1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/monitoring.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
63 /* Department migration attributes */
64 var $users_migration_dialog= FALSE;
65 var $users_to_migrate = array();
67 /* Create Acl attributes */
68 var $acl_create_dialog = FALSE;
69 var $acl_create_type = "group";
70 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
71 var $acl_create_changes = ""; // Contains ldif information about changes
72 var $acl_create_confirmed= FALSE;
74 /* Checks initialised ? */
75 var $checks_initialised = FALSE;
77 /* Users outside to people ou */
78 var $outside_users = array();
79 var $outside_users_dialog = FALSE;
81 /* Users outside to groups ou */
82 var $outside_groups = array();
83 var $outside_groups_dialog = FALSE;
85 /* Win-Workstations outside to reserved ou */
86 var $outside_winstations = array();
87 var $outside_winstations_dialog = FALSE;
89 /* check for multiple use of same uidNumber */
90 var $check_uidNumbers = array();
91 var $check_uidNumbers_dialog = FALSE;
93 /* check for multiple use of same gidNumber */
94 var $check_gidNumbers = array();
95 var $check_gidNumbers_dialog = FALSE;
98 function Step_Migrate()
99 {
100 $this->update_strings();
101 }
103 function update_strings()
104 {
105 $this->s_title = _("LDAP inspection");
106 $this->s_title_long = _("LDAP inspection");
107 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
108 }
110 function initialize_checks()
111 {
112 $this->checks = array();
113 $this->checks['root']['TITLE'] = _("Checking for root object");
114 $this->checks['root']['STATUS'] = FALSE;
115 $this->checks['root']['STATUS_MSG']= "";
116 $this->checks['root']['ERROR_MSG'] = "";
117 $this->checkBase();
119 $this->checks['permissions']['TITLE'] = _("Checking permissions on ldap database");
120 $this->checks['permissions']['STATUS'] = FALSE;
121 $this->checks['permissions']['STATUS_MSG']= "";
122 $this->checks['permissions']['ERROR_MSG'] = "";
123 $this->check_ldap_permissions();
125 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible deparmtments");
126 $this->checks['deps_visible']['STATUS'] = FALSE;
127 $this->checks['deps_visible']['STATUS_MSG']= "";
128 $this->checks['deps_visible']['ERROR_MSG'] = "";
129 $this->check_organizationalUnits();
131 $this->checks['users_visible']['TITLE'] = _("Checking for invisible user");
132 $this->checks['users_visible']['STATUS'] = FALSE;
133 $this->checks['users_visible']['STATUS_MSG']= "";
134 $this->checks['users_visible']['ERROR_MSG'] = "";
135 $this->check_gosaAccounts();
137 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
138 $this->checks['acls']['STATUS'] = FALSE;
139 $this->checks['acls']['STATUS_MSG']= "";
140 $this->checks['acls']['ERROR_MSG'] = "";
141 $this->check_administrativeAccount();
143 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people department");
144 $this->checks['outside_users']['STATUS'] = FALSE;
145 $this->checks['outside_users']['STATUS_MSG']= "";
146 $this->checks['outside_users']['ERROR_MSG'] = "";
147 $this->search_outside_users();
149 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups department");
150 $this->checks['outside_groups']['STATUS'] = FALSE;
151 $this->checks['outside_groups']['STATUS_MSG']= "";
152 $this->checks['outside_groups']['ERROR_MSG'] = "";
153 $this->search_outside_groups();
155 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation department");
156 $this->checks['outside_winstations']['STATUS'] = FALSE;
157 $this->checks['outside_winstations']['STATUS_MSG']= "";
158 $this->checks['outside_winstations']['ERROR_MSG'] = "";
159 $this->search_outside_winstations();
161 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for multiple use of same uidNumber value");
162 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
163 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
164 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
165 $this->check_uidNumber();
167 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for multiple use of same gidNumber value");
168 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
169 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
170 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
171 $this->check_gidNumber();
172 }
175 /* Check if there are uidNumbers which are used more than once.
176 */
177 function check_uidNumber()
178 {
179 $cv = $this->parent->captured_values;
180 $ldap = new LDAP($cv['admin'],
181 $cv['password'],
182 $cv['connection'],
183 FALSE,
184 $cv['tls']);
186 $ldap->cd($cv['base']);
187 $res = $ldap->search("uidNumber=*",array("dn","uidNumber"));
188 if(!$res){
189 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
190 $this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
191 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
192 return(false);
193 }
195 $this->check_uidNumbers= array();
196 $tmp = array();
197 while($attrs = $ldap->fetch()){
198 $tmp[$attrs['uidNumber'][0]][] = $attrs;
199 }
201 foreach($tmp as $id => $entries){
202 if(count($entries) > 1){
203 foreach($entries as $entry){
204 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
205 }
206 }
207 }
209 if($this->check_uidNumbers){
210 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
211 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Failed");
212 $this->checks['uidNumber_usage']['ERROR_MSG'] =
213 sprintf(_("Found %s duplicated uidNumber values."),count($this->check_uidNumbers));
214 return(false);
215 }else{
216 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
217 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
218 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
219 return(TRUE);
220 }
221 }
224 /* Check if there are duplicated gidNumbers present in ldap
225 */
226 function check_gidNumber()
227 {
228 $cv = $this->parent->captured_values;
229 $ldap = new LDAP($cv['admin'],
230 $cv['password'],
231 $cv['connection'],
232 FALSE,
233 $cv['tls']);
235 $ldap->cd($cv['base']);
236 $res = $ldap->search("gidNumber=*",array("dn","gidNumber"));
237 if(!$res){
238 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
239 $this->checks['gidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
240 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
241 return(false);
242 }
244 $this->check_gidNumbers= array();
245 $tmp = array();
246 while($attrs = $ldap->fetch()){
247 $tmp[$attrs['gidNumber'][0]][] = $attrs;
248 }
250 foreach($tmp as $id => $entries){
251 if(count($entries) > 1){
252 foreach($entries as $entry){
253 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
254 }
255 }
256 }
258 if($this->check_gidNumbers){
259 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
260 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Failed");
261 $this->checks['gidNumber_usage']['ERROR_MSG'] =
262 sprintf(_("Found %s duplicated gidNumber values."),count($this->check_gidNumbers));
263 return(false);
264 }else{
265 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
266 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
267 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
268 return(TRUE);
269 }
270 }
273 /* Search for winstations outside the winstation ou
274 */
275 function search_outside_winstations()
276 {
277 $cv = $this->parent->captured_values;
278 $ldap = new LDAP($cv['admin'],
279 $cv['password'],
280 $cv['connection'],
281 FALSE,
282 $cv['tls']);
284 /* Get winstation ou */
285 if($cv['generic_settings']['wws_ou_active']) {
286 $winstation_ou = $cv['generic_settings']['ws_ou'];
287 }else{
288 $winstation_ou = "ou=winstations";
289 }
291 if($cv['samba_version'] == 3){
292 $oc = "sambaSamAccount";
293 }else{
294 $oc = "sambaAccount";
295 }
297 $ldap->cd($cv['base']);
298 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
299 if(!$res){
300 $this->checks['outside_winstations']['STATUS'] = FALSE;
301 $this->checks['outside_winstations']['STATUS_MSG']= _("LDAP query failed");
302 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
303 return(false);
304 }
306 $this->outside_winstations = array();
307 while($attrs = $ldap->fetch()){
308 if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
309 $attrs['selected'] = FALSE;
310 $attrs['ldif'] = "";
311 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
312 }
313 }
315 if(count($this->outside_winstations)){
316 $this->checks['outside_winstations']['STATUS'] = FALSE;
317 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
318 $this->checks['outside_winstations']['ERROR_MSG'] =
319 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
320 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."'>";
321 return(false);
322 }else{
323 $this->checks['outside_winstations']['STATUS'] = TRUE;
324 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
325 $this->checks['outside_winstations']['ERROR_MSG'] = "";
326 return(TRUE);
327 }
328 }
331 /* Search for groups outside the group ou
332 */
333 function search_outside_groups()
334 {
335 $cv = $this->parent->captured_values;
336 $ldap = new LDAP($cv['admin'],
337 $cv['password'],
338 $cv['connection'],
339 FALSE,
340 $cv['tls']);
342 $group_ou = $cv['groupou'];
343 $ldap->cd($cv['base']);
344 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
345 if(!$res){
346 $this->checks['outside_groups']['STATUS'] = FALSE;
347 $this->checks['outside_groups']['STATUS_MSG']= _("LDAP query failed");
348 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
349 return(false);
350 }
353 $this->outside_groups = array();
354 while($attrs = $ldap->fetch()){
355 if((!preg_match("/^[^,]+,".normalizePreg($group_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
356 $attrs['selected'] = FALSE;
357 $attrs['ldif'] = "";
358 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
359 }
360 }
362 if(count($this->outside_groups)){
363 $this->checks['outside_groups']['STATUS'] = FALSE;
364 $this->checks['outside_groups']['STATUS_MSG']= _("Failed");
365 $this->checks['outside_groups']['ERROR_MSG'] =
366 sprintf(_("Found %s groups outside the selected group ou '%s'."),count($this->outside_groups),$group_ou);
367 $this->checks['outside_groups']['ERROR_MSG'].= "<input type='submit' name='outside_groups_dialog' value='"._("Migrate")."'>";
368 return(false);
369 }else{
370 $this->checks['outside_groups']['STATUS'] = TRUE;
371 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
372 $this->checks['outside_groups']['ERROR_MSG'] = "";
373 return(TRUE);
374 }
375 }
378 /* Search for users outside the people ou
379 */
380 function search_outside_users()
381 {
382 $cv = $this->parent->captured_values;
383 $ldap = new LDAP($cv['admin'],
384 $cv['password'],
385 $cv['connection'],
386 FALSE,
387 $cv['tls']);
388 $people_ou = $cv['peopleou'];
389 $ldap->cd($cv['base']);
390 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
391 if(!$res){
392 $this->checks['outside_users']['STATUS'] = FALSE;
393 $this->checks['outside_users']['STATUS_MSG']= _("LDAP query failed");
394 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
395 return(false);
396 }
399 $this->outside_users = array();
400 while($attrs = $ldap->fetch()){
401 if((!preg_match("/^[^,]+,".normalizePreg($people_ou)."/",$attrs['dn']) && !preg_match("/,dc=addressbook,/",$attrs['dn']))){
402 $attrs['selected'] = FALSE;
403 $attrs['ldif'] = "";
404 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
405 }
406 }
408 if(count($this->outside_users)){
409 $this->checks['outside_users']['STATUS'] = FALSE;
410 $this->checks['outside_users']['STATUS_MSG']= _("Failed");
411 $this->checks['outside_users']['ERROR_MSG'] =
412 sprintf(_("Found %s users outside the selected user ou '%s'."),count($this->outside_users),$people_ou);
413 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Migrate")."'>";
414 return(false);
415 }else{
416 $this->checks['outside_users']['STATUS'] = TRUE;
417 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
418 $this->checks['outside_users']['ERROR_MSG'] = "";
419 return(TRUE);
420 }
421 }
424 /* Check ldap accessibility
425 * Create and remove a dummy object,
426 * to ensure that we have the necessary permissions
427 */
428 function check_ldap_permissions()
429 {
430 $cv = $this->parent->captured_values;
431 $ldap = new LDAP($cv['admin'],
432 $cv['password'],
433 $cv['connection'],
434 FALSE,
435 $cv['tls']);
437 /* Create dummy entry
438 */
439 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
440 $dn = "ou=".$name.",".$cv['base'];
441 $testEntry= array();
442 $testEntry['objectClass'][]= "top";
443 $testEntry['objectClass'][]= "organizationalUnit";
444 $testEntry['objectClass'][]= "gosaDepartment";
445 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
446 $testEntry['ou'] = $name;
448 /* check if simple ldap cat will be successful
449 */
450 $res = $ldap->cat($cv['base']);
451 if(!$res){
452 $this->checks['permissions']['STATUS'] = FALSE;
453 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
454 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
455 return(false);
456 }
458 /* Try to create dummy object
459 */
460 $ldap->cd ($dn);
461 $ldap->create_missing_trees($dn);
462 $res = $ldap->add($testEntry);
463 $ldap->cat($dn);
464 if(!$ldap->count()){
465 gosa_log($ldap->get_error());
466 $this->checks['permissions']['STATUS'] = FALSE;
467 $this->checks['permissions']['STATUS_MSG']= _("Failed");
468 $this->checks['permissions']['ERROR_MSG'] =
469 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
470 return(false);
471 }
473 /* Try to remove created entry
474 */
475 $res = $ldap->rmDir($dn);
476 $ldap->cat($dn);
477 if($ldap->count()){
478 gosa_log($ldap->get_error());
479 $this->checks['permissions']['STATUS'] = FALSE;
480 $this->checks['permissions']['STATUS_MSG']= _("Failed");
481 $this->checks['permissions']['ERROR_MSG'] =
482 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
483 return(false);
484 }
486 /* Create & remove of dummy object was successful */
487 $this->checks['permissions']['STATUS'] = TRUE;
488 $this->checks['permissions']['STATUS_MSG']= _("Ok");
489 $this->checks['permissions']['ERROR_MSG'] = "";
490 return(true);
491 }
494 /* Check if there are users which will
495 * be invisible for GOsa
496 */
497 function check_gosaAccounts()
498 {
499 /* Remember old list of ivisible users, to be able to set
500 * the 'html checked' status for the checkboxes again
501 */
502 $cnt_ok = 0;
503 $old = $this->users_to_migrate;
504 $this->users_to_migrate = array();
506 /* Get collected configuration settings */
507 $cv = $this->parent->captured_values;
509 /* Establish ldap connection */
510 $ldap = new LDAP($cv['admin'],
511 $cv['password'],
512 $cv['connection'],
513 FALSE,
514 $cv['tls']);
516 /* Get all invisible users
517 */
518 $ldap->cd($cv['base']);
519 $res =$ldap->search("(&(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=organizationalPerson))(!(objectClass=gosaAccount)))",array("sn","givenName","cn","uid"));
520 while($attrs = $ldap->fetch()){
521 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
522 $attrs['checked'] = FALSE;
523 $attrs['before'] = "";
524 $attrs['after'] = "";
526 /* Set objects to selected, that were selected before reload */
527 if(isset($old[base64_encode($attrs['dn'])])){
528 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
529 }
530 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
531 }
532 }
534 /* No invisible */
535 if(!$res){
536 $this->checks['users_visible']['STATUS'] = FALSE;
537 $this->checks['users_visible']['STATUS_MSG']= _("LDAP query failed");
538 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
539 }elseif(count($this->users_to_migrate) == 0){
540 $this->checks['users_visible']['STATUS'] = TRUE;
541 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
542 $this->checks['users_visible']['ERROR_MSG'] = "";
543 }else{
544 $this->checks['users_visible']['STATUS'] = FALSE;
545 $this->checks['users_visible']['STATUS_MSG']= "";
546 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s users that will not be visible in GOsa."),
547 count($this->users_to_migrate));
548 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."'>";
549 }
550 }
553 /* Start user account migration
554 */
555 function migrate_gosaAccounts($only_ldif = FALSE)
556 {
557 /* Get collected configuration settings */
558 $cv = $this->parent->captured_values;
560 /* Establish ldap connection */
561 $ldap = new LDAP($cv['admin'],
562 $cv['password'],
563 $cv['connection'],
564 FALSE,
565 $cv['tls']);
567 /* Add gosaAccount objectClass to the selected users
568 */
569 foreach($this->users_to_migrate as $key => $dep){
570 if($dep['checked']){
572 /* Get old objectClasses */
573 $ldap->cat($dep['dn'],array("objectClass"));
574 $attrs = $ldap->fetch();
576 /* Create new objectClass array */
577 $new_attrs = array();
578 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
579 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
580 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
581 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
582 }
583 }
585 /* Set info attributes for current object,
586 * or write changes to the ldap database
587 */
588 if($only_ldif){
589 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
590 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
591 }else{
592 $ldap->cd($attrs['dn']);
593 if(!$ldap->modify($new_attrs)){
594 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
595 return(false);
596 }
597 }
598 }
599 }
600 return(TRUE);
601 }
604 /* Check if there are invisible organizational Units
605 */
606 function check_organizationalUnits()
607 {
608 $cnt_ok = 0;
609 $old = $this->deps_to_migrate;
610 $this->deps_to_migrate = array();
612 /* Get collected configuration settings */
613 $cv = $this->parent->captured_values;
615 /* Establish ldap connection */
616 $ldap = new LDAP($cv['admin'],
617 $cv['password'],
618 $cv['connection'],
619 FALSE,
620 $cv['tls']);
622 /* Skip GOsa internal departments */
623 $skip_dns = array("/^ou=people,/","/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
624 "/^ou=apps,/","/^ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
625 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
626 "/(,|)ou=winstations,/");
629 /* Get all invisible departments */
630 $ldap->cd($cv['base']);
631 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
632 while($attrs = $ldap->fetch()){
633 $attrs['checked'] = FALSE;
634 $attrs['before'] = "";
635 $attrs['after'] = "";
637 /* Set objects to selected, that were selected before reload */
638 if(isset($old[base64_encode($attrs['dn'])])){
639 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
640 }
641 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
642 }
644 /* Filter returned list of departments and ensure that
645 * GOsa internal departments will not be listed
646 */
647 foreach($this->deps_to_migrate as $key => $attrs){
648 $dn = $attrs['dn'];
649 $skip = false;
650 foreach($skip_dns as $skip_dn){
651 if(preg_match($skip_dn,$dn)){
652 $skip = true;
653 }
654 }
655 if($skip){
656 unset($this->deps_to_migrate[$key]);
657 }
658 }
660 /* If we have no invisible departments found
661 * tell the user that everything is ok
662 */
663 if(!$res){
664 $this->checks['deps_visible']['STATUS'] = FALSE;
665 $this->checks['deps_visible']['STATUS_MSG']= _("LDAP query failed");
666 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
667 }elseif(count($this->deps_to_migrate) == 0 ){
668 $this->checks['deps_visible']['STATUS'] = TRUE;
669 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
670 $this->checks['deps_visible']['ERROR_MSG'] = "";
671 }else{
672 $this->checks['deps_visible']['STATUS'] = FALSE;
673 $this->checks['deps_visible']['STATUS_MSG']= "";//sprintf(_("%s entries found"),count($this->deps_to_migrate));
674 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s departments that will not be visible in GOsa."),count($this->deps_to_migrate));
675 $this->checks['deps_visible']['ERROR_MSG'] .= "<input type='submit' name='deps_visible_migrate' value='"._("Migrate")."'>";
676 }
677 }
681 /* Start deparmtment migration */
682 function migrate_organizationalUnits($only_ldif = FALSE)
683 {
684 /* Get collected configuration settings */
685 $cv = $this->parent->captured_values;
687 /* Establish ldap connection */
688 $ldap = new LDAP($cv['admin'],
689 $cv['password'],
690 $cv['connection'],
691 FALSE,
692 $cv['tls']);
694 /* Add gosaDepartment objectClass to each selected entry
695 */
696 foreach($this->deps_to_migrate as $key => $dep){
697 if($dep['checked']){
699 /* Get current objectClasses */
700 $ldap->cat($dep['dn'],array("objectClass","description"));
701 $attrs = $ldap->fetch();
703 /* Create new objectClass attribute including gosaDepartment*/
704 $new_attrs = array();
705 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
706 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
707 }
708 $new_attrs['objectClass'][] = "gosaDepartment";
710 /* Append description it is missing */
711 if(!isset($attrs['description'])){
712 $new_attrs['description'][] = "GOsa department";
713 }
715 /* Depending on the parameter >only_diff< we save the changes as ldif
716 * or we write our changes directly to the ldap database
717 */
718 if($only_ldif){
719 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
720 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
721 }else{
722 $ldap->cd($attrs['dn']);
723 if(!$ldap->modify($new_attrs)){
724 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
725 return(false);
726 }
727 }
728 }
729 }
730 return(TRUE);
731 }
734 /* Check Acls if there is at least one object with acls defined
735 */
736 function check_administrativeAccount()
737 {
738 /* Establish ldap connection */
739 $cv = $this->parent->captured_values;
740 $ldap = new LDAP($cv['admin'],
741 $cv['password'],
742 $cv['connection'],
743 FALSE,
744 $cv['tls']);
746 /* Search for gosaAcls */
747 $ldap->cd($cv['base']);
748 $res = $ldap->search("(&(objectClass=gosaAccount)(|(objectClass=posixAccount)".
749 "(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))");
750 if(!$res){
751 $this->checks['acls']['STATUS'] = FALSE;
752 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
753 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
754 }elseif($ldap->count()){
755 $this->checks['acls']['STATUS'] = TRUE;
756 $this->checks['acls']['STATUS_MSG']= _("Ok");
757 $this->checks['acls']['ERROR_MSG'] = "";
758 }else{
759 $this->checks['acls']['STATUS'] = FALSE;
760 $this->checks['acls']['STATUS_MSG']= _("Failed");
761 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
762 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
763 }
764 return($ldap->count()>=1);
765 }
769 function create_admin($only_ldif = FALSE)
770 {
771 /* Reset '' */
772 $this->acl_create_changes="";
774 /* Object that should receive admin acls */
775 $dn = $this->acl_create_selected;
777 /* Get collected configuration settings */
778 $cv = $this->parent->captured_values;
780 /* Establish ldap connection */
781 $ldap = new LDAP($cv['admin'],
782 $cv['password'],
783 $cv['connection'],
784 FALSE,
785 $cv['tls']);
787 /* Get current base attributes */
788 $ldap->cd($cv['base']);
789 $ldap->cat($cv['base'],array("dn","objectClass","gosaAclEntry"));
790 $attrs = $ldap->fetch();
792 /* Add acls for the selcted user to the base */
793 $attrs_new['objectClass'] = array("gosaACL");
795 for($i = 0; $i < $attrs['objectClass']['count']; $i ++){
796 if(!in_array_ics($attrs['objectClass'][$i],$attrs_new['objectClass'])){
797 $attrs_new['objectClass'][] = $attrs['objectClass'][$i];
798 }
799 }
801 $acl = "0:psub:".base64_encode($dn).":all;cmdrw";
802 $attrs_new['gosaAclEntry'][] = $acl;
803 if(isset($attrs['gosaAclEntry'])){
804 for($i = 0 ; $i < $attrs['gosaAclEntry']['count']; $i ++){
806 $prio = preg_replace("/[:].*$/","",$attrs['gosaAclEntry'][$i]);
807 $rest = preg_replace("/^[^:]/","",$attrs['gosaAclEntry'][$i]);
809 $data = ($prio+1).$rest;
810 $attrs_new['gosaAclEntry'][] = $data;
811 }
812 }
814 if($only_ldif){
815 $this->acl_create_changes ="\n".$cv['base']."\n";
816 $this->acl_create_changes.=$this->array_to_ldif($attrs)."\n";
817 $this->acl_create_changes.="\n".$cv['base']."\n";
818 $this->acl_create_changes.=$this->array_to_ldif($attrs_new);
819 }else{
821 $ldap->cd($cv['base']);
822 if(!$ldap->modify($attrs_new)){
823 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
824 }
825 }
826 }
829 function create_admin_user()
830 {
831 $pw1 = $pw2 = "";
833 if(isset($_POST['new_user_password'])){
834 $pw1 = $_POST['new_user_password'];
835 }
836 if(isset($_POST['new_user_password2'])){
837 $pw2 = $_POST['new_user_password2'];
838 }
840 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
841 print_red(_("Specified passwords are empty or not equal."));
842 return false;
843 }
845 /* Establish ldap connection */
846 $cv = $this->parent->captured_values;
847 $ldap = new LDAP($cv['admin'],
848 $cv['password'],
849 $cv['connection'],
850 FALSE,
851 $cv['tls']);
853 /* Get current base attributes */
854 $ldap->cd($cv['base']);
856 if($cv['peopledn'] == "cn"){
857 $dn = "cn=System Administrator,".$cv['peopleou'].",".$cv['base'];
858 }else{
859 $dn = "uid=admin,".$cv['peopleou'].",".$cv['base'];
860 }
862 $methods = @passwordMethod::get_available_methods_if_not_loaded();
863 $p_m = $methods[$cv['encryption']];
864 $p_c = new $p_m(array());
865 $hash = $p_c->generate_hash($pw2);
867 $new_user=array();
868 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
869 $new_user['givenName'] = "System";
870 $new_user['sn'] = "Administrator";
871 $new_user['cn'] = "System Administrator";
872 $new_user['uid'] = "admin";
873 $new_user['userPassword'] = $hash;
875 $ldap->cd($cv['base']);
876 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
877 $ldap->cd($dn);
878 $res = $ldap->add($new_user);
879 $this->acl_create_selected = $dn;
880 $this->create_admin();
882 if(!$res){
883 print_red($ldap->get_error());
884 return(FALSE);
885 }
887 $this->acl_create_dialog=FALSE;
888 $this->check_administrativeAccount();
889 return(TRUE);
890 }
893 function migrate_outside_winstations($perform = FALSE)
894 {
895 /* Establish ldap connection */
896 $cv = $this->parent->captured_values;
897 $ldap = new LDAP($cv['admin'],
898 $cv['password'],
899 $cv['connection'],
900 FALSE,
901 $cv['tls']);
903 $ldap->cd($cv['base']);
905 /* Check if there was a destination department posted */
906 if(isset($_POST['move_winstation_to'])){
907 $destination_dep = $_POST['move_winstation_to'];
908 }else{
909 print_red(_("Couldn't move users to specified department."));
910 return(false);
911 }
913 foreach($this->outside_winstations as $b_dn => $data){
914 $this->outside_winstations[$b_dn]['ldif'] ="";
915 if($data['selected']){
916 $dn = base64_decode($b_dn);
917 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
918 if(!$perform){
919 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
922 /* Check if there are references to this object */
923 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
924 $refs = "";
925 while($attrs = $ldap->fetch()){
926 $ref_dn = $attrs['dn'];
927 $refs .= "<br />\t".$ref_dn;
928 }
929 if(!empty($refs)){
930 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
931 }
933 }else{
934 $this->move($dn,$d_dn);
935 }
936 }
937 }
938 }
941 function migrate_outside_groups($perform = FALSE)
942 {
943 /* Establish ldap connection */
944 $cv = $this->parent->captured_values;
945 $ldap = new LDAP($cv['admin'],
946 $cv['password'],
947 $cv['connection'],
948 FALSE,
949 $cv['tls']);
951 $ldap->cd($cv['base']);
953 /* Check if there was a destination department posted */
954 if(isset($_POST['move_group_to'])){
955 $destination_dep = $_POST['move_group_to'];
956 }else{
957 print_red(_("Couldn't move users to specified department."));
958 return(false);
959 }
961 foreach($this->outside_groups as $b_dn => $data){
962 $this->outside_groups[$b_dn]['ldif'] ="";
963 if($data['selected']){
964 $dn = base64_decode($b_dn);
965 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
966 if(!$perform){
967 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
970 /* Check if there are references to this object */
971 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
972 $refs = "";
973 while($attrs = $ldap->fetch()){
974 $ref_dn = $attrs['dn'];
975 $refs .= "<br />\t".$ref_dn;
976 }
977 if(!empty($refs)){
978 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
979 }
981 }else{
982 $this->move($dn,$d_dn);
983 }
984 }
985 }
986 }
989 function migrate_outside_users($perform = FALSE)
990 {
991 /* Establish ldap connection */
992 $cv = $this->parent->captured_values;
993 $ldap = new LDAP($cv['admin'],
994 $cv['password'],
995 $cv['connection'],
996 FALSE,
997 $cv['tls']);
999 $ldap->cd($cv['base']);
1001 /* Check if there was a destination department posted */
1002 if(isset($_POST['move_user_to'])){
1003 $destination_dep = $_POST['move_user_to'];
1004 }else{
1005 print_red(_("Couldn't move users to specified department."));
1006 return(false);
1007 }
1009 foreach($this->outside_users as $b_dn => $data){
1010 $this->outside_users[$b_dn]['ldif'] ="";
1011 if($data['selected']){
1012 $dn = base64_decode($b_dn);
1013 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1014 if(!$perform){
1015 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1017 /* Check if there are references to this object */
1018 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1019 $refs = "";
1020 while($attrs = $ldap->fetch()){
1021 $ref_dn = $attrs['dn'];
1022 $refs .= "<br />\t".$ref_dn;
1023 }
1024 if(!empty($refs)){
1025 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1026 }
1028 }else{
1029 $this->move($dn,$d_dn);
1030 }
1031 }
1032 }
1033 }
1036 function execute()
1037 {
1038 /* Initialise checks if this is the first call */
1039 if(!$this->checks_initialised || isset($_POST['reload'])){
1040 $this->initialize_checks();
1041 $this->checks_initialised = TRUE;
1042 }
1044 /*************
1045 * Winstations outside the group ou
1046 *************/
1048 if(isset($_POST['outside_winstations_dialog_cancel'])){
1049 $this->outside_winstations_dialog = FALSE;
1050 $this->dialog = FALSE;
1051 }
1053 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1054 $this->migrate_outside_winstations(FALSE);
1055 }
1057 if(isset($_POST['outside_winstations_dialog_perform'])){
1058 $this->migrate_outside_winstations(TRUE);
1059 $this->search_outside_winstations();
1060 }
1062 if(isset($_POST['outside_winstations_dialog'])){
1063 $this->outside_winstations_dialog = TRUE;
1064 $this->dialog = TRUE;
1065 }
1067 if($this->outside_winstations_dialog){
1068 $smarty = get_smarty();
1069 $smarty->assign("ous",$this->get_all_winstation_ous());
1070 $smarty->assign("method","outside_winstations");
1071 $smarty->assign("outside_winstations",$this->outside_winstations);
1072 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1073 }
1074 /*************
1075 * Groups outside the group ou
1076 *************/
1078 if(isset($_POST['outside_groups_dialog_cancel'])){
1079 $this->outside_groups_dialog = FALSE;
1080 $this->dialog = FALSE;
1081 }
1083 if(isset($_POST['outside_groups_dialog_whats_done'])){
1084 $this->migrate_outside_groups(FALSE);
1085 }
1087 if(isset($_POST['outside_groups_dialog_perform'])){
1088 $this->migrate_outside_groups(TRUE);
1089 $this->search_outside_groups();
1090 }
1092 if(isset($_POST['outside_groups_dialog'])){
1093 $this->outside_groups_dialog = TRUE;
1094 $this->dialog = TRUE;
1095 }
1097 if($this->outside_groups_dialog){
1098 $smarty = get_smarty();
1099 $smarty->assign("ous",$this->get_all_group_ous());
1100 $smarty->assign("method","outside_groups");
1101 $smarty->assign("outside_groups",$this->outside_groups);
1102 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1103 }
1105 /*************
1106 * User outside the people ou
1107 *************/
1109 if(isset($_POST['outside_users_dialog_cancel'])){
1110 $this->outside_users_dialog = FALSE;
1111 $this->dialog = FALSE;
1112 }
1114 if(isset($_POST['outside_users_dialog_whats_done'])){
1115 $this->migrate_outside_users(FALSE);
1116 }
1118 if(isset($_POST['outside_users_dialog_perform'])){
1119 $this->migrate_outside_users(TRUE);
1120 $this->search_outside_users();
1121 }
1123 if(isset($_POST['outside_users_dialog'])){
1124 $this->outside_users_dialog = TRUE;
1125 $this->dialog = TRUE;
1126 }
1128 if($this->outside_users_dialog){
1129 $smarty = get_smarty();
1130 $smarty->assign("ous",$this->get_all_people_ous());
1131 $smarty->assign("method","outside_users");
1132 $smarty->assign("outside_users",$this->outside_users);
1133 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1134 }
1136 /*************
1137 * Root object check
1138 *************/
1140 if(isset($_POST['retry_root_create'])){
1142 $state = $this->checks['root']['STATUS'];
1143 $this->checkBase(FALSE);
1144 if($state != $this->checks['root']['STATUS']){
1145 $this->initialize_checks();
1146 }
1147 }
1149 /*************
1150 * User Migration handling
1151 *************/
1153 if(isset($_POST['retry_acls'])){
1154 $this->check_administrativeAccount();
1155 }
1157 if(isset($_POST['create_acls'])){
1158 $this->acl_create_dialog = TRUE;
1159 $this->dialog = TRUE;
1160 }
1162 if(isset($_POST['create_acls_cancel'])){
1163 $this->acl_create_dialog = FALSE;
1164 $this->dialog = FALSE;
1165 }
1167 if(isset($_POST['create_acls_create_confirmed'])){
1168 $this->create_admin();
1169 }
1171 if(isset($_POST['create_acls_create'])){
1172 $this->create_admin(TRUE);
1173 }
1175 if(isset($_POST['create_admin_user'])){
1176 if($this->create_admin_user()){
1177 $this->dialog = FALSE;
1178 }
1179 }
1181 if($this->acl_create_dialog){
1182 $smarty = get_smarty();
1183 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1184 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1185 $smarty->assign("users" ,$this->get_user_list());
1186 $smarty->assign("users_cnt" ,count($this->get_user_list()));
1187 $smarty->assign("groups",$this->get_group_list());
1188 $smarty->assign("groups_cnt",count($this->get_group_list()));
1189 $smarty->assign("type" ,$this->acl_create_type);
1190 $smarty->assign("method","create_acls");
1191 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1192 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1193 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1194 }
1196 /*************
1197 * User Migration handling
1198 *************/
1200 /* Refresh list of deparments */
1201 if(isset($_POST['users_visible_migrate_refresh'])){
1202 $this->check_gosaAccounts();
1203 }
1205 /* Open migration dialog */
1206 if(isset($_POST['users_visible_migrate'])){
1207 $this->users_migration_dialog = TRUE;
1208 $this->dialog =TRUE;
1209 }
1211 /* Close migration dialog */
1212 if(isset($_POST['users_visible_migrate_close'])){
1213 $this->users_migration_dialog = FALSE;
1214 $this->dialog =FALSE;
1215 }
1217 /* Start migration */
1218 if(isset($_POST['users_visible_migrate_migrate'])){
1219 if($this->migrate_gosaAccounts()){
1220 $this->check_gosaAccounts();
1221 }
1222 }
1224 /* Start migration */
1225 if(isset($_POST['users_visible_migrate_whatsdone'])){
1226 $this->migrate_gosaAccounts(TRUE);
1227 }
1229 /* Display migration dialog */
1230 if($this->users_migration_dialog){
1231 $smarty = get_smarty();
1232 $smarty->assign("users_to_migrate",$this->users_to_migrate);
1233 $smarty->assign("method","migrate_users");
1234 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1235 }
1238 /*************
1239 * Department Migration handling
1240 *************/
1242 /* Refresh list of deparments */
1243 if(isset($_POST['deps_visible_migrate_refresh'])){
1244 $this->check_organizationalUnits();
1245 }
1247 /* Open migration dialog */
1248 if(isset($_POST['deps_visible_migrate'])){
1249 $this->dep_migration_dialog = TRUE;
1250 $this->dialog =TRUE;
1251 }
1253 /* Close migration dialog */
1254 if(isset($_POST['deps_visible_migrate_close'])){
1255 $this->dep_migration_dialog = FALSE;
1256 $this->dialog =FALSE;
1257 }
1259 /* Start migration */
1260 if(isset($_POST['deps_visible_migrate_migrate'])){
1261 if($this->migrate_organizationalUnits()){
1262 $this->check_organizationalUnits();
1263 }
1264 }
1266 /* Start migration */
1267 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1268 $this->migrate_organizationalUnits(TRUE);
1269 }
1271 /* Display migration dialog */
1272 if($this->dep_migration_dialog){
1273 $smarty = get_smarty();
1274 $smarty->assign("deps_to_migrate",$this->deps_to_migrate);
1275 $smarty->assign("method","migrate_deps");
1276 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1277 }
1279 $smarty = get_smarty();
1280 $smarty->assign("checks",$this->checks);
1281 $smarty->assign("method","default");
1282 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1283 }
1286 function save_object()
1287 {
1288 $this->is_completed= TRUE;
1290 /* Capture all selected winstations from outside_winstations_dialog */
1291 if($this->outside_winstations_dialog){
1292 foreach($this->outside_winstations as $dn => $data){
1293 if(isset($_POST['select_winstation_'.$dn])){
1294 $this->outside_winstations[$dn]['selected'] = TRUE;
1295 }else{
1296 $this->outside_winstations[$dn]['selected'] = FALSE;
1297 }
1298 }
1299 }
1301 /* Capture all selected groups from outside_groups_dialog */
1302 if($this->outside_groups_dialog){
1303 foreach($this->outside_groups as $dn => $data){
1304 if(isset($_POST['select_group_'.$dn])){
1305 $this->outside_groups[$dn]['selected'] = TRUE;
1306 }else{
1307 $this->outside_groups[$dn]['selected'] = FALSE;
1308 }
1309 }
1310 }
1312 /* Capture all selected users from outside_users_dialog */
1313 if($this->outside_users_dialog){
1314 foreach($this->outside_users as $dn => $data){
1315 if(isset($_POST['select_user_'.$dn])){
1316 $this->outside_users[$dn]['selected'] = TRUE;
1317 }else{
1318 $this->outside_users[$dn]['selected'] = FALSE;
1319 }
1320 }
1321 }
1323 /* Get "create acl" dialog posts */
1324 if($this->acl_create_dialog){
1325 if(isset($_POST['create_acls_create'])){
1326 if(isset($_POST['create_acls_selected'])){
1327 $this->acl_create_selected = base64_decode($_POST['create_acls_selected']);
1328 }else{
1329 $this->acl_create_selected = "";
1330 }
1331 }
1333 if(isset($_POST['create_acls_create_abort'])){
1334 $this->acl_create_selected = "";
1335 }
1337 if(isset($_POST['acl_create_type'])){
1338 $this->acl_create_type = $_POST['acl_create_type'];
1339 }
1340 }
1342 /* Get selected departments */
1343 if($this->dep_migration_dialog){
1344 foreach($this->deps_to_migrate as $id => $data){
1345 if(isset($_POST['migrate_'.$id])){
1346 $this->deps_to_migrate[$id]['checked'] = TRUE;
1347 }else{
1348 $this->deps_to_migrate[$id]['checked'] = FALSE;
1349 }
1350 }
1351 }
1353 /* Get selected users */
1354 if($this->users_migration_dialog){
1355 foreach($this->users_to_migrate as $id => $data){
1356 if(isset($_POST['migrate_'.$id])){
1357 $this->users_to_migrate[$id]['checked'] = TRUE;
1358 }else{
1359 $this->users_to_migrate[$id]['checked'] = FALSE;
1360 }
1361 }
1362 }
1363 }
1366 /* Check if the root object exists.
1367 * If the parameter just_check is true, then just check if the
1368 * root object is missing and update the info messages.
1369 * If the Parameter is false, try to create a new root object.
1370 */
1371 function checkBase($just_check = TRUE)
1372 {
1373 /* Get collected setup informations */
1374 $cv = $this->parent->captured_values;
1376 /* Establish ldap connection */
1377 $ldap = new LDAP($cv['admin'],
1378 $cv['password'],
1379 $cv['connection'],
1380 FALSE,
1381 $cv['tls']);
1383 /* Check if root object exists */
1384 $ldap->cd($cv['base']);
1385 $res = $ldap->search("(objectClass=*)");
1386 $err = ldap_errno($ldap->cid);
1388 if( !$res ||
1389 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1390 $err == 0x40) { # LDAP_NAMING_VIOLATION
1392 /* Root object doesn't exists
1393 */
1394 if($just_check){
1395 $this->checks['root']['STATUS'] = FALSE;
1396 $this->checks['root']['STATUS_MSG']= _("Failed");
1397 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
1398 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1399 return(FALSE);
1400 }else{
1402 /* Add root object */
1403 $ldap->cd($cv['base']);
1404 $res = $ldap->create_missing_trees($cv['base']);
1406 /* If adding failed, tell the user */
1407 if(!$res){
1408 $this->checks['root']['STATUS'] = FALSE;
1409 $this->checks['root']['STATUS_MSG']= _("Failed");
1410 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
1411 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1412 return($res);;
1413 }
1414 }
1415 }
1417 /* Create & remove of dummy object was successful */
1418 $this->checks['root']['STATUS'] = TRUE;
1419 $this->checks['root']['STATUS_MSG']= _("Ok");
1420 }
1423 /* Return ldif information for a
1424 * given attribute array
1425 */
1426 function array_to_ldif($atts)
1427 {
1428 $ret = "";
1429 unset($atts['count']);
1430 unset($atts['dn']);
1431 foreach($atts as $name => $value){
1432 if(is_numeric($name)) {
1433 continue;
1434 }
1435 if(is_array($value)){
1436 unset($value['count']);
1437 foreach($value as $a_val){
1438 $ret .= $name.": ". $a_val."\n";
1439 }
1440 }else{
1441 $ret .= $name.": ". $value."\n";
1442 }
1443 }
1444 return(preg_replace("/\n$/","",$ret));
1445 }
1448 function get_user_list()
1449 {
1450 /* Get collected configuration settings */
1451 $cv = $this->parent->captured_values;
1453 /* Establish ldap connection */
1454 $ldap = new LDAP($cv['admin'],
1455 $cv['password'],
1456 $cv['connection'],
1457 FALSE,
1458 $cv['tls']);
1460 $ldap->cd($cv['base']);
1461 $ldap->search("(objectClass=gosaAccount)",array("dn"));
1463 $tmp = array();
1464 while($attrs = $ldap->fetch()){
1465 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1466 }
1467 return($tmp);
1468 }
1471 function get_all_people_ous()
1472 {
1473 /* Get collected configuration settings */
1474 $cv = $this->parent->captured_values;
1476 /* Establish ldap connection */
1477 $ldap = new LDAP($cv['admin'],
1478 $cv['password'],
1479 $cv['connection'],
1480 FALSE,
1481 $cv['tls']);
1483 $ldap->cd($cv['base']);
1484 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1486 if($ldap->count() == 0 ){
1487 $add_dn = $cv['peopleou'].",".$cv['base'];
1488 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1489 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1490 $add = array();
1491 $add['objectClass'] = array("organizationalUnit");
1492 $add[$naming_attr] = $naming_value;
1494 $ldap->cd($cv['base']);
1495 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1496 $ldap->cd($add_dn);
1497 $ldap->add($add);
1498 }
1500 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1501 $tmp = array();
1502 while($attrs= $ldap->fetch()){
1503 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1504 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1505 }
1506 }
1507 return($tmp);
1508 }
1510 function get_all_winstation_ous()
1511 {
1512 /* Get collected configuration settings */
1513 $cv = $this->parent->captured_values;
1515 /* Establish ldap connection */
1516 $ldap = new LDAP($cv['admin'],
1517 $cv['password'],
1518 $cv['connection'],
1519 FALSE,
1520 $cv['tls']);
1522 /* Get winstation ou */
1523 if($cv['generic_settings']['wws_ou_active']) {
1524 $winstation_ou = $cv['generic_settings']['ws_ou'];
1525 }else{
1526 $winstation_ou = "ou=winstations";
1527 }
1529 $ldap->cd($cv['base']);
1530 $ldap->search("(".$winstation_ou.")",array("dn"));
1532 if($ldap->count() == 0 ){
1533 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
1534 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1535 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1536 $add = array();
1537 $add['objectClass'] = array("organizationalUnit");
1538 $add[$naming_attr] = $naming_value;
1540 $ldap->cd($cv['base']);
1541 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1542 $ldap->cd($add_dn);
1543 $ldap->add($add);
1544 }
1546 $ldap->search("(".$winstation_ou.")",array("dn"));
1547 $tmp = array();
1548 while($attrs= $ldap->fetch()){
1549 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1550 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1551 }
1552 }
1553 return($tmp);
1554 }
1557 function get_all_group_ous()
1558 {
1559 /* Get collected configuration settings */
1560 $cv = $this->parent->captured_values;
1562 /* Establish ldap connection */
1563 $ldap = new LDAP($cv['admin'],
1564 $cv['password'],
1565 $cv['connection'],
1566 FALSE,
1567 $cv['tls']);
1569 $ldap->cd($cv['base']);
1570 $ldap->search("(".$cv['groupou'].")",array("dn"));
1572 if($ldap->count() == 0 ){
1573 $add_dn = $cv['groupou'].",".$cv['base'];
1574 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1575 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1576 $add = array();
1577 $add['objectClass'] = array("organizationalUnit");
1578 $add[$naming_attr] = $naming_value;
1580 $ldap->cd($cv['base']);
1581 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1582 $ldap->cd($add_dn);
1583 $ldap->add($add);
1584 }
1586 $ldap->search("(".$cv['groupou'].")",array("dn"));
1587 $tmp = array();
1588 while($attrs= $ldap->fetch()){
1589 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1590 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1591 }
1592 }
1593 return($tmp);
1594 }
1597 function get_group_list()
1598 {
1599 /* Get collected configuration settings */
1600 $cv = $this->parent->captured_values;
1602 /* Establish ldap connection */
1603 $ldap = new LDAP($cv['admin'],
1604 $cv['password'],
1605 $cv['connection'],
1606 FALSE,
1607 $cv['tls']);
1609 $ldap->cd($cv['base']);
1610 $ldap->search("(objectClass=posixGroup)",array("dn"));
1612 $tmp = array();
1613 while($attrs = $ldap->fetch()){
1614 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1615 }
1616 return($tmp);
1617 }
1620 function move($source,$destination)
1621 {
1622 /* Get collected configuration settings */
1623 $cv = $this->parent->captured_values;
1625 /* Establish ldap connection */
1626 $ldap = new LDAP($cv['admin'],
1627 $cv['password'],
1628 $cv['connection'],
1629 FALSE,
1630 $cv['tls']);
1632 /* Update object references in gosaGroupOfNames */
1633 $ogs_to_fix = array();
1634 $ldap->cd($cv['base']);
1635 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($source).'))', array('cn','member'));
1636 while ($attrs= $ldap->fetch()){
1637 $dn = $attrs['dn'];
1638 $attrs = $this->cleanup_array($attrs);
1639 $member_new = array($destination);
1640 foreach($attrs['member'] as $member){
1641 if($member != $source){
1642 $member_new[] = $member;
1643 }
1644 }
1645 $attrs['member'] = $member_new;
1646 $ogs_to_fix[$dn] = $attrs;
1647 }
1649 /* Copy source to destination dn */
1650 $ldap->cat($source);
1651 $new_data = $this->cleanup_array($ldap->fetch());
1652 $ldap->cd($destination);
1653 $res = $ldap->add($new_data);
1655 /* Display warning if copy failed */
1656 if(!$res){
1657 print_red(_("Failed to copy '%s' to '%s'. LDAP says '%s'."),$source,$destination,$ldap->get_error());
1658 }else{
1659 $res = $ldap->rmDir($source);
1660 show_ldap_error($ldap->get_error(),_("Something went wrong while copying dns."));
1662 /* Object is copied, so update its references */
1663 foreach($ogs_to_fix as $dn => $data){
1664 $ldap->cd($dn);
1665 $ldap->modify($data);
1666 }
1667 }
1668 }
1671 /* Cleanup ldap result to be able to write it be to ldap */
1672 function cleanup_array($attrs)
1673 {
1674 foreach($attrs as $key => $value) {
1675 if(is_numeric($key) || in_array($key,array("count","dn"))){
1676 unset($attrs[$key]);
1677 }
1678 if(is_array($value) && isset($value['count'])){
1679 unset($attrs[$key]['count']);
1680 }
1681 }
1682 return($attrs);
1683 }
1684 }
1686 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1687 ?>