1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/monitoring.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
63 /* Department migration attributes */
64 var $users_migration_dialog= FALSE;
65 var $users_to_migrate = array();
67 /* Create Acl attributes */
68 var $acl_create_dialog = FALSE;
69 var $acl_create_type = "group";
70 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
71 var $acl_create_changes = ""; // Contains ldif information about changes
72 var $acl_create_confirmed= FALSE;
74 /* Checks initialised ? */
75 var $checks_initialised = FALSE;
77 /* Users outside to people ou */
78 var $outside_users = array();
79 var $outside_users_dialog = FALSE;
81 /* Users outside to groups ou */
82 var $outside_groups = array();
83 var $outside_groups_dialog = FALSE;
85 /* Win-Workstations outside to reserved ou */
86 var $outside_winstations = array();
87 var $outside_winstations_dialog = FALSE;
89 /* check for multiple use of same uidNumber */
90 var $check_uidNumbers = array();
91 var $check_uidNumbers_dialog = FALSE;
93 /* check for multiple use of same gidNumber */
94 var $check_gidNumbers = array();
95 var $check_gidNumbers_dialog = FALSE;
98 function Step_Migrate()
99 {
100 $this->update_strings();
101 }
103 function update_strings()
104 {
105 $this->s_title = _("LDAP inspection");
106 $this->s_title_long = _("LDAP inspection");
107 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
108 }
110 function initialize_checks()
111 {
112 $this->checks = array();
113 $this->checks['root']['TITLE'] = _("Checking for root object");
114 $this->checks['root']['STATUS'] = FALSE;
115 $this->checks['root']['STATUS_MSG']= "";
116 $this->checks['root']['ERROR_MSG'] = "";
117 $this->checkBase();
119 $this->checks['permissions']['TITLE'] = _("Checking permissions on ldap database");
120 $this->checks['permissions']['STATUS'] = FALSE;
121 $this->checks['permissions']['STATUS_MSG']= "";
122 $this->checks['permissions']['ERROR_MSG'] = "";
123 $this->check_ldap_permissions();
125 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible deparmtments");
126 $this->checks['deps_visible']['STATUS'] = FALSE;
127 $this->checks['deps_visible']['STATUS_MSG']= "";
128 $this->checks['deps_visible']['ERROR_MSG'] = "";
129 $this->check_organizationalUnits();
131 $this->checks['users_visible']['TITLE'] = _("Checking for invisible user");
132 $this->checks['users_visible']['STATUS'] = FALSE;
133 $this->checks['users_visible']['STATUS_MSG']= "";
134 $this->checks['users_visible']['ERROR_MSG'] = "";
135 $this->check_gosaAccounts();
137 $this->checks['acls']['TITLE'] = _("Checking for administrational account");
138 $this->checks['acls']['STATUS'] = FALSE;
139 $this->checks['acls']['STATUS_MSG']= "";
140 $this->checks['acls']['ERROR_MSG'] = "";
141 $this->check_administrativeAccount();
143 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people department.");
144 $this->checks['outside_users']['STATUS'] = FALSE;
145 $this->checks['outside_users']['STATUS_MSG']= "";
146 $this->checks['outside_users']['ERROR_MSG'] = "";
147 $this->search_outside_users();
149 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups department.");
150 $this->checks['outside_groups']['STATUS'] = FALSE;
151 $this->checks['outside_groups']['STATUS_MSG']= "";
152 $this->checks['outside_groups']['ERROR_MSG'] = "";
153 $this->search_outside_groups();
155 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation department.");
156 $this->checks['outside_winstations']['STATUS'] = FALSE;
157 $this->checks['outside_winstations']['STATUS_MSG']= "";
158 $this->checks['outside_winstations']['ERROR_MSG'] = "";
159 $this->search_outside_winstations();
161 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for multiple use of same uidNumber value.");
162 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
163 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
164 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
165 $this->check_uidNumber();
167 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for multiple use of same gidNumber value.");
168 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
169 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
170 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
171 $this->check_gidNumber();
172 }
175 function check_uidNumber()
176 {
177 $cv = $this->parent->captured_values;
178 $ldap = new LDAP($cv['admin'],
179 $cv['password'],
180 $cv['connection'],
181 FALSE,
182 $cv['tls']);
184 $ldap->cd($cv['base']);
185 $res = $ldap->search("uidNumber=*",array("dn","uidNumber"));
186 if(!$res){
187 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
188 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ldap query failed.");
189 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
190 return(false);
191 }
193 $this->check_uidNumbers= array();
194 $tmp = array();
195 while($attrs = $ldap->fetch()){
196 $tmp[$attrs['uidNumber'][0]][] = $attrs;
197 }
199 foreach($tmp as $id => $entries){
200 if(count($entries) > 1){
201 foreach($entries as $entry){
202 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
203 }
204 }
205 }
207 if($this->check_uidNumbers){
208 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
209 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Failed");
210 $this->checks['uidNumber_usage']['ERROR_MSG'] =
211 sprintf(_("Found %s duplicated uidNumber values."),count($this->check_uidNumbers));
212 return(false);
213 }else{
214 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
215 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
216 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
217 return(TRUE);
218 }
219 }
221 function check_gidNumber()
222 {
223 $cv = $this->parent->captured_values;
224 $ldap = new LDAP($cv['admin'],
225 $cv['password'],
226 $cv['connection'],
227 FALSE,
228 $cv['tls']);
230 $ldap->cd($cv['base']);
231 $res = $ldap->search("gidNumber=*",array("dn","gidNumber"));
232 if(!$res){
233 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
234 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ldap query failed.");
235 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
236 return(false);
237 }
239 $this->check_gidNumbers= array();
240 $tmp = array();
241 while($attrs = $ldap->fetch()){
242 $tmp[$attrs['gidNumber'][0]][] = $attrs;
243 }
245 foreach($tmp as $id => $entries){
246 if(count($entries) > 1){
247 foreach($entries as $entry){
248 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
249 }
250 }
251 }
253 if($this->check_gidNumbers){
254 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
255 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Failed");
256 $this->checks['gidNumber_usage']['ERROR_MSG'] =
257 sprintf(_("Found %s duplicated gidNumber values."),count($this->check_gidNumbers));
258 return(false);
259 }else{
260 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
261 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
262 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
263 return(TRUE);
264 }
265 }
268 /* Search for winstations outside the winstation ou */
269 function search_outside_winstations()
270 {
271 $cv = $this->parent->captured_values;
272 $ldap = new LDAP($cv['admin'],
273 $cv['password'],
274 $cv['connection'],
275 FALSE,
276 $cv['tls']);
280 /* Get winstation ou */
281 if($cv['generic_settings']['wws_ou_active']) {
282 $winstation_ou = $cv['generic_settings']['ws_ou'];
283 }else{
284 $winstation_ou = "ou=winstations";
285 }
287 if($cv['samba_version'] == 3){
288 $oc = "sambaSamAccount";
289 }else{
290 $oc = "sambaAccount";
291 }
293 $ldap->cd($cv['base']);
294 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
295 if(!$res){
296 $this->checks['outside_winstations']['STATUS'] = FALSE;
297 $this->checks['outside_winstations']['STATUS_MSG']= _("Ldap query failed.");
298 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
299 return(false);
300 }
302 $this->outside_winstations = array();
303 while($attrs = $ldap->fetch()){
304 if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
305 $attrs['selected'] = FALSE;
306 $attrs['ldif'] = "";
307 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
308 }
309 }
311 if(count($this->outside_winstations)){
312 $this->checks['outside_winstations']['STATUS'] = FALSE;
313 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
314 $this->checks['outside_winstations']['ERROR_MSG'] =
315 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
316 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."'>";
317 return(false);
318 }else{
319 $this->checks['outside_winstations']['STATUS'] = TRUE;
320 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
321 $this->checks['outside_winstations']['ERROR_MSG'] = "";
322 return(TRUE);
323 }
324 }
327 /* Search for groups outside the group ou */
328 function search_outside_groups()
329 {
330 $cv = $this->parent->captured_values;
331 $ldap = new LDAP($cv['admin'],
332 $cv['password'],
333 $cv['connection'],
334 FALSE,
335 $cv['tls']);
337 $group_ou = $cv['groupou'];
338 $ldap->cd($cv['base']);
339 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
340 if(!$res){
341 $this->checks['outside_groups']['STATUS'] = FALSE;
342 $this->checks['outside_groups']['STATUS_MSG']= _("Ldap query failed.");
343 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
344 return(false);
345 }
348 $this->outside_groups = array();
349 while($attrs = $ldap->fetch()){
350 if((!preg_match("/^[^,]+,".normalizePreg($group_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
351 $attrs['selected'] = FALSE;
352 $attrs['ldif'] = "";
353 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
354 }
355 }
357 if(count($this->outside_groups)){
358 $this->checks['outside_groups']['STATUS'] = FALSE;
359 $this->checks['outside_groups']['STATUS_MSG']= _("Failed");
360 $this->checks['outside_groups']['ERROR_MSG'] =
361 sprintf(_("Found %s groups outside the selected group ou '%s'."),count($this->outside_groups),$group_ou);
362 $this->checks['outside_groups']['ERROR_MSG'].= "<input type='submit' name='outside_groups_dialog' value='"._("Migrate")."'>";
363 return(false);
364 }else{
365 $this->checks['outside_groups']['STATUS'] = TRUE;
366 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
367 $this->checks['outside_groups']['ERROR_MSG'] = "";
368 return(TRUE);
369 }
370 }
372 /* Search for users outside the people ou */
373 function search_outside_users()
374 {
375 $cv = $this->parent->captured_values;
376 $ldap = new LDAP($cv['admin'],
377 $cv['password'],
378 $cv['connection'],
379 FALSE,
380 $cv['tls']);
381 $people_ou = $cv['peopleou'];
382 $ldap->cd($cv['base']);
383 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
384 if(!$res){
385 $this->checks['outside_users']['STATUS'] = FALSE;
386 $this->checks['outside_users']['STATUS_MSG']= _("Ldap query failed.");
387 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
388 return(false);
389 }
392 $this->outside_users = array();
393 while($attrs = $ldap->fetch()){
394 if((!preg_match("/^[^,]+,".normalizePreg($people_ou)."/",$attrs['dn']) && !preg_match("/,dc=addressbook,/",$attrs['dn']))){
395 $attrs['selected'] = FALSE;
396 $attrs['ldif'] = "";
397 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
398 }
399 }
401 if(count($this->outside_users)){
402 $this->checks['outside_users']['STATUS'] = FALSE;
403 $this->checks['outside_users']['STATUS_MSG']= _("Failed");
404 $this->checks['outside_users']['ERROR_MSG'] =
405 sprintf(_("Found %s users outside the selected user ou '%s'."),count($this->outside_users),$people_ou);
406 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Migrate")."'>";
407 return(false);
408 }else{
409 $this->checks['outside_users']['STATUS'] = TRUE;
410 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
411 $this->checks['outside_users']['ERROR_MSG'] = "";
412 return(TRUE);
413 }
414 }
417 /* Check ldap accessibility
418 * Create and remove a dummy object,
419 * to ensure that we have the necessary permissions
420 */
421 function check_ldap_permissions()
422 {
423 $cv = $this->parent->captured_values;
424 $ldap = new LDAP($cv['admin'],
425 $cv['password'],
426 $cv['connection'],
427 FALSE,
428 $cv['tls']);
430 /* Create dummy entry
431 */
432 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
433 $dn = "ou=".$name.",".$cv['base'];
434 $testEntry= array();
435 $testEntry['objectClass'][]= "top";
436 $testEntry['objectClass'][]= "organizationalUnit";
437 $testEntry['objectClass'][]= "gosaDepartment";
438 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
439 $testEntry['ou'] = $name;
441 /* check if simple ldap cat will be successful
442 */
443 $res = $ldap->cat($cv['base']);
444 if(!$res){
445 $this->checks['permissions']['STATUS'] = FALSE;
446 $this->checks['permissions']['STATUS_MSG']= _("Ldap query failed.");
447 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
448 return(false);
449 }
451 /* Try to create dummy object
452 */
453 $ldap->cd ($dn);
454 $ldap->create_missing_trees($dn);
455 $res = $ldap->add($testEntry);
456 $ldap->cat($dn);
457 if(!$ldap->count()){
458 gosa_log($ldap->get_error());
459 $this->checks['permissions']['STATUS'] = FALSE;
460 $this->checks['permissions']['STATUS_MSG']= _("Failed");
461 $this->checks['permissions']['ERROR_MSG'] =
462 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
463 return(false);
464 }
466 /* Try to remove created entry
467 */
468 $res = $ldap->rmDir($dn);
469 $ldap->cat($dn);
470 if($ldap->count()){
471 gosa_log($ldap->get_error());
472 $this->checks['permissions']['STATUS'] = FALSE;
473 $this->checks['permissions']['STATUS_MSG']= _("Failed");
474 $this->checks['permissions']['ERROR_MSG'] =
475 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
476 return(false);
477 }
479 /* Create & remove of dummy object was successful */
480 $this->checks['permissions']['STATUS'] = TRUE;
481 $this->checks['permissions']['STATUS_MSG']= _("Ok");
482 $this->checks['permissions']['ERROR_MSG'] = "";
483 return(true);
484 }
487 /* Check if there are users which will
488 * be invisible for GOsa
489 */
490 function check_gosaAccounts()
491 {
492 /* Remember old list of ivisible users, to be able to set
493 * the 'html checked' status for the checkboxes again
494 */
495 $cnt_ok = 0;
496 $old = $this->users_to_migrate;
497 $this->users_to_migrate = array();
499 /* Get collected configuration settings */
500 $cv = $this->parent->captured_values;
502 /* Establish ldap connection */
503 $ldap = new LDAP($cv['admin'],
504 $cv['password'],
505 $cv['connection'],
506 FALSE,
507 $cv['tls']);
509 /* Get all invisible users
510 */
511 $ldap->cd($cv['base']);
512 $res =$ldap->search("(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=organizationalPerson))(!(objectClass=gosaAccount)))",array("sn","givenName","cn","uid"));
513 while($attrs = $ldap->fetch()){
514 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
515 $attrs['checked'] = FALSE;
516 $attrs['before'] = "";
517 $attrs['after'] = "";
519 /* Set objects to selected, that were selected before reload */
520 if(isset($old[base64_encode($attrs['dn'])])){
521 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
522 }
523 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
524 }
525 }
527 /* No invisible */
528 if(!$res){
529 $this->checks['users_visible']['STATUS'] = FALSE;
530 $this->checks['users_visible']['STATUS_MSG']= _("Ldap query failed.");
531 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
532 }elseif(count($this->users_to_migrate) == 0){
533 $this->checks['users_visible']['STATUS'] = TRUE;
534 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
535 $this->checks['users_visible']['ERROR_MSG'] = "";
536 }else{
537 $this->checks['users_visible']['STATUS'] = FALSE;
538 $this->checks['users_visible']['STATUS_MSG']= "";
539 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s users that will not be visible in GOsa."),
540 count($this->users_to_migrate));
541 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."'>";
542 }
543 }
546 /* Start user account migration
547 */
548 function migrate_gosaAccounts($only_ldif = FALSE)
549 {
550 /* Get collected configuration settings */
551 $cv = $this->parent->captured_values;
553 /* Establish ldap connection */
554 $ldap = new LDAP($cv['admin'],
555 $cv['password'],
556 $cv['connection'],
557 FALSE,
558 $cv['tls']);
560 /* Add gosaAccount objectClass to the selected users
561 */
562 foreach($this->users_to_migrate as $key => $dep){
563 if($dep['checked']){
565 /* Get old objectClasses */
566 $ldap->cat($dep['dn'],array("objectClass"));
567 $attrs = $ldap->fetch();
569 /* Create new objectClass array */
570 $new_attrs = array();
571 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
572 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
573 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
574 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
575 }
576 }
578 /* Set info attributes for current object,
579 * or write changes to the ldap database
580 */
581 if($only_ldif){
582 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
583 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
584 }else{
585 $ldap->cd($attrs['dn']);
586 if(!$ldap->modify($new_attrs)){
587 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
588 return(false);
589 }
590 }
591 }
592 }
593 return(TRUE);
594 }
597 /* Check if there are invisible organizational Units
598 */
599 function check_organizationalUnits()
600 {
601 $cnt_ok = 0;
602 $old = $this->deps_to_migrate;
603 $this->deps_to_migrate = array();
605 /* Get collected configuration settings */
606 $cv = $this->parent->captured_values;
608 /* Establish ldap connection */
609 $ldap = new LDAP($cv['admin'],
610 $cv['password'],
611 $cv['connection'],
612 FALSE,
613 $cv['tls']);
615 /* Skip GOsa internal departments */
616 $skip_dns = array("/^ou=people,/","/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
617 "/^ou=apps,/","/^ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
618 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
619 "/(,|)ou=winstations,/");
622 /* Get all invisible departments */
623 $ldap->cd($cv['base']);
624 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
625 while($attrs = $ldap->fetch()){
626 $attrs['checked'] = FALSE;
627 $attrs['before'] = "";
628 $attrs['after'] = "";
630 /* Set objects to selected, that were selected before reload */
631 if(isset($old[base64_encode($attrs['dn'])])){
632 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
633 }
634 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
635 }
637 /* Filter returned list of departments and ensure that
638 * GOsa internal departments will not be listed
639 */
640 foreach($this->deps_to_migrate as $key => $attrs){
641 $dn = $attrs['dn'];
642 $skip = false;
643 foreach($skip_dns as $skip_dn){
644 if(preg_match($skip_dn,$dn)){
645 $skip = true;
646 }
647 }
648 if($skip){
649 unset($this->deps_to_migrate[$key]);
650 }
651 }
653 /* If we have no invisible departments found
654 * tell the user that everything is ok
655 */
656 if(!$res){
657 $this->checks['deps_visible']['STATUS'] = FALSE;
658 $this->checks['deps_visible']['STATUS_MSG']= _("Ldap query failed.");
659 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
660 }elseif(count($this->deps_to_migrate) == 0 ){
661 $this->checks['deps_visible']['STATUS'] = TRUE;
662 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
663 $this->checks['deps_visible']['ERROR_MSG'] = "";
664 }else{
665 $this->checks['deps_visible']['STATUS'] = FALSE;
666 $this->checks['deps_visible']['STATUS_MSG']= "";//sprintf(_("%s entries found"),count($this->deps_to_migrate));
667 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s departments that will not be visible in GOsa."),count($this->deps_to_migrate));
668 $this->checks['deps_visible']['ERROR_MSG'] .= "<input type='submit' name='deps_visible_migrate' value='"._("Migrate")."'>";
669 }
670 }
674 /* Start deparmtment migration */
675 function migrate_organizationalUnits($only_ldif = FALSE)
676 {
677 /* Get collected configuration settings */
678 $cv = $this->parent->captured_values;
680 /* Establish ldap connection */
681 $ldap = new LDAP($cv['admin'],
682 $cv['password'],
683 $cv['connection'],
684 FALSE,
685 $cv['tls']);
687 /* Add gosaDepartment objectClass to each selected entry
688 */
689 foreach($this->deps_to_migrate as $key => $dep){
690 if($dep['checked']){
692 /* Get current objectClasses */
693 $ldap->cat($dep['dn'],array("objectClass","description"));
694 $attrs = $ldap->fetch();
696 /* Create new objectClass attribute including gosaDepartment*/
697 $new_attrs = array();
698 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
699 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
700 }
701 $new_attrs['objectClass'][] = "gosaDepartment";
703 /* Append description it is missing */
704 if(!isset($attrs['description'])){
705 $new_attrs['description'][] = "GOsa department";
706 }
708 /* Depending on the parameter >only_diff< we save the changes as ldif
709 * or we write our changes directly to the ldap database
710 */
711 if($only_ldif){
712 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
713 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
714 }else{
715 $ldap->cd($attrs['dn']);
716 if(!$ldap->modify($new_attrs)){
717 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
718 return(false);
719 }
720 }
721 }
722 }
723 return(TRUE);
724 }
727 /* Check Acls if there is at least one object with acls defined
728 */
729 function check_administrativeAccount()
730 {
731 /* Establish ldap connection */
732 $cv = $this->parent->captured_values;
733 $ldap = new LDAP($cv['admin'],
734 $cv['password'],
735 $cv['connection'],
736 FALSE,
737 $cv['tls']);
739 /* Search for gosaAcls */
740 $ldap->cd($cv['base']);
741 $res = $ldap->search("(&(objectClass=gosaAccount)(|(objectClass=posixAccount)".
742 "(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))");
743 if(!$res){
744 $this->checks['acls']['STATUS'] = FALSE;
745 $this->checks['acls']['STATUS_MSG']= _("Ldap query failed.");
746 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
747 }elseif($ldap->count()){
748 $this->checks['acls']['STATUS'] = TRUE;
749 $this->checks['acls']['STATUS_MSG']= _("Ok");
750 }else{
751 $this->checks['acls']['STATUS'] = FALSE;
752 $this->checks['acls']['STATUS_MSG']= _("Failed");
753 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create adminitrational account")."'>";
754 }
755 return($ldap->count()>=1);
756 }
760 function create_admin($only_ldif = FALSE)
761 {
762 /* Reset '' */
763 $this->acl_create_changes="";
765 /* Object that should receive admin acls */
766 $dn = $this->acl_create_selected;
768 /* Get collected configuration settings */
769 $cv = $this->parent->captured_values;
771 /* Establish ldap connection */
772 $ldap = new LDAP($cv['admin'],
773 $cv['password'],
774 $cv['connection'],
775 FALSE,
776 $cv['tls']);
778 /* Get current base attributes */
779 $ldap->cd($cv['base']);
780 $ldap->cat($cv['base'],array("dn","objectClass","gosaAclEntry"));
781 $attrs = $ldap->fetch();
783 /* Add acls for the selcted user to the base */
784 $attrs_new['objectClass'] = array("gosaACL");
786 for($i = 0; $i < $attrs['objectClass']['count']; $i ++){
787 if(!in_array_ics($attrs['objectClass'][$i],$attrs_new['objectClass'])){
788 $attrs_new['objectClass'][] = $attrs['objectClass'][$i];
789 }
790 }
792 $acl = "0:sub:".base64_encode($dn).":all;cmdrw";
793 $attrs_new['gosaAclEntry'][] = $acl;
794 if(isset($attrs['gosaAclEntry'])){
795 for($i = 0 ; $i < $attrs['gosaAclEntry']['count']; $i ++){
797 $prio = preg_replace("/[:].*$/","",$attrs['gosaAclEntry'][$i]);
798 $rest = preg_replace("/^[^:]/","",$attrs['gosaAclEntry'][$i]);
800 $data = ($prio+1).$rest;
801 $attrs_new['gosaAclEntry'][] = $data;
802 }
803 }
805 if($only_ldif){
806 $this->acl_create_changes ="\n".$cv['base']."\n";
807 $this->acl_create_changes.=$this->array_to_ldif($attrs)."\n";
808 $this->acl_create_changes.="\n".$cv['base']."\n";
809 $this->acl_create_changes.=$this->array_to_ldif($attrs_new);
810 }else{
812 $ldap->cd($cv['base']);
813 if(!$ldap->modify($attrs_new)){
814 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
815 }
816 }
817 }
820 function create_admin_user()
821 {
822 $pw1 = $pw2 = "";
824 if(isset($_POST['new_user_password'])){
825 $pw1 = $_POST['new_user_password'];
826 }
827 if(isset($_POST['new_user_password2'])){
828 $pw2 = $_POST['new_user_password2'];
829 }
831 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
832 print_red(_("Specified passwords are empty or not equal."));
833 return false;
834 }
836 /* Establish ldap connection */
837 $cv = $this->parent->captured_values;
838 $ldap = new LDAP($cv['admin'],
839 $cv['password'],
840 $cv['connection'],
841 FALSE,
842 $cv['tls']);
844 /* Get current base attributes */
845 $ldap->cd($cv['base']);
847 if($cv['peopledn'] == "cn"){
848 $dn = "cn=System Administrator,".$cv['peopleou'].",".$cv['base'];
849 }else{
850 $dn = "uid=admin,".$cv['peopleou'].",".$cv['base'];
851 }
853 $methods = @passwordMethod::get_available_methods_if_not_loaded();
854 $p_m = $methods[$cv['encryption']];
855 $p_c = new $p_m(array());
856 $hash = $p_c->generate_hash($pw2);
858 $new_user=array();
859 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
860 $new_user['givenName'] = "System";
861 $new_user['sn'] = "Administrator";
862 $new_user['cn'] = "System Administrator";
863 $new_user['uid'] = "admin";
864 $new_user['userPassword'] = $hash;
866 $ldap->cd($cv['base']);
867 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
868 $ldap->cd($dn);
869 $res = $ldap->add($new_user);
870 $this->acl_create_selected = $dn;
871 $this->create_admin();
873 if(!$res){
874 print_red($ldap->get_error());
875 return(FALSE);
876 }
878 $this->acl_create_dialog=FALSE;
879 $this->check_administrativeAccount();
880 return(TRUE);
881 }
884 function migrate_outside_winstations($perform = FALSE)
885 {
886 /* Establish ldap connection */
887 $cv = $this->parent->captured_values;
888 $ldap = new LDAP($cv['admin'],
889 $cv['password'],
890 $cv['connection'],
891 FALSE,
892 $cv['tls']);
894 $ldap->cd($cv['base']);
896 /* Check if there was a destination department posted */
897 if(isset($_POST['move_winstation_to'])){
898 $destination_dep = $_POST['move_winstation_to'];
899 }else{
900 print_red(_("Couldn't move users to specified department."));
901 return(false);
902 }
904 foreach($this->outside_winstations as $b_dn => $data){
905 $this->outside_winstations[$b_dn]['ldif'] ="";
906 if($data['selected']){
907 $dn = base64_decode($b_dn);
908 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
909 if(!$perform){
910 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
913 /* Check if there are references to this object */
914 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
915 $refs = "";
916 while($attrs = $ldap->fetch()){
917 $ref_dn = $attrs['dn'];
918 $refs .= "<br />\t".$ref_dn;
919 }
920 if(!empty($refs)){
921 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
922 }
924 }else{
925 $this->move($dn,$d_dn);
926 }
927 }
928 }
929 }
932 function migrate_outside_groups($perform = FALSE)
933 {
934 /* Establish ldap connection */
935 $cv = $this->parent->captured_values;
936 $ldap = new LDAP($cv['admin'],
937 $cv['password'],
938 $cv['connection'],
939 FALSE,
940 $cv['tls']);
942 $ldap->cd($cv['base']);
944 /* Check if there was a destination department posted */
945 if(isset($_POST['move_group_to'])){
946 $destination_dep = $_POST['move_group_to'];
947 }else{
948 print_red(_("Couldn't move users to specified department."));
949 return(false);
950 }
952 foreach($this->outside_groups as $b_dn => $data){
953 $this->outside_groups[$b_dn]['ldif'] ="";
954 if($data['selected']){
955 $dn = base64_decode($b_dn);
956 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
957 if(!$perform){
958 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
961 /* Check if there are references to this object */
962 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
963 $refs = "";
964 while($attrs = $ldap->fetch()){
965 $ref_dn = $attrs['dn'];
966 $refs .= "<br />\t".$ref_dn;
967 }
968 if(!empty($refs)){
969 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
970 }
972 }else{
973 $this->move($dn,$d_dn);
974 }
975 }
976 }
977 }
980 function migrate_outside_users($perform = FALSE)
981 {
982 /* Establish ldap connection */
983 $cv = $this->parent->captured_values;
984 $ldap = new LDAP($cv['admin'],
985 $cv['password'],
986 $cv['connection'],
987 FALSE,
988 $cv['tls']);
990 $ldap->cd($cv['base']);
992 /* Check if there was a destination department posted */
993 if(isset($_POST['move_user_to'])){
994 $destination_dep = $_POST['move_user_to'];
995 }else{
996 print_red(_("Couldn't move users to specified department."));
997 return(false);
998 }
1000 foreach($this->outside_users as $b_dn => $data){
1001 $this->outside_users[$b_dn]['ldif'] ="";
1002 if($data['selected']){
1003 $dn = base64_decode($b_dn);
1004 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1005 if(!$perform){
1006 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1008 /* Check if there are references to this object */
1009 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1010 $refs = "";
1011 while($attrs = $ldap->fetch()){
1012 $ref_dn = $attrs['dn'];
1013 $refs .= "<br />\t".$ref_dn;
1014 }
1015 if(!empty($refs)){
1016 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1017 }
1019 }else{
1020 $this->move($dn,$d_dn);
1021 }
1022 }
1023 }
1024 }
1027 function execute()
1028 {
1029 /* Initialise checks if this is the first call */
1030 if(!$this->checks_initialised || isset($_POST['reload'])){
1031 $this->initialize_checks();
1032 $this->checks_initialised = TRUE;
1033 }
1035 /*************
1036 * Winstations outside the group ou
1037 *************/
1039 if(isset($_POST['outside_winstations_dialog_cancel'])){
1040 $this->outside_winstations_dialog = FALSE;
1041 $this->dialog = FALSE;
1042 }
1044 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1045 $this->migrate_outside_winstations(FALSE);
1046 }
1048 if(isset($_POST['outside_winstations_dialog_perform'])){
1049 $this->migrate_outside_winstations(TRUE);
1050 $this->search_outside_winstations();
1051 }
1053 if(isset($_POST['outside_winstations_dialog'])){
1054 $this->outside_winstations_dialog = TRUE;
1055 $this->dialog = TRUE;
1056 }
1058 if($this->outside_winstations_dialog){
1059 $smarty = get_smarty();
1060 $smarty->assign("ous",$this->get_all_winstation_ous());
1061 $smarty->assign("method","outside_winstations");
1062 $smarty->assign("outside_winstations",$this->outside_winstations);
1063 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1064 }
1065 /*************
1066 * Groups outside the group ou
1067 *************/
1069 if(isset($_POST['outside_groups_dialog_cancel'])){
1070 $this->outside_groups_dialog = FALSE;
1071 $this->dialog = FALSE;
1072 }
1074 if(isset($_POST['outside_groups_dialog_whats_done'])){
1075 $this->migrate_outside_groups(FALSE);
1076 }
1078 if(isset($_POST['outside_groups_dialog_perform'])){
1079 $this->migrate_outside_groups(TRUE);
1080 $this->search_outside_groups();
1081 }
1083 if(isset($_POST['outside_groups_dialog'])){
1084 $this->outside_groups_dialog = TRUE;
1085 $this->dialog = TRUE;
1086 }
1088 if($this->outside_groups_dialog){
1089 $smarty = get_smarty();
1090 $smarty->assign("ous",$this->get_all_group_ous());
1091 $smarty->assign("method","outside_groups");
1092 $smarty->assign("outside_groups",$this->outside_groups);
1093 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1094 }
1096 /*************
1097 * User outside the people ou
1098 *************/
1100 if(isset($_POST['outside_users_dialog_cancel'])){
1101 $this->outside_users_dialog = FALSE;
1102 $this->dialog = FALSE;
1103 }
1105 if(isset($_POST['outside_users_dialog_whats_done'])){
1106 $this->migrate_outside_users(FALSE);
1107 }
1109 if(isset($_POST['outside_users_dialog_perform'])){
1110 $this->migrate_outside_users(TRUE);
1111 $this->search_outside_users();
1112 }
1114 if(isset($_POST['outside_users_dialog'])){
1115 $this->outside_users_dialog = TRUE;
1116 $this->dialog = TRUE;
1117 }
1119 if($this->outside_users_dialog){
1120 $smarty = get_smarty();
1121 $smarty->assign("ous",$this->get_all_people_ous());
1122 $smarty->assign("method","outside_users");
1123 $smarty->assign("outside_users",$this->outside_users);
1124 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1125 }
1127 /*************
1128 * Root object check
1129 *************/
1131 if(isset($_POST['retry_root_create'])){
1133 $state = $this->checks['root']['STATUS'];
1134 $this->checkBase(FALSE);
1135 if($state != $this->checks['root']['STATUS']){
1136 $this->initialize_checks();
1137 }
1138 }
1140 /*************
1141 * User Migration handling
1142 *************/
1144 if(isset($_POST['retry_acls'])){
1145 $this->check_administrativeAccount();
1146 }
1148 if(isset($_POST['create_acls'])){
1149 $this->acl_create_dialog = TRUE;
1150 $this->dialog = TRUE;
1151 }
1153 if(isset($_POST['create_acls_cancel'])){
1154 $this->acl_create_dialog = FALSE;
1155 $this->dialog = FALSE;
1156 }
1158 if(isset($_POST['create_acls_create_confirmed'])){
1159 $this->create_admin();
1160 }
1162 if(isset($_POST['create_acls_create'])){
1163 $this->create_admin(TRUE);
1164 }
1166 if(isset($_POST['create_admin_user'])){
1167 if($this->create_admin_user()){
1168 $this->dialog = FALSE;
1169 }
1170 }
1172 if($this->acl_create_dialog){
1173 $smarty = get_smarty();
1174 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1175 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1176 $smarty->assign("users" ,$this->get_user_list());
1177 $smarty->assign("users_cnt" ,count($this->get_user_list()));
1178 $smarty->assign("groups",$this->get_group_list());
1179 $smarty->assign("groups_cnt",count($this->get_group_list()));
1180 $smarty->assign("type" ,$this->acl_create_type);
1181 $smarty->assign("method","create_acls");
1182 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1183 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1184 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1185 }
1187 /*************
1188 * User Migration handling
1189 *************/
1191 /* Refresh list of deparments */
1192 if(isset($_POST['users_visible_migrate_refresh'])){
1193 $this->check_gosaAccounts();
1194 }
1196 /* Open migration dialog */
1197 if(isset($_POST['users_visible_migrate'])){
1198 $this->users_migration_dialog = TRUE;
1199 $this->dialog =TRUE;
1200 }
1202 /* Close migration dialog */
1203 if(isset($_POST['users_visible_migrate_close'])){
1204 $this->users_migration_dialog = FALSE;
1205 $this->dialog =FALSE;
1206 }
1208 /* Start migration */
1209 if(isset($_POST['users_visible_migrate_migrate'])){
1210 if($this->migrate_gosaAccounts()){
1211 $this->check_gosaAccounts();
1212 }
1213 }
1215 /* Start migration */
1216 if(isset($_POST['users_visible_migrate_whatsdone'])){
1217 $this->migrate_gosaAccounts(TRUE);
1218 }
1220 /* Display migration dialog */
1221 if($this->users_migration_dialog){
1222 $smarty = get_smarty();
1223 $smarty->assign("users_to_migrate",$this->users_to_migrate);
1224 $smarty->assign("method","migrate_users");
1225 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1226 }
1229 /*************
1230 * Department Migration handling
1231 *************/
1233 /* Refresh list of deparments */
1234 if(isset($_POST['deps_visible_migrate_refresh'])){
1235 $this->check_organizationalUnits();
1236 }
1238 /* Open migration dialog */
1239 if(isset($_POST['deps_visible_migrate'])){
1240 $this->dep_migration_dialog = TRUE;
1241 $this->dialog =TRUE;
1242 }
1244 /* Close migration dialog */
1245 if(isset($_POST['deps_visible_migrate_close'])){
1246 $this->dep_migration_dialog = FALSE;
1247 $this->dialog =FALSE;
1248 }
1250 /* Start migration */
1251 if(isset($_POST['deps_visible_migrate_migrate'])){
1252 if($this->migrate_organizationalUnits()){
1253 $this->check_organizationalUnits();
1254 }
1255 }
1257 /* Start migration */
1258 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1259 $this->migrate_organizationalUnits(TRUE);
1260 }
1262 /* Display migration dialog */
1263 if($this->dep_migration_dialog){
1264 $smarty = get_smarty();
1265 $smarty->assign("deps_to_migrate",$this->deps_to_migrate);
1266 $smarty->assign("method","migrate_deps");
1267 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1268 }
1270 $smarty = get_smarty();
1271 $smarty->assign("checks",$this->checks);
1272 $smarty->assign("method","default");
1273 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1274 }
1277 function save_object()
1278 {
1279 $this->is_completed= TRUE;
1281 /* Capture all selected winstations from outside_winstations_dialog */
1282 if($this->outside_winstations_dialog){
1283 foreach($this->outside_winstations as $dn => $data){
1284 if(isset($_POST['select_winstation_'.$dn])){
1285 $this->outside_winstations[$dn]['selected'] = TRUE;
1286 }else{
1287 $this->outside_winstations[$dn]['selected'] = FALSE;
1288 }
1289 }
1290 }
1292 /* Capture all selected groups from outside_groups_dialog */
1293 if($this->outside_groups_dialog){
1294 foreach($this->outside_groups as $dn => $data){
1295 if(isset($_POST['select_group_'.$dn])){
1296 $this->outside_groups[$dn]['selected'] = TRUE;
1297 }else{
1298 $this->outside_groups[$dn]['selected'] = FALSE;
1299 }
1300 }
1301 }
1303 /* Capture all selected users from outside_users_dialog */
1304 if($this->outside_users_dialog){
1305 foreach($this->outside_users as $dn => $data){
1306 if(isset($_POST['select_user_'.$dn])){
1307 $this->outside_users[$dn]['selected'] = TRUE;
1308 }else{
1309 $this->outside_users[$dn]['selected'] = FALSE;
1310 }
1311 }
1312 }
1314 /* Get "create acl" dialog posts */
1315 if($this->acl_create_dialog){
1316 if(isset($_POST['create_acls_create'])){
1317 if(isset($_POST['create_acls_selected'])){
1318 $this->acl_create_selected = base64_decode($_POST['create_acls_selected']);
1319 }else{
1320 $this->acl_create_selected = "";
1321 }
1322 }
1324 if(isset($_POST['create_acls_create_abort'])){
1325 $this->acl_create_selected = "";
1326 }
1328 if(isset($_POST['acl_create_type'])){
1329 $this->acl_create_type = $_POST['acl_create_type'];
1330 }
1331 }
1333 /* Get selected departments */
1334 if($this->dep_migration_dialog){
1335 foreach($this->deps_to_migrate as $id => $data){
1336 if(isset($_POST['migrate_'.$id])){
1337 $this->deps_to_migrate[$id]['checked'] = TRUE;
1338 }else{
1339 $this->deps_to_migrate[$id]['checked'] = FALSE;
1340 }
1341 }
1342 }
1344 /* Get selected users */
1345 if($this->users_migration_dialog){
1346 foreach($this->users_to_migrate as $id => $data){
1347 if(isset($_POST['migrate_'.$id])){
1348 $this->users_to_migrate[$id]['checked'] = TRUE;
1349 }else{
1350 $this->users_to_migrate[$id]['checked'] = FALSE;
1351 }
1352 }
1353 }
1354 }
1357 /* Check if the root object exists.
1358 * If the parameter just_check is true, then just check if the
1359 * root object is missing and update the info messages.
1360 * If the Parameter is false, try to create a new root object.
1361 */
1362 function checkBase($just_check = TRUE)
1363 {
1364 /* Get collected setup informations */
1365 $cv = $this->parent->captured_values;
1367 /* Establish ldap connection */
1368 $ldap = new LDAP($cv['admin'],
1369 $cv['password'],
1370 $cv['connection'],
1371 FALSE,
1372 $cv['tls']);
1374 /* Check if root object exists */
1375 $ldap->cd($cv['base']);
1376 $res = $ldap->search("(objectClass=*)");
1377 $err = ldap_errno($ldap->cid);
1379 if( !$res ||
1380 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1381 $err == 0x40) { # LDAP_NAMING_VIOLATION
1383 /* Root object doesn't exists
1384 */
1385 if($just_check){
1386 $this->checks['root']['STATUS'] = FALSE;
1387 $this->checks['root']['STATUS_MSG']= _("Failed");
1388 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1389 return(FALSE);
1390 }else{
1392 /* Add root object */
1393 $ldap->cd($cv['base']);
1394 $res = $ldap->create_missing_trees($cv['base']);
1396 /* If adding failed, tell the user */
1397 if(!$res){
1398 $this->checks['root']['STATUS'] = FALSE;
1399 $this->checks['root']['STATUS_MSG']= _("Failed");
1400 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
1401 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1402 return($res);;
1403 }
1404 }
1405 }
1407 /* Create & remove of dummy object was successful */
1408 $this->checks['root']['STATUS'] = TRUE;
1409 $this->checks['root']['STATUS_MSG']= _("Ok");
1410 }
1413 /* Return ldif information for a
1414 * given attribute array
1415 */
1416 function array_to_ldif($atts)
1417 {
1418 $ret = "";
1419 unset($atts['count']);
1420 unset($atts['dn']);
1421 foreach($atts as $name => $value){
1422 if(is_numeric($name)) {
1423 continue;
1424 }
1425 if(is_array($value)){
1426 unset($value['count']);
1427 foreach($value as $a_val){
1428 $ret .= $name.": ". $a_val."\n";
1429 }
1430 }else{
1431 $ret .= $name.": ". $value."\n";
1432 }
1433 }
1434 return(preg_replace("/\n$/","",$ret));
1435 }
1438 function get_user_list()
1439 {
1440 /* Get collected configuration settings */
1441 $cv = $this->parent->captured_values;
1443 /* Establish ldap connection */
1444 $ldap = new LDAP($cv['admin'],
1445 $cv['password'],
1446 $cv['connection'],
1447 FALSE,
1448 $cv['tls']);
1450 $ldap->cd($cv['base']);
1451 $ldap->search("(objectClass=gosaAccount)",array("dn"));
1453 $tmp = array();
1454 while($attrs = $ldap->fetch()){
1455 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1456 }
1457 return($tmp);
1458 }
1461 function get_all_people_ous()
1462 {
1463 /* Get collected configuration settings */
1464 $cv = $this->parent->captured_values;
1466 /* Establish ldap connection */
1467 $ldap = new LDAP($cv['admin'],
1468 $cv['password'],
1469 $cv['connection'],
1470 FALSE,
1471 $cv['tls']);
1473 $ldap->cd($cv['base']);
1474 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1476 if($ldap->count() == 0 ){
1477 $add_dn = $cv['peopleou'].",".$cv['base'];
1478 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1479 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1480 $add = array();
1481 $add['objectClass'] = array("organizationalUnit");
1482 $add[$naming_attr] = $naming_value;
1484 $ldap->cd($cv['base']);
1485 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1486 $ldap->cd($add_dn);
1487 $ldap->add($add);
1488 }
1490 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1491 $tmp = array();
1492 while($attrs= $ldap->fetch()){
1493 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1494 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1495 }
1496 }
1497 return($tmp);
1498 }
1500 function get_all_winstation_ous()
1501 {
1502 /* Get collected configuration settings */
1503 $cv = $this->parent->captured_values;
1505 /* Establish ldap connection */
1506 $ldap = new LDAP($cv['admin'],
1507 $cv['password'],
1508 $cv['connection'],
1509 FALSE,
1510 $cv['tls']);
1512 /* Get winstation ou */
1513 if($cv['generic_settings']['wws_ou_active']) {
1514 $winstation_ou = $cv['generic_settings']['ws_ou'];
1515 }else{
1516 $winstation_ou = "ou=winstations";
1517 }
1519 $ldap->cd($cv['base']);
1520 $ldap->search("(".$winstation_ou.")",array("dn"));
1522 if($ldap->count() == 0 ){
1523 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
1524 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1525 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1526 $add = array();
1527 $add['objectClass'] = array("organizationalUnit");
1528 $add[$naming_attr] = $naming_value;
1530 $ldap->cd($cv['base']);
1531 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1532 $ldap->cd($add_dn);
1533 $ldap->add($add);
1534 }
1536 $ldap->search("(".$winstation_ou.")",array("dn"));
1537 $tmp = array();
1538 while($attrs= $ldap->fetch()){
1539 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1540 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1541 }
1542 }
1543 return($tmp);
1544 }
1548 function get_all_group_ous()
1549 {
1550 /* Get collected configuration settings */
1551 $cv = $this->parent->captured_values;
1553 /* Establish ldap connection */
1554 $ldap = new LDAP($cv['admin'],
1555 $cv['password'],
1556 $cv['connection'],
1557 FALSE,
1558 $cv['tls']);
1560 $ldap->cd($cv['base']);
1561 $ldap->search("(".$cv['groupou'].")",array("dn"));
1563 if($ldap->count() == 0 ){
1564 $add_dn = $cv['groupou'].",".$cv['base'];
1565 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1566 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1567 $add = array();
1568 $add['objectClass'] = array("organizationalUnit");
1569 $add[$naming_attr] = $naming_value;
1571 $ldap->cd($cv['base']);
1572 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1573 $ldap->cd($add_dn);
1574 $ldap->add($add);
1575 }
1577 $ldap->search("(".$cv['groupou'].")",array("dn"));
1578 $tmp = array();
1579 while($attrs= $ldap->fetch()){
1580 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1581 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1582 }
1583 }
1584 return($tmp);
1585 }
1588 function get_group_list()
1589 {
1590 /* Get collected configuration settings */
1591 $cv = $this->parent->captured_values;
1593 /* Establish ldap connection */
1594 $ldap = new LDAP($cv['admin'],
1595 $cv['password'],
1596 $cv['connection'],
1597 FALSE,
1598 $cv['tls']);
1600 $ldap->cd($cv['base']);
1601 $ldap->search("(objectClass=posixGroup)",array("dn"));
1603 $tmp = array();
1604 while($attrs = $ldap->fetch()){
1605 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1606 }
1607 return($tmp);
1608 }
1611 function move($source,$destination)
1612 {
1613 /* Get collected configuration settings */
1614 $cv = $this->parent->captured_values;
1616 /* Establish ldap connection */
1617 $ldap = new LDAP($cv['admin'],
1618 $cv['password'],
1619 $cv['connection'],
1620 FALSE,
1621 $cv['tls']);
1623 /* Update object references in gosaGroupOfNames */
1624 $ogs_to_fix = array();
1625 $ldap->cd($cv['base']);
1626 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($source).'))', array('cn','member'));
1627 while ($attrs= $ldap->fetch()){
1628 $dn = $attrs['dn'];
1629 $attrs = $this->cleanup_array($attrs);
1630 $member_new = array($destination);
1631 foreach($attrs['member'] as $member){
1632 if($member != $source){
1633 $member_new[] = $member;
1634 }
1635 }
1636 $attrs['member'] = $member_new;
1637 $ogs_to_fix[$dn] = $attrs;
1638 }
1640 /* Copy source to destination dn */
1641 $ldap->cat($source);
1642 $new_data = $this->cleanup_array($ldap->fetch());
1643 $ldap->cd($destination);
1644 $res = $ldap->add($new_data);
1646 /* Display warning if copy failed */
1647 if(!$res){
1648 print_red(_("Failed to copy '%s' to '%s'. Ldap says '%s'."),$source,$destination,$ldap->get_error());
1649 }else{
1650 $res = $ldap->rmDir($source);
1651 show_ldap_error($ldap->get_error(),_("Something went wrong while copying dns."));
1653 /* Object is copied, so update its references */
1654 foreach($ogs_to_fix as $dn => $data){
1655 $ldap->cd($dn);
1656 $ldap->modify($data);
1657 }
1658 }
1659 }
1662 /* Cleanup ldap result to be able to write it be to ldap */
1663 function cleanup_array($attrs)
1664 {
1665 foreach($attrs as $key => $value) {
1666 if(is_numeric($key) || in_array($key,array("count","dn"))){
1667 unset($attrs[$key]);
1668 }
1669 if(is_array($value) && isset($value['count'])){
1670 unset($attrs[$key]['count']);
1671 }
1672 }
1673 return($attrs);
1674 }
1675 }
1677 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1678 ?>