1 <?php
3 /*
4 This code is part of GOsa (https://gosa.gonicus.de)
5 Copyright (C) 2007 Fabian Hickert
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
24 /****************
25 * FUNCTIONS
27 Step_Migrate - Constructor.
28 update_strings - Used to update the displayed step informations.
29 initialize_checks - Initialize migration steps.
30 check_ldap_permissions - Check if the used admin account has full access to the ldap database.
31 check_gosaAccounts - Check if there are users without the required objectClasses.
32 migrate_gosaAccounts - Migrate selected users to GOsa user accounts.
33 check_organizationalUnits - Check if there are departments, that are not visible for GOsa
34 migrate_organizationalUnits - Migrate selected departments
35 check_administrativeAccount - Check if there is at least one acl entry available
36 checkBase - Check if there is a root object available
38 get_user_list - Get list of available users
39 get_group_list - Get list of groups
41 create_admin
42 create_admin_user
44 execute - Generate html output of this plugin
45 save_object - Save posts
46 array_to_ldif - Create ldif output of an ldap result array
48 ****************/
52 class Step_Migrate extends setup_step
53 {
54 var $languages = array();
55 var $attributes = array();
56 var $header_image = "images/monitoring.png";
57 var $checks = array();
59 /* Department migration attributes */
60 var $dep_migration_dialog = FALSE;
61 var $deps_to_migrate = array();
62 var $show_details = FALSE;
64 /* Department migration attributes */
65 var $users_migration_dialog= FALSE;
66 var $users_to_migrate = array();
68 /* Create Acl attributes */
69 var $acl_create_dialog = FALSE;
70 var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
71 var $acl_create_changes = ""; // Contains ldif information about changes
72 var $acl_create_confirmed= FALSE;
74 /* Checks initialised ? */
75 var $checks_initialised = FALSE;
77 /* Users outside to people ou */
78 var $outside_users = array();
79 var $outside_users_dialog = FALSE;
81 /* Users outside to groups ou */
82 var $outside_groups = array();
83 var $outside_groups_dialog = FALSE;
85 /* Win-Workstations outside to reserved ou */
86 var $outside_winstations = array();
87 var $outside_winstations_dialog = FALSE;
89 /* check for multiple use of same uidNumber */
90 var $check_uidNumbers = array();
91 var $check_uidNumbers_dialog = FALSE;
93 /* check for multiple use of same gidNumber */
94 var $check_gidNumbers = array();
95 var $check_gidNumbers_dialog = FALSE;
98 function Step_Migrate()
99 {
100 $this->update_strings();
101 }
103 function update_strings()
104 {
105 $this->s_title = _("LDAP inspection");
106 $this->s_title_long = _("LDAP inspection");
107 $this->s_info = _("Analyze your current LDAP for GOsa compatibility");
108 }
110 function initialize_checks()
111 {
112 $this->checks = array();
113 $this->checks['root']['TITLE'] = _("Checking for root object");
114 $this->checks['root']['STATUS'] = FALSE;
115 $this->checks['root']['STATUS_MSG']= "";
116 $this->checks['root']['ERROR_MSG'] = "";
117 $this->checkBase();
119 $this->checks['permissions']['TITLE'] = _("Checking permissions on LDAP database");
120 $this->checks['permissions']['STATUS'] = FALSE;
121 $this->checks['permissions']['STATUS_MSG']= "";
122 $this->checks['permissions']['ERROR_MSG'] = "";
123 $this->check_ldap_permissions();
125 $this->checks['deps_visible']['TITLE'] = _("Checking for invisible deparmtments");
126 $this->checks['deps_visible']['STATUS'] = FALSE;
127 $this->checks['deps_visible']['STATUS_MSG']= "";
128 $this->checks['deps_visible']['ERROR_MSG'] = "";
129 $this->check_organizationalUnits();
131 $this->checks['users_visible']['TITLE'] = _("Checking for invisible users");
132 $this->checks['users_visible']['STATUS'] = FALSE;
133 $this->checks['users_visible']['STATUS_MSG']= "";
134 $this->checks['users_visible']['ERROR_MSG'] = "";
135 $this->check_gosaAccounts();
137 $this->checks['acls']['TITLE'] = _("Checking for super administrator");
138 $this->checks['acls']['STATUS'] = FALSE;
139 $this->checks['acls']['STATUS_MSG']= "";
140 $this->checks['acls']['ERROR_MSG'] = "";
141 $this->check_administrativeAccount();
143 $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree");
144 $this->checks['outside_users']['STATUS'] = FALSE;
145 $this->checks['outside_users']['STATUS_MSG']= "";
146 $this->checks['outside_users']['ERROR_MSG'] = "";
147 $this->search_outside_users();
149 $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree");
150 $this->checks['outside_groups']['STATUS'] = FALSE;
151 $this->checks['outside_groups']['STATUS_MSG']= "";
152 $this->checks['outside_groups']['ERROR_MSG'] = "";
153 $this->search_outside_groups();
155 $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation tree");
156 $this->checks['outside_winstations']['STATUS'] = FALSE;
157 $this->checks['outside_winstations']['STATUS_MSG']= "";
158 $this->checks['outside_winstations']['ERROR_MSG'] = "";
159 $this->search_outside_winstations();
161 $this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicate uid numbers");
162 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
163 $this->checks['uidNumber_usage']['STATUS_MSG']= "";
164 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
165 $this->check_uidNumber();
167 $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate gid numbers");
168 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
169 $this->checks['gidNumber_usage']['STATUS_MSG']= "";
170 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
171 $this->check_gidNumber();
172 }
175 /* Check if there are uidNumbers which are used more than once.
176 */
177 function check_uidNumber()
178 {
179 $cv = $this->parent->captured_values;
180 $ldap = new LDAP($cv['admin'],
181 $cv['password'],
182 $cv['connection'],
183 FALSE,
184 $cv['tls']);
186 $ldap->cd($cv['base']);
187 $res = $ldap->search("uidNumber=*",array("dn","uidNumber"));
188 if(!$res){
189 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
190 $this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
191 $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
192 return(false);
193 }
195 $this->check_uidNumbers= array();
196 $tmp = array();
197 while($attrs = $ldap->fetch()){
198 $tmp[$attrs['uidNumber'][0]][] = $attrs;
199 }
201 foreach($tmp as $id => $entries){
202 if(count($entries) > 1){
203 foreach($entries as $entry){
204 $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry;
205 }
206 }
207 }
209 if($this->check_uidNumbers){
210 $this->checks['uidNumber_usage']['STATUS'] = FALSE;
211 $this->checks['uidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
212 $this->checks['uidNumber_usage']['ERROR_MSG'] =
213 sprintf(_("Found %s duplicate values for attribute 'uidNumber'."),count($this->check_uidNumbers));
214 return(false);
215 }else{
216 $this->checks['uidNumber_usage']['STATUS'] = TRUE;
217 $this->checks['uidNumber_usage']['STATUS_MSG']= _("Ok");
218 $this->checks['uidNumber_usage']['ERROR_MSG'] = "";
219 return(TRUE);
220 }
221 }
224 /* Check if there are duplicated gidNumbers present in ldap
225 */
226 function check_gidNumber()
227 {
228 $cv = $this->parent->captured_values;
229 $ldap = new LDAP($cv['admin'],
230 $cv['password'],
231 $cv['connection'],
232 FALSE,
233 $cv['tls']);
235 $ldap->cd($cv['base']);
236 $res = $ldap->search("(&(objectClass=posixGroup)(gidNumber=*))",array("dn","gidNumber"));
237 if(!$res){
238 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
239 $this->checks['gidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
240 $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
241 return(false);
242 }
244 $this->check_gidNumbers= array();
245 $tmp = array();
246 while($attrs = $ldap->fetch()){
247 $tmp[$attrs['gidNumber'][0]][] = $attrs;
248 }
250 foreach($tmp as $id => $entries){
251 if(count($entries) > 1){
252 foreach($entries as $entry){
253 $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry;
254 }
255 }
256 }
258 if($this->check_gidNumbers){
259 $this->checks['gidNumber_usage']['STATUS'] = FALSE;
260 $this->checks['gidNumber_usage']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
261 $this->checks['gidNumber_usage']['ERROR_MSG'] =
262 sprintf(_("Found %s duplicate values for attribute 'gidNumber'."),count($this->check_gidNumbers));
263 return(false);
264 }else{
265 $this->checks['gidNumber_usage']['STATUS'] = TRUE;
266 $this->checks['gidNumber_usage']['STATUS_MSG']= _("Ok");
267 $this->checks['gidNumber_usage']['ERROR_MSG'] = "";
268 return(TRUE);
269 }
270 }
273 /* Search for winstations outside the winstation ou
274 */
275 function search_outside_winstations()
276 {
277 $cv = $this->parent->captured_values;
278 $ldap = new LDAP($cv['admin'],
279 $cv['password'],
280 $cv['connection'],
281 FALSE,
282 $cv['tls']);
284 /* Get winstation ou */
285 if($cv['generic_settings']['wws_ou_active']) {
286 $winstation_ou = $cv['generic_settings']['ws_ou'];
287 }else{
288 $winstation_ou = "ou=winstations";
289 }
291 if($cv['samba_version'] == 3){
292 $oc = "sambaSamAccount";
293 }else{
294 $oc = "sambaAccount";
295 }
297 $ldap->cd($cv['base']);
298 $res = $ldap->search("(&(objectClass=".$oc.")(uid=*$))",array("dn","sambaSID"));
299 if(!$res){
300 $this->checks['outside_winstations']['STATUS'] = FALSE;
301 $this->checks['outside_winstations']['STATUS_MSG']= _("LDAP query failed");
302 $this->checks['outside_winstations']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
303 return(false);
304 }
306 $this->outside_winstations = array();
307 while($attrs = $ldap->fetch()){
308 if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
309 $attrs['selected'] = FALSE;
310 $attrs['ldif'] = "";
311 $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
312 }
313 }
315 if(count($this->outside_winstations)){
316 $this->checks['outside_winstations']['STATUS'] = FALSE;
317 $this->checks['outside_winstations']['STATUS_MSG']= _("Failed");
318 $this->checks['outside_winstations']['ERROR_MSG'] =
319 sprintf(_("Found %s winstations outside the predefined winstation department ou '%s'."),count($this->outside_winstations),$winstation_ou);
320 $this->checks['outside_winstations']['ERROR_MSG'].= "<input type='submit' name='outside_winstations_dialog' value='"._("Migrate")."...'>";
321 return(false);
322 }else{
323 $this->checks['outside_winstations']['STATUS'] = TRUE;
324 $this->checks['outside_winstations']['STATUS_MSG']= _("Ok");
325 $this->checks['outside_winstations']['ERROR_MSG'] = "";
326 return(TRUE);
327 }
328 }
331 /* Search for groups outside the group ou
332 */
333 function search_outside_groups()
334 {
335 $cv = $this->parent->captured_values;
336 $ldap = new LDAP($cv['admin'],
337 $cv['password'],
338 $cv['connection'],
339 FALSE,
340 $cv['tls']);
342 $group_ou = $cv['groupou'];
343 $ldap->cd($cv['base']);
344 $res = $ldap->search("(objectClass=posixGroup)",array("dn"));
345 if(!$res){
346 $this->checks['outside_groups']['STATUS'] = FALSE;
347 $this->checks['outside_groups']['STATUS_MSG']= _("LDAP query failed");
348 $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
349 return(false);
350 }
353 $this->outside_groups = array();
354 while($attrs = $ldap->fetch()){
355 if((!preg_match("/^[^,]+,".normalizePreg($group_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
356 $attrs['selected'] = FALSE;
357 $attrs['ldif'] = "";
358 $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
359 }
360 }
362 if(count($this->outside_groups)){
363 $this->checks['outside_groups']['STATUS'] = FALSE;
364 $this->checks['outside_groups']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
365 $this->checks['outside_groups']['ERROR_MSG'] =
366 sprintf(_("Found %s groups outside the configured tree '%s'."),count($this->outside_groups),$group_ou);
367 $this->checks['outside_groups']['ERROR_MSG'].= " <input type='submit' name='outside_groups_dialog' value='"._("Move")."...'>";
368 return(false);
369 }else{
370 $this->checks['outside_groups']['STATUS'] = TRUE;
371 $this->checks['outside_groups']['STATUS_MSG']= _("Ok");
372 $this->checks['outside_groups']['ERROR_MSG'] = "";
373 return(TRUE);
374 }
375 }
378 /* Search for users outside the people ou
379 */
380 function search_outside_users()
381 {
382 $cv = $this->parent->captured_values;
383 $ldap = new LDAP($cv['admin'],
384 $cv['password'],
385 $cv['connection'],
386 FALSE,
387 $cv['tls']);
388 $people_ou = $cv['peopleou'];
389 $ldap->cd($cv['base']);
390 $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
391 if(!$res){
392 $this->checks['outside_users']['STATUS'] = FALSE;
393 $this->checks['outside_users']['STATUS_MSG']= _("LDAP query failed");
394 $this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
395 return(false);
396 }
399 $this->outside_users = array();
400 while($attrs = $ldap->fetch()){
401 if((!preg_match("/^[^,]+,".normalizePreg($people_ou)."/",$attrs['dn']) && !preg_match("/,dc=addressbook,/",$attrs['dn']))){
402 $attrs['selected'] = FALSE;
403 $attrs['ldif'] = "";
404 $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
405 }
406 }
408 if(count($this->outside_users)){
409 $this->checks['outside_users']['STATUS'] = FALSE;
410 $this->checks['outside_users']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
411 $this->checks['outside_users']['ERROR_MSG'] =
412 sprintf(_("Found %s user(s) outside the configured tree '%s'."),count($this->outside_users),$people_ou);
413 $this->checks['outside_users']['ERROR_MSG'].= "<input type='submit' name='outside_users_dialog' value='"._("Move")."...'>";
414 return(false);
415 }else{
416 $this->checks['outside_users']['STATUS'] = TRUE;
417 $this->checks['outside_users']['STATUS_MSG']= _("Ok");
418 $this->checks['outside_users']['ERROR_MSG'] = "";
419 return(TRUE);
420 }
421 }
424 /* Check ldap accessibility
425 * Create and remove a dummy object,
426 * to ensure that we have the necessary permissions
427 */
428 function check_ldap_permissions()
429 {
430 $cv = $this->parent->captured_values;
431 $ldap = new LDAP($cv['admin'],
432 $cv['password'],
433 $cv['connection'],
434 FALSE,
435 $cv['tls']);
437 /* Create dummy entry
438 */
439 $name = "GOsa_setup_text_entry_".session_id().rand(0,999999);
440 $dn = "ou=".$name.",".$cv['base'];
441 $testEntry= array();
442 $testEntry['objectClass'][]= "top";
443 $testEntry['objectClass'][]= "organizationalUnit";
444 $testEntry['objectClass'][]= "gosaDepartment";
445 $testEntry['description']= "Created by GOsa setup, this object can be removed.";
446 $testEntry['ou'] = $name;
448 /* check if simple ldap cat will be successful
449 */
450 $res = $ldap->cat($cv['base']);
451 if(!$res){
452 $this->checks['permissions']['STATUS'] = FALSE;
453 $this->checks['permissions']['STATUS_MSG']= _("LDAP query failed");
454 $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
455 return(false);
456 }
458 /* Try to create dummy object
459 */
460 $ldap->cd ($dn);
461 $ldap->create_missing_trees($dn);
462 $res = $ldap->add($testEntry);
463 $ldap->cat($dn);
464 if(!$ldap->count()){
465 @log::log("view","setup/".get_class($this),$dn,array(),$ldap->get_error());
467 $this->checks['permissions']['STATUS'] = FALSE;
468 $this->checks['permissions']['STATUS_MSG']= _("Failed");
469 $this->checks['permissions']['ERROR_MSG'] =
470 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
471 return(false);
472 }
474 /* Try to remove created entry
475 */
476 $res = $ldap->rmDir($dn);
477 $ldap->cat($dn);
478 if($ldap->count()){
479 @log::log("view","setup/".get_class($this),$dn,array(),$ldap->get_error());
480 $this->checks['permissions']['STATUS'] = FALSE;
481 $this->checks['permissions']['STATUS_MSG']= _("Failed");
482 $this->checks['permissions']['ERROR_MSG'] =
483 sprintf(_("The specified user '%s' does not have full access to your ldap database."),$cv['admin']);
484 return(false);
485 }
487 /* Create & remove of dummy object was successful */
488 $this->checks['permissions']['STATUS'] = TRUE;
489 $this->checks['permissions']['STATUS_MSG']= _("Ok");
490 $this->checks['permissions']['ERROR_MSG'] = "";
491 return(true);
492 }
495 /* Check if there are users which will
496 * be invisible for GOsa
497 */
498 function check_gosaAccounts()
499 {
500 /* Remember old list of ivisible users, to be able to set
501 * the 'html checked' status for the checkboxes again
502 */
503 $cnt_ok = 0;
504 $old = $this->users_to_migrate;
505 $this->users_to_migrate = array();
507 /* Get collected configuration settings */
508 $cv = $this->parent->captured_values;
510 /* Establish ldap connection */
511 $ldap = new LDAP($cv['admin'],
512 $cv['password'],
513 $cv['connection'],
514 FALSE,
515 $cv['tls']);
517 /* Get all invisible users
518 */
519 $ldap->cd($cv['base']);
520 $res =$ldap->search("(&(|(objectClass=posixAccount)(&(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))(!(objectClass=gosaAccount))(uid=*))",array("sn","givenName","cn","uid"));
521 while($attrs = $ldap->fetch()){
522 if(!preg_match("/,dc=addressbook,/",$attrs['dn'])){
523 $attrs['checked'] = FALSE;
524 $attrs['before'] = "";
525 $attrs['after'] = "";
527 /* Set objects to selected, that were selected before reload */
528 if(isset($old[base64_encode($attrs['dn'])])){
529 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
530 }
531 $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs;
532 }
533 }
535 /* No invisible */
536 if(!$res){
537 $this->checks['users_visible']['STATUS'] = FALSE;
538 $this->checks['users_visible']['STATUS_MSG']= _("LDAP query failed");
539 $this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
540 }elseif(count($this->users_to_migrate) == 0){
541 $this->checks['users_visible']['STATUS'] = TRUE;
542 $this->checks['users_visible']['STATUS_MSG']= _("Ok");
543 $this->checks['users_visible']['ERROR_MSG'] = "";
544 }else{
545 $this->checks['users_visible']['STATUS'] = FALSE;
546 $this->checks['users_visible']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
547 $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s user(s) that will not be visible in GOsa."),
548 count($this->users_to_migrate));
549 $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."...'>";
550 }
551 }
554 /* Start user account migration
555 */
556 function migrate_gosaAccounts($only_ldif = FALSE)
557 {
558 $this->show_details= $only_ldif;
560 /* Get collected configuration settings */
561 $cv = $this->parent->captured_values;
563 /* Establish ldap connection */
564 $ldap = new LDAP($cv['admin'],
565 $cv['password'],
566 $cv['connection'],
567 FALSE,
568 $cv['tls']);
570 /* Add gosaAccount objectClass to the selected users
571 */
572 foreach($this->users_to_migrate as $key => $dep){
573 if($dep['checked']){
575 /* Get old objectClasses */
576 $ldap->cat($dep['dn'],array("objectClass"));
577 $attrs = $ldap->fetch();
579 /* Create new objectClass array */
580 $new_attrs = array();
581 $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
582 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
583 if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
584 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
585 }
586 }
588 /* Set info attributes for current object,
589 * or write changes to the ldap database
590 */
591 if($only_ldif){
592 $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
593 $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
594 }else{
595 $ldap->cd($attrs['dn']);
596 if(!$ldap->modify($new_attrs)){
597 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
598 return(false);
599 }
600 }
601 }
602 }
603 return(TRUE);
604 }
607 /* Check if there are invisible organizational Units
608 */
609 function check_organizationalUnits()
610 {
611 $cnt_ok = 0;
612 $old = $this->deps_to_migrate;
613 $this->deps_to_migrate = array();
615 /* Get collected configuration settings */
616 $cv = $this->parent->captured_values;
618 /* Establish ldap connection */
619 $ldap = new LDAP($cv['admin'],
620 $cv['password'],
621 $cv['connection'],
622 FALSE,
623 $cv['tls']);
625 /* Skip GOsa internal departments */
626 $skip_dns = array("/^ou=people,/","/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
627 "/^ou=apps,/","/^ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
628 "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
629 "/(,|)ou=winstations,/");
632 /* Get all invisible departments */
633 $ldap->cd($cv['base']);
634 $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
635 while($attrs = $ldap->fetch()){
636 $attrs['checked'] = FALSE;
637 $attrs['before'] = "";
638 $attrs['after'] = "";
640 /* Set objects to selected, that were selected before reload */
641 if(isset($old[base64_encode($attrs['dn'])])){
642 $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked'];
643 }
644 $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs;
645 }
647 /* Filter returned list of departments and ensure that
648 * GOsa internal departments will not be listed
649 */
650 foreach($this->deps_to_migrate as $key => $attrs){
651 $dn = $attrs['dn'];
652 $skip = false;
653 foreach($skip_dns as $skip_dn){
654 if(preg_match($skip_dn,$dn)){
655 $skip = true;
656 }
657 }
658 if($skip){
659 unset($this->deps_to_migrate[$key]);
660 }
661 }
663 /* If we have no invisible departments found
664 * tell the user that everything is ok
665 */
666 if(!$res){
667 $this->checks['deps_visible']['STATUS'] = FALSE;
668 $this->checks['deps_visible']['STATUS_MSG']= _("LDAP query failed");
669 $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
670 }elseif(count($this->deps_to_migrate) == 0 ){
671 $this->checks['deps_visible']['STATUS'] = TRUE;
672 $this->checks['deps_visible']['STATUS_MSG']= _("Ok");
673 $this->checks['deps_visible']['ERROR_MSG'] = "";
674 }else{
675 $this->checks['deps_visible']['STATUS'] = TRUE;
676 $this->checks['deps_visible']['STATUS_MSG']= '<font style="color:#FFA500">'._("Warning").'</font>';
677 $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s department(s) that will not be visible in GOsa."),count($this->deps_to_migrate));
678 $this->checks['deps_visible']['ERROR_MSG'] .= " <input type='submit' name='deps_visible_migrate' value='"._("Migrate")."...'>";
679 }
680 }
684 /* Start deparmtment migration */
685 function migrate_organizationalUnits($only_ldif = FALSE)
686 {
687 $this->show_details= $only_ldif;
689 /* Get collected configuration settings */
690 $cv = $this->parent->captured_values;
692 /* Establish ldap connection */
693 $ldap = new LDAP($cv['admin'],
694 $cv['password'],
695 $cv['connection'],
696 FALSE,
697 $cv['tls']);
699 /* Add gosaDepartment objectClass to each selected entry
700 */
701 foreach($this->deps_to_migrate as $key => $dep){
702 if($dep['checked']){
704 /* Get current objectClasses */
705 $ldap->cat($dep['dn'],array("objectClass","description"));
706 $attrs = $ldap->fetch();
708 /* Create new objectClass attribute including gosaDepartment*/
709 $new_attrs = array();
710 for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
711 $new_attrs['objectClass'][] = $attrs['objectClass'][$i];
712 }
713 $new_attrs['objectClass'][] = "gosaDepartment";
715 /* Append description it is missing */
716 if(!isset($attrs['description'])){
717 $new_attrs['description'][] = "GOsa department";
718 }
720 /* Depending on the parameter >only_diff< we save the changes as ldif
721 * or we write our changes directly to the ldap database
722 */
723 if($only_ldif){
724 $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs);
725 $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs);
726 }else{
727 $ldap->cd($attrs['dn']);
728 if(!$ldap->modify($new_attrs)){
729 print_red(sprintf(_("Failed to migrate the department '%s' into GOsa, error message is as follows '%s'."),$attrs['dn'],$ldap->get_error()));
730 return(false);
731 }
732 }
733 }
734 }
735 return(TRUE);
736 }
739 /* Check Acls if there is at least one object with acls defined
740 */
741 function check_administrativeAccount()
742 {
743 /* Establish ldap connection */
744 $cv = $this->parent->captured_values;
745 $ldap = new LDAP($cv['admin'],
746 $cv['password'],
747 $cv['connection'],
748 FALSE,
749 $cv['tls']);
751 /* Search for gosaAcls */
752 $ldap->cd($cv['base']);
753 $res = $ldap->cat($cv['base']);
755 if(!$res){
756 $this->checks['acls']['STATUS'] = FALSE;
757 $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
758 $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
759 }else{
760 $found = false;
761 $username = "";
762 $attrs = $ldap->fetch();
763 if(isset($attrs['gosaAclEntry'])){
764 $acls = $attrs['gosaAclEntry'];
765 for($i = 0 ; $i < $acls['count'] ; $i++){
766 $acl = $acls[$i];
767 $tmp = split(":",$acl);
768 if($tmp[1] == "psub"){
769 $members = split(",",$tmp[2]);
770 foreach($members as $member){
771 $member = base64_decode($member);
773 /* Check if acl owner is a valid GOsa user account */
774 $ldap->cat($member,array("objectClass","uid","cn"));
775 $ret = $ldap->fetch();
777 if(isset($ret['objectClass']) && in_array("posixGroup",$ret['objectClass'])){
778 $found = TRUE;
779 $username .= "ACL-Group: ".$ret['cn'][0]."<br>";
780 }elseif(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
781 in_array("organizationalPerson",$ret['objectClass']) &&
782 in_array("inetOrgPerson",$ret['objectClass'])){
783 $found = TRUE;
784 $username .= "ACL: ".$ret['uid'][0]."<br>";
785 }
786 }
787 }elseif($tmp[1] == "role"){
789 /* Check if acl owner is a valid GOsa user account */
790 $ldap->cat(base64_decode($tmp[2]),array("gosaAclTemplate"));
791 $ret = $ldap->fetch();
793 if(isset($ret['gosaAclTemplate'])){
794 $cnt = $ret['gosaAclTemplate']['count'];
795 for($e = 0 ; $e < $cnt ; $e++){
797 $a_str = $ret['gosaAclTemplate'][$e];
798 if(preg_match("/^[0-9]*:psub:/",$a_str) && preg_match("/:all;cmdrw$/",$a_str)){
800 $members = split(",",$tmp[3]);
801 foreach($members as $member){
802 $member = base64_decode($member);
804 /* Check if acl owner is a valid GOsa user account */
805 $ldap->cat($member,array("objectClass","uid"));
806 $ret = $ldap->fetch();
808 if(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
809 in_array("organizationalPerson",$ret['objectClass']) &&
810 in_array("inetOrgPerson",$ret['objectClass'])){
811 $found = TRUE;
812 $username .= "ACL Role: ".$ret['uid'][0]."<br>";
813 }
814 }
815 }
816 }
817 }
818 }
819 }
820 }
822 # For debugging
823 #echo $username;
825 if($found){
826 $this->checks['acls']['STATUS'] = TRUE;
827 $this->checks['acls']['STATUS_MSG']= _("Ok");
828 $this->checks['acls']['ERROR_MSG'] = "";
829 }else{
830 $this->checks['acls']['STATUS'] = FALSE;
831 $this->checks['acls']['STATUS_MSG']= _("Failed");
832 $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." ";
833 $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
834 }
835 }
836 return($ldap->count()>=1);
837 }
841 function create_admin($only_ldif = FALSE)
842 {
843 /* Reset '' */
844 $this->acl_create_changes="";
846 /* Object that should receive admin acls */
847 $dn = $this->acl_create_selected;
849 /* Get collected configuration settings */
850 $cv = $this->parent->captured_values;
852 /* Establish ldap connection */
853 $ldap = new LDAP($cv['admin'],
854 $cv['password'],
855 $cv['connection'],
856 FALSE,
857 $cv['tls']);
859 /* Get current base attributes */
860 $ldap->cd($cv['base']);
861 $ldap->cat($cv['base'],array("dn","objectClass","gosaAclEntry"));
862 $attrs = $ldap->fetch();
864 /* Add acls for the selcted user to the base */
865 $attrs_new['objectClass'] = array("gosaACL");
867 for($i = 0; $i < $attrs['objectClass']['count']; $i ++){
868 if(!in_array_ics($attrs['objectClass'][$i],$attrs_new['objectClass'])){
869 $attrs_new['objectClass'][] = $attrs['objectClass'][$i];
870 }
871 }
873 $acl = "0:psub:".base64_encode($dn).":all;cmdrw";
874 $attrs_new['gosaAclEntry'][] = $acl;
875 if(isset($attrs['gosaAclEntry'])){
876 for($i = 0 ; $i < $attrs['gosaAclEntry']['count']; $i ++){
878 $prio = preg_replace("/[:].*$/","",$attrs['gosaAclEntry'][$i]);
879 $rest = preg_replace("/^[^:]/","",$attrs['gosaAclEntry'][$i]);
881 $data = ($prio+1).$rest;
882 $attrs_new['gosaAclEntry'][] = $data;
883 }
884 }
886 if($only_ldif){
887 $this->acl_create_changes ="\n".$cv['base']."\n";
888 $this->acl_create_changes.=$this->array_to_ldif($attrs)."\n";
889 $this->acl_create_changes.="\n".$cv['base']."\n";
890 $this->acl_create_changes.=$this->array_to_ldif($attrs_new);
891 }else{
893 $ldap->cd($cv['base']);
894 if(!$ldap->modify($attrs_new)){
895 print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
896 return(FALSE);
897 }else{
898 return(TRUE);
899 }
900 }
901 }
904 function create_admin_user()
905 {
906 $pw1 = $pw2 = "";
907 $uid = "";
909 if(isset($_POST['new_user_uid'])){
910 $uid = $_POST['new_user_uid'];
911 }
912 if(isset($_POST['new_user_password'])){
913 $pw1 = $_POST['new_user_password'];
914 }
915 if(isset($_POST['new_user_password2'])){
916 $pw2 = $_POST['new_user_password2'];
917 }
919 if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
920 print_red(_("Specified passwords are empty or not equal."));
921 return false;
922 }
924 if(!is_uid($uid) || empty($uid)){
925 print_red(_("Please specify a valid uid."));
926 return false;
927 }
930 /* Establish ldap connection */
931 $cv = $this->parent->captured_values;
932 $ldap = new LDAP($cv['admin'],
933 $cv['password'],
934 $cv['connection'],
935 FALSE,
936 $cv['tls']);
938 /* Get current base attributes */
939 $ldap->cd($cv['base']);
941 if($cv['peopledn'] == "cn"){
942 $dn = "cn=System Administrator,".$cv['peopleou'].",".$cv['base'];
943 }else{
944 $dn = "uid=".$uid.",".$cv['peopleou'].",".$cv['base'];
945 }
947 $methods = @passwordMethod::get_available_methods_if_not_loaded();
948 $p_m = $methods[$cv['encryption']];
949 $p_c = new $p_m(array());
950 $hash = $p_c->generate_hash($pw2);
952 $new_user=array();
953 $new_user['objectClass']= array("top","person","gosaAccount","organizationalPerson","inetOrgPerson");
954 $new_user['givenName'] = "System";
955 $new_user['sn'] = "Administrator";
956 $new_user['cn'] = "System Administrator";
957 $new_user['uid'] = $uid;
958 $new_user['userPassword'] = $hash;
960 $ldap->cd($cv['base']);
962 $ldap->cat($dn,array("dn"));
963 if($ldap->count()){
964 print_red(sprintf(_("Could not add administrative user, there is already an object with the same dn '%s' in your ldap database."),$dn));
965 return(FALSE);
966 }
968 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
969 $ldap->cd($dn);
970 $res = $ldap->add($new_user);
971 $this->acl_create_selected = $dn;
972 $this->create_admin();
974 if(!$res){
975 print_red($ldap->get_error());
976 return(FALSE);
977 }
979 $this->acl_create_dialog=FALSE;
980 $this->check_administrativeAccount();
981 return(TRUE);
982 }
985 function migrate_outside_winstations($perform = FALSE)
986 {
987 /* Establish ldap connection */
988 $cv = $this->parent->captured_values;
989 $ldap = new LDAP($cv['admin'],
990 $cv['password'],
991 $cv['connection'],
992 FALSE,
993 $cv['tls']);
995 $ldap->cd($cv['base']);
997 /* Check if there was a destination department posted */
998 if(isset($_POST['move_winstation_to'])){
999 $destination_dep = $_POST['move_winstation_to'];
1000 }else{
1001 print_red(_("Couldn't move users to specified department."));
1002 return(false);
1003 }
1005 foreach($this->outside_winstations as $b_dn => $data){
1006 $this->outside_winstations[$b_dn]['ldif'] ="";
1007 if($data['selected']){
1008 $dn = base64_decode($b_dn);
1009 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1010 if(!$perform){
1011 $this->outside_winstations[$b_dn]['ldif'] = _("Winstation will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1014 /* Check if there are references to this object */
1015 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1016 $refs = "";
1017 while($attrs = $ldap->fetch()){
1018 $ref_dn = $attrs['dn'];
1019 $refs .= "<br />\t".$ref_dn;
1020 }
1021 if(!empty($refs)){
1022 $this->outside_winstations[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1023 }
1025 }else{
1026 $this->move($dn,$d_dn);
1027 }
1028 }
1029 }
1030 }
1033 function migrate_outside_groups($perform = FALSE)
1034 {
1035 /* Establish ldap connection */
1036 $cv = $this->parent->captured_values;
1037 $ldap = new LDAP($cv['admin'],
1038 $cv['password'],
1039 $cv['connection'],
1040 FALSE,
1041 $cv['tls']);
1043 $ldap->cd($cv['base']);
1045 /* Check if there was a destination department posted */
1046 if(isset($_POST['move_group_to'])){
1047 $destination_dep = $_POST['move_group_to'];
1048 }else{
1049 print_red(_("Couldn't move users to specified department."));
1050 return(false);
1051 }
1053 foreach($this->outside_groups as $b_dn => $data){
1054 $this->outside_groups[$b_dn]['ldif'] ="";
1055 if($data['selected']){
1056 $dn = base64_decode($b_dn);
1057 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1058 if(!$perform){
1059 $this->outside_groups[$b_dn]['ldif'] = _("Group will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1062 /* Check if there are references to this object */
1063 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1064 $refs = "";
1065 while($attrs = $ldap->fetch()){
1066 $ref_dn = $attrs['dn'];
1067 $refs .= "<br />\t".$ref_dn;
1068 }
1069 if(!empty($refs)){
1070 $this->outside_groups[$b_dn]['ldif'] .= "<br /><br /><i>"._("Updating following references too").":</i>".$refs;
1071 }
1073 }else{
1074 $this->move($dn,$d_dn);
1075 }
1076 }
1077 }
1078 }
1081 function migrate_outside_users($perform = FALSE)
1082 {
1083 /* Establish ldap connection */
1084 $cv = $this->parent->captured_values;
1085 $ldap = new LDAP($cv['admin'],
1086 $cv['password'],
1087 $cv['connection'],
1088 FALSE,
1089 $cv['tls']);
1091 $ldap->cd($cv['base']);
1093 /* Check if there was a destination department posted */
1094 if(isset($_POST['move_user_to'])){
1095 $destination_dep = $_POST['move_user_to'];
1096 }else{
1097 print_red(_("Couldn't move users to specified department."));
1098 return(false);
1099 }
1101 foreach($this->outside_users as $b_dn => $data){
1102 $this->outside_users[$b_dn]['ldif'] ="";
1103 if($data['selected']){
1104 $dn = base64_decode($b_dn);
1105 $d_dn = preg_replace("/,.*$/",",".base64_decode($destination_dep),$dn);
1106 if(!$perform){
1107 $this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
1109 /* Check if there are references to this object */
1110 $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
1111 $refs = "";
1112 while($attrs = $ldap->fetch()){
1113 $ref_dn = $attrs['dn'];
1114 $refs .= "<br />\t".$ref_dn;
1115 }
1116 if(!empty($refs)){
1117 $this->outside_users[$b_dn]['ldif'] .= "<br /><br /><i>"._("The following references will be updated").":</i>".$refs;
1118 }
1120 }else{
1121 $this->move($dn,$d_dn);
1122 }
1123 }
1124 }
1125 }
1128 function execute()
1129 {
1130 /* Initialise checks if this is the first call */
1131 if(!$this->checks_initialised || isset($_POST['reload'])){
1132 $this->initialize_checks();
1133 $this->checks_initialised = TRUE;
1134 }
1136 /*************
1137 * Winstations outside the group ou
1138 *************/
1140 if(isset($_POST['outside_winstations_dialog_cancel'])){
1141 $this->outside_winstations_dialog = FALSE;
1142 $this->dialog = FALSE;
1143 $this->show_details = FALSE;
1144 }
1146 if(isset($_POST['outside_winstations_dialog_whats_done'])){
1147 $this->migrate_outside_winstations(FALSE);
1148 }
1150 if(isset($_POST['outside_winstations_dialog_perform'])){
1151 $this->migrate_outside_winstations(TRUE);
1152 $this->search_outside_winstations();
1153 $this->dialog = FALSE;
1154 $this->show_details = FALSE;
1155 $this->outside_winstations_dialog = FALSE;
1156 }
1158 if(isset($_POST['outside_winstations_dialog'])){
1159 $this->outside_winstations_dialog = TRUE;
1160 $this->dialog = TRUE;
1161 }
1163 if($this->outside_winstations_dialog){
1164 $smarty = get_smarty();
1165 $smarty->assign("ous",$this->get_all_winstation_ous());
1166 $smarty->assign("method","outside_winstations");
1167 $smarty->assign("outside_winstations",$this->outside_winstations);
1168 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1169 }
1170 /*************
1171 * Groups outside the group ou
1172 *************/
1174 if(isset($_POST['outside_groups_dialog_cancel'])){
1175 $this->outside_groups_dialog = FALSE;
1176 $this->show_details = FALSE;
1177 $this->dialog = FALSE;
1178 }
1180 if(isset($_POST['outside_groups_dialog_whats_done'])){
1181 $this->show_details= TRUE;
1182 $this->migrate_outside_groups(FALSE);
1183 }
1185 if(isset($_POST['outside_groups_dialog_refresh'])){
1186 $this->show_details= FALSE;
1187 }
1189 if(isset($_POST['outside_groups_dialog_perform'])){
1190 $this->migrate_outside_groups(TRUE);
1191 $this->dialog = FALSE;
1192 $this->show_details = FALSE;
1193 $this->outside_groups_dialog = FALSE;
1194 $this->initialize_checks();
1195 }
1197 if(isset($_POST['outside_groups_dialog'])){
1198 $this->outside_groups_dialog = TRUE;
1199 $this->dialog = TRUE;
1200 }
1202 if($this->outside_groups_dialog){
1203 $smarty = get_smarty();
1204 $smarty->assign("ous",$this->get_all_group_ous());
1205 $smarty->assign("method","outside_groups");
1206 $smarty->assign("outside_groups",$this->outside_groups);
1207 $smarty->assign("group_details", $this->show_details);
1208 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1209 }
1211 /*************
1212 * User outside the people ou
1213 *************/
1215 if(isset($_POST['outside_users_dialog_cancel'])){
1216 $this->outside_users_dialog = FALSE;
1217 $this->dialog = FALSE;
1218 $this->show_details = FALSE;
1219 }
1221 if(isset($_POST['outside_users_dialog_whats_done'])){
1222 $this->show_details= TRUE;
1223 $this->migrate_outside_users(FALSE);
1224 }
1226 if(isset($_POST['outside_users_dialog_perform'])){
1227 $this->migrate_outside_users(TRUE);
1228 $this->initialize_checks();
1229 $this->dialog = FALSE;
1230 $this->show_details = FALSE;
1231 $this->outside_users_dialog = FALSE;
1232 }
1234 if (isset($_POST['outside_users_dialog_refresh'])){
1235 $this->show_details= FALSE;
1236 }
1238 if(isset($_POST['outside_users_dialog'])){
1239 $this->outside_users_dialog = TRUE;
1240 $this->dialog = TRUE;
1241 }
1243 if($this->outside_users_dialog){
1244 $smarty = get_smarty();
1245 $smarty->assign("ous",$this->get_all_people_ous());
1246 $smarty->assign("method","outside_users");
1247 $smarty->assign("outside_users",$this->outside_users);
1248 $smarty->assign("user_details", $this->show_details);
1249 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1250 }
1252 /*************
1253 * Root object check
1254 *************/
1256 if(isset($_POST['retry_root_create'])){
1258 $state = $this->checks['root']['STATUS'];
1259 $this->checkBase(FALSE);
1260 if($state != $this->checks['root']['STATUS']){
1261 $this->initialize_checks();
1262 }
1263 }
1265 /*************
1266 * User Migration handling
1267 *************/
1269 if(isset($_POST['retry_acls'])){
1270 $this->check_administrativeAccount();
1271 }
1273 if(isset($_POST['create_acls'])){
1274 $this->acl_create_dialog = TRUE;
1275 $this->dialog = TRUE;
1276 }
1278 if(isset($_POST['create_acls_cancel'])){
1279 $this->acl_create_dialog = FALSE;
1280 $this->dialog = FALSE;
1281 $this->show_details = FALSE;
1282 }
1284 # if(isset($_POST['create_acls_create_confirmed'])){
1285 # if($this->create_admin()){
1286 # $this->acl_create_dialog = FALSE;
1287 # $this->dialog = FALSE;
1288 # $this->show_details = FALSE;
1289 # $this->initialize_checks();
1290 # }
1291 # }
1293 if(isset($_POST['create_acls_create'])){
1294 $this->create_admin(TRUE);
1295 }
1297 if(isset($_POST['create_admin_user'])){
1298 if($this->create_admin_user()){
1299 $this->dialog = FALSE;
1300 $this->show_details = FALSE;
1301 }
1302 }
1304 if($this->acl_create_dialog){
1305 $smarty = get_smarty();
1307 $uid = "admin";
1308 if(isset($_POST['new_user_uid'])){
1309 $uid = $_POST['new_user_uid'];
1310 }
1312 $smarty->assign("new_user_uid",$uid);
1313 $smarty->assign("new_user_password",@$_POST['new_user_password']);
1314 $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
1315 $smarty->assign("method","create_acls");
1316 $smarty->assign("acl_create_selected",$this->acl_create_selected);
1317 $smarty->assign("what_will_be_done_now",$this->acl_create_changes);
1318 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1319 }
1321 /*************
1322 * User Migration handling
1323 *************/
1325 /* Refresh list of deparments */
1326 if(isset($_POST['users_visible_migrate_refresh'])){
1327 $this->check_gosaAccounts();
1328 }
1330 /* Open migration dialog */
1331 if(isset($_POST['users_visible_migrate'])){
1332 $this->show_details= FALSE;
1333 $this->users_migration_dialog = TRUE;
1334 $this->dialog =TRUE;
1335 }
1337 /* Close migration dialog */
1338 if(isset($_POST['users_visible_migrate_close'])){
1339 $this->users_migration_dialog = FALSE;
1340 $this->dialog =FALSE;
1341 $this->show_details = FALSE;
1342 }
1344 /* Start migration */
1345 if(isset($_POST['users_visible_migrate_migrate'])){
1346 if($this->migrate_gosaAccounts()){
1347 $this->initialize_checks();
1348 $this->dialog = FALSE;
1349 $this->show_details = FALSE;
1350 $this->users_migration_dialog = FALSE;
1351 }
1352 }
1354 /* Start migration */
1355 if(isset($_POST['users_visible_migrate_whatsdone'])){
1356 $this->migrate_gosaAccounts(TRUE);
1357 }
1359 /* Display migration dialog */
1360 if($this->users_migration_dialog){
1361 $smarty = get_smarty();
1362 $smarty->assign("users_to_migrate",$this->users_to_migrate);
1363 $smarty->assign("method","migrate_users");
1364 $smarty->assign("user_details", $this->show_details);
1365 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1366 }
1369 /*************
1370 * Department Migration handling
1371 *************/
1373 /* Refresh list of deparments */
1374 if(isset($_POST['deps_visible_migrate_refresh'])){
1375 $this->check_organizationalUnits();
1376 $this->show_details= FALSE;
1377 }
1379 /* Open migration dialog */
1380 if(isset($_POST['deps_visible_migrate'])){
1381 $this->dep_migration_dialog = TRUE;
1382 $this->dialog =TRUE;
1383 }
1385 /* Close migration dialog */
1386 if(isset($_POST['deps_visible_migrate_close'])){
1387 $this->dep_migration_dialog = FALSE;
1388 $this->dialog =FALSE;
1389 $this->show_details = FALSE;
1390 }
1392 /* Start migration */
1393 if(isset($_POST['deps_visible_migrate_migrate'])){
1394 if($this->migrate_organizationalUnits()){
1395 $this->show_details= FALSE;
1396 $this->check_organizationalUnits();
1397 $this->dialog = FALSE;
1398 $this->dep_migration_dialog = FALSE;
1399 }
1400 }
1402 /* Start migration */
1403 if(isset($_POST['deps_visible_migrate_whatsdone'])){
1404 $this->migrate_organizationalUnits(TRUE);
1405 }
1407 /* Display migration dialog */
1408 if($this->dep_migration_dialog){
1409 $smarty = get_smarty();
1410 $smarty->assign("deps_to_migrate",$this->deps_to_migrate);
1411 $smarty->assign("method","migrate_deps");
1412 $smarty->assign("deps_details", $this->show_details);
1413 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1414 }
1416 $smarty = get_smarty();
1417 $smarty->assign("checks",$this->checks);
1418 $smarty->assign("method","default");
1419 return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
1420 }
1423 function save_object()
1424 {
1425 $this->is_completed= TRUE;
1427 /* Capture all selected winstations from outside_winstations_dialog */
1428 if($this->outside_winstations_dialog){
1429 foreach($this->outside_winstations as $dn => $data){
1430 if(isset($_POST['select_winstation_'.$dn])){
1431 $this->outside_winstations[$dn]['selected'] = TRUE;
1432 }else{
1433 $this->outside_winstations[$dn]['selected'] = FALSE;
1434 }
1435 }
1436 }
1438 /* Capture all selected groups from outside_groups_dialog */
1439 if($this->outside_groups_dialog){
1440 foreach($this->outside_groups as $dn => $data){
1441 if(isset($_POST['select_group_'.$dn])){
1442 $this->outside_groups[$dn]['selected'] = TRUE;
1443 }else{
1444 $this->outside_groups[$dn]['selected'] = FALSE;
1445 }
1446 }
1447 }
1449 /* Capture all selected users from outside_users_dialog */
1450 if($this->outside_users_dialog){
1451 foreach($this->outside_users as $dn => $data){
1452 if(isset($_POST['select_user_'.$dn])){
1453 $this->outside_users[$dn]['selected'] = TRUE;
1454 }else{
1455 $this->outside_users[$dn]['selected'] = FALSE;
1456 }
1457 }
1458 }
1460 /* Get "create acl" dialog posts */
1461 if($this->acl_create_dialog){
1463 if(isset($_POST['create_acls_create_abort'])){
1464 $this->acl_create_selected = "";
1465 }
1466 }
1468 /* Get selected departments */
1469 if($this->dep_migration_dialog){
1470 foreach($this->deps_to_migrate as $id => $data){
1471 if(isset($_POST['migrate_'.$id])){
1472 $this->deps_to_migrate[$id]['checked'] = TRUE;
1473 }else{
1474 $this->deps_to_migrate[$id]['checked'] = FALSE;
1475 }
1476 }
1477 }
1479 /* Get selected users */
1480 if($this->users_migration_dialog){
1481 foreach($this->users_to_migrate as $id => $data){
1482 if(isset($_POST['migrate_'.$id])){
1483 $this->users_to_migrate[$id]['checked'] = TRUE;
1484 }else{
1485 $this->users_to_migrate[$id]['checked'] = FALSE;
1486 }
1487 }
1488 }
1489 }
1492 /* Check if the root object exists.
1493 * If the parameter just_check is true, then just check if the
1494 * root object is missing and update the info messages.
1495 * If the Parameter is false, try to create a new root object.
1496 */
1497 function checkBase($just_check = TRUE)
1498 {
1499 /* Get collected setup informations */
1500 $cv = $this->parent->captured_values;
1502 /* Establish ldap connection */
1503 $ldap = new LDAP($cv['admin'],
1504 $cv['password'],
1505 $cv['connection'],
1506 FALSE,
1507 $cv['tls']);
1509 /* Check if root object exists */
1510 $ldap->cd($cv['base']);
1511 $res = $ldap->search("(objectClass=*)");
1512 $err = ldap_errno($ldap->cid);
1514 if( !$res ||
1515 $err == 0x20 || # LDAP_NO_SUCH_OBJECT
1516 $err == 0x40) { # LDAP_NAMING_VIOLATION
1518 /* Root object doesn't exists
1519 */
1520 if($just_check){
1521 $this->checks['root']['STATUS'] = FALSE;
1522 $this->checks['root']['STATUS_MSG']= _("Failed");
1523 $this->checks['root']['ERROR_MSG'] = _("The LDAP root object is missing. It is required to use your LDAP service.").' ';
1524 $this->checks['root']['ERROR_MSG'].= "<input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1525 return(FALSE);
1526 }else{
1528 /* Add root object */
1529 $ldap->cd($cv['base']);
1530 $res = $ldap->create_missing_trees($cv['base']);
1532 /* If adding failed, tell the user */
1533 if(!$res){
1534 $this->checks['root']['STATUS'] = FALSE;
1535 $this->checks['root']['STATUS_MSG']= _("Failed");
1536 $this->checks['root']['ERROR_MSG'] = _("Root object couldn't be created, you should try it on your own.");
1537 $this->checks['root']['ERROR_MSG'].= " <input type='submit' name='retry_root_create' value='"._("Try to create root object")."'>";
1538 return($res);;
1539 }
1540 }
1541 }
1543 /* Create & remove of dummy object was successful */
1544 $this->checks['root']['STATUS'] = TRUE;
1545 $this->checks['root']['STATUS_MSG']= _("Ok");
1546 }
1549 /* Return ldif information for a
1550 * given attribute array
1551 */
1552 function array_to_ldif($atts)
1553 {
1554 $ret = "";
1555 unset($atts['count']);
1556 unset($atts['dn']);
1557 foreach($atts as $name => $value){
1558 if(is_numeric($name)) {
1559 continue;
1560 }
1561 if(is_array($value)){
1562 unset($value['count']);
1563 foreach($value as $a_val){
1564 $ret .= $name.": ". $a_val."\n";
1565 }
1566 }else{
1567 $ret .= $name.": ". $value."\n";
1568 }
1569 }
1570 return(preg_replace("/\n$/","",$ret));
1571 }
1574 function get_user_list()
1575 {
1576 /* Get collected configuration settings */
1577 $cv = $this->parent->captured_values;
1579 /* Establish ldap connection */
1580 $ldap = new LDAP($cv['admin'],
1581 $cv['password'],
1582 $cv['connection'],
1583 FALSE,
1584 $cv['tls']);
1586 $ldap->cd($cv['base']);
1587 $ldap->search("(objectClass=gosaAccount)",array("dn"));
1589 $tmp = array();
1590 while($attrs = $ldap->fetch()){
1591 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1592 }
1593 return($tmp);
1594 }
1597 function get_all_people_ous()
1598 {
1599 /* Get collected configuration settings */
1600 $cv = $this->parent->captured_values;
1602 /* Establish ldap connection */
1603 $ldap = new LDAP($cv['admin'],
1604 $cv['password'],
1605 $cv['connection'],
1606 FALSE,
1607 $cv['tls']);
1609 $ldap->cd($cv['base']);
1610 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1612 if($ldap->count() == 0 ){
1613 $add_dn = $cv['peopleou'].",".$cv['base'];
1614 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1615 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1616 $add = array();
1617 $add['objectClass'] = array("organizationalUnit");
1618 $add[$naming_attr] = $naming_value;
1620 $ldap->cd($cv['base']);
1621 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1622 $ldap->cd($add_dn);
1623 $ldap->add($add);
1624 }
1626 $ldap->search("(".$cv['peopleou'].")",array("dn"));
1627 $tmp = array();
1628 while($attrs= $ldap->fetch()){
1629 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1630 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1631 }
1632 }
1633 return($tmp);
1634 }
1636 function get_all_winstation_ous()
1637 {
1638 /* Get collected configuration settings */
1639 $cv = $this->parent->captured_values;
1641 /* Establish ldap connection */
1642 $ldap = new LDAP($cv['admin'],
1643 $cv['password'],
1644 $cv['connection'],
1645 FALSE,
1646 $cv['tls']);
1648 /* Get winstation ou */
1649 if($cv['generic_settings']['wws_ou_active']) {
1650 $winstation_ou = $cv['generic_settings']['ws_ou'];
1651 }else{
1652 $winstation_ou = "ou=winstations";
1653 }
1655 $ldap->cd($cv['base']);
1656 $ldap->search("(".$winstation_ou.")",array("dn"));
1658 if($ldap->count() == 0 ){
1659 $add_dn = $winstation_ou.",ou=systems,".$cv['base'];
1660 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1661 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1662 $add = array();
1663 $add['objectClass'] = array("organizationalUnit");
1664 $add[$naming_attr] = $naming_value;
1666 $ldap->cd($cv['base']);
1667 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1668 $ldap->cd($add_dn);
1669 $ldap->add($add);
1670 }
1672 $ldap->search("(".$winstation_ou.")",array("dn"));
1673 $tmp = array();
1674 while($attrs= $ldap->fetch()){
1675 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1676 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1677 }
1678 }
1679 return($tmp);
1680 }
1683 function get_all_group_ous()
1684 {
1685 /* Get collected configuration settings */
1686 $cv = $this->parent->captured_values;
1688 /* Establish ldap connection */
1689 $ldap = new LDAP($cv['admin'],
1690 $cv['password'],
1691 $cv['connection'],
1692 FALSE,
1693 $cv['tls']);
1695 $ldap->cd($cv['base']);
1696 $ldap->search("(".$cv['groupou'].")",array("dn"));
1698 if($ldap->count() == 0 ){
1699 $add_dn = $cv['groupou'].",".$cv['base'];
1700 $naming_attr = preg_replace("/=.*$/","",$add_dn);
1701 $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
1702 $add = array();
1703 $add['objectClass'] = array("organizationalUnit");
1704 $add[$naming_attr] = $naming_value;
1706 $ldap->cd($cv['base']);
1707 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
1708 $ldap->cd($add_dn);
1709 $ldap->add($add);
1710 }
1712 $ldap->search("(".$cv['groupou'].")",array("dn"));
1713 $tmp = array();
1714 while($attrs= $ldap->fetch()){
1715 if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
1716 $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
1717 }
1718 }
1719 return($tmp);
1720 }
1723 function get_group_list()
1724 {
1725 /* Get collected configuration settings */
1726 $cv = $this->parent->captured_values;
1728 /* Establish ldap connection */
1729 $ldap = new LDAP($cv['admin'],
1730 $cv['password'],
1731 $cv['connection'],
1732 FALSE,
1733 $cv['tls']);
1735 $ldap->cd($cv['base']);
1736 $ldap->search("(objectClass=posixGroup)",array("dn"));
1738 $tmp = array();
1739 while($attrs = $ldap->fetch()){
1740 $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
1741 }
1742 return($tmp);
1743 }
1746 function move($source,$destination)
1747 {
1748 /* Get collected configuration settings */
1749 $cv = $this->parent->captured_values;
1751 /* Establish ldap connection */
1752 $ldap = new LDAP($cv['admin'],
1753 $cv['password'],
1754 $cv['connection'],
1755 FALSE,
1756 $cv['tls']);
1758 /* Update object references in gosaGroupOfNames */
1759 $ogs_to_fix = array();
1760 $ldap->cd($cv['base']);
1761 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($source).'))', array('cn','member'));
1762 while ($attrs= $ldap->fetch()){
1763 $dn = $attrs['dn'];
1764 $attrs = $this->cleanup_array($attrs);
1765 $member_new = array($destination);
1766 foreach($attrs['member'] as $member){
1767 if($member != $source){
1768 $member_new[] = $member;
1769 }
1770 }
1771 $attrs['member'] = $member_new;
1772 $ogs_to_fix[$dn] = $attrs;
1773 }
1775 /* Copy source to destination dn */
1776 $ldap->cat($source);
1777 $new_data = $this->cleanup_array($ldap->fetch());
1778 $ldap->cd($destination);
1779 $res = $ldap->add($new_data);
1781 /* Display warning if copy failed */
1782 if(!$res){
1783 print_red(_("Failed to copy '%s' to '%s'. LDAP says '%s'."),$source,$destination,$ldap->get_error());
1784 }else{
1785 $res = $ldap->rmDir($source);
1786 show_ldap_error($ldap->get_error(),_("Something went wrong while copying dns."));
1788 /* Object is copied, so update its references */
1789 foreach($ogs_to_fix as $dn => $data){
1790 $ldap->cd($dn);
1791 $ldap->modify($data);
1792 }
1793 }
1794 }
1797 /* Cleanup ldap result to be able to write it be to ldap */
1798 function cleanup_array($attrs)
1799 {
1800 foreach($attrs as $key => $value) {
1801 if(is_numeric($key) || in_array($key,array("count","dn"))){
1802 unset($attrs[$key]);
1803 }
1804 if(is_array($value) && isset($value['count'])){
1805 unset($attrs[$key]['count']);
1806 }
1807 }
1808 return($attrs);
1809 }
1810 }
1812 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1813 ?>