X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=setup%2Fclass_setupStep_Migrate.inc;h=2ec63d3bc6335fda18a2ea4c250ed5f862cd75a7;hb=85608f6e1e4acece64f42d3f9f1e63b77c9e1f72;hp=8354a765e2b494b031d67d096f5d1794c39a85ae;hpb=8a237c6020861b40d845598145e79efdf0446fcd;p=gosa.git
diff --git a/setup/class_setupStep_Migrate.inc b/setup/class_setupStep_Migrate.inc
index 8354a765e..2ec63d3bc 100644
--- a/setup/class_setupStep_Migrate.inc
+++ b/setup/class_setupStep_Migrate.inc
@@ -67,7 +67,6 @@ class Step_Migrate extends setup_step
/* Create Acl attributes */
var $acl_create_dialog = FALSE;
- var $acl_create_type = "group";
var $acl_create_selected= ""; // Currently selected element, that should receive admin rights
var $acl_create_changes = ""; // Contains ldif information about changes
var $acl_create_confirmed= FALSE;
@@ -342,6 +341,21 @@ class Step_Migrate extends setup_step
$group_ou = $cv['groupou'];
$ldap->cd($cv['base']);
+
+ /***********
+ * Get all gosaDepartments to be able to
+ * validate correct ldap tree position of every single user
+ ***********/
+ $valid_deps = array();
+ $valid_deps['/'] = $cv['base'];
+ $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
+ while($attrs = $ldap->fetch()){
+ $valid_deps[$attrs['ou'][0]] = $attrs['dn'];
+ }
+
+ /***********
+ * Get all groups
+ ***********/
$res = $ldap->search("(objectClass=posixGroup)",array("dn"));
if(!$res){
$this->checks['outside_groups']['STATUS'] = FALSE;
@@ -350,13 +364,18 @@ class Step_Migrate extends setup_step
return(false);
}
-
- $this->outside_groups = array();
while($attrs = $ldap->fetch()){
- if((!preg_match("/^[^,]+,".normalizePreg($group_ou)."/",$attrs['dn'])) && !preg_match("/,dc=addressbook,/",$attrs['dn'])){
+ $group_db_base = preg_replace("/^[^,]+,".normalizePreg($group_ou)."/","",$attrs['dn']);
+
+ /* Check if entry is not an addressbook only user
+ * and verify that he is in a valid department
+ */
+ if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$group_db_base) &&
+ !in_array($group_db_base,$valid_deps)
+ ){
$attrs['selected'] = FALSE;
$attrs['ldif'] = "";
- $this->outside_groups[base64_encode($attrs['dn'])] = $attrs;
+ $this->outside_users[base64_encode($attrs['dn'])] = $attrs;
}
}
@@ -386,8 +405,24 @@ class Step_Migrate extends setup_step
$cv['connection'],
FALSE,
$cv['tls']);
- $people_ou = $cv['peopleou'];
+
$ldap->cd($cv['base']);
+
+
+ /***********
+ * Get all gosaDepartments to be able to
+ * validate correct ldap tree position of every single user
+ ***********/
+ $valid_deps = array();
+ $valid_deps['/'] = $cv['base'];
+ $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn","ou"));
+ while($attrs = $ldap->fetch()){
+ $valid_deps[$attrs['ou'][0]] = $attrs['dn'];
+ }
+
+ /***********
+ * Search for all users
+ ***********/
$res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))",array("dn"));
if(!$res){
$this->checks['outside_users']['STATUS'] = FALSE;
@@ -396,10 +431,24 @@ class Step_Migrate extends setup_step
return(false);
}
-
+ /***********
+ * Check if returned users are within a valid GOsa deparmtment. (peopleou,gosaDepartment,base)
+ ***********/
$this->outside_users = array();
+ $people_ou = trim($cv['peopleou']);
+ if(!empty($people_ou)){
+ $people_ou = $people_ou.",";
+ }
+
while($attrs = $ldap->fetch()){
- if((!preg_match("/^[^,]+,".normalizePreg($people_ou)."/",$attrs['dn']) && !preg_match("/,dc=addressbook,/",$attrs['dn']))){
+ $people_db_base = preg_replace("/^[^,]+,".normalizePreg($people_ou)."/","",$attrs['dn']);
+
+ /* Check if entry is not an addressbook only user
+ * and verify that he is in a valid department
+ */
+ if( !preg_match("/".normalizePreg("dc=addressbook,")."/",$people_db_base) &&
+ !in_array($people_db_base,$valid_deps)
+ ){
$attrs['selected'] = FALSE;
$attrs['ldif'] = "";
$this->outside_users[base64_encode($attrs['dn'])] = $attrs;
@@ -623,12 +672,12 @@ class Step_Migrate extends setup_step
$cv['tls']);
/* Skip GOsa internal departments */
- $skip_dns = array("/^ou=people,/","/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
+ $skip_dns = array("/".$cv['peopleou']."/","/".$cv['groupou']."/","/^ou=people,/",
+ "/^ou=groups,/","/(,|)ou=configs,/","/(,|)ou=systems,/",
"/^ou=apps,/","/^ou=mime,/","/^ou=aclroles,/","/^ou=incoming,/",
"/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/",
"/(,|)ou=winstations,/");
-
/* Get all invisible departments */
$ldap->cd($cv['base']);
$res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))",array("ou","description","dn"));
@@ -748,83 +797,60 @@ class Step_Migrate extends setup_step
FALSE,
$cv['tls']);
- /* Search for gosaAcls */
+ /* Search for groups that have complete permissions */
$ldap->cd($cv['base']);
- $res = $ldap->cat($cv['base']);
-
+ $res = $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid","cn"));
+
+ /* If ldap search failed, set error message */
if(!$res){
$this->checks['acls']['STATUS'] = FALSE;
$this->checks['acls']['STATUS_MSG']= _("LDAP query failed");
$this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing.");
}else{
- $found = false;
- $username = "";
- $attrs = $ldap->fetch();
- if(isset($attrs['gosaAclEntry'])){
- $acls = $attrs['gosaAclEntry'];
- for($i = 0 ; $i < $acls['count'] ; $i++){
- $acl = $acls[$i];
- $tmp = split(":",$acl);
- if($tmp[1] == "psub"){
- $members = split(",",$tmp[2]);
- foreach($members as $member){
- $member = base64_decode($member);
-
- /* Check if acl owner is a valid GOsa user account */
- $ldap->cat($member,array("objectClass","uid","cn"));
- $ret = $ldap->fetch();
-
- if(isset($ret['objectClass']) && in_array("posixGroup",$ret['objectClass'])){
- $found = TRUE;
- $username .= "ACL-Group: ".$ret['cn'][0]."
";
- }elseif(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
- in_array("organizationalPerson",$ret['objectClass']) &&
- in_array("inetOrgPerson",$ret['objectClass'])){
- $found = TRUE;
- $username .= "ACL: ".$ret['uid'][0]."
";
- }
- }
- }elseif($tmp[1] == "role"){
-
- /* Check if acl owner is a valid GOsa user account */
- $ldap->cat(base64_decode($tmp[2]),array("gosaAclTemplate"));
- $ret = $ldap->fetch();
-
- if(isset($ret['gosaAclTemplate'])){
- $cnt = $ret['gosaAclTemplate']['count'];
- for($e = 0 ; $e < $cnt ; $e++){
-
- $a_str = $ret['gosaAclTemplate'][$e];
- if(preg_match("/^[0-9]*:psub:/",$a_str) && preg_match("/:all;cmdrw$/",$a_str)){
-
- $members = split(",",$tmp[3]);
- foreach($members as $member){
- $member = base64_decode($member);
-
- /* Check if acl owner is a valid GOsa user account */
- $ldap->cat($member,array("objectClass","uid"));
- $ret = $ldap->fetch();
-
- if(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) &&
- in_array("organizationalPerson",$ret['objectClass']) &&
- in_array("inetOrgPerson",$ret['objectClass'])){
- $found = TRUE;
- $username .= "ACL Role: ".$ret['uid'][0]."
";
- }
- }
- }
- }
- }
- }
- }
+
+ /* */
+ $found = FALSE;
+ $debug = "";
+ $admin_groups = array();
+
+ /* Get all returned groups */
+ while($attrs = $ldap->fetch()){
+ $admin_groups[]= $attrs;
}
+ /* Walk through groups and check if memberUid exists in ldap database */
+ foreach($admin_groups as $group){
+
+ $debug .= "".$group['cn'][0].":
";
+
+ $count_member = $group['memberUid']['count'];
+
+ /* Check every single group member */
+ for($i = 0 ; $i < $count_member ; $i++){
+ $debug .= $group['memberUid'][$i];
+
+ /* Check if user exists */
+ $ldap->search("(&(objectClass=gosaAccount)(uid=".$group['memberUid'][$i]."))",array("dn"));
+ $cnt= $ldap->count();
+
+ /* Update found-status if there is a member available */
+ if($cnt == 1){
+ $debug .= " ->Found
";
+ $found = TRUE;
+ }elseif($cnt == 0 ){
+ $debug .= " -> NOT Found
";
+ }else{
+ $debug .= " -> Found more than once -.-
";
+ }
+ }
+
+ }
# For debugging
- #echo $username;
+ # echo $debug."
----------------
";
if($found){
$this->checks['acls']['STATUS'] = TRUE;
- $this->checks['acls']['STATUS_MSG']= _("Ok")." ";
+ $this->checks['acls']['STATUS_MSG']= _("Ok");
$this->checks['acls']['ERROR_MSG'] = "";
}else{
$this->checks['acls']['STATUS'] = FALSE;
@@ -855,56 +881,99 @@ class Step_Migrate extends setup_step
$cv['connection'],
FALSE,
$cv['tls']);
-
- /* Get current base attributes */
+
$ldap->cd($cv['base']);
- $ldap->cat($cv['base'],array("dn","objectClass","gosaAclEntry"));
- $attrs = $ldap->fetch();
-
- /* Add acls for the selcted user to the base */
- $attrs_new['objectClass'] = array("gosaACL");
+ $ldap->cat($dn,array("objectClass","cn","uid"));
+ $object_attrs = $ldap->fetch();
+ $type = "none";
+
+ /* Check object that should receive admin acls */
+ if(in_array("gosaAccount",$object_attrs['objectClass'])){
+ $type = "user";
+ }elseif(in_array("posixGroup",$object_attrs['objectClass'])){
+ $type = "group";
+ }
+
+ /* If a user should get administrative acls, we
+ * should check if there is an administrational group
+ * and just assign the user to it.
+ * If there is no such group, we must create one.
+ */
+ if($type == "user"){
- for($i = 0; $i < $attrs['objectClass']['count']; $i ++){
- if(!in_array_ics($attrs['objectClass'][$i],$attrs_new['objectClass'])){
- $attrs_new['objectClass'][] = $attrs['objectClass'][$i];
- }
- }
+ $ldap->search("(&(objectClass=posixGroup)(gosaSubtreeACL=:all)(memberUid=*))",array("memberUid"));
+ if($ldap->count()){
+ $fetched_attrs = $ldap->fetch();
+ $attrs_admin_group = $this->cleanup_array($fetched_attrs);
+ $attrs_admin_group_new = $attrs_admin_group;
- $acl = "0:psub:".base64_encode($dn).":all;cmdrw";
- $attrs_new['gosaAclEntry'][] = $acl;
- if(isset($attrs['gosaAclEntry'])){
- for($i = 0 ; $i < $attrs['gosaAclEntry']['count']; $i ++){
-
- $prio = preg_replace("/[:].*$/","",$attrs['gosaAclEntry'][$i]);
- $rest = preg_replace("/^[^:]/","",$attrs['gosaAclEntry'][$i]);
-
- $data = ($prio+1).$rest;
- $attrs_new['gosaAclEntry'][] = $data;
- }
- }
+ if(!isset($attrs_admin_group_new['memberUid'])){
+ $attrs_admin_group_new['memberUid'] = array();
+ }
+ if(!in_array($object_attrs['uid'][0],$attrs_admin_group_new['memberUid'])){
+ $attrs_admin_group_new['memberUid'][] = $object_attrs['uid'][0];
+ }
- if($only_ldif){
- $this->acl_create_changes ="\n".$cv['base']."\n";
- $this->acl_create_changes.=$this->array_to_ldif($attrs)."\n";
- $this->acl_create_changes.="\n".$cv['base']."\n";
- $this->acl_create_changes.=$this->array_to_ldif($attrs_new);
- }else{
-
- $ldap->cd($cv['base']);
- if(!$ldap->modify($attrs_new)){
- print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
- return(FALSE);
+ if($only_ldif){
+ $this->acl_create_changes = _("Appending user to group administrational group: \n");
+ $this->acl_create_changes.= "\n"._("Before").":\n";
+ $this->acl_create_changes.= $fetched_attrs['dn']."\n";
+ $this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group)."\n";
+ $this->acl_create_changes.= "\n"._("After").":\n";
+ $this->acl_create_changes.= $fetched_attrs['dn']."\n";
+ $this->acl_create_changes.= $this->array_to_ldif($attrs_admin_group_new)."\n";
+ }else{
+ $ldap->cd($fetched_attrs['dn']);
+ $ldap->modify($attrs_admin_group_new);
+ if(!preg_match("/success/i",$ldap->get_error())){
+ print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
+ return(FALSE);
+ }
+ }
+
}else{
- return(TRUE);
+
+ $group_ou = trim($cv['groupou']);
+ if(!empty($group_ou)){
+ $group_ou = trim($group_ou).",";
+ }
+
+ $new_group_dn = "cn=GOsa Administrators,".$group_ou.$cv['base'];
+ $new_group_attrs['objectClass'] = array("gosaObject","posixGroup");
+ $new_group_attrs['cn'] = "GOsa Administrators";
+ $new_group_attrs['gosaSubtreeACL'] = ":all";
+ $new_group_attrs['gidNumber'] = "999";
+ $new_group_attrs['memberUid'] = array($object_attrs['uid'][0]);
+
+ if($only_ldif){
+ $this->acl_create_changes = _("Creating new administrational group: \n\n");
+ $this->acl_create_changes.= $new_group_dn."\n";
+ $this->acl_create_changes.= $this->array_to_ldif($new_group_attrs);
+ }else{
+ $ldap->cd($cv['base']);
+ $ldap->create_missing_trees($group_ou.$cv['base']);
+ $ldap->cd($new_group_dn);
+ $res = $ldap->add($new_group_attrs);
+ if(!$res){
+ print_red(sprintf(_("Adding acls for user '%s' failed, ldap says '%s'."),$dn,$ldap->get_error()));
+ return(FALSE);
+ }
+ }
}
}
+ return(TRUE);
}
function create_admin_user()
{
$pw1 = $pw2 = "";
+ $uid = "";
+ if(isset($_POST['new_user_uid'])){
+ $uid = $_POST['new_user_uid'];
+ }
+
if(isset($_POST['new_user_password'])){
$pw1 = $_POST['new_user_password'];
}
@@ -916,7 +985,12 @@ class Step_Migrate extends setup_step
print_red(_("Specified passwords are empty or not equal."));
return false;
}
-
+
+ if(!is_uid($uid) || empty($uid)){
+ print_red(_("Please specify a valid uid."));
+ return false;
+ }
+
/* Establish ldap connection */
$cv = $this->parent->captured_values;
$ldap = new LDAP($cv['admin'],
@@ -927,11 +1001,16 @@ class Step_Migrate extends setup_step
/* Get current base attributes */
$ldap->cd($cv['base']);
-
+
+ $people_ou = trim($cv['peopleou']);
+ if(!empty($people_ou)){
+ $people_ou = trim($people_ou).",";
+ }
+
if($cv['peopledn'] == "cn"){
- $dn = "cn=System Administrator,".$cv['peopleou'].",".$cv['base'];
+ $dn = "cn=System Administrator,".$people_ou.$cv['base'];
}else{
- $dn = "uid=admin,".$cv['peopleou'].",".$cv['base'];
+ $dn = "uid=".$uid.",".$people_ou.$cv['base'];
}
$methods = @passwordMethod::get_available_methods_if_not_loaded();
@@ -944,10 +1023,17 @@ class Step_Migrate extends setup_step
$new_user['givenName'] = "System";
$new_user['sn'] = "Administrator";
$new_user['cn'] = "System Administrator";
- $new_user['uid'] = "admin";
+ $new_user['uid'] = $uid;
$new_user['userPassword'] = $hash;
$ldap->cd($cv['base']);
+ $ldap->cat($dn,array("dn"));
+ if($ldap->count()){
+ print_red(sprintf(_("Could not add administrative user, there is already an object with the same dn '%s' in your ldap database."),
+ $dn));
+ return(FALSE);
+ }
+
$ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dn));
$ldap->cd($dn);
$res = $ldap->add($new_user);
@@ -1080,7 +1166,7 @@ class Step_Migrate extends setup_step
print_red(_("Couldn't move users to specified department."));
return(false);
}
-
+
foreach($this->outside_users as $b_dn => $data){
$this->outside_users[$b_dn]['ldif'] ="";
if($data['selected']){
@@ -1264,14 +1350,14 @@ class Step_Migrate extends setup_step
$this->show_details = FALSE;
}
- if(isset($_POST['create_acls_create_confirmed'])){
- if($this->create_admin()){
- $this->acl_create_dialog = FALSE;
- $this->dialog = FALSE;
- $this->show_details = FALSE;
- $this->initialize_checks();
- }
- }
+# if(isset($_POST['create_acls_create_confirmed'])){
+# if($this->create_admin()){
+# $this->acl_create_dialog = FALSE;
+# $this->dialog = FALSE;
+# $this->show_details = FALSE;
+# $this->initialize_checks();
+# }
+# }
if(isset($_POST['create_acls_create'])){
$this->create_admin(TRUE);
@@ -1286,13 +1372,15 @@ class Step_Migrate extends setup_step
if($this->acl_create_dialog){
$smarty = get_smarty();
+
+ $uid = "admin";
+ if(isset($_POST['new_user_uid'])){
+ $uid = $_POST['new_user_uid'];
+ }
+
+ $smarty->assign("new_user_uid",$uid);
$smarty->assign("new_user_password",@$_POST['new_user_password']);
$smarty->assign("new_user_password2",@$_POST['new_user_password2']);
- $smarty->assign("users" ,$this->get_user_list());
- $smarty->assign("users_cnt" ,count($this->get_user_list()));
- $smarty->assign("groups",$this->get_group_list());
- $smarty->assign("groups_cnt",count($this->get_group_list()));
- $smarty->assign("type" ,$this->acl_create_type);
$smarty->assign("method","create_acls");
$smarty->assign("acl_create_selected",$this->acl_create_selected);
$smarty->assign("what_will_be_done_now",$this->acl_create_changes);
@@ -1440,21 +1528,10 @@ class Step_Migrate extends setup_step
/* Get "create acl" dialog posts */
if($this->acl_create_dialog){
- if(isset($_POST['create_acls_create'])){
- if(isset($_POST['create_acls_selected'])){
- $this->acl_create_selected = base64_decode($_POST['create_acls_selected']);
- }else{
- $this->acl_create_selected = "";
- }
- }
if(isset($_POST['create_acls_create_abort'])){
$this->acl_create_selected = "";
}
-
- if(isset($_POST['acl_create_type'])){
- $this->acl_create_type = $_POST['acl_create_type'];
- }
}
/* Get selected departments */
@@ -1590,6 +1667,7 @@ class Step_Migrate extends setup_step
{
/* Get collected configuration settings */
$cv = $this->parent->captured_values;
+ $people_ou = trim($cv['peopleou']);
/* Establish ldap connection */
$ldap = new LDAP($cv['admin'],
@@ -1598,33 +1676,54 @@ class Step_Migrate extends setup_step
FALSE,
$cv['tls']);
- $ldap->cd($cv['base']);
- $ldap->search("(".$cv['peopleou'].")",array("dn"));
-
- if($ldap->count() == 0 ){
- $add_dn = $cv['peopleou'].",".$cv['base'];
- $naming_attr = preg_replace("/=.*$/","",$add_dn);
- $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
- $add = array();
- $add['objectClass'] = array("organizationalUnit");
- $add[$naming_attr] = $naming_value;
+
+ /*****************
+ * If people ou is NOT empty
+ * search for for all objects matching the given container
+ *****************/
+ if(!empty($people_ou)){
+ $ldap->search("(".$people_ou.")",array("dn"));
+
+ /* Create people ou if there is currently none */
+ if($ldap->count() == 0 ){
+ $add_dn = $cv['peopleou'].",".$cv['base'];
+ $naming_attr = preg_replace("/=.*$/","",$add_dn);
+ $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
+ $add = array();
+ $add['objectClass'] = array("organizationalUnit");
+ $add[$naming_attr] = $naming_value;
+ $ldap->cd($cv['base']);
+ $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
+ $ldap->cd($add_dn);
+ $ldap->add($add);
+ }
- $ldap->cd($cv['base']);
- $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
- $ldap->cd($add_dn);
- $ldap->add($add);
- }
+ /* Create result */
+ $ldap->search("(".$cv['peopleou'].")",array("dn"));
+ $tmp = array();
+ while($attrs= $ldap->fetch()){
+ if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
+ $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
+ }
+ }
+ } else{
- $ldap->search("(".$cv['peopleou'].")",array("dn"));
- $tmp = array();
- while($attrs= $ldap->fetch()){
- if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
- $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
+ /************
+ * If people ou is empty
+ * Get all valid gosaDepartments
+ ************/
+ $ldap->cd($cv['base']);
+ $tmp = array();
+ $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
+ $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
+ while($attrs = $ldap->fetch()){
+ $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
}
}
return($tmp);
}
+
function get_all_winstation_ous()
{
/* Get collected configuration settings */
@@ -1683,29 +1782,50 @@ class Step_Migrate extends setup_step
$cv['connection'],
FALSE,
$cv['tls']);
+
+ $group_ou = trim($cv['groupou']);
+ if(!empty($group_ou)){
+ $group_ou = trim($group_ou);
+ }
+ /************
+ * If group ou is NOT empty
+ * Get all valid group ous, create one if necessary
+ ************/
$ldap->cd($cv['base']);
- $ldap->search("(".$cv['groupou'].")",array("dn"));
-
- if($ldap->count() == 0 ){
- $add_dn = $cv['groupou'].",".$cv['base'];
- $naming_attr = preg_replace("/=.*$/","",$add_dn);
- $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
- $add = array();
- $add['objectClass'] = array("organizationalUnit");
- $add[$naming_attr] = $naming_value;
+ if(!empty($group_ou)){
+ $ldap->search("(".$group_ou.")",array("dn"));
+ if($ldap->count() == 0 ){
+ $add_dn = $group_ou.$cv['base'];
+ $naming_attr = preg_replace("/=.*$/","",$add_dn);
+ $naming_value = preg_replace("/^[^=]*+=([^,]*).*$/","\\1",$add_dn);
+ $add = array();
+ $add['objectClass'] = array("organizationalUnit");
+ $add[$naming_attr] = $naming_value;
+ $ldap->cd($cv['base']);
+ $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
+ $ldap->cd($add_dn);
+ $ldap->add($add);
+ }
+ $ldap->search("(".$group_ou.")",array("dn"));
+ $tmp = array();
+ while($attrs= $ldap->fetch()){
+ if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
+ $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
+ }
+ }
+ }else{
+ /************
+ * If group ou is empty
+ * Get all valid gosaDepartments
+ ************/
$ldap->cd($cv['base']);
- $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$add_dn));
- $ldap->cd($add_dn);
- $ldap->add($add);
- }
-
- $ldap->search("(".$cv['groupou'].")",array("dn"));
- $tmp = array();
- while($attrs= $ldap->fetch()){
- if(!preg_match("/ou=snapshots,/",$attrs['dn'])){
- $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);
+ $tmp = array();
+ $ldap->search("(&(objectClass=gosaDepartment)(ou=*))",array("dn"));
+ $tmp[base64_encode($cv['base'])] = $ldap->fix($cv['base']);
+ while($attrs = $ldap->fetch()){
+ $tmp[base64_encode($attrs['dn'])] = $ldap->fix($attrs['dn']);;
}
}
return($tmp);