1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/monitoring.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
63 /* Department migration attributes */
64 var $users_migration_dialog= FALSE;
65 var $users_to_migrate = array();
67 /* Create Acl attributes */
68 var $acl_create_dialog = FALSE;
69 var $acl_create_type = "group";
70 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
71 var $acl_create_changes = ""; // Contains ldif information about changes
72 var $acl_create_confirmed= FALSE;
74 /* Checks initialised ? */
75 var $checks_initialised = FALSE;
77 /* Users outside to people ou */
78 var $outside_users = array();
79 var $outside_users_dialog = FALSE;
81 /* Users outside to groups ou */
82 var $outside_groups = array();
83 var $outside_groups_dialog = FALSE;
85 /* Win-Workstations outside to reserved ou */
86 var $outside_winstations = array();
87 var $outside_winstations_dialog = FALSE;
89 /* check for multiple use of same uidNumber */
90 var $check_uidNumbers = array();
91 var $check_uidNumbers_dialog = FALSE;
93 /* check for multiple use of same gidNumber */
94 var $check_gidNumbers = array();
95 var $check_gidNumbers_dialog = FALSE;
98 function Step_Migrate()
99 {
100 $this->update_strings();
101 }
103 function update_strings()
104 {
105 $this->s_title = _("LDAP inspection");
106 $this->s_title_long = _("LDAP inspection");
107 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
108 }
110 function initialize_checks()
111 {
112 $this->checks = array();
113 $this->checks['root']['TITLE'] = _("Checking for root object");
114 $this->checks['root']['STATUS'] = FALSE;
115 $this->checks['root']['STATUS_MSG']= "";
116 $this->checks['root']['ERROR_MSG'] = "";
117 $this->checkBase();
119 $this->checks['permissions']['TITLE'] = _("Checking permissions on ldap database");
120 $this->checks['permissions']['STATUS'] = FALSE;
121 $this->checks['permissions']['STATUS_MSG']= "";
122 $this->checks['permissions']['ERROR_MSG'] = "";
123 $this->check_ldap_permissions();
125 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible deparmtments");
126 $this->checks['deps_visible']['STATUS'] = FALSE;
127 $this->checks['deps_visible']['STATUS_MSG']= "";
128 $this->checks['deps_visible']['ERROR_MSG'] = "";
129 $this->check_organizationalUnits();
131 $this->checks['users_visible']['TITLE'] = _("Checking for invisible user");
132 $this->checks['users_visible']['STATUS'] = FALSE;
133 $this->checks['users_visible']['STATUS_MSG']= "";
134 $this->checks['users_visible']['ERROR_MSG'] = "";
135 $this->check_gosaAccounts();
137 $this->checks['acls']['TITLE'] = _("Checking for administrational account");
138 $this->checks['acls']['STATUS'] = FALSE;
139 $this->checks['acls']['STATUS_MSG']= "";
140 $this->checks['acls']['ERROR_MSG'] = "";
141 $this->check_administrativeAccount();
143 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people department.");
144 $this->checks['outside_users']['STATUS'] = FALSE;
145 $this->checks['outside_users']['STATUS_MSG']= "";
146 $this->checks['outside_users']['ERROR_MSG'] = "";
147 $this->search_outside_users();
149 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups department.");
150 $this->checks['outside_groups']['STATUS'] = FALSE;
151 $this->checks['outside_groups']['STATUS_MSG']= "";
152 $this->checks['outside_groups']['ERROR_MSG'] = "";
153 $this->search_outside_groups();
155 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation department.");
156 $this->checks['outside_winstations']['STATUS'] = FALSE;
157 $this->checks['outside_winstations']['STATUS_MSG']= "";
158 $this->checks['outside_winstations']['ERROR_MSG'] = "";
159 $this->search_outside_winstations();
161 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for multiple use of same uidNumber value.");
162 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
163 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
164 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
165 $this->check_uidNumber();
167 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for multiple use of same gidNumber value.");
168 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
169 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
170 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
171 $this->check_gidNumber();
172 }
175 function check_uidNumber()
176 {
177 $cv = $this->parent->captured_values;
178 $ldap = new LDAP($cv['admin'],
179 $cv['password'],
180 $cv['connection'],
181 FALSE,
182 $cv['tls']);
184 $ldap->cd($cv['base']);
185 $res = $ldap->search("uidNumber=*",array("dn","uidNumber"));
186 if(!$res){
187 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
188 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ldap query failed.");
189 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
190 return(false);
191 }
193 $this->check_uidNumbers= array();
194 $tmp = array();
195 while($attrs = $ldap->fetch()){
196 $tmp[$attrs['uidNumber'][0]][] = $attrs;
197 }
199 foreach($tmp as $id => $entries){
200 if(count($entries) > 1){
201 foreach($entries as $entry){
202 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
203 }
204 }
205 }
207 if($this->check_uidNumbers){
208 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
209 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Failed");
210 $this->checks['uidNumber_usage']['ERROR_MSG'] =
211 sprintf(_("Found %s duplicated uidNumber values."),count($this->check_uidNumbers));
212 return(false);
213 }else{
214 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
215 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
216 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
217 return(TRUE);
218 }
219 }
221 function check_gidNumber()
222 {
223 $cv = $this->parent->captured_values;
224 $ldap = new LDAP($cv['admin'],
225 $cv['password'],
226 $cv['connection'],
227 FALSE,
228 $cv['tls']);
230 $ldap->cd($cv['base']);
231 $res = $ldap->search("gidNumber=*",array("dn","gidNumber"));
232 if(!$res){
233 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
234 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ldap query failed.");
235 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
236 return(false);
237 }
239 $this->check_gidNumbers= array();
240 $tmp = array();
241 while($attrs = $ldap->fetch()){
242 $tmp[$attrs['gidNumber'][0]][] = $attrs;
243 }
245 foreach($tmp as $id => $entries){
246 if(count($entries) > 1){
247 foreach($entries as $entry){
248 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
249 }
250 }
251 }
253 if($this->check_gidNumbers){
254 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
255 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Failed");
256 $this->checks['gidNumber_usage']['ERROR_MSG'] =
257 sprintf(_("Found %s duplicated gidNumber values."),count($this->check_gidNumbers));
258 return(false);
259 }else{
260 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
261 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
262 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
263 return(TRUE);
264 }
265 }
268 /* Search for winstations outside the winstation ou */
269 function search_outside_winstations()
270 {
271 $cv = $this->parent->captured_values;
272 $ldap = new LDAP($cv['admin'],
273 $cv['password'],
274 $cv['connection'],
275 FALSE,
276 $cv['tls']);
280 /* Get winstation ou */
281 if($cv['generic_settings']['wws_ou_active']) {
282 $winstation_ou = $cv['generic_settings']['ws_ou'];
283 }else{
284 $winstation_ou = "ou=winstations";
285 }
287 if($cv['samba_version'] == 3){
288 $oc = "sambaSamAccount";
289 }else{
290 $oc = "sambaAccount";
291 }
293 $ldap->cd($cv['base']);
294 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
295 if(!$res){
296 $this->checks['outside_winstations']['STATUS'] = FALSE;
297 $this->checks['outside_winstations']['STATUS_MSG']= _("Ldap query failed.");
298 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
299 return(false);
300 }
302 $this->outside_winstations = array();
303 while($attrs = $ldap->fetch()){
304 if(!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])){
305 $attrs['selected'] = FALSE;
306 $attrs['ldif'] = "";
307 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
308 }
309 }
311 if(count($this->outside_winstations)){
312 $this->checks['outside_winstations']['STATUS'] = FALSE;
313 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
314 $this->checks['outside_winstations']['ERROR_MSG'] =
315 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
316 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."'>";
317 return(false);
318 }else{
319 $this->checks['outside_winstations']['STATUS'] = TRUE;
320 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
321 $this->checks['outside_winstations']['ERROR_MSG'] = "";
322 return(TRUE);
323 }
324 }
327 /* Search for groups outside the group ou */
328 function search_outside_groups()
329 {
330 $cv = $this->parent->captured_values;
331 $ldap = new LDAP($cv['admin'],
332 $cv['password'],
333 $cv['connection'],
334 FALSE,
335 $cv['tls']);
337 $group_ou = $cv['groupou'];
338 $ldap->cd($cv['base']);
339 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
340 if(!$res){
341 $this->checks['outside_groups']['STATUS'] = FALSE;
342 $this->checks['outside_groups']['STATUS_MSG']= _("Ldap query failed.");
343 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
344 return(false);
345 }
348 $this->outside_groups = array();
349 while($attrs = $ldap->fetch()){
350 if(!preg_match("/^[^,]+,".normalizePreg($group_ou)."/",$attrs['dn'])){
351 $attrs['selected'] = FALSE;
352 $attrs['ldif'] = "";
353 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
354 }
355 }
357 if(count($this->outside_groups)){
358 $this->checks['outside_groups']['STATUS'] = FALSE;
359 $this->checks['outside_groups']['STATUS_MSG']= _("Failed");
360 $this->checks['outside_groups']['ERROR_MSG'] =
361 sprintf(_("Found %s groups outside the selected group ou '%s'."),count($this->outside_groups),$group_ou);
362 $this->checks['outside_groups']['ERROR_MSG'].= "<input type='submit' name='outside_groups_dialog' value='"._("Migrate")."'>";
363 return(false);
364 }else{
365 $this->checks['outside_groups']['STATUS'] = TRUE;
366 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
367 $this->checks['outside_groups']['ERROR_MSG'] = "";
368 return(TRUE);
369 }
370 }
372 /* Search for users outside the people ou */
373 function search_outside_users()
374 {
375 $cv = $this->parent->captured_values;
376 $ldap = new LDAP($cv['admin'],
377 $cv['password'],
378 $cv['connection'],
379 FALSE,
380 $cv['tls']);
381 $people_ou = $cv['peopleou'];
382 $ldap->cd($cv['base']);
383 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
384 if(!$res){
385 $this->checks['outside_users']['STATUS'] = FALSE;
386 $this->checks['outside_users']['STATUS_MSG']= _("Ldap query failed.");
387 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
388 return(false);
389 }
392 $this->outside_users = array();
393 while($attrs = $ldap->fetch()){
394 if(!preg_match("/^[^,]+,".normalizePreg($people_ou)."/",$attrs['dn'])){
395 $attrs['selected'] = FALSE;
396 $attrs['ldif'] = "";
397 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
398 }
399 }
401 if(count($this->outside_users)){
402 $this->checks['outside_users']['STATUS'] = FALSE;
403 $this->checks['outside_users']['STATUS_MSG']= _("Failed");
404 $this->checks['outside_users']['ERROR_MSG'] =
405 sprintf(_("Found %s users outside the selected user ou '%s'."),count($this->outside_users),$people_ou);
406 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Migrate")."'>";
407 return(false);
408 }else{
409 $this->checks['outside_users']['STATUS'] = TRUE;
410 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
411 $this->checks['outside_users']['ERROR_MSG'] = "";
412 return(TRUE);
413 }
414 }
417 /* Check ldap accessibility
418 * Create and remove a dummy object,
419 * to ensure that we have the necessary permissions
420 */
421 function check_ldap_permissions()
422 {
423 $cv = $this->parent->captured_values;
424 $ldap = new LDAP($cv['admin'],
425 $cv['password'],
426 $cv['connection'],
427 FALSE,
428 $cv['tls']);
430 /* Create dummy entry
431 */
432 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
433 $dn = "ou=".$name.",".$cv['base'];
434 $testEntry= array();
435 $testEntry['objectClass'][]= "top";
436 $testEntry['objectClass'][]= "organizationalUnit";
437 $testEntry['objectClass'][]= "gosaDepartment";
438 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
439 $testEntry['ou'] = $name;
441 /* check if simple ldap cat will be successful
442 */
443 $res = $ldap->cat($cv['base']);
444 if(!$res){
445 $this->checks['permissions']['STATUS'] = FALSE;
446 $this->checks['permissions']['STATUS_MSG']= _("Ldap query failed.");
447 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
448 return(false);
449 }
451 /* Try to create dummy object
452 */
453 $ldap->cd ($dn);
454 $ldap->create_missing_trees($dn);
455 $res = $ldap->add($testEntry);
456 if(!$res){
457 gosa_log($ldap->get_error());
458 $this->checks['permissions']['STATUS'] = FALSE;
459 $this->checks['permissions']['STATUS_MSG']= _("Failed");
460 $this->checks['permissions']['ERROR_MSG'] =
461 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
462 return(false);
463 }
465 /* Try to remove created entry
466 */
467 $res = $ldap->rmDir($dn);
468 if(!$res){
469 gosa_log($ldap->get_error());
470 $this->checks['permissions']['STATUS'] = FALSE;
471 $this->checks['permissions']['STATUS_MSG']= _("Failed");
472 $this->checks['permissions']['ERROR_MSG'] =
473 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
474 return(false);
475 }
477 /* Create & remove of dummy object was successful */
478 $this->checks['permissions']['STATUS'] = TRUE;
479 $this->checks['permissions']['STATUS_MSG']= _("Ok");
480 $this->checks['permissions']['ERROR_MSG'] = "";
481 return(true);
482 }
485 /* Check if there are users which will
486 * be invisible for GOsa
487 */
488 function check_gosaAccounts()
489 {
490 /* Remember old list of ivisible users, to be able to set
491 * the 'html checked' status for the checkboxes again
492 */
493 $cnt_ok = 0;
494 $old = $this->users_to_migrate;
495 $this->users_to_migrate = array();
497 /* Get collected configuration settings */
498 $cv = $this->parent->captured_values;
500 /* Establish ldap connection */
501 $ldap = new LDAP($cv['admin'],
502 $cv['password'],
503 $cv['connection'],
504 FALSE,
505 $cv['tls']);
507 /* Get all invisible users
508 */
509 $ldap->cd($cv['base']);
510 $res =$ldap->search("(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=organizationalPerson))(!(objectClass=gosaAccount)))",array("sn","givenName","cn","uid"));
511 while($attrs = $ldap->fetch()){
512 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
513 $attrs['checked'] = FALSE;
514 $attrs['before'] = "";
515 $attrs['after'] = "";
517 /* Set objects to selected, that were selected before reload */
518 if(isset($old[base64_encode($attrs['dn'])])){
519 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
520 }
521 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
522 }
523 }
525 /* No invisible */
526 if(!$res){
527 $this->checks['users_visible']['STATUS'] = FALSE;
528 $this->checks['users_visible']['STATUS_MSG']= _("Ldap query failed.");
529 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
530 }elseif(count($this->users_to_migrate) == 0){
531 $this->checks['users_visible']['STATUS'] = TRUE;
532 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
533 $this->checks['users_visible']['ERROR_MSG'] = "";
534 }else{
535 $this->checks['users_visible']['STATUS'] = FALSE;
536 $this->checks['users_visible']['STATUS_MSG']= "";
537 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s users that will not be visible in GOsa."),
538 count($this->users_to_migrate));
539 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."'>";
540 }
541 }
544 /* Start user account migration
545 */
546 function migrate_gosaAccounts($only_ldif = FALSE)
547 {
548 /* Get collected configuration settings */
549 $cv = $this->parent->captured_values;
551 /* Establish ldap connection */
552 $ldap = new LDAP($cv['admin'],
553 $cv['password'],
554 $cv['connection'],
555 FALSE,
556 $cv['tls']);
558 /* Add gosaAccount objectClass to the selected users
559 */
560 foreach($this->users_to_migrate as $key => $dep){
561 if($dep['checked']){
563 /* Get old objectClasses */
564 $ldap->cat($dep['dn'],array("objectClass"));
565 $attrs = $ldap->fetch();
567 /* Create new objectClass array */
568 $new_attrs = array();
569 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
570 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
571 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
572 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
573 }
574 }
576 /* Set info attributes for current object,
577 * or write changes to the ldap database
578 */
579 if($only_ldif){
580 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
581 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
582 }else{
583 $ldap->cd($attrs['dn']);
584 if(!$ldap->modify($new_attrs)){
585 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
586 return(false);
587 }
588 }
589 }
590 }
591 return(TRUE);
592 }
595 /* Check if there are invisible organizational Units
596 */
597 function check_organizationalUnits()
598 {
599 $cnt_ok = 0;
600 $old = $this->deps_to_migrate;
601 $this->deps_to_migrate = array();
603 /* Get collected configuration settings */
604 $cv = $this->parent->captured_values;
606 /* Establish ldap connection */
607 $ldap = new LDAP($cv['admin'],
608 $cv['password'],
609 $cv['connection'],
610 FALSE,
611 $cv['tls']);
613 /* Skip GOsa internal departments */
614 $skip_dns = array("/^ou=people,/","/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
615 "/^ou=apps,/","/^ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
616 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
617 "/(,|)ou=winstations,/");
620 /* Get all invisible departments */
621 $ldap->cd($cv['base']);
622 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
623 while($attrs = $ldap->fetch()){
624 $attrs['checked'] = FALSE;
625 $attrs['before'] = "";
626 $attrs['after'] = "";
628 /* Set objects to selected, that were selected before reload */
629 if(isset($old[base64_encode($attrs['dn'])])){
630 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
631 }
632 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
633 }
635 /* Filter returned list of departments and ensure that
636 * GOsa internal departments will not be listed
637 */
638 foreach($this->deps_to_migrate as $key => $attrs){
639 $dn = $attrs['dn'];
640 $skip = false;
641 foreach($skip_dns as $skip_dn){
642 if(preg_match($skip_dn,$dn)){
643 $skip = true;
644 }
645 }
646 if($skip){
647 unset($this->deps_to_migrate[$key]);
648 }
649 }
651 /* If we have no invisible departments found
652 * tell the user that everything is ok
653 */
654 if(!$res){
655 $this->checks['deps_visible']['STATUS'] = FALSE;
656 $this->checks['deps_visible']['STATUS_MSG']= _("Ldap query failed.");
657 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
658 }elseif(count($this->deps_to_migrate) == 0 ){
659 $this->checks['deps_visible']['STATUS'] = TRUE;
660 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
661 $this->checks['deps_visible']['ERROR_MSG'] = "";
662 }else{
663 $this->checks['deps_visible']['STATUS'] = FALSE;
664 $this->checks['deps_visible']['STATUS_MSG']= "";//sprintf(_("%s entries found"),count($this->deps_to_migrate));
665 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s departments that will not be visible in GOsa."),count($this->deps_to_migrate));
666 $this->checks['deps_visible']['ERROR_MSG'] .= "<input type='submit' name='deps_visible_migrate' value='"._("Migrate")."'>";
667 }
668 }
672 /* Start deparmtment migration */
673 function migrate_organizationalUnits($only_ldif = FALSE)
674 {
675 /* Get collected configuration settings */
676 $cv = $this->parent->captured_values;
678 /* Establish ldap connection */
679 $ldap = new LDAP($cv['admin'],
680 $cv['password'],
681 $cv['connection'],
682 FALSE,
683 $cv['tls']);
685 /* Add gosaDepartment objectClass to each selected entry
686 */
687 foreach($this->deps_to_migrate as $key => $dep){
688 if($dep['checked']){
690 /* Get current objectClasses */
691 $ldap->cat($dep['dn'],array("objectClass","description"));
692 $attrs = $ldap->fetch();
694 /* Create new objectClass attribute including gosaDepartment*/
695 $new_attrs = array();
696 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
697 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
698 }
699 $new_attrs['objectClass'][] = "gosaDepartment";
701 /* Append description it is missing */
702 if(!isset($attrs['description'])){
703 $new_attrs['description'][] = "GOsa department";
704 }
706 /* Depending on the parameter >only_diff< we save the changes as ldif
707 * or we write our changes directly to the ldap database
708 */
709 if($only_ldif){
710 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
711 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
712 }else{
713 $ldap->cd($attrs['dn']);
714 if(!$ldap->modify($new_attrs)){
715 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
716 return(false);
717 }
718 }
719 }
720 }
721 return(TRUE);
722 }
725 /* Check Acls if there is at least one object with acls defined
726 */
727 function check_administrativeAccount()
728 {
729 /* Establish ldap connection */
730 $cv = $this->parent->captured_values;
731 $ldap = new LDAP($cv['admin'],
732 $cv['password'],
733 $cv['connection'],
734 FALSE,
735 $cv['tls']);
737 /* Search for gosaAcls */
738 $ldap->cd($cv['base']);
739 $res = $ldap->search("(&(objectClass=gosaAccount)(|(objectClass=posixAccount)".
740 "(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))");
741 if(!$res){
742 $this->checks['acls']['STATUS'] = FALSE;
743 $this->checks['acls']['STATUS_MSG']= _("Ldap query failed.");
744 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
745 }elseif($ldap->count()){
746 $this->checks['acls']['STATUS'] = TRUE;
747 $this->checks['acls']['STATUS_MSG']= _("Ok");
748 }else{
749 $this->checks['acls']['STATUS'] = FALSE;
750 $this->checks['acls']['STATUS_MSG']= _("Failed");
751 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create adminitrational account")."'>";
752 }
753 return($ldap->count()>=1);
754 }
758 function create_admin($only_ldif = FALSE)
759 {
760 /* Reset '' */
761 $this->acl_create_changes="";
763 /* Object that should receive admin acls */
764 $dn = $this->acl_create_selected;
766 /* Get collected configuration settings */
767 $cv = $this->parent->captured_values;
769 /* Establish ldap connection */
770 $ldap = new LDAP($cv['admin'],
771 $cv['password'],
772 $cv['connection'],
773 FALSE,
774 $cv['tls']);
776 /* Get current base attributes */
777 $ldap->cd($cv['base']);
778 $ldap->cat($cv['base'],array("dn","objectClass","gosaAclEntry"));
779 $attrs = $ldap->fetch();
781 /* Add acls for the selcted user to the base */
782 $attrs_new['objectClass'] = array("gosaACL");
784 for($i = 0; $i < $attrs['objectClass']['count']; $i ++){
785 if(!in_array_ics($attrs['objectClass'][$i],$attrs_new['objectClass'])){
786 $attrs_new['objectClass'][] = $attrs['objectClass'][$i];
787 }
788 }
790 $acl = "0:sub:".base64_encode($dn).":all;cmdrw";
791 $attrs_new['gosaAclEntry'][] = $acl;
792 if(isset($attrs['gosaAclEntry'])){
793 for($i = 0 ; $i < $attrs['gosaAclEntry']['count']; $i ++){
795 $prio = preg_replace("/[:].*$/","",$attrs['gosaAclEntry'][$i]);
796 $rest = preg_replace("/^[^:]/","",$attrs['gosaAclEntry'][$i]);
798 $data = ($prio+1).$rest;
799 $attrs_new['gosaAclEntry'][] = $data;
800 }
801 }
803 if($only_ldif){
804 $this->acl_create_changes ="\n".$cv['base']."\n";
805 $this->acl_create_changes.=$this->array_to_ldif($attrs)."\n";
806 $this->acl_create_changes.="\n".$cv['base']."\n";
807 $this->acl_create_changes.=$this->array_to_ldif($attrs_new);
808 }else{
810 $ldap->cd($cv['base']);
811 if(!$ldap->modify($attrs_new)){
812 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
813 }
814 }
815 }
818 function create_admin_user()
819 {
820 if(isset($_POST['new_user_password']) && !empty($_POST['new_user_password'])){
821 $pwd = $_POST['new_user_password'];
822 }else{
823 print_red(_("Please specify a valid password for the new GOsa admin user."));
824 return(FALSE);
825 }
827 /* Establish ldap connection */
828 $cv = $this->parent->captured_values;
829 $ldap = new LDAP($cv['admin'],
830 $cv['password'],
831 $cv['connection'],
832 FALSE,
833 $cv['tls']);
835 /* Get current base attributes */
836 $ldap->cd($cv['base']);
838 if($cv['peopledn'] == "cn"){
839 $dn = "cn=System Administrator,".$cv['peopleou'].",".$cv['base'];
840 }else{
841 $dn = "uid=admin,".$cv['peopleou'].",".$cv['base'];
842 }
844 $methods = @passwordMethod::get_available_methods_if_not_loaded();
845 $p_m = $methods[$cv['encryption']];
846 $p_c = new $p_m(array());
847 $hash = $p_c->generate_hash($pwd);
849 $new_user=array();
850 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
851 $new_user['givenName'] = "System";
852 $new_user['sn'] = "Administrator";
853 $new_user['cn'] = "System Administrator";
854 $new_user['uid'] = "admin";
855 $new_user['userPassword'] = $hash;
857 $ldap->cd($cv['base']);
858 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
859 $ldap->cd($dn);
860 $res = $ldap->add($new_user);
861 $this->acl_create_selected = $dn;
862 $this->create_admin();
864 if(!$res){
865 print_red($ldap->get_error());
866 }
868 $this->acl_create_dialog=FALSE;
869 $this->check_administrativeAccount();
870 }
873 function migrate_outside_winstations($perform = FALSE)
874 {
875 /* Establish ldap connection */
876 $cv = $this->parent->captured_values;
877 $ldap = new LDAP($cv['admin'],
878 $cv['password'],
879 $cv['connection'],
880 FALSE,
881 $cv['tls']);
883 $ldap->cd($cv['base']);
885 /* Check if there was a destination department posted */
886 if(isset($_POST['move_winstation_to'])){
887 $destination_dep = $_POST['move_winstation_to'];
888 }else{
889 print_red(_("Couldn't move users to specified department."));
890 return(false);
891 }
893 foreach($this->outside_winstations as $b_dn => $data){
894 $this->outside_winstations[$b_dn]['ldif'] ="";
895 if($data['selected']){
896 $dn = base64_decode($b_dn);
897 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
898 if(!$perform){
899 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
902 /* Check if there are references to this object */
903 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
904 $refs = "";
905 while($attrs = $ldap->fetch()){
906 $ref_dn = $attrs['dn'];
907 $refs .= "<br />\t".$ref_dn;
908 }
909 if(!empty($refs)){
910 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
911 }
913 }else{
914 $this->move($dn,$d_dn);
915 }
916 }
917 }
918 }
921 function migrate_outside_groups($perform = FALSE)
922 {
923 /* Establish ldap connection */
924 $cv = $this->parent->captured_values;
925 $ldap = new LDAP($cv['admin'],
926 $cv['password'],
927 $cv['connection'],
928 FALSE,
929 $cv['tls']);
931 $ldap->cd($cv['base']);
933 /* Check if there was a destination department posted */
934 if(isset($_POST['move_group_to'])){
935 $destination_dep = $_POST['move_group_to'];
936 }else{
937 print_red(_("Couldn't move users to specified department."));
938 return(false);
939 }
941 foreach($this->outside_groups as $b_dn => $data){
942 $this->outside_groups[$b_dn]['ldif'] ="";
943 if($data['selected']){
944 $dn = base64_decode($b_dn);
945 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
946 if(!$perform){
947 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
950 /* Check if there are references to this object */
951 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
952 $refs = "";
953 while($attrs = $ldap->fetch()){
954 $ref_dn = $attrs['dn'];
955 $refs .= "<br />\t".$ref_dn;
956 }
957 if(!empty($refs)){
958 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
959 }
961 }else{
962 $this->move($dn,$d_dn);
963 }
964 }
965 }
966 }
969 function migrate_outside_users($perform = FALSE)
970 {
971 /* Establish ldap connection */
972 $cv = $this->parent->captured_values;
973 $ldap = new LDAP($cv['admin'],
974 $cv['password'],
975 $cv['connection'],
976 FALSE,
977 $cv['tls']);
979 $ldap->cd($cv['base']);
981 /* Check if there was a destination department posted */
982 if(isset($_POST['move_user_to'])){
983 $destination_dep = $_POST['move_user_to'];
984 }else{
985 print_red(_("Couldn't move users to specified department."));
986 return(false);
987 }
989 foreach($this->outside_users as $b_dn => $data){
990 $this->outside_users[$b_dn]['ldif'] ="";
991 if($data['selected']){
992 $dn = base64_decode($b_dn);
993 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
994 if(!$perform){
995 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
997 /* Check if there are references to this object */
998 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
999 $refs = "";
1000 while($attrs = $ldap->fetch()){
1001 $ref_dn = $attrs['dn'];
1002 $refs .= "<br />\t".$ref_dn;
1003 }
1004 if(!empty($refs)){
1005 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1006 }
1008 }else{
1009 $this->move($dn,$d_dn);
1010 }
1011 }
1012 }
1013 }
1016 function execute()
1017 {
1018 /* Initialise checks if this is the first call */
1019 if(!$this->checks_initialised || isset($_POST['reload'])){
1020 $this->initialize_checks();
1021 $this->checks_initialised = TRUE;
1022 }
1024 /*************
1025 * Winstations outside the group ou
1026 *************/
1028 if(isset($_POST['outside_winstations_dialog_cancel'])){
1029 $this->outside_winstations_dialog = FALSE;
1030 $this->dialog = FALSE;
1031 }
1033 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1034 $this->migrate_outside_winstations(FALSE);
1035 }
1037 if(isset($_POST['outside_winstations_dialog_perform'])){
1038 $this->migrate_outside_winstations(TRUE);
1039 $this->search_outside_winstations();
1040 }
1042 if(isset($_POST['outside_winstations_dialog'])){
1043 $this->outside_winstations_dialog = TRUE;
1044 $this->dialog = TRUE;
1045 }
1047 if($this->outside_winstations_dialog){
1048 $smarty = get_smarty();
1049 $smarty->assign("ous",$this->get_all_winstation_ous());
1050 $smarty->assign("method","outside_winstations");
1051 $smarty->assign("outside_winstations",$this->outside_winstations);
1052 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1053 }
1054 /*************
1055 * Groups outside the group ou
1056 *************/
1058 if(isset($_POST['outside_groups_dialog_cancel'])){
1059 $this->outside_groups_dialog = FALSE;
1060 $this->dialog = FALSE;
1061 }
1063 if(isset($_POST['outside_groups_dialog_whats_done'])){
1064 $this->migrate_outside_groups(FALSE);
1065 }
1067 if(isset($_POST['outside_groups_dialog_perform'])){
1068 $this->migrate_outside_groups(TRUE);
1069 $this->search_outside_groups();
1070 }
1072 if(isset($_POST['outside_groups_dialog'])){
1073 $this->outside_groups_dialog = TRUE;
1074 $this->dialog = TRUE;
1075 }
1077 if($this->outside_groups_dialog){
1078 $smarty = get_smarty();
1079 $smarty->assign("ous",$this->get_all_group_ous());
1080 $smarty->assign("method","outside_groups");
1081 $smarty->assign("outside_groups",$this->outside_groups);
1082 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1083 }
1085 /*************
1086 * User outside the people ou
1087 *************/
1089 if(isset($_POST['outside_users_dialog_cancel'])){
1090 $this->outside_users_dialog = FALSE;
1091 $this->dialog = FALSE;
1092 }
1094 if(isset($_POST['outside_users_dialog_whats_done'])){
1095 $this->migrate_outside_users(FALSE);
1096 }
1098 if(isset($_POST['outside_users_dialog_perform'])){
1099 $this->migrate_outside_users(TRUE);
1100 $this->search_outside_users();
1101 }
1103 if(isset($_POST['outside_users_dialog'])){
1104 $this->outside_users_dialog = TRUE;
1105 $this->dialog = TRUE;
1106 }
1108 if($this->outside_users_dialog){
1109 $smarty = get_smarty();
1110 $smarty->assign("ous",$this->get_all_people_ous());
1111 $smarty->assign("method","outside_users");
1112 $smarty->assign("outside_users",$this->outside_users);
1113 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1114 }
1116 /*************
1117 * Root object check
1118 *************/
1120 if(isset($_POST['retry_root_create'])){
1122 $state = $this->checks['root']['STATUS'];
1123 $this->checkBase(FALSE);
1124 if($state != $this->checks['root']['STATUS']){
1125 $this->initialize_checks();
1126 }
1127 }
1129 /*************
1130 * User Migration handling
1131 *************/
1133 if(isset($_POST['retry_acls'])){
1134 $this->check_administrativeAccount();
1135 }
1137 if(isset($_POST['create_acls'])){
1138 $this->acl_create_dialog = TRUE;
1139 $this->dialog = TRUE;
1140 }
1142 if(isset($_POST['create_acls_cancel'])){
1143 $this->acl_create_dialog = FALSE;
1144 $this->dialog = FALSE;
1145 }
1147 if(isset($_POST['create_acls_create_confirmed'])){
1148 $this->create_admin();
1149 }
1151 if(isset($_POST['create_acls_create'])){
1152 $this->create_admin(TRUE);
1153 }
1155 if(isset($_POST['create_admin_user'])){
1156 $this->create_admin_user();
1157 }
1159 if($this->acl_create_dialog){
1160 $smarty = get_smarty();
1161 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1162 $smarty->assign("users" ,$this->get_user_list());
1163 $smarty->assign("users_cnt" ,count($this->get_user_list()));
1164 $smarty->assign("groups",$this->get_group_list());
1165 $smarty->assign("groups_cnt",count($this->get_group_list()));
1166 $smarty->assign("type" ,$this->acl_create_type);
1167 $smarty->assign("method","create_acls");
1168 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1169 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1170 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1171 }
1173 /*************
1174 * User Migration handling
1175 *************/
1177 /* Refresh list of deparments */
1178 if(isset($_POST['users_visible_migrate_refresh'])){
1179 $this->check_gosaAccounts();
1180 }
1182 /* Open migration dialog */
1183 if(isset($_POST['users_visible_migrate'])){
1184 $this->users_migration_dialog = TRUE;
1185 $this->dialog =TRUE;
1186 }
1188 /* Close migration dialog */
1189 if(isset($_POST['users_visible_migrate_close'])){
1190 $this->users_migration_dialog = FALSE;
1191 $this->dialog =FALSE;
1192 }
1194 /* Start migration */
1195 if(isset($_POST['users_visible_migrate_migrate'])){
1196 if($this->migrate_gosaAccounts()){
1197 $this->check_gosaAccounts();
1198 }
1199 }
1201 /* Start migration */
1202 if(isset($_POST['users_visible_migrate_whatsdone'])){
1203 $this->migrate_gosaAccounts(TRUE);
1204 }
1206 /* Display migration dialog */
1207 if($this->users_migration_dialog){
1208 $smarty = get_smarty();
1209 $smarty->assign("users_to_migrate",$this->users_to_migrate);
1210 $smarty->assign("method","migrate_users");
1211 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1212 }
1215 /*************
1216 * Department Migration handling
1217 *************/
1219 /* Refresh list of deparments */
1220 if(isset($_POST['deps_visible_migrate_refresh'])){
1221 $this->check_organizationalUnits();
1222 }
1224 /* Open migration dialog */
1225 if(isset($_POST['deps_visible_migrate'])){
1226 $this->dep_migration_dialog = TRUE;
1227 $this->dialog =TRUE;
1228 }
1230 /* Close migration dialog */
1231 if(isset($_POST['deps_visible_migrate_close'])){
1232 $this->dep_migration_dialog = FALSE;
1233 $this->dialog =FALSE;
1234 }
1236 /* Start migration */
1237 if(isset($_POST['deps_visible_migrate_migrate'])){
1238 if($this->migrate_organizationalUnits()){
1239 $this->check_organizationalUnits();
1240 }
1241 }
1243 /* Start migration */
1244 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1245 $this->migrate_organizationalUnits(TRUE);
1246 }
1248 /* Display migration dialog */
1249 if($this->dep_migration_dialog){
1250 $smarty = get_smarty();
1251 $smarty->assign("deps_to_migrate",$this->deps_to_migrate);
1252 $smarty->assign("method","migrate_deps");
1253 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1254 }
1256 $smarty = get_smarty();
1257 $smarty->assign("checks",$this->checks);
1258 $smarty->assign("method","default");
1259 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1260 }
1263 function save_object()
1264 {
1265 /* Capture all selected winstations from outside_winstations_dialog */
1266 if($this->outside_winstations_dialog){
1267 foreach($this->outside_winstations as $dn => $data){
1268 if(isset($_POST['select_winstation_'.$dn])){
1269 $this->outside_winstations[$dn]['selected'] = TRUE;
1270 }else{
1271 $this->outside_winstations[$dn]['selected'] = FALSE;
1272 }
1273 }
1274 }
1276 /* Capture all selected groups from outside_groups_dialog */
1277 if($this->outside_groups_dialog){
1278 foreach($this->outside_groups as $dn => $data){
1279 if(isset($_POST['select_group_'.$dn])){
1280 $this->outside_groups[$dn]['selected'] = TRUE;
1281 }else{
1282 $this->outside_groups[$dn]['selected'] = FALSE;
1283 }
1284 }
1285 }
1287 /* Capture all selected users from outside_users_dialog */
1288 if($this->outside_users_dialog){
1289 foreach($this->outside_users as $dn => $data){
1290 if(isset($_POST['select_user_'.$dn])){
1291 $this->outside_users[$dn]['selected'] = TRUE;
1292 }else{
1293 $this->outside_users[$dn]['selected'] = FALSE;
1294 }
1295 }
1296 }
1298 /* Get "create acl" dialog posts */
1299 if($this->acl_create_dialog){
1300 if(isset($_POST['create_acls_create'])){
1301 if(isset($_POST['create_acls_selected'])){
1302 $this->acl_create_selected = base64_decode($_POST['create_acls_selected']);
1303 }else{
1304 $this->acl_create_selected = "";
1305 }
1306 }
1308 if(isset($_POST['create_acls_create_abort'])){
1309 $this->acl_create_selected = "";
1310 }
1312 if(isset($_POST['acl_create_type'])){
1313 $this->acl_create_type = $_POST['acl_create_type'];
1314 }
1315 }
1317 /* Get selected departments */
1318 if($this->dep_migration_dialog){
1319 foreach($this->deps_to_migrate as $id => $data){
1320 if(isset($_POST['migrate_'.$id])){
1321 $this->deps_to_migrate[$id]['checked'] = TRUE;
1322 }else{
1323 $this->deps_to_migrate[$id]['checked'] = FALSE;
1324 }
1325 }
1326 }
1328 /* Get selected users */
1329 if($this->users_migration_dialog){
1330 foreach($this->users_to_migrate as $id => $data){
1331 if(isset($_POST['migrate_'.$id])){
1332 $this->users_to_migrate[$id]['checked'] = TRUE;
1333 }else{
1334 $this->users_to_migrate[$id]['checked'] = FALSE;
1335 }
1336 }
1337 }
1338 }
1341 /* Check if the root object exists.
1342 * If the parameter just_check is true, then just check if the
1343 * root object is missing and update the info messages.
1344 * If the Parameter is false, try to create a new root object.
1345 */
1346 function checkBase($just_check = TRUE)
1347 {
1348 /* Get collected setup informations */
1349 $cv = $this->parent->captured_values;
1351 /* Establish ldap connection */
1352 $ldap = new LDAP($cv['admin'],
1353 $cv['password'],
1354 $cv['connection'],
1355 FALSE,
1356 $cv['tls']);
1358 /* Check if root object exists */
1359 $ldap->cd($cv['base']);
1360 $res = $ldap->search("(objectClass=*)");
1361 $err = ldap_errno($ldap->cid);
1363 if( !$res ||
1364 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1365 $err == 0x40) { # LDAP_NAMING_VIOLATION
1367 /* Root object doesn't exists
1368 */
1369 if($just_check){
1370 $this->checks['root']['STATUS'] = FALSE;
1371 $this->checks['root']['STATUS_MSG']= _("Failed");
1372 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1373 return(FALSE);
1374 }else{
1376 echo "REMOVE this : Autocreation of the root object will be done by create_missing_tree later. !!!!!!!";
1378 /* Try to find out which values are necessary */
1379 $tmp = $ldap->get_objectclasses();
1380 $oc = $tmp['organization'];
1382 $must_attrs = $oc['MUST'];
1383 if(!is_array($must_attrs)){
1384 $must_attrs = array($must_attrs);
1385 }
1387 /* Root object does not exists try to create it */
1388 $ldapadd["objectclass"][0]="top";
1389 $ldapadd["objectclass"][1]="organization";
1391 /* Try to fill all collected must attributes */
1392 $base_parts = preg_split("/,/",$cv['base']);
1393 foreach($must_attrs as $attr){
1394 foreach($base_parts as $part){
1395 if(preg_match("/^".$attr."=/",$part) && !isset($ldapadd[$attr])){
1396 $ldapadd[$attr]= preg_replace("/^[^=]*+=/","",$part);
1397 }
1398 }
1399 }
1401 /* Add root object */
1402 $ldap->cd($cv['base']);
1403 $res = $ldap->add($ldapadd);
1405 /* Add root object */
1406 $ldap->cd($cv['base']);
1407 # $res = $ldap->create_missing_trees($cv['base']);
1409 /* If adding failed, tell the user */
1410 if(!$res){
1411 $this->checks['root']['STATUS'] = FALSE;
1412 $this->checks['root']['STATUS_MSG']= _("Failed");
1413 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
1414 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1415 return($res);;
1416 }
1417 }
1418 }
1420 /* Create & remove of dummy object was successful */
1421 $this->checks['root']['STATUS'] = TRUE;
1422 $this->checks['root']['STATUS_MSG']= _("Ok");
1423 }
1426 /* Return ldif information for a
1427 * given attribute array
1428 */
1429 function array_to_ldif($atts)
1430 {
1431 $ret = "";
1432 unset($atts['count']);
1433 unset($atts['dn']);
1434 foreach($atts as $name => $value){
1435 if(is_numeric($name)) {
1436 continue;
1437 }
1438 if(is_array($value)){
1439 unset($value['count']);
1440 foreach($value as $a_val){
1441 $ret .= $name.": ". $a_val."\n";
1442 }
1443 }else{
1444 $ret .= $name.": ". $value."\n";
1445 }
1446 }
1447 return(preg_replace("/\n$/","",$ret));
1448 }
1451 function get_user_list()
1452 {
1453 /* Get collected configuration settings */
1454 $cv = $this->parent->captured_values;
1456 /* Establish ldap connection */
1457 $ldap = new LDAP($cv['admin'],
1458 $cv['password'],
1459 $cv['connection'],
1460 FALSE,
1461 $cv['tls']);
1463 $ldap->cd($cv['base']);
1464 $ldap->search("(objectClass=gosaAccount)",array("dn"));
1466 $tmp = array();
1467 while($attrs = $ldap->fetch()){
1468 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1469 }
1470 return($tmp);
1471 }
1474 function get_all_people_ous()
1475 {
1476 /* Get collected configuration settings */
1477 $cv = $this->parent->captured_values;
1479 /* Establish ldap connection */
1480 $ldap = new LDAP($cv['admin'],
1481 $cv['password'],
1482 $cv['connection'],
1483 FALSE,
1484 $cv['tls']);
1486 $ldap->cd($cv['base']);
1487 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1489 if($ldap->count() == 0 ){
1490 $add_dn = $cv['peopleou'].",".$cv['base'];
1491 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1492 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1493 $add = array();
1494 $add['objectClass'] = array("organizationalUnit");
1495 $add[$naming_attr] = $naming_value;
1497 $ldap->cd($cv['base']);
1498 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1499 $ldap->cd($add_dn);
1500 $ldap->add($add);
1501 }
1503 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1504 $tmp = array();
1505 while($attrs= $ldap->fetch()){
1506 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1507 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1508 }
1509 }
1510 return($tmp);
1511 }
1513 function get_all_winstation_ous()
1514 {
1515 /* Get collected configuration settings */
1516 $cv = $this->parent->captured_values;
1518 /* Establish ldap connection */
1519 $ldap = new LDAP($cv['admin'],
1520 $cv['password'],
1521 $cv['connection'],
1522 FALSE,
1523 $cv['tls']);
1525 /* Get winstation ou */
1526 if($cv['generic_settings']['wws_ou_active']) {
1527 $winstation_ou = $cv['generic_settings']['ws_ou'];
1528 }else{
1529 $winstation_ou = "ou=winstations";
1530 }
1532 $ldap->cd($cv['base']);
1533 $ldap->search("(".$winstation_ou.")",array("dn"));
1535 if($ldap->count() == 0 ){
1536 $add_dn = $cv['groupou'].",".$cv['base'];
1537 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1538 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1539 $add = array();
1540 $add['objectClass'] = array("organizationalUnit");
1541 $add[$naming_attr] = $naming_value;
1543 $ldap->cd($cv['base']);
1544 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1545 $ldap->cd($add_dn);
1546 $ldap->add($add);
1547 }
1549 $ldap->search("(".$winstation_ou.")",array("dn"));
1550 $tmp = array();
1551 while($attrs= $ldap->fetch()){
1552 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1553 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1554 }
1555 }
1556 return($tmp);
1557 }
1561 function get_all_group_ous()
1562 {
1563 /* Get collected configuration settings */
1564 $cv = $this->parent->captured_values;
1566 /* Establish ldap connection */
1567 $ldap = new LDAP($cv['admin'],
1568 $cv['password'],
1569 $cv['connection'],
1570 FALSE,
1571 $cv['tls']);
1573 $ldap->cd($cv['base']);
1574 $ldap->search("(".$cv['groupou'].")",array("dn"));
1576 if($ldap->count() == 0 ){
1577 $add_dn = $cv['groupou'].",".$cv['base'];
1578 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1579 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1580 $add = array();
1581 $add['objectClass'] = array("organizationalUnit");
1582 $add[$naming_attr] = $naming_value;
1584 $ldap->cd($cv['base']);
1585 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1586 $ldap->cd($add_dn);
1587 $ldap->add($add);
1588 }
1590 $ldap->search("(".$cv['groupou'].")",array("dn"));
1591 $tmp = array();
1592 while($attrs= $ldap->fetch()){
1593 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1594 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1595 }
1596 }
1597 return($tmp);
1598 }
1601 function get_group_list()
1602 {
1603 /* Get collected configuration settings */
1604 $cv = $this->parent->captured_values;
1606 /* Establish ldap connection */
1607 $ldap = new LDAP($cv['admin'],
1608 $cv['password'],
1609 $cv['connection'],
1610 FALSE,
1611 $cv['tls']);
1613 $ldap->cd($cv['base']);
1614 $ldap->search("(objectClass=posixGroup)",array("dn"));
1616 $tmp = array();
1617 while($attrs = $ldap->fetch()){
1618 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1619 }
1620 return($tmp);
1621 }
1624 function move($source,$destination)
1625 {
1626 /* Get collected configuration settings */
1627 $cv = $this->parent->captured_values;
1629 /* Establish ldap connection */
1630 $ldap = new LDAP($cv['admin'],
1631 $cv['password'],
1632 $cv['connection'],
1633 FALSE,
1634 $cv['tls']);
1636 /* Update object references in gosaGroupOfNames */
1637 $ogs_to_fix = array();
1638 $ldap->cd($cv['base']);
1639 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($source).'))', array('cn','member'));
1640 while ($attrs= $ldap->fetch()){
1641 $dn = $attrs['dn'];
1642 $attrs = $this->cleanup_array($attrs);
1643 $member_new = array($destination);
1644 foreach($attrs['member'] as $member){
1645 if($member != $source){
1646 $member_new[] = $member;
1647 }
1648 }
1649 $attrs['member'] = $member_new;
1650 $ogs_to_fix[$dn] = $attrs;
1651 }
1653 /* Copy source to destination dn */
1654 $ldap->cat($source);
1655 $new_data = $this->cleanup_array($ldap->fetch());
1656 $ldap->cd($destination);
1657 $res = $ldap->add($new_data);
1659 /* Display warning if copy failed */
1660 if(!$res){
1661 print_red(_("Failed to copy '%s' to '%s'. Ldap says '%s'."),$source,$destination,$ldap->get_error());
1662 }else{
1663 $res = $ldap->rmDir($source);
1664 show_ldap_error($ldap->get_error(),_("Something went wrong while copying dns."));
1666 /* Object is copied, so update its references */
1667 foreach($ogs_to_fix as $dn => $data){
1668 $ldap->cd($dn);
1669 $ldap->modify($data);
1670 }
1671 }
1672 }
1675 /* Cleanup ldap result to be able to write it be to ldap */
1676 function cleanup_array($attrs)
1677 {
1678 foreach($attrs as $key => $value) {
1679 if(is_numeric($key) || in_array($key,array("count","dn"))){
1680 unset($attrs[$key]);
1681 }
1682 if(is_array($value) && isset($value['count'])){
1683 unset($attrs[$key]['count']);
1684 }
1685 }
1686 return($attrs);
1687 }
1688 }
1690 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1691 ?>