1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/monitoring.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
62 var $show_details = FALSE;
64 /* Department migration attributes */
65 var $users_migration_dialog= FALSE;
66 var $users_to_migrate = array();
68 /* Create Acl attributes */
69 var $acl_create_dialog = FALSE;
70 var $acl_create_type = "group";
71 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
72 var $acl_create_changes = ""; // Contains ldif information about changes
73 var $acl_create_confirmed= FALSE;
75 /* Checks initialised ? */
76 var $checks_initialised = FALSE;
78 /* Users outside to people ou */
79 var $outside_users = array();
80 var $outside_users_dialog = FALSE;
82 /* Users outside to groups ou */
83 var $outside_groups = array();
84 var $outside_groups_dialog = FALSE;
86 /* Win-Workstations outside to reserved ou */
87 var $outside_winstations = array();
88 var $outside_winstations_dialog = FALSE;
90 /* check for multiple use of same uidNumber */
91 var $check_uidNumbers = array();
92 var $check_uidNumbers_dialog = FALSE;
94 /* check for multiple use of same gidNumber */
95 var $check_gidNumbers = array();
96 var $check_gidNumbers_dialog = FALSE;
99 function Step_Migrate()
100 {
101 $this->update_strings();
102 }
104 function update_strings()
105 {
106 $this->s_title = _("LDAP inspection");
107 $this->s_title_long = _("LDAP inspection");
108 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
109 }
111 function initialize_checks()
112 {
113 $this->checks = array();
114 $this->checks['root']['TITLE'] = _("Checking for root object");
115 $this->checks['root']['STATUS'] = FALSE;
116 $this->checks['root']['STATUS_MSG']= "";
117 $this->checks['root']['ERROR_MSG'] = "";
118 $this->checkBase();
120 $this->checks['permissions']['TITLE'] = _("Checking permissions on LDAP database");
121 $this->checks['permissions']['STATUS'] = FALSE;
122 $this->checks['permissions']['STATUS_MSG']= "";
123 $this->checks['permissions']['ERROR_MSG'] = "";
124 $this->check_ldap_permissions();
126 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible deparmtments");
127 $this->checks['deps_visible']['STATUS'] = FALSE;
128 $this->checks['deps_visible']['STATUS_MSG']= "";
129 $this->checks['deps_visible']['ERROR_MSG'] = "";
130 $this->check_organizationalUnits();
132 $this->checks['users_visible']['TITLE'] = _("Checking for invisible users");
133 $this->checks['users_visible']['STATUS'] = FALSE;
134 $this->checks['users_visible']['STATUS_MSG']= "";
135 $this->checks['users_visible']['ERROR_MSG'] = "";
136 $this->check_gosaAccounts();
138 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
139 $this->checks['acls']['STATUS'] = FALSE;
140 $this->checks['acls']['STATUS_MSG']= "";
141 $this->checks['acls']['ERROR_MSG'] = "";
142 $this->check_administrativeAccount();
144 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people department");
145 $this->checks['outside_users']['STATUS'] = FALSE;
146 $this->checks['outside_users']['STATUS_MSG']= "";
147 $this->checks['outside_users']['ERROR_MSG'] = "";
148 $this->search_outside_users();
150 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups department");
151 $this->checks['outside_groups']['STATUS'] = FALSE;
152 $this->checks['outside_groups']['STATUS_MSG']= "";
153 $this->checks['outside_groups']['ERROR_MSG'] = "";
154 $this->search_outside_groups();
156 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation department");
157 $this->checks['outside_winstations']['STATUS'] = FALSE;
158 $this->checks['outside_winstations']['STATUS_MSG']= "";
159 $this->checks['outside_winstations']['ERROR_MSG'] = "";
160 $this->search_outside_winstations();
162 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for multiple use of same uidNumber value");
163 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
164 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
165 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
166 $this->check_uidNumber();
168 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for multiple use of same gidNumber value");
169 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
170 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
171 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
172 $this->check_gidNumber();
173 }
176 /* Check if there are uidNumbers which are used more than once.
177 */
178 function check_uidNumber()
179 {
180 $cv = $this->parent->captured_values;
181 $ldap = new LDAP($cv['admin'],
182 $cv['password'],
183 $cv['connection'],
184 FALSE,
185 $cv['tls']);
187 $ldap->cd($cv['base']);
188 $res = $ldap->search("uidNumber=*",array("dn","uidNumber"));
189 if(!$res){
190 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
191 $this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
192 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
193 return(false);
194 }
196 $this->check_uidNumbers= array();
197 $tmp = array();
198 while($attrs = $ldap->fetch()){
199 $tmp[$attrs['uidNumber'][0]][] = $attrs;
200 }
202 foreach($tmp as $id => $entries){
203 if(count($entries) > 1){
204 foreach($entries as $entry){
205 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
206 }
207 }
208 }
210 if($this->check_uidNumbers){
211 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
212 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Failed");
213 $this->checks['uidNumber_usage']['ERROR_MSG'] =
214 sprintf(_("Found %s duplicated uidNumber values."),count($this->check_uidNumbers));
215 return(false);
216 }else{
217 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
218 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
219 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
220 return(TRUE);
221 }
222 }
225 /* Check if there are duplicated gidNumbers present in ldap
226 */
227 function check_gidNumber()
228 {
229 $cv = $this->parent->captured_values;
230 $ldap = new LDAP($cv['admin'],
231 $cv['password'],
232 $cv['connection'],
233 FALSE,
234 $cv['tls']);
236 $ldap->cd($cv['base']);
237 $res = $ldap->search("gidNumber=*",array("dn","gidNumber"));
238 if(!$res){
239 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
240 $this->checks['gidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
241 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
242 return(false);
243 }
245 $this->check_gidNumbers= array();
246 $tmp = array();
247 while($attrs = $ldap->fetch()){
248 $tmp[$attrs['gidNumber'][0]][] = $attrs;
249 }
251 foreach($tmp as $id => $entries){
252 if(count($entries) > 1){
253 foreach($entries as $entry){
254 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
255 }
256 }
257 }
259 if($this->check_gidNumbers){
260 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
261 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Failed");
262 $this->checks['gidNumber_usage']['ERROR_MSG'] =
263 sprintf(_("Found %s duplicated gidNumber values."),count($this->check_gidNumbers));
264 return(false);
265 }else{
266 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
267 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
268 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
269 return(TRUE);
270 }
271 }
274 /* Search for winstations outside the winstation ou
275 */
276 function search_outside_winstations()
277 {
278 $cv = $this->parent->captured_values;
279 $ldap = new LDAP($cv['admin'],
280 $cv['password'],
281 $cv['connection'],
282 FALSE,
283 $cv['tls']);
285 /* Get winstation ou */
286 if($cv['generic_settings']['wws_ou_active']) {
287 $winstation_ou = $cv['generic_settings']['ws_ou'];
288 }else{
289 $winstation_ou = "ou=winstations";
290 }
292 if($cv['samba_version'] == 3){
293 $oc = "sambaSamAccount";
294 }else{
295 $oc = "sambaAccount";
296 }
298 $ldap->cd($cv['base']);
299 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
300 if(!$res){
301 $this->checks['outside_winstations']['STATUS'] = FALSE;
302 $this->checks['outside_winstations']['STATUS_MSG']= _("LDAP query failed");
303 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
304 return(false);
305 }
307 $this->outside_winstations = array();
308 while($attrs = $ldap->fetch()){
309 if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
310 $attrs['selected'] = FALSE;
311 $attrs['ldif'] = "";
312 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
313 }
314 }
316 if(count($this->outside_winstations)){
317 $this->checks['outside_winstations']['STATUS'] = FALSE;
318 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
319 $this->checks['outside_winstations']['ERROR_MSG'] =
320 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
321 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."'>";
322 return(false);
323 }else{
324 $this->checks['outside_winstations']['STATUS'] = TRUE;
325 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
326 $this->checks['outside_winstations']['ERROR_MSG'] = "";
327 return(TRUE);
328 }
329 }
332 /* Search for groups outside the group ou
333 */
334 function search_outside_groups()
335 {
336 $cv = $this->parent->captured_values;
337 $ldap = new LDAP($cv['admin'],
338 $cv['password'],
339 $cv['connection'],
340 FALSE,
341 $cv['tls']);
343 $group_ou = $cv['groupou'];
344 $ldap->cd($cv['base']);
345 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
346 if(!$res){
347 $this->checks['outside_groups']['STATUS'] = FALSE;
348 $this->checks['outside_groups']['STATUS_MSG']= _("LDAP query failed");
349 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
350 return(false);
351 }
354 $this->outside_groups = array();
355 while($attrs = $ldap->fetch()){
356 if((!preg_match("/^[^,]+,".normalizePreg($group_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
357 $attrs['selected'] = FALSE;
358 $attrs['ldif'] = "";
359 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
360 }
361 }
363 if(count($this->outside_groups)){
364 $this->checks['outside_groups']['STATUS'] = FALSE;
365 $this->checks['outside_groups']['STATUS_MSG']= _("Failed");
366 $this->checks['outside_groups']['ERROR_MSG'] =
367 sprintf(_("Found %s groups outside the selected group ou '%s'."),count($this->outside_groups),$group_ou);
368 $this->checks['outside_groups']['ERROR_MSG'].= "<input type='submit' name='outside_groups_dialog' value='"._("Migrate")."'>";
369 return(false);
370 }else{
371 $this->checks['outside_groups']['STATUS'] = TRUE;
372 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
373 $this->checks['outside_groups']['ERROR_MSG'] = "";
374 return(TRUE);
375 }
376 }
379 /* Search for users outside the people ou
380 */
381 function search_outside_users()
382 {
383 $cv = $this->parent->captured_values;
384 $ldap = new LDAP($cv['admin'],
385 $cv['password'],
386 $cv['connection'],
387 FALSE,
388 $cv['tls']);
389 $people_ou = $cv['peopleou'];
390 $ldap->cd($cv['base']);
391 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
392 if(!$res){
393 $this->checks['outside_users']['STATUS'] = FALSE;
394 $this->checks['outside_users']['STATUS_MSG']= _("LDAP query failed");
395 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
396 return(false);
397 }
400 $this->outside_users = array();
401 while($attrs = $ldap->fetch()){
402 if((!preg_match("/^[^,]+,".normalizePreg($people_ou)."/",$attrs['dn']) && !preg_match("/,dc=addressbook,/",$attrs['dn']))){
403 $attrs['selected'] = FALSE;
404 $attrs['ldif'] = "";
405 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
406 }
407 }
409 if(count($this->outside_users)){
410 $this->checks['outside_users']['STATUS'] = FALSE;
411 $this->checks['outside_users']['STATUS_MSG']= _("Failed");
412 $this->checks['outside_users']['ERROR_MSG'] =
413 sprintf(_("Found %s user(s) outside the selected user ou '%s'."),count($this->outside_users),$people_ou);
414 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Migrate")."'>";
415 return(false);
416 }else{
417 $this->checks['outside_users']['STATUS'] = TRUE;
418 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
419 $this->checks['outside_users']['ERROR_MSG'] = "";
420 return(TRUE);
421 }
422 }
425 /* Check ldap accessibility
426 * Create and remove a dummy object,
427 * to ensure that we have the necessary permissions
428 */
429 function check_ldap_permissions()
430 {
431 $cv = $this->parent->captured_values;
432 $ldap = new LDAP($cv['admin'],
433 $cv['password'],
434 $cv['connection'],
435 FALSE,
436 $cv['tls']);
438 /* Create dummy entry
439 */
440 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
441 $dn = "ou=".$name.",".$cv['base'];
442 $testEntry= array();
443 $testEntry['objectClass'][]= "top";
444 $testEntry['objectClass'][]= "organizationalUnit";
445 $testEntry['objectClass'][]= "gosaDepartment";
446 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
447 $testEntry['ou'] = $name;
449 /* check if simple ldap cat will be successful
450 */
451 $res = $ldap->cat($cv['base']);
452 if(!$res){
453 $this->checks['permissions']['STATUS'] = FALSE;
454 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
455 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
456 return(false);
457 }
459 /* Try to create dummy object
460 */
461 $ldap->cd ($dn);
462 $ldap->create_missing_trees($dn);
463 $res = $ldap->add($testEntry);
464 $ldap->cat($dn);
465 if(!$ldap->count()){
466 gosa_log($ldap->get_error());
467 $this->checks['permissions']['STATUS'] = FALSE;
468 $this->checks['permissions']['STATUS_MSG']= _("Failed");
469 $this->checks['permissions']['ERROR_MSG'] =
470 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
471 return(false);
472 }
474 /* Try to remove created entry
475 */
476 $res = $ldap->rmDir($dn);
477 $ldap->cat($dn);
478 if($ldap->count()){
479 gosa_log($ldap->get_error());
480 $this->checks['permissions']['STATUS'] = FALSE;
481 $this->checks['permissions']['STATUS_MSG']= _("Failed");
482 $this->checks['permissions']['ERROR_MSG'] =
483 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
484 return(false);
485 }
487 /* Create & remove of dummy object was successful */
488 $this->checks['permissions']['STATUS'] = TRUE;
489 $this->checks['permissions']['STATUS_MSG']= _("Ok");
490 $this->checks['permissions']['ERROR_MSG'] = "";
491 return(true);
492 }
495 /* Check if there are users which will
496 * be invisible for GOsa
497 */
498 function check_gosaAccounts()
499 {
500 /* Remember old list of ivisible users, to be able to set
501 * the 'html checked' status for the checkboxes again
502 */
503 $cnt_ok = 0;
504 $old = $this->users_to_migrate;
505 $this->users_to_migrate = array();
507 /* Get collected configuration settings */
508 $cv = $this->parent->captured_values;
510 /* Establish ldap connection */
511 $ldap = new LDAP($cv['admin'],
512 $cv['password'],
513 $cv['connection'],
514 FALSE,
515 $cv['tls']);
517 /* Get all invisible users
518 */
519 $ldap->cd($cv['base']);
520 $res =$ldap->search("(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=organizationalPerson))(!(objectClass=gosaAccount)))",array("sn","givenName","cn","uid"));
521 while($attrs = $ldap->fetch()){
522 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
523 $attrs['checked'] = FALSE;
524 $attrs['before'] = "";
525 $attrs['after'] = "";
527 /* Set objects to selected, that were selected before reload */
528 if(isset($old[base64_encode($attrs['dn'])])){
529 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
530 }
531 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
532 }
533 }
535 /* No invisible */
536 if(!$res){
537 $this->checks['users_visible']['STATUS'] = FALSE;
538 $this->checks['users_visible']['STATUS_MSG']= _("LDAP query failed");
539 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
540 }elseif(count($this->users_to_migrate) == 0){
541 $this->checks['users_visible']['STATUS'] = TRUE;
542 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
543 $this->checks['users_visible']['ERROR_MSG'] = "";
544 }else{
545 $this->checks['users_visible']['STATUS'] = FALSE;
546 $this->checks['users_visible']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
547 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s user(s) that will not be visible in GOsa."),
548 count($this->users_to_migrate));
549 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."'>";
550 }
551 }
554 /* Start user account migration
555 */
556 function migrate_gosaAccounts($only_ldif = FALSE)
557 {
558 /* Get collected configuration settings */
559 $cv = $this->parent->captured_values;
561 /* Establish ldap connection */
562 $ldap = new LDAP($cv['admin'],
563 $cv['password'],
564 $cv['connection'],
565 FALSE,
566 $cv['tls']);
568 /* Add gosaAccount objectClass to the selected users
569 */
570 foreach($this->users_to_migrate as $key => $dep){
571 if($dep['checked']){
573 /* Get old objectClasses */
574 $ldap->cat($dep['dn'],array("objectClass"));
575 $attrs = $ldap->fetch();
577 /* Create new objectClass array */
578 $new_attrs = array();
579 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
580 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
581 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
582 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
583 }
584 }
586 /* Set info attributes for current object,
587 * or write changes to the ldap database
588 */
589 if($only_ldif){
590 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
591 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
592 }else{
593 $ldap->cd($attrs['dn']);
594 if(!$ldap->modify($new_attrs)){
595 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
596 return(false);
597 }
598 }
599 }
600 }
601 return(TRUE);
602 }
605 /* Check if there are invisible organizational Units
606 */
607 function check_organizationalUnits()
608 {
609 $cnt_ok = 0;
610 $old = $this->deps_to_migrate;
611 $this->deps_to_migrate = array();
613 /* Get collected configuration settings */
614 $cv = $this->parent->captured_values;
616 /* Establish ldap connection */
617 $ldap = new LDAP($cv['admin'],
618 $cv['password'],
619 $cv['connection'],
620 FALSE,
621 $cv['tls']);
623 /* Skip GOsa internal departments */
624 $skip_dns = array("/^ou=people,/","/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
625 "/^ou=apps,/","/^ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
626 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
627 "/(,|)ou=winstations,/");
630 /* Get all invisible departments */
631 $ldap->cd($cv['base']);
632 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
633 while($attrs = $ldap->fetch()){
634 $attrs['checked'] = FALSE;
635 $attrs['before'] = "";
636 $attrs['after'] = "";
638 /* Set objects to selected, that were selected before reload */
639 if(isset($old[base64_encode($attrs['dn'])])){
640 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
641 }
642 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
643 }
645 /* Filter returned list of departments and ensure that
646 * GOsa internal departments will not be listed
647 */
648 foreach($this->deps_to_migrate as $key => $attrs){
649 $dn = $attrs['dn'];
650 $skip = false;
651 foreach($skip_dns as $skip_dn){
652 if(preg_match($skip_dn,$dn)){
653 $skip = true;
654 }
655 }
656 if($skip){
657 unset($this->deps_to_migrate[$key]);
658 }
659 }
661 /* If we have no invisible departments found
662 * tell the user that everything is ok
663 */
664 if(!$res){
665 $this->checks['deps_visible']['STATUS'] = FALSE;
666 $this->checks['deps_visible']['STATUS_MSG']= _("LDAP query failed");
667 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
668 }elseif(count($this->deps_to_migrate) == 0 ){
669 $this->checks['deps_visible']['STATUS'] = TRUE;
670 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
671 $this->checks['deps_visible']['ERROR_MSG'] = "";
672 }else{
673 $this->checks['deps_visible']['STATUS'] = TRUE;
674 $this->checks['deps_visible']['STATUS_MSG']= '<font style="color:#FFA500">'._("Warning").'</font>';
675 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s department(s) that will not be visible in GOsa."),count($this->deps_to_migrate));
676 $this->checks['deps_visible']['ERROR_MSG'] .= "<input type='submit' name='deps_visible_migrate' value='"._("Migrate")."'>";
677 }
678 }
682 /* Start deparmtment migration */
683 function migrate_organizationalUnits($only_ldif = FALSE)
684 {
685 /* Get collected configuration settings */
686 $cv = $this->parent->captured_values;
688 /* Establish ldap connection */
689 $ldap = new LDAP($cv['admin'],
690 $cv['password'],
691 $cv['connection'],
692 FALSE,
693 $cv['tls']);
695 /* Add gosaDepartment objectClass to each selected entry
696 */
697 foreach($this->deps_to_migrate as $key => $dep){
698 if($dep['checked']){
700 /* Get current objectClasses */
701 $ldap->cat($dep['dn'],array("objectClass","description"));
702 $attrs = $ldap->fetch();
704 /* Create new objectClass attribute including gosaDepartment*/
705 $new_attrs = array();
706 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
707 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
708 }
709 $new_attrs['objectClass'][] = "gosaDepartment";
711 /* Append description it is missing */
712 if(!isset($attrs['description'])){
713 $new_attrs['description'][] = "GOsa department";
714 }
716 /* Depending on the parameter >only_diff< we save the changes as ldif
717 * or we write our changes directly to the ldap database
718 */
719 if($only_ldif){
720 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
721 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
722 }else{
723 $ldap->cd($attrs['dn']);
724 if(!$ldap->modify($new_attrs)){
725 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
726 return(false);
727 }
728 }
729 }
730 }
731 return(TRUE);
732 }
735 /* Check Acls if there is at least one object with acls defined
736 */
737 function check_administrativeAccount()
738 {
739 /* Establish ldap connection */
740 $cv = $this->parent->captured_values;
741 $ldap = new LDAP($cv['admin'],
742 $cv['password'],
743 $cv['connection'],
744 FALSE,
745 $cv['tls']);
747 /* Search for gosaAcls */
748 $ldap->cd($cv['base']);
749 $res = $ldap->search("(&(objectClass=gosaAccount)(|(objectClass=posixAccount)".
750 "(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))");
751 if(!$res){
752 $this->checks['acls']['STATUS'] = FALSE;
753 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
754 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
755 }elseif($ldap->count()){
756 $this->checks['acls']['STATUS'] = TRUE;
757 $this->checks['acls']['STATUS_MSG']= _("Ok");
758 $this->checks['acls']['ERROR_MSG'] = "";
759 }else{
760 $this->checks['acls']['STATUS'] = FALSE;
761 $this->checks['acls']['STATUS_MSG']= _("Failed");
762 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
763 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
764 }
765 return($ldap->count()>=1);
766 }
770 function create_admin($only_ldif = FALSE)
771 {
772 /* Reset '' */
773 $this->acl_create_changes="";
775 /* Object that should receive admin acls */
776 $dn = $this->acl_create_selected;
778 /* Get collected configuration settings */
779 $cv = $this->parent->captured_values;
781 /* Establish ldap connection */
782 $ldap = new LDAP($cv['admin'],
783 $cv['password'],
784 $cv['connection'],
785 FALSE,
786 $cv['tls']);
788 /* Get current base attributes */
789 $ldap->cd($cv['base']);
790 $ldap->cat($cv['base'],array("dn","objectClass","gosaAclEntry"));
791 $attrs = $ldap->fetch();
793 /* Add acls for the selcted user to the base */
794 $attrs_new['objectClass'] = array("gosaACL");
796 for($i = 0; $i < $attrs['objectClass']['count']; $i ++){
797 if(!in_array_ics($attrs['objectClass'][$i],$attrs_new['objectClass'])){
798 $attrs_new['objectClass'][] = $attrs['objectClass'][$i];
799 }
800 }
802 $acl = "0:psub:".base64_encode($dn).":all;cmdrw";
803 $attrs_new['gosaAclEntry'][] = $acl;
804 if(isset($attrs['gosaAclEntry'])){
805 for($i = 0 ; $i < $attrs['gosaAclEntry']['count']; $i ++){
807 $prio = preg_replace("/[:].*$/","",$attrs['gosaAclEntry'][$i]);
808 $rest = preg_replace("/^[^:]/","",$attrs['gosaAclEntry'][$i]);
810 $data = ($prio+1).$rest;
811 $attrs_new['gosaAclEntry'][] = $data;
812 }
813 }
815 if($only_ldif){
816 $this->acl_create_changes ="\n".$cv['base']."\n";
817 $this->acl_create_changes.=$this->array_to_ldif($attrs)."\n";
818 $this->acl_create_changes.="\n".$cv['base']."\n";
819 $this->acl_create_changes.=$this->array_to_ldif($attrs_new);
820 }else{
822 $ldap->cd($cv['base']);
823 if(!$ldap->modify($attrs_new)){
824 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
825 }
826 }
827 }
830 function create_admin_user()
831 {
832 $pw1 = $pw2 = "";
834 if(isset($_POST['new_user_password'])){
835 $pw1 = $_POST['new_user_password'];
836 }
837 if(isset($_POST['new_user_password2'])){
838 $pw2 = $_POST['new_user_password2'];
839 }
841 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
842 print_red(_("Specified passwords are empty or not equal."));
843 return false;
844 }
846 /* Establish ldap connection */
847 $cv = $this->parent->captured_values;
848 $ldap = new LDAP($cv['admin'],
849 $cv['password'],
850 $cv['connection'],
851 FALSE,
852 $cv['tls']);
854 /* Get current base attributes */
855 $ldap->cd($cv['base']);
857 if($cv['peopledn'] == "cn"){
858 $dn = "cn=System Administrator,".$cv['peopleou'].",".$cv['base'];
859 }else{
860 $dn = "uid=admin,".$cv['peopleou'].",".$cv['base'];
861 }
863 $methods = @passwordMethod::get_available_methods_if_not_loaded();
864 $p_m = $methods[$cv['encryption']];
865 $p_c = new $p_m(array());
866 $hash = $p_c->generate_hash($pw2);
868 $new_user=array();
869 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
870 $new_user['givenName'] = "System";
871 $new_user['sn'] = "Administrator";
872 $new_user['cn'] = "System Administrator";
873 $new_user['uid'] = "admin";
874 $new_user['userPassword'] = $hash;
876 $ldap->cd($cv['base']);
877 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
878 $ldap->cd($dn);
879 $res = $ldap->add($new_user);
880 $this->acl_create_selected = $dn;
881 $this->create_admin();
883 if(!$res){
884 print_red($ldap->get_error());
885 return(FALSE);
886 }
888 $this->acl_create_dialog=FALSE;
889 $this->check_administrativeAccount();
890 return(TRUE);
891 }
894 function migrate_outside_winstations($perform = FALSE)
895 {
896 /* Establish ldap connection */
897 $cv = $this->parent->captured_values;
898 $ldap = new LDAP($cv['admin'],
899 $cv['password'],
900 $cv['connection'],
901 FALSE,
902 $cv['tls']);
904 $ldap->cd($cv['base']);
906 /* Check if there was a destination department posted */
907 if(isset($_POST['move_winstation_to'])){
908 $destination_dep = $_POST['move_winstation_to'];
909 }else{
910 print_red(_("Couldn't move users to specified department."));
911 return(false);
912 }
914 foreach($this->outside_winstations as $b_dn => $data){
915 $this->outside_winstations[$b_dn]['ldif'] ="";
916 if($data['selected']){
917 $dn = base64_decode($b_dn);
918 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
919 if(!$perform){
920 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
923 /* Check if there are references to this object */
924 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
925 $refs = "";
926 while($attrs = $ldap->fetch()){
927 $ref_dn = $attrs['dn'];
928 $refs .= "<br />\t".$ref_dn;
929 }
930 if(!empty($refs)){
931 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
932 }
934 }else{
935 $this->move($dn,$d_dn);
936 }
937 }
938 }
939 }
942 function migrate_outside_groups($perform = FALSE)
943 {
944 /* Establish ldap connection */
945 $cv = $this->parent->captured_values;
946 $ldap = new LDAP($cv['admin'],
947 $cv['password'],
948 $cv['connection'],
949 FALSE,
950 $cv['tls']);
952 $ldap->cd($cv['base']);
954 /* Check if there was a destination department posted */
955 if(isset($_POST['move_group_to'])){
956 $destination_dep = $_POST['move_group_to'];
957 }else{
958 print_red(_("Couldn't move users to specified department."));
959 return(false);
960 }
962 foreach($this->outside_groups as $b_dn => $data){
963 $this->outside_groups[$b_dn]['ldif'] ="";
964 if($data['selected']){
965 $dn = base64_decode($b_dn);
966 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
967 if(!$perform){
968 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
971 /* Check if there are references to this object */
972 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
973 $refs = "";
974 while($attrs = $ldap->fetch()){
975 $ref_dn = $attrs['dn'];
976 $refs .= "<br />\t".$ref_dn;
977 }
978 if(!empty($refs)){
979 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
980 }
982 }else{
983 $this->move($dn,$d_dn);
984 }
985 }
986 }
987 }
990 function migrate_outside_users($perform = FALSE)
991 {
992 /* Establish ldap connection */
993 $cv = $this->parent->captured_values;
994 $ldap = new LDAP($cv['admin'],
995 $cv['password'],
996 $cv['connection'],
997 FALSE,
998 $cv['tls']);
1000 $ldap->cd($cv['base']);
1002 /* Check if there was a destination department posted */
1003 if(isset($_POST['move_user_to'])){
1004 $destination_dep = $_POST['move_user_to'];
1005 }else{
1006 print_red(_("Couldn't move users to specified department."));
1007 return(false);
1008 }
1010 foreach($this->outside_users as $b_dn => $data){
1011 $this->outside_users[$b_dn]['ldif'] ="";
1012 if($data['selected']){
1013 $dn = base64_decode($b_dn);
1014 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1015 if(!$perform){
1016 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1018 /* Check if there are references to this object */
1019 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1020 $refs = "";
1021 while($attrs = $ldap->fetch()){
1022 $ref_dn = $attrs['dn'];
1023 $refs .= "<br />\t".$ref_dn;
1024 }
1025 if(!empty($refs)){
1026 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1027 }
1029 }else{
1030 $this->move($dn,$d_dn);
1031 }
1032 }
1033 }
1034 }
1037 function execute()
1038 {
1039 /* Initialise checks if this is the first call */
1040 if(!$this->checks_initialised || isset($_POST['reload'])){
1041 $this->initialize_checks();
1042 $this->checks_initialised = TRUE;
1043 }
1045 /*************
1046 * Winstations outside the group ou
1047 *************/
1049 if(isset($_POST['outside_winstations_dialog_cancel'])){
1050 $this->outside_winstations_dialog = FALSE;
1051 $this->dialog = FALSE;
1052 }
1054 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1055 $this->migrate_outside_winstations(FALSE);
1056 }
1058 if(isset($_POST['outside_winstations_dialog_perform'])){
1059 $this->migrate_outside_winstations(TRUE);
1060 $this->search_outside_winstations();
1061 }
1063 if(isset($_POST['outside_winstations_dialog'])){
1064 $this->outside_winstations_dialog = TRUE;
1065 $this->dialog = TRUE;
1066 }
1068 if($this->outside_winstations_dialog){
1069 $smarty = get_smarty();
1070 $smarty->assign("ous",$this->get_all_winstation_ous());
1071 $smarty->assign("method","outside_winstations");
1072 $smarty->assign("outside_winstations",$this->outside_winstations);
1073 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1074 }
1075 /*************
1076 * Groups outside the group ou
1077 *************/
1079 if(isset($_POST['outside_groups_dialog_cancel'])){
1080 $this->outside_groups_dialog = FALSE;
1081 $this->dialog = FALSE;
1082 }
1084 if(isset($_POST['outside_groups_dialog_whats_done'])){
1085 $this->migrate_outside_groups(FALSE);
1086 }
1088 if(isset($_POST['outside_groups_dialog_perform'])){
1089 $this->migrate_outside_groups(TRUE);
1090 $this->search_outside_groups();
1091 }
1093 if(isset($_POST['outside_groups_dialog'])){
1094 $this->outside_groups_dialog = TRUE;
1095 $this->dialog = TRUE;
1096 }
1098 if($this->outside_groups_dialog){
1099 $smarty = get_smarty();
1100 $smarty->assign("ous",$this->get_all_group_ous());
1101 $smarty->assign("method","outside_groups");
1102 $smarty->assign("outside_groups",$this->outside_groups);
1103 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1104 }
1106 /*************
1107 * User outside the people ou
1108 *************/
1110 if(isset($_POST['outside_users_dialog_cancel'])){
1111 $this->outside_users_dialog = FALSE;
1112 $this->dialog = FALSE;
1113 }
1115 if(isset($_POST['outside_users_dialog_whats_done'])){
1116 $this->migrate_outside_users(FALSE);
1117 }
1119 if(isset($_POST['outside_users_dialog_perform'])){
1120 $this->migrate_outside_users(TRUE);
1121 $this->search_outside_users();
1122 }
1124 if(isset($_POST['outside_users_dialog'])){
1125 $this->outside_users_dialog = TRUE;
1126 $this->dialog = TRUE;
1127 }
1129 if($this->outside_users_dialog){
1130 $smarty = get_smarty();
1131 $smarty->assign("ous",$this->get_all_people_ous());
1132 $smarty->assign("method","outside_users");
1133 $smarty->assign("outside_users",$this->outside_users);
1134 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1135 }
1137 /*************
1138 * Root object check
1139 *************/
1141 if(isset($_POST['retry_root_create'])){
1143 $state = $this->checks['root']['STATUS'];
1144 $this->checkBase(FALSE);
1145 if($state != $this->checks['root']['STATUS']){
1146 $this->initialize_checks();
1147 }
1148 }
1150 /*************
1151 * User Migration handling
1152 *************/
1154 if(isset($_POST['retry_acls'])){
1155 $this->check_administrativeAccount();
1156 }
1158 if(isset($_POST['create_acls'])){
1159 $this->acl_create_dialog = TRUE;
1160 $this->dialog = TRUE;
1161 }
1163 if(isset($_POST['create_acls_cancel'])){
1164 $this->acl_create_dialog = FALSE;
1165 $this->dialog = FALSE;
1166 }
1168 if(isset($_POST['create_acls_create_confirmed'])){
1169 $this->create_admin();
1170 }
1172 if(isset($_POST['create_acls_create'])){
1173 $this->create_admin(TRUE);
1174 }
1176 if(isset($_POST['create_admin_user'])){
1177 if($this->create_admin_user()){
1178 $this->dialog = FALSE;
1179 }
1180 }
1182 if($this->acl_create_dialog){
1183 $smarty = get_smarty();
1184 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1185 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1186 $smarty->assign("users" ,$this->get_user_list());
1187 $smarty->assign("users_cnt" ,count($this->get_user_list()));
1188 $smarty->assign("groups",$this->get_group_list());
1189 $smarty->assign("groups_cnt",count($this->get_group_list()));
1190 $smarty->assign("type" ,$this->acl_create_type);
1191 $smarty->assign("method","create_acls");
1192 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1193 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1194 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1195 }
1197 /*************
1198 * User Migration handling
1199 *************/
1201 /* Refresh list of deparments */
1202 if(isset($_POST['users_visible_migrate_refresh'])){
1203 $this->check_gosaAccounts();
1204 }
1206 /* Open migration dialog */
1207 if(isset($_POST['users_visible_migrate'])){
1208 $this->users_migration_dialog = TRUE;
1209 $this->dialog =TRUE;
1210 }
1212 /* Close migration dialog */
1213 if(isset($_POST['users_visible_migrate_close'])){
1214 $this->users_migration_dialog = FALSE;
1215 $this->dialog =FALSE;
1216 }
1218 /* Start migration */
1219 if(isset($_POST['users_visible_migrate_migrate'])){
1220 if($this->migrate_gosaAccounts()){
1221 $this->check_gosaAccounts();
1222 }
1223 }
1225 /* Start migration */
1226 if(isset($_POST['users_visible_migrate_whatsdone'])){
1227 $this->migrate_gosaAccounts(TRUE);
1228 }
1230 /* Display migration dialog */
1231 if($this->users_migration_dialog){
1232 $smarty = get_smarty();
1233 $smarty->assign("users_to_migrate",$this->users_to_migrate);
1234 $smarty->assign("method","migrate_users");
1235 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1236 }
1239 /*************
1240 * Department Migration handling
1241 *************/
1243 /* Refresh list of deparments */
1244 if(isset($_POST['deps_visible_migrate_refresh'])){
1245 $this->show_details= false;
1246 $this->check_organizationalUnits();
1247 }
1249 /* Open migration dialog */
1250 if(isset($_POST['deps_visible_migrate'])){
1251 $this->dep_migration_dialog = TRUE;
1252 $this->dialog =TRUE;
1253 }
1255 /* Close migration dialog */
1256 if(isset($_POST['deps_visible_migrate_close'])){
1257 $this->dep_migration_dialog = FALSE;
1258 $this->dialog =FALSE;
1259 }
1261 /* Start migration */
1262 if(isset($_POST['deps_visible_migrate_migrate'])){
1263 if($this->migrate_organizationalUnits()){
1264 $this->check_organizationalUnits();
1265 }
1266 }
1268 /* Start migration */
1269 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1270 $this->show_details= TRUE;
1271 $this->migrate_organizationalUnits(TRUE);
1272 }
1274 /* Display migration dialog */
1275 if($this->dep_migration_dialog){
1276 $smarty = get_smarty();
1277 $smarty->assign("deps_to_migrate",$this->deps_to_migrate);
1278 $smarty->assign("method","migrate_deps");
1279 $smarty->assign("deps_details", $this->show_details);
1280 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1281 }
1283 $smarty = get_smarty();
1284 $smarty->assign("checks",$this->checks);
1285 $smarty->assign("method","default");
1286 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1287 }
1290 function save_object()
1291 {
1292 $this->is_completed= TRUE;
1294 /* Capture all selected winstations from outside_winstations_dialog */
1295 if($this->outside_winstations_dialog){
1296 foreach($this->outside_winstations as $dn => $data){
1297 if(isset($_POST['select_winstation_'.$dn])){
1298 $this->outside_winstations[$dn]['selected'] = TRUE;
1299 }else{
1300 $this->outside_winstations[$dn]['selected'] = FALSE;
1301 }
1302 }
1303 }
1305 /* Capture all selected groups from outside_groups_dialog */
1306 if($this->outside_groups_dialog){
1307 foreach($this->outside_groups as $dn => $data){
1308 if(isset($_POST['select_group_'.$dn])){
1309 $this->outside_groups[$dn]['selected'] = TRUE;
1310 }else{
1311 $this->outside_groups[$dn]['selected'] = FALSE;
1312 }
1313 }
1314 }
1316 /* Capture all selected users from outside_users_dialog */
1317 if($this->outside_users_dialog){
1318 foreach($this->outside_users as $dn => $data){
1319 if(isset($_POST['select_user_'.$dn])){
1320 $this->outside_users[$dn]['selected'] = TRUE;
1321 }else{
1322 $this->outside_users[$dn]['selected'] = FALSE;
1323 }
1324 }
1325 }
1327 /* Get "create acl" dialog posts */
1328 if($this->acl_create_dialog){
1329 if(isset($_POST['create_acls_create'])){
1330 if(isset($_POST['create_acls_selected'])){
1331 $this->acl_create_selected = base64_decode($_POST['create_acls_selected']);
1332 }else{
1333 $this->acl_create_selected = "";
1334 }
1335 }
1337 if(isset($_POST['create_acls_create_abort'])){
1338 $this->acl_create_selected = "";
1339 }
1341 if(isset($_POST['acl_create_type'])){
1342 $this->acl_create_type = $_POST['acl_create_type'];
1343 }
1344 }
1346 /* Get selected departments */
1347 if($this->dep_migration_dialog){
1348 foreach($this->deps_to_migrate as $id => $data){
1349 if(isset($_POST['migrate_'.$id])){
1350 $this->deps_to_migrate[$id]['checked'] = TRUE;
1351 }else{
1352 $this->deps_to_migrate[$id]['checked'] = FALSE;
1353 }
1354 }
1355 }
1357 /* Get selected users */
1358 if($this->users_migration_dialog){
1359 foreach($this->users_to_migrate as $id => $data){
1360 if(isset($_POST['migrate_'.$id])){
1361 $this->users_to_migrate[$id]['checked'] = TRUE;
1362 }else{
1363 $this->users_to_migrate[$id]['checked'] = FALSE;
1364 }
1365 }
1366 }
1367 }
1370 /* Check if the root object exists.
1371 * If the parameter just_check is true, then just check if the
1372 * root object is missing and update the info messages.
1373 * If the Parameter is false, try to create a new root object.
1374 */
1375 function checkBase($just_check = TRUE)
1376 {
1377 /* Get collected setup informations */
1378 $cv = $this->parent->captured_values;
1380 /* Establish ldap connection */
1381 $ldap = new LDAP($cv['admin'],
1382 $cv['password'],
1383 $cv['connection'],
1384 FALSE,
1385 $cv['tls']);
1387 /* Check if root object exists */
1388 $ldap->cd($cv['base']);
1389 $res = $ldap->search("(objectClass=*)");
1390 $err = ldap_errno($ldap->cid);
1392 if( !$res ||
1393 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1394 $err == 0x40) { # LDAP_NAMING_VIOLATION
1396 /* Root object doesn't exists
1397 */
1398 if($just_check){
1399 $this->checks['root']['STATUS'] = FALSE;
1400 $this->checks['root']['STATUS_MSG']= _("Failed");
1401 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
1402 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1403 return(FALSE);
1404 }else{
1406 /* Add root object */
1407 $ldap->cd($cv['base']);
1408 $res = $ldap->create_missing_trees($cv['base']);
1410 /* If adding failed, tell the user */
1411 if(!$res){
1412 $this->checks['root']['STATUS'] = FALSE;
1413 $this->checks['root']['STATUS_MSG']= _("Failed");
1414 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
1415 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1416 return($res);;
1417 }
1418 }
1419 }
1421 /* Create & remove of dummy object was successful */
1422 $this->checks['root']['STATUS'] = TRUE;
1423 $this->checks['root']['STATUS_MSG']= _("Ok");
1424 }
1427 /* Return ldif information for a
1428 * given attribute array
1429 */
1430 function array_to_ldif($atts)
1431 {
1432 $ret = "";
1433 unset($atts['count']);
1434 unset($atts['dn']);
1435 foreach($atts as $name => $value){
1436 if(is_numeric($name)) {
1437 continue;
1438 }
1439 if(is_array($value)){
1440 unset($value['count']);
1441 foreach($value as $a_val){
1442 $ret .= $name.": ". $a_val."\n";
1443 }
1444 }else{
1445 $ret .= $name.": ". $value."\n";
1446 }
1447 }
1448 return(preg_replace("/\n$/","",$ret));
1449 }
1452 function get_user_list()
1453 {
1454 /* Get collected configuration settings */
1455 $cv = $this->parent->captured_values;
1457 /* Establish ldap connection */
1458 $ldap = new LDAP($cv['admin'],
1459 $cv['password'],
1460 $cv['connection'],
1461 FALSE,
1462 $cv['tls']);
1464 $ldap->cd($cv['base']);
1465 $ldap->search("(objectClass=gosaAccount)",array("dn"));
1467 $tmp = array();
1468 while($attrs = $ldap->fetch()){
1469 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1470 }
1471 return($tmp);
1472 }
1475 function get_all_people_ous()
1476 {
1477 /* Get collected configuration settings */
1478 $cv = $this->parent->captured_values;
1480 /* Establish ldap connection */
1481 $ldap = new LDAP($cv['admin'],
1482 $cv['password'],
1483 $cv['connection'],
1484 FALSE,
1485 $cv['tls']);
1487 $ldap->cd($cv['base']);
1488 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1490 if($ldap->count() == 0 ){
1491 $add_dn = $cv['peopleou'].",".$cv['base'];
1492 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1493 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1494 $add = array();
1495 $add['objectClass'] = array("organizationalUnit");
1496 $add[$naming_attr] = $naming_value;
1498 $ldap->cd($cv['base']);
1499 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1500 $ldap->cd($add_dn);
1501 $ldap->add($add);
1502 }
1504 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1505 $tmp = array();
1506 while($attrs= $ldap->fetch()){
1507 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1508 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1509 }
1510 }
1511 return($tmp);
1512 }
1514 function get_all_winstation_ous()
1515 {
1516 /* Get collected configuration settings */
1517 $cv = $this->parent->captured_values;
1519 /* Establish ldap connection */
1520 $ldap = new LDAP($cv['admin'],
1521 $cv['password'],
1522 $cv['connection'],
1523 FALSE,
1524 $cv['tls']);
1526 /* Get winstation ou */
1527 if($cv['generic_settings']['wws_ou_active']) {
1528 $winstation_ou = $cv['generic_settings']['ws_ou'];
1529 }else{
1530 $winstation_ou = "ou=winstations";
1531 }
1533 $ldap->cd($cv['base']);
1534 $ldap->search("(".$winstation_ou.")",array("dn"));
1536 if($ldap->count() == 0 ){
1537 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
1538 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1539 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1540 $add = array();
1541 $add['objectClass'] = array("organizationalUnit");
1542 $add[$naming_attr] = $naming_value;
1544 $ldap->cd($cv['base']);
1545 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1546 $ldap->cd($add_dn);
1547 $ldap->add($add);
1548 }
1550 $ldap->search("(".$winstation_ou.")",array("dn"));
1551 $tmp = array();
1552 while($attrs= $ldap->fetch()){
1553 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1554 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1555 }
1556 }
1557 return($tmp);
1558 }
1561 function get_all_group_ous()
1562 {
1563 /* Get collected configuration settings */
1564 $cv = $this->parent->captured_values;
1566 /* Establish ldap connection */
1567 $ldap = new LDAP($cv['admin'],
1568 $cv['password'],
1569 $cv['connection'],
1570 FALSE,
1571 $cv['tls']);
1573 $ldap->cd($cv['base']);
1574 $ldap->search("(".$cv['groupou'].")",array("dn"));
1576 if($ldap->count() == 0 ){
1577 $add_dn = $cv['groupou'].",".$cv['base'];
1578 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1579 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1580 $add = array();
1581 $add['objectClass'] = array("organizationalUnit");
1582 $add[$naming_attr] = $naming_value;
1584 $ldap->cd($cv['base']);
1585 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1586 $ldap->cd($add_dn);
1587 $ldap->add($add);
1588 }
1590 $ldap->search("(".$cv['groupou'].")",array("dn"));
1591 $tmp = array();
1592 while($attrs= $ldap->fetch()){
1593 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1594 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1595 }
1596 }
1597 return($tmp);
1598 }
1601 function get_group_list()
1602 {
1603 /* Get collected configuration settings */
1604 $cv = $this->parent->captured_values;
1606 /* Establish ldap connection */
1607 $ldap = new LDAP($cv['admin'],
1608 $cv['password'],
1609 $cv['connection'],
1610 FALSE,
1611 $cv['tls']);
1613 $ldap->cd($cv['base']);
1614 $ldap->search("(objectClass=posixGroup)",array("dn"));
1616 $tmp = array();
1617 while($attrs = $ldap->fetch()){
1618 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1619 }
1620 return($tmp);
1621 }
1624 function move($source,$destination)
1625 {
1626 /* Get collected configuration settings */
1627 $cv = $this->parent->captured_values;
1629 /* Establish ldap connection */
1630 $ldap = new LDAP($cv['admin'],
1631 $cv['password'],
1632 $cv['connection'],
1633 FALSE,
1634 $cv['tls']);
1636 /* Update object references in gosaGroupOfNames */
1637 $ogs_to_fix = array();
1638 $ldap->cd($cv['base']);
1639 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($source).'))', array('cn','member'));
1640 while ($attrs= $ldap->fetch()){
1641 $dn = $attrs['dn'];
1642 $attrs = $this->cleanup_array($attrs);
1643 $member_new = array($destination);
1644 foreach($attrs['member'] as $member){
1645 if($member != $source){
1646 $member_new[] = $member;
1647 }
1648 }
1649 $attrs['member'] = $member_new;
1650 $ogs_to_fix[$dn] = $attrs;
1651 }
1653 /* Copy source to destination dn */
1654 $ldap->cat($source);
1655 $new_data = $this->cleanup_array($ldap->fetch());
1656 $ldap->cd($destination);
1657 $res = $ldap->add($new_data);
1659 /* Display warning if copy failed */
1660 if(!$res){
1661 print_red(_("Failed to copy '%s' to '%s'. LDAP says '%s'."),$source,$destination,$ldap->get_error());
1662 }else{
1663 $res = $ldap->rmDir($source);
1664 show_ldap_error($ldap->get_error(),_("Something went wrong while copying dns."));
1666 /* Object is copied, so update its references */
1667 foreach($ogs_to_fix as $dn => $data){
1668 $ldap->cd($dn);
1669 $ldap->modify($data);
1670 }
1671 }
1672 }
1675 /* Cleanup ldap result to be able to write it be to ldap */
1676 function cleanup_array($attrs)
1677 {
1678 foreach($attrs as $key => $value) {
1679 if(is_numeric($key) || in_array($key,array("count","dn"))){
1680 unset($attrs[$key]);
1681 }
1682 if(is_array($value) && isset($value['count'])){
1683 unset($attrs[$key]['count']);
1684 }
1685 }
1686 return($attrs);
1687 }
1688 }
1690 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1691 ?>