X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fsetup%2Fclass_setupStep_Migrate.inc;h=e1819137b1576fa517916ebc61b4ddda13c4f1a1;hb=9b10111d38b0589067bb74136863655b770a0ca2;hp=5b55c7ce3e6a040798b5f97c6a0c3a86b0f3130f;hpb=7d077eef53c40bb965f6ec5da01534383dbef256;p=gosa.git diff --git a/gosa-core/setup/class_setupStep_Migrate.inc b/gosa-core/setup/class_setupStep_Migrate.inc index 5b55c7ce3..e1819137b 100644 --- a/gosa-core/setup/class_setupStep_Migrate.inc +++ b/gosa-core/setup/class_setupStep_Migrate.inc @@ -53,7 +53,7 @@ class Step_Migrate extends setup_step { var $languages = array(); var $attributes = array(); - var $header_image = "images/monitoring.png"; + var $header_image = "images/setup/migrate.png"; var $checks = array(); /* Department migration attributes */ @@ -108,6 +108,11 @@ class Step_Migrate extends setup_step var $group_list = array(); + /* Migrateable users */ + var $migrate_users = array(); + var $acl_migrate_dialog = FALSE; + var $migrate_acl_base_entry = ""; + function Step_Migrate() { $this->update_strings(); @@ -133,67 +138,68 @@ class Step_Migrate extends setup_step $this->checks['permissions']['STATUS'] = FALSE; $this->checks['permissions']['STATUS_MSG']= ""; $this->checks['permissions']['ERROR_MSG'] = ""; -// $this->check_ldap_permissions(); + $this->check_ldap_permissions(); $this->checks['deps_visible']['TITLE'] = _("Checking for invisible departments"); $this->checks['deps_visible']['STATUS'] = FALSE; $this->checks['deps_visible']['STATUS_MSG']= ""; -// $this->checks['deps_visible']['ERROR_MSG'] = ""; + $this->checks['deps_visible']['ERROR_MSG'] = ""; $this->checks['users_visible']['TITLE'] = _("Checking for invisible users"); $this->checks['users_visible']['STATUS'] = FALSE; $this->checks['users_visible']['STATUS_MSG']= ""; $this->checks['users_visible']['ERROR_MSG'] = ""; -// $this->check_gosaAccounts(); + $this->check_gosaAccounts(); + $this->migrate_users = array(); $this->checks['acls']['TITLE'] = _("Checking for super administrator"); $this->checks['acls']['STATUS'] = FALSE; $this->checks['acls']['STATUS_MSG']= ""; $this->checks['acls']['ERROR_MSG'] = ""; -// $this->check_administrativeAccount(); + $this->check_administrativeAccount(); $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree"); $this->checks['outside_users']['STATUS'] = FALSE; $this->checks['outside_users']['STATUS_MSG']= ""; $this->checks['outside_users']['ERROR_MSG'] = ""; -// $this->search_outside_users(); + $this->search_outside_users(); $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree"); $this->checks['outside_groups']['STATUS'] = FALSE; $this->checks['outside_groups']['STATUS_MSG']= ""; $this->checks['outside_groups']['ERROR_MSG'] = ""; -// $this->search_outside_groups(); -// $this->check_organizationalUnits(); + $this->search_outside_groups(); + $this->check_organizationalUnits(); $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation tree"); $this->checks['outside_winstations']['STATUS'] = FALSE; $this->checks['outside_winstations']['STATUS_MSG']= ""; $this->checks['outside_winstations']['ERROR_MSG'] = ""; -// $this->search_outside_winstations(); + $this->search_outside_winstations(); $this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicated UID numbers"); $this->checks['uidNumber_usage']['STATUS'] = FALSE; $this->checks['uidNumber_usage']['STATUS_MSG']= ""; $this->checks['uidNumber_usage']['ERROR_MSG'] = ""; -// $this->check_uidNumber(); + $this->check_uidNumber(); $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate GID numbers"); $this->checks['gidNumber_usage']['STATUS'] = FALSE; $this->checks['gidNumber_usage']['STATUS_MSG']= ""; $this->checks['gidNumber_usage']['ERROR_MSG'] = ""; -// $this->check_gidNumber(); + $this->check_gidNumber(); $this->checks['old_style_devices']['TITLE'] = _("Checking for old style USB devices"); $this->checks['old_style_devices']['STATUS'] = FALSE; $this->checks['old_style_devices']['STATUS_MSG']= ""; $this->checks['old_style_devices']['ERROR_MSG'] = ""; -// $this->check_usb_devices(); + $this->check_usb_devices(); $this->checks['old_style_services']['TITLE'] = _("Checking for old services that have to be migrated"); $this->checks['old_style_services']['STATUS'] = FALSE; $this->checks['old_style_services']['STATUS_MSG']= ""; $this->checks['old_style_services']['ERROR_MSG'] = ""; -// $this->check_services(); + $this->check_services(); $this->checks['old_style_menus']['TITLE'] = _("Checking for old style application menus"); $this->checks['old_style_menus']['STATUS'] = FALSE; @@ -323,7 +329,7 @@ class Step_Migrate extends setup_step /* Get winstation ou */ if($cv['generic_settings']['wws_ou_active']) { - $winstation_ou = $cv['generic_settings']['ws_ou']; + $winstation_ou = $cv['generic_settings']['wws_ou']; }else{ $winstation_ou = "ou=winstations"; } @@ -345,7 +351,7 @@ class Step_Migrate extends setup_step $this->outside_winstations = array(); while($attrs = $ldap->fetch()){ - if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){ + if((!preg_match("/^[^,]+,".preg_quote($winstation_ou, '/')."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){ $attrs['selected'] = FALSE; $attrs['ldif'] = ""; $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs; @@ -410,12 +416,12 @@ class Step_Migrate extends setup_step $this->outside_groups = array(); $this->groups_list = array();; while($attrs = $ldap->fetch()){ - $group_db_base = preg_replace("/^[^,]+,".normalizePreg($group_ou)."+,/i","",$attrs['dn']); + $group_db_base = preg_replace("/^[^,]+,".preg_quote($group_ou, '/')."+,/i","",$attrs['dn']); /* Check if entry is not an addressbook only user * and verify that he is in a valid department */ - if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$group_db_base) && + if( !preg_match("/".preg_quote("dc=addressbook,", '/')."/",$group_db_base) && !in_array($group_db_base,$valid_deps) ){ $attrs['selected'] = FALSE; @@ -488,12 +494,12 @@ class Step_Migrate extends setup_step } while($attrs = $ldap->fetch()){ - $people_db_base = preg_replace("/^[^,]+,".normalizePreg($people_ou)."/i","",$attrs['dn']); + $people_db_base = preg_replace("/^[^,]+,".preg_quote($people_ou, '/')."/i","",$attrs['dn']); /* Check if entry is not an addressbook only user * and verify that he is in a valid department */ - if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$people_db_base) && + if( !preg_match("/dc=addressbook,/",$people_db_base) && !in_array($people_db_base,$valid_deps) ){ $attrs['selected'] = FALSE; @@ -678,7 +684,7 @@ class Step_Migrate extends setup_step /* Create new objectClass array */ $new_attrs = array(); - $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson"); + $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson","person"); for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){ if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){ $new_attrs['objectClass'][] = $attrs['objectClass'][$i]; @@ -851,6 +857,12 @@ class Step_Migrate extends setup_step */ function check_administrativeAccount() { + /* Reset settings + */ + $this->migrate_users = array(); + $this->acl_migrate_dialog = FALSE; + $this->migrate_acl_base_entry = ""; + /* Establish ldap connection */ $cv = $this->parent->captured_values; $ldap_l = new LDAP($cv['admin'], @@ -868,31 +880,65 @@ class Step_Migrate extends setup_step $this->checks['acls']['STATUS_MSG']= _("LDAP query failed"); $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); }else{ - $found = false; + $GOsa_26_found = false; // GOsa 2.6 Account found + $GOsa_25_found = false; // GOsa 2.5 Account found, allow migration + $username = ""; $attrs = $ldap->fetch(); + + /* Collect a list of available GOsa users and groups + */ + $users = array(); + $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)". + "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn")); + while($user_attrs = $ldap->fetch()){ + $users[$user_attrs['dn']] = $user_attrs['uid'][0]; + $rusers[$user_attrs['uid'][0]] = $user_attrs['dn']; + } + $groups = array(); + $ldap->search("objectClass=posixGroup",array("cn","dn")); + while($group_attrs = $ldap->fetch()){ + $groups[$group_attrs['dn']] = $group_attrs['cn'][0]; + } + + /* Check if a valid GOsa 2.6 admin exists + -> gosaAclEntry for an existing and accessible user. + */ + $valid_users = ""; + $valid_groups = ""; if(isset($attrs['gosaAclEntry'])){ $acls = $attrs['gosaAclEntry']; for($i = 0 ; $i < $acls['count'] ; $i++){ $acl = $acls[$i]; $tmp = split(":",$acl); + if($tmp[1] == "psub"){ $members = split(",",$tmp[2]); foreach($members as $member){ $member = base64_decode($member); - - /* Check if acl owner is a valid GOsa user account */ - $ldap->cat($member,array("objectClass","uid","cn")); - $ret = $ldap->fetch(); - - if(isset($ret['objectClass']) && in_array("posixGroup",$ret['objectClass'])){ - $found = TRUE; - $username .= "ACL-Group: ".$ret['cn'][0]."
"; - }elseif(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) && - in_array("organizationalPerson",$ret['objectClass']) && - in_array("inetOrgPerson",$ret['objectClass'])){ - $found = TRUE; - $username .= "ACL: ".$ret['uid'][0]."
"; + if(isset($users[$member])){ + if(preg_match("/all;cmdrw/i",$tmp[3])){ + $valid_users .= $users[$member].", "; + $GOsa_26_found = TRUE; + } + } + if(isset($groups[$member])){ + if(preg_match("/all;cmdrw/i",$tmp[3])){ + $ldap->cat($member); + $group_attrs = $ldap->fetch(); + $val_users = ""; + if(isset($group_attrs['memberUid'])){ + for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){ + if(isset($rusers[$group_attrs['memberUid'][$e]])){ + $val_users .= $group_attrs['memberUid'][$e].", "; + } + } + } + if(!empty($val_users)){ + $valid_groups .= $groups[$member]."(".trim($val_users,", ")."), "; + $GOsa_26_found = TRUE; + } + } } } }elseif($tmp[1] == "role"){ @@ -912,15 +958,25 @@ class Step_Migrate extends setup_step foreach($members as $member){ $member = base64_decode($member); - /* Check if acl owner is a valid GOsa user account */ - $ldap->cat($member,array("objectClass","uid")); - $ret = $ldap->fetch(); - - if(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) && - in_array("organizationalPerson",$ret['objectClass']) && - in_array("inetOrgPerson",$ret['objectClass'])){ - $found = TRUE; - $username .= "ACL Role: ".$ret['uid'][0]."
"; + if(isset($users[$member])){ + $valid_users .= $users[$member].", "; + $GOsa_26_found = TRUE; + } + if(isset($groups[$member])){ + $ldap->cat($member); + $group_attrs = $ldap->fetch(); + $val_users = ""; + if(isset($group_attrs['memberUid'])){ + for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){ + if(isset($rusers[$group_attrs['memberUid'][$e]])){ + $val_users .= $group_attrs['memberUid'][$e].", "; + } + } + } + if(!empty($val_users)){ + $valid_groups .= $groups[$member]."(".trim($val_users,", ")."), "; + $GOsa_26_found = TRUE; + } } } } @@ -930,14 +986,53 @@ class Step_Migrate extends setup_step } } - # For debugging - #echo $username; + /* Try to find an old GOsa 2.5 administrative account that may be migrated + */ + if(!$GOsa_26_found){ + $valid_users = ""; + $valid_groups = ""; + $ldap->cd($cv['base']); + $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn")); + while($p_group = $ldap->fetch()){ + $val_users = ""; + for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){ + $user = $p_group['memberUid'][$e]; + if(isset($rusers[$user])){ + $val_users .= $user.", "; + } + } + if(!empty($val_users)){ + $valid_groups .= $groups[$p_group['dn']]."(".trim($val_users,", ")."), "; + $GOsa_25_found = TRUE; + } + } + } - if($found){ + /* Print out results + */ + if($GOsa_25_found){ + $str = ""; + if(!empty($valid_groups)){ + $str.= "".sprintf(_("GOsa 2.5 adminitrative accounts found: %s."),trim($valid_groups,", "))."
"; + } + $this->checks['acls']['STATUS'] = FALSE; + $this->checks['acls']['STATUS_MSG']= _("Failed"); + $this->checks['acls']['ERROR_MSG'] = $str; + $this->checks['acls']['ERROR_MSG'].= _("There is no valid GOsa 2.6 administrator account inside your LDAP.")." "; + $this->checks['acls']['ERROR_MSG'].= ""; + $this->checks['acls']['ERROR_MSG'].= ""; + }elseif($GOsa_26_found){ + $str = ""; + if(!empty($valid_users)){ + $str.= ""._("Users").": ".trim($valid_users,", ")."
"; + } + if(!empty($valid_groups)){ + $str.= ""._("Groups").": ".trim($valid_groups,", ")."
"; + } $this->checks['acls']['STATUS'] = TRUE; $this->checks['acls']['STATUS_MSG']= _("Ok"); - $this->checks['acls']['ERROR_MSG'] = ""; - }else{ + $this->checks['acls']['ERROR_MSG'] = $str; + }elseif($GOsa_25_found){ $this->checks['acls']['STATUS'] = FALSE; $this->checks['acls']['STATUS_MSG']= _("Failed"); $this->checks['acls']['ERROR_MSG']= _("There is no GOsa administrator account inside your LDAP.")." "; @@ -1019,6 +1114,16 @@ class Step_Migrate extends setup_step { $pw1 = $pw2 = ""; $uid = ""; + + /* On first call check for rid/sid base */ + $cv = $this->parent->captured_values; + $ldap_l = new LDAP($cv['admin'], + $cv['password'], + $cv['connection'], + FALSE, + $cv['tls']); + + $ldap = new ldapMultiplexer($ldap_l); if(isset($_POST['new_user_uid'])){ $uid = $_POST['new_user_uid']; @@ -1030,6 +1135,14 @@ class Step_Migrate extends setup_step $pw2 = $_POST['new_user_password2']; } + + $ldap->cd($cv['base']); + $ldap->search("(uid=".$uid.")"); + if($ldap->count()){ + msg_dialog::display(_("Input error"),msgPool::duplicated(_("Uid")), ERROR_DIALOG); + return false; + } + if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){ msg_dialog::display(_("Password error"), _("Provided passwords do not match!"), ERROR_DIALOG); return false; @@ -1039,17 +1152,8 @@ class Step_Migrate extends setup_step msg_dialog::display(_("Input error"), _("Specify a valid user ID!"), ERROR_DIALOG); return false; } - - /* On first call check for rid/sid base */ - $cv = $this->parent->captured_values; - $ldap_l = new LDAP($cv['admin'], - $cv['password'], - $cv['connection'], - FALSE, - $cv['tls']); - - $ldap = new ldapMultiplexer($ldap_l); - + + /* Get current base attributes */ $ldap->cd($cv['base']); @@ -1286,7 +1390,7 @@ class Step_Migrate extends setup_step /* Fix displayed dn syntax */ $tmp = $this->outside_winstations; foreach($tmp as $key => $data){ - $tmp[$key]['dn'] = @LDAP::fix($data['dn']); + $tmp[$key]['dn'] = LDAP::fix($data['dn']); } $smarty = get_smarty(); @@ -1332,7 +1436,7 @@ class Step_Migrate extends setup_step /* Fix displayed dn syntax */ $tmp = $this->outside_groups; foreach($tmp as $key => $data){ - $tmp[$key]['dn'] = @LDAP::fix($data['dn']); + $tmp[$key]['dn'] = LDAP::fix($data['dn']); } $smarty = get_smarty(); @@ -1380,7 +1484,7 @@ class Step_Migrate extends setup_step /* Fix displayed dn syntax */ $tmp = $this->outside_users; foreach($tmp as $key => $data){ - $tmp[$key]['dn'] = @LDAP::fix($data['dn']); + $tmp[$key]['dn'] = LDAP::fix($data['dn']); } $smarty = get_smarty(); @@ -1405,33 +1509,32 @@ class Step_Migrate extends setup_step } /************* - * User Migration handling + * Administrative Account -- Migrate/Create *************/ if(isset($_POST['retry_acls'])){ $this->check_administrativeAccount(); } + /* Dialog handling */ if(isset($_POST['create_acls'])){ $this->acl_create_dialog = TRUE; $this->dialog = TRUE; } + + if(isset($_POST['migrate_acls'])){ + $this->acl_migrate_dialog = TRUE; + $this->dialog = TRUE; + } - if(isset($_POST['create_acls_cancel'])){ + if(isset($_POST['create_acls_cancel']) || isset($_POST['migrate_acls_cancel'])){ $this->acl_create_dialog = FALSE; + $this->acl_migrate_dialog = FALSE; $this->dialog = FALSE; $this->show_details = FALSE; } -# if(isset($_POST['create_acls_create_confirmed'])){ -# if($this->create_admin()){ -# $this->acl_create_dialog = FALSE; -# $this->dialog = FALSE; -# $this->show_details = FALSE; -# $this->initialize_checks(); -# } -# } - + /* Account creation */ if(isset($_POST['create_acls_create'])){ $this->create_admin(TRUE); } @@ -1443,14 +1546,43 @@ class Step_Migrate extends setup_step } } + /* Add admin acls for the selected users to the ldap base. + */ + if($this->acl_migrate_dialog && isset($_POST['migrate_admin_user'])){ + + /* Update ldap and reload check infos + */ + $this->migrate_selected_admin_users(); + + }elseif($this->acl_migrate_dialog){ + + /* Display admin migration dialog. + */ + $this->migrate_users(); + $smarty = get_smarty(); + + /* Do we have to display the changes + */ + $details = isset($_POST['details']) && $_POST['details']; + if(isset($_POST['migrate_acls_show_changes'])){ + $details = TRUE; + }elseif(isset($_POST['migrate_acls_hide_changes'])){ + $details = FALSE; + } + + $smarty->assign("migrate_acl_base_entry", $this->migrate_acl_base_entry); + $smarty->assign("details", $details); + $smarty->assign("method","migrate_acls"); + $smarty->assign("migrateable_users",$this->migrate_users); + return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__)))); + } + if($this->acl_create_dialog){ $smarty = get_smarty(); - $uid = "admin"; if(isset($_POST['new_user_uid'])){ $uid = $_POST['new_user_uid']; } - $smarty->assign("new_user_uid",$uid); $smarty->assign("new_user_password",@$_POST['new_user_password']); $smarty->assign("new_user_password2",@$_POST['new_user_password2']); @@ -1504,7 +1636,7 @@ class Step_Migrate extends setup_step /* Fix displayed dn syntax */ $tmp = $this->users_to_migrate; foreach($tmp as $key => $data){ - $tmp[$key]['dn'] = @LDAP::fix($data['dn']); + $tmp[$key]['dn'] = LDAP::fix($data['dn']); } $smarty = get_smarty(); @@ -1560,7 +1692,7 @@ class Step_Migrate extends setup_step /* Fix displayed dn syntax */ $tmp = $this->deps_to_migrate; foreach($tmp as $key => $data){ - $tmp[$key]['dn'] = @LDAP::fix($data['dn']); + $tmp[$key]['dn'] = LDAP::fix($data['dn']); } $smarty->assign("deps_to_migrate",$tmp); @@ -1637,7 +1769,7 @@ class Step_Migrate extends setup_step } if(isset($_POST['migrate_services'])){ - $this->migrate_usb_services(); + $this->migrate_services(); # $this->dialog = FALSE; # $this->show_details = FALSE; # $this->service_dialog = FALSE; @@ -1681,7 +1813,7 @@ class Step_Migrate extends setup_step } if(isset($_POST['migrate_menus'])){ - $this->migrate_usb_menus(); + $this->migrate_menus(); # $this->dialog = FALSE; # $this->show_details = FALSE; # $this->menu_dialog = FALSE; @@ -1877,7 +2009,7 @@ class Step_Migrate extends setup_step $tmp = array(); while($attrs = $ldap->fetch()){ - $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']); + $tmp[base64_encode($attrs['dn'])] = LDAP::fix($attrs['dn']); } return($tmp); } @@ -1960,7 +2092,7 @@ class Step_Migrate extends setup_step /* Get winstation ou */ if($cv['generic_settings']['wws_ou_active']) { - $winstation_ou = $cv['generic_settings']['ws_ou']; + $winstation_ou = $cv['generic_settings']['wws_ou']; }else{ $winstation_ou = "ou=winstations"; } @@ -2071,7 +2203,7 @@ class Step_Migrate extends setup_step $tmp = array(); while($attrs = $ldap->fetch()){ - $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']); + $tmp[base64_encode($attrs['dn'])] = LDAP::fix($attrs['dn']); } return($tmp); } @@ -2145,6 +2277,8 @@ class Step_Migrate extends setup_step } + /*! \brief Act in posts from the device migration dialog + */ function check_device_posts() { foreach($this->device as $key => $device){ @@ -2157,6 +2291,10 @@ class Step_Migrate extends setup_step } + /*! \brief Check for old style (gosa-2.5) devices. + Save readable informations and a list of migratable devices + in $this->devices. + */ function check_usb_devices () { /* Establish ldap connection */ @@ -2241,7 +2379,7 @@ class Step_Migrate extends setup_step } $this->checks['old_style_devices']['STATUS'] = FALSE; - $this->checks['old_style_devices']['STATUS_MSG']= _("Failed"); + $this->checks['old_style_devices']['STATUS_MSG']= ""._("Warning").""; $this->checks['old_style_devices']['ERROR_MSG'] = sprintf(_("There are %s devices that need to be migrated."),count($this->device)). ""; @@ -2252,6 +2390,11 @@ class Step_Migrate extends setup_step } } + + /*! \brief Migrate all selected devices. + Execute all required ldap actions to migrate the + selected devices. + */ function migrate_usb_devices () { /* Establish ldap connection */ @@ -2293,12 +2436,18 @@ class Step_Migrate extends setup_step $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$newdn)); $ldap->cd($newdn); $ldap->add($new_attr); + + /* Throw an error message if the action failed. + */ if(!$ldap->success()){ msg_dialog::display(_("LDAP error"), - sprintf(_("Ldap add failed for %s with error %s"), + sprintf(_("Adding '%s' to the LDAP failed: %s"), "".LDAP::fix($newdn)."", "

".$ldap->get_error().""), ERROR_DIALOG); }else{ + + /* Remove old style device definition from source object. + */ $update['gotoHotplugDevice'] = array(); for($i = 0 ; $i < $attrs['gotoHotplugDevice']['count'] ; $i++){ if($attrs['gotoHotplugDevice'][$i] == $device['OLD_DEVICE']){ @@ -2312,7 +2461,7 @@ class Step_Migrate extends setup_step $ldap->cat($device['DN'],array("gotoHotplugDevice")); if(!$ldap->success()){ msg_dialog::display(_("LDAP error"), - sprintf(_("Ldap update failed for %s with error %s"), + sprintf(_("Updating '%s' failed: %s"), "".LDAP::fix($device['DN'])."", "

".$ldap->get_error().""), ERROR_DIALOG); }else{ @@ -2322,10 +2471,16 @@ class Step_Migrate extends setup_step } } } + $this->check_usb_devices(); } - + /*! \brief Check for old style (gosa-2.5) services that have to be migrated + to be useable in gosa-2.6. + All required changes are stored in $this->service, also some + readable informations describing the actions required + to migrate the service + */ function check_services() { /* Establish ldap connection */ @@ -2377,7 +2532,7 @@ class Step_Migrate extends setup_step */ if(count($this->service)){ $this->checks['old_style_services']['STATUS'] = FALSE; - $this->checks['old_style_services']['STATUS_MSG']= _("Failed"); + $this->checks['old_style_services']['STATUS_MSG']= ""._("Warning").""; $this->checks['old_style_services']['ERROR_MSG'] = sprintf(_("There are %s services that need to be migrated."), count($this->service)). @@ -2390,7 +2545,12 @@ class Step_Migrate extends setup_step } - function migrate_usb_services() + + /*! \brief Migrate selected services. + This function executes the commands collected by the + service_check() function. + */ + function migrate_services() { /* Establish ldap connection */ @@ -2418,7 +2578,7 @@ class Step_Migrate extends setup_step */ if(!$ldap->success()){ msg_dialog::display(_("LDAP error"), - sprintf(_("Ldap update failed for %s with error %s"), + sprintf(_("Updating '%s' failed: %s"), "".LDAP::fix($service['DN'])."", "

".$ldap->get_error().""), ERROR_DIALOG); }else{ @@ -2430,9 +2590,16 @@ class Step_Migrate extends setup_step } } } + + /* Update the service migration status + */ + $this->check_services(); } + /*! \brief Ensure that posts made on the service migration dialog + are processed. + */ function check_service_posts() { foreach($this->service as $key => $service){ @@ -2445,11 +2612,14 @@ class Step_Migrate extends setup_step } + /*! \brief This function checks the given ldap for old style (gosa-2.5) + menu entries and will prepare a list of actions that are required + to migrate them to gosa-2.6. + All required actions and some readable informations are stored in + $this->menu. + */ function check_menus() { - - $start = microtime(1); - /* Establish ldap connection */ $cv = $this->parent->captured_values; @@ -2475,18 +2645,11 @@ class Step_Migrate extends setup_step return; } - - $releases = array(); - while($attrs = $ldap->fetch()){ - if(preg_match("/,ou=fai,/",$attrs['dn']) && in_array("organizationalUnit",$attrs['objectClass'])){ - $tmp = split("\,",$attrs['dn']); - $fai_base = preg_replace("/,ou=fai,.*$/","",$attrs['dn']); - $releases[convert_department_dn($fai_base,$cv['base'])] = $attrs['dn']; - } - } - - + /* Create application -> parameter mapping, used later to detect + which configured parameter belongs to which application entry. + */ $amap= array(); + $todo = array(); $ldap->cd($cv['base']); $ldap->search("(objectClass=gosaApplication)", array("cn", "gosaApplicationParameter")); while($info = $ldap->fetch()){ @@ -2503,16 +2666,17 @@ class Step_Migrate extends setup_step } } - /* Search for all groups */ + /* Search for all groups that have an old style application menu configured. + */ + $appgroups = array(); $ldap->cd($cv['base']); $ldap->search("(&(objectClass=gosaApplicationGroup)(objectClass=posixGroup)(FAIrelease=*))", - array("gosaMemberApplication","gosaApplicationParameter","FAIrelease","objectClass")); - $appgroups = array(); + array("gosaMemberApplication","gosaApplicationParameter","FAIrelease","objectClass","gosaUnitTag")); /* Create readable prefix for "What will be done" infos */ - $s_add = ""._("add")."\t"; - $s_del = ""._("remove")."\t"; + $s_add = ""._("Add")."\t"; + $s_del = ""._("Remove")."\t"; /* Walk through all found old-style menu configurations. -Prepare ldap update list $data @@ -2524,6 +2688,13 @@ class Step_Migrate extends setup_step $current = ""; $after =""; + /* Get unit tag + */ + $tag =""; + if(isset($info['gosaUnitTag'])){ + $tag = $info['gosaUnitTag'][0]; + } + /* Collect application parameter for this group */ $params= array(); @@ -2534,17 +2705,17 @@ class Step_Migrate extends setup_step } } - /* Create release dn part. - eg. "sisa/1.0.0" => "ou=1.0.0,ou=siga," + /* Create release container for each release/subrelease. + eg. "sisa/1.0.0": + . "ou=siga, ..." + . "ou=1.0.0,ou=siga, .." */ $release = ""; $r = $info['FAIrelease'][0]; $z = split("/",$r); foreach($z as $part){ - if(empty($part)){ - echo __LINE__; exit(); - }else{ + if(!empty($part)){ $release = "ou=".$part.",".$release; /* Append release department information to "What will be done" info @@ -2554,12 +2725,23 @@ class Step_Migrate extends setup_step $after .= $s_add."objectClass: top\n"; $after .= $s_add."objectClass: FAIbranch\n"; $after .= $s_add."objectClass: organizationalUnit\n"; + + /* Append UnitTag + */ + if($tag != ""){ + $after .= $s_add."objectClass: gosaAdministrativeUnitTag\n"; + $after .= $s_add."gosaUnitTag: $tag\n"; + } $after .= $s_add."ou: $part\n"; - /* Appen release data to ldap actions + /* Append release data to ldap actions */ $d = array(); $d['objectClass'] = array("top","FAIbranch","organizationalUnit"); + if(!empty($tag)){ + $d['objectClass'][] = "gosaAdministrativeUnitTag"; + $d['gosaUnitTag'] = $tag; + } $d['ou'] = $part; $data['ADD'][$release_dn]= $d; } @@ -2583,7 +2765,7 @@ class Step_Migrate extends setup_step */ $current .= $s_del."gosaMemberApplication: ".$info['gosaMemberApplication'][$i]."\n"; - /* Append ldap update action to remove the old menu entry + /* Append ldap update action to remove the old menu entry attributes */ unset($info['objectClass']['count']); $d = array(); @@ -2606,29 +2788,49 @@ class Step_Migrate extends setup_step $after .= "\n"; $after .= $s_add."dn: $location_dn$release_dn\n"; $after .= $s_add."objectClass: gotoSubmenuEntry\n"; - $after .= $s_add."cn: $location\n"; + /* Append UnitTag + */ + if($tag != ""){ + $after .= $s_add."objectClass: gosaAdministrativeUnitTag\n"; + $after .= $s_add."gosaUnitTag: $tag\n"; + } + $after .= $s_add."cn: $location\n"; + + /* Create ldap entry to append + */ $d = array(); $d['cn'] = $location; $d['objectClass'] = array("gotoSubmenuEntry"); + if(!empty($tag)){ + $d['objectClass'][] = "gosaAdministrativeUnitTag"; + $d['gosaUnitTag'] = $tag; + } $data['ADD'][$location_dn.$release_dn] = $d; } - - /* Append missing menu entry to "What is done info" + /* Append missing menu entry for "What is done info". */ - if(empty($name)){ - echo __LINE__; exit(); - }else{ + if(!empty($name)){ $after .= "\n"; $after .= $s_add."dn: cn=$name,$location_dn$release_dn\n"; $after .= $s_add."objectClass: gotoMenuEntry\n"; + if($tag != ""){ + $after .= $s_add."objectClass: gosaAdministrativeUnitTag\n"; + $after .= $s_add."gosaUnitTag: $tag\n"; + } $after .= $s_add."cn: $name\n"; $after .= $s_add."gosaApplicationPriority: $priority\n"; + /* Create ldap entry + */ $d= array(); $d['objectClass'] = array("gotoMenuEntry"); + if(!empty($tag)){ + $d['objectClass'][] = "gosaAdministrativeUnitTag"; + $d['gosaUnitTag'] = $tag; + } $d['cn'] = $name; $d['gosaApplicationPriority'] = $priority; @@ -2642,7 +2844,9 @@ class Step_Migrate extends setup_step } } } - + + /* Updated todo list + */ $todo[] = array( "DETAILS" => FALSE, "DN" => $info['dn'], @@ -2651,6 +2855,9 @@ class Step_Migrate extends setup_step "TODO" => $data ); } + + /* Remember checks. + */ $this->menu = $todo; /* Check if we were able to query the ldap server @@ -2658,16 +2865,19 @@ class Step_Migrate extends setup_step if(count($this->menu)){ $this->checks['old_style_menus']['STATUS'] = FALSE; $this->checks['old_style_menus']['STATUS_MSG']= ""._("Warning").""; - $this->checks['old_style_menus']['ERROR_MSG'] = sprintf(_("There are %s application menus which have to be converted."), + $this->checks['old_style_menus']['ERROR_MSG'] = sprintf(_("There are %s application menus which have to be migrated."), count($this->menu)).""; }else{ $this->checks['old_style_menus']['STATUS'] = TRUE; $this->checks['old_style_menus']['STATUS_MSG']= _("Ok"); $this->checks['old_style_menus']['ERROR_MSG'] = ""; - } } + + /*! \brief Handle posts for the menu_dialog + Ensure that checked checkboxes stay checked. + */ function check_menu_posts() { foreach($this->menu as $key => $menu){ @@ -2679,7 +2889,13 @@ class Step_Migrate extends setup_step } } - function migrate_usb_menus() + + /*! \brief This function updates old-style application menus to + valid 2.6 application menus. + All selected menus will be converted (DETAILS = TRUE). + The ldap actions collected by check_menus() will be executed. + */ + function migrate_menus() { /* Establish ldap connection @@ -2692,21 +2908,19 @@ class Step_Migrate extends setup_step $cv['tls']); $ldap = new ldapMultiplexer($ldap_l); - - /* First detect all release names - */ $ldap->cd($cv['base']); + /* Walk through menus and detect selected menu + */ foreach($this->menu as $key => $menu){ if($menu['DETAILS']) { + /* Excute all LDAP-ADD actions + */ $success = TRUE; foreach($menu['TODO']['ADD'] as $dn => $data){ $ldap->cd($cv['base']); - $base = preg_replace("/^[^,]+,/","",$dn); - if(!$ldap->dn_exists($base)){ - echo "FEHLER !!! ES FEHLT : ".$base."
"; - }elseif(!$ldap->dn_exists($dn)){ + if(!$ldap->dn_exists($dn)){ $ldap->cd($dn); $ldap->add($data); if (!$ldap->success()){ @@ -2716,10 +2930,11 @@ class Step_Migrate extends setup_step } } + /* Execute all LDAP-MODIFY actions + */ foreach($menu['TODO']['MODIFY'] as $dn => $data){ - if(!$ldap->dn_exists($dn)){ - echo "FEHLER !!! ES FEHLT : ".$dn."
"; - }else{ + $ldap->cd($cv['base']); + if($ldap->dn_exists($dn)){ $ldap->cd($dn); $ldap->modify($data); if (!$ldap->success()){ @@ -2728,13 +2943,161 @@ class Step_Migrate extends setup_step } } } + + /* If every action was successful, remove this entry from the list + */ if($success){ unset($this->menu[$key]); } } } + + /* Udpate migration status for application menus + */ + $this->check_menus(); } -} + + function migrate_selected_admin_users() + { + /* Updated ui selection */ + $this->migrate_users(); + + /* Establish ldap connection */ + $cv = $this->parent->captured_values; + $ldap_l = new LDAP($cv['admin'], + $cv['password'], + $cv['connection'], + FALSE, + $cv['tls']); + + $ldap = new ldapMultiplexer($ldap_l); + $ldap->cd($cv['base']); + + /* Get current ACL configuration for the ldap base + */ + $ldap->cat($cv['base']); + $base_attrs = $ldap->fetch(); + $acl_entries= array(); + $acl_id = -1; + if(isset($base_attrs['gosaAclEntry'])){ + for($i=0; $i < $base_attrs['gosaAclEntry']['count']; $i ++){ + $acl_entries[] = $base_attrs['gosaAclEntry'][$i]; + $cur_id = preg_replace("/^([0-9]*):.*$/","\\1",$base_attrs['gosaAclEntry'][$i]); + if($cur_id > $acl_id){ + $acl_id = $cur_id; + } + } + } + + /* Append ACLs selected in the migrate admin account dialog + */ + foreach($this->migrate_users as $entry){ + if($entry['checked']){ + $acl_id ++; + $acl_entries[] = $acl_id.$entry['change']; + } + } + + /* Check if the required objectClasses are available + */ + $ocs = array(); + for($i=0;$i< $base_attrs['objectClass']['count']; $i++){ + $ocs[] = $base_attrs['objectClass'][$i]; + } + if(!in_array("gosaACL",$ocs)){ + $ocs[] = "gosaACL"; + } + + /* Try to write changes + */ + if(count($acl_entries)){ + $new_entry['gosaAclEntry'] = $acl_entries; + $new_entry['objectClass'] = $ocs; + $ldap->cd($cv['base']); + $ldap->modify($new_entry); + if(!$ldap->success()){ + $this->checks['acls']['TITLE'] = _("Checking for super administrator"); + $this->checks['acls']['STATUS'] = FALSE; + $this->checks['acls']['STATUS_MSG']= _("Failed"); + $this->checks['acls']['ERROR_MSG'] = "
".msgPool::ldaperror($cv['base'],$ldap->get_error(),LDAP_MOD); + }else{ + $this->check_administrativeAccount(); + } + } + } + + + function migrate_users() + { + /* Collect a list of available GOsa users and groups + */ + + /* Establish ldap connection */ + $cv = $this->parent->captured_values; + $ldap_l = new LDAP($cv['admin'], + $cv['password'], + $cv['connection'], + FALSE, + $cv['tls']); + + $ldap = new ldapMultiplexer($ldap_l); + $ldap->cd($cv['base']); + + $users = array(); + $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)". + "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn")); + while($user_attrs = $ldap->fetch()){ + $users[$user_attrs['dn']] = $user_attrs['uid'][0]; + $rusers[$user_attrs['uid'][0]] = $user_attrs['dn']; + } + $groups = array(); + $ldap->search("objectClass=posixGroup",array("cn","dn")); + while($group_attrs = $ldap->fetch()){ + $groups[$group_attrs['dn']] = $group_attrs['cn'][0]; + } + + foreach($this->migrate_users as $id => $data){ + $this->migrate_users[$id]['checked'] = isset($_POST['migrate_admin_'.$id]); + } + + /* Try to find an old GOsa 2.5 administrative account that may be migrated + */ + if(!count($this->migrate_users)){ + $ldap->cat($cv['base']); + $base_data = $ldap->fetch(); + $base_entry = "dn: ".$base_data['dn']."\n"; + for($i=0;$i<$base_data['objectClass']['count'];$i++){ + $base_entry .= "objectClass: ".$base_data['objectClass'][$i]."\n"; + } + if(!in_array("gosaACL",$base_data['objectClass'])){ + $base_entry .= "objectClass: gosaACL\n"; + } + if(isset($base_data['gosaAclEntry'])){ + for($i=0;$i<$base_data['gosaAclEntry']['count'];$i++){ + $base_entry .= "gosaAclEntry: ".$base_data['gosaAclEntry'][$i]."\n"; + } + } + $this->migrate_acl_base_entry = $base_entry; + $ldap->cd($cv['base']); + $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn")); + while($p_group = $ldap->fetch()){ + for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){ + $user = $p_group['memberUid'][$e]; + if(isset($rusers[$user])){ + $bsp_acl_entry = "gosaAclEntry: #:psub:".base64_encode($rusers[$user]).":all;cmdrw\n"; + $entry = array(); + $entry['uid'] = $user; + $entry['dn'] = $rusers[$user]; + $entry['details'] = $bsp_acl_entry; + $entry['checked'] = FALSE; + $entry['change'] = ":psub:".base64_encode($rusers[$user]).":all;cmdrw"; + $this->migrate_users[] = $entry; + } + } + } + } + } +} // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>