index cf487a90b68a27b72deb35156048fa9665065258..89b2dc60a1d8ea44d08e8af8762f49ab6c58f81a 100644 (file)
$cv['tls']);
$ldap->cd($cv['base']);
- $res = $ldap->search("uidNumber=*",array("dn","uidNumber"));
+ $res = $ldap->search("(&(objectClass=posixAccount)(uidNumber=*))",array("dn","uidNumber"));
if(!$res){
$this->checks['uidNumber_usage']['STATUS'] = FALSE;
$this->checks['uidNumber_usage']['STATUS_MSG']= _("LDAP query failed");
/* Get winstation ou */
if($cv['generic_settings']['wws_ou_active']) {
- $winstation_ou = $cv['generic_settings']['ws_ou'];
+ $winstation_ou = $cv['generic_settings']['wws_ou'];
}else{
$winstation_ou = "ou=winstations";
}
$group_ou = $cv['groupou'];
$ldap->cd($cv['base']);
+
+ /***********
+ * Get all gosaDepartments to be able to
+ * validate correct ldap tree position of every single user
+ ***********/
+ $valid_deps = array();
+ $valid_deps['/'] = $cv['base'];
+ $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
+ while($attrs = $ldap->fetch()){
+ $valid_deps[] = $attrs['dn'];
+ }
+
+ /***********
+ * Get all groups
+ ***********/
$res = $ldap->search("(objectClass=posixGroup)",array("dn"));
if(!$res){
$this->checks['outside_groups']['STATUS'] = FALSE;
return(false);
}
-
$this->outside_groups = array();
while($attrs = $ldap->fetch()){
- if((!preg_match("/^[^,]+,".normalizePreg($group_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
+ $group_db_base = preg_replace("/^[^,]+,".normalizePreg($group_ou)."+,/i","",$attrs['dn']);
+
+ /* Check if entry is not an addressbook only user
+ * and verify that he is in a valid department
+ */
+ if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$group_db_base) &&
+ !in_array($group_db_base,$valid_deps)
+ ){
$attrs['selected'] = FALSE;
$attrs['ldif'] = "";
$this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
$cv['connection'],
FALSE,
$cv['tls']);
- $people_ou = $cv['peopleou'];
+
$ldap->cd($cv['base']);
+
+
+ /***********
+ * Get all gosaDepartments to be able to
+ * validate correct ldap tree position of every single user
+ ***********/
+ $valid_deps = array();
+ $valid_deps['/'] = $cv['base'];
+ $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
+ while($attrs = $ldap->fetch()){
+ $valid_deps[] = $attrs['dn'];
+ }
+
+ /***********
+ * Search for all users
+ ***********/
$res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
if(!$res){
$this->checks['outside_users']['STATUS'] = FALSE;
return(false);
}
-
+ /***********
+ * Check if returned users are within a valid GOsa deparmtment. (peopleou,gosaDepartment,base)
+ ***********/
$this->outside_users = array();
+ $people_ou = trim($cv['peopleou']);
+ if(!empty($people_ou)){
+ $people_ou = $people_ou.",";
+ }
+
while($attrs = $ldap->fetch()){
- if((!preg_match("/^[^,]+,".normalizePreg($people_ou)."/",$attrs['dn']) && !preg_match("/,dc=addressbook,/",$attrs['dn']))){
+ $people_db_base = preg_replace("/^[^,]+,".normalizePreg($people_ou)."/i","",$attrs['dn']);
+
+ /* Check if entry is not an addressbook only user
+ * and verify that he is in a valid department
+ */
+ if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$people_db_base) &&
+ !in_array($people_db_base,$valid_deps)
+ ){
$attrs['selected'] = FALSE;
$attrs['ldif'] = "";
$this->outside_users[base64_encode($attrs['dn'])] = $attrs;
$cv['tls']);
/* Skip GOsa internal departments */
- $skip_dns = array("/^ou=people,/","/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
- "/^ou=apps,/","/^ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
+ $skip_dns = array("/".$cv['peopleou']."/","/".$cv['groupou']."/","/^ou=people,/",
+ "/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
+ "/(,|)ou=apps,/","/(,|)ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
"/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
"/(,|)ou=winstations,/");
-
/* Get all invisible departments */
$ldap->cd($cv['base']);
$res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
if(!in_array($object_attrs['uid'][0],$attrs_admin_group_new['memberUid'])){
$attrs_admin_group_new['memberUid'][] = $object_attrs['uid'][0];
}
+ if ($cv['rfc2307bis']){
+ $attrs_admin_group_new['member'][] = $dn;
+ }
if($only_ldif){
- $this->acl_create_changes = _("Appending user to to group administrational group: \n");
+ $this->acl_create_changes = _("Appending user to group administrational group:")." \n";
$this->acl_create_changes.= "\n"._("Before").":\n";
$this->acl_create_changes.= $fetched_attrs['dn']."\n";
$this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group)."\n";
}
}
- }else{
- $new_group_dn = "cn=GOsa Administrators,".$cv['groupou'].",".$cv['base'];
- $new_group_attrs['objectClass'] = array("gosaObject","posixGroup");
+ } else {
+
+ $group_ou = trim($cv['groupou']);
+ if(!empty($group_ou)){
+ $group_ou = trim($group_ou).",";
+ }
+
+ $new_group_dn = "cn=GOsa Administrators,".$group_ou.$cv['base'];
+ if ($cv['rfc2307bis']){
+ $new_group_attrs['objectClass'] = array("gosaObject","posixGroup", "groupOfNames");
+ $new_group_attrs['member'][] = $dn;
+ } else {
+ $new_group_attrs['objectClass'] = array("gosaObject","posixGroup");
+ }
$new_group_attrs['cn'] = "GOsa Administrators";
$new_group_attrs['gosaSubtreeACL'] = ":all";
$new_group_attrs['gidNumber'] = "999";
$new_group_attrs['memberUid'] = array($object_attrs['uid'][0]);
if($only_ldif){
- $this->acl_create_changes = _("Creating new administrational group: \n\n");
+ $this->acl_create_changes = _("Creating new administrational group:")." \n\n";
$this->acl_create_changes.= $new_group_dn."\n";
$this->acl_create_changes.= $this->array_to_ldif($new_group_attrs);
}else{
$ldap->cd($cv['base']);
- $ldap->create_missing_trees($cv['groupou'].",".$cv['base']);
+ $ldap->create_missing_trees($group_ou.$cv['base']);
$ldap->cd($new_group_dn);
$res = $ldap->add($new_group_attrs);
if(!$res){
/* Get current base attributes */
$ldap->cd($cv['base']);
-
+
+ $people_ou = trim($cv['peopleou']);
+ if(!empty($people_ou)){
+ $people_ou = trim($people_ou).",";
+ }
+
if($cv['peopledn'] == "cn"){
- $dn = "cn=System Administrator,".$cv['peopleou'].",".$cv['base'];
+ $dn = "cn=System Administrator,".$people_ou.$cv['base'];
}else{
- $dn = "uid=".$uid.",".$cv['peopleou'].",".$cv['base'];
+ $dn = "uid=".$uid.",".$people_ou.$cv['base'];
}
$methods = @passwordMethod::get_available_methods_if_not_loaded();
$new_user['userPassword'] = $hash;
$ldap->cd($cv['base']);
-
$ldap->cat($dn,array("dn"));
if($ldap->count()){
print_red(sprintf(_("Could not add administrative user, there is already an object with the same dn '%s' in your ldap database."),
$ldap->cd($dn);
$res = $ldap->add($new_user);
$this->acl_create_selected = $dn;
- $this->create_admin();
+ $this->create_admin(FALSE, $dn);
if(!$res){
print_red($ldap->get_error());
/* Check if there are references to this object */
- $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
+ $ldap->search("(&(member=".@LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
$refs = "";
while($attrs = $ldap->fetch()){
$ref_dn = $attrs['dn'];
/* Check if there are references to this object */
- $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
+ $ldap->search("(&(member=".@LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
$refs = "";
while($attrs = $ldap->fetch()){
$ref_dn = $attrs['dn'];
print_red(_("Couldn't move users to specified department."));
return(false);
}
-
+
foreach($this->outside_users as $b_dn => $data){
$this->outside_users[$b_dn]['ldif'] ="";
if($data['selected']){
$this->outside_users[$b_dn]['ldif'] = _("User will be moved from").":<br>\t".$dn."<br>"._("to").":<br>\t".$d_dn;
/* Check if there are references to this object */
- $ldap->search("(&(member=".$dn.")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
+ $ldap->search("(&(member=".@LDAP::prepare4filter($dn).")(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))",array('dn'));
$refs = "";
while($attrs = $ldap->fetch()){
$ref_dn = $attrs['dn'];
/* Check if root object exists */
$ldap->cd($cv['base']);
+ $ldap->set_size_limit(1);
$res = $ldap->search("(objectClass=*)");
+ $ldap->set_size_limit(0);
$err = ldap_errno($ldap->cid);
if( !$res ||
{
/* Get collected configuration settings */
$cv = $this->parent->captured_values;
+ $people_ou = trim($cv['peopleou']);
/* Establish ldap connection */
$ldap = new LDAP($cv['admin'],
FALSE,
$cv['tls']);
- $ldap->cd($cv['base']);
- $ldap->search("(".$cv['peopleou'].")",array("dn"));
-
- if($ldap->count() == 0 ){
- $add_dn = $cv['peopleou'].",".$cv['base'];
- $naming_attr = preg_replace("/=.*$/","",$add_dn);
- $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
- $add = array();
- $add['objectClass'] = array("organizationalUnit");
- $add[$naming_attr] = $naming_value;
+
+ /*****************
+ * If people ou is NOT empty
+ * search for for all objects matching the given container
+ *****************/
+ if(!empty($people_ou)){
+ $ldap->search("(".$people_ou.")",array("dn"));
+
+ /* Create people ou if there is currently none */
+ if($ldap->count() == 0 ){
+ $add_dn = $cv['peopleou'].",".$cv['base'];
+ $naming_attr = preg_replace("/=.*$/","",$add_dn);
+ $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
+ $add = array();
+ $add['objectClass'] = array("organizationalUnit");
+ $add[$naming_attr] = $naming_value;
+ $ldap->cd($cv['base']);
+ $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
+ $ldap->cd($add_dn);
+ $ldap->add($add);
+ }
- $ldap->cd($cv['base']);
- $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
- $ldap->cd($add_dn);
- $ldap->add($add);
- }
+ /* Create result */
+ $ldap->search("(".$cv['peopleou'].")",array("dn"));
+ $tmp = array();
+ while($attrs= $ldap->fetch()){
+ if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
+ $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
+ }
+ }
+ } else{
- $ldap->search("(".$cv['peopleou'].")",array("dn"));
- $tmp = array();
- while($attrs= $ldap->fetch()){
- if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
- $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
+ /************
+ * If people ou is empty
+ * Get all valid gosaDepartments
+ ************/
+ $ldap->cd($cv['base']);
+ $tmp = array();
+ $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
+ $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
+ while($attrs = $ldap->fetch()){
+ $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
}
}
return($tmp);
}
+
function get_all_winstation_ous()
{
/* Get collected configuration settings */
/* Get winstation ou */
if($cv['generic_settings']['wws_ou_active']) {
- $winstation_ou = $cv['generic_settings']['ws_ou'];
+ $winstation_ou = $cv['generic_settings']['wws_ou'];
}else{
$winstation_ou = "ou=winstations";
}
$cv['connection'],
FALSE,
$cv['tls']);
+
+ $group_ou = trim($cv['groupou']);
+ if(!empty($group_ou)){
+ $group_ou = trim($group_ou);
+ }
+ /************
+ * If group ou is NOT empty
+ * Get all valid group ous, create one if necessary
+ ************/
$ldap->cd($cv['base']);
- $ldap->search("(".$cv['groupou'].")",array("dn"));
-
- if($ldap->count() == 0 ){
- $add_dn = $cv['groupou'].",".$cv['base'];
- $naming_attr = preg_replace("/=.*$/","",$add_dn);
- $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
- $add = array();
- $add['objectClass'] = array("organizationalUnit");
- $add[$naming_attr] = $naming_value;
+ if(!empty($group_ou)){
+ $ldap->search("(".$group_ou.")",array("dn"));
+ if($ldap->count() == 0 ){
+ $add_dn = $group_ou.$cv['base'];
+ $naming_attr = preg_replace("/=.*$/","",$add_dn);
+ $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
+ $add = array();
+ $add['objectClass'] = array("organizationalUnit");
+ $add[$naming_attr] = $naming_value;
+ $ldap->cd($cv['base']);
+ $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
+ $ldap->cd($add_dn);
+ $ldap->add($add);
+ }
+ $ldap->search("(".$group_ou.")",array("dn"));
+ $tmp = array();
+ while($attrs= $ldap->fetch()){
+ if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
+ $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
+ }
+ }
+ }else{
+ /************
+ * If group ou is empty
+ * Get all valid gosaDepartments
+ ************/
$ldap->cd($cv['base']);
- $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
- $ldap->cd($add_dn);
- $ldap->add($add);
- }
-
- $ldap->search("(".$cv['groupou'].")",array("dn"));
- $tmp = array();
- while($attrs= $ldap->fetch()){
- if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
- $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
+ $tmp = array();
+ $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
+ $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
+ while($attrs = $ldap->fetch()){
+ $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
}
}
return($tmp);
/* Update object references in gosaGroupOfNames */
$ogs_to_fix = array();
$ldap->cd($cv['base']);
- $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($source).'))', array('cn','member'));
+ $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::prepare4filter($source).'))', array('cn','member'));
while ($attrs= $ldap->fetch()){
$dn = $attrs['dn'];
$attrs = $this->cleanup_array($attrs);
}
}
-// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
+//vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>