index 4e3b0a9af128bd3176e22d54deb8811b90a0691d..3765ed2d038cd79d69df3f66fcb801ce21560969 100644 (file)
$this->acl_base= $dn;
/* Get LDAP descriptor */
- $ldap= $this->config->get_ldap_link();
if ($dn !== NULL){
/* Load data to 'attrs' and save 'dn' */
if ($parent !== NULL){
$this->attrs= $parent->attrs;
} else {
+ $ldap= $this->config->get_ldap_link();
$ldap->cat ($dn);
$this->attrs= $ldap->fetch();
}
unset($this->saved_attributes[$index]);
continue;
}
- if (isset($this->saved_attributes[$index][0]) || $this->saved_attributes[$index]["count"] == 1){
- $tmp= $this->saved_attributes[$index][0];
- unset($this->saved_attributes[$index]);
- $this->saved_attributes[$index]= $tmp;
- continue;
- }
+ if (isset($this->saved_attributes[$index][0])){
+ if(!isset($this->saved_attributes[$index]["count"])){
+ $this->saved_attributes[$index]["count"] = count($this->saved_attributes[$index]);
+ }
+ if($this->saved_attributes[$index]["count"] == 1){
+ $tmp= $this->saved_attributes[$index][0];
+ unset($this->saved_attributes[$index]);
+ $this->saved_attributes[$index]= $tmp;
+ continue;
+ }
+ }
unset($this->saved_attributes["$index"]["count"]);
}
+ if(isset($this->attrs['gosaUnitTag'])){
+ $this->saved_attributes['gosaUnitTag'] = $this->attrs['gosaUnitTag'][0];
+ }
}
/* Save initial account state */
function cleanup()
{
foreach ($this->attrs as $index => $value){
-
+
/* Convert arrays with one element to non arrays, if the saved
attributes are no array, too */
if (is_array($this->attrs[$index]) &&
}
/* Adapt from template, using 'dn' */
- function adapt_from_template($dn)
+ function adapt_from_template($dn, $skip= array())
{
/* Include global link_info */
$ldap= $this->config->get_ldap_link();
/* Walk through attributes */
foreach ($this->attributes as $val){
+ /* Skip the ones in skip list */
+ if (in_array($val, $skip)){
+ continue;
+ }
+
if (isset($this->attrs["$val"][0])){
/* If attribute is set, replace dynamic parts:
if ($command != ""){
- /* Additional attributes */
- foreach ($add_attrs as $name => $value){
- $command= preg_replace("/%$name( |$)/", "$value ", $command);
- }
-
/* Walk through attribute list */
foreach ($this->attributes as $attr){
if (!is_array($this->$attr)){
- $command= preg_replace("/%$attr( |$)/", $this->$attr." ", $command);
+ $add_attrs[$attr] = $this->$attr;
}
}
- $command= preg_replace("/%dn( |$)/", $this->dn." ", $command);
+ $add_attrs['dn']=$this->dn;
+
+ $tmp = array();
+ foreach($add_attrs as $name => $value){
+ $tmp[$name] = strlen($name);
+ }
+ arsort($tmp);
+
+ /* Additional attributes */
+ foreach ($tmp as $name => $len){
+ $value = $add_attrs[$name];
+ $command= preg_replace("/%$name/", "$value", $command);
+ }
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
exec($command);
} else {
- $message[]= msgPool::cmdnotfound("POSTCREATE", get_class($this));
+ $message= msgPool::cmdnotfound("POSTCREATE", get_class($this));
msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
}
}
if ($command != ""){
- /* Additional attributes */
- foreach ($add_attrs as $name => $value){
- $command= preg_replace("/%$name( |$)/", "$value ", $command);
- }
-
/* Walk through attribute list */
foreach ($this->attributes as $attr){
if (!is_array($this->$attr)){
- $command= preg_replace("/%$attr( |$)/", $this->$attr." ", $command);
+ $add_attrs[$attr] = $this->$attr;
}
}
- $command= preg_replace("/%dn( |$)/", $this->dn." ", $command);
+ $add_attrs['dn']=$this->dn;
- if (check_command($command)){
- @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
- $command, "Execute");
+ $tmp = array();
+ foreach($add_attrs as $name => $value){
+ $tmp[$name] = strlen($name);
+ }
+ arsort($tmp);
+
+ /* Additional attributes */
+ foreach ($tmp as $name => $len){
+ $value = $add_attrs[$name];
+ $command= preg_replace("/%$name/", "$value", $command);
+ }
+ if (check_command($command)){
+ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,$command, "Execute");
exec($command);
} else {
- $message[]= msgPool::cmdnotfound("POSTMODIFY", get_class($this));
+ $message= msgPool::cmdnotfound("POSTMODIFY", get_class($this));
msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
}
}
$command= $this->config->search(get_class($this), "POSTREMOVE",array('menu','tabs'));
if ($command != ""){
- /* Additional attributes */
- foreach ($add_attrs as $name => $value){
- $command= preg_replace("/%$name( |$)/", "$value ", $command);
- }
-
/* Walk through attribute list */
foreach ($this->attributes as $attr){
if (!is_array($this->$attr)){
- $command= preg_replace("/%$attr( |$)/", $this->$attr." ", $command);
+ $add_attrs[$attr] = $this->$attr;
}
}
- $command= preg_replace("/%dn( |$)/", $this->dn." ", $command);
+ $add_attrs['dn']=$this->dn;
+
+ $tmp = array();
+ foreach($add_attrs as $name => $value){
+ $tmp[$name] = strlen($name);
+ }
+ arsort($tmp);
+
+ /* Additional attributes */
+ foreach ($tmp as $name => $len){
+ $value = $add_attrs[$name];
+ $command= preg_replace("/%$name/", "$value", $command);
+ }
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
exec($command);
} else {
- $message[]= msgPool::cmdnotfound("POSTREMOVE", get_class($this));
+ $message= msgPool::cmdnotfound("POSTREMOVE", get_class($this));
msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
}
}
function rebind($ldap, $referral)
{
$credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
- if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
+ if (ldap_bind($ldap, $credentials['ADMIN'], $this->config->get_credentials($credentials['PASSWORD']))) {
$this->error = "Success";
$this->hascon=true;
$this->reconnect= true;
$ldap->cd($dst_dn);
$ldap->add($new);
- if ($ldap->error != "Success"){
+ if (!$ldap->success()){
trigger_error("Trying to save $dst_dn failed.",
E_USER_WARNING);
return(FALSE);
}
+
+ /*! \brief Move a given ldap object indentified by $src_dn \
+ to the given destination $dst_dn \
+ * Ensure that all references are updated (ogroups) \
+ * Update ACLs \
+ * Update accessTo \
+ @param String The source dn.
+ @param String The destination dn.
+ @return Boolean TRUE on success else FALSE.
+ */
+ function rename($src_dn, $dst_dn)
+ {
+ $start = microtime(1);
+
+ /* Try to move the source entry to the destination position */
+ $ldap = $this->config->get_ldap_link();
+ if (!$ldap->rename_dn($src_dn,$dst_dn)){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $src_dn, "", get_class()));
+ return(FALSE);
+ }
+
+ /* Get list of groups within this tree,
+ maybe we have to update ACL references.
+ */
+ $leaf_groups = get_list("(objectClass=posixGroup)",array("all"),$dst_dn,
+ array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
+
+ /* Get list of users within this tree,
+ maybe we have to update ACL references.
+ */
+ $leaf_users= get_list("(objectClass=gosaAccount)",array("all"),$dst_dn,
+ array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
+
+
+ /* Updated acls set for this groups */
+ foreach($leaf_groups as $group){
+ $new_dn = $group['dn'];
+ $old_dn = preg_replace("/".normalizePreg($dst_dn)."$/i",$src_dn,$new_dn);
+ $this->update_acls($old_dn,$new_dn);
+ }
+
+ /* Updated acls set for this users */
+ foreach($leaf_users as $user){
+ $new_dn = $user['dn'];
+ $old_dn = preg_replace("/".normalizePreg($dst_dn)."$/i",$src_dn,$new_dn);
+ $this->update_acls($old_dn,$new_dn);
+ }
+
+ /* Get all objectGroups defined in this database.
+ and check if there is an entry matching the source dn,
+ if this is the case, then update this objectgroup to use the new dn.
+ */
+ $ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=*))","ogroups",
+ array(get_ou("ogroupou")),$this->config->current['BASE'],array("member"),
+ GL_SUBSEARCH | GL_NO_ACL_CHECK) ;
+
+ /* Walk through all objectGroups and check if there are
+ members matching the source dn
+ */
+ foreach($ogroups as $ogroup){
+ if(isset($ogroup['member'])){
+
+ /* Reset class object, this will be initialized with class_ogroup on demand
+ */
+ $o_ogroup = NULL;
+ for($i = 0 ; $i < $ogroup['member']['count'] ; $i ++){
+
+ $c_mem = $ogroup['member'][$i];
+
+ if(preg_match("/".normalizePreg($src_dn)."$/i",$c_mem)){
+
+ $d_mem = preg_replace("/".normalizePreg($src_dn)."$/i",$dst_dn,$ogroup['member'][$i]);
+
+ if($o_ogroup == NULL){
+ $o_ogroup = new ogroup($this->config,$ogroup['dn']);
+ }
+
+ unset($o_ogroup->member[$c_mem]);
+ $o_ogroup->member[$d_mem]= $d_mem;
+ }
+ }
+
+ /* Save object group if there were changes made on the membership */
+ if($o_ogroup != NULL){
+ $o_ogroup->save();
+ }
+ }
+ }
+
+ /* Check if there are gosa departments moved.
+ If there were deps moved, the force reload of config->deps.
+ */
+ $leaf_deps= get_list("(objectClass=gosaDepartment)",array("all"),$dst_dn,
+ array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
+
+ if(count($leaf_deps)){
+ $this->config->get_departments();
+ $this->config->make_idepartments();
+ session::set("config",$this->config);
+ $ui =get_userinfo();
+ $ui->reset_acl_cache();
+ }
+
+ return(TRUE);
+ }
+
+
+
function move($src_dn, $dst_dn)
{
/* Do not copy if only upper- lowercase has changed */
return(TRUE);
}
+
+ /* Try to move the entry instead of copy & delete
+ */
+ if(TRUE){
+
+ /* Try to move with ldap routines, if this was not successfull
+ fall back to the old style copy & remove method
+ */
+ if($this->rename($src_dn, $dst_dn)){
+ return(TRUE)
+ }else{
+ // See code below.
+ }
+ }
+
/* Copy source to destination */
if (!$this->copy($src_dn, $dst_dn)){
return (FALSE);
/* Delete source */
$ldap= $this->config->get_ldap_link();
$ldap->rmdir_recursive($src_dn);
- if ($ldap->error != "Success"){
+ if (!$ldap->success()){
trigger_error("Trying to delete $src_dn failed.",
E_USER_WARNING);
return (FALSE);
foreach ($this->config->adepartments as $key => $ntag){
/* This one is bigger than our dn, its not relevant... */
- if ($len <= strlen($key)){
+ if ($len < strlen($key)){
continue;
}
}
}
}
-
+
/* Remove tags that may already be here... */
remove_objectClass("gosaAdministrativeUnitTag", $at);
if (isset($at['gosaUnitTag'])){
add_objectClass("gosaAdministrativeUnitTag", $at);
$at['gosaUnitTag']= $tag;
}
+
+ /* Initially this object was tagged.
+ - But now, it is no longer inside a tagged department.
+ So force the remove of the tag.
+ (objectClass was already removed obove)
+ */
+ if($tag == "" && $this->gosaUnitTag){
+ $at['gosaUnitTag'] = array();
+ }
}
$password = $tmp['SNAPSHOT_PASSWORD'];
$snapldapbase = $tmp['SNAPSHOT_BASE'];
- $ldap_to = new LDAP($user,$password, $server);
+ $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
$ldap_to -> cd($snapldapbase);
- show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
+
+ if (!$ldap_to->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
+ }
+
}
/* check if the dn exists */
$ldap_to->create_missing_trees($new_base);
$ldap_to->cd($new_dn);
$ldap_to->add($target);
-
- show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
- show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
+ if (!$ldap_to->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $new_dn, LDAP_ADD, get_class()));
+ }
+
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $new_base, "", get_class()));
+ }
+
}
}
$password = $cfg['SNAPSHOT_PASSWORD'];
$snapldapbase = $cfg['SNAPSHOT_BASE'];
- $ldap_to = new LDAP($user,$password, $server);
+ $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
$ldap_to -> cd ($snapldapbase);
- show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
+ if (!$ldap_to->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
+ }
}else{
$ldap_to = $ldap;
}
$user = $cfg['SNAPSHOT_USER'];
$password = $cfg['SNAPSHOT_PASSWORD'];
$snapldapbase = $cfg['SNAPSHOT_BASE'];
- $ldap_to = new LDAP($user,$password, $server);
+ $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
$ldap_to->cd ($snapldapbase);
- show_ldap_error($ldap_to->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
+ if (!$ldap_to->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
+ }
}else{
$ldap_to = $ldap;
}
$user = $cfg['SNAPSHOT_USER'];
$password = $cfg['SNAPSHOT_PASSWORD'];
$snapldapbase = $cfg['SNAPSHOT_BASE'];
- $ldap_to = new LDAP($user,$password, $server);
+ $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
$ldap_to->cd ($snapldapbase);
- show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
+ if (!$ldap_to->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
+ }
}else{
$ldap_to = $ldap;
}
$data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
/* Import the given data */
+ $err = "";
$ldap->import_complete_ldif($data,$err,false,false);
- show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, "", get_class()));
+ }
}
$acls = array();
+ /* Reset vars */
+ $found = false;
+
/* Walk through acls */
for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
- /* Reset vars */
- $found = false;
-
/* Get Acl parts */
$acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
$members[$key] = base64_encode($new_dn);
}
}
-
+
/* Create new member string */
$new_members = "";
foreach($members as $member){
$acl_str .= $t.":";
}
$acl_str = preg_replace("/:$/","",$acl_str);
+ $acls[] = $acl_str;
}
/* Acls for this object must be adjusted */