X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fsetup%2Fclass_setupStep_Migrate.inc;h=eee96634b8a0a00639d281b519b2c7445f3e615b;hb=72fb2e186b2f815f0fecdf71a6bc66ea676be72f;hp=5b55c7ce3e6a040798b5f97c6a0c3a86b0f3130f;hpb=7d077eef53c40bb965f6ec5da01534383dbef256;p=gosa.git diff --git a/gosa-core/setup/class_setupStep_Migrate.inc b/gosa-core/setup/class_setupStep_Migrate.inc index 5b55c7ce3..eee96634b 100644 --- a/gosa-core/setup/class_setupStep_Migrate.inc +++ b/gosa-core/setup/class_setupStep_Migrate.inc @@ -53,7 +53,7 @@ class Step_Migrate extends setup_step { var $languages = array(); var $attributes = array(); - var $header_image = "images/monitoring.png"; + var $header_image = "images/setup/migrate.png"; var $checks = array(); /* Department migration attributes */ @@ -108,6 +108,15 @@ class Step_Migrate extends setup_step var $group_list = array(); + /* Migrateable users */ + var $migrate_users = array(); + var $acl_migrate_dialog = FALSE; + var $migrate_acl_base_entry = ""; + + /* Root object classes */ + var $rootOC_migrate_dialog = FALSE; + var $rootOC_details = array(); + function Step_Migrate() { $this->update_strings(); @@ -129,71 +138,78 @@ class Step_Migrate extends setup_step $this->checks['root']['ERROR_MSG'] = ""; $this->checkBase(); - $this->checks['permissions']['TITLE'] = _("Checking permissions on LDAP database"); + $this->checks['rootOC']['TITLE'] = _("Inspecting object classes in root object"); + $this->checks['rootOC']['STATUS'] = FALSE; + $this->checks['rootOC']['STATUS_MSG']= ""; + $this->checks['rootOC']['ERROR_MSG'] = ""; + $this->checkBaseOC(); + + $this->checks['permissions']['TITLE'] = _("Checking permission for LDAP database"); $this->checks['permissions']['STATUS'] = FALSE; $this->checks['permissions']['STATUS_MSG']= ""; $this->checks['permissions']['ERROR_MSG'] = ""; -// $this->check_ldap_permissions(); + $this->check_ldap_permissions(); $this->checks['deps_visible']['TITLE'] = _("Checking for invisible departments"); $this->checks['deps_visible']['STATUS'] = FALSE; $this->checks['deps_visible']['STATUS_MSG']= ""; -// $this->checks['deps_visible']['ERROR_MSG'] = ""; + $this->checks['deps_visible']['ERROR_MSG'] = ""; $this->checks['users_visible']['TITLE'] = _("Checking for invisible users"); $this->checks['users_visible']['STATUS'] = FALSE; $this->checks['users_visible']['STATUS_MSG']= ""; $this->checks['users_visible']['ERROR_MSG'] = ""; -// $this->check_gosaAccounts(); + $this->check_gosaAccounts(); + $this->migrate_users = array(); $this->checks['acls']['TITLE'] = _("Checking for super administrator"); $this->checks['acls']['STATUS'] = FALSE; $this->checks['acls']['STATUS_MSG']= ""; $this->checks['acls']['ERROR_MSG'] = ""; -// $this->check_administrativeAccount(); + $this->check_administrativeAccount(); $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree"); $this->checks['outside_users']['STATUS'] = FALSE; $this->checks['outside_users']['STATUS_MSG']= ""; $this->checks['outside_users']['ERROR_MSG'] = ""; -// $this->search_outside_users(); + $this->search_outside_users(); $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree"); $this->checks['outside_groups']['STATUS'] = FALSE; $this->checks['outside_groups']['STATUS_MSG']= ""; $this->checks['outside_groups']['ERROR_MSG'] = ""; -// $this->search_outside_groups(); -// $this->check_organizationalUnits(); + $this->search_outside_groups(); + $this->check_organizationalUnits(); $this->checks['outside_winstations']['TITLE'] = _("Checking for windows workstations outside the winstation tree"); $this->checks['outside_winstations']['STATUS'] = FALSE; $this->checks['outside_winstations']['STATUS_MSG']= ""; $this->checks['outside_winstations']['ERROR_MSG'] = ""; -// $this->search_outside_winstations(); + $this->search_outside_winstations(); $this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicated UID numbers"); $this->checks['uidNumber_usage']['STATUS'] = FALSE; $this->checks['uidNumber_usage']['STATUS_MSG']= ""; $this->checks['uidNumber_usage']['ERROR_MSG'] = ""; -// $this->check_uidNumber(); + $this->check_uidNumber(); $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate GID numbers"); $this->checks['gidNumber_usage']['STATUS'] = FALSE; $this->checks['gidNumber_usage']['STATUS_MSG']= ""; $this->checks['gidNumber_usage']['ERROR_MSG'] = ""; -// $this->check_gidNumber(); + $this->check_gidNumber(); $this->checks['old_style_devices']['TITLE'] = _("Checking for old style USB devices"); $this->checks['old_style_devices']['STATUS'] = FALSE; $this->checks['old_style_devices']['STATUS_MSG']= ""; $this->checks['old_style_devices']['ERROR_MSG'] = ""; -// $this->check_usb_devices(); + $this->check_usb_devices(); $this->checks['old_style_services']['TITLE'] = _("Checking for old services that have to be migrated"); $this->checks['old_style_services']['STATUS'] = FALSE; $this->checks['old_style_services']['STATUS_MSG']= ""; $this->checks['old_style_services']['ERROR_MSG'] = ""; -// $this->check_services(); + $this->check_services(); $this->checks['old_style_menus']['TITLE'] = _("Checking for old style application menus"); $this->checks['old_style_menus']['STATUS'] = FALSE; @@ -323,7 +339,7 @@ class Step_Migrate extends setup_step /* Get winstation ou */ if($cv['generic_settings']['wws_ou_active']) { - $winstation_ou = $cv['generic_settings']['ws_ou']; + $winstation_ou = $cv['generic_settings']['wws_ou']; }else{ $winstation_ou = "ou=winstations"; } @@ -345,7 +361,7 @@ class Step_Migrate extends setup_step $this->outside_winstations = array(); while($attrs = $ldap->fetch()){ - if((!preg_match("/^[^,]+,".normalizePreg($winstation_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){ + if((!preg_match("/^[^,]+,".preg_quote($winstation_ou, '/')."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){ $attrs['selected'] = FALSE; $attrs['ldif'] = ""; $this->outside_winstations[base64_encode($attrs['dn'])] = $attrs; @@ -410,12 +426,12 @@ class Step_Migrate extends setup_step $this->outside_groups = array(); $this->groups_list = array();; while($attrs = $ldap->fetch()){ - $group_db_base = preg_replace("/^[^,]+,".normalizePreg($group_ou)."+,/i","",$attrs['dn']); + $group_db_base = preg_replace("/^[^,]+,".preg_quote($group_ou, '/')."+,/i","",$attrs['dn']); /* Check if entry is not an addressbook only user * and verify that he is in a valid department */ - if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$group_db_base) && + if( !preg_match("/".preg_quote("dc=addressbook,", '/')."/",$group_db_base) && !in_array($group_db_base,$valid_deps) ){ $attrs['selected'] = FALSE; @@ -488,12 +504,12 @@ class Step_Migrate extends setup_step } while($attrs = $ldap->fetch()){ - $people_db_base = preg_replace("/^[^,]+,".normalizePreg($people_ou)."/i","",$attrs['dn']); + $people_db_base = preg_replace("/^[^,]+,".preg_quote($people_ou, '/')."/i","",$attrs['dn']); /* Check if entry is not an addressbook only user * and verify that he is in a valid department */ - if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$people_db_base) && + if( !preg_match("/dc=addressbook,/",$people_db_base) && !in_array($people_db_base,$valid_deps) ){ $attrs['selected'] = FALSE; @@ -678,7 +694,7 @@ class Step_Migrate extends setup_step /* Create new objectClass array */ $new_attrs = array(); - $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson"); + $new_attrs['objectClass']= array("gosaAccount","inetOrgPerson","organizationalPerson","person"); for($i = 0 ; $i < $attrs['objectClass']['count']; $i ++ ){ if(!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])){ $new_attrs['objectClass'][] = $attrs['objectClass'][$i]; @@ -851,6 +867,13 @@ class Step_Migrate extends setup_step */ function check_administrativeAccount() { + /* Reset settings + */ + $GOsa_26_found = FALSE; + $this->migrate_users = array(); + $this->acl_migrate_dialog = FALSE; + $this->migrate_acl_base_entry = ""; + /* Establish ldap connection */ $cv = $this->parent->captured_values; $ldap_l = new LDAP($cv['admin'], @@ -862,37 +885,71 @@ class Step_Migrate extends setup_step $ldap = new ldapMultiplexer($ldap_l); $ldap->cd($cv['base']); $res = $ldap->cat($cv['base']); - + if(!$res){ $this->checks['acls']['STATUS'] = FALSE; $this->checks['acls']['STATUS_MSG']= _("LDAP query failed"); $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); }else{ - $found = false; + $GOsa_26_found = false; // GOsa 2.6 Account found + $GOsa_25_found = false; // GOsa 2.5 Account found, allow migration + $username = ""; $attrs = $ldap->fetch(); + + /* Collect a list of available GOsa users and groups + */ + $users = array(); + $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)". + "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn")); + while($user_attrs = $ldap->fetch()){ + $users[$user_attrs['dn']] = $user_attrs['uid'][0]; + $rusers[$user_attrs['uid'][0]] = $user_attrs['dn']; + } + $groups = array(); + $ldap->search("objectClass=posixGroup",array("cn","dn")); + while($group_attrs = $ldap->fetch()){ + $groups[$group_attrs['dn']] = $group_attrs['cn'][0]; + } + + /* Check if a valid GOsa 2.6 admin exists + -> gosaAclEntry for an existing and accessible user. + */ + $valid_users = ""; + $valid_groups = ""; if(isset($attrs['gosaAclEntry'])){ $acls = $attrs['gosaAclEntry']; for($i = 0 ; $i < $acls['count'] ; $i++){ $acl = $acls[$i]; - $tmp = split(":",$acl); + $tmp = explode(":",$acl); + if($tmp[1] == "psub"){ - $members = split(",",$tmp[2]); + $members = explode(",",$tmp[2]); foreach($members as $member){ $member = base64_decode($member); - - /* Check if acl owner is a valid GOsa user account */ - $ldap->cat($member,array("objectClass","uid","cn")); - $ret = $ldap->fetch(); - - if(isset($ret['objectClass']) && in_array("posixGroup",$ret['objectClass'])){ - $found = TRUE; - $username .= "ACL-Group: ".$ret['cn'][0]."
"; - }elseif(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) && - in_array("organizationalPerson",$ret['objectClass']) && - in_array("inetOrgPerson",$ret['objectClass'])){ - $found = TRUE; - $username .= "ACL: ".$ret['uid'][0]."
"; + if(isset($users[$member])){ + if(preg_match("/all;cmdrw/i",$tmp[3])){ + $valid_users .= $users[$member].", "; + $GOsa_26_found = TRUE; + } + } + if(isset($groups[$member])){ + if(preg_match("/all;cmdrw/i",$tmp[3])){ + $ldap->cat($member); + $group_attrs = $ldap->fetch(); + $val_users = ""; + if(isset($group_attrs['memberUid'])){ + for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){ + if(isset($rusers[$group_attrs['memberUid'][$e]])){ + $val_users .= $group_attrs['memberUid'][$e].", "; + } + } + } + if(!empty($val_users)){ + $valid_groups .= $groups[$member]."(".trim($val_users,", ")."), "; + $GOsa_26_found = TRUE; + } + } } } }elseif($tmp[1] == "role"){ @@ -908,19 +965,29 @@ class Step_Migrate extends setup_step $a_str = $ret['gosaAclTemplate'][$e]; if(preg_match("/^[0-9]*:psub:/",$a_str) && preg_match("/:all;cmdrw$/",$a_str)){ - $members = split(",",$tmp[3]); + $members = explode(",",$tmp[3]); foreach($members as $member){ $member = base64_decode($member); - /* Check if acl owner is a valid GOsa user account */ - $ldap->cat($member,array("objectClass","uid")); - $ret = $ldap->fetch(); - - if(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) && - in_array("organizationalPerson",$ret['objectClass']) && - in_array("inetOrgPerson",$ret['objectClass'])){ - $found = TRUE; - $username .= "ACL Role: ".$ret['uid'][0]."
"; + if(isset($users[$member])){ + $valid_users .= $users[$member].", "; + $GOsa_26_found = TRUE; + } + if(isset($groups[$member])){ + $ldap->cat($member); + $group_attrs = $ldap->fetch(); + $val_users = ""; + if(isset($group_attrs['memberUid'])){ + for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){ + if(isset($rusers[$group_attrs['memberUid'][$e]])){ + $val_users .= $group_attrs['memberUid'][$e].", "; + } + } + } + if(!empty($val_users)){ + $valid_groups .= $groups[$member]."(".trim($val_users,", ")."), "; + $GOsa_26_found = TRUE; + } } } } @@ -930,13 +997,53 @@ class Step_Migrate extends setup_step } } - # For debugging - #echo $username; + /* Try to find an old GOsa 2.5 administrative account that may be migrated + */ + if(!$GOsa_26_found){ + $valid_users = ""; + $valid_groups = ""; + $ldap->cd($cv['base']); + $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn")); + while($p_group = $ldap->fetch()){ + $val_users = ""; + for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){ + $user = $p_group['memberUid'][$e]; + if(isset($rusers[$user])){ + $val_users .= $user.", "; + } + } + if(!empty($val_users)){ + $valid_groups .= $groups[$p_group['dn']]."(".trim($val_users,", ")."), "; + $GOsa_25_found = TRUE; + } + } + } + - if($found){ + /* Print out results + */ + if($GOsa_25_found){ + $str = ""; + if(!empty($valid_groups)){ + $str.= "".sprintf(_("GOsa 2.5 administrative accounts found: %s"),trim($valid_groups,", "))."
"; + } + $this->checks['acls']['STATUS'] = FALSE; + $this->checks['acls']['STATUS_MSG']= _("Failed"); + $this->checks['acls']['ERROR_MSG'] = $str; + $this->checks['acls']['ERROR_MSG'].= _("There is no valid GOsa 2.6 administrator account inside your LDAP.")." "; + $this->checks['acls']['ERROR_MSG'].= ""; + $this->checks['acls']['ERROR_MSG'].= ""; + }elseif($GOsa_26_found){ + $str = ""; + if(!empty($valid_users)){ + $str.= ""._("Users").": ".trim($valid_users,", ")."
"; + } + if(!empty($valid_groups)){ + $str.= ""._("Groups").": ".trim($valid_groups,", ")."
"; + } $this->checks['acls']['STATUS'] = TRUE; $this->checks['acls']['STATUS_MSG']= _("Ok"); - $this->checks['acls']['ERROR_MSG'] = ""; + $this->checks['acls']['ERROR_MSG'] = $str; }else{ $this->checks['acls']['STATUS'] = FALSE; $this->checks['acls']['STATUS_MSG']= _("Failed"); @@ -944,7 +1051,10 @@ class Step_Migrate extends setup_step $this->checks['acls']['ERROR_MSG'].= ""; } } - return($ldap->count()>=1); + + // Reload base OC + $this->checkBaseOC(); + return($GOsa_26_found); } @@ -1019,6 +1129,16 @@ class Step_Migrate extends setup_step { $pw1 = $pw2 = ""; $uid = ""; + + /* On first call check for rid/sid base */ + $cv = $this->parent->captured_values; + $ldap_l = new LDAP($cv['admin'], + $cv['password'], + $cv['connection'], + FALSE, + $cv['tls']); + + $ldap = new ldapMultiplexer($ldap_l); if(isset($_POST['new_user_uid'])){ $uid = $_POST['new_user_uid']; @@ -1030,6 +1150,14 @@ class Step_Migrate extends setup_step $pw2 = $_POST['new_user_password2']; } + + $ldap->cd($cv['base']); + $ldap->search("(uid=".$uid.")"); + if($ldap->count()){ + msg_dialog::display(_("Input error"),msgPool::duplicated(_("Uid")), ERROR_DIALOG); + return false; + } + if(empty($pw1) || empty($pw2) | ($pw1 != $pw2)){ msg_dialog::display(_("Password error"), _("Provided passwords do not match!"), ERROR_DIALOG); return false; @@ -1039,17 +1167,8 @@ class Step_Migrate extends setup_step msg_dialog::display(_("Input error"), _("Specify a valid user ID!"), ERROR_DIALOG); return false; } - - /* On first call check for rid/sid base */ - $cv = $this->parent->captured_values; - $ldap_l = new LDAP($cv['admin'], - $cv['password'], - $cv['connection'], - FALSE, - $cv['tls']); - - $ldap = new ldapMultiplexer($ldap_l); - + + /* Get current base attributes */ $ldap->cd($cv['base']); @@ -1286,7 +1405,7 @@ class Step_Migrate extends setup_step /* Fix displayed dn syntax */ $tmp = $this->outside_winstations; foreach($tmp as $key => $data){ - $tmp[$key]['dn'] = @LDAP::fix($data['dn']); + $tmp[$key]['dn'] = LDAP::fix($data['dn']); } $smarty = get_smarty(); @@ -1332,7 +1451,7 @@ class Step_Migrate extends setup_step /* Fix displayed dn syntax */ $tmp = $this->outside_groups; foreach($tmp as $key => $data){ - $tmp[$key]['dn'] = @LDAP::fix($data['dn']); + $tmp[$key]['dn'] = LDAP::fix($data['dn']); } $smarty = get_smarty(); @@ -1380,7 +1499,7 @@ class Step_Migrate extends setup_step /* Fix displayed dn syntax */ $tmp = $this->outside_users; foreach($tmp as $key => $data){ - $tmp[$key]['dn'] = @LDAP::fix($data['dn']); + $tmp[$key]['dn'] = LDAP::fix($data['dn']); } $smarty = get_smarty(); @@ -1403,35 +1522,62 @@ class Step_Migrate extends setup_step $this->initialize_checks(); } } - + /************* - * User Migration handling + * Root object class check + *************/ + + if(isset($_POST['root_add_objectclasses'])){ + $this->rootOC_migrate_dialog = TRUE; + $this->dialog = TRUE; + } + if(isset($_POST['rootOC_dialog_cancel'])){ + $this->rootOC_migrate_dialog = FALSE; + $this->dialog = FALSE; + } + if(isset($_POST['rootOC_migrate_start'])){ + if($this->checkBaseOC(FALSE)){ + $this->checkBaseOC(); // Update overview info + $this->dialog = FALSE; + $this->rootOC_migrate_dialog = FALSE; + } + } + + + if($this->rootOC_migrate_dialog){ + $smarty = get_smarty(); + $smarty->assign("details",$this->rootOC_details); + $smarty->assign("method","rootOC_migrate_dialog"); + return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__)))); + } + + /************* + * Administrative Account -- Migrate/Create *************/ if(isset($_POST['retry_acls'])){ $this->check_administrativeAccount(); } + /* Dialog handling */ if(isset($_POST['create_acls'])){ $this->acl_create_dialog = TRUE; $this->dialog = TRUE; } + + if(isset($_POST['migrate_acls'])){ + $this->acl_migrate_dialog = TRUE; + $this->dialog = TRUE; + } - if(isset($_POST['create_acls_cancel'])){ + if(isset($_POST['create_acls_cancel']) || isset($_POST['migrate_acls_cancel'])){ $this->acl_create_dialog = FALSE; + $this->acl_migrate_dialog = FALSE; $this->dialog = FALSE; $this->show_details = FALSE; } -# if(isset($_POST['create_acls_create_confirmed'])){ -# if($this->create_admin()){ -# $this->acl_create_dialog = FALSE; -# $this->dialog = FALSE; -# $this->show_details = FALSE; -# $this->initialize_checks(); -# } -# } - + /* Account creation */ if(isset($_POST['create_acls_create'])){ $this->create_admin(TRUE); } @@ -1443,14 +1589,45 @@ class Step_Migrate extends setup_step } } + /* Add admin acls for the selected users to the ldap base. + */ + if($this->acl_migrate_dialog && isset($_POST['migrate_admin_user'])){ + + /* Update ldap and reload check infos + */ + $this->migrate_selected_admin_users(); + $this->dialog = FALSE; + $this->acl_migrate_dialog = FALSE; + + }elseif($this->acl_migrate_dialog){ + + /* Display admin migration dialog. + */ + $this->migrate_users(); + $smarty = get_smarty(); + + /* Do we have to display the changes + */ + $details = isset($_POST['details']) && $_POST['details']; + if(isset($_POST['migrate_acls_show_changes'])){ + $details = TRUE; + }elseif(isset($_POST['migrate_acls_hide_changes'])){ + $details = FALSE; + } + + $smarty->assign("migrate_acl_base_entry", $this->migrate_acl_base_entry); + $smarty->assign("details", $details); + $smarty->assign("method","migrate_acls"); + $smarty->assign("migrateable_users",$this->migrate_users); + return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__)))); + } + if($this->acl_create_dialog){ $smarty = get_smarty(); - $uid = "admin"; if(isset($_POST['new_user_uid'])){ $uid = $_POST['new_user_uid']; } - $smarty->assign("new_user_uid",$uid); $smarty->assign("new_user_password",@$_POST['new_user_password']); $smarty->assign("new_user_password2",@$_POST['new_user_password2']); @@ -1504,7 +1681,7 @@ class Step_Migrate extends setup_step /* Fix displayed dn syntax */ $tmp = $this->users_to_migrate; foreach($tmp as $key => $data){ - $tmp[$key]['dn'] = @LDAP::fix($data['dn']); + $tmp[$key]['dn'] = LDAP::fix($data['dn']); } $smarty = get_smarty(); @@ -1560,7 +1737,7 @@ class Step_Migrate extends setup_step /* Fix displayed dn syntax */ $tmp = $this->deps_to_migrate; foreach($tmp as $key => $data){ - $tmp[$key]['dn'] = @LDAP::fix($data['dn']); + $tmp[$key]['dn'] = LDAP::fix($data['dn']); } $smarty->assign("deps_to_migrate",$tmp); @@ -1637,7 +1814,7 @@ class Step_Migrate extends setup_step } if(isset($_POST['migrate_services'])){ - $this->migrate_usb_services(); + $this->migrate_services(); # $this->dialog = FALSE; # $this->show_details = FALSE; # $this->service_dialog = FALSE; @@ -1681,7 +1858,7 @@ class Step_Migrate extends setup_step } if(isset($_POST['migrate_menus'])){ - $this->migrate_usb_menus(); + $this->migrate_menus(); # $this->dialog = FALSE; # $this->show_details = FALSE; # $this->menu_dialog = FALSE; @@ -1836,6 +2013,151 @@ class Step_Migrate extends setup_step } + /* Check if the root object includes the required object classes, e.g. gosaDepartment is required for ACLs. + * If the parameter just_check is true, then just check for the OCs. + * If the Parameter is false, try to add the required object classes. + */ + function checkBaseOC($just_check = TRUE) + { + /* Establish ldap connection */ + $cv = $this->parent->captured_values; + $ldap_l = new LDAP($cv['admin'], + $cv['password'], + $cv['connection'], + FALSE, + $cv['tls']); + + $ldap = new ldapMultiplexer($ldap_l); + + /* Check if root object exists */ + $ldap->cd($cv['base']); + $ldap->cat($cv['base']); + if(!$ldap->count()){ + $this->checks['rootOC']['STATUS'] = FALSE; + $this->checks['rootOC']['STATUS_MSG']= _("LDAP query failed"); + $this->checks['rootOC']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); + return; + } + + $attrs = $ldap->fetch(); + + /* Root object doesn't exists + */ + if(!in_array("gosaDepartment",$attrs['objectClass'])){ + if($just_check){ + + $this->rootOC_details = array(); + $mods = array(); + + /* Get list of possible container objects, to be able to detect naming + * attributes and missing attribute types. + */ + if(!class_available("departmentManagement")){ + $this->checks['rootOC']['STATUS'] = FALSE; + $this->checks['rootOC']['STATUS_MSG']= _("Failed"); + $this->checks['rootOC']['ERROR_MSG'] = sprintf(_("Missing GOsa object class '%s'!"),"departmentManagement"). + " "._("Please check your installation."); + return; + } + + /* Try to detect base class type, e.g. is it a dcObject. + */ + $dep_types = departmentManagement::get_support_departments(); + $dep_type =""; + foreach($dep_types as $dep_name => $dep_class){ + if(in_array($dep_class['CLASS'], $attrs['objectClass'])){ + $dep_type = $dep_name; + break; + } + } + + /* If no known base class was detect, abort with message + */ + if(empty($dep_type)){ + $this->checks['rootOC']['STATUS'] = FALSE; + $this->checks['rootOC']['STATUS_MSG']= _("Failed"); + $this->checks['rootOC']['ERROR_MSG'] = + sprintf(_("Cannot handle the structural object type of your root object. Please try to add the object class '%s' manually."),"gosaDepartment"); + return; + } + + /* Create 'current' and 'target' object properties, to be able to display + * a set of modifications required to create a valid GOsa department. + */ + $str = "dn: ".$cv['base']."\n"; + for($i = 0 ; $i<$attrs['objectClass']['count'];$i++){ + $str .= "objectClass: ".$attrs['objectClass'][$i]."\n"; + } + $this->rootOC_details['current'] = $str; + + /* Create target infos + */ + $str = "dn: ".$cv['base']."\n"; + for($i = 0 ; $i<$attrs['objectClass']['count'];$i++){ + $str .= "objectClass: ".$attrs['objectClass'][$i]."\n"; + $mods['objectClass'][] = $attrs['objectClass'][$i]; + } + $mods['objectClass'][] = "gosaDepartment"; + $str .= "objectClass: gosaDepartment\n"; + + /* Append attribute 'ou', it is required by gosaDepartment + */ + if(!isset($attrs['ou'])){ + $val = "GOsa"; + if(isset($attrs[$dep_types[$dep_type]['ATTR']][0])){ + $val = $attrs[$dep_types[$dep_type]['ATTR']][0]; + } + $str .= "ou: ".$val."\n"; + $mods['ou'] =$val; + } + + /*Append description, it is required by gosaDepartment too. + */ + if(!isset($attrs['description'])){ + $val = "GOsa"; + if(isset($attrs[$dep_types[$dep_type]['ATTR']][0])){ + $val = $attrs[$dep_types[$dep_type]['ATTR']][0]; + } + $str .= "description: ".$val."\n"; + $mods['description'] = $val; + } + $this->rootOC_details['target'] = $str; + $this->rootOC_details['mods'] = $mods; + + /* Add button that allows to open the migration details + */ + $this->checks['rootOC']['STATUS'] = FALSE; + $this->checks['rootOC']['STATUS_MSG']= _("Failed"); + $this->checks['rootOC']['ERROR_MSG'] = " "; + + return(FALSE); + }else{ + + /* Add root object */ + $ldap->cd($cv['base']); + if(isset($this->rootOC_details['mods'])){ + $res = $ldap->modify($this->rootOC_details['mods']); + if(!$res){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $cv['base'], LDAP_MOD, get_class())); + } + $this->checkBaseOC(); + $this->check_administrativeAccount(); + return($res); + }else{ + trigger_error("No modifications to make... "); + } + } + return(TRUE); + } + + /* Create & remove of dummy object was successful */ + $this->checks['rootOC']['STATUS'] = TRUE; + $this->checks['rootOC']['STATUS_MSG']= _("Ok"); + $this->checks['rootOC']['ERROR_MSG'] = ""; + } + + /* Return ldif information for a * given attribute array */ @@ -1877,7 +2199,7 @@ class Step_Migrate extends setup_step $tmp = array(); while($attrs = $ldap->fetch()){ - $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']); + $tmp[base64_encode($attrs['dn'])] = LDAP::fix($attrs['dn']); } return($tmp); } @@ -1960,7 +2282,7 @@ class Step_Migrate extends setup_step /* Get winstation ou */ if($cv['generic_settings']['wws_ou_active']) { - $winstation_ou = $cv['generic_settings']['ws_ou']; + $winstation_ou = $cv['generic_settings']['wws_ou']; }else{ $winstation_ou = "ou=winstations"; } @@ -2071,7 +2393,7 @@ class Step_Migrate extends setup_step $tmp = array(); while($attrs = $ldap->fetch()){ - $tmp[base64_encode($attrs['dn'])] = @LDAP::fix($attrs['dn']); + $tmp[base64_encode($attrs['dn'])] = LDAP::fix($attrs['dn']); } return($tmp); } @@ -2145,6 +2467,8 @@ class Step_Migrate extends setup_step } + /*! \brief Act in posts from the device migration dialog + */ function check_device_posts() { foreach($this->device as $key => $device){ @@ -2157,6 +2481,10 @@ class Step_Migrate extends setup_step } + /*! \brief Check for old style (gosa-2.5) devices. + Save readable informations and a list of migratable devices + in $this->devices. + */ function check_usb_devices () { /* Establish ldap connection */ @@ -2241,7 +2569,7 @@ class Step_Migrate extends setup_step } $this->checks['old_style_devices']['STATUS'] = FALSE; - $this->checks['old_style_devices']['STATUS_MSG']= _("Failed"); + $this->checks['old_style_devices']['STATUS_MSG']= ""._("Warning").""; $this->checks['old_style_devices']['ERROR_MSG'] = sprintf(_("There are %s devices that need to be migrated."),count($this->device)). ""; @@ -2252,6 +2580,11 @@ class Step_Migrate extends setup_step } } + + /*! \brief Migrate all selected devices. + Execute all required ldap actions to migrate the + selected devices. + */ function migrate_usb_devices () { /* Establish ldap connection */ @@ -2293,12 +2626,18 @@ class Step_Migrate extends setup_step $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$newdn)); $ldap->cd($newdn); $ldap->add($new_attr); + + /* Throw an error message if the action failed. + */ if(!$ldap->success()){ msg_dialog::display(_("LDAP error"), - sprintf(_("Ldap add failed for %s with error %s"), + sprintf(_("Adding '%s' to the LDAP failed: %s"), "".LDAP::fix($newdn)."", "

".$ldap->get_error().""), ERROR_DIALOG); }else{ + + /* Remove old style device definition from source object. + */ $update['gotoHotplugDevice'] = array(); for($i = 0 ; $i < $attrs['gotoHotplugDevice']['count'] ; $i++){ if($attrs['gotoHotplugDevice'][$i] == $device['OLD_DEVICE']){ @@ -2312,7 +2651,7 @@ class Step_Migrate extends setup_step $ldap->cat($device['DN'],array("gotoHotplugDevice")); if(!$ldap->success()){ msg_dialog::display(_("LDAP error"), - sprintf(_("Ldap update failed for %s with error %s"), + sprintf(_("Updating '%s' failed: %s"), "".LDAP::fix($device['DN'])."", "

".$ldap->get_error().""), ERROR_DIALOG); }else{ @@ -2322,10 +2661,16 @@ class Step_Migrate extends setup_step } } } + $this->check_usb_devices(); } - + /*! \brief Check for old style (gosa-2.5) services that have to be migrated + to be useable in gosa-2.6. + All required changes are stored in $this->service, also some + readable informations describing the actions required + to migrate the service + */ function check_services() { /* Establish ldap connection */ @@ -2377,7 +2722,7 @@ class Step_Migrate extends setup_step */ if(count($this->service)){ $this->checks['old_style_services']['STATUS'] = FALSE; - $this->checks['old_style_services']['STATUS_MSG']= _("Failed"); + $this->checks['old_style_services']['STATUS_MSG']= ""._("Warning").""; $this->checks['old_style_services']['ERROR_MSG'] = sprintf(_("There are %s services that need to be migrated."), count($this->service)). @@ -2390,7 +2735,12 @@ class Step_Migrate extends setup_step } - function migrate_usb_services() + + /*! \brief Migrate selected services. + This function executes the commands collected by the + service_check() function. + */ + function migrate_services() { /* Establish ldap connection */ @@ -2418,7 +2768,7 @@ class Step_Migrate extends setup_step */ if(!$ldap->success()){ msg_dialog::display(_("LDAP error"), - sprintf(_("Ldap update failed for %s with error %s"), + sprintf(_("Updating '%s' failed: %s"), "".LDAP::fix($service['DN'])."", "

".$ldap->get_error().""), ERROR_DIALOG); }else{ @@ -2430,9 +2780,16 @@ class Step_Migrate extends setup_step } } } + + /* Update the service migration status + */ + $this->check_services(); } + /*! \brief Ensure that posts made on the service migration dialog + are processed. + */ function check_service_posts() { foreach($this->service as $key => $service){ @@ -2445,11 +2802,14 @@ class Step_Migrate extends setup_step } + /*! \brief This function checks the given ldap for old style (gosa-2.5) + menu entries and will prepare a list of actions that are required + to migrate them to gosa-2.6. + All required actions and some readable informations are stored in + $this->menu. + */ function check_menus() { - - $start = microtime(1); - /* Establish ldap connection */ $cv = $this->parent->captured_values; @@ -2475,18 +2835,11 @@ class Step_Migrate extends setup_step return; } - - $releases = array(); - while($attrs = $ldap->fetch()){ - if(preg_match("/,ou=fai,/",$attrs['dn']) && in_array("organizationalUnit",$attrs['objectClass'])){ - $tmp = split("\,",$attrs['dn']); - $fai_base = preg_replace("/,ou=fai,.*$/","",$attrs['dn']); - $releases[convert_department_dn($fai_base,$cv['base'])] = $attrs['dn']; - } - } - - + /* Create application -> parameter mapping, used later to detect + which configured parameter belongs to which application entry. + */ $amap= array(); + $todo = array(); $ldap->cd($cv['base']); $ldap->search("(objectClass=gosaApplication)", array("cn", "gosaApplicationParameter")); while($info = $ldap->fetch()){ @@ -2503,16 +2856,17 @@ class Step_Migrate extends setup_step } } - /* Search for all groups */ + /* Search for all groups that have an old style application menu configured. + */ + $appgroups = array(); $ldap->cd($cv['base']); $ldap->search("(&(objectClass=gosaApplicationGroup)(objectClass=posixGroup)(FAIrelease=*))", - array("gosaMemberApplication","gosaApplicationParameter","FAIrelease","objectClass")); - $appgroups = array(); + array("gosaMemberApplication","gosaApplicationParameter","FAIrelease","objectClass","gosaUnitTag")); /* Create readable prefix for "What will be done" infos */ - $s_add = ""._("add")."\t"; - $s_del = ""._("remove")."\t"; + $s_add = ""._("Add")."\t"; + $s_del = ""._("Remove")."\t"; /* Walk through all found old-style menu configurations. -Prepare ldap update list $data @@ -2524,6 +2878,13 @@ class Step_Migrate extends setup_step $current = ""; $after =""; + /* Get unit tag + */ + $tag =""; + if(isset($info['gosaUnitTag'])){ + $tag = $info['gosaUnitTag'][0]; + } + /* Collect application parameter for this group */ $params= array(); @@ -2534,17 +2895,17 @@ class Step_Migrate extends setup_step } } - /* Create release dn part. - eg. "sisa/1.0.0" => "ou=1.0.0,ou=siga," + /* Create release container for each release/subrelease. + eg. "sisa/1.0.0": + . "ou=siga, ..." + . "ou=1.0.0,ou=siga, .." */ $release = ""; $r = $info['FAIrelease'][0]; - $z = split("/",$r); + $z = explode("/",$r); foreach($z as $part){ - if(empty($part)){ - echo __LINE__; exit(); - }else{ + if(!empty($part)){ $release = "ou=".$part.",".$release; /* Append release department information to "What will be done" info @@ -2554,12 +2915,23 @@ class Step_Migrate extends setup_step $after .= $s_add."objectClass: top\n"; $after .= $s_add."objectClass: FAIbranch\n"; $after .= $s_add."objectClass: organizationalUnit\n"; + + /* Append UnitTag + */ + if($tag != ""){ + $after .= $s_add."objectClass: gosaAdministrativeUnitTag\n"; + $after .= $s_add."gosaUnitTag: $tag\n"; + } $after .= $s_add."ou: $part\n"; - /* Appen release data to ldap actions + /* Append release data to ldap actions */ $d = array(); $d['objectClass'] = array("top","FAIbranch","organizationalUnit"); + if(!empty($tag)){ + $d['objectClass'][] = "gosaAdministrativeUnitTag"; + $d['gosaUnitTag'] = $tag; + } $d['ou'] = $part; $data['ADD'][$release_dn]= $d; } @@ -2583,7 +2955,7 @@ class Step_Migrate extends setup_step */ $current .= $s_del."gosaMemberApplication: ".$info['gosaMemberApplication'][$i]."\n"; - /* Append ldap update action to remove the old menu entry + /* Append ldap update action to remove the old menu entry attributes */ unset($info['objectClass']['count']); $d = array(); @@ -2606,29 +2978,49 @@ class Step_Migrate extends setup_step $after .= "\n"; $after .= $s_add."dn: $location_dn$release_dn\n"; $after .= $s_add."objectClass: gotoSubmenuEntry\n"; - $after .= $s_add."cn: $location\n"; + /* Append UnitTag + */ + if($tag != ""){ + $after .= $s_add."objectClass: gosaAdministrativeUnitTag\n"; + $after .= $s_add."gosaUnitTag: $tag\n"; + } + $after .= $s_add."cn: $location\n"; + + /* Create ldap entry to append + */ $d = array(); $d['cn'] = $location; $d['objectClass'] = array("gotoSubmenuEntry"); + if(!empty($tag)){ + $d['objectClass'][] = "gosaAdministrativeUnitTag"; + $d['gosaUnitTag'] = $tag; + } $data['ADD'][$location_dn.$release_dn] = $d; } - - /* Append missing menu entry to "What is done info" + /* Append missing menu entry for "What is done info". */ - if(empty($name)){ - echo __LINE__; exit(); - }else{ + if(!empty($name)){ $after .= "\n"; $after .= $s_add."dn: cn=$name,$location_dn$release_dn\n"; $after .= $s_add."objectClass: gotoMenuEntry\n"; + if($tag != ""){ + $after .= $s_add."objectClass: gosaAdministrativeUnitTag\n"; + $after .= $s_add."gosaUnitTag: $tag\n"; + } $after .= $s_add."cn: $name\n"; $after .= $s_add."gosaApplicationPriority: $priority\n"; + /* Create ldap entry + */ $d= array(); $d['objectClass'] = array("gotoMenuEntry"); + if(!empty($tag)){ + $d['objectClass'][] = "gosaAdministrativeUnitTag"; + $d['gosaUnitTag'] = $tag; + } $d['cn'] = $name; $d['gosaApplicationPriority'] = $priority; @@ -2642,7 +3034,9 @@ class Step_Migrate extends setup_step } } } - + + /* Updated todo list + */ $todo[] = array( "DETAILS" => FALSE, "DN" => $info['dn'], @@ -2651,6 +3045,9 @@ class Step_Migrate extends setup_step "TODO" => $data ); } + + /* Remember checks. + */ $this->menu = $todo; /* Check if we were able to query the ldap server @@ -2658,16 +3055,19 @@ class Step_Migrate extends setup_step if(count($this->menu)){ $this->checks['old_style_menus']['STATUS'] = FALSE; $this->checks['old_style_menus']['STATUS_MSG']= ""._("Warning").""; - $this->checks['old_style_menus']['ERROR_MSG'] = sprintf(_("There are %s application menus which have to be converted."), + $this->checks['old_style_menus']['ERROR_MSG'] = sprintf(_("There are %s application menus which have to be migrated."), count($this->menu)).""; }else{ $this->checks['old_style_menus']['STATUS'] = TRUE; $this->checks['old_style_menus']['STATUS_MSG']= _("Ok"); $this->checks['old_style_menus']['ERROR_MSG'] = ""; - } } + + /*! \brief Handle posts for the menu_dialog + Ensure that checked checkboxes stay checked. + */ function check_menu_posts() { foreach($this->menu as $key => $menu){ @@ -2679,7 +3079,13 @@ class Step_Migrate extends setup_step } } - function migrate_usb_menus() + + /*! \brief This function updates old-style application menus to + valid 2.6 application menus. + All selected menus will be converted (DETAILS = TRUE). + The ldap actions collected by check_menus() will be executed. + */ + function migrate_menus() { /* Establish ldap connection @@ -2692,21 +3098,19 @@ class Step_Migrate extends setup_step $cv['tls']); $ldap = new ldapMultiplexer($ldap_l); - - /* First detect all release names - */ $ldap->cd($cv['base']); + /* Walk through menus and detect selected menu + */ foreach($this->menu as $key => $menu){ if($menu['DETAILS']) { + /* Excute all LDAP-ADD actions + */ $success = TRUE; foreach($menu['TODO']['ADD'] as $dn => $data){ $ldap->cd($cv['base']); - $base = preg_replace("/^[^,]+,/","",$dn); - if(!$ldap->dn_exists($base)){ - echo "FEHLER !!! ES FEHLT : ".$base."
"; - }elseif(!$ldap->dn_exists($dn)){ + if(!$ldap->dn_exists($dn)){ $ldap->cd($dn); $ldap->add($data); if (!$ldap->success()){ @@ -2716,10 +3120,11 @@ class Step_Migrate extends setup_step } } + /* Execute all LDAP-MODIFY actions + */ foreach($menu['TODO']['MODIFY'] as $dn => $data){ - if(!$ldap->dn_exists($dn)){ - echo "FEHLER !!! ES FEHLT : ".$dn."
"; - }else{ + $ldap->cd($cv['base']); + if($ldap->dn_exists($dn)){ $ldap->cd($dn); $ldap->modify($data); if (!$ldap->success()){ @@ -2728,13 +3133,161 @@ class Step_Migrate extends setup_step } } } + + /* If every action was successful, remove this entry from the list + */ if($success){ unset($this->menu[$key]); } } } + + /* Udpate migration status for application menus + */ + $this->check_menus(); } -} + + function migrate_selected_admin_users() + { + /* Updated ui selection */ + $this->migrate_users(); + + /* Establish ldap connection */ + $cv = $this->parent->captured_values; + $ldap_l = new LDAP($cv['admin'], + $cv['password'], + $cv['connection'], + FALSE, + $cv['tls']); + + $ldap = new ldapMultiplexer($ldap_l); + $ldap->cd($cv['base']); + + /* Get current ACL configuration for the ldap base + */ + $ldap->cat($cv['base']); + $base_attrs = $ldap->fetch(); + $acl_entries= array(); + $acl_id = -1; + if(isset($base_attrs['gosaAclEntry'])){ + for($i=0; $i < $base_attrs['gosaAclEntry']['count']; $i ++){ + $acl_entries[] = $base_attrs['gosaAclEntry'][$i]; + $cur_id = preg_replace("/^([0-9]*):.*$/","\\1",$base_attrs['gosaAclEntry'][$i]); + if($cur_id > $acl_id){ + $acl_id = $cur_id; + } + } + } + + /* Append ACLs selected in the migrate admin account dialog + */ + foreach($this->migrate_users as $entry){ + if($entry['checked']){ + $acl_id ++; + $acl_entries[] = $acl_id.$entry['change']; + } + } + + /* Check if the required objectClasses are available + */ + $ocs = array(); + for($i=0;$i< $base_attrs['objectClass']['count']; $i++){ + $ocs[] = $base_attrs['objectClass'][$i]; + } + if(!in_array("gosaACL",$ocs)){ + $ocs[] = "gosaACL"; + } + + /* Try to write changes + */ + if(count($acl_entries)){ + $new_entry['gosaAclEntry'] = $acl_entries; + $new_entry['objectClass'] = $ocs; + $ldap->cd($cv['base']); + $ldap->modify($new_entry); + if(!$ldap->success()){ + $this->checks['acls']['TITLE'] = _("Checking for super administrator"); + $this->checks['acls']['STATUS'] = FALSE; + $this->checks['acls']['STATUS_MSG']= _("Failed"); + $this->checks['acls']['ERROR_MSG'] = "
".msgPool::ldaperror($cv['base'],$ldap->get_error(),LDAP_MOD); + }else{ + $this->check_administrativeAccount(); + } + } + } + + + function migrate_users() + { + /* Collect a list of available GOsa users and groups + */ + + /* Establish ldap connection */ + $cv = $this->parent->captured_values; + $ldap_l = new LDAP($cv['admin'], + $cv['password'], + $cv['connection'], + FALSE, + $cv['tls']); + + $ldap = new ldapMultiplexer($ldap_l); + $ldap->cd($cv['base']); + + $users = array(); + $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)". + "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn")); + while($user_attrs = $ldap->fetch()){ + $users[$user_attrs['dn']] = $user_attrs['uid'][0]; + $rusers[$user_attrs['uid'][0]] = $user_attrs['dn']; + } + $groups = array(); + $ldap->search("objectClass=posixGroup",array("cn","dn")); + while($group_attrs = $ldap->fetch()){ + $groups[$group_attrs['dn']] = $group_attrs['cn'][0]; + } + + foreach($this->migrate_users as $id => $data){ + $this->migrate_users[$id]['checked'] = isset($_POST['migrate_admin_'.$id]); + } + + /* Try to find an old GOsa 2.5 administrative account that may be migrated + */ + if(!count($this->migrate_users)){ + $ldap->cat($cv['base']); + $base_data = $ldap->fetch(); + $base_entry = "dn: ".$base_data['dn']."\n"; + for($i=0;$i<$base_data['objectClass']['count'];$i++){ + $base_entry .= "objectClass: ".$base_data['objectClass'][$i]."\n"; + } + if(!in_array("gosaACL",$base_data['objectClass'])){ + $base_entry .= "objectClass: gosaACL\n"; + } + if(isset($base_data['gosaAclEntry'])){ + for($i=0;$i<$base_data['gosaAclEntry']['count'];$i++){ + $base_entry .= "gosaAclEntry: ".$base_data['gosaAclEntry'][$i]."\n"; + } + } + $this->migrate_acl_base_entry = $base_entry; + $ldap->cd($cv['base']); + $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn")); + while($p_group = $ldap->fetch()){ + for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){ + $user = $p_group['memberUid'][$e]; + if(isset($rusers[$user])){ + $bsp_acl_entry = "gosaAclEntry: #:psub:".base64_encode($rusers[$user]).":all;cmdrw\n"; + $entry = array(); + $entry['uid'] = $user; + $entry['dn'] = $rusers[$user]; + $entry['details'] = $bsp_acl_entry; + $entry['checked'] = FALSE; + $entry['change'] = ":psub:".base64_encode($rusers[$user]).":all;cmdrw"; + $this->migrate_users[] = $entry; + } + } + } + } + } +} // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>