[tokkee]

tokkee.org

Code

projects / gosa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Updated password methods.
[gosa.git] / gosa-core / setup / class_setupStep_Migrate.inc
diff --git a/gosa-core/setup/class_setupStep_Migrate.inc b/gosa-core/setup/class_setupStep_Migrate.inc
index 70fb3b4f2fcd8149ea8880c4a0d9551e5b071505..e1819137b1576fa517916ebc61b4ddda13c4f1a1 100644 (file)
--- a/gosa-core/setup/class_setupStep_Migrate.inc
+++ b/gosa-core/setup/class_setupStep_Migrate.inc
@@ -108,6 +108,11 @@ class Step_Migrate extends setup_step
 
   var $group_list              = array();
 
+  /* Migrateable users */
+  var $migrate_users = array();
+  var $acl_migrate_dialog      = FALSE;
+  var $migrate_acl_base_entry  = "";
+
   function Step_Migrate()
   {
     $this->update_strings(); 
@@ -146,6 +151,7 @@ class Step_Migrate extends setup_step
     $this->checks['users_visible']['ERROR_MSG'] = "";
     $this->check_gosaAccounts();
 
+    $this->migrate_users = array();
     $this->checks['acls']['TITLE']     = _("Checking for super administrator");
     $this->checks['acls']['STATUS']    = FALSE;
     $this->checks['acls']['STATUS_MSG']= "";
@@ -345,7 +351,7 @@ class Step_Migrate extends setup_step
 
     $this->outside_winstations = array();
     while($attrs = $ldap->fetch()){
-      if((!preg_match("/^[^,]+,".preg_quote($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
+      if((!preg_match("/^[^,]+,".preg_quote($winstation_ou, '/')."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
         $attrs['selected'] = FALSE;
         $attrs['ldif']     = "";
         $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
@@ -410,12 +416,12 @@ class Step_Migrate extends setup_step
     $this->outside_groups = array();
     $this->groups_list = array();;
     while($attrs = $ldap->fetch()){
-      $group_db_base = preg_replace("/^[^,]+,".preg_quote($group_ou)."+,/i","",$attrs['dn']);
+      $group_db_base = preg_replace("/^[^,]+,".preg_quote($group_ou, '/')."+,/i","",$attrs['dn']);
 
       /* Check if entry is not an addressbook only user
        *  and verify that he is in a valid department
        */
-      if( !preg_match("/".preg_quote("dc=addressbook,")."/",$group_db_base) &&
+      if( !preg_match("/".preg_quote("dc=addressbook,", '/')."/",$group_db_base) &&
           !in_array($group_db_base,$valid_deps)
         ){
         $attrs['selected'] = FALSE;
@@ -488,12 +494,12 @@ class Step_Migrate extends setup_step
     }
 
     while($attrs = $ldap->fetch()){
-      $people_db_base = preg_replace("/^[^,]+,".preg_quote($people_ou)."/i","",$attrs['dn']);
+      $people_db_base = preg_replace("/^[^,]+,".preg_quote($people_ou, '/')."/i","",$attrs['dn']);
 
       /* Check if entry is not an addressbook only user
        *  and verify that he is in a valid department
        */
-      if( !preg_match("/".preg_quote("dc=addressbook,")."/",$people_db_base) &&
+      if( !preg_match("/dc=addressbook,/",$people_db_base) &&
           !in_array($people_db_base,$valid_deps)
          ){
         $attrs['selected'] = FALSE;
@@ -678,7 +684,7 @@ class Step_Migrate extends setup_step
 
         /* Create new objectClass array */
         $new_attrs  = array();
-        $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
+        $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson","person");
         for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
           if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
             $new_attrs['objectClass'][]   = $attrs['objectClass'][$i];
@@ -851,6 +857,12 @@ class Step_Migrate extends setup_step
    */
   function check_administrativeAccount()
   {
+    /* Reset settings 
+     */ 
+    $this->migrate_users = array();
+    $this->acl_migrate_dialog = FALSE;
+    $this->migrate_acl_base_entry  = "";
+
     /* Establish ldap connection */
     $cv = $this->parent->captured_values;
     $ldap_l = new LDAP($cv['admin'],
@@ -868,31 +880,65 @@ class Step_Migrate extends setup_step
       $this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
       $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
     }else{
-      $found = false;
+      $GOsa_26_found = false; // GOsa 2.6 Account found
+      $GOsa_25_found = false; // GOsa 2.5 Account found, allow migration
+
       $username = "";
       $attrs = $ldap->fetch();
+
+      /* Collect a list of available GOsa users and groups 
+       */
+      $users = array();
+      $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)".
+        "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn"));
+      while($user_attrs = $ldap->fetch()){
+        $users[$user_attrs['dn']] = $user_attrs['uid'][0];
+        $rusers[$user_attrs['uid'][0]] = $user_attrs['dn'];
+      }
+      $groups = array();
+      $ldap->search("objectClass=posixGroup",array("cn","dn"));
+      while($group_attrs = $ldap->fetch()){
+        $groups[$group_attrs['dn']] = $group_attrs['cn'][0];
+      }
+      
+      /* Check if a valid GOsa 2.6 admin exists 
+          -> gosaAclEntry for an existing and accessible user.
+       */
+      $valid_users = "";
+      $valid_groups = "";
       if(isset($attrs['gosaAclEntry'])){
         $acls = $attrs['gosaAclEntry'];
         for($i = 0 ; $i < $acls['count'] ; $i++){
           $acl = $acls[$i];
           $tmp = split(":",$acl);
+
           if($tmp[1] == "psub"){
             $members = split(",",$tmp[2]);
             foreach($members as $member){
               $member = base64_decode($member);
-
-              /* Check if acl owner is a valid GOsa user account */
-              $ldap->cat($member,array("objectClass","uid","cn"));
-              $ret = $ldap->fetch();
-
-              if(isset($ret['objectClass']) && in_array("posixGroup",$ret['objectClass'])){
-                $found = TRUE;
-                $username .= "ACL-Group:&nbsp;".$ret['cn'][0]."<br>";
-              }elseif(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
-                  in_array("organizationalPerson",$ret['objectClass']) &&
-                  in_array("inetOrgPerson",$ret['objectClass'])){
-                $found = TRUE;
-                $username .= "ACL:&nbsp;".$ret['uid'][0]."<br>";
+              if(isset($users[$member])){
+                if(preg_match("/all;cmdrw/i",$tmp[3])){
+                  $valid_users .= $users[$member].", ";
+                  $GOsa_26_found  = TRUE;
+                }
+              }
+              if(isset($groups[$member])){
+                if(preg_match("/all;cmdrw/i",$tmp[3])){
+                  $ldap->cat($member);
+                  $group_attrs = $ldap->fetch();
+                  $val_users = "";
+                  if(isset($group_attrs['memberUid'])){
+                    for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){
+                      if(isset($rusers[$group_attrs['memberUid'][$e]])){
+                        $val_users .= $group_attrs['memberUid'][$e].", ";
+                      }
+                    }
+                  }
+                  if(!empty($val_users)){
+                    $valid_groups .= $groups[$member]."(<i>".trim($val_users,", ")."</i>), ";
+                    $GOsa_26_found  = TRUE;
+                  }
+                }
               }
             }
           }elseif($tmp[1] == "role"){
@@ -912,15 +958,25 @@ class Step_Migrate extends setup_step
                   foreach($members as $member){
                     $member = base64_decode($member);
 
-                    /* Check if acl owner is a valid GOsa user account */
-                    $ldap->cat($member,array("objectClass","uid"));
-                    $ret = $ldap->fetch();
-  
-                    if(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
-                        in_array("organizationalPerson",$ret['objectClass']) &&
-                        in_array("inetOrgPerson",$ret['objectClass'])){
-                      $found = TRUE;
-                      $username .= "ACL Role:&nbsp;".$ret['uid'][0]."<br>";
+                    if(isset($users[$member])){
+                      $valid_users .= $users[$member].", ";
+                      $GOsa_26_found  = TRUE;
+                    }
+                    if(isset($groups[$member])){
+                      $ldap->cat($member);
+                      $group_attrs = $ldap->fetch();
+                      $val_users = "";
+                      if(isset($group_attrs['memberUid'])){
+                        for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){
+                          if(isset($rusers[$group_attrs['memberUid'][$e]])){
+                            $val_users .= $group_attrs['memberUid'][$e].", ";
+                          }
+                        }
+                      }
+                      if(!empty($val_users)){
+                        $valid_groups .= $groups[$member]."(<i>".trim($val_users,", ")."</i>), ";
+                        $GOsa_26_found  = TRUE;
+                      }
                     }
                   }
                 }
@@ -930,14 +986,53 @@ class Step_Migrate extends setup_step
         }
       }
 
-      # For debugging
-      #echo $username;
+      /* Try to find an old GOsa 2.5 administrative account that may be migrated 
+       */
+      if(!$GOsa_26_found){
+        $valid_users = "";
+        $valid_groups = "";
+        $ldap->cd($cv['base']);
+        $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
+        while($p_group = $ldap->fetch()){
+          $val_users = "";
+          for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){
+            $user = $p_group['memberUid'][$e];
+            if(isset($rusers[$user])){
+              $val_users .= $user.", ";
+            }  
+          }
+          if(!empty($val_users)){
+            $valid_groups .= $groups[$p_group['dn']]."(<i>".trim($val_users,", ")."</i>), ";
+            $GOsa_25_found  = TRUE;
+          }
+        }
+      }
 
-      if($found){
+      /* Print out results 
+       */
+      if($GOsa_25_found){
+        $str = "";
+        if(!empty($valid_groups)){
+          $str.= "<i>".sprintf(_("GOsa 2.5 adminitrative accounts found: %s."),trim($valid_groups,", "))."</i><br>";
+        }
+        $this->checks['acls']['STATUS']    = FALSE;
+        $this->checks['acls']['STATUS_MSG']= _("Failed");
+        $this->checks['acls']['ERROR_MSG'] = $str;
+        $this->checks['acls']['ERROR_MSG'].= _("There is no valid GOsa 2.6 administrator account inside your LDAP.")."&nbsp;";
+        $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='migrate_acls' value='"._("Migrate")."'>";
+        $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create new")."'>";
+      }elseif($GOsa_26_found){
+        $str = "";
+        if(!empty($valid_users)){
+          $str.= "<b>"._("Users")."</b>:&nbsp;".trim($valid_users,", ")."<br>";
+        }
+        if(!empty($valid_groups)){
+          $str.= "<b>"._("Groups")."</b>:&nbsp;".trim($valid_groups,", ")."<br>";
+        }
         $this->checks['acls']['STATUS']    = TRUE;
         $this->checks['acls']['STATUS_MSG']= _("Ok");
-        $this->checks['acls']['ERROR_MSG'] = "";
-      }else{
+        $this->checks['acls']['ERROR_MSG'] = $str;
+      }elseif($GOsa_25_found){
         $this->checks['acls']['STATUS']    = FALSE;
         $this->checks['acls']['STATUS_MSG']= _("Failed");
         $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")."&nbsp;";
@@ -1295,7 +1390,7 @@ class Step_Migrate extends setup_step
       /* Fix displayed dn syntax */ 
       $tmp = $this->outside_winstations;
       foreach($tmp as $key => $data){
-        $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
+        $tmp[$key]['dn'] = LDAP::fix($data['dn']);
       }
 
       $smarty = get_smarty();
@@ -1341,7 +1436,7 @@ class Step_Migrate extends setup_step
       /* Fix displayed dn syntax */ 
       $tmp = $this->outside_groups;
       foreach($tmp as $key => $data){
-        $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
+        $tmp[$key]['dn'] = LDAP::fix($data['dn']);
       }
 
       $smarty = get_smarty();
@@ -1389,7 +1484,7 @@ class Step_Migrate extends setup_step
       /* Fix displayed dn syntax */ 
       $tmp = $this->outside_users;
       foreach($tmp as $key => $data){
-        $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
+        $tmp[$key]['dn'] = LDAP::fix($data['dn']);
       }
 
       $smarty = get_smarty();
@@ -1414,33 +1509,32 @@ class Step_Migrate extends setup_step
     }
  
     /*************
-     * User Migration handling 
+     * Administrative Account -- Migrate/Create 
      *************/
 
     if(isset($_POST['retry_acls'])){
       $this->check_administrativeAccount();
     }
 
+    /* Dialog handling */
     if(isset($_POST['create_acls'])){
       $this->acl_create_dialog = TRUE;
       $this->dialog = TRUE;
     }
+
+    if(isset($_POST['migrate_acls'])){
+      $this->acl_migrate_dialog = TRUE;
+      $this->dialog = TRUE;
+    }
   
-    if(isset($_POST['create_acls_cancel'])){
+    if(isset($_POST['create_acls_cancel']) || isset($_POST['migrate_acls_cancel'])){
       $this->acl_create_dialog = FALSE;
+      $this->acl_migrate_dialog = FALSE;
       $this->dialog = FALSE;
       $this->show_details = FALSE;
     }
 
-#    if(isset($_POST['create_acls_create_confirmed'])){
-#      if($this->create_admin()){
-#        $this->acl_create_dialog = FALSE;
-#        $this->dialog = FALSE;
-#      $this->show_details = FALSE;
-#        $this->initialize_checks();
-#      }
-#    }
-
+    /* Account creation */
     if(isset($_POST['create_acls_create'])){
       $this->create_admin(TRUE);
     }
@@ -1452,14 +1546,43 @@ class Step_Migrate extends setup_step
       }
     }
 
+    /* Add admin acls for the selected users to the ldap base.
+     */
+    if($this->acl_migrate_dialog && isset($_POST['migrate_admin_user'])){
+
+      /* Update ldap and reload check infos 
+       */
+      $this->migrate_selected_admin_users();
+
+    }elseif($this->acl_migrate_dialog){
+
+      /* Display admin migration dialog.
+       */
+      $this->migrate_users();
+      $smarty = get_smarty();
+
+      /* Do we have to display the changes
+       */
+      $details = isset($_POST['details']) && $_POST['details'];
+      if(isset($_POST['migrate_acls_show_changes'])){
+        $details = TRUE;
+      }elseif(isset($_POST['migrate_acls_hide_changes'])){
+        $details = FALSE;
+      }
+
+      $smarty->assign("migrate_acl_base_entry", $this->migrate_acl_base_entry);
+      $smarty->assign("details", $details);
+      $smarty->assign("method","migrate_acls");
+      $smarty->assign("migrateable_users",$this->migrate_users);
+      return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
+    }
+
     if($this->acl_create_dialog){
       $smarty = get_smarty();
-  
       $uid = "admin";
       if(isset($_POST['new_user_uid'])){
         $uid = $_POST['new_user_uid'];
       }
-
       $smarty->assign("new_user_uid",$uid);
       $smarty->assign("new_user_password",@$_POST['new_user_password']);
       $smarty->assign("new_user_password2",@$_POST['new_user_password2']);
@@ -1513,7 +1636,7 @@ class Step_Migrate extends setup_step
       /* Fix displayed dn syntax */ 
       $tmp = $this->users_to_migrate;
       foreach($tmp as $key => $data){
-        $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
+        $tmp[$key]['dn'] = LDAP::fix($data['dn']);
       }
 
       $smarty = get_smarty();
@@ -1569,7 +1692,7 @@ class Step_Migrate extends setup_step
       /* Fix displayed dn syntax */ 
       $tmp = $this->deps_to_migrate;
       foreach($tmp as $key => $data){
-        $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
+        $tmp[$key]['dn'] = LDAP::fix($data['dn']);
       }
 
       $smarty->assign("deps_to_migrate",$tmp);
@@ -1886,7 +2009,7 @@ class Step_Migrate extends setup_step
   
     $tmp = array();
     while($attrs = $ldap->fetch()){
-      $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
+      $tmp[base64_encode($attrs['dn'])] = LDAP::fix($attrs['dn']);
     }
     return($tmp);
   }
@@ -2080,7 +2203,7 @@ class Step_Migrate extends setup_step
   
     $tmp = array();
     while($attrs = $ldap->fetch()){
-      $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
+      $tmp[base64_encode($attrs['dn'])] = LDAP::fix($attrs['dn']);
     }
     return($tmp);
   }
@@ -2833,7 +2956,148 @@ class Step_Migrate extends setup_step
      */
     $this->check_menus();
   }
-}
 
+
+  function migrate_selected_admin_users()
+  {
+    /* Updated ui selection */
+    $this->migrate_users();
+
+    /* Establish ldap connection */
+    $cv = $this->parent->captured_values;
+    $ldap_l = new LDAP($cv['admin'],
+        $cv['password'],
+        $cv['connection'],
+        FALSE,
+        $cv['tls']);
+
+    $ldap = new ldapMultiplexer($ldap_l);
+    $ldap->cd($cv['base']);
+
+    /* Get current ACL configuration for the ldap base 
+     */
+    $ldap->cat($cv['base']);
+    $base_attrs = $ldap->fetch();
+    $acl_entries= array();
+    $acl_id = -1;
+    if(isset($base_attrs['gosaAclEntry'])){
+      for($i=0; $i < $base_attrs['gosaAclEntry']['count']; $i ++){
+        $acl_entries[] = $base_attrs['gosaAclEntry'][$i];
+        $cur_id = preg_replace("/^([0-9]*):.*$/","\\1",$base_attrs['gosaAclEntry'][$i]);
+        if($cur_id > $acl_id){
+          $acl_id = $cur_id;
+        }
+      }
+    }
+
+    /* Append ACLs selected in the migrate admin account dialog 
+     */
+    foreach($this->migrate_users as $entry){
+      if($entry['checked']){
+        $acl_id ++;
+        $acl_entries[] = $acl_id.$entry['change'];
+      }
+    }
+   
+    /* Check if the required objectClasses are available 
+     */
+    $ocs = array();     
+    for($i=0;$i< $base_attrs['objectClass']['count']; $i++){
+      $ocs[] = $base_attrs['objectClass'][$i];
+    }
+    if(!in_array("gosaACL",$ocs)){
+      $ocs[] = "gosaACL";
+    }
+
+    /* Try to write changes 
+     */
+    if(count($acl_entries)){
+      $new_entry['gosaAclEntry'] = $acl_entries;
+      $new_entry['objectClass'] = $ocs;
+      $ldap->cd($cv['base']);
+      $ldap->modify($new_entry);
+      if(!$ldap->success()){
+        $this->checks['acls']['TITLE']     = _("Checking for super administrator");
+        $this->checks['acls']['STATUS']    = FALSE;
+        $this->checks['acls']['STATUS_MSG']= _("Failed");
+        $this->checks['acls']['ERROR_MSG'] = "<br>".msgPool::ldaperror($cv['base'],$ldap->get_error(),LDAP_MOD);
+      }else{
+        $this->check_administrativeAccount();
+      }     
+    }
+  }
+  
+
+  function migrate_users()
+  {
+    /* Collect a list of available GOsa users and groups 
+     */
+
+    /* Establish ldap connection */
+    $cv = $this->parent->captured_values;
+    $ldap_l = new LDAP($cv['admin'],
+        $cv['password'],
+        $cv['connection'],
+        FALSE,
+        $cv['tls']);
+
+    $ldap = new ldapMultiplexer($ldap_l);
+    $ldap->cd($cv['base']);
+
+    $users = array();
+    $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)".
+        "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn"));
+    while($user_attrs = $ldap->fetch()){
+      $users[$user_attrs['dn']] = $user_attrs['uid'][0];
+      $rusers[$user_attrs['uid'][0]] = $user_attrs['dn'];
+    }
+    $groups = array();
+    $ldap->search("objectClass=posixGroup",array("cn","dn"));
+    while($group_attrs = $ldap->fetch()){
+      $groups[$group_attrs['dn']] = $group_attrs['cn'][0];
+    }
+
+    foreach($this->migrate_users as $id => $data){
+      $this->migrate_users[$id]['checked'] = isset($_POST['migrate_admin_'.$id]);
+    }
+
+    /* Try to find an old GOsa 2.5 administrative account that may be migrated
+     */
+    if(!count($this->migrate_users)){
+      $ldap->cat($cv['base']);
+      $base_data = $ldap->fetch();
+      $base_entry = "dn: ".$base_data['dn']."\n";
+      for($i=0;$i<$base_data['objectClass']['count'];$i++){
+        $base_entry .= "objectClass: ".$base_data['objectClass'][$i]."\n";
+      }
+      if(!in_array("gosaACL",$base_data['objectClass'])){
+        $base_entry .= "<b>objectClass: gosaACL</b>\n";
+      }
+      if(isset($base_data['gosaAclEntry'])){
+        for($i=0;$i<$base_data['gosaAclEntry']['count'];$i++){
+          $base_entry .= "gosaAclEntry: ".$base_data['gosaAclEntry'][$i]."\n";
+        }
+      }
+      $this->migrate_acl_base_entry = $base_entry;
+      $ldap->cd($cv['base']);
+      $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
+      while($p_group = $ldap->fetch()){
+        for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){
+          $user = $p_group['memberUid'][$e];
+          if(isset($rusers[$user])){
+            $bsp_acl_entry = "gosaAclEntry: #:psub:".base64_encode($rusers[$user]).":all;cmdrw\n";
+            $entry = array();
+            $entry['uid'] = $user; 
+            $entry['dn'] = $rusers[$user]; 
+            $entry['details'] = $bsp_acl_entry; 
+            $entry['checked'] = FALSE;
+            $entry['change'] = ":psub:".base64_encode($rusers[$user]).":all;cmdrw";
+            $this->migrate_users[] = $entry;
+          }
+        }
+      }
+    }
+  }
+}
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
 ?>
GONICUS system administrator (SVN clone)