Code

Updated sambaAccount
authorhickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Wed, 21 Jul 2010 10:49:19 +0000 (10:49 +0000)
committerhickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Wed, 21 Jul 2010 10:49:19 +0000 (10:49 +0000)
-Cleaned up the code from old attributes.

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@19036 594d385d-05f5-0310-b6e9-bd551577e9d8

gosa-plugins/samba/personal/samba/class_sambaAccount.inc
gosa-plugins/samba/personal/samba/samba3.tpl

index 851d2cca388241ac975a6f9525aea4196234f7ff..aa096e591a69f92d1ea540b6033dbc88535e4412 100644 (file)
 
 class sambaAccount extends plugin
 {
-  /* Definitions */
-  var $plHeadline= "Samba";
-  var $plDescription= "This does something";
-  var $view_logged = FALSE;
-  var $password_expires= 0;
-
-  /* Switch for Samba version */
-  var $uidNumber= 65535;
-  var $gidNumber= 65535;
-
-  /* Samba attributes */
-  var $SID= "";
-  var $ridBase= 0;
-  var $sambaSID= "";
-  var $sambaPwdLastSet= "0";
-  var $sambaPwdCanChange= "";
-  var $cannotChangePassword = FALSE;
-  var $sambaPwdMustChange= "0";
-  var $sambaAcctFlags= "[UX        ]";
-  var $sambaHomePath= "";
-  var $sambaHomeDrive= "";
-  var $sambaLogonScript= "";
-  var $sambaProfilePath= "";
-  var $sambaPrimaryGroupSID= "";
-  var $sambaDomainName= "";
-  var $sambaUserWorkstations= "";
-  var $sambaBadPasswordCount= "";
-  var $sambaBadPasswordTime= "";
-  var $sambaPasswordHistory= "";
-  var $sambaLogonHours= "";
-  var $orig_sambaDomainName= "";
-  var $sambaMungedDial= "";
-  var $mungedObject;
-
-  /* Helper */
-  var $cache = array();
-  var $trustSelect= FALSE;
-
-  /* attribute list for save action */
-  var $ctxattributes= array();
-  var $attributes= array("sambaSID", "sambaPwdLastSet", "sambaPwdCanChange",
-        "sambaPwdMustChange", "sambaAcctFlags", "uid", "sambaMungedDial",
-        "sambaHomePath", "sambaHomeDrive", "sambaLogonScript",
-        "sambaProfilePath", "sambaPrimaryGroupSID", "sambaDomainName",
-        "sambaUserWorkstations", "sambaPasswordHistory",
-        "sambaLogonHours", "sambaBadPasswordTime",
-        "sambaBadPasswordCount");
-  var $objectclasses= array('sambaSamAccount');
-  
-  var $uid= "";
-  var $CopyPasteVars = array("mungedObject","orig_sambaDomainName",'enforcePasswordChange','cannotChangePassword');
-
-  var $multiple_support = TRUE;
-
-  /* Only used  for multiple edit */
-  var $temporary_disable = FALSE;
-  var $no_password_required = FALSE;
-  var $no_expiry = FALSE;
-  var $multiple_sambaUserWorkstations = array();
-
-  var $enforcePasswordChange = FALSE;
-
-  function sambaAccount (&$config, $dn= NULL)
-  {
-    $this->mungedObject= new sambaMungedDial;
-    $this->ctxattributes= $this->mungedObject->ctxattributes;
-
-    plugin::plugin ($config, $dn);
-
-    /* Setting uid to default */
-    if(isset($this->attrs['uid'][0])){
-      $this->uid = $this->attrs['uid'][0];
+    /* Definitions */
+    var $plHeadline= "Samba";
+    var $plDescription= "This does something";
+    var $view_logged = FALSE;
+
+    // Domaind information, gid, sid, rid
+    var $uid= "";
+    var $uidNumber= 65535;
+    var $gidNumber= 65535;
+    var $SID= "";
+    var $ridBase= 0;
+    var $sambaSID= "";
+    var $orig_sambaDomainName= "";
+    var $sambaDomainName= "";
+
+    // Some of these attributes are just used to 
+    //  display the domain information dialog, and 
+    //  thus not writte back to the ldap. 
+    var $sambaBadPasswordCount= "";
+    var $sambaBadPasswordTime= "";
+    var $sambaPasswordHistory= "";
+    var $sambaLogonHours= "";
+    var $sambaPwdLastSet= "0";
+    var $sambaLogonTime= "0";
+    var $sambaLogoffTime= "2147483647";
+    var $sambaKickoffTime= "2147483647";
+    var $sambaPwdCanChange= "0";
+    var $sambaPwdMustChange= "0";
+
+    // Flags (checkboxes) to restrict account settings.
+    var $sambaAcctFlags= "[UX        ]";
+    var $flag_enforcePasswordChange = FALSE;
+    var $flag_passwordNeverExpires  = FALSE;
+    var $flag_noPasswordRequired    = FALSE;
+    var $flag_temporaryDisabled     = FALSE;
+    var $flag_cannotChangePassword  = FALSE;
+
+    // String values 
+    var $sambaHomePath= "";
+    var $sambaHomeDrive= "";
+    var $sambaLogonScript= "";
+    var $sambaProfilePath= "";
+    var $sambaPrimaryGroupSID= "";
+    var $sambaUserWorkstations= "";
+
+    // Munged object.
+    var $sambaMungedDial= "";
+    var $mungedObject;
+
+    /* Helper */
+    var $cache = array();
+    var $trustSelect= FALSE;
+
+    /* attribute list for save action */
+    var $ctxattributes= array();
+    var $attributes= array("sambaSID", "sambaPwdLastSet", "sambaLogonTime",
+            "sambaLogoffTime", "sambaKickoffTime", "sambaPwdCanChange",
+            "sambaPwdMustChange", "sambaAcctFlags", "uid", "sambaMungedDial",
+            "sambaHomePath", "sambaHomeDrive", "sambaLogonScript",
+            "sambaProfilePath", "sambaPrimaryGroupSID", "sambaDomainName",
+            "sambaUserWorkstations", "sambaPasswordHistory",
+            "sambaLogonHours", "sambaBadPasswordTime",
+            "sambaBadPasswordCount");
+    var $objectclasses= array('sambaSamAccount');
+
+    var $CopyPasteVars = array("mungedObject","orig_sambaDomainName");
+
+    var $multiple_support = TRUE;
+    var $multiple_sambaUserWorkstations = array();
+
+
+    function sambaAccount (&$config, $dn= NULL)
+    {
+
+        plugin::plugin ($config, $dn);
+
+        // Set current uid if possible.
+        if(isset($this->attrs['uid'][0])){
+            $this->uid = $this->attrs['uid'][0];
+        }
+
+        // Get samba domain and its sid/rid base
+        if ($this->sambaSID != ""){
+            $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
+            $ldap= $this->config->get_ldap_link();
+            $ldap->cd($this->config->current['BASE']);
+            $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase","sambaDomainName"));
+            if ($ldap->count() != 0){
+                $attrs= $ldap->fetch();
+                if(isset($attrs['sambaAlgorithmicRidBase'])){
+                    $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
+                } else {
+                    $this->ridBase= $this->config->get_cfg_value("core","sambaRidBase");
+                }
+                if ($this->sambaDomainName == ""){
+                    $this->sambaDomainName= $attrs['sambaDomainName'][0];
+                }
+            } else {
+
+                // Fall back to a 'DEFAULT' domain, if none was found in LDAP.
+                if ($this->sambaDomainName == "")  $this->sambaDomainName= "DEFAULT";
+
+                // Nothing in ldap, use configured sid and rid values.
+                $this->ridBase= $this->config->get_cfg_value("core","sambaRidBase");
+                $this->SID= $this->config->get_cfg_value("core","sambaSid");
+            }
+        }
+
+        // Keep original domain name and plugin status, to be able to detect modifications.
+        $this->orig_sambaDomainName= $this->sambaDomainName;
+        $this->initially_was_account= $this->is_account;
+
+        // Instantiate munged object and load info.
+        $this->mungedObject= new sambaMungedDial;
+        $this->ctxattributes= $this->mungedObject->ctxattributes;
+        if (isset($this->attrs['sambaMungedDial'])){
+            $this->mungedObject->load($this->sambaMungedDial);
+        }
+
+        // Load flags
+        $this->loadFlagsFromSource($this->attrs);
+    }
+
+
+    function loadFlagsFromSource($attrs)
+    {
+
+        // Samba flag description 
+        // ----------------------
+        //  The Official Samba 3.2.x HOWTO and Reference Guide
+        //  Jelmer R. Vernooij, John H. Terpstra, and Gerald (Jerry) Carter
+        //  May 27, 2009
+        // ----------------------
+        //  D - Account is disabled.
+        //  H - A home directory is required.
+        //  I - An inter-domain trust account.
+        //  L - Account has been auto-locked.
+        //  M - An MNS (Microsoft network service) logon account.
+        //  N - Password not required.
+        //  S - A server trust account.
+        //  T - Temporary duplicate account entry.
+        //  U - A normal user account.
+        //  W - A workstation trust account.
+        //  X - Password does not expire.
+
+        // sambaPwdCanChange
+        // _______________
+        // Specifies the time (UNIX time format) after which the user is allowed to change his password.
+        // If this attribute is not set, the user will be free to change his password whenever he wants.
+
+        // sambaPwdLastSet
+        // _______________
+        // The integer time in seconds since 1970 when the sambaLMPassword and sambaNTPassword attributes were last set.
+
+        // sambaPwdMustChange
+        // _______________
+        // Specifies the time (UNIX time format) when the user is forced to change his password. If this
+        // value is set to 0, the user will have to change his password at first login. If this attribute is not
+        // set, then the password will never expire.
+
+
+        // A password change is enforced by using a timestamp in sambaPwdMustChange.
+        //  We simple set it to '0' to enforce a change.
+        // --------------------------------
+        // Normally it contains a timestamp, which specifies and expiration date. 
+        $this->flag_enforcePasswordChange =  (isset($attrs['sambaPwdMustChange']) && $attrs['sambaPwdMustChange'][0] == '0');
+
+        // A user cannot change his password until the given timestamp has reached.
+        //  We simply set it to max int to disallow a password change till the timestamp reaches 4294967295, 
+        //  this is definitly far in the future and thus disallows a password change at all.
+        // --------------------------------
+        // The user is not able to change his password while sambaPwdCanChange is 4294967295 (Integer 32 Bit max)
+        $this->flag_cannotChangePassword = (isset($attrs['sambaPwdCanChange']) && $attrs['sambaPwdCanChange'][0] == '4294967295');
+
+        // Load samba account flags
+        if(isset($attrs['sambaAcctFlags'][0])){
+            $this->sambaAcctFlags = $attrs['sambaAcctFlags'][0];
+
+            // A password never expires if 'sambaAcctFlags' contains 'X'. 
+            // (See flags above for details)
+            $this->flag_passwordNeverExpires  = preg_match("/X/i", $this->sambaAcctFlags);
+
+            // A password is NOT required if 'sambaAcctFlags' contains 'N'. 
+            // (See flags above for details)
+            $this->flag_noPasswordRequired    = preg_match("/N/i", $this->sambaAcctFlags);
+
+            // A account is locked if if 'sambaAcctFlags' contains 'L' or 'D'.
+            // (See flags above for details)
+            $this->flag_temporaryDisabled = preg_match("/L/i", $this->sambaAcctFlags) ||
+                preg_match("/D/i", $this->sambaAcctFlags);
+
+        }
     }
 
-    /* Get samba Domain in case of samba 3 */
-    if ($this->sambaSID != ""){
-      $this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
-      $ldap= $this->config->get_ldap_link();
-      $ldap->cd($this->config->current['BASE']);
-      $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase","sambaDomainName"));
-      if ($ldap->count() != 0){
-        $attrs= $ldap->fetch();
-        if(isset($attrs['sambaAlgorithmicRidBase'])){
-          $this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
-        } else {
-          $this->ridBase= $this->config->get_cfg_value("core","sambaRidBase");
+    function execute()
+    {
+        /* Call parent execute */
+        plugin::execute();
+
+        /* Log view */
+        if($this->is_account && !$this->view_logged){
+            $this->view_logged = TRUE;
+            new log("view","users/".get_class($this),$this->dn);
         }
-        if ($this->sambaDomainName == ""){
-          $this->sambaDomainName= $attrs['sambaDomainName'][0];
+
+        /* Do we need to flip is_account state? */
+        if (isset($_POST['modify_state'])){
+            $this->is_account= !$this->is_account;
         }
-      } else {
-        if ($this->sambaDomainName == ""){
-          $this->sambaDomainName= "DEFAULT";
+        /* Do we represent a valid account? */
+        if (!$this->is_account && $this->parent === NULL){
+            $display= "<img alt=\"\"src=\"images/small-error.png\" align=\"middle\">&nbsp;<b>".
+                msgPool::noValidExtension(_("Samba"))."</b>";
+            $display.= back_to_main();
+            return ($display);
         }
-        $this->ridBase= $this->config->get_cfg_value("core","sambaRidBase");
-        $this->SID= $this->config->get_cfg_value("core","sambaSID");
-      }
 
-      /* Save in order to compare later on */
-      $this->orig_sambaDomainName= $this->sambaDomainName;
-    }
+        $display ="";
+        if(!$this->multiple_support_active){
+
+            // Show tab heades to activate and deactivate the samba extension.
+            $display= "";
+            if ($this->parent !== NULL){
+                if ($this->is_account){
+                    $display= $this->show_disable_header(msgPool::removeFeaturesButton(_("Samba")),
+                            msgPool::featuresEnabled(_("Samba")));
+                } else {
+
+                    // Samba3 dependency on posix accounts are enabled in the moment, because I need to rely on unique
+                    // uidNumbers. There'll be a better solution later on. 
+                    $obj= $this->parent->by_object['posixAccount'];
+                    if ($obj->is_account){
+                        $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
+                                msgPool::featuresDisabled(_("Samba")));
+                    } else {
+                        $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
+                                msgPool::featuresDisabled(_("Samba"), _("POSIX")), TRUE);
+                    }
+                    return ($display);
+                }
+            }
+        }
 
-    /* Fill mungedDial field */
-    if (isset($this->attrs['sambaMungedDial'])){
-      $this->mungedObject->load($this->sambaMungedDial);
-    }
+        // Editing from the MyAccount/Personal section may be disabled until we've pressed the 'edit' button.
+        $SkipWrite = (!isset($this->parent) || !$this->parent) && !session::is_set('edit');
 
-    /* Password expiery */
-    if(isset($this->attrs['sambaPwdMustChange']) &&
-        $this->attrs['sambaPwdMustChange'][0] != 0){
-      $this->password_expires= 1;
-    }
 
-    /* Save initial account state */
-    $this->initially_was_account= $this->is_account;
-
-    $this->sambaPwdMustChange= $this->sambaPwdMustChange == 2147483647?"":date('d.m.Y', $this->sambaPwdMustChange);
-   
-    // Enforce password change?
-    // ------------------------ 
-    // Check if we've the attribute 'sambaPwdLastSet' set and if its value is 0, 
-    //  in this case a password change is forced for this account. 
-    $this->enforcePasswordChange = (isset($this->attrs['sambaPwdLastSet']) && $this->attrs['sambaPwdLastSet'][0] == '0');
-
-    // User cannot change his password?  (sambaPwdLastSet int max(Int))
-    // -------------------------------- 
-    // The user is not able to change his password while sambaPwdCanChange is 4294967295 (Integer 32 Bit max)
-    $this->cannotChangePassword = (isset($this->attrs['sambaPwdCanChange']) && $this->attrs['sambaPwdCanChange'][0] == '4294967295');
-  }
-
-  function execute()
-  {
-    /* Call parent execute */
-    plugin::execute();
-
-    /* Log view */
-    if($this->is_account && !$this->view_logged){
-      $this->view_logged = TRUE;
-      new log("view","users/".get_class($this),$this->dn);
-    }
+        // Handle the samba logon hours dialog here, instantiate it on request.
+        if(isset($_POST['SetSambaLogonHours']) && $this->acl_is_readable("sambaLogonHours")){
+            $this->dialog = new sambaLogonHours($this->config,$this->dn,$this->sambaLogonHours, $this->getacl('sambaLogonHours'));
+        }
+        if(isset($_POST['cancel_logonHours'])){
+            $this->dialog = FALSE;
+        }
+        if(isset($_POST['save_logonHours'])){
+            $this->dialog->save_object();
+            if($this->acl_is_writeable("sambaLogonHours")){
+                $this->sambaLogonHours = $this->dialog->save();
+            }
+            $this->dialog = FALSE;
+        }
+        if((isset($this->dialog)) && (is_object($this->dialog))){
+            $this->dialog->save_object();
+            return($this->dialog->execute());
+        }
 
-    /* Do we need to flip is_account state? */
-    if (isset($_POST['modify_state'])){
-      $this->is_account= !$this->is_account;
-    }
-    /* Do we represent a valid account? */
-    if (!$this->is_account && $this->parent === NULL){
-      $display= "<img alt=\"\"src=\"images/small-error.png\" align=\"middle\">&nbsp;<b>".
-        msgPool::noValidExtension(_("Samba"))."</b>";
-      $display.= back_to_main();
-      return ($display);
-    }
 
-    $display ="";
-    if(!$this->multiple_support_active){
+        // Get smarty
+        $smarty= get_smarty();
+        $smarty->assign("usePrototype", "true");
 
-      /* Show tab dialog headers */
-      $display= "";
-      if ($this->parent !== NULL){
-        if ($this->is_account){
-          $display= $this->show_disable_header(msgPool::removeFeaturesButton(_("Samba")),
-              msgPool::featuresEnabled(_("Samba")));
-        } else {
-          $obj= $this->parent->by_object['posixAccount'];
-
-          /* Samba3 dependency on posix accounts are enabled
-             in the moment, because I need to rely on unique
-             uidNumbers. There'll be a better solution later
-             on. */
-          if ($obj->is_account){
-            $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
-                msgPool::featuresDisabled(_("Samba")));
-          } else {
-            $display= $this->show_enable_header(msgPool::addFeaturesButton(_("Samba")),
-                msgPool::featuresDisabled(_("Samba"), _("POSIX")), TRUE);
-          }
-          return ($display);
-        }
-      }
-    }
+        // Assign GOsa ACLs 
+        $tmp = $this->plInfo();
+        foreach($tmp['plProvidedAcls'] as $var => $rest){
+            $smarty->assign($var."ACL",$this->getacl($var,$SkipWrite));
+        }
 
-    /* Open Samaba Logong hours dialog */
-    if(isset($_POST['SetSambaLogonHours']) && $this->acl_is_readable("sambaLogonHours")){
-      $this->dialog = new sambaLogonHours($this->config,$this->dn,$this->sambaLogonHours, $this->getacl('sambaLogonHours'));
-    }
+        if(!session::is_set('edit') && !isset($this->parent)){
+            $smarty->assign("sambaLogonHoursACL","");
+        }
 
-    /* Cancel dialog */
-    if(isset($_POST['cancel_logonHours'])){
-      $this->dialog = FALSE;
-    }
 
-    /* Save selected logon hours */
-    if(isset($_POST['save_logonHours']) && $this->dialog instanceOf sambaLogonHours){
-      $this->dialog->save_object();
-      if($this->acl_is_writeable("sambaLogonHours")){
-        $this->sambaLogonHours = $this->dialog->save();
-      }
-      $this->dialog = FALSE;
-    }
+        // Handle workstation list - Remove entries.
+        if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
+            if($this->acl_is_writeable("sambaUserWorkstations",$SkipWrite)){
+                if($this->multiple_support_active){
+                    foreach($_POST['workstation_list'] as $name){
+                        if(isset($this->multiple_sambaUserWorkstations[trim($name)])){
+                            unset($this->multiple_sambaUserWorkstations[trim($name)]);
+                        }
+                    } 
+                }else{
+                    $tmp= $this->sambaUserWorkstations;
+                    foreach($_POST['workstation_list'] as $name){
+                        $tmp= preg_replace("/$name/", '', $tmp);
+                        $this->is_modified= TRUE;
+                    }
+                    $tmp= preg_replace('/,+/', ',', $tmp);
+                    $this->sambaUserWorkstations= trim($tmp, ',');
+                }
+            }
+        }
 
-    /* Display dialog */
-    if((isset($this->dialog)) && (is_object($this->dialog))){
-      $this->dialog->save_object();
-      return($this->dialog->execute());
-    }
+        // Handle trust maschines/accessTo list 
+        if (isset($_POST["add_ws"])){
+            if($this->acl_is_writeable("sambaUserWorkstations",$SkipWrite)){
+                $this->trustSelect= new trustSelect($this->config,get_userinfo());
+                $this->dialog= TRUE;
+            }
+        }
 
-    /* Prepare templating */
-    $smarty= get_smarty();
+        // Dialog canceled
+        if (isset($_POST["add_ws_cancel"])){
+            $this->trustSelect= FALSE;
+            $this->dialog= FALSE;
+        }
 
+        // Add selected machines to trusted ones.
+        if (isset($_POST["add_ws_finish"]) &&  $this->trustSelect){
+            $trusts = $this->trustSelect->detectPostActions();
+            if(isset($trusts['targets'])){
+                $headpage = $this->trustSelect->getHeadpage();
+                if($this->multiple_support_active){
+                    foreach($trusts['targets'] as $id){
+                        $attrs = $headpage->getEntry($id);
+                        $we =$attrs['cn'][0];
+                        $this->multiple_sambaUserWorkstations[trim($we)] = array("Name" => trim($ws), "UsedByAllUsers" => TRUE);
+                    }
+                }else{
+
+                    $tmp= $this->sambaUserWorkstations;
+                    foreach($trusts['targets'] as $id){
+                        $attrs = $headpage->getEntry($id);
+                        $we =$attrs['cn'][0];
+                        $tmp.= ",$we";
+                    }
+                    $tmp= preg_replace('/,+/', ',', $tmp);
+                    $this->sambaUserWorkstations= trim($tmp, ',');
+                }
+
+                $this->is_modified= TRUE;
+            }
+            $this->trustSelect= NULL;
+            $this->dialog= FALSE;
+        }
 
-    $tmp = $this->plInfo();
-    foreach($tmp['plProvidedAcls'] as $var => $rest){
-      $smarty->assign($var."ACL",$this->getacl($var));
-    }
+        // Display trust dialog
+        if ($this->trustSelect){
+            session::set('filterBlacklist', array('cn' => preg_split('/,/',$this->sambaUserWorkstations)));
+            return($this->trustSelect->execute());
+        }
 
-    if(!session::is_set('edit') && !isset($this->parent)){
-      $smarty->assign("sambaLogonHoursACL","");
-    }
 
-    /* Remove user workstations? */
-    if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
+        // Fill domain selection. 
+        $domains= array_keys($this->config->data['SERVERS']['SAMBA']);
+        $smarty->assign("domains", set_post($domains));
 
-      if($this->acl_is_writeable("sambaUserWorkstations")){
+        // Fill drive letters.
+        $letters= array("");
+        for ($i= 68; $i<91; $i++){
+            $letters[]= chr($i).":";
+        }
+        $smarty->assign("drives", $letters);
+
+
+        // Fill terminal server setttings
+        foreach ($this->ctxattributes as $attr){
+            if (isset($this->mungedObject->ctx[$attr])){
+                $smarty->assign("$attr", set_post($this->mungedObject->ctx[$attr]));
+
+                // Set field  to blank if value is 0
+                if(in_array($attr, array("CtxMaxConnectionTime", "CtxMaxDisconnectionTime", "CtxMaxIdleTime"))) {
+                    if($this->mungedObject->ctx[$attr] == 0) {
+                        $smarty->assign("$attr", "");
+                    }
+                }
+            } else {
+                $smarty->assign("$attr", "");
+            }
+        }
 
+        // Assign enum values for preset items. 
+        $shadowModeVals= array( 
+                "0" => _("disabled"),
+                "1" => _("input on, notify on"),
+                "2" => _("input on, notify off"),
+                "3" => _("input off, notify on"),
+                "4" => _("input off, nofify off"));
+        $brokenConnModeVals= array(    
+                "0" => _("disconnect"),
+                "1" => _("reset"));
+        $reConnModeVals= array( "0" => _("from any client"),
+                "1" => _("from previous client only"));
+        $smarty->assign("shadow",      set_post($shadowModeVals));
+        $smarty->assign("brokenconn",  set_post($brokenConnModeVals));
+        $smarty->assign("reconn",      set_post($reConnModeVals));
+
+        // Fill preset items with values 
+        $smarty->assign("shadowmode",      set_post($this->mungedObject->getShadow()));
+        $smarty->assign("brokenconnmode",  set_post($this->mungedObject->getBrokenConn()));
+        $smarty->assign("reconnmode",      set_post($this->mungedObject->getReConn()));
+
+
+        // Set form elements to disabled/enable state 
+        $smarty->assign("tsloginstate", $this->mungedObject->getTsLogin()?"":"disabled");
+        $smarty->assign("inheritstate", "");
+        if($this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)){
+            $smarty->assign("inheritstate", $this->mungedObject->getInheritMode()?"disabled":"");
+        }
+
+        // Set checkboxes to checked or unchecked state 
+        $smarty->assign("tslogin", $this->mungedObject->getTsLogin()?"checked":"");
+        $smarty->assign("inherit", $this->mungedObject->getInheritMode()?"checked":"");
+        $smarty->assign("connectclientdrives",
+                $this->mungedObject->getConnectClientDrives()?"checked":"");
+        $smarty->assign("connectclientprinters",
+                $this->mungedObject->getConnectClientPrinters()?"checked":"");
+        $smarty->assign("defaultprinter",
+                $this->mungedObject->getDefaultPrinter()?"checked":"");
+        $smarty->assign("CtxMaxConnectionTimeF",
+                $this->mungedObject->getCtxMaxConnectionTimeF()?"checked":"");
+        $smarty->assign("CtxMaxDisconnectionTimeF",
+                $this->mungedObject->getCtxMaxDisconnectionTimeF()?"checked":"");
+        $smarty->assign("CtxMaxIdleTimeF",
+                $this->mungedObject->getCtxMaxIdleTimeF()?"checked":"");
+
+
+        // Fill sambaUserWorkstations 
+        $ws= explode(",", $this->sambaUserWorkstations);
+        sort($ws);
+
+        // Tidy checks for empty option, and smarty will produce one if array[0]=""
+        if(($ws[0]=="")&&(count($ws)==1)) $ws=array();
         if($this->multiple_support_active){
-          foreach($_POST['workstation_list'] as $name){
-            if(isset($this->multiple_sambaUserWorkstations[trim($name)])){
-              unset($this->multiple_sambaUserWorkstations[trim($name)]);
-            }
-          } 
-        }else{
-          $tmp= $this->sambaUserWorkstations;
-          foreach($_POST['workstation_list'] as $name){
-            $tmp= preg_replace("/$name/", '', $tmp);
-            $this->is_modified= TRUE;
-          }
-          $tmp= preg_replace('/,+/', ',', $tmp);
-          $this->sambaUserWorkstations= trim($tmp, ',');
-        }
-      }
-    }
+            $smarty->assign("multiple_workstations",$this->multiple_sambaUserWorkstations);
+        }  
+        $smarty->assign("workstations", set_post($ws));
 
-    /* Add user workstation? */
-    if (isset($_POST["add_ws"])){
-      if($this->acl_is_writeable("sambaUserWorkstations")){
-        $this->trustSelect= new trustSelect($this->config,get_userinfo());
-        $this->dialog= TRUE;
-      }
-    }
 
-    /* Add user workstation finished? */
-    if (isset($_POST["add_ws_cancel"])){
-      $this->trustSelect= FALSE;
-      $this->dialog= FALSE;
-    }
+        // Assign plugin values
+        foreach($this->attributes as $val){
+            $smarty->assign("$val", set_post($this->$val));
+        }
 
-    // Add selected machines to trusted ones.
-    if (isset($_POST["add_ws_finish"]) &&  $this->trustSelect){
-      $trusts = $this->trustSelect->detectPostActions();
-      if(isset($trusts['targets'])){
+        // Assign munged attributes
+        foreach($this->mungedObject->getOnDemandFlags() as $key => $value) {
+            $smarty->assign("$key", set_post($value));
+        }
+
+        // Assign selected multi edit checkbox values.
+        foreach($this->attributes as $attr){
+            if(in_array($attr,$this->multi_boxes)){
+                $smarty->assign("use_".$attr,TRUE);
+            }else{
+                $smarty->assign("use_".$attr,FALSE);
+            }
+        }
+        foreach(array("tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
+                    "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF",
+                    "CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
+                    "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
+                    "onnectclientprinters","defaultprinter","shadow","brokenconn",
+                    "reconn","connectclientprinters","SetSambaLogonHours",
+                    "workstation_list",
+                    "enforcePasswordChange", "passwordNeverExpires", "noPasswordRequired",
+                    "temporaryDisabled","cannotChangePassword") as $attr){
+
+            if(in_array($attr,$this->multi_boxes)){
+                $smarty->assign("use_".$attr,TRUE);
+            }else{
+                $smarty->assign("use_".$attr,FALSE);
+            }
+        }
 
-        $headpage = $this->trustSelect->getHeadpage();
         if($this->multiple_support_active){
-          foreach($trusts['targets'] as $id){
-            $attrs = $headpage->getEntry($id);
-            $we =$attrs['cn'][0];
-            $this->multiple_sambaUserWorkstations[trim($we)] = array("Name" => trim($ws), "UsedByAllUsers" => TRUE);
-          }
-        }else{
+            $smarty->assign("tsloginstate","");
+        }
+
+        // Create additional info for sambaKickOffTime and sambaPwdMustChange. 
+        //  e.g. Display effective kickoff time. Domain policy + user settings. 
+        $additional_info_PwdMustChange = "";
+
+        // Calculate effective max Password Age 
+        //  This can only be calculated if sambaPwdLastSet ist set. 
+        if(isset($this->attrs['sambaPwdLastSet'][0])){
+            $last = $this->attrs['sambaPwdLastSet'][0];
+            $sid = $this->get_domain_info();
+            if(isset($sid['sambaMaxPwdAge'][0])){
+                $d = ($last + $sid['sambaMaxPwdAge'][0]) - time();
+
+                // A negative value means the password is outdated 
+                if($d < 0){
+                    $additional_info_PwdMustChange = sprintf(_("The password is outdated since %s, by domain policy."),
+                            date("d.m.Y H:i:s",$last + $sid['sambaMaxPwdAge'][0]));
+                }else{
+                    $additional_info_PwdMustChange = sprintf(_("The password is valid till %s."),
+                            date("d.m.Y H:i:s",  ($last + $sid['sambaMaxPwdAge'][0])));
+                }
+            }
+        }
 
-          $tmp= $this->sambaUserWorkstations;
-          foreach($trusts['targets'] as $id){
-            $attrs = $headpage->getEntry($id);
-            $we =$attrs['cn'][0];
-            $tmp.= ",$we";
-          }
-          $tmp= preg_replace('/,+/', ',', $tmp);
-          $this->sambaUserWorkstations= trim($tmp, ',');
+        // Assign flags
+        foreach(array("flag_enforcePasswordChange", "flag_passwordNeverExpires", "flag_noPasswordRequired", 
+                    "flag_temporaryDisabled","flag_cannotChangePassword") as $attr){
+            $smarty->assign($attr, set_post($this->$attr));
         }
 
-        $this->is_modified= TRUE;
-      }
-      $this->trustSelect= NULL;
-      $this->dialog= FALSE;
+        $smarty->assign("additional_info_PwdMustChange",set_post($additional_info_PwdMustChange));
+        $smarty->assign("multiple_support",$this->multiple_support_active);
+        $display.= $smarty->fetch (get_template_path('samba3.tpl', TRUE, dirname(__FILE__)));
+        return ($display);
     }
 
-    /* Show ws dialog */
-    if ($this->trustSelect){
 
-      // Build up blocklist
-      session::set('filterBlacklist', array('cn' => preg_split('/,/',$this->sambaUserWorkstations)));
-      return($this->trustSelect->execute());
+    /*! \brief  Returns the samba Domain object, selected in the samba tab.   
+     */
+    function get_domain_info()
+    {
+        /* Only search once, return last result if available
+         */
+        if(!isset($this->cache['DOMAIN'][$this->sambaDomainName])){
+            $this->cache['DOMAIN'][$this->sambaDomainName] = array();
+            if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
+                $cfg = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName];
+                $ldap = $this->config->get_ldap_link();
+                $ldap->cd($this->config->current['BASE']);
+                $ldap->search("(&(objectClass=sambaDomain)(sambaSID=".$cfg['SID']."))",array("*"));
+                if($ldap->count()){
+                    $this->cache['DOMAIN'][$this->sambaDomainName] = $ldap->fetch();
+                }
+            }
+        }
+        return($this->cache['DOMAIN'][$this->sambaDomainName]);
     }
 
-    /* Fill boxes */
-    $domains= array();
-    foreach($this->config->data['SERVERS']['SAMBA'] as $name => $content){
-      $domains[]= $name;
-    }
-    $smarty->assign("domains", set_post($domains));
-    $letters= array("&nbsp;");
-    for ($i= 68; $i<91; $i++){
-      $letters[]= chr($i).":";
-    }
-    $smarty->assign("drives", $letters);
-
-    /* Fill terminal server settings */
-    foreach ($this->ctxattributes as $attr){
-      /* Fill common attributes */
-      if (isset($this->mungedObject->ctx[$attr])){
-        $smarty->assign("$attr", set_post($this->mungedObject->ctx[$attr]));
-        // Set field  to blank if value is 0
-        if(in_array($attr, array("CtxMaxConnectionTime", "CtxMaxDisconnectionTime", "CtxMaxIdleTime"))) {
-          if($this->mungedObject->ctx[$attr] == 0) {
-            $smarty->assign("$attr", "");
-          }
-        }
-      } else {
-        $smarty->assign("$attr", "");
-      }
-    }
 
-    /* Assign enum values for preset items */
-    $shadowModeVals= array( "0" => _("disabled"),
-        "1" => _("input on, notify on"),
-        "2" => _("input on, notify off"),
-        "3" => _("input off, notify on"),
-        "4" => _("input off, nofify off"));
-
-    $brokenConnModeVals= array(        "0" => _("disconnect"),
-        "1" => _("reset"));
-
-    $reConnModeVals= array( "0" => _("from any client"),
-        "1" => _("from previous client only"));
-
-    /* Fill preset items */
-    $smarty->assign("shadow", set_post($shadowModeVals));
-    $smarty->assign("brokenconn", set_post($brokenConnModeVals));
-    $smarty->assign("reconn", set_post($reConnModeVals));
-
-    /* Fill preset items with values */
-    $smarty->assign("shadowmode",      set_post($this->mungedObject->getShadow()));
-    $smarty->assign("brokenconnmode",  set_post($this->mungedObject->getBrokenConn()));
-    $smarty->assign("reconnmode",      set_post($this->mungedObject->getReConn()));
-
-    if(session::get('js')){
-      /* Set form elements to disabled/enable state */
-      $smarty->assign("tsloginstate", set_post($this->mungedObject->getTsLogin()?"":"disabled"));
-
-      $smarty->assign("inheritstate", "");
-      if($this->acl_is_writeable("AllowLoginOnTerminalServer")){
-        $smarty->assign("inheritstate", $this->mungedObject->getInheritMode()?"disabled":"");
-      }
-    }else{
-      $smarty->assign("tsloginstate", "");
-      $smarty->assign("inheritstate", "");
-    }      
-
-    /* Set checkboxes to checked or unchecked state */
-    $smarty->assign("tslogin", $this->mungedObject->getTsLogin()?"checked":"");
-    $smarty->assign("inherit", $this->mungedObject->getInheritMode()?"checked":"");
-    $smarty->assign("connectclientdrives",
-                    $this->mungedObject->getConnectClientDrives()?"checked":"");
-    $smarty->assign("connectclientprinters",
-                    $this->mungedObject->getConnectClientPrinters()?"checked":"");
-    $smarty->assign("defaultprinter",
-                    $this->mungedObject->getDefaultPrinter()?"checked":"");
-    $smarty->assign("CtxMaxConnectionTimeF",
-                    $this->mungedObject->getCtxMaxConnectionTimeF()?"checked":"");
-    $smarty->assign("CtxMaxDisconnectionTimeF",
-                    $this->mungedObject->getCtxMaxDisconnectionTimeF()?"checked":"");
-    $smarty->assign("CtxMaxIdleTimeF",
-                    $this->mungedObject->getCtxMaxIdleTimeF()?"checked":"");
-
-    
-    /* Fill sambaUserWorkstations */
-    $ws= explode(",", $this->sambaUserWorkstations);
-    sort($ws);
-    
-    /* Tidy checks for empty option, and smarty will produce one if array[0]="" */
-    if(($ws[0]=="")&&(count($ws)==1)) $ws=array();
-
-    if($this->multiple_support_active){
-      $smarty->assign("multiple_workstations",$this->multiple_sambaUserWorkstations);
-    }  
-
-    $smarty->assign("workstations", set_post($ws));
-    
-
-    /* Variables */
-    foreach($this->attributes as $val){
-      $smarty->assign("$val", set_post($this->$val));
-    }
 
-    /* 'sambaAcctFlags' checkboxes */
-    /* Check for 'lock-account'-flag: 'D' or 'L' */
-    if (is_integer(strpos($this->sambaAcctFlags, "D")) ||
-        is_integer(strpos($this->sambaAcctFlags, "L"))) {
-        $smarty->assign("flagsD", "checked");
-    } else {
-        $smarty->assign("flagsD", "");
-    }
-    
-    /* Check for no_password_required flag 'N' */
-    if (is_integer(strpos($this->sambaAcctFlags, "N"))) {
-        $smarty->assign("flagsN", "checked");
-    } else {
-        $smarty->assign("flagsN", "");
-    }
+    function get_samba_information()
+    {
+        $zone = timezone::get_default_timezone();
 
-    // check if password never expires
-    if (is_integer(strpos($this->sambaAcctFlags, "X"))) {
-        $smarty->assign("flagsX", "checked");
-    } else {
-        $smarty->assign("flagsX", "");
-    }
+        /* Defaults 
+         */
+        $sambaMinPwdLength = "unset";
+        $sambaPwdHistoryLength = "unset";
+        $sambaLogonToChgPwd = "unset";
+        $sambaMaxPwdAge = "unset";
+        $sambaMinPwdAge = "unset";
+        $sambaLockoutDuration = "unset";
+        $sambaLockoutThreshold = "unset";
+        $sambaForceLogoff = "unset";
+        $sambaRefuseMachinePwdChange = "unset";
+        $sambaPwdLastSet = "unset";
+        $sambaLogonTime = "unset";
+        $sambaLogoffTime = "unset";
+
+        $sambaKickoffTime = "unset"; 
+        $sambaPwdCanChange = "unset";
+        $sambaPwdMustChange = "unset";
+        $sambaBadPasswordCount = "unset";
+        $sambaBadPasswordTime = "unset";
+
+        /* Domain attributes 
+         */
+        $domain_attributes = array("sambaMinPwdLength","sambaPwdHistoryLength","sambaMaxPwdAge",
+                "sambaMinPwdAge","sambaLockoutDuration","sambaRefuseMachinePwdChange",
+                "sambaLogonToChgPwd","sambaLockoutThreshold","sambaForceLogoff");
 
-    if ($this->sambaPwdCanChange=="1"){
-      $smarty->assign("flagsP", "checked");
-    } else {
-      $smarty->assign("flagsP", "");
-    }
+        /* User attributes 
+         */
+        $user_attributes = array("sambaBadPasswordTime","sambaPwdLastSet","sambaLogonTime","sambaLogoffTime",
+                "sambaKickoffTime","sambaPwdCanChange","sambaPwdMustChange","sambaBadPasswordCount", "sambaSID");
 
-    if ($this->password_expires=="1"){
-      $smarty->assign("flagsC", "checked");
-    } else {
-      $smarty->assign("flagsC", "");
-    }
-   
+        /* Get samba SID object and parse settings.
+         */  
+        $ldap = $this->config->get_ldap_link();
+        $ldap->cd($this->config->current['BASE']);
+        if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
+            $attrs = $this->get_domain_info();
+            foreach($domain_attributes as $attr){
+                if(isset($attrs[$attr])){
+                    $$attr = $attrs[$attr][0];
+                }
+            }
+        }
 
-    /* In case of javascript, disable some fields on demand */
-    foreach($this->mungedObject->getOnDemandFlags() as $key => $value) {
-      $smarty->assign("$key", set_post($value));
-    }
+        /* Get user infos
+         */
+        foreach($user_attributes as $attr){
+            if(isset($this->attrs[$attr])){
+                $$attr = $this->attrs[$attr][0];
+            }
+        }
+        if (is_numeric($sambaPwdMustChange)) {
+            $sambaPwdMustChange= date('d.m.Y', $sambaPwdMustChange);
+        }
+        if (is_numeric($sambaKickoffTime)) {
+            $sambaKickoffTime= date('d.m.Y', $sambaKickoffTime);
+        }
+        $sambaPwdCanChange = $this->sambaPwdCanChange;
 
 
-    foreach($this->attributes as $attr){
-      if(in_array($attr,$this->multi_boxes)){
-        $smarty->assign("use_".$attr,TRUE);
-      }else{
-        $smarty->assign("use_".$attr,FALSE);
-      }
-    }
-    foreach(array("allow_pwchange","tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
-          "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF","CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
-          "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
-          "onnectclientprinters","defaultprinter","shadow","brokenconn",
-          "reconn","allow_pwchange","connectclientprinters","no_expiry","no_password_required","temporary_disable", 
-          "password_expires","SetSambaLogonHours",
-          "workstation_list", "enforcePasswordChange", "cannotChangePassword") as $attr){
-      if(in_array($attr,$this->multi_boxes)){
-        $smarty->assign("use_".$attr,TRUE);
-      }else{
-        $smarty->assign("use_".$attr,FALSE);
-      }
-    }
+        /* DOMAIN Attributes 
+         */
 
-    if($this->multiple_support_active){
-      $smarty->assign("tsloginstate","");
-    }
+        /* sambaMinPwdLength: Password length has a default of 5 
+         */
+        if($sambaMinPwdLength == "unset" || $sambaMinPwdLength == 5){
+            $sambaMinPwdLength  = "5 <i>("._("default").")</i>";
+        }
 
-    /* Create additional info for sambaKickOffTime and sambaPwdMustChange. 
-       e.g. Display effective kickoff time. Domain policy + user settings. 
-     */
-    $additional_info_PwdMustChange = "";
+        /* sambaPwdHistoryLength: Length of Password History Entries (default: 0 => off)
+         */
+        if($sambaPwdHistoryLength == "unset" || $sambaPwdHistoryLength == 0){
+            $sambaPwdHistoryLength = _("Off")." <i>("._("default").")</i>";
+        }
 
-    /* Calculate effective max Password Age 
-        This can only be calculated if sambaPwdLastSet ist set. 
-     */
-    if(isset($this->attrs['sambaPwdLastSet'][0])){
-      $last = $this->attrs['sambaPwdLastSet'][0];
+        /* sambaLogonToChgPwd: Force Users to logon for password change (default: 0 => off, 2 => on) 
+         */
+        if($sambaLogonToChgPwd == "unset" || $sambaLogonToChgPwd == 0){
+            $sambaLogonToChgPwd = _("Off")." <i>("._("default").")</i>";
+        }else{
+            $sambaLogonToChgPwd = _("On");
+        }
 
-      $sid = $this->get_domain_info();
-      if(isset($sid['sambaMaxPwdAge'][0])){
-        $d = ($last + $sid['sambaMaxPwdAge'][0]) - time();
+        /* sambaMaxPwdAge: Maximum password age, in seconds (default: -1 => never expire passwords)'
+         */
+        if($sambaMaxPwdAge == "unset" || $sambaMaxPwdAge == "-1"){
+            $sambaMaxPwdAge = _("disabled")." <i>("._("default").")</i>";
+        }else{
+            $sambaMaxPwdAge .= " "._("seconds"); 
+        }
 
-        /* A negative value means the password is outdated 
+        /* sambaMinPwdAge: Minimum password age, in seconds (default: 0 => allow immediate password change
          */
-        if($d < 0){
-          $additional_info_PwdMustChange = sprintf(_("The password is outdated since %s, by domain policy."),
-              date("d.m.Y H:i:s",$last + $sid['sambaMaxPwdAge'][0]));
+        if($sambaMinPwdAge == "unset" || $sambaMinPwdAge == 0){
+            $sambaMinPwdAge = _("disabled")." <i>("._("default").")</i>";
         }else{
-          if($this->password_expires && ($last + $sid['sambaMaxPwdAge'][0]) > $this->sambaPwdMustChange){
-            $additional_info_PwdMustChange = sprintf(_("The password is valid till %s, by user policy."),
-                date("d.m.Y H:i:s",  $this->sambaPwdMustChange));
-          }else{
-             $additional_info_PwdMustChange = sprintf(_("The password is valid till %s, by domain policy."),
-                date("d.m.Y H:i:s",  ($last + $sid['sambaMaxPwdAge'][0])));
-          }
-        }
-      }
-    }
-    $smarty->assign("additional_info_PwdMustChange",set_post($additional_info_PwdMustChange));
-    $smarty->assign("no_expiry",set_post($this->no_expiry));
-
-    /* Show main page */
-    $smarty->assign("multiple_support",     set_post($this->multiple_support_active));
-    $smarty->assign('enforcePasswordChange',set_post($this->enforcePasswordChange));
-    $smarty->assign("cannotChangePassword", set_post($this->cannotChangePassword));
-    $display.= $smarty->fetch (get_template_path('samba3.tpl', TRUE, dirname(__FILE__)));
-    return ($display);
-  }
-
-
-  /*! \brief  Returns the samba Domain object, selected in the samba tab.   
-   */
-  function get_domain_info()
-  {
-    /* Only search once, return last result if available
-     */
-    if(!isset($this->cache['DOMAIN'][$this->sambaDomainName])){
-      $this->cache['DOMAIN'][$this->sambaDomainName] = array();
-      if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
-        $cfg = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName];
-        $ldap = $this->config->get_ldap_link();
-        $ldap->cd($this->config->current['BASE']);
-        $ldap->search("(&(objectClass=sambaDomain)(sambaSID=".$cfg['SID']."))",array("*"));
-        if($ldap->count()){
-          $this->cache['DOMAIN'][$this->sambaDomainName] = $ldap->fetch();
+            $sambaMinPwdAge .= " "._("seconds"); 
         }
-      }
-    }
-    return($this->cache['DOMAIN'][$this->sambaDomainName]);
-  }
 
+        /* sambaLockoutDuration: Lockout duration in minutes (default: 30, -1 => forever)
+         */
+        if($sambaLockoutDuration == "unset" || $sambaLockoutDuration == 30){
+            $sambaLockoutDuration = "30 "._("minutes")." <i>("._("default").")</i>";
+        }elseif($sambaLockoutDuration == -1){
+            $sambaLockoutDuration = _("forever");
+        }else{
+            $sambaLockoutDuration .= " "._("minutes");
+        }
 
+        /* sambaLockoutThreshold: Lockout users after bad logon attempts (default: 0 => off
+         */
+        if($sambaLockoutThreshold == "unset" || $sambaLockoutThreshold == 0){
+            $sambaLockoutThreshold = _("disabled")." <i>("._("default").")</i>";
+        }
 
-  function get_samba_information()
-  {
-    $zone = timezone::get_default_timezone();
+        /* sambaForceLogoff: Disconnect Users outside logon hours (default: -1 => off, 0 => on 
+         */
+        if($sambaForceLogoff == "unset" || $sambaForceLogoff == -1){
+            $sambaForceLogoff = _("off")." <i>("._("default").")</i>";
+        }else{
+            $sambaForceLogoff = _("on");
+        }
 
-    /* Defaults 
-     */
-    $sambaMinPwdLength = "unset";
-    $sambaPwdHistoryLength = "unset";
-    $sambaLogonToChgPwd = "unset";
-    $sambaMaxPwdAge = "unset";
-    $sambaMinPwdAge = "unset";
-    $sambaLockoutDuration = "unset";
-    $sambaLockoutThreshold = "unset";
-    $sambaForceLogoff = "unset";
-    $sambaRefuseMachinePwdChange = "unset";
-    $sambaPwdLastSet = "unset";
-    $sambaLogonTime = "unset";
-    $sambaLogoffTime = "unset";
-
-    $sambaKickoffTime = "unset"; 
-    $sambaPwdCanChange = "unset";
-    $sambaPwdMustChange = "unset";
-    $sambaBadPasswordCount = "unset";
-    $sambaBadPasswordTime = "unset";
-
-    /* Domain attributes 
-     */
-    $domain_attributes = array("sambaMinPwdLength","sambaPwdHistoryLength","sambaMaxPwdAge",
-        "sambaMinPwdAge","sambaLockoutDuration","sambaRefuseMachinePwdChange",
-        "sambaLogonToChgPwd","sambaLockoutThreshold","sambaForceLogoff");
+        /* sambaRefuseMachinePwdChange: Allow Machine Password changes (default: 0 => off
+         */
+        if($sambaRefuseMachinePwdChange == "none" || $sambaRefuseMachinePwdChange == 0){
+            $sambaRefuseMachinePwdChange = _("off")." <i>("._("default").")</i>";
+        }else{
+            $sambaRefuseMachinePwdChange = _("on");
+        }
 
-    /* User attributes 
-     */
-    $user_attributes = array("sambaBadPasswordTime","sambaPwdLastSet","sambaLogonTime","sambaLogoffTime",
-        "sambaKickoffTime","sambaPwdCanChange","sambaPwdMustChange","sambaBadPasswordCount", "sambaSID");
-
-    /* Get samba SID object and parse settings.
-     */  
-    $ldap = $this->config->get_ldap_link();
-    $ldap->cd($this->config->current['BASE']);
-    if(!empty($this->sambaDomainName) && isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName])){
-      $attrs = $this->get_domain_info();
-      foreach($domain_attributes as $attr){
-        if(isset($attrs[$attr])){
-          $$attr = $attrs[$attr][0];
-        }
-      }
-    }
-  
-    /* Get user infos
-     */
-    foreach($user_attributes as $attr){
-      $$attr =  "unset";
-      if(isset($this->attrs[$attr])){
-        $$attr = $this->attrs[$attr][0];
-      }
-    }
-    if($this->password_expires){
-      $sambaPwdMustChange = $this->sambaPwdMustChange;
-    } else {
-      if (is_numeric($sambaPwdMustChange)) {
-        $sambaPwdMustChange= date('d.m.Y', $sambaPwdMustChange);
-      }
-    }
-    if($this->attrs['sambaKickoffTime']){
-      $sambaKickoffTime = date('d.m.Y', $this->attrs['sambaKickoffTime'][0]);
-    }
-    $sambaPwdCanChange = $this->sambaPwdCanChange;
+        /* USER Attributes 
+         */
+        /* sambaBadPasswordTime: Time of the last bad password attempt
+         */
+        if($sambaBadPasswordTime == "unset" || empty($sambaBadPasswordTime)){
+            $sambaBadPasswordTime = "<i>("._("unset").")</i>";
+        }else{
+            $sambaBadPasswordTime = date("d.m.Y H:i:s",$sambaBadPasswordTime);
+        }
 
+        /* sambaBadPasswordCount: Bad password attempt count 
+         */
+        if($sambaBadPasswordCount == "unset" || empty($sambaBadPasswordCount)){
+            $sambaBadPasswordCount = "<i>("._("unset").")</i>";
+        }else{
+            $sambaBadPasswordCount = date("d.m.Y H:i:s",$sambaBadPasswordCount);
+        }
 
-    /* DOMAIN Attributes 
-     */
+        /* sambaPwdLastSet: Timestamp of the last password update
+         */
+        if($sambaPwdLastSet == "unset" || empty($sambaPwdLastSet)){
+            $sambaPwdLastSet = "<i>("._("unset").")</i>";
+        }else{
+            $sambaPwdLastSet = date("d.m.Y H:i:s",$sambaPwdLastSet);
+        }
 
-    /* sambaMinPwdLength: Password length has a default of 5 
-     */
-    if($sambaSID == "unset"){
-      $sambaSID  = "<i>("._("unset").")</i>";
-    }
+        /* sambaLogonTime: Timestamp of last logon
+         */
+        if($sambaLogonTime == "unset" || empty($sambaLogonTime)){
+            $sambaLogonTime = "<i>("._("unset").")</i>";
+        }else{
+            $sambaLogonTime = date("d.m.Y H:i:s",$sambaLogonTime);
+        }
 
-    /* sambaPwdHistoryLength: Length of Password History Entries (default: 0 => off)
-    /* sambaMinPwdLength: Password length has a default of 5 
-     */
-    if($sambaMinPwdLength == "unset" || $sambaMinPwdLength == 5){
-      $sambaMinPwdLength  = "5 <i>("._("default").")</i>";
-    }
+        /* sambaLogoffTime: Timestamp of last logoff
+         */
+        if($sambaLogoffTime == "unset" || empty($sambaLogoffTime)){
+            $sambaLogoffTime = "<i>("._("unset").")</i>";
+        }else{
+            $sambaLogoffTime = date("d.m.Y H:i:s",$sambaLogoffTime);
+        }
 
-    /* sambaPwdHistoryLength: Length of Password History Entries (default: 0 => off)
-     */
-    if($sambaPwdHistoryLength == "unset" || $sambaPwdHistoryLength == 0){
-      $sambaPwdHistoryLength = _("Off")." <i>("._("default").")</i>";
-    }
+        /* sambaKickoffTime: Timestamp of when the user will be logged off automatically
+         */
+        if($sambaKickoffTime == "unset" || empty($sambaKickoffTime)){
+            $sambaKickoffTime = "<i>("._("unset").")</i>";
+        }
 
-    /* sambaLogonToChgPwd: Force Users to logon for password change (default: 0 => off, 2 => on) 
-     */
-    if($sambaLogonToChgPwd == "unset" || $sambaLogonToChgPwd == 0){
-      $sambaLogonToChgPwd = _("Off")." <i>("._("default").")</i>";
-    }else{
-      $sambaLogonToChgPwd = _("On");
-    }
-    
-    /* sambaMaxPwdAge: Maximum password age, in seconds (default: -1 => never expire passwords)'
-     */
-    if($sambaMaxPwdAge == "unset" || $sambaMaxPwdAge == "-1"){
-      $sambaMaxPwdAge = _("disabled")." <i>("._("default").")</i>";
-    }else{
-      $sambaMaxPwdAge .= " "._("seconds"); 
-    }
+        /* sambaPwdMustChange: Timestamp of when the password will expire
+         */
+        if($sambaPwdMustChange == "unset" || empty($sambaPwdMustChange)){
+            $sambaPwdMustChange = "<i>("._("unset").")</i>";
+        }
 
-    /* sambaMinPwdAge: Minimum password age, in seconds (default: 0 => allow immediate password change
-     */
-    if($sambaMinPwdAge == "unset" || $sambaMinPwdAge == 0){
-      $sambaMinPwdAge = _("disabled")." <i>("._("default").")</i>";
-    }else{
-      $sambaMinPwdAge .= " "._("seconds"); 
-    }
+        /* sambaPwdCanChange: Timestamp of when the user is allowed to update the password
+         */
+        if($sambaPwdCanChange == "unset" || empty($sambaPwdCanChange)){
+            $sambaPwdCanChange = "<i>("._("unset").")</i>";
+        }elseif($sambaPwdCanChange != "unset" && time() > $sambaPwdCanChange){
+            $sambaPwdCanChange = _("immediately") ;
+        }else{
+            $days     = floor((($sambaPwdCanChange - time()) / 60 / 60 / 24)) ;
+            $hours    = floor((($sambaPwdCanChange - time()) / 60 / 60) % 24) ;
+            $minutes  = floor((($sambaPwdCanChange - time()) / 60 ) % 60) ;
 
-    /* sambaLockoutDuration: Lockout duration in minutes (default: 30, -1 => forever)
-     */
-    if($sambaLockoutDuration == "unset" || $sambaLockoutDuration == 30){
-      $sambaLockoutDuration = "30 "._("minutes")." <i>("._("default").")</i>";
-    }elseif($sambaLockoutDuration == -1){
-      $sambaLockoutDuration = _("forever");
-    }else{
-      $sambaLockoutDuration .= " "._("minutes");
-    }
+            $sambaPwdCanChange = " ".$days." "._("days");
+            $sambaPwdCanChange.= " ".$hours." "._("hours");
+            $sambaPwdCanChange.= " ".$minutes." "._("minutes");
+        }
 
-    /* sambaLockoutThreshold: Lockout users after bad logon attempts (default: 0 => off
-     */
-    if($sambaLockoutThreshold == "unset" || $sambaLockoutThreshold == 0){
-      $sambaLockoutThreshold = _("disabled")." <i>("._("default").")</i>";
-    }
+        $str =
+            "\n<div style='height:200px; overflow: auto;'>".
+            "\n<table style='width:100%;'>".
+            "\n<tr><td><b>"._("Domain attributes")."</b></td></tr>". 
+            "\n<tr><td>"._("Min password length").":           </td><td>".$sambaMinPwdLength."</td></tr>". 
+            "\n<tr><td>"._("Min password length").":           </td><td>".$sambaMinPwdLength."</td></tr>". 
+            "\n<tr><td>"._("Password history").":              </td><td>".$sambaPwdHistoryLength."</td></tr>".
+            "\n<tr><td>"._("Force password change").":         </td><td>".$sambaLogonToChgPwd."</td></tr>".
+            "\n<tr><td>"._("Maximum password age").":          </td><td>".$sambaMaxPwdAge."</td></tr>".
+            "\n<tr><td>"._("Minimum password age").":          </td><td>".$sambaMinPwdAge."</td></tr>".
+            "\n<tr><td>"._("Lockout duration").":              </td><td>".$sambaLockoutDuration."</td></tr>".
+            "\n<tr><td>"._("Bad lockout attempt").":           </td><td>".$sambaLockoutThreshold."</td></tr>".
+            "\n<tr><td>"._("Disconnect time").":               </td><td>".$sambaForceLogoff."</td></tr>".
+            "\n<tr><td>"._("Refuse machine password change").":</td><td>".$sambaRefuseMachinePwdChange."</td></tr>".
+            "\n<tr><td>&nbsp;</td></tr>". 
+            "\n<tr><td><b>"._("User attributes")."</b></td></tr>". 
+            "\n<tr><td>"._("SID").":                           </td><td>".$sambaSID."</td></tr>".
+            "\n<tr><td>"._("Last failed login").":             </td><td>".$sambaBadPasswordTime."</td></tr>".
+            "\n<tr><td>"._("Logon attempts").":                </td><td>".$sambaBadPasswordCount."</td></tr>".
+            "\n<tr><td>"._("Last password update").":          </td><td>".$sambaPwdLastSet."</td></tr>".
+            "\n<tr><td>"._("Last logon").":                    </td><td>".$sambaLogonTime."</td></tr>".
+            "\n<tr><td>"._("Last logoff").":                   </td><td>".$sambaLogoffTime."</td></tr>".
+            "\n<tr><td>"._("Automatic logoff").":              </td><td>".$sambaKickoffTime."</td></tr>";
+
+        if($this->flag_passwordNeverExpires){
+            $str .= "\n<tr><td>"._("Password expires").":              </td><td>"._("No")."</td></tr>";
+            $str .= "\n<tr><td colspan='2'><font color='gray'>".
+                sprintf(_("The password would expire on %s, but the password expiry is disabled."),$sambaPwdMustChange).
+                "</font></td></tr>";
+        }else{
+            $str .= "\n<tr><td>"._("Password expires").":              </td><td>".$sambaPwdMustChange."</td></tr>";
+        }
 
-    /* sambaForceLogoff: Disconnect Users outside logon hours (default: -1 => off, 0 => on 
-     */
-    if($sambaForceLogoff == "unset" || $sambaForceLogoff == -1){
-      $sambaForceLogoff = _("off")." <i>("._("default").")</i>";
-    }else{
-      $sambaForceLogoff = _("on");
+        $str .= "\n<tr><td>"._("Password change available").":     </td><td>".$sambaPwdCanChange."</td></tr>".
+            "\n</table>";
+        "\n</div>";
+        return($str);
     }
 
-    /* sambaRefuseMachinePwdChange: Allow Machine Password changes (default: 0 => off
-     */
-    if($sambaRefuseMachinePwdChange == "none" || $sambaRefuseMachinePwdChange == 0){
-      $sambaRefuseMachinePwdChange = _("off")." <i>("._("default").")</i>";
-    }else{
-      $sambaRefuseMachinePwdChange = _("on");
-    }
-   
-    /* USER Attributes 
-     */
-    /* sambaBadPasswordTime: Time of the last bad password attempt
-     */
-    if($sambaBadPasswordTime == "unset" || empty($sambaBadPasswordTime)){
-      $sambaBadPasswordTime = "<i>("._("unset").")</i>";
-    }else{
-      $sambaBadPasswordTime = date("d.m.Y H:i:s",$sambaBadPasswordTime);
-    }
 
-    /* sambaBadPasswordCount: Bad password attempt count 
-     */
-    if($sambaBadPasswordCount == "unset" || empty($sambaBadPasswordCount)){
-      $sambaBadPasswordCount = "<i>("._("unset").")</i>";
-    }else{
-      $sambaBadPasswordCount = date("d.m.Y H:i:s",$sambaBadPasswordCount);
-    }
+    function remove_from_parent()
+    {
+        /* Cancel if there's nothing to do here */
+        if (!$this->initially_was_account){
+            return;
+        }
 
-    /* sambaPwdLastSet: Timestamp of the last password update
-     */
-    if($sambaPwdLastSet == "unset" || empty($sambaPwdLastSet)){
-      $sambaPwdLastSet = "<i>("._("unset").")</i>";
-    }else{
-      $sambaPwdLastSet = date("d.m.Y H:i:s",$sambaPwdLastSet);
-    }
+        /* include global link_info */
+        $ldap= $this->config->get_ldap_link();
 
-    /* sambaLogonTime: Timestamp of last logon
-     */
-    if($sambaLogonTime == "unset" || empty($sambaLogonTime)){
-      $sambaLogonTime = "<i>("._("unset").")</i>";
-    }else{
-      $sambaLogonTime = date("d.m.Y H:i:s",$sambaLogonTime);
-    }
+        plugin::remove_from_parent();
 
-    /* sambaLogoffTime: Timestamp of last logoff
-     */
-    if($sambaLogoffTime == "unset" || empty($sambaLogoffTime)){
-      $sambaLogoffTime = "<i>("._("unset").")</i>";
-    }else{
-      $sambaLogoffTime = date("d.m.Y H:i:s",$sambaLogoffTime);
-    }
-   
-    /* sambaKickoffTime: Timestamp of when the user will be logged off automatically
-     */
-    if($sambaKickoffTime == "unset" || empty($sambaKickoffTime)){
-      $sambaKickoffTime = "<i>("._("unset").")</i>";
-    }
+        /* Keep uid attribute for gosaAccount */
+        unset($this->attrs['uid']);
+        unset($this->attrs['uidNumber']);
+        unset($this->attrs['gidNumber']);
 
-    /* sambaPwdMustChange: Timestamp of when the password will expire
-     */
-    if($sambaPwdMustChange == "unset" || empty($sambaPwdMustChange)){
-      $sambaPwdMustChange = "<i>("._("unset").")</i>";
-    }
+        /* Remove objectClass for sambaIdmapEntry */
+        $tmp= array();
+        for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
+            if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
+                $tmp[]= $this->attrs['objectClass'][$i];
+            }
+        }
+        $this->attrs['objectClass']= $tmp;
 
-    /* sambaPwdCanChange: Timestamp of when the user is allowed to update the password
-     */
-    if($sambaPwdCanChange == "unset" || empty($sambaPwdCanChange)){
-      $sambaPwdCanChange = "<i>("._("unset").")</i>";
-    }elseif($sambaPwdCanChange != "unset" && time() > $sambaPwdCanChange){
-      $sambaPwdCanChange = _("immediately") ;
-    }else{
-      $days     = floor((($sambaPwdCanChange - time()) / 60 / 60 / 24)) ;
-      $hours    = floor((($sambaPwdCanChange - time()) / 60 / 60) % 24) ;
-      $minutes  = floor((($sambaPwdCanChange - time()) / 60 ) % 60) ;
-    
-      $sambaPwdCanChange = " ".$days." "._("days");
-      $sambaPwdCanChange.= " ".$hours." "._("hours");
-      $sambaPwdCanChange.= " ".$minutes." "._("minutes");
-    }
+        @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__,
+                $this->attributes, "Save");
+        $ldap->cd($this->dn);
+        $this->cleanup();
+        $ldap->modify ($this->attrs); 
+
+        new log("remove","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
 
-    $str =
-      "\n<div style='height:200px; overflow: auto;'>".
-      "\n<table style='width:100%;' summary=\""._("Domain settings")."\">".
-      "\n<tr><td><b>"._("Domain attributes")."</b></td></tr>". 
-      "\n<tr><td>"._("Min password length").":           </td><td>".$sambaMinPwdLength."</td></tr>". 
-      "\n<tr><td>"._("Min password length").":           </td><td>".$sambaMinPwdLength."</td></tr>". 
-      "\n<tr><td>"._("Password history").":              </td><td>".$sambaPwdHistoryLength."</td></tr>".
-      "\n<tr><td>"._("Force password change").":         </td><td>".$sambaLogonToChgPwd."</td></tr>".
-      "\n<tr><td>"._("Maximum password age").":          </td><td>".$sambaMaxPwdAge."</td></tr>".
-      "\n<tr><td>"._("Minimum password age").":          </td><td>".$sambaMinPwdAge."</td></tr>".
-      "\n<tr><td>"._("Lockout duration").":              </td><td>".$sambaLockoutDuration."</td></tr>".
-      "\n<tr><td>"._("Bad lockout attempt").":           </td><td>".$sambaLockoutThreshold."</td></tr>".
-      "\n<tr><td>"._("Disconnect time").":               </td><td>".$sambaForceLogoff."</td></tr>".
-      "\n<tr><td>"._("Refuse machine password change").":</td><td>".$sambaRefuseMachinePwdChange."</td></tr>".
-      "\n<tr><td>&nbsp;</td></tr>". 
-      "\n<tr><td><b>"._("User attributes")."</b></td></tr>". 
-      "\n<tr><td>"._("SID").":                           </td><td>".$sambaSID."</td></tr>".
-      "\n<tr><td>"._("Last failed login").":             </td><td>".$sambaBadPasswordTime."</td></tr>".
-      "\n<tr><td>"._("Logon attempts").":                </td><td>".$sambaBadPasswordCount."</td></tr>".
-      "\n<tr><td>"._("Last password update").":          </td><td>".$sambaPwdLastSet."</td></tr>".
-      "\n<tr><td>"._("Last logon").":                    </td><td>".$sambaLogonTime."</td></tr>".
-      "\n<tr><td>"._("Last logoff").":                   </td><td>".$sambaLogoffTime."</td></tr>".
-      "\n<tr><td>"._("Automatic logoff").":              </td><td>".$sambaKickoffTime."</td></tr>";
-
-      if($this->no_expiry){
-        $str .= "\n<tr><td>"._("Password expires").":              </td><td>"._("No")."</td></tr>";
-        $str .= "\n<tr><td colspan='2'><font color='gray'>".
-          sprintf(_("The password would expire on %s, but the password expiry is disabled."),$sambaPwdMustChange).
-          "</font></td></tr>";
-      }else{
-        $str .= "\n<tr><td>"._("Password expires").":              </td><td>".$sambaPwdMustChange."</td></tr>";
-      }
-    
-      $str .= "\n<tr><td>"._("Password change available").":     </td><td>".$sambaPwdCanChange."</td></tr>".
-      "\n</table>";
-      "\n</div>";
-    return($str);
-  }
-
-
-  function remove_from_parent()
-  {
-    /* Cancel if there's nothing to do here */
-   if (!$this->initially_was_account){
-     return;
-   }
-    
-    /* include global link_info */
-    $ldap= $this->config->get_ldap_link();
-
-    plugin::remove_from_parent();
-
-    /* Keep uid attribute for gosaAccount */
-    unset($this->attrs['uid']);
-    unset($this->attrs['uidNumber']);
-    unset($this->attrs['gidNumber']);
-
-    /* Remove objectClass for sambaIdmapEntry */
-    $tmp= array();
-    for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
-      if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
-        $tmp[]= $this->attrs['objectClass'][$i];
-      }
+        if (!$ldap->success()){
+            msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
+        }
+
+        /* Optionally execute a command after we're done */
+        $this->handle_post_events("remove", array("uid" => $this->uid));
     }
-    $this->attrs['objectClass']= $tmp;
 
-    @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__,
-        $this->attributes, "Save");
-    $ldap->cd($this->dn);
-    $this->cleanup();
-    $ldap->modify ($this->attrs); 
 
-    new log("remove","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+    /* Check for input problems */
+    function check()
+    {
+        /* Call common method to give check the hook */
+        $message= plugin::check();
 
-    if (!$ldap->success()){
-      msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
-    }
+        /* sambaHomePath requires sambaHomeDrive and vice versa */
+        if(!empty($this->sambaHomePath) && empty($this->sambaHomeDrive)){
+            $message[]= msgPool::required(_("Home drive"));
+        }
+        if(!empty($this->sambaHomeDrive) && empty($this->sambaHomePath)){
+            $message[]= msgPool::required(_("Home path"));
+        }
 
-    /* Optionally execute a command after we're done */
-    $this->handle_post_events("remove", array("uid" => $this->uid));
-  }
+        /* Strings */
+        foreach (array( "sambaHomePath" => _("Home directory"),
+                    "sambaProfilePath" => _("Profile path")) as $key => $val){
+            if (!$this->mungedObject->is_samba_path($this->$key)){
+                $message[]= msgPool::invalid($val);
+            }
+        }
 
+        /* Numeric values */
+        foreach (array(        "CtxMaxConnectionTime" => _("Connection"),
+                    "CtxMaxDisconnectionTime" => _("Disconnection"),
+                    "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
 
-  /* Check for input problems */
-  function check()
-  {
-    /* Call common method to give check the hook */
-    $message= plugin::check();
+            if (isset($this->mungedObject->ctx[$key]) && !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
+                $message[]= msgPool::invalid($val);
+            }
+        }
 
-    /* sambaHomePath requires sambaHomeDrive and vice versa */
-    if(!empty($this->sambaHomePath) && empty($this->sambaHomeDrive)){
-      $message[]= msgPool::required(_("Home drive"));
-    }
-    if(!empty($this->sambaHomeDrive) && empty($this->sambaHomePath)){
-      $message[]= msgPool::required(_("Home path"));
-    }
+        /* Too many workstations? Windows usrmgr only supports eight */
+        if (substr_count($this->sambaUserWorkstations, ",") >= 8){
+            $message[]= _("The windows usermanager allows eight clients at maximum!");
+        }
 
-    /* Strings */
-    foreach (array( "sambaHomePath" => _("Home directory"),
-          "sambaProfilePath" => _("Profile path")) as $key => $val){
-      if (!$this->mungedObject->is_samba_path($this->$key)){
-        $message[]= msgPool::invalid($val);
-      }
+        return ($message);
     }
 
-    /* Numeric values */
-    foreach (array(    "CtxMaxConnectionTime" => _("Connection"),
-          "CtxMaxDisconnectionTime" => _("Disconnection"),
-          "CtxMaxIdleTime" => _("IDLE")) as $key => $val){
 
-      if (isset($this->mungedObject->ctx[$key]) && !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
-        $message[]= msgPool::invalid($val);
-      }
-    }
+    /* Save data to object */
+    function save_object()
+    {
 
-    if (!tests::is_date($this->sambaPwdMustChange)){
-      $message[]= msgPool::invalid(_("Password expires on"), $this->sambaPwdMustChange,"" ,"23.02.2009");
-    }
+        $SkipWrite = (!isset($this->parent) || !$this->parent) && !session::is_set('edit');
 
-    /* Too many workstations? Windows usrmgr only supports eight */
-    if (substr_count($this->sambaUserWorkstations, ",") >= 8){
-      $message[]= _("The windows usermanager allows eight clients at maximum!");
-    }
+        /* We only care if we are on the sambaTab... */
+        if (isset($_POST['sambaTab'])){
+            plugin::save_object();
 
-    return ($message);
-  }
+            // Display domain info dialog
+            if(isset($_POST['display_information'])){
+                msg_dialog::display(_("Information"), 
+                        $this->get_samba_information(),
+                        INFO_DIALOG);
+            }
 
+            // Get posted flags.
+            foreach(array("enforcePasswordChange", "passwordNeverExpires", "noPasswordRequired",
+                        "temporaryDisabled","cannotChangePassword") as $name){
+                $flag = "flag_{$name}";
+                if($this->acl_is_writeable($name)){
+                    $tmp = isset($_POST[$flag]);
+                    $this->is_modified |= ($tmp != $this->$flag);
+                    $this->$flag = isset($_POST[$flag]);
+                }
+            }
 
-  /* Save data to object */
-  function save_object()
-  {
-    /* We only care if we are on the sambaTab... */
-    if (isset($_POST['sambaTab'])){
-      plugin::save_object();
 
-      $this->enforcePasswordChange = (isset($_POST['enforcePasswordChange']));
-      $this->cannotChangePassword = (isset($_POST['cannotChangePassword']));
+            // get sambaDomain attribute
+            if ($this->acl_is_writeable("sambaDomainName",$SkipWrite) && isset ($_POST['sambaDomainName'],$SkipWrite)){
+                $this->sambaDomainName= get_post('sambaDomainName');
+            }
 
-      if(isset($_POST['display_information'])){
-        msg_dialog::display(_("Information"), 
-          $this->get_samba_information(),
-          INFO_DIALOG);
-      }
+            // Save CTX values 
+            $TsAcl = $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite);
+            foreach($this->ctxattributes as $val){
+                if (isset($_POST[$val]) && $TsAcl){
+                    $this->mungedObject->ctx[$val]= get_post($val);
+                }
+            }
 
-      /* Take care about access options */
-      if ($this->acl_is_writeable("sambaAcctFlagsL") || ($this->acl_is_writeable("sambaAcctFlagsN"))){
-        $attrname= "sambaPwdCanChange";
-        if (isset($_POST["allow_pwchange"]) && $_POST["allow_pwchange"] == 1){
-          $tmp= 1;
-        } else {
-          $tmp= 0;
-        }
-        if ($this->$attrname != $tmp){
-          $this->is_modified= TRUE;
-        }
-        $this->sambaPwdCanChange= $tmp;
-      }
-      $tmp= "U";
-
-      $this->no_expiry = FALSE;
-      if (isset($_POST["no_expiry"])){
-        if ($_POST["no_expiry"] == 1){
-          $tmp.= "X";
-          $this->no_expiry = TRUE;
-        }
-      }
-
-      $this->no_password_required = FALSE;
-      if (isset($_POST["no_password_required"])){
-        if ($_POST["no_password_required"] == 1){
-          $tmp.= "N";
-          $this->no_password_required = TRUE;
-        }
-      }
-      if (isset($_POST["password_expires"])){
-        if ($_POST["password_expires"] == 1){
-          $this->password_expires= 1;
-        }
-      } else {
-        $this->password_expires= 0;
-      }
-      $this->temporary_disable = FALSE;
-      if (isset($_POST["temporary_disable"])){
-        if ($_POST["temporary_disable"] == 1){
-          $this->temporary_disable = TRUE;
-          if (is_integer(strpos($this->sambaAcctFlags, "L"))) {
-            $tmp.= "L";
-          } else {
-            $tmp.= "D";
-          }
-        }
-      }
-      
-      $fill= "";
-      for ($i= strlen($tmp); $i<12; $i++){
-        $fill.= " ";
-      }
-
-      $tmp= "[$tmp$fill]";
-
-      /* Only save if acl's are set */
-      if ($this->acl_is_writeable("sambaAcctFlagsL") || ($this->acl_is_writeable("sambaAcctFlagsN"))){
-        $attrname= "sambaAcctFlags";
-        if ($this->$attrname != $tmp){
-          $this->is_modified= TRUE;
-        }
-        $this->$attrname= $tmp;
-      }
-
-      /* Save sambaDomain attribute */
-      if ($this->acl_is_writeable("sambaDomainName") && isset ($_POST['sambaDomainName'])){
-        $this->sambaDomainName= get_post('sambaDomainName');
-      }
-
-      /* Save CTX values */
-      /* Save obvious values */
-      foreach($this->ctxattributes as $val){
-        if (isset($_POST[$val]) && $this->acl_is_writeable("AllowLoginOnTerminalServer")){
-          $this->mungedObject->ctx[$val]= get_post($val);
-        }
-      }
-
-      /* Save checkbox states. */
-      $this->mungedObject->setTsLogin(!isset($_POST['tslogin'])
-                      && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
-      // Need to do some index checking to avoid messages like "index ... not found"
-      if(isset($_POST['brokenconn'])) {
-        $this->mungedObject->setBrokenConn($_POST['brokenconn'] == '1'
-                      && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
-      }
-      if(isset($_POST['reconn'])) {
-        $this->mungedObject->setReConn($_POST['reconn'] == '1'
-                      && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
-      }
-      $this->mungedObject->setInheritMode(isset($_POST['inherit'])
-                      && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
-      $this->mungedObject->setCtxMaxConnectionTimeF(!isset($_POST['CtxMaxConnectionTimeF'])
-                      && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
-      $this->mungedObject->setCtxMaxDisconnectionTimeF(
-                      !isset($_POST['CtxMaxDisconnectionTimeF']) 
-                      && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
-      $this->mungedObject->setCtxMaxIdleTimeF(!isset($_POST['CtxMaxIdleTimeF'])
-                      && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
-      $this->mungedObject->setConnectClientDrives(isset($_POST['connectclientdrives'])
-                      && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
-      $this->mungedObject->setConnectClientPrinters(isset($_POST['connectclientprinters'])  
-                      && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
-      $this->mungedObject->setDefaultPrinter(isset($_POST['defaultprinter'])
-                      && $this->acl_is_writeable("AllowLoginOnTerminalServer"));
-
-      /* Save combo boxes. Takes two values */
-      if(isset($_POST['reconn'])) {
-        $this->mungedObject->setShadow(isset($_POST['shadow']) && $this->acl_is_writeable("AllowLoginOnTerminalServer"),get_post('shadow'));
-      }
-
-      /* Check for changes */
-      if ($this->sambaMungedDial != $this->mungedObject->getMunged()){
-        $this->is_modified= TRUE;
-      }
-      
-    }
-  }
-
-
-  /* Save to LDAP */
-  function save()
-  {
-    /* Load uid and gid of this 'dn' */
-    $ldap= $this->config->get_ldap_link();
-    $ldap->cat($this->dn, array('uidNumber', 'gidNumber'));
-    $tmp= $ldap->fetch();
-    $this->uidNumber= $tmp['uidNumber'][0];
-    $this->gidNumber= $tmp['gidNumber'][0];
-
-    plugin::save();
-
-    /* Remove objectClass for sambaIdmapEntry */
-    $tmp= array();
-    for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
-      if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
-        $tmp[]= $this->attrs['objectClass'][$i];
-      }
-    }
-    $this->attrs['objectClass']= $tmp;
-
-    // Enforce password change
-    if($this->enforcePasswordChange){
-        $this->attrs['sambaPwdLastSet'] = 0;
-    }else{
-        if ($this->sambaPwdLastSet != "0"){
-            $this->attrs['sambaPwdLastSet']= $this->sambaPwdLastSet;
-        } else {
-            $this->attrs['sambaPwdLastSet']= array();
+            $this->mungedObject->setTsLogin(!isset($_POST['tslogin']) &&  $TsAcl);
+
+            // Need to do some index checking to avoid messages like "index ... not found"
+            if(isset($_POST['brokenconn'])) {
+                $this->mungedObject->setBrokenConn($_POST['brokenconn'] == '1' && $TsAcl);
+            }
+            if(isset($_POST['reconn'])) {
+                $this->mungedObject->setReConn($_POST['reconn'] == '1' && $TsAcl);
+            }
+            $this->mungedObject->setInheritMode(isset($_POST['inherit'])  && $TsAcl);
+            $this->mungedObject->setCtxMaxConnectionTimeF(!isset($_POST['CtxMaxConnectionTimeF']) && $TsAcl);
+            $this->mungedObject->setCtxMaxDisconnectionTimeF(!isset($_POST['CtxMaxDisconnectionTimeF']) && $TsAcl);
+            $this->mungedObject->setCtxMaxIdleTimeF(!isset($_POST['CtxMaxIdleTimeF']) && $TsAcl);
+            $this->mungedObject->setConnectClientDrives(isset($_POST['connectclientdrives']) && $TsAcl);
+            $this->mungedObject->setConnectClientPrinters(isset($_POST['connectclientprinters']) && $TsAcl);
+            $this->mungedObject->setDefaultPrinter(isset($_POST['defaultprinter']) && $TsAcl);
+
+            // Save combo boxes. Takes two values 
+            if(isset($_POST['reconn'])) {
+                $this->mungedObject->setShadow(isset($_POST['shadow']) && $TsAcl,get_post('shadow'));
+            }
+
+            // Check for changes
+            $this->is_modified |= ($this->sambaMungedDial != $this->mungedObject->getMunged()); 
         }
     }
 
-    if($this->cannotChangePassword){
-        $this->attrs['sambaPwdCanChange'] = 4294967295;
-    }
 
-    /* Generate rid / primaryGroupId */
-    if (!isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
-      msg_dialog::display(_("Warning"), _("Undefined Samba SID detected. Please fix this problem manually!"), WARNING_DIALOG);
-    } else {
-      $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
-      $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
-    }
 
-    /* Need to generate a new uniqe uid/gid combination? */
-    if ($this->sambaSID == "" || $this->orig_sambaDomainName != $this->sambaDomainName){
-      $uidNumber= $this->uidNumber;
-      while(TRUE){
-        $sid= $this->SID."-".($uidNumber*2 + $this->ridBase);
-        $ldap->cd($this->config->current['BASE']);
-        $ldap->search("(sambaSID=$sid)", array("sambaSID"));
-        if ($ldap->count() == 0){
-          break;
-        }
-        $uidNumber++;
-      }
-      $this->attrs['sambaSID']= $sid;
-
-      /* Check for users primary group */
-      $ldap->cd($this->config->current['BASE']);
-      $ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))", array("cn"));
-      if ($ldap->count() != 1){
-        msg_dialog::display(_("Warning"), _("Cannot convert primary group to samba group: group cannot be identified!"), WARNING_DIALOG);
-      } else {
-        $attrs= $ldap->fetch();
-        $g= new group($this->config, $ldap->getDN());
-        if ($g->sambaSID == ""){
-          $g->sambaDomainName= $this->sambaDomainName;
-          $g->smbgroup= TRUE;
-          $g->save ();
-        }
-        $this->attrs['sambaPrimaryGroupSID']= $g->sambaSID;
-      }
-    }
+    function save()
+    {
+        /* Load uid and gid of this 'dn' */
+        $ldap= $this->config->get_ldap_link();
+        $ldap->cat($this->dn, array('uidNumber', 'gidNumber'));
+        $tmp= $ldap->fetch();
+        $this->uidNumber= $tmp['uidNumber'][0];
+        $this->gidNumber= $tmp['gidNumber'][0];
 
-    if ($this->sambaHomeDrive == ""){
-      $this->attrs["sambaHomeDrive"]= array();
-    }
+        plugin::save();
 
-    /* Generate munged dial value */
-    $this->attrs["sambaMungedDial"]= $this->mungedObject->getMunged();
+        /* Remove objectClass for sambaIdmapEntry */
+        $tmp= array();
+        for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
+            if ($this->attrs['objectClass'][$i] != 'sambaIdmapEntry'){
+                $tmp[]= $this->attrs['objectClass'][$i];
+            }
+        }
+        $this->attrs['objectClass']= $tmp;
 
-    /* User wants me to fake the idMappings? This is useful for
-       making winbind resolve the user names in a reasonable amount
-       of time in combination with larger databases. */
-    if ($this->config->boolValueIsTrue("core","sambaIdMapping")){
-      $this->attrs['objectClass'][]= "sambaIdmapEntry";
-    }
 
+        // Handle "enforce password change" flag.
+        if($this->flag_enforcePasswordChange){
+            $this->attrs['sambaPwdMustChange'] = 0;
+        }else{
 
-    /* Password expiery */
-    if ($this->password_expires == "1"){
-      #TODO: check for date format
-      if ($this->attrs['sambaPwdMustChange'] == ""){
-        $this->attrs['sambaPwdMustChange']= 0;
-      } else {
-        list($day, $month, $year)= explode('.', $this->sambaPwdMustChange);
-        $this->attrs['sambaPwdMustChange']= mktime(0,0,0,$month, $day, $year);
-      }
-    } else {
-      $this->attrs['sambaPwdMustChange']= array();
-    }
+            // Keep old values if given.
+            if ($this->sambaPwdMustChange != "0"){
+                $this->attrs['sambaPwdMustChange']= $this->sambaPwdMustChange;
+            } else {
+                $this->attrs['sambaPwdMustChange']= array();
+            }
+        }
 
-    /* Write back to ldap */
-    $ldap->cd($this->dn);
-    $this->cleanup();
-    $ldap->modify ($this->attrs); 
+        // Handle "Cannot change password" flag.
+        if($this->flag_cannotChangePassword){
+            $this->attrs['sambaPwdCanChange'] = 4294967295;
+        }else{
 
-    if($this->initially_was_account){
-      new log("modify","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
-    }else{
-      new log("create","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
-    }
+            // Keep old values if given.
+            if ($this->sambaPwdCanChange != 4294967295 && !empty($this->sambaPwdCanChange)){
+                $this->attrs['sambaPwdCanChange']= $this->sambaPwdCanChange;
+            } else {
+                $this->attrs['sambaPwdCanChange']= array();
+            }
+        }
 
-    if (!$ldap->success()){
-      msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
-    }
+        // Create sambaAcctFlags
+        $tmp = "U";
+        if($this->flag_passwordNeverExpires)  $tmp .="X";
+        if($this->flag_noPasswordRequired)    $tmp .="N";
+        if($this->flag_temporaryDisabled){
+            if(preg_match("/L/i", $this->sambaAcctFlags)){
+                $tmp .= "L";
+            }else{
+                $tmp .= "D";
+            }
+        }
 
-    /* Optionally execute a command after we're done */
-    if ($this->initially_was_account == $this->is_account){
-      if ($this->is_modified){
-        $this->handle_post_events("modify", array("uid" => $this->uid));
-      }
-    } else {
-      $this->handle_post_events("add", array("uid" => $this->uid));
-    }
-  }
-
-
-  /* Force password set, if this account doesn't have any samba passwords  */
-  function password_change_needed()
-  {
-    if(!$this->initially_was_account && $this->is_account){
-      $ldap = $this->config->get_ldap_link();
-      $ldap->cat($this->dn,array("sambaLMPassword","sambaNTPassword"));
-      $attrs = $ldap->fetch();
-      if(!isset($attrs['sambaLMPassword']) || !isset($attrs['sambaNTPassword'])){
-        return(TRUE);
-      }
-    }
-    return(FALSE);
-  }
+        // Fill flag list with whitespaces
+        $fill= "";
+        for ($i= strlen($tmp); $i<12; $i++){
+            $fill.= " ";
+        }
+        $this->attrs['sambaAcctFlags'] = "[{$tmp}{$fill}]";
 
 
-  function adapt_from_template($dn, $skip= array())
-  {
-    plugin::adapt_from_template($dn, $skip);
+        // Generate rid / primaryGroupId 
+        if (!isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
+            msg_dialog::display(_("Warning"), _("Undefined Samba SID detected. Please fix this problem manually!"), WARNING_DIALOG);
+        } else {
+            $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
+            $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
+        }
 
+        // Need to generate a new uniqe uid/gid combination? 
+        if ($this->sambaSID == "" || $this->orig_sambaDomainName != $this->sambaDomainName){
+            $uidNumber= $this->uidNumber;
+            while(TRUE){
+                $sid= $this->SID."-".($uidNumber*2 + $this->ridBase);
+                $ldap->cd($this->config->current['BASE']);
+                $ldap->search("(sambaSID=$sid)", array("sambaSID"));
+                if ($ldap->count() == 0){
+                    break;
+                }
+                $uidNumber++;
+            }
+            $this->attrs['sambaSID']= $sid;
+
+            // Check for users primary group 
+            $ldap->cd($this->config->current['BASE']);
+            $ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber."))", array("cn"));
+            if ($ldap->count() != 1){
+                msg_dialog::display(_("Warning"), 
+                        _("Cannot convert primary group to samba group: group cannot be identified!"), 
+                        WARNING_DIALOG);
+            } else {
+                $attrs= $ldap->fetch();
+                $g= new group($this->config, $ldap->getDN());
+                if ($g->sambaSID == ""){
+                    $g->sambaDomainName= $this->sambaDomainName;
+                    $g->smbgroup= TRUE;
+                    $g->save ();
+                }
+                $this->attrs['sambaPrimaryGroupSID']= $g->sambaSID;
+            }
+        }
 
-    $this->sambaSID= "";
-    $this->sambaPrimaryGroupSID= "";
+        // Set or reset homeDrive - Why is this done seperataly?
+        if ($this->sambaHomeDrive == ""){
+            $this->attrs["sambaHomeDrive"]= array();
+        }
 
-    /* Fill mungedDial field */
-    if (isset($this->attrs['sambaMungedDial']) && !in_array('sambaMungedDial', $skip)){
-      $this->mungedObject->load($this->sambaMungedDial);
-    }
+        // Generate munged dial value 
+        $this->attrs["sambaMungedDial"]= $this->mungedObject->getMunged();
 
-    /* Adapt munged attributes */
-    foreach($this->ctxattributes as $attr){
-      if(isset($this->mungedObject->ctx[$attr]))
-        $val = $this->mungedObject->ctx[$attr];
+        // User wants me to fake the idMappings? This is useful for
+        //  making winbind resolve the user names in a reasonable amount
+        //  of time in combination with larger databases. 
+        if ($this->config->boolValueIsTrue("core","sambaidmapping")){
+            $this->attrs['objectClass'][]= "sambaIdmapEntry";
+        }
 
-      foreach (array("sn", "givenName", "uid") as $repl){
-        if (preg_match("/%$repl/i", $val)){
-          $val= preg_replace ("/%$repl/i", $this->parent->$repl, $val);
+        // Write back to ldap 
+        $ldap->cd($this->dn);
+        $this->cleanup();
+        $ldap->modify ($this->attrs); 
+        if (!$ldap->success()){
+            msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
+        }else{
+            if ($this->initially_was_account == $this->is_account){
+                if ($this->is_modified){
+                    $this->handle_post_events("modify", array("uid" => $this->uid));
+                    new log("modify","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+                }
+            } else {
+                $this->handle_post_events("add", array("uid" => $this->uid));
+                new log("create","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+            }
         }
-      }
-      $this->mungedObject->ctx[$attr] = $val;
     }
 
-    /* Password expiery */
-    if(isset($this->attrs['sambaPwdMustChange']) &&
-        $this->attrs['sambaPwdMustChange'][0] != 0 && !in_array('sambaPwdMustChange', $skip)){
-      $this->password_expires= 1;
-    }
-  }
-
-  
-  static function plInfo()
-  {
-    return (array(
-          "plShortName"     => _("Samba"),
-          "plDescription"   => _("Samba settings"),
-          "plSelfModify"    => TRUE,
-          "plDepends"       => array("user"),
-          "plPriority"      => 5,
-          "plSection"     => array("personal" => _("My account")),
-          "plCategory"    => array("users"),
-          "plOptions"       => array(),
-
-          "plRequirements"=> array(
-              'ldapSchema' => array('sambaSamAccount' => ''),
-              'onFailureDisablePlugin' => array(get_class())
-              ),
-
-          "plProvidedAcls"  => array(
-
-            "sambaHomePath"               => _("Generic home directory") ,
-            "sambaHomeDrive"              => _("Generic samba home drive") ,
-            "sambaDomainName"             => _("Domain") ,
-            "sambaLogonScript"            => _("Generic script path") ,
-            "sambaProfilePath"            => _("Generic profile path") ,
-            "AllowLoginOnTerminalServer"  => _("Allow login on terminal server"),
-            "InheritClientConfig"         => _("Inherit client config"),
-            "sambaPwdCanChange"           => _("Allow user to change password") ,
-            "sambaAcctFlagsN"             => _("Login from windows client requires no password"),
-            "sambaAcctFlagsX"             => _("Password never expires"),
-            "enforcePasswordChange"       => _("Enforce password change"),
-            "cannotChangePassword"        => _("Cannot change password"),
-            "sambaAcctFlagsL"             => _("Lock samba account"),
-            "sambaLogonHours"             => _("Logon hours") ,
-            "sambaUserWorkstations"       => _("Allow connection from"))
-          ));
-  }    
-
-  function enable_multiple_support()
-  {
-    plugin::enable_multiple_support();
-    $this->multiple_support_active = TRUE;
-  } 
-
-  function multiple_save_object()
-  {
-    if (isset($_POST['sambaTab'])){
-      $this->save_object();
-      plugin::multiple_save_object();
-      foreach(array("allow_pwchange","tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
-            "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF","CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
-            "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
-            "onnectclientprinters","defaultprinter","shadow","brokenconn",
-            "reconn","allow_pwchange","connectclientprinters","no_expiry","no_password_required","temporary_disable",
-            "password_expires", "SetSambaLogonHours",
-            "workstation_list", "enforcePasswordChange","cannotChangePassword") as $attr){
-        if(isset($_POST["use_".$attr])){
-          $this->multi_boxes[] = $attr;
-        }
-      }
+
+    /* Force password set, if this account doesn't have any samba passwords  */
+    function password_change_needed()
+    {
+        if(!$this->initially_was_account && $this->is_account){
+            $ldap = $this->config->get_ldap_link();
+            $ldap->cat($this->dn,array("sambaLMPassword","sambaNTPassword"));
+            $attrs = $ldap->fetch();
+            if(!isset($attrs['sambaLMPassword']) || !isset($attrs['sambaNTPassword'])){
+                return(TRUE);
+            }
+        }
+        return(FALSE);
     }
-  }
 
 
-  function multiple_check()
-  {
-    $message = plugin::multiple_check();
+    function adapt_from_template($dn, $skip= array())
+    {
+        plugin::adapt_from_template($dn, $skip);
 
-    /* Strings */
-    foreach (array( "sambaHomePath" => _("Home directory"),
-          "sambaProfilePath" => _("Profile path")) as $key => $val){
-      if (in_array($key,$this->multi_boxes) && !$this->mungedObject->is_samba_path($this->$key)){
-        $message[]= msgPool::invalid($val);
-      }
-    }
 
-    /* Numeric values */
-    foreach (array( "CtxMaxConnectionTime"    => _("Connection"),
-                    "CtxMaxDisconnectionTime" => _("Disconnection"),
-                    "CtxMaxIdleTime"          => _("IDLE")) as $key => $val){
-      if (in_array($key,$this->multi_boxes) && 
-          isset($this->mungedObject->ctx[$key]) && 
-          !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
-        $message[]=msgPool::invalid($val);
-      }
-    }
+        $this->sambaSID= "";
+        $this->sambaPrimaryGroupSID= "";
 
-    /* Too many workstations? Windows usrmgr only supports eight */
-    if (substr_count($this->sambaUserWorkstations, ",") >= 8){
-      $message[]= _("The windows user manager only allows eight clients. You've specified more than eight.");
-    }
-    return($message);
-  }
+        /* Fill mungedDial field */
+        if (isset($this->attrs['sambaMungedDial']) && !in_array('sambaMungedDial', $skip)){
+            $this->mungedObject->load($this->sambaMungedDial);
+        }
 
-  
-  function get_multi_init_values()
-  {
-    $ret = plugin::get_multi_init_values();
+        /* Adapt munged attributes */
+        foreach($this->ctxattributes as $attr){
+            if(isset($this->mungedObject->ctx[$attr]))
+                $val = $this->mungedObject->ctx[$attr];
 
-    /* Parse given sambaUserWorkstations into array
-     *  to allow "init_multiple_support()" to detect multiple used workstations.
-     *  Those workstations will be displayed in light grey.
-     */
-    $tmp2 = array("count" => 0);
-    $tmp = explode(",", $this->sambaUserWorkstations);
-    foreach($tmp as $station){
-      $station = trim($station);
-      if(!empty($station)){
-        $tmp2[] = $station;
-        $tmp2['count'] ++;
-      }
+            foreach (array("sn", "givenName", "uid") as $repl){
+                if (preg_match("/%$repl/i", $val)){
+                    $val= preg_replace ("/%$repl/i", $this->parent->$repl, $val);
+                }
+            }
+            $this->mungedObject->ctx[$attr] = $val;
+        }
+
+        // Load flags from source.
+        $this->loadFlagsFromSource($this->attrs);
+    }
+
+
+    static function plInfo()
+    {
+        return (array(
+                    "plShortName"     => _("Samba"),
+                    "plDescription"   => _("Samba settings"),
+                    "plSelfModify"    => TRUE,
+                    "plDepends"       => array("user"),
+                    "plPriority"      => 5,
+                    "plSection"     => array("personal" => _("My account")),
+                    "plCategory"    => array("users"),
+                    "plOptions"       => array(),
+                    "plRequirements"=>array(
+                        'ldapSchema' => array('sambaSamAccount' =>''),
+                        'onFailureDisablePlugin' => array(get_class())),
+                    "plProvidedAcls"  => array(
+                        "sambaHomePath"               => _("Generic home directory") ,
+                        "sambaHomeDrive"              => _("Generic samba home drive") ,
+                        "sambaDomainName"             => _("Domain") ,
+                        "sambaLogonScript"            => _("Generic script path") ,
+                        "sambaProfilePath"            => _("Generic profile path") ,
+                        "AllowLoginOnTerminalServer"  => _("Allow login on terminal server"),
+                        "InheritClientConfig"         => _("Inherit client config"),
+
+                        "enforcePasswordChange"       => _("Enforce password change"),
+                        "cannotChangePassword"        => _("Disallow password change") ,
+                        "noPasswordRequired"          => _("Login from windows client requires no password"),
+                        "passwordNeverExpires"        => _("Password never expires"),
+                        "temporaryDisabled"           => _("Lock samba account"),
+
+                        "sambaLogonHours"             => _("Logon hours") ,
+                        "sambaUserWorkstations"       => _("Allow connection from"))
+                        ));
+    }    
+
+    function enable_multiple_support()
+    {
+        plugin::enable_multiple_support();
+        $this->multiple_support_active = TRUE;
     } 
-    $ret['sambaUserWorkstations'] = $tmp2;
-    return($ret);
-  }
+
+    function multiple_save_object()
+    {
+        if (isset($_POST['sambaTab'])){
+            $this->save_object();
+            plugin::multiple_save_object();
+            foreach(array("allow_pwchange","tslogin","CtxWFHomeDir","CtxWFHomeDirDrive","CtxWFProfilePath",
+                        "inherit","CtxWorkDirectory","CtxInitialProgram","CtxMaxConnectionTimeF",
+                        "CtxMaxConnectionTime","CtxMaxDisconnectionTimeF",
+                        "CtxMaxDisconnectionTime","CtxMaxIdleTimeF","CtxMaxIdleTime","connectclientdrives",
+                        "onnectclientprinters","defaultprinter","shadow","brokenconn",
+                        "reconn","connectclientprinters","SetSambaLogonHours","workstation_list",
+                        "enforcePasswordChange", "passwordNeverExpires", "noPasswordRequired",
+                        "temporaryDisabled","cannotChangePassword"
+                        ) as $attr){
+                if(isset($_POST["use_".$attr]) || isset($_POST["use_flag_".$attr]) ){
+                    $this->multi_boxes[] = $attr;
+                }
+            }
+        }
+    }
 
 
+    function multiple_check()
+    {
+        $message = plugin::multiple_check();
 
-  function init_multiple_support($attrs,$all)
-  {
-    plugin::init_multiple_support($attrs,$all);
+        /* Strings */
+        foreach (array( "sambaHomePath" => _("Home directory"),
+                    "sambaProfilePath" => _("Profile path")) as $key => $val){
+            if (in_array($key,$this->multi_boxes) && !$this->mungedObject->is_samba_path($this->$key)){
+                $message[]= msgPool::invalid($val);
+            }
+        }
 
-    $this->multiple_sambaUserWorkstations = array();
-    if(isset($all['sambaUserWorkstations'])){
-      for($i = 0 ; $i < $all['sambaUserWorkstations']['count'] ; $i++){
-        $station = trim($all['sambaUserWorkstations'][$i]);
-        $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => FALSE);
-      }
-    }
-    if(isset($attrs['sambaUserWorkstations'])){
-      for($i = 0 ; $i < $attrs['sambaUserWorkstations']['count'] ; $i++){
-        $station = trim($attrs['sambaUserWorkstations'][$i]);
-        $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
-      }
+        /* Numeric values */
+        foreach (array( "CtxMaxConnectionTime"    => _("Connection"),
+                    "CtxMaxDisconnectionTime" => _("Disconnection"),
+                    "CtxMaxIdleTime"          => _("IDLE")) as $key => $val){
+            if (in_array($key,$this->multi_boxes) && 
+                    isset($this->mungedObject->ctx[$key]) && 
+                    !tests::is_id($this->mungedObject->ctx[$key]) && $val != 0){
+                $message[]=msgPool::invalid($val);
+            }
+        }
+
+        /* Too many workstations? Windows usrmgr only supports eight */
+        if (substr_count($this->sambaUserWorkstations, ",") >= 8){
+            $message[]= _("The windows user manager only allows eight clients. You've specified more than eight.");
+        }
+        return($message);
     }
-  }
 
-  function multiple_execute()
-  {
-    return($this->execute());
-  } 
 
-  function get_multi_edit_values()
-  {
-    $ret = plugin::get_multi_edit_values();
+    function get_multi_init_values()
+    {
+        $ret = plugin::get_multi_init_values();
 
-    /* Terminal Server  */
-    if(in_array("tslogin",$this->multi_boxes)){
-      $ret['tslogin'] = $this->mungedObject->getTsLogin();
-    }
-    if(in_array("CtxWFHomeDirDrive",$this->multi_boxes)){
-      $ret['CtxWFHomeDirDrive'] = $this->mungedObject->ctx['CtxWFHomeDirDrive'];
-    }
-    if(in_array("CtxWFHomeDir",$this->multi_boxes)){
-      $ret['CtxWFHomeDir'] = $this->mungedObject->ctx['CtxWFHomeDir'];
-    }
-    if(in_array("CtxWFProfilePath",$this->multi_boxes)){
-      $ret['CtxWFProfilePath'] = $this->mungedObject->ctx['CtxWFProfilePath'];
+        /* Parse given sambaUserWorkstations into array
+         *  to allow "init_multiple_support()" to detect multiple used workstations.
+         *  Those workstations will be displayed in light grey.
+         */
+        $tmp2 = array("count" => 0);
+        $tmp = explode(",", $this->sambaUserWorkstations);
+        foreach($tmp as $station){
+            $station = trim($station);
+            if(!empty($station)){
+                $tmp2[] = $station;
+                $tmp2['count'] ++;
+            }
+        } 
+        $ret['sambaUserWorkstations'] = $tmp2;
+        return($ret);
     }
 
-    if(in_array("inherit",$this->multi_boxes)){
-      $ret['inherit'] = $this->mungedObject->getInheritMode();
-    }       
-    if(in_array("CtxInitialProgram",$this->multi_boxes)){
-      $ret['CtxInitialProgram'] = $this->mungedObject->ctx['CtxInitialProgram'];
-    } 
-    if(in_array("CtxWorkDirectory",$this->multi_boxes)){
-      $ret['CtxWorkDirectory'] = $this->mungedObject->ctx['CtxWorkDirectory'];
-    } 
 
-    /* Time Limits. Be careful here, there are some negations  */
-    if(in_array("CtxMaxConnectionTimeF",$this->multi_boxes)){
-      $ret["CtxMaxConnectionTimeF"]   =  !$this->mungedObject->getCtxMaxConnectionTimeF();
-      if(!$ret["CtxMaxConnectionTimeF"]){
-        $ret["CtxMaxConnectionTime"]   =  $this->mungedObject->ctx['CtxMaxConnectionTime'];
-      }
-    }
-    if(in_array("CtxMaxDisconnectionTimeF",$this->multi_boxes)){
-      $ret["CtxMaxDisconnectionTimeF"]=  !$this->mungedObject->getCtxMaxDisconnectionTimeF();
-      if(!$ret["CtxMaxDisconnectionTimeF"]){
-        $ret["CtxMaxDisconnectionTime"]=  $this->mungedObject->ctx['CtxMaxDisconnectionTime'];
-      }
-    }
-    if(in_array("CtxMaxIdleTimeF",$this->multi_boxes)){
-      $ret["CtxMaxIdleTimeF"]         =  !$this->mungedObject->getCtxMaxIdleTimeF();
-      if(!$ret["CtxMaxIdleTimeF"]){
-        $ret["CtxMaxIdleTime"]         =  $this->mungedObject->ctx['CtxMaxIdleTime'];
-      }
-    }
 
-    /* Client Devices */
-    if(in_array("connectclientdrives",$this->multi_boxes)){
-      $ret["connectclientdrives"]     =  $this->mungedObject->getConnectClientDrives();
-    }
-    if(in_array("connectclientprinters",$this->multi_boxes)){
-      $ret["connectclientprinters"]   =  $this->mungedObject->getConnectClientPrinters();
-    }
-    if(in_array("defaultprinter",$this->multi_boxes)){
-      $ret["defaultprinter"]          =  $this->mungedObject->getDefaultPrinter();
-    }
+    function init_multiple_support($attrs,$all)
+    {
+        plugin::init_multiple_support($attrs,$all);
 
-    /* Misc */
-    if(in_array("shadow",$this->multi_boxes)){
-      $ret["shadow"]    =$this->mungedObject->getShadow();
-    }
-    if(in_array("brokenconn",$this->multi_boxes)){
-      $ret["brokenconn"]=$this->mungedObject->getBrokenConn();
-    }
-    if(in_array("reconn",$this->multi_boxes)){
-      $ret["reconn"]    =$this->mungedObject->getReConn();
+        $this->multiple_sambaUserWorkstations = array();
+        if(isset($all['sambaUserWorkstations'])){
+            for($i = 0 ; $i < $all['sambaUserWorkstations']['count'] ; $i++){
+                $station = trim($all['sambaUserWorkstations'][$i]);
+                $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => FALSE);
+            }
+        }
+        if(isset($attrs['sambaUserWorkstations'])){
+            for($i = 0 ; $i < $attrs['sambaUserWorkstations']['count'] ; $i++){
+                $station = trim($attrs['sambaUserWorkstations'][$i]);
+                $this->multiple_sambaUserWorkstations[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
+            }
+        }
     }
 
-    /* Flags */
-    if(in_array("allow_pwchange",$this->multi_boxes)){
-      $ret['sambaPwdCanChange'] = $this->sambaPwdCanChange;
-    }
+    function multiple_execute()
+    {
+        return($this->execute());
+    } 
 
-    if(in_array("enforcePasswordChange",$this->multi_boxes)){
-      $ret['enforcePasswordChange'] = $this->enforcePasswordChange;
-    }
-    if(in_array("cannotChangePassword",$this->multi_boxes)){
-      $ret['cannotChangePassword'] = $this->cannotChangePassword;
-    }
-  
-    if(in_array("password_expires",$this->multi_boxes)){
-      $ret['password_expires']  = $this->password_expires;
-      $ret['sambaPwdMustChange']= $this->sambaPwdMustChange;
-    }
+    function get_multi_edit_values()
+    {
+        $ret = plugin::get_multi_edit_values();
 
-    if(in_array("no_password_required",$this->multi_boxes)){
-      $ret['no_password_required'] = $this->no_password_required;
-    }
+        /* Terminal Server  */
+        if(in_array("tslogin",$this->multi_boxes)){
+            $ret['tslogin'] = $this->mungedObject->getTsLogin();
+        }
+        if(in_array("CtxWFHomeDirDrive",$this->multi_boxes)){
+            $ret['CtxWFHomeDirDrive'] = $this->mungedObject->ctx['CtxWFHomeDirDrive'];
+        }
+        if(in_array("CtxWFHomeDir",$this->multi_boxes)){
+            $ret['CtxWFHomeDir'] = $this->mungedObject->ctx['CtxWFHomeDir'];
+        }
+        if(in_array("CtxWFProfilePath",$this->multi_boxes)){
+            $ret['CtxWFProfilePath'] = $this->mungedObject->ctx['CtxWFProfilePath'];
+        }
 
-    if(in_array("no_expiry",$this->multi_boxes)){
-      $ret['no_expiry'] = $this->no_expiry;
-    }
+        if(in_array("inherit",$this->multi_boxes)){
+            $ret['inherit'] = $this->mungedObject->getInheritMode();
+        }       
+        if(in_array("CtxInitialProgram",$this->multi_boxes)){
+            $ret['CtxInitialProgram'] = $this->mungedObject->ctx['CtxInitialProgram'];
+        } 
+        if(in_array("CtxWorkDirectory",$this->multi_boxes)){
+            $ret['CtxWorkDirectory'] = $this->mungedObject->ctx['CtxWorkDirectory'];
+        } 
+
+        /* Time Limits. Be careful here, there are some negations  */
+        if(in_array("CtxMaxConnectionTimeF",$this->multi_boxes)){
+            $ret["CtxMaxConnectionTimeF"]   =  !$this->mungedObject->getCtxMaxConnectionTimeF();
+            if(!$ret["CtxMaxConnectionTimeF"]){
+                $ret["CtxMaxConnectionTime"]   =  $this->mungedObject->ctx['CtxMaxConnectionTime'];
+            }
+        }
+        if(in_array("CtxMaxDisconnectionTimeF",$this->multi_boxes)){
+            $ret["CtxMaxDisconnectionTimeF"]=  !$this->mungedObject->getCtxMaxDisconnectionTimeF();
+            if(!$ret["CtxMaxDisconnectionTimeF"]){
+                $ret["CtxMaxDisconnectionTime"]=  $this->mungedObject->ctx['CtxMaxDisconnectionTime'];
+            }
+        }
+        if(in_array("CtxMaxIdleTimeF",$this->multi_boxes)){
+            $ret["CtxMaxIdleTimeF"]         =  !$this->mungedObject->getCtxMaxIdleTimeF();
+            if(!$ret["CtxMaxIdleTimeF"]){
+                $ret["CtxMaxIdleTime"]         =  $this->mungedObject->ctx['CtxMaxIdleTime'];
+            }
+        }
 
-    if(in_array("temporary_disable",$this->multi_boxes)){
-      $ret['temporary_disable'] = $this->temporary_disable;
-    }
-    
-    if(in_array("SetSambaLogonHours",$this->multi_boxes)){
-      $ret['sambaLogonHours'] = $this->sambaLogonHours;
-    }
+        /* Client Devices */
+        if(in_array("connectclientdrives",$this->multi_boxes)){
+            $ret["connectclientdrives"]     =  $this->mungedObject->getConnectClientDrives();
+        }
+        if(in_array("connectclientprinters",$this->multi_boxes)){
+            $ret["connectclientprinters"]   =  $this->mungedObject->getConnectClientPrinters();
+        }
+        if(in_array("defaultprinter",$this->multi_boxes)){
+            $ret["defaultprinter"]          =  $this->mungedObject->getDefaultPrinter();
+        }
 
-    if(in_array("workstation_list",$this->multi_boxes)){
-      $ret['multiple_sambaUserWorkstations'] = $this->multiple_sambaUserWorkstations;
-    }
-    return($ret);
-  }
+        /* Misc */
+        if(in_array("shadow",$this->multi_boxes)){
+            $ret["shadow"]    =$this->mungedObject->getShadow();
+        }
+        if(in_array("brokenconn",$this->multi_boxes)){
+            $ret["brokenconn"]=$this->mungedObject->getBrokenConn();
+        }
+        if(in_array("reconn",$this->multi_boxes)){
+            $ret["reconn"]    =$this->mungedObject->getReConn();
+        }
 
-  function set_multi_edit_values($values)
-  {
-    plugin::set_multi_edit_values($values);
+        // Handle Flags.
+        foreach(array("flag_enforcePasswordChange", "flag_passwordNeverExpires", "flag_noPasswordRequired",
+                    "flag_temporaryDisabled","flag_cannotChangePassword") as $attr){
+            $ret[$attr] = $this->$attr;
+        }
 
-    /* Prepare current workstation settings to be merged 
-     *  with multiple edit settings.
-     */
-    if(isset($values['multiple_sambaUserWorkstations'])){
-      $cur_ws = array();
-      $m_ws = $values['multiple_sambaUserWorkstations'];
-
-      /* Prepare current settings to be merged */
-      if(isset($this->sambaUserWorkstations)){
-        $ttmp = explode(",",$this->sambaUserWorkstations);
-        foreach($ttmp as $station){
-          $station = trim($station);
-          if(!empty($station)){
-            $cur_ws[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
-          }
-        }
-      }
-
-      /* Unset removed workstations */
-      foreach($cur_ws as $cur_name => $cur_station){
-        if(!isset($m_ws[$cur_name])){
-          unset($cur_ws[$cur_name]);
-        }
-      }
-
-      /* Add all added workstations */
-      foreach($m_ws as $name => $station){
-        if($station['UsedByAllUsers']){
-          $cur_ws[$name] = $station;
-        }
-      }
-
-      $this->sambaUserWorkstations = "";
-      foreach($cur_ws as $name => $ws){
-        $this->sambaUserWorkstations .= $name.",";
-      }
-      $this->sambaUserWorkstations=preg_replace("/,$/","",$this->sambaUserWorkstations);
-    }
+        if(in_array("SetSambaLogonHours",$this->multi_boxes)){
+            $ret['sambaLogonHours'] = $this->sambaLogonHours;
+        }
 
-    /* Enable disabled terminal login, this is inverted somehow */
-    if(isset($values['tslogin']))   $this->mungedObject->setTsLogin(!$values['tslogin']);
-  
-    /* Imherit client configuration */
-    if(isset($values['inherit']))   $this->mungedObject->setInheritMode($values['inherit']);
-  
-    /* Get all ctx values posted */
-    $ctx = array("CtxWFHomeDirDrive","CtxWFHomeDir","CtxWFProfilePath","CtxInitialProgram","CtxWorkDirectory",
-                 "CtxMaxConnectionTime","CtxMaxDisconnectionTime","CtxMaxIdleTime");
-    foreach($ctx as $attr){
-      if(isset($values[$attr])){
-        $this->mungedObject->ctx[$attr] = $values[$attr] ;
-      }
+        if(in_array("workstation_list",$this->multi_boxes)){
+            $ret['multiple_sambaUserWorkstations'] = $this->multiple_sambaUserWorkstations;
+        }
+        return($ret);
     }
 
-    if(isset($values['CtxMaxConnectionTimeF']))   $this->mungedObject->setCtxMaxConnectionTimeF($values['CtxMaxConnectionTimeF']);
-    if(isset($values['CtxMaxDisconnectionTimeF']))$this->mungedObject->setCtxMaxDisconnectionTimeF($values['CtxMaxDisconnectionTimeF']);
-    if(isset($values['CtxMaxIdleTimeF']))         $this->mungedObject->setCtxMaxIdleTimeF($values['CtxMaxIdleTimeF']);
+    function set_multi_edit_values($values)
+    {
+        plugin::set_multi_edit_values($values);
 
-    if(isset($values['connectclientdrives']))   $this->mungedObject->setConnectClientDrives($values['connectclientdrives']);
-    if(isset($values['connectclientprinters'])) $this->mungedObject->setConnectClientPrinters($values['connectclientprinters']);
-    if(isset($values['defaultprinter']))        $this->mungedObject->setDefaultPrinter($values['defaultprinter']);
+        /* Prepare current workstation settings to be merged 
+         *  with multiple edit settings.
+         */
+        if(isset($values['multiple_sambaUserWorkstations'])){
+            $cur_ws = array();
+            $m_ws = $values['multiple_sambaUserWorkstations'];
+
+            /* Prepare current settings to be merged */
+            if(isset($this->sambaUserWorkstations)){
+                $ttmp = explode(",",$this->sambaUserWorkstations);
+                foreach($ttmp as $station){
+                    $station = trim($station);
+                    if(!empty($station)){
+                        $cur_ws[$station] = array("Name" => $station, "UsedByAllUsers" => TRUE);
+                    }
+                }
+            }
 
-    if(isset($values['shadow']))        $this->mungedObject->setShadow($values['shadow'],$values['shadow']);
-    if(isset($values['brokenconn']))    $this->mungedObject->setBrokenConn($values['brokenconn'],$values['brokenconn']);
-    if(isset($values['reconn']))        $this->mungedObject->setReConn($values['reconn'],$values['reconn']);
+            /* Unset removed workstations */
+            foreach($cur_ws as $cur_name => $cur_station){
+                if(!isset($m_ws[$cur_name])){
+                    unset($cur_ws[$cur_name]);
+                }
+            }
+
+            /* Add all added workstations */
+            foreach($m_ws as $name => $station){
+                if($station['UsedByAllUsers']){
+                    $cur_ws[$name] = $station;
+                }
+            }
 
-  
-    if(isset($values['sambaPwdCanChange']))  $this->sambaPwdCanChange  = $values['sambaPwdCanChange'];
+            $this->sambaUserWorkstations = "";
+            foreach($cur_ws as $name => $ws){
+                $this->sambaUserWorkstations .= $name.",";
+            }
+            $this->sambaUserWorkstations=preg_replace("/,$/","",$this->sambaUserWorkstations);
+        }
 
-    
-    
+        /* Enable disabled terminal login, this is inverted somehow */
+        if(isset($values['tslogin']))   $this->mungedObject->setTsLogin(!$values['tslogin']);
 
-    if(isset($values['password_expires'])){
-      $this->password_expires = $values['password_expires'];
-      $this->sambaPwdMustChange = $values['sambaPwdMustChange'];
-    }
+        /* Imherit client configuration */
+        if(isset($values['inherit']))   $this->mungedObject->setInheritMode($values['inherit']);
 
-    if(isset($values['no_password_required'])){
-      if($values['no_password_required']){
-        if(!preg_match("/N/",$this->sambaAcctFlags)) {
-          $this->sambaAcctFlags = preg_replace("/ /","N",$this->sambaAcctFlags,1);
-        }
-      }else{
-        $this->sambaAcctFlags = preg_replace("/N/"," ",$this->sambaAcctFlags,1);
-      }
-    }      
-
-    if(isset($values['no_expiry'])){
-      if($values['no_expiry']){
-        if(!preg_match("/N/",$this->sambaAcctFlags)) {
-          $this->sambaAcctFlags = preg_replace("/ /","N",$this->sambaAcctFlags,1);
-        }
-      }else{
-        $this->sambaAcctFlags = preg_replace("/N/"," ",$this->sambaAcctFlags,1);
-      }
-    }      
-
-    if(isset($values['temporary_disable'])){
-      if($values['temporary_disable']){
-        if(preg_match("/L/",$this->sambaAcctFlags)) {
-          // Keep L
-        }else{
-          $this->sambaAcctFlags = preg_replace("/ /","D",$this->sambaAcctFlags,1);
+        /* Get all ctx values posted */
+        $ctx = array("CtxWFHomeDirDrive","CtxWFHomeDir","CtxWFProfilePath","CtxInitialProgram","CtxWorkDirectory",
+                "CtxMaxConnectionTime","CtxMaxDisconnectionTime","CtxMaxIdleTime");
+        foreach($ctx as $attr){
+            if(isset($values[$attr])){
+                $this->mungedObject->ctx[$attr] = $values[$attr] ;
+            }
         }
-      }else{
-        $this->sambaAcctFlags = preg_replace("/D/"," ",$this->sambaAcctFlags,1);
-      }
+
+        if(isset($values['CtxMaxConnectionTimeF']))   $this->mungedObject->setCtxMaxConnectionTimeF($values['CtxMaxConnectionTimeF']);
+        if(isset($values['CtxMaxDisconnectionTimeF']))$this->mungedObject->setCtxMaxDisconnectionTimeF($values['CtxMaxDisconnectionTimeF']);
+        if(isset($values['CtxMaxIdleTimeF']))         $this->mungedObject->setCtxMaxIdleTimeF($values['CtxMaxIdleTimeF']);
+
+        if(isset($values['connectclientdrives']))   $this->mungedObject->setConnectClientDrives($values['connectclientdrives']);
+        if(isset($values['connectclientprinters'])) $this->mungedObject->setConnectClientPrinters($values['connectclientprinters']);
+        if(isset($values['defaultprinter']))        $this->mungedObject->setDefaultPrinter($values['defaultprinter']);
+
+        if(isset($values['shadow']))        $this->mungedObject->setShadow($values['shadow'],$values['shadow']);
+        if(isset($values['brokenconn']))    $this->mungedObject->setBrokenConn($values['brokenconn'],$values['brokenconn']);
+        if(isset($values['reconn']))        $this->mungedObject->setReConn($values['reconn'],$values['reconn']);
     }
-  }
 
 
-  function PrepareForCopyPaste($source)
-  {
-    plugin::PrepareForCopyPaste($source);
+    function PrepareForCopyPaste($source)
+    {
+        plugin::PrepareForCopyPaste($source);
 
-    /* Set a new SID */
-    $this->sambaSID = "";
+        /* Set a new SID */
+        $this->sambaSID = "";
 
-    /* Fill mungedDial field */
-    if (isset($source['sambaMungedDial'])){
-        $this->mungedObject->load($source['sambaMungedDial'][0]);
-    }
+        /* Fill mungedDial field */
+        if (isset($source['sambaMungedDial'])){
+            $this->mungedObject->load($source['sambaMungedDial'][0]);
+        }
 
-    /* Password expiery */
-    if(isset($source['sambaPwdMustChange']) &&
-            $source['sambaPwdMustChange'][0] != 0){
-        $this->password_expires= 1;
+        // Load flags from source.
+        $this->loadFlagsFromSource($source);
     }
-  }
+
 }
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
index dae34101c8e8838418b479a01d72e6c52fb86993..0390729a49ebffd239e016878ffe2a067513bd96 100644 (file)
   <td style='width:50%; ' colspan="2">
 
 
-    <table>
-        <tr>
+      <table>
+       <tr>
             <td>
                 {render acl=$enforcePasswordChangeACL checkbox=$multiple_support checked=$use_enforcePasswordChange}
-                 <input type='checkbox' value='1' name='enforcePasswordChange' 
-                  {if $enforcePasswordChange} checked {/if} id='enforcePasswordChange'>
+                 <input type='checkbox' value='1' name='flag_enforcePasswordChange'
+                  {if $flag_enforcePasswordChange} checked {/if} id='flag_enforcePasswordChange'>
                 {/render}
             </td>
             <td>
-                <label for='enforcePasswordChange'>{t}Enforce password change{/t}</label>
+                <label for='flag_enforcePasswordChange'>{t}Enforce password change{/t}</label>
             </td>
         </tr>
         <tr>
             <td>
-                {render acl=$sambaAcctFlagsXACL  checkbox=$multiple_support checked=$use_no_expiry}
-                 <input id="no_expiry" type=checkbox name="no_expiry" value="1" {$flagsX} class="center">
+                {render acl=$passwordNeverExpiresACL  checkbox=$multiple_support checked=$use_passwordNeverExpires}
+                <input type='checkbox' value='1' name="flag_passwordNeverExpires"
+                    {if $flag_passwordNeverExpires} checked {/if} id='flag_passwordNeverExpires'>
                 {/render}
             </td>
             <td>
-                <label for="no_expiry">{t}The password never expires{/t}</label>
+                <label for="flag_passwordNeverExpires">{t}The password never expires{/t}</label>
             </td>
-        </tr>            
+        </tr>
         <tr>
             <td>
-                {render acl=$sambaAcctFlagsNACL  checkbox=$multiple_support checked=$use_no_password_required}
-                 <input id="no_password_required" type=checkbox name="no_password_required" value="1" {$flagsN} class="center">
+                {render acl=$noPasswordRequiredACL  checkbox=$multiple_support checked=$use_noPasswordRequired}
+                <input type='checkbox' value='1' name="flag_noPasswordRequired"
+                    {if $flag_noPasswordRequired} checked {/if} id='flag_noPasswordRequired'>
                 {/render}
             </td>
             <td>
-                <label for="no_password_required">{t}Login from windows client requires no password{/t}</label>
+                <label for="flag_noPasswordRequired">{t}Login from windows client requires no password{/t}</label>
             </td>
-        </tr>            
+        </tr>
         <tr>
             <td>
-                {render acl=$sambaAcctFlagsLACL  checkbox=$multiple_support checked=$use_temporary_disable}
-                 <input id="temporary_disable" type=checkbox name="temporary_disable" value="1" {$flagsD} class="center">
+                {render acl=$temporaryDisabledACL  checkbox=$multiple_support checked=$use_temporaryDisabled}
+                <input type='checkbox' value='1' name="flag_temporaryDisabled"
+                    {if $flag_temporaryDisabled} checked {/if} id='flag_temporaryDisabled'>
                 {/render}
             </td>
             <td>
-                <label for="temporary_disable">{t}Lock samba account{/t}</label>
+                <label for="flag_temporaryDisabled">{t}Lock samba account{/t}</label>
             </td>
+        </tr>
         <tr>
-        </tr>            
-            <td>                                                    
+            <td>
                 {render acl=$cannotChangePasswordACL  checkbox=$multiple_support checked=$use_cannotChangePassword}
-                 <input id="cannotChangePassword" type=checkbox name="cannotChangePassword" value="1" class="center"
-                    {if $cannotChangePassword} checked {/if}>                                                    
-                {/render}                                                                                     
-            </td>                                                                                             
-            <td>                                                                                              
-                <label for="cannotChangePassword">{t}Cannot change password{/t}</label>                          
-            </td>                                                                                             
-        </tr>                                                                                                 
+                 <input type='checkbox' value='1' name='flag_cannotChangePassword'
+                    {if $flag_cannotChangePassword} checked {/if} id='flag_cannotChangePassword'>
+                {/render}
+            </td>
+            <td>
+                <label for="flag_cannotChangePassword">{t}Cannot change password{/t}</label>
+            </td>
+        </tr>
+
+
         <tr>
             <td>
             </td>