X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fsetup%2Fclass_setupStep_Migrate.inc;h=eee96634b8a0a00639d281b519b2c7445f3e615b;hb=72fb2e186b2f815f0fecdf71a6bc66ea676be72f;hp=eec10f2e00f88b9369517c56590da861ab74ac14;hpb=33342d67a40186d36cf26d454ef50cb2771a7aee;p=gosa.git
diff --git a/gosa-core/setup/class_setupStep_Migrate.inc b/gosa-core/setup/class_setupStep_Migrate.inc
index eec10f2e0..eee96634b 100644
--- a/gosa-core/setup/class_setupStep_Migrate.inc
+++ b/gosa-core/setup/class_setupStep_Migrate.inc
@@ -108,6 +108,15 @@ class Step_Migrate extends setup_step
var $group_list = array();
+ /* Migrateable users */
+ var $migrate_users = array();
+ var $acl_migrate_dialog = FALSE;
+ var $migrate_acl_base_entry = "";
+
+ /* Root object classes */
+ var $rootOC_migrate_dialog = FALSE;
+ var $rootOC_details = array();
+
function Step_Migrate()
{
$this->update_strings();
@@ -129,7 +138,13 @@ class Step_Migrate extends setup_step
$this->checks['root']['ERROR_MSG'] = "";
$this->checkBase();
- $this->checks['permissions']['TITLE'] = _("Checking permissions on LDAP database");
+ $this->checks['rootOC']['TITLE'] = _("Inspecting object classes in root object");
+ $this->checks['rootOC']['STATUS'] = FALSE;
+ $this->checks['rootOC']['STATUS_MSG']= "";
+ $this->checks['rootOC']['ERROR_MSG'] = "";
+ $this->checkBaseOC();
+
+ $this->checks['permissions']['TITLE'] = _("Checking permission for LDAP database");
$this->checks['permissions']['STATUS'] = FALSE;
$this->checks['permissions']['STATUS_MSG']= "";
$this->checks['permissions']['ERROR_MSG'] = "";
@@ -146,6 +161,7 @@ class Step_Migrate extends setup_step
$this->checks['users_visible']['ERROR_MSG'] = "";
$this->check_gosaAccounts();
+ $this->migrate_users = array();
$this->checks['acls']['TITLE'] = _("Checking for super administrator");
$this->checks['acls']['STATUS'] = FALSE;
$this->checks['acls']['STATUS_MSG']= "";
@@ -851,6 +867,13 @@ class Step_Migrate extends setup_step
*/
function check_administrativeAccount()
{
+ /* Reset settings
+ */
+ $GOsa_26_found = FALSE;
+ $this->migrate_users = array();
+ $this->acl_migrate_dialog = FALSE;
+ $this->migrate_acl_base_entry = "";
+
/* Establish ldap connection */
$cv = $this->parent->captured_values;
$ldap_l = new LDAP($cv['admin'],
@@ -862,37 +885,71 @@ class Step_Migrate extends setup_step
$ldap = new ldapMultiplexer($ldap_l);
$ldap->cd($cv['base']);
$res = $ldap->cat($cv['base']);
-
+
if(!$res){
$this->checks['acls']['STATUS'] = FALSE;
$this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
$this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
}else{
- $found = false;
+ $GOsa_26_found = false; // GOsa 2.6 Account found
+ $GOsa_25_found = false; // GOsa 2.5 Account found, allow migration
+
$username = "";
$attrs = $ldap->fetch();
+
+ /* Collect a list of available GOsa users and groups
+ */
+ $users = array();
+ $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)".
+ "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn"));
+ while($user_attrs = $ldap->fetch()){
+ $users[$user_attrs['dn']] = $user_attrs['uid'][0];
+ $rusers[$user_attrs['uid'][0]] = $user_attrs['dn'];
+ }
+ $groups = array();
+ $ldap->search("objectClass=posixGroup",array("cn","dn"));
+ while($group_attrs = $ldap->fetch()){
+ $groups[$group_attrs['dn']] = $group_attrs['cn'][0];
+ }
+
+ /* Check if a valid GOsa 2.6 admin exists
+ -> gosaAclEntry for an existing and accessible user.
+ */
+ $valid_users = "";
+ $valid_groups = "";
if(isset($attrs['gosaAclEntry'])){
$acls = $attrs['gosaAclEntry'];
for($i = 0 ; $i < $acls['count'] ; $i++){
$acl = $acls[$i];
- $tmp = split(":",$acl);
+ $tmp = explode(":",$acl);
+
if($tmp[1] == "psub"){
- $members = split(",",$tmp[2]);
+ $members = explode(",",$tmp[2]);
foreach($members as $member){
$member = base64_decode($member);
-
- /* Check if acl owner is a valid GOsa user account */
- $ldap->cat($member,array("objectClass","uid","cn"));
- $ret = $ldap->fetch();
-
- if(isset($ret['objectClass']) && in_array("posixGroup",$ret['objectClass'])){
- $found = TRUE;
- $username .= "ACL-Group: ".$ret['cn'][0]."
";
- }elseif(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
- in_array("organizationalPerson",$ret['objectClass']) &&
- in_array("inetOrgPerson",$ret['objectClass'])){
- $found = TRUE;
- $username .= "ACL: ".$ret['uid'][0]."
";
+ if(isset($users[$member])){
+ if(preg_match("/all;cmdrw/i",$tmp[3])){
+ $valid_users .= $users[$member].", ";
+ $GOsa_26_found = TRUE;
+ }
+ }
+ if(isset($groups[$member])){
+ if(preg_match("/all;cmdrw/i",$tmp[3])){
+ $ldap->cat($member);
+ $group_attrs = $ldap->fetch();
+ $val_users = "";
+ if(isset($group_attrs['memberUid'])){
+ for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){
+ if(isset($rusers[$group_attrs['memberUid'][$e]])){
+ $val_users .= $group_attrs['memberUid'][$e].", ";
+ }
+ }
+ }
+ if(!empty($val_users)){
+ $valid_groups .= $groups[$member]."(".trim($val_users,", ")."), ";
+ $GOsa_26_found = TRUE;
+ }
+ }
}
}
}elseif($tmp[1] == "role"){
@@ -908,19 +965,29 @@ class Step_Migrate extends setup_step
$a_str = $ret['gosaAclTemplate'][$e];
if(preg_match("/^[0-9]*:psub:/",$a_str) && preg_match("/:all;cmdrw$/",$a_str)){
- $members = split(",",$tmp[3]);
+ $members = explode(",",$tmp[3]);
foreach($members as $member){
$member = base64_decode($member);
- /* Check if acl owner is a valid GOsa user account */
- $ldap->cat($member,array("objectClass","uid"));
- $ret = $ldap->fetch();
-
- if(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
- in_array("organizationalPerson",$ret['objectClass']) &&
- in_array("inetOrgPerson",$ret['objectClass'])){
- $found = TRUE;
- $username .= "ACL Role: ".$ret['uid'][0]."
";
+ if(isset($users[$member])){
+ $valid_users .= $users[$member].", ";
+ $GOsa_26_found = TRUE;
+ }
+ if(isset($groups[$member])){
+ $ldap->cat($member);
+ $group_attrs = $ldap->fetch();
+ $val_users = "";
+ if(isset($group_attrs['memberUid'])){
+ for($e = 0 ; $e < $group_attrs['memberUid']['count']; $e ++){
+ if(isset($rusers[$group_attrs['memberUid'][$e]])){
+ $val_users .= $group_attrs['memberUid'][$e].", ";
+ }
+ }
+ }
+ if(!empty($val_users)){
+ $valid_groups .= $groups[$member]."(".trim($val_users,", ")."), ";
+ $GOsa_26_found = TRUE;
+ }
}
}
}
@@ -930,13 +997,53 @@ class Step_Migrate extends setup_step
}
}
- # For debugging
- #echo $username;
+ /* Try to find an old GOsa 2.5 administrative account that may be migrated
+ */
+ if(!$GOsa_26_found){
+ $valid_users = "";
+ $valid_groups = "";
+ $ldap->cd($cv['base']);
+ $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
+ while($p_group = $ldap->fetch()){
+ $val_users = "";
+ for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){
+ $user = $p_group['memberUid'][$e];
+ if(isset($rusers[$user])){
+ $val_users .= $user.", ";
+ }
+ }
+ if(!empty($val_users)){
+ $valid_groups .= $groups[$p_group['dn']]."(".trim($val_users,", ")."), ";
+ $GOsa_25_found = TRUE;
+ }
+ }
+ }
+
- if($found){
+ /* Print out results
+ */
+ if($GOsa_25_found){
+ $str = "";
+ if(!empty($valid_groups)){
+ $str.= "".sprintf(_("GOsa 2.5 administrative accounts found: %s"),trim($valid_groups,", "))."
";
+ }
+ $this->checks['acls']['STATUS'] = FALSE;
+ $this->checks['acls']['STATUS_MSG']= _("Failed");
+ $this->checks['acls']['ERROR_MSG'] = $str;
+ $this->checks['acls']['ERROR_MSG'].= _("There is no valid GOsa 2.6 administrator account inside your LDAP.")." ";
+ $this->checks['acls']['ERROR_MSG'].= "";
+ $this->checks['acls']['ERROR_MSG'].= "";
+ }elseif($GOsa_26_found){
+ $str = "";
+ if(!empty($valid_users)){
+ $str.= ""._("Users").": ".trim($valid_users,", ")."
";
+ }
+ if(!empty($valid_groups)){
+ $str.= ""._("Groups").": ".trim($valid_groups,", ")."
";
+ }
$this->checks['acls']['STATUS'] = TRUE;
$this->checks['acls']['STATUS_MSG']= _("Ok");
- $this->checks['acls']['ERROR_MSG'] = "";
+ $this->checks['acls']['ERROR_MSG'] = $str;
}else{
$this->checks['acls']['STATUS'] = FALSE;
$this->checks['acls']['STATUS_MSG']= _("Failed");
@@ -944,7 +1051,10 @@ class Step_Migrate extends setup_step
$this->checks['acls']['ERROR_MSG'].= "";
}
}
- return($ldap->count()>=1);
+
+ // Reload base OC
+ $this->checkBaseOC();
+ return($GOsa_26_found);
}
@@ -1412,35 +1522,62 @@ class Step_Migrate extends setup_step
$this->initialize_checks();
}
}
-
+
/*************
- * User Migration handling
+ * Root object class check
+ *************/
+
+ if(isset($_POST['root_add_objectclasses'])){
+ $this->rootOC_migrate_dialog = TRUE;
+ $this->dialog = TRUE;
+ }
+ if(isset($_POST['rootOC_dialog_cancel'])){
+ $this->rootOC_migrate_dialog = FALSE;
+ $this->dialog = FALSE;
+ }
+ if(isset($_POST['rootOC_migrate_start'])){
+ if($this->checkBaseOC(FALSE)){
+ $this->checkBaseOC(); // Update overview info
+ $this->dialog = FALSE;
+ $this->rootOC_migrate_dialog = FALSE;
+ }
+ }
+
+
+ if($this->rootOC_migrate_dialog){
+ $smarty = get_smarty();
+ $smarty->assign("details",$this->rootOC_details);
+ $smarty->assign("method","rootOC_migrate_dialog");
+ return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
+ }
+
+ /*************
+ * Administrative Account -- Migrate/Create
*************/
if(isset($_POST['retry_acls'])){
$this->check_administrativeAccount();
}
+ /* Dialog handling */
if(isset($_POST['create_acls'])){
$this->acl_create_dialog = TRUE;
$this->dialog = TRUE;
}
+
+ if(isset($_POST['migrate_acls'])){
+ $this->acl_migrate_dialog = TRUE;
+ $this->dialog = TRUE;
+ }
- if(isset($_POST['create_acls_cancel'])){
+ if(isset($_POST['create_acls_cancel']) || isset($_POST['migrate_acls_cancel'])){
$this->acl_create_dialog = FALSE;
+ $this->acl_migrate_dialog = FALSE;
$this->dialog = FALSE;
$this->show_details = FALSE;
}
-# if(isset($_POST['create_acls_create_confirmed'])){
-# if($this->create_admin()){
-# $this->acl_create_dialog = FALSE;
-# $this->dialog = FALSE;
-# $this->show_details = FALSE;
-# $this->initialize_checks();
-# }
-# }
-
+ /* Account creation */
if(isset($_POST['create_acls_create'])){
$this->create_admin(TRUE);
}
@@ -1452,14 +1589,45 @@ class Step_Migrate extends setup_step
}
}
+ /* Add admin acls for the selected users to the ldap base.
+ */
+ if($this->acl_migrate_dialog && isset($_POST['migrate_admin_user'])){
+
+ /* Update ldap and reload check infos
+ */
+ $this->migrate_selected_admin_users();
+ $this->dialog = FALSE;
+ $this->acl_migrate_dialog = FALSE;
+
+ }elseif($this->acl_migrate_dialog){
+
+ /* Display admin migration dialog.
+ */
+ $this->migrate_users();
+ $smarty = get_smarty();
+
+ /* Do we have to display the changes
+ */
+ $details = isset($_POST['details']) && $_POST['details'];
+ if(isset($_POST['migrate_acls_show_changes'])){
+ $details = TRUE;
+ }elseif(isset($_POST['migrate_acls_hide_changes'])){
+ $details = FALSE;
+ }
+
+ $smarty->assign("migrate_acl_base_entry", $this->migrate_acl_base_entry);
+ $smarty->assign("details", $details);
+ $smarty->assign("method","migrate_acls");
+ $smarty->assign("migrateable_users",$this->migrate_users);
+ return($smarty->fetch(get_template_path("setup_migrate.tpl",TRUE,dirname(__FILE__))));
+ }
+
if($this->acl_create_dialog){
$smarty = get_smarty();
-
$uid = "admin";
if(isset($_POST['new_user_uid'])){
$uid = $_POST['new_user_uid'];
}
-
$smarty->assign("new_user_uid",$uid);
$smarty->assign("new_user_password",@$_POST['new_user_password']);
$smarty->assign("new_user_password2",@$_POST['new_user_password2']);
@@ -1845,6 +2013,151 @@ class Step_Migrate extends setup_step
}
+ /* Check if the root object includes the required object classes, e.g. gosaDepartment is required for ACLs.
+ * If the parameter just_check is true, then just check for the OCs.
+ * If the Parameter is false, try to add the required object classes.
+ */
+ function checkBaseOC($just_check = TRUE)
+ {
+ /* Establish ldap connection */
+ $cv = $this->parent->captured_values;
+ $ldap_l = new LDAP($cv['admin'],
+ $cv['password'],
+ $cv['connection'],
+ FALSE,
+ $cv['tls']);
+
+ $ldap = new ldapMultiplexer($ldap_l);
+
+ /* Check if root object exists */
+ $ldap->cd($cv['base']);
+ $ldap->cat($cv['base']);
+ if(!$ldap->count()){
+ $this->checks['rootOC']['STATUS'] = FALSE;
+ $this->checks['rootOC']['STATUS_MSG']= _("LDAP query failed");
+ $this->checks['rootOC']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
+ return;
+ }
+
+ $attrs = $ldap->fetch();
+
+ /* Root object doesn't exists
+ */
+ if(!in_array("gosaDepartment",$attrs['objectClass'])){
+ if($just_check){
+
+ $this->rootOC_details = array();
+ $mods = array();
+
+ /* Get list of possible container objects, to be able to detect naming
+ * attributes and missing attribute types.
+ */
+ if(!class_available("departmentManagement")){
+ $this->checks['rootOC']['STATUS'] = FALSE;
+ $this->checks['rootOC']['STATUS_MSG']= _("Failed");
+ $this->checks['rootOC']['ERROR_MSG'] = sprintf(_("Missing GOsa object class '%s'!"),"departmentManagement").
+ " "._("Please check your installation.");
+ return;
+ }
+
+ /* Try to detect base class type, e.g. is it a dcObject.
+ */
+ $dep_types = departmentManagement::get_support_departments();
+ $dep_type ="";
+ foreach($dep_types as $dep_name => $dep_class){
+ if(in_array($dep_class['CLASS'], $attrs['objectClass'])){
+ $dep_type = $dep_name;
+ break;
+ }
+ }
+
+ /* If no known base class was detect, abort with message
+ */
+ if(empty($dep_type)){
+ $this->checks['rootOC']['STATUS'] = FALSE;
+ $this->checks['rootOC']['STATUS_MSG']= _("Failed");
+ $this->checks['rootOC']['ERROR_MSG'] =
+ sprintf(_("Cannot handle the structural object type of your root object. Please try to add the object class '%s' manually."),"gosaDepartment");
+ return;
+ }
+
+ /* Create 'current' and 'target' object properties, to be able to display
+ * a set of modifications required to create a valid GOsa department.
+ */
+ $str = "dn: ".$cv['base']."\n";
+ for($i = 0 ; $i<$attrs['objectClass']['count'];$i++){
+ $str .= "objectClass: ".$attrs['objectClass'][$i]."\n";
+ }
+ $this->rootOC_details['current'] = $str;
+
+ /* Create target infos
+ */
+ $str = "dn: ".$cv['base']."\n";
+ for($i = 0 ; $i<$attrs['objectClass']['count'];$i++){
+ $str .= "objectClass: ".$attrs['objectClass'][$i]."\n";
+ $mods['objectClass'][] = $attrs['objectClass'][$i];
+ }
+ $mods['objectClass'][] = "gosaDepartment";
+ $str .= "objectClass: gosaDepartment\n";
+
+ /* Append attribute 'ou', it is required by gosaDepartment
+ */
+ if(!isset($attrs['ou'])){
+ $val = "GOsa";
+ if(isset($attrs[$dep_types[$dep_type]['ATTR']][0])){
+ $val = $attrs[$dep_types[$dep_type]['ATTR']][0];
+ }
+ $str .= "ou: ".$val."\n";
+ $mods['ou'] =$val;
+ }
+
+ /*Append description, it is required by gosaDepartment too.
+ */
+ if(!isset($attrs['description'])){
+ $val = "GOsa";
+ if(isset($attrs[$dep_types[$dep_type]['ATTR']][0])){
+ $val = $attrs[$dep_types[$dep_type]['ATTR']][0];
+ }
+ $str .= "description: ".$val."\n";
+ $mods['description'] = $val;
+ }
+ $this->rootOC_details['target'] = $str;
+ $this->rootOC_details['mods'] = $mods;
+
+ /* Add button that allows to open the migration details
+ */
+ $this->checks['rootOC']['STATUS'] = FALSE;
+ $this->checks['rootOC']['STATUS_MSG']= _("Failed");
+ $this->checks['rootOC']['ERROR_MSG'] = " ";
+
+ return(FALSE);
+ }else{
+
+ /* Add root object */
+ $ldap->cd($cv['base']);
+ if(isset($this->rootOC_details['mods'])){
+ $res = $ldap->modify($this->rootOC_details['mods']);
+ if(!$res){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $cv['base'], LDAP_MOD, get_class()));
+ }
+ $this->checkBaseOC();
+ $this->check_administrativeAccount();
+ return($res);
+ }else{
+ trigger_error("No modifications to make... ");
+ }
+ }
+ return(TRUE);
+ }
+
+ /* Create & remove of dummy object was successful */
+ $this->checks['rootOC']['STATUS'] = TRUE;
+ $this->checks['rootOC']['STATUS_MSG']= _("Ok");
+ $this->checks['rootOC']['ERROR_MSG'] = "";
+ }
+
+
/* Return ldif information for a
* given attribute array
*/
@@ -2589,7 +2902,7 @@ class Step_Migrate extends setup_step
*/
$release = "";
$r = $info['FAIrelease'][0];
- $z = split("/",$r);
+ $z = explode("/",$r);
foreach($z as $part){
if(!empty($part)){
@@ -2833,7 +3146,148 @@ class Step_Migrate extends setup_step
*/
$this->check_menus();
}
-}
+
+ function migrate_selected_admin_users()
+ {
+ /* Updated ui selection */
+ $this->migrate_users();
+
+ /* Establish ldap connection */
+ $cv = $this->parent->captured_values;
+ $ldap_l = new LDAP($cv['admin'],
+ $cv['password'],
+ $cv['connection'],
+ FALSE,
+ $cv['tls']);
+
+ $ldap = new ldapMultiplexer($ldap_l);
+ $ldap->cd($cv['base']);
+
+ /* Get current ACL configuration for the ldap base
+ */
+ $ldap->cat($cv['base']);
+ $base_attrs = $ldap->fetch();
+ $acl_entries= array();
+ $acl_id = -1;
+ if(isset($base_attrs['gosaAclEntry'])){
+ for($i=0; $i < $base_attrs['gosaAclEntry']['count']; $i ++){
+ $acl_entries[] = $base_attrs['gosaAclEntry'][$i];
+ $cur_id = preg_replace("/^([0-9]*):.*$/","\\1",$base_attrs['gosaAclEntry'][$i]);
+ if($cur_id > $acl_id){
+ $acl_id = $cur_id;
+ }
+ }
+ }
+
+ /* Append ACLs selected in the migrate admin account dialog
+ */
+ foreach($this->migrate_users as $entry){
+ if($entry['checked']){
+ $acl_id ++;
+ $acl_entries[] = $acl_id.$entry['change'];
+ }
+ }
+
+ /* Check if the required objectClasses are available
+ */
+ $ocs = array();
+ for($i=0;$i< $base_attrs['objectClass']['count']; $i++){
+ $ocs[] = $base_attrs['objectClass'][$i];
+ }
+ if(!in_array("gosaACL",$ocs)){
+ $ocs[] = "gosaACL";
+ }
+
+ /* Try to write changes
+ */
+ if(count($acl_entries)){
+ $new_entry['gosaAclEntry'] = $acl_entries;
+ $new_entry['objectClass'] = $ocs;
+ $ldap->cd($cv['base']);
+ $ldap->modify($new_entry);
+ if(!$ldap->success()){
+ $this->checks['acls']['TITLE'] = _("Checking for super administrator");
+ $this->checks['acls']['STATUS'] = FALSE;
+ $this->checks['acls']['STATUS_MSG']= _("Failed");
+ $this->checks['acls']['ERROR_MSG'] = "
".msgPool::ldaperror($cv['base'],$ldap->get_error(),LDAP_MOD);
+ }else{
+ $this->check_administrativeAccount();
+ }
+ }
+ }
+
+
+ function migrate_users()
+ {
+ /* Collect a list of available GOsa users and groups
+ */
+
+ /* Establish ldap connection */
+ $cv = $this->parent->captured_values;
+ $ldap_l = new LDAP($cv['admin'],
+ $cv['password'],
+ $cv['connection'],
+ FALSE,
+ $cv['tls']);
+
+ $ldap = new ldapMultiplexer($ldap_l);
+ $ldap->cd($cv['base']);
+
+ $users = array();
+ $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)".
+ "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))",array("uid","dn"));
+ while($user_attrs = $ldap->fetch()){
+ $users[$user_attrs['dn']] = $user_attrs['uid'][0];
+ $rusers[$user_attrs['uid'][0]] = $user_attrs['dn'];
+ }
+ $groups = array();
+ $ldap->search("objectClass=posixGroup",array("cn","dn"));
+ while($group_attrs = $ldap->fetch()){
+ $groups[$group_attrs['dn']] = $group_attrs['cn'][0];
+ }
+
+ foreach($this->migrate_users as $id => $data){
+ $this->migrate_users[$id]['checked'] = isset($_POST['migrate_admin_'.$id]);
+ }
+
+ /* Try to find an old GOsa 2.5 administrative account that may be migrated
+ */
+ if(!count($this->migrate_users)){
+ $ldap->cat($cv['base']);
+ $base_data = $ldap->fetch();
+ $base_entry = "dn: ".$base_data['dn']."\n";
+ for($i=0;$i<$base_data['objectClass']['count'];$i++){
+ $base_entry .= "objectClass: ".$base_data['objectClass'][$i]."\n";
+ }
+ if(!in_array("gosaACL",$base_data['objectClass'])){
+ $base_entry .= "objectClass: gosaACL\n";
+ }
+ if(isset($base_data['gosaAclEntry'])){
+ for($i=0;$i<$base_data['gosaAclEntry']['count'];$i++){
+ $base_entry .= "gosaAclEntry: ".$base_data['gosaAclEntry'][$i]."\n";
+ }
+ }
+ $this->migrate_acl_base_entry = $base_entry;
+ $ldap->cd($cv['base']);
+ $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
+ while($p_group = $ldap->fetch()){
+ for($e = 0 ; $e < $p_group['memberUid']['count'] ; $e ++ ){
+ $user = $p_group['memberUid'][$e];
+ if(isset($rusers[$user])){
+ $bsp_acl_entry = "gosaAclEntry: #:psub:".base64_encode($rusers[$user]).":all;cmdrw\n";
+ $entry = array();
+ $entry['uid'] = $user;
+ $entry['dn'] = $rusers[$user];
+ $entry['details'] = $bsp_acl_entry;
+ $entry['checked'] = FALSE;
+ $entry['change'] = ":psub:".base64_encode($rusers[$user]).":all;cmdrw";
+ $this->migrate_users[] = $entry;
+ }
+ }
+ }
+ }
+ }
+}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>