as $b_dn => $data){
1132 $this->outside_groups[$b_dn]['ldif'] ="";
1133 if($data['selected']){
1134 $dn = base64_decode($b_dn);
1135 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1136 if(!$perform){
1137 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1140 /* Check if there are references to this object */
1141 $ldap->search("(&(member=".@LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1142 $refs = "";
1143 while($attrs = $ldap->fetch()){
1144 $ref_dn = $attrs['dn'];
1145 $refs .= "<br />\t".$ref_dn;
1146 }
1147 if(!empty($refs)){
1148 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1149 }
1151 }else{
1152 $this->move($dn,$d_dn);
1153 }
1154 }
1155 }
1156 }
1159 function migrate_outside_users($perform = FALSE)
1160 {
1161 /* Establish ldap connection */
1162 $cv = $this->parent->captured_values;
1163 $ldap = new LDAP($cv['admin'],
1164 $cv['password'],
1165 $cv['connection'],
1166 FALSE,
1167 $cv['tls']);
1169 $ldap->cd($cv['base']);
1171 /* Check if there was a destination department posted */
1172 if(isset($_POST['move_user_to'])){
1173 $destination_dep = $_POST['move_user_to'];
1174 }else{
1175 print_red(_("Couldn't move users to specified department."));
1176 return(false);
1177 }
1179 foreach($this->outside_users as $b_dn => $data){
1180 $this->outside_users[$b_dn]['ldif'] ="";
1181 if($data['selected']){
1182 $dn = base64_decode($b_dn);
1183 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1184 if(!$perform){
1185 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1187 /* Check if there are references to this object */
1188 $ldap->search("(&(member=".@LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1189 $refs = "";
1190 while($attrs = $ldap->fetch()){
1191 $ref_dn = $attrs['dn'];
1192 $refs .= "<br />\t".$ref_dn;
1193 }
1194 if(!empty($refs)){
1195 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("The following references will be updated").":</i>".$refs;
1196 }
1198 }else{
1199 $this->move($dn,$d_dn);
1200 }
1201 }
1202 }
1203 }
1206 function execute()
1207 {
1208 /* Initialise checks if this is the first call */
1209 if(!$this->checks_initialised || isset($_POST['reload'])){
1210 $this->initialize_checks();
1211 $this->checks_initialised = TRUE;
1212 }
1214 /*************
1215 * Winstations outside the group ou
1216 *************/
1218 if(isset($_POST['outside_winstations_dialog_cancel'])){
1219 $this->outside_winstations_dialog = FALSE;
1220 $this->dialog = FALSE;
1221 $this->show_details = FALSE;
1222 }
1224 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1225 $this->migrate_outside_winstations(FALSE);
1226 }
1228 if(isset($_POST['outside_winstations_dialog_perform'])){
1229 $this->migrate_outside_winstations(TRUE);
1230 $this->search_outside_winstations();
1231 $this->dialog = FALSE;
1232 $this->show_details = FALSE;
1233 $this->outside_winstations_dialog = FALSE;
1234 }
1236 if(isset($_POST['outside_winstations_dialog'])){
1237 $this->outside_winstations_dialog = TRUE;
1238 $this->dialog = TRUE;
1239 }
1241 if($this->outside_winstations_dialog){
1242 $smarty = get_smarty();
1243 $smarty->assign("ous",$this->get_all_winstation_ous());
1244 $smarty->assign("method","outside_winstations");
1245 $smarty->assign("outside_winstations",$this->outside_winstations);
1246 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1247 }
1248 /*************
1249 * Groups outside the group ou
1250 *************/
1252 if(isset($_POST['outside_groups_dialog_cancel'])){
1253 $this->outside_groups_dialog = FALSE;
1254 $this->show_details = FALSE;
1255 $this->dialog = FALSE;
1256 }
1258 if(isset($_POST['outside_groups_dialog_whats_done'])){
1259 $this->show_details= TRUE;
1260 $this->migrate_outside_groups(FALSE);
1261 }
1263 if(isset($_POST['outside_groups_dialog_refresh'])){
1264 $this->show_details= FALSE;
1265 }
1267 if(isset($_POST['outside_groups_dialog_perform'])){
1268 $this->migrate_outside_groups(TRUE);
1269 $this->dialog = FALSE;
1270 $this->show_details = FALSE;
1271 $this->outside_groups_dialog = FALSE;
1272 $this->initialize_checks();
1273 }
1275 if(isset($_POST['outside_groups_dialog'])){
1276 $this->outside_groups_dialog = TRUE;
1277 $this->dialog = TRUE;
1278 }
1280 if($this->outside_groups_dialog){
1281 $smarty = get_smarty();
1282 $smarty->assign("ous",$this->get_all_group_ous());
1283 $smarty->assign("method","outside_groups");
1284 $smarty->assign("outside_groups",$this->outside_groups);
1285 $smarty->assign("group_details", $this->show_details);
1286 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1287 }
1289 /*************
1290 * User outside the people ou
1291 *************/
1293 if(isset($_POST['outside_users_dialog_cancel'])){
1294 $this->outside_users_dialog = FALSE;
1295 $this->dialog = FALSE;
1296 $this->show_details = FALSE;
1297 }
1299 if(isset($_POST['outside_users_dialog_whats_done'])){
1300 $this->show_details= TRUE;
1301 $this->migrate_outside_users(FALSE);
1302 }
1304 if(isset($_POST['outside_users_dialog_perform'])){
1305 $this->migrate_outside_users(TRUE);
1306 $this->initialize_checks();
1307 $this->dialog = FALSE;
1308 $this->show_details = FALSE;
1309 $this->outside_users_dialog = FALSE;
1310 }
1312 if (isset($_POST['outside_users_dialog_refresh'])){
1313 $this->show_details= FALSE;
1314 }
1316 if(isset($_POST['outside_users_dialog'])){
1317 $this->outside_users_dialog = TRUE;
1318 $this->dialog = TRUE;
1319 }
1321 if($this->outside_users_dialog){
1322 $smarty = get_smarty();
1323 $smarty->assign("ous",$this->get_all_people_ous());
1324 $smarty->assign("method","outside_users");
1325 $smarty->assign("outside_users",$this->outside_users);
1326 $smarty->assign("user_details", $this->show_details);
1327 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1328 }
1330 /*************
1331 * Root object check
1332 *************/
1334 if(isset($_POST['retry_root_create'])){
1336 $state = $this->checks['root']['STATUS'];
1337 $this->checkBase(FALSE);
1338 if($state != $this->checks['root']['STATUS']){
1339 $this->initialize_checks();
1340 }
1341 }
1343 /*************
1344 * User Migration handling
1345 *************/
1347 if(isset($_POST['retry_acls'])){
1348 $this->check_administrativeAccount();
1349 }
1351 if(isset($_POST['create_acls'])){
1352 $this->acl_create_dialog = TRUE;
1353 $this->dialog = TRUE;
1354 }
1356 if(isset($_POST['create_acls_cancel'])){
1357 $this->acl_create_dialog = FALSE;
1358 $this->dialog = FALSE;
1359 $this->show_details = FALSE;
1360 }
1362 # if(isset($_POST['create_acls_create_confirmed'])){
1363 # if($this->create_admin()){
1364 # $this->acl_create_dialog = FALSE;
1365 # $this->dialog = FALSE;
1366 # $this->show_details = FALSE;
1367 # $this->initialize_checks();
1368 # }
1369 # }
1371 if(isset($_POST['create_acls_create'])){
1372 $this->create_admin(TRUE);
1373 }
1375 if(isset($_POST['create_admin_user'])){
1376 if($this->create_admin_user()){
1377 $this->dialog = FALSE;
1378 $this->show_details = FALSE;
1379 }
1380 }
1382 if($this->acl_create_dialog){
1383 $smarty = get_smarty();
1385 $uid = "admin";
1386 if(isset($_POST['new_user_uid'])){
1387 $uid = $_POST['new_user_uid'];
1388 }
1390 $smarty->assign("new_user_uid",$uid);
1391 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1392 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1393 $smarty->assign("method","create_acls");
1394 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1395 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1396 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1397 }
1399 /*************
1400 * User Migration handling
1401 *************/
1403 /* Refresh list of deparments */
1404 if(isset($_POST['users_visible_migrate_refresh'])){
1405 $this->check_gosaAccounts();
1406 }
1408 /* Open migration dialog */
1409 if(isset($_POST['users_visible_migrate'])){
1410 $this->show_details= FALSE;
1411 $this->users_migration_dialog = TRUE;
1412 $this->dialog =TRUE;
1413 }
1415 /* Close migration dialog */
1416 if(isset($_POST['users_visible_migrate_close'])){
1417 $this->users_migration_dialog = FALSE;
1418 $this->dialog =FALSE;
1419 $this->show_details = FALSE;
1420 }
1422 /* Start migration */
1423 if(isset($_POST['users_visible_migrate_migrate'])){
1424 if($this->migrate_gosaAccounts()){
1425 $this->initialize_checks();
1426 $this->dialog = FALSE;
1427 $this->show_details = FALSE;
1428 $this->users_migration_dialog = FALSE;
1429 }
1430 }
1432 /* Start migration */
1433 if(isset($_POST['users_visible_migrate_whatsdone'])){
1434 $this->migrate_gosaAccounts(TRUE);
1435 }
1437 /* Display migration dialog */
1438 if($this->users_migration_dialog){
1439 $smarty = get_smarty();
1440 $smarty->assign("users_to_migrate",$this->users_to_migrate);
1441 $smarty->assign("method","migrate_users");
1442 $smarty->assign("user_details", $this->show_details);
1443 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1444 }
1447 /*************
1448 * Department Migration handling
1449 *************/
1451 /* Refresh list of deparments */
1452 if(isset($_POST['deps_visible_migrate_refresh'])){
1453 $this->check_organizationalUnits();
1454 $this->show_details= FALSE;
1455 }
1457 /* Open migration dialog */
1458 if(isset($_POST['deps_visible_migrate'])){
1459 $this->dep_migration_dialog = TRUE;
1460 $this->dialog =TRUE;
1461 }
1463 /* Close migration dialog */
1464 if(isset($_POST['deps_visible_migrate_close'])){
1465 $this->dep_migration_dialog = FALSE;
1466 $this->dialog =FALSE;
1467 $this->show_details = FALSE;
1468 }
1470 /* Start migration */
1471 if(isset($_POST['deps_visible_migrate_migrate'])){
1472 if($this->migrate_organizationalUnits()){
1473 $this->show_details= FALSE;
1474 $this->check_organizationalUnits();
1475 $this->dialog = FALSE;
1476 $this->dep_migration_dialog = FALSE;
1477 }
1478 }
1480 /* Start migration */
1481 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1482 $this->migrate_organizationalUnits(TRUE);
1483 }
1485 /* Display migration dialog */
1486 if($this->dep_migration_dialog){
1487 $smarty = get_smarty();
1488 $smarty->assign("deps_to_migrate",$this->deps_to_migrate);
1489 $smarty->assign("method","migrate_deps");
1490 $smarty->assign("deps_details", $this->show_details);
1491 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1492 }
1494 $smarty = get_smarty();
1495 $smarty->assign("checks",$this->checks);
1496 $smarty->assign("method","default");
1497 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1498 }
1501 function save_object()
1502 {
1503 $this->is_completed= TRUE;
1505 /* Capture all selected winstations from outside_winstations_dialog */
1506 if($this->outside_winstations_dialog){
1507 foreach($this->outside_winstations as $dn => $data){
1508 if(isset($_POST['select_winstation_'.$dn])){
1509 $this->outside_winstations[$dn]['selected'] = TRUE;
1510 }else{
1511 $this->outside_winstations[$dn]['selected'] = FALSE;
1512 }
1513 }
1514 }
1516 /* Capture all selected groups from outside_groups_dialog */
1517 if($this->outside_groups_dialog){
1518 foreach($this->outside_groups as $dn => $data){
1519 if(isset($_POST['select_group_'.$dn])){
1520 $this->outside_groups[$dn]['selected'] = TRUE;
1521 }else{
1522 $this->outside_groups[$dn]['selected'] = FALSE;
1523 }
1524 }
1525 }
1527 /* Capture all selected users from outside_users_dialog */
1528 if($this->outside_users_dialog){
1529 foreach($this->outside_users as $dn => $data){
1530 if(isset($_POST['select_user_'.$dn])){
1531 $this->outside_users[$dn]['selected'] = TRUE;
1532 }else{
1533 $this->outside_users[$dn]['selected'] = FALSE;
1534 }
1535 }
1536 }
1538 /* Get "create acl" dialog posts */
1539 if($this->acl_create_dialog){
1541 if(isset($_POST['create_acls_create_abort'])){
1542 $this->acl_create_selected = "";
1543 }
1544 }
1546 /* Get selected departments */
1547 if($this->dep_migration_dialog){
1548 foreach($this->deps_to_migrate as $id => $data){
1549 if(isset($_POST['migrate_'.$id])){
1550 $this->deps_to_migrate[$id]['checked'] = TRUE;
1551 }else{
1552 $this->deps_to_migrate[$id]['checked'] = FALSE;
1553 }
1554 }
1555 }
1557 /* Get selected users */
1558 if($this->users_migration_dialog){
1559 foreach($this->users_to_migrate as $id => $data){
1560 if(isset($_POST['migrate_'.$id])){
1561 $this->users_to_migrate[$id]['checked'] = TRUE;
1562 }else{
1563 $this->users_to_migrate[$id]['checked'] = FALSE;
1564 }
1565 }
1566 }
1567 }
1570 /* Check if the root object exists.
1571 * If the parameter just_check is true, then just check if the
1572 * root object is missing and update the info messages.
1573 * If the Parameter is false, try to create a new root object.
1574 */
1575 function checkBase($just_check = TRUE)
1576 {
1577 /* Get collected setup informations */
1578 $cv = $this->parent->captured_values;
1580 /* Establish ldap connection */
1581 $ldap = new LDAP($cv['admin'],
1582 $cv['password'],
1583 $cv['connection'],
1584 FALSE,
1585 $cv['tls']);
1587 /* Check if root object exists */
1588 $ldap->cd($cv['base']);
1589 $ldap->set_size_limit(1);
1590 $res = $ldap->search("(objectClass=*)");
1591 $ldap->set_size_limit(0);
1592 $err = ldap_errno($ldap->cid);
1594 if( !$res ||
1595 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1596 $err == 0x40) { # LDAP_NAMING_VIOLATION
1598 /* Root object doesn't exists
1599 */
1600 if($just_check){
1601 $this->checks['root']['STATUS'] = FALSE;
1602 $this->checks['root']['STATUS_MSG']= _("Failed");
1603 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
1604 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1605 return(FALSE);
1606 }else{
1608 /* Add root object */
1609 $ldap->cd($cv['base']);
1610 $res = $ldap->create_missing_trees($cv['base']);
1612 /* If adding failed, tell the user */
1613 if(!$res){
1614 $this->checks['root']['STATUS'] = FALSE;
1615 $this->checks['root']['STATUS_MSG']= _("Failed");
1616 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
1617 $this->checks['root']['ERROR_MSG'].= " <input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1618 return($res);;
1619 }
1620 }
1621 }
1623 /* Create & remove of dummy object was successful */
1624 $this->checks['root']['STATUS'] = TRUE;
1625 $this->checks['root']['STATUS_MSG']= _("Ok");
1626 }
1629 /* Return ldif information for a
1630 * given attribute array
1631 */
1632 function array_to_ldif($atts)
1633 {
1634 $ret = "";
1635 unset($atts['count']);
1636 unset($atts['dn']);
1637 foreach($atts as $name => $value){
1638 if(is_numeric($name)) {
1639 continue;
1640 }
1641 if(is_array($value)){
1642 unset($value['count']);
1643 foreach($value as $a_val){
1644 $ret .= $name.": ". $a_val."\n";
1645 }
1646 }else{
1647 $ret .= $name.": ". $value."\n";
1648 }
1649 }
1650 return(preg_replace("/\n$/","",$ret));
1651 }
1654 function get_user_list()
1655 {
1656 /* Get collected configuration settings */
1657 $cv = $this->parent->captured_values;
1659 /* Establish ldap connection */
1660 $ldap = new LDAP($cv['admin'],
1661 $cv['password'],
1662 $cv['connection'],
1663 FALSE,
1664 $cv['tls']);
1666 $ldap->cd($cv['base']);
1667 $ldap->search("(objectClass=gosaAccount)",array("dn"));
1669 $tmp = array();
1670 while($attrs = $ldap->fetch()){
1671 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1672 }
1673 return($tmp);
1674 }
1677 function get_all_people_ous()
1678 {
1679 /* Get collected configuration settings */
1680 $cv = $this->parent->captured_values;
1681 $people_ou = trim($cv['peopleou']);
1683 /* Establish ldap connection */
1684 $ldap = new LDAP($cv['admin'],
1685 $cv['password'],
1686 $cv['connection'],
1687 FALSE,
1688 $cv['tls']);
1691 /*****************
1692 * If people ou is NOT empty
1693 * search for for all objects matching the given container
1694 *****************/
1695 if(!empty($people_ou)){
1696 $ldap->search("(".$people_ou.")",array("dn"));
1698 /* Create people ou if there is currently none */
1699 if($ldap->count() == 0 ){
1700 $add_dn = $cv['peopleou'].",".$cv['base'];
1701 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1702 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1703 $add = array();
1704 $add['objectClass'] = array("organizationalUnit");
1705 $add[$naming_attr] = $naming_value;
1706 $ldap->cd($cv['base']);
1707 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1708 $ldap->cd($add_dn);
1709 $ldap->add($add);
1710 }
1712 /* Create result */
1713 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1714 $tmp = array();
1715 while($attrs= $ldap->fetch()){
1716 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1717 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1718 }
1719 }
1720 } else{
1722 /************
1723 * If people ou is empty
1724 * Get all valid gosaDepartments
1725 ************/
1726 $ldap->cd($cv['base']);
1727 $tmp = array();
1728 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
1729 $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
1730 while($attrs = $ldap->fetch()){
1731 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
1732 }
1733 }
1734 return($tmp);
1735 }
1738 function get_all_winstation_ous()
1739 {
1740 /* Get collected configuration settings */
1741 $cv = $this->parent->captured_values;
1743 /* Establish ldap connection */
1744 $ldap = new LDAP($cv['admin'],
1745 $cv['password'],
1746 $cv['connection'],
1747 FALSE,
1748 $cv['tls']);
1750 /* Get winstation ou */
1751 if($cv['generic_settings']['wws_ou_active']) {
1752 $winstation_ou = $cv['generic_settings']['wws_ou'];
1753 }else{
1754 $winstation_ou = "ou=winstations";
1755 }
1757 $ldap->cd($cv['base']);
1758 $ldap->search("(".$winstation_ou.")",array("dn"));
1760 if($ldap->count() == 0 ){
1761 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
1762 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1763 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1764 $add = array();
1765 $add['objectClass'] = array("organizationalUnit");
1766 $add[$naming_attr] = $naming_value;
1768 $ldap->cd($cv['base']);
1769 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1770 $ldap->cd($add_dn);
1771 $ldap->add($add);
1772 }
1774 $ldap->search("(".$winstation_ou.")",array("dn"));
1775 $tmp = array();
1776 while($attrs= $ldap->fetch()){
1777 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1778 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1779 }
1780 }
1781 return($tmp);
1782 }
1785 function get_all_group_ous()
1786 {
1787 /* Get collected configuration settings */
1788 $cv = $this->parent->captured_values;
1790 /* Establish ldap connection */
1791 $ldap = new LDAP($cv['admin'],
1792 $cv['password'],
1793 $cv['connection'],
1794 FALSE,
1795 $cv['tls']);
1797 $group_ou = trim($cv['groupou']);
1798 if(!empty($group_ou)){
1799 $group_ou = trim($group_ou);
1800 }
1802 /************
1803 * If group ou is NOT empty
1804 * Get all valid group ous, create one if necessary
1805 ************/
1806 $ldap->cd($cv['base']);
1807 if(!empty($group_ou)){
1808 $ldap->search("(".$group_ou.")",array("dn"));
1809 if($ldap->count() == 0 ){
1810 $add_dn = $group_ou.$cv['base'];
1811 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1812 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1813 $add = array();
1814 $add['objectClass'] = array("organizationalUnit");
1815 $add[$naming_attr] = $naming_value;
1817 $ldap->cd($cv['base']);
1818 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1819 $ldap->cd($add_dn);
1820 $ldap->add($add);
1821 }
1822 $ldap->search("(".$group_ou.")",array("dn"));
1823 $tmp = array();
1824 while($attrs= $ldap->fetch()){
1825 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1826 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1827 }
1828 }
1829 }else{
1830 /************
1831 * If group ou is empty
1832 * Get all valid gosaDepartments
1833 ************/
1834 $ldap->cd($cv['base']);
1835 $tmp = array();
1836 $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
1837 $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
1838 while($attrs = $ldap->fetch()){
1839 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
1840 }
1841 }
1842 return($tmp);
1843 }
1846 function get_group_list()
1847 {
1848 /* Get collected configuration settings */
1849 $cv = $this->parent->captured_values;
1851 /* Establish ldap connection */
1852 $ldap = new LDAP($cv['admin'],
1853 $cv['password'],
1854 $cv['connection'],
1855 FALSE,
1856 $cv['tls']);
1858 $ldap->cd($cv['base']);
1859 $ldap->search("(objectClass=posixGroup)",array("dn"));
1861 $tmp = array();
1862 while($attrs = $ldap->fetch()){
1863 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1864 }
1865 return($tmp);
1866 }
1869 function move($source,$destination)
1870 {
1871 /* Get collected configuration settings */
1872 $cv = $this->parent->captured_values;
1874 /* Establish ldap connection */
1875 $ldap = new LDAP($cv['admin'],
1876 $cv['password'],
1877 $cv['connection'],
1878 FALSE,
1879 $cv['tls']);
1881 /* Update object references in gosaGroupOfNames */
1882 $ogs_to_fix = array();
1883 $ldap->cd($cv['base']);
1884 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::prepare4filter($source).'))', array('cn','member'));
1885 while ($attrs= $ldap->fetch()){
1886 $dn = $attrs['dn'];
1887 $attrs = $this->cleanup_array($attrs);
1888 $member_new = array($destination);
1889 foreach($attrs['member'] as $member){
1890 if($member != $source){
1891 $member_new[] = $member;
1892 }
1893 }
1894 $attrs['member'] = $member_new;
1895 $ogs_to_fix[$dn] = $attrs;
1896 }
1898 /* Copy source to destination dn */
1899 $ldap->cat($source);
1900 $new_data = $this->cleanup_array($ldap->fetch());
1901 $ldap->cd($destination);
1902 $res = $ldap->add($new_data);
1904 /* Display warning if copy failed */
1905 if(!$res){
1906 print_red(_("Failed to copy '%s' to '%s'. LDAP says '%s'."),$source,$destination,$ldap->get_error());
1907 }else{
1908 $res = $ldap->rmDir($source);
1909 show_ldap_error($ldap->get_error(),_("Something went wrong while copying dns."));
1911 /* Object is copied, so update its references */
1912 foreach($ogs_to_fix as $dn => $data){
1913 $ldap->cd($dn);
1914 $ldap->modify($data);
1915 }
1916 }
1917 }
1920 /* Cleanup ldap result to be able to write it be to ldap */
1921 function cleanup_array($attrs)
1922 {
1923 foreach($attrs as $key => $value) {
1924 if(is_numeric($key) || in_array($key,array("count","dn"))){
1925 unset($attrs[$key]);
1926 }
1927 if(is_array($value) && isset($value['count'])){
1928 unset($attrs[$key]['count']);
1929 }
1930 }
1931 return($attrs);
1932 }
1933 }
1935 //vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1936 ?>