![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/gosa-core/setup/class_setupStep_Migrate.inc b/gosa-core/setup/class_setupStep_Migrate.inc
index 32bc9dd1d91fe45b023d80a88babd01fed964c84..f1074cbc812ff3c3f78f155002f5c1543dff520e 100644 (file)
{
var $languages = array();
var $attributes = array();
- var $header_image = "images/monitoring.png";
+ var $header_image = "images/setup/migrate.png";
var $checks = array();
/* Department migration attributes */
var $group_list = array();
+ /* Migrateable users */
+ var $migrate_users = array();
+ var $acl_migrate_dialog = FALSE;
+ var $migrate_acl_base_entry = "";
+
+ /* Root object classes */
+ var $rootOC_migrate_dialog = FALSE;
+ var $rootOC_details = array();
+
function Step_Migrate()
{
$this->update_strings();
$this->checks['root']['ERROR_MSG'] = "";
$this->checkBase();
+ $this->checks['rootOC']['TITLE'] = _("Checking object classes for root object");
+ $this->checks['rootOC']['STATUS'] = FALSE;
+ $this->checks['rootOC']['STATUS_MSG']= "";
+ $this->checks['rootOC']['ERROR_MSG'] = "";
+ $this->checkBaseOC();
+
$this->checks['permissions']['TITLE'] = _("Checking permissions on LDAP database");
$this->checks['permissions']['STATUS'] = FALSE;
$this->checks['permissions']['STATUS_MSG']= "";
$this->checks['users_visible']['ERROR_MSG'] = "";
$this->check_gosaAccounts();
+ $this->migrate_users = array();
$this->checks['acls']['TITLE'] = _("Checking for super administrator");
$this->checks['acls']['STATUS'] = FALSE;
$this->checks['acls']['STATUS_MSG']= "";
$this->outside_winstations = array();
while($attrs = $ldap->fetch()){
- if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
+ if((!preg_match("/^[^,]+,".preg_quote($winstation_ou, '/')."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
$attrs['selected'] = FALSE;
$attrs['ldif'] = "";
$this->outside_winstations[base64_encode($attrs['dn'])] = $attrs;
$this->outside_groups = array();
$this->groups_list = array();;
while($attrs = $ldap->fetch()){
- $group_db_base = preg_replace("/^[^,]+,".normalizePreg($group_ou)."+,/i","",$attrs['dn']);
+ $group_db_base = preg_replace("/^[^,]+,".preg_quote($group_ou, '/')."+,/i","",$attrs['dn']);
/* Check if entry is not an addressbook only user
* and verify that he is in a valid department
*/
- if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$group_db_base) &&
+ if( !preg_match("/".preg_quote("dc=addressbook,", '/')."/",$group_db_base) &&
!in_array($group_db_base,$valid_deps)
){
$attrs['selected'] = FALSE;
}
while($attrs = $ldap->fetch()){
- $people_db_base = preg_replace("/^[^,]+,".normalizePreg($people_ou)."/i","",$attrs['dn']);
+ $people_db_base = preg_replace("/^[^,]+,".preg_quote($people_ou, '/')."/i","",$attrs['dn']);
/* Check if entry is not an addressbook only user
* and verify that he is in a valid department
*/
- if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$people_db_base) &&
+ if( !preg_match("/dc=addressbook,/",$people_db_base) &&
!in_array($people_db_base,$valid_deps)
){
$attrs['selected'] = FALSE;
/* Create new objectClass array */
$new_attrs = array();
- $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson");
+ $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson","person");
for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){
if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){
$new_attrs['objectClass'][] = $attrs['objectClass'][$i];
*/
function check_administrativeAccount()
{
+ /* Reset settings
+ */
+ $GOsa_26_found = FALSE;
+ $this->migrate_users = array();
+ $this->acl_migrate_dialog = FALSE;
+ $this->migrate_acl_base_entry = "";
+
/* Establish ldap connection */
$cv = $this->parent->captured_values;
$ldap_l = new LDAP($cv['admin'],
$ldap = new ldapMultiplexer($ldap_l);
$ldap->cd($cv['base']);
$res = $ldap->cat($cv['base']);
-
+
if(!$res){
$this->checks['acls']['STATUS'] = FALSE;
$this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
$this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
}else{
- $found = false;
+ $GOsa_26_found = false; // GOsa 2.6 Account found
+ $GOsa_25_found = false; // GOsa 2.5 Account found, allow migration
+
$username = "";
$attrs = $ldap->fetch();
+
+ /* Collect a list of available GOsa users and groups
+ */
+ $users = array();
+ $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)".
+ "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn"));
+ while($user_attrs = $ldap->fetch()){
+ $users[$user_attrs['dn']] = $user_attrs['uid'][0];
+ $rusers[$user_attrs['uid'][0]] = $user_attrs['dn'];
+ }
+ $groups = array();
+ $ldap->search("objectClass=posixGroup",array("cn","dn"));
+ while($group_attrs = $ldap->fetch()){
+ $groups[$group_attrs['dn']] = $group_attrs['cn'][0];
+ }
+
+ /* Check if a valid GOsa 2.6 admin exists
+ -> gosaAclEntry for an existing and accessible user.
+ */
+ $valid_users = "";
+ $valid_groups = "";
if(isset($attrs['gosaAclEntry'])){
$acls = $attrs['gosaAclEntry'];
for($i = 0 ; $i < $acls['count'] ; $i++){
$acl = $acls[$i];
$tmp = split(":",$acl);
+
if($tmp[1] == "psub"){
$members = split(",",$tmp[2]);
foreach($members as $member){
$member = base64_decode($member);
-
- /* Check if acl owner is a valid GOsa user account */
- $ldap->cat($member,array("objectClass","uid","cn"));
- $ret = $ldap->fetch();
-
- if(isset($ret['objectClass']) && in_array("posixGroup",$ret['objectClass'])){
- $found = TRUE;
- $username .= "ACL-Group: ".$ret['cn'][0]."<br>";
- }elseif(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
- in_array("organizationalPerson",$ret['objectClass']) &&
- in_array("inetOrgPerson",$ret['objectClass'])){
- $found = TRUE;
- $username .= "ACL: ".$ret['uid'][0]."<br>";
+ if(isset($users[$member])){
+ if(preg_match("/all;cmdrw/i",$tmp[3])){
+ $valid_users .= $users[$member].", ";
+ $GOsa_26_found = TRUE;
+ }
+ }
+ if(isset($groups[$member])){
+ if(preg_match("/all;cmdrw/i",$tmp[3])){
+ $ldap->cat($member);
+ $group_attrs = $ldap->fetch();
+ $val_users = "";
+ if(isset($group_attrs['memberUid'])){
+ for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){
+ if(isset($rusers[$group_attrs['memberUid'][$e]])){
+ $val_users .= $group_attrs['memberUid'][$e].", ";
+ }
+ }
+ }
+ if(!empty($val_users)){
+ $valid_groups .= $groups[$member]."(<i>".trim($val_users,", ")."</i>), ";
+ $GOsa_26_found = TRUE;
+ }
+ }
}
}
}elseif($tmp[1] == "role"){
foreach($members as $member){
$member = base64_decode($member);
- /* Check if acl owner is a valid GOsa user account */
- $ldap->cat($member,array("objectClass","uid"));
- $ret = $ldap->fetch();
-
- if(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
- in_array("organizationalPerson",$ret['objectClass']) &&
- in_array("inetOrgPerson",$ret['objectClass'])){
- $found = TRUE;
- $username .= "ACL Role: ".$ret['uid'][0]."<br>";
+ if(isset($users[$member])){
+ $valid_users .= $users[$member].", ";
+ $GOsa_26_found = TRUE;
+ }
+ if(isset($groups[$member])){
+ $ldap->cat($member);
+ $group_attrs = $ldap->fetch();
+ $val_users = "";
+ if(isset($group_attrs['memberUid'])){
+ for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){
+ if(isset($rusers[$group_attrs['memberUid'][$e]])){
+ $val_users .= $group_attrs['memberUid'][$e].", ";
+ }
+ }
+ }
+ if(!empty($val_users)){
+ $valid_groups .= $groups[$member]."(<i>".trim($val_users,", ")."</i>), ";
+ $GOsa_26_found = TRUE;
+ }
}
}
}
}
}
- # For debugging
- #echo $username;
+ /* Try to find an old GOsa 2.5 administrative account that may be migrated
+ */
+ if(!$GOsa_26_found){
+ $valid_users = "";
+ $valid_groups = "";
+ $ldap->cd($cv['base']);
+ $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
+ while($p_group = $ldap->fetch()){
+ $val_users = "";
+ for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){
+ $user = $p_group['memberUid'][$e];
+ if(isset($rusers[$user])){
+ $val_users .= $user.", ";
+ }
+ }
+ if(!empty($val_users)){
+ $valid_groups .= $groups[$p_group['dn']]."(<i>".trim($val_users,", ")."</i>), ";
+ $GOsa_25_found = TRUE;
+ }
+ }
+ }
+
- if($found){
+ /* Print out results
+ */
+ if($GOsa_25_found){
+ $str = "";
+ if(!empty($valid_groups)){
+ $str.= "<i>".sprintf(_("GOsa 2.5 administrative accounts found: %s"),trim($valid_groups,", "))."</i><br>";
+ }
+ $this->checks['acls']['STATUS'] = FALSE;
+ $this->checks['acls']['STATUS_MSG']= _("Failed");
+ $this->checks['acls']['ERROR_MSG'] = $str;
+ $this->checks['acls']['ERROR_MSG'].= _("There is no valid GOsa 2.6 administrator account inside your LDAP.")." ";
+ $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='migrate_acls' value='"._("Migrate")."'>";
+ $this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
+ }elseif($GOsa_26_found){
+ $str = "";
+ if(!empty($valid_users)){
+ $str.= "<b>"._("Users")."</b>: ".trim($valid_users,", ")."<br>";
+ }
+ if(!empty($valid_groups)){
+ $str.= "<b>"._("Groups")."</b>: ".trim($valid_groups,", ")."<br>";
+ }
$this->checks['acls']['STATUS'] = TRUE;
$this->checks['acls']['STATUS_MSG']= _("Ok");
- $this->checks['acls']['ERROR_MSG'] = "";
+ $this->checks['acls']['ERROR_MSG'] = $str;
}else{
$this->checks['acls']['STATUS'] = FALSE;
$this->checks['acls']['STATUS_MSG']= _("Failed");
$this->checks['acls']['ERROR_MSG'].= "<input type='submit' name='create_acls' value='"._("Create")."'>";
}
}
- return($ldap->count()>=1);
+ return($GOsa_26_found);
}
{
$pw1 = $pw2 = "";
$uid = "";
+
+ /* On first call check for rid/sid base */
+ $cv = $this->parent->captured_values;
+ $ldap_l = new LDAP($cv['admin'],
+ $cv['password'],
+ $cv['connection'],
+ FALSE,
+ $cv['tls']);
+
+ $ldap = new ldapMultiplexer($ldap_l);
if(isset($_POST['new_user_uid'])){
$uid = $_POST['new_user_uid'];
$pw2 = $_POST['new_user_password2'];
}
+
+ $ldap->cd($cv['base']);
+ $ldap->search("(uid=".$uid.")");
+ if($ldap->count()){
+ msg_dialog::display(_("Input error"),msgPool::duplicated(_("Uid")), ERROR_DIALOG);
+ return false;
+ }
+
if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){
msg_dialog::display(_("Password error"), _("Provided passwords do not match!"), ERROR_DIALOG);
return false;
msg_dialog::display(_("Input error"), _("Specify a valid user ID!"), ERROR_DIALOG);
return false;
}
-
- /* On first call check for rid/sid base */
- $cv = $this->parent->captured_values;
- $ldap_l = new LDAP($cv['admin'],
- $cv['password'],
- $cv['connection'],
- FALSE,
- $cv['tls']);
-
- $ldap = new ldapMultiplexer($ldap_l);
-
+
+
/* Get current base attributes */
$ldap->cd($cv['base']);
/* Fix displayed dn syntax */
$tmp = $this->outside_winstations;
foreach($tmp as $key => $data){
- $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
+ $tmp[$key]['dn'] = LDAP::fix($data['dn']);
}
$smarty = get_smarty();
/* Fix displayed dn syntax */
$tmp = $this->outside_groups;
foreach($tmp as $key => $data){
- $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
+ $tmp[$key]['dn'] = LDAP::fix($data['dn']);
}
$smarty = get_smarty();
/* Fix displayed dn syntax */
$tmp = $this->outside_users;
foreach($tmp as $key => $data){
- $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
+ $tmp[$key]['dn'] = LDAP::fix($data['dn']);
}
$smarty = get_smarty();
$this->initialize_checks();
}
}
-
+
/*************
- * User Migration handling
+ * Root object class check
+ *************/
+
+ if(isset($_POST['root_add_objectclasses'])){
+ $this->rootOC_migrate_dialog = TRUE;
+ $this->dialog = TRUE;
+ }
+ if(isset($_POST['rootOC_dialog_cancel'])){
+ $this->rootOC_migrate_dialog = FALSE;
+ $this->dialog = FALSE;
+ }
+ if(isset($_POST['rootOC_migrate_start'])){
+ if($this->checkBaseOC(FALSE)){
+ $this->checkBaseOC(); // Update overview info
+ $this->dialog = FALSE;
+ $this->rootOC_migrate_dialog = FALSE;
+ }
+ }
+
+
+ if($this->rootOC_migrate_dialog){
+ $smarty = get_smarty();
+ $smarty->assign("details",$this->rootOC_details);
+ $smarty->assign("method","rootOC_migrate_dialog");
+ return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
+ }
+
+ /*************
+ * Administrative Account -- Migrate/Create
*************/
if(isset($_POST['retry_acls'])){
$this->check_administrativeAccount();
}
+ /* Dialog handling */
if(isset($_POST['create_acls'])){
$this->acl_create_dialog = TRUE;
$this->dialog = TRUE;
}
+
+ if(isset($_POST['migrate_acls'])){
+ $this->acl_migrate_dialog = TRUE;
+ $this->dialog = TRUE;
+ }
- if(isset($_POST['create_acls_cancel'])){
+ if(isset($_POST['create_acls_cancel']) || isset($_POST['migrate_acls_cancel'])){
$this->acl_create_dialog = FALSE;
+ $this->acl_migrate_dialog = FALSE;
$this->dialog = FALSE;
$this->show_details = FALSE;
}
-# if(isset($_POST['create_acls_create_confirmed'])){
-# if($this->create_admin()){
-# $this->acl_create_dialog = FALSE;
-# $this->dialog = FALSE;
-# $this->show_details = FALSE;
-# $this->initialize_checks();
-# }
-# }
-
+ /* Account creation */
if(isset($_POST['create_acls_create'])){
$this->create_admin(TRUE);
}
}
}
+ /* Add admin acls for the selected users to the ldap base.
+ */
+ if($this->acl_migrate_dialog && isset($_POST['migrate_admin_user'])){
+
+ /* Update ldap and reload check infos
+ */
+ $this->migrate_selected_admin_users();
+
+ }elseif($this->acl_migrate_dialog){
+
+ /* Display admin migration dialog.
+ */
+ $this->migrate_users();
+ $smarty = get_smarty();
+
+ /* Do we have to display the changes
+ */
+ $details = isset($_POST['details']) && $_POST['details'];
+ if(isset($_POST['migrate_acls_show_changes'])){
+ $details = TRUE;
+ }elseif(isset($_POST['migrate_acls_hide_changes'])){
+ $details = FALSE;
+ }
+
+ $smarty->assign("migrate_acl_base_entry", $this->migrate_acl_base_entry);
+ $smarty->assign("details", $details);
+ $smarty->assign("method","migrate_acls");
+ $smarty->assign("migrateable_users",$this->migrate_users);
+ return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
+ }
+
if($this->acl_create_dialog){
$smarty = get_smarty();
-
$uid = "admin";
if(isset($_POST['new_user_uid'])){
$uid = $_POST['new_user_uid'];
}
-
$smarty->assign("new_user_uid",$uid);
$smarty->assign("new_user_password",@$_POST['new_user_password']);
$smarty->assign("new_user_password2",@$_POST['new_user_password2']);
/* Fix displayed dn syntax */
$tmp = $this->users_to_migrate;
foreach($tmp as $key => $data){
- $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
+ $tmp[$key]['dn'] = LDAP::fix($data['dn']);
}
$smarty = get_smarty();
/* Fix displayed dn syntax */
$tmp = $this->deps_to_migrate;
foreach($tmp as $key => $data){
- $tmp[$key]['dn'] = @LDAP::fix($data['dn']);
+ $tmp[$key]['dn'] = LDAP::fix($data['dn']);
}
$smarty->assign("deps_to_migrate",$tmp);
}
+ /* Check if the root object includes the required object classes, e.g. gosaDepartment is required for ACLs.
+ * If the parameter just_check is true, then just check for the OCs.
+ * If the Parameter is false, try to add the required object classes.
+ */
+ function checkBaseOC($just_check = TRUE)
+ {
+ /* Establish ldap connection */
+ $cv = $this->parent->captured_values;
+ $ldap_l = new LDAP($cv['admin'],
+ $cv['password'],
+ $cv['connection'],
+ FALSE,
+ $cv['tls']);
+
+ $ldap = new ldapMultiplexer($ldap_l);
+
+ /* Check if root object exists */
+ $ldap->cd($cv['base']);
+ $ldap->cat($cv['base']);
+ if(!$ldap->count()){
+ $this->checks['rootOC']['STATUS'] = FALSE;
+ $this->checks['rootOC']['STATUS_MSG']= _("LDAP query failed");
+ $this->checks['rootOC']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
+ return;
+ }
+
+ $attrs = $ldap->fetch();
+
+ /* Root object doesn't exists
+ */
+ if(!in_array("gosaDepartment",$attrs['objectClass'])){
+ if($just_check){
+
+ $this->rootOC_details = array();
+ $mods = array();
+
+ /* Get list of possible container objects, to be able to detect naming
+ * attributes and missing attribute types.
+ */
+ if(!class_available("departmentManagement")){
+ $this->checks['rootOC']['STATUS'] = FALSE;
+ $this->checks['rootOC']['STATUS_MSG']= _("Failed");
+ $this->checks['rootOC']['ERROR_MSG'] = sprintf(_("Missing GOsa class %s."),"departmentManagement").
+ " "._("Please check your installation.");
+ return;
+ }
+
+ /* Try to detect base class type, e.g. is it a dcObject.
+ */
+ $dep_types = departmentManagement::get_support_departments();
+ $dep_type ="";
+ foreach($dep_types as $dep_name => $dep_class){
+ if(in_array($dep_class['CLASS'], $attrs['objectClass'])){
+ $dep_type = $dep_name;
+ break;
+ }
+ }
+
+ /* If no known base class was detect, abort with message
+ */
+ if(empty($dep_type)){
+ $this->checks['rootOC']['STATUS'] = FALSE;
+ $this->checks['rootOC']['STATUS_MSG']= _("Failed");
+ $this->checks['rootOC']['ERROR_MSG'] =
+ sprintf(_("Could not detect the object type of your root object, please try to add the objectClass '%s' manually."),"gosaDepartment");
+ return;
+ }
+
+ /* Create 'current' and 'target' object properties, to be able to display
+ * a set of modifications required to create a valid GOsa department.
+ */
+ $str = "dn: ".$cv['base']."\n";
+ for($i = 0 ; $i<$attrs['objectClass']['count'];$i++){
+ $str .= "objectClass: ".$attrs['objectClass'][$i]."\n";
+ }
+ $this->rootOC_details['current'] = $str;
+
+ /* Create target infos
+ */
+ $str = "dn: ".$cv['base']."\n";
+ for($i = 0 ; $i<$attrs['objectClass']['count'];$i++){
+ $str .= "objectClass: ".$attrs['objectClass'][$i]."\n";
+ $mods['objectClass'][] = $attrs['objectClass'][$i];
+ }
+ $mods['objectClass'][] = "gosaDepartment";
+ $str .= "<b>objectClass: gosaDepartment</b>\n";
+
+ /* Append attribute 'ou', it is required by gosaDepartment
+ */
+ if(!isset($attrs['ou'])){
+ $val = "GOsa";
+ if(isset($attrs[$dep_types[$dep_type]['ATTR']][0])){
+ $val = $attrs[$dep_types[$dep_type]['ATTR']][0];
+ }
+ $str .= "<b>ou: ".$val."</b>\n";
+ $mods['ou'] =$val;
+ }
+
+ /*Append description, it is required by gosaDepartment too.
+ */
+ if(!isset($attrs['description'])){
+ $val = "GOsa";
+ if(isset($attrs[$dep_types[$dep_type]['ATTR']][0])){
+ $val = $attrs[$dep_types[$dep_type]['ATTR']][0];
+ }
+ $str .= "<b>description: ".$val."</b>\n";
+ $mods['description'] = $val;
+ }
+ $this->rootOC_details['target'] = $str;
+ $this->rootOC_details['mods'] = $mods;
+
+ /* Add button that allows to open the migration details
+ */
+ $this->checks['rootOC']['STATUS'] = FALSE;
+ $this->checks['rootOC']['STATUS_MSG']= _("Failed");
+ $this->checks['rootOC']['ERROR_MSG'] = " <input type='submit'
+ name='root_add_objectclasses' value='"._("Migrate")."'>";
+
+ return(FALSE);
+ }else{
+
+ /* Add root object */
+ $ldap->cd($cv['base']);
+ if(isset($this->rootOC_details['mods'])){
+ $res = $ldap->modify($this->rootOC_details['mods']);
+ if(!$res){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $source, LDAP_MOD, get_class()));
+ }
+ return($res);
+ }else{
+ trigger_error("No modifications to make... ");
+ }
+ }
+ return(TRUE);
+ }
+
+ /* Create & remove of dummy object was successful */
+ $this->checks['rootOC']['STATUS'] = TRUE;
+ $this->checks['rootOC']['STATUS_MSG']= _("Ok");
+ $this->checks['rootOC']['ERROR_MSG'] = "";
+ }
+
+
/* Return ldif information for a
* given attribute array
*/
$tmp = array();
while($attrs = $ldap->fetch()){
- $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
+ $tmp[base64_encode($attrs['dn'])] = LDAP::fix($attrs['dn']);
}
return($tmp);
}
$tmp = array();
while($attrs = $ldap->fetch()){
- $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']);
+ $tmp[base64_encode($attrs['dn'])] = LDAP::fix($attrs['dn']);
}
return($tmp);
}
*/
if(!$ldap->success()){
msg_dialog::display(_("LDAP error"),
- sprintf(_("Ldap add failed for %s with error %s"),
+ sprintf(_("Adding '%s' to the LDAP failed: %s"),
"<b>".LDAP::fix($newdn)."</b>",
"<br><br><i>".$ldap->get_error()."</i>"), ERROR_DIALOG);
}else{
$ldap->cat($device['DN'],array("gotoHotplugDevice"));
if(!$ldap->success()){
msg_dialog::display(_("LDAP error"),
- sprintf(_("Ldap update failed for %s with error %s"),
+ sprintf(_("Updating '%s' failed: %s"),
"<b>".LDAP::fix($device['DN'])."</b>",
"<br><br><i>".$ldap->get_error()."</b>"), ERROR_DIALOG);
}else{
*/
if(!$ldap->success()){
msg_dialog::display(_("LDAP error"),
- sprintf(_("Ldap update failed for %s with error %s"),
+ sprintf(_("Updating '%s' failed: %s"),
"<b>".LDAP::fix($service['DN'])."</b>",
"<br><br><i>".$ldap->get_error()."</b>"), ERROR_DIALOG);
}else{
/* Create readable prefix for "What will be done" infos
*/
- $s_add = "<i>"._("add")."</i>\t";
- $s_del = "<i>"._("remove")."</i>\t";
+ $s_add = "<i>"._("Add")."</i>\t";
+ $s_del = "<i>"._("Remove")."</i>\t";
/* Walk through all found old-style menu configurations.
-Prepare ldap update list $data
if(count($this->menu)){
$this->checks['old_style_menus']['STATUS'] = FALSE;
$this->checks['old_style_menus']['STATUS_MSG']= "<font style='color:#F0A500'>"._("Warning")."</font>";
- $this->checks['old_style_menus']['ERROR_MSG'] = sprintf(_("There are %s application menus which have to be converted."),
+ $this->checks['old_style_menus']['ERROR_MSG'] = sprintf(_("There are %s application menus which have to be migrated."),
count($this->menu))."<input type='submit' name='menu_dialog' value='"._("Migrate")."'>";
}else{
$this->checks['old_style_menus']['STATUS'] = TRUE;
*/
$this->check_menus();
}
-}
+
+ function migrate_selected_admin_users()
+ {
+ /* Updated ui selection */
+ $this->migrate_users();
+
+ /* Establish ldap connection */
+ $cv = $this->parent->captured_values;
+ $ldap_l = new LDAP($cv['admin'],
+ $cv['password'],
+ $cv['connection'],
+ FALSE,
+ $cv['tls']);
+
+ $ldap = new ldapMultiplexer($ldap_l);
+ $ldap->cd($cv['base']);
+
+ /* Get current ACL configuration for the ldap base
+ */
+ $ldap->cat($cv['base']);
+ $base_attrs = $ldap->fetch();
+ $acl_entries= array();
+ $acl_id = -1;
+ if(isset($base_attrs['gosaAclEntry'])){
+ for($i=0; $i < $base_attrs['gosaAclEntry']['count']; $i ++){
+ $acl_entries[] = $base_attrs['gosaAclEntry'][$i];
+ $cur_id = preg_replace("/^([0-9]*):.*$/","\\1",$base_attrs['gosaAclEntry'][$i]);
+ if($cur_id > $acl_id){
+ $acl_id = $cur_id;
+ }
+ }
+ }
+
+ /* Append ACLs selected in the migrate admin account dialog
+ */
+ foreach($this->migrate_users as $entry){
+ if($entry['checked']){
+ $acl_id ++;
+ $acl_entries[] = $acl_id.$entry['change'];
+ }
+ }
+
+ /* Check if the required objectClasses are available
+ */
+ $ocs = array();
+ for($i=0;$i< $base_attrs['objectClass']['count']; $i++){
+ $ocs[] = $base_attrs['objectClass'][$i];
+ }
+ if(!in_array("gosaACL",$ocs)){
+ $ocs[] = "gosaACL";
+ }
+
+ /* Try to write changes
+ */
+ if(count($acl_entries)){
+ $new_entry['gosaAclEntry'] = $acl_entries;
+ $new_entry['objectClass'] = $ocs;
+ $ldap->cd($cv['base']);
+ $ldap->modify($new_entry);
+ if(!$ldap->success()){
+ $this->checks['acls']['TITLE'] = _("Checking for super administrator");
+ $this->checks['acls']['STATUS'] = FALSE;
+ $this->checks['acls']['STATUS_MSG']= _("Failed");
+ $this->checks['acls']['ERROR_MSG'] = "<br>".msgPool::ldaperror($cv['base'],$ldap->get_error(),LDAP_MOD);
+ }else{
+ $this->check_administrativeAccount();
+ }
+ }
+ }
+
+
+ function migrate_users()
+ {
+ /* Collect a list of available GOsa users and groups
+ */
+
+ /* Establish ldap connection */
+ $cv = $this->parent->captured_values;
+ $ldap_l = new LDAP($cv['admin'],
+ $cv['password'],
+ $cv['connection'],
+ FALSE,
+ $cv['tls']);
+
+ $ldap = new ldapMultiplexer($ldap_l);
+ $ldap->cd($cv['base']);
+
+ $users = array();
+ $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)".
+ "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn"));
+ while($user_attrs = $ldap->fetch()){
+ $users[$user_attrs['dn']] = $user_attrs['uid'][0];
+ $rusers[$user_attrs['uid'][0]] = $user_attrs['dn'];
+ }
+ $groups = array();
+ $ldap->search("objectClass=posixGroup",array("cn","dn"));
+ while($group_attrs = $ldap->fetch()){
+ $groups[$group_attrs['dn']] = $group_attrs['cn'][0];
+ }
+
+ foreach($this->migrate_users as $id => $data){
+ $this->migrate_users[$id]['checked'] = isset($_POST['migrate_admin_'.$id]);
+ }
+
+ /* Try to find an old GOsa 2.5 administrative account that may be migrated
+ */
+ if(!count($this->migrate_users)){
+ $ldap->cat($cv['base']);
+ $base_data = $ldap->fetch();
+ $base_entry = "dn: ".$base_data['dn']."\n";
+ for($i=0;$i<$base_data['objectClass']['count'];$i++){
+ $base_entry .= "objectClass: ".$base_data['objectClass'][$i]."\n";
+ }
+ if(!in_array("gosaACL",$base_data['objectClass'])){
+ $base_entry .= "<b>objectClass: gosaACL</b>\n";
+ }
+ if(isset($base_data['gosaAclEntry'])){
+ for($i=0;$i<$base_data['gosaAclEntry']['count'];$i++){
+ $base_entry .= "gosaAclEntry: ".$base_data['gosaAclEntry'][$i]."\n";
+ }
+ }
+ $this->migrate_acl_base_entry = $base_entry;
+ $ldap->cd($cv['base']);
+ $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
+ while($p_group = $ldap->fetch()){
+ for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){
+ $user = $p_group['memberUid'][$e];
+ if(isset($rusers[$user])){
+ $bsp_acl_entry = "gosaAclEntry: #:psub:".base64_encode($rusers[$user]).":all;cmdrw\n";
+ $entry = array();
+ $entry['uid'] = $user;
+ $entry['dn'] = $rusers[$user];
+ $entry['details'] = $bsp_acl_entry;
+ $entry['checked'] = FALSE;
+ $entry['change'] = ":psub:".base64_encode($rusers[$user]).":all;cmdrw";
+ $this->migrate_users[] = $entry;
+ }
+ }
+ }
+ }
+ }
+}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>