2013-03-26 20:00:39 +00:00
< ? php
/*
$Id $
This code is part of LDAP Account Manager ( http :// www . ldap - account - manager . org / )
2016-03-19 09:06:53 +00:00
Copyright ( C ) 2013 - 2016 Roland Gruber
2013-03-26 20:00:39 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
*/
/**
* Manages Windows AD ( e . g . Samba 4 ) groups .
*
* @ package modules
* @ author Roland Gruber
*/
/**
* Manages Windows AD ( e . g . Samba 4 ) groups .
*
* @ package modules
*/
class windowsGroup extends baseModule {
2015-07-11 09:50:00 +00:00
2013-03-29 09:51:24 +00:00
/** possible group types (e.g. distribution) */
private $groupTypes ;
/** possible group scopes (e.g. universal) */
private $groupScopes ;
2015-06-07 07:38:49 +00:00
/** group cache */
private $groupCache ;
2015-07-11 09:50:00 +00:00
2013-03-29 09:51:24 +00:00
/** security group */
const TYPE_SECURITY = 'security' ;
/** email list */
const TYPE_DISTRIBUTION = 'distribution' ;
/** domain local group */
const SCOPE_DOMAIN_LOCAL = 'domain' ;
/** global group */
const SCOPE_GLOBAL = 'global' ;
/** universal group */
const SCOPE_UNIVERSAL = 'universal' ;
2015-07-11 09:50:00 +00:00
2013-03-29 09:51:24 +00:00
/**
* Creates a new module for Samba 3 groups .
*
* @ param string $scope account type
*/
function __construct ( $scope ) {
$this -> groupTypes = array (
_ ( 'Security' ) => windowsGroup :: TYPE_SECURITY ,
_ ( 'Distribution' ) => windowsGroup :: TYPE_DISTRIBUTION ,
);
$this -> groupScopes = array (
_ ( 'Domain local' ) => windowsGroup :: SCOPE_DOMAIN_LOCAL ,
_ ( 'Global' ) => windowsGroup :: SCOPE_GLOBAL ,
_ ( 'Universal' ) => windowsGroup :: SCOPE_UNIVERSAL ,
);
// call parent constructor
parent :: __construct ( $scope );
}
2015-07-11 09:50:00 +00:00
2014-04-20 13:00:42 +00:00
/**
* Returns true if this module can manage accounts of the current type , otherwise false .
2015-07-11 09:50:00 +00:00
*
2014-04-20 13:00:42 +00:00
* @ return boolean true if module fits
*/
public function can_manage () {
return in_array ( $this -> get_scope (), array ( 'group' ));
}
2013-03-26 20:00:39 +00:00
/**
* Returns meta data that is interpreted by parent class
*
* @ return array array with meta data
2015-07-11 09:50:00 +00:00
*
2013-03-26 20:00:39 +00:00
* @ see baseModule :: get_metaData ()
*/
public function get_metaData () {
$return = array ();
// icon
$return [ 'icon' ] = 'samba.png' ;
// this is a base module
$return [ " is_base " ] = true ;
// RDN attribute
$return [ " RDN " ] = array ( " cn " => " high " );
// LDAP filter
2013-04-13 15:56:45 +00:00
$return [ " ldap_filter " ] = array ( 'and' => " " , 'or' => '(objectClass=group)' );
2013-03-26 20:00:39 +00:00
// alias name
$return [ " alias " ] = _ ( " Windows " );
// module dependencies
$return [ 'dependencies' ] = array ( 'depends' => array (), 'conflicts' => array ());
// managed object classes
2013-04-20 08:32:12 +00:00
$return [ 'objectClasses' ] = array ( 'group' , 'securityPrincipal' , 'mailRecipient' );
2013-03-26 20:00:39 +00:00
// managed attributes
2015-06-07 07:38:49 +00:00
$return [ 'attributes' ] = array ( 'cn' , 'description' , 'info' , 'mail' , 'member' , 'memberOf' , 'sAMAccountName' ,
'groupType' , 'managedBy' , 'msSFU30Name' , 'msSFU30NisDomain' );
2013-03-26 20:00:39 +00:00
// help Entries
$return [ 'help' ] = array (
'hiddenOptions' => array (
" Headline " => _ ( " Hidden options " ),
" Text " => _ ( " The selected options will not be managed inside LAM. You can use this to reduce the number of displayed input fields. " )
),
'cn' => array (
" Headline " => _ ( 'Group name' ), 'attr' => 'cn, sAMAccountName' ,
2013-05-10 16:20:37 +00:00
" Text " => _ ( 'Please enter the group name.' )
2013-03-26 20:00:39 +00:00
),
'description' => array (
" Headline " => _ ( 'Description' ), 'attr' => 'description' ,
2013-03-29 18:25:34 +00:00
" Text " => _ ( 'Please enter a descriptive text for this group.' )
2013-03-26 20:00:39 +00:00
),
'info' => array (
" Headline " => _ ( 'Notes' ), 'attr' => 'info' ,
" Text " => _ ( 'Additional notes to describe this entry.' )
),
'mail' => array (
" Headline " => _ ( 'Email address' ), 'attr' => 'mail' ,
" Text " => _ ( 'The list\'s email address.' )
),
'member' => array (
" Headline " => _ ( 'Members' ), 'attr' => 'member' ,
" Text " => _ ( 'This is a list of members of this group.' )
),
2015-06-07 07:38:49 +00:00
'memberOf' => array (
" Headline " => _ ( 'Member of' ), 'attr' => 'memberOf' ,
" Text " => _ ( 'This is a list of groups this group is member of.' )
),
2013-03-29 09:51:24 +00:00
'memberList' => array (
" Headline " => _ ( 'Members' ), 'attr' => 'member' ,
" Text " => _ ( 'This is a list of members of this group. Multiple members are separated by semicolons.' )
),
'groupType' => array (
" Headline " => _ ( 'Group type' ), 'attr' => 'groupType' ,
" Text " => _ ( 'Security groups are used for permission management and distribution groups as email lists.' )
),
'groupScope' => array (
" Headline " => _ ( 'Group scope' ), 'attr' => 'groupType' ,
" Text " => _ ( 'Please specify the group scope.' )
),
2013-07-21 16:27:56 +00:00
'managedBy' => array (
" Headline " => _ ( 'Managed by' ), 'attr' => 'managedBy' ,
" Text " => _ ( 'The group is managed by this contact person.' )
),
2014-02-12 19:39:51 +00:00
'msSFU30Name' => array (
" Headline " => _ ( 'NIS name' ), 'attr' => 'msSFU30Name' ,
" Text " => _ ( 'Group name for NIS.' )
),
'msSFU30NisDomain' => array (
" Headline " => _ ( 'NIS domain' ), 'attr' => 'msSFU30NisDomain' ,
" Text " => _ ( 'NIS domain name.' )
),
2013-03-26 20:00:39 +00:00
);
// configuration settings
$configContainer = new htmlTable ();
$configContainerHead = new htmlTable ();
$configContainerHead -> addElement ( new htmlOutputText ( _ ( 'Hidden options' )));
$configContainerHead -> addElement ( new htmlHelpLink ( 'hiddenOptions' ));
$configContainerOptions = new htmlTable ();
$configContainer -> addElement ( $configContainerHead , true );
$configContainerOptions -> addElement ( new htmlTableExtendedInputCheckbox ( 'windowsGroup_hidemail' , false , _ ( 'Email address' ), null , false ));
2013-04-27 17:38:01 +00:00
$configContainerOptions -> addElement ( new htmlOutputText ( ' ' ));
2013-07-21 16:27:56 +00:00
$configContainerOptions -> addElement ( new htmlTableExtendedInputCheckbox ( 'windowsGroup_hidemanagedBy' , false , _ ( 'Managed by' ), null , false ));
2014-02-12 19:39:51 +00:00
$configContainerOptions -> addElement ( new htmlTableExtendedInputCheckbox ( 'windowsGroup_hidemsSFU30Name' , true , _ ( 'NIS name' ), null , false ));
$configContainerOptions -> addElement ( new htmlTableExtendedInputCheckbox ( 'windowsGroup_hidemsSFU30NisDomain' , true , _ ( 'NIS domain' ), null , false ));
2013-03-26 20:00:39 +00:00
$configContainer -> addElement ( $configContainerOptions , true );
$return [ 'config_options' ][ 'all' ] = $configContainer ;
// upload fields
$return [ 'upload_columns' ] = array (
2013-03-29 09:51:24 +00:00
array (
'name' => 'windowsGroup_name' ,
'description' => _ ( 'Group name' ),
'help' => 'cn' ,
'example' => _ ( 'Domain administrators' ),
'required' => true
),
array (
'name' => 'windowsGroup_description' ,
'description' => _ ( 'Description' ),
'help' => 'description' ,
'example' => _ ( 'Domain administrators' ),
),
array (
'name' => 'windowsGroup_notes' ,
'description' => _ ( 'Notes' ),
'help' => 'info' ,
'example' => _ ( 'Domain administrators' ),
),
array (
'name' => 'windowsGroup_scope' ,
'description' => _ ( 'Group scope' ),
'help' => 'groupScope' ,
'values' => implode ( ', ' , array_values ( $this -> groupScopes )),
'example' => windowsGroup :: SCOPE_GLOBAL ,
'default' => windowsGroup :: SCOPE_GLOBAL ,
),
array (
'name' => 'windowsGroup_type' ,
'description' => _ ( 'Group type' ),
'help' => 'groupType' ,
'values' => implode ( ', ' , array_values ( $this -> groupTypes )),
'example' => windowsGroup :: TYPE_SECURITY ,
'default' => windowsGroup :: TYPE_SECURITY ,
),
array (
'name' => 'windowsGroup_members' ,
'description' => _ ( 'Members' ),
'help' => 'memberList' ,
'example' => 'uid=user1,o=test;uid=user2,o=test' ,
),
2013-03-26 20:00:39 +00:00
);
2013-03-29 18:25:34 +00:00
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemail' )) {
$return [ 'upload_columns' ][] = array (
'name' => 'windowsGroup_mail' ,
'description' => _ ( 'Email address' ),
'help' => 'mail' ,
'example' => _ ( 'group@company.com' ),
);
}
2013-07-21 16:27:56 +00:00
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemanagedBy' )) {
$return [ 'upload_columns' ][] = array (
'name' => 'windowsGroup_managedBy' ,
'description' => _ ( 'Managed by' ),
'help' => 'managedBy' ,
'example' => 'cn=user1,o=test' ,
);
}
2014-02-12 19:39:51 +00:00
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30Name' , true )) {
$return [ 'upload_columns' ][] = array (
'name' => 'windowsGroup_msSFU30Name' ,
'description' => _ ( 'NIS name' ),
'help' => 'msSFU30Name' ,
'example' => _ ( 'adminstrators' ),
);
}
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30NisDomain' , true )) {
$return [ 'upload_columns' ][] = array (
'name' => 'windowsGroup_msSFU30NisDomain' ,
'description' => _ ( 'NIS domain' ),
'help' => 'msSFU30NisDomain' ,
'example' => _ ( 'domain' ),
);
}
// profile options
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30NisDomain' , true )) {
$profileContainer = new htmlTable ();
$profileContainer -> addElement ( new htmlTableExtendedInputField ( _ ( 'NIS domain' ), 'windowsGroup_msSFU30NisDomain' , null , 'msSFU30NisDomain' ), true );
$return [ 'profile_options' ] = $profileContainer ;
$return [ 'profile_mappings' ][ 'windowsGroup_msSFU30NisDomain' ] = 'msSFU30NisDomain' ;
}
2013-03-26 20:00:39 +00:00
// available PDF fields
$return [ 'PDF_fields' ] = array (
'cn' => _ ( 'Group name' ),
'description' => _ ( 'Description' ),
'info' => _ ( 'Notes' ),
'member' => _ ( 'Members' ),
2015-06-07 07:43:25 +00:00
'memberOf' => _ ( 'Member of' ),
2013-03-29 09:51:24 +00:00
'groupType' => _ ( 'Group type' ),
'groupScope' => _ ( 'Group scope' ),
2013-03-26 20:00:39 +00:00
);
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemail' )) {
$return [ 'PDF_fields' ][ 'mail' ] = _ ( 'Email address' );
}
2013-07-21 16:27:56 +00:00
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemanagedBy' )) {
$return [ 'PDF_fields' ][ 'managedBy' ] = _ ( 'Managed by' );
}
2014-02-12 19:39:51 +00:00
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30Name' , true )) {
$return [ 'PDF_fields' ][ 'msSFU30Name' ] = _ ( 'NIS name' );
}
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30NisDomain' , true )) {
$return [ 'PDF_fields' ][ 'msSFU30NisDomain' ] = _ ( 'NIS domain' );
}
2013-03-26 20:00:39 +00:00
return $return ;
}
/**
* This function fills the $messages variable with output messages from this module .
*/
public function load_Messages () {
$this -> messages [ 'cn' ][ 0 ] = array ( 'ERROR' , _ ( 'Group name' ), _ ( 'Group name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !' ));
$this -> messages [ 'cn' ][ 1 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' windowsGroup_cn' , _ ( 'Group name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !' ));
$this -> messages [ 'mail' ][ 0 ] = array ( 'ERROR' , _ ( 'Email address' ), _ ( 'Please enter a valid email address!' ));
$this -> messages [ 'mail' ][ 1 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' windowsGroup_mail' , _ ( 'Please enter a valid email address!' ));
2013-03-29 09:51:24 +00:00
$this -> messages [ 'groupScope' ][ 0 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' windowsGroup_groupScope' , _ ( 'Please enter a valid group scope.' ));
$this -> messages [ 'groupType' ][ 0 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' windowsGroup_groupType' , _ ( 'Please enter a valid group type.' ));
2014-02-12 19:39:51 +00:00
$this -> messages [ 'msSFU30Name' ][ 0 ] = array ( 'ERROR' , _ ( 'NIS name' ), _ ( 'NIS name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !' ));
$this -> messages [ 'msSFU30Name' ][ 1 ] = array ( 'ERROR' , _ ( 'Account %s:' ) . ' windowsGroup_msSFU30Name' , _ ( 'NIS name contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and .-_ !' ));
2013-03-26 20:00:39 +00:00
}
/**
* Returns the HTML meta data for the main account page .
2015-07-11 09:50:00 +00:00
*
2013-03-26 20:00:39 +00:00
* @ return htmlElement HTML meta data
*/
public function display_html_attributes () {
$container = new htmlTable ();
$this -> addSimpleInputTextField ( $container , 'cn' , _ ( 'Group name' ), true );
$this -> addSimpleInputTextField ( $container , 'description' , _ ( 'Description' ), false );
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemail' )) {
$this -> addSimpleInputTextField ( $container , 'mail' , _ ( 'Email address' ), false );
}
2013-03-29 09:51:24 +00:00
// group type
$groupType = windowsGroup :: TYPE_SECURITY ;
$groupScope = windowsGroup :: SCOPE_GLOBAL ;
if ( isset ( $this -> attributes [ 'groupType' ][ 0 ])) {
if ( $this -> attributes [ 'groupType' ][ 0 ] & 2 ) {
$groupScope = windowsGroup :: SCOPE_GLOBAL ;
}
elseif ( $this -> attributes [ 'groupType' ][ 0 ] & 4 ) {
$groupScope = windowsGroup :: SCOPE_DOMAIN_LOCAL ;
}
elseif ( $this -> attributes [ 'groupType' ][ 0 ] & 8 ) {
$groupScope = windowsGroup :: SCOPE_UNIVERSAL ;
}
if ( $this -> attributes [ 'groupType' ][ 0 ] & 0x80000000 ) {
$groupType = windowsGroup :: TYPE_SECURITY ;
}
else {
$groupType = windowsGroup :: TYPE_DISTRIBUTION ;
}
}
$scopeList = $this -> groupScopes ;
// do not allow invalid conversions
if ( isset ( $this -> orig [ 'groupType' ][ 0 ])) {
$flippedScopes = array_flip ( $this -> groupScopes );
if ( $this -> orig [ 'groupType' ][ 0 ] & 2 ) {
// no change from global to domain local
unset ( $scopeList [ $flippedScopes [ windowsGroup :: SCOPE_DOMAIN_LOCAL ]]);
}
elseif ( $this -> orig [ 'groupType' ][ 0 ] & 4 ) {
// no change from domain local to global
unset ( $scopeList [ $flippedScopes [ windowsGroup :: SCOPE_GLOBAL ]]);
}
}
$groupScopeSelect = new htmlTableExtendedSelect ( 'groupScope' , $scopeList , array ( $groupScope ), _ ( 'Group scope' ), 'groupScope' );
$groupScopeSelect -> setHasDescriptiveElements ( true );
$container -> addElement ( $groupScopeSelect , true );
$groupTypeSelect = new htmlTableExtendedSelect ( 'groupType' , $this -> groupTypes , array ( $groupType ), _ ( 'Group type' ), 'groupType' );
$groupTypeSelect -> setHasDescriptiveElements ( true );
$container -> addElement ( $groupTypeSelect , true );
// notes
$info = '' ;
if ( isset ( $this -> attributes [ 'info' ][ 0 ])) {
$info = $this -> attributes [ 'info' ][ 0 ];
}
$container -> addElement ( new htmlTableExtendedInputTextarea ( 'info' , $info , 30 , 5 , _ ( 'Notes' ), 'info' ), true );
2013-07-21 16:27:56 +00:00
// managed by
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemanagedBy' )) {
$container -> addElement ( new htmlOutputText ( _ ( 'Managed by' )));
$managedBy = '-' ;
if ( isset ( $this -> attributes [ 'managedBy' ][ 0 ])) {
$managedBy = $this -> attributes [ 'managedBy' ][ 0 ];
}
$container -> addElement ( new htmlOutputText ( getAbstractDN ( $managedBy )));
$container -> addElement ( new htmlHelpLink ( 'managedBy' ), true );
$container -> addElement ( new htmlOutputText ( '' ));
$managedByButtons = new htmlGroup ();
$managedByButtons -> addElement ( new htmlAccountPageButton ( get_class ( $this ), 'managedBy' , 'edit' , _ ( 'Change' )));
if ( isset ( $this -> attributes [ 'managedBy' ][ 0 ])) {
$managedByButtons -> addElement ( new htmlSpacer ( '5px' , null ));
$managedByButtons -> addElement ( new htmlAccountPageButton ( get_class ( $this ), 'attributes' , 'removeManagedBy' , _ ( 'Remove' )));
}
$container -> addElement ( $managedByButtons , true );
}
2014-02-12 19:39:51 +00:00
// NIS
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30Name' , true ) || ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30NisDomain' , true )) {
$container -> addElement ( new htmlSubTitle ( _ ( 'NIS' )), true );
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30Name' , true )) {
$this -> addSimpleInputTextField ( $container , 'msSFU30Name' , _ ( 'NIS name' ));
}
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30NisDomain' , true )) {
$this -> addSimpleInputTextField ( $container , 'msSFU30NisDomain' , _ ( 'NIS domain' ));
}
$container -> addVerticalSpace ( '20px' );
}
2013-03-26 20:00:39 +00:00
// group members
$container -> addElement ( new htmlSpacer ( null , '10px' ), true );
$container -> addElement ( new htmlOutputText ( _ ( " Group members " )));
2016-07-13 20:05:03 +00:00
$memberButtons = new htmlGroup ();
$memberButtons -> addElement ( new htmlAccountPageButton ( get_class ( $this ), 'user' , 'open' , _ ( 'Edit' )));
if ( ! empty ( $this -> attributes [ 'member' ])) {
$memberButtons -> addElement ( new htmlSpacer ( '10px' , null ));
$memberButtons -> addElement ( new htmlAccountPageButton ( get_class ( $this ), 'effectiveMembers' , 'open' , _ ( 'Show effective members' )));
}
$container -> addElement ( $memberButtons );
2013-03-26 20:00:39 +00:00
$container -> addElement ( new htmlHelpLink ( 'member' ), true );
$memberList = array ();
if ( isset ( $this -> attributes [ 'member' ])) {
for ( $i = 0 ; $i < sizeof ( $this -> attributes [ 'member' ]); $i ++ ) {
$memberList [] = $this -> attributes [ 'member' ][ $i ];
}
usort ( $memberList , 'compareDN' );
}
$members = new htmlTable ();
$members -> alignment = htmlElement :: ALIGN_RIGHT ;
$members -> colspan = 3 ;
for ( $i = 0 ; $i < sizeof ( $memberList ); $i ++ ) {
$member = new htmlOutputText ( getAbstractDN ( $memberList [ $i ]));
$member -> alignment = htmlElement :: ALIGN_RIGHT ;
$members -> addElement ( $member , true );
}
$container -> addElement ( new htmlOutputText ( '' ));
$container -> addElement ( $members , true );
2015-06-07 07:38:49 +00:00
// member of
$container -> addVerticalSpace ( '10px' );
$container -> addElement ( new htmlOutputText ( _ ( " Member of " )));
2016-07-13 20:05:03 +00:00
$container -> addElement ( new htmlAccountPageButton ( get_class ( $this ), 'memberof' , 'open' , _ ( 'Edit' )));
2015-06-07 07:38:49 +00:00
$container -> addElement ( new htmlHelpLink ( 'memberOf' ), true );
$memberList = array ();
if ( isset ( $this -> attributes [ 'memberOf' ])) {
for ( $i = 0 ; $i < sizeof ( $this -> attributes [ 'memberOf' ]); $i ++ ) {
$memberList [] = $this -> attributes [ 'memberOf' ][ $i ];
}
usort ( $memberList , 'compareDN' );
}
$memberOf = new htmlTable ();
$memberOf -> alignment = htmlElement :: ALIGN_RIGHT ;
$memberOf -> colspan = 3 ;
for ( $i = 0 ; $i < sizeof ( $memberList ); $i ++ ) {
$member = new htmlOutputText ( getAbstractDN ( $memberList [ $i ]));
$member -> alignment = htmlElement :: ALIGN_RIGHT ;
$memberOf -> addElement ( $member , true );
}
$container -> addElement ( new htmlOutputText ( '' ));
$container -> addElement ( $memberOf , true );
2015-07-11 09:50:00 +00:00
2013-03-29 09:51:24 +00:00
$container -> addElement ( new htmlEqualWidth ( array ( 'groupType' , 'groupScope' )));
2013-03-26 20:00:39 +00:00
return $container ;
}
/**
* Processes user input of the primary module page .
* It checks if all input values are correct and updates the associated LDAP attributes .
*
* @ return array list of info / error messages
*/
public function process_attributes () {
$return = array ();
// cn
$this -> attributes [ 'cn' ][ 0 ] = $_POST [ 'cn' ];
$this -> attributes [ 'sAMAccountName' ][ 0 ] = $_POST [ 'cn' ];
if ( ! get_preg ( $_POST [ 'cn' ], 'groupname' )) {
$return [] = $this -> messages [ 'cn' ][ 0 ];
}
// description
$this -> attributes [ 'description' ][ 0 ] = $_POST [ 'description' ];
// email
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemail' )) {
$this -> attributes [ 'mail' ][ 0 ] = $_POST [ 'mail' ];
if ( ! empty ( $_POST [ 'mail' ]) && ! get_preg ( $_POST [ 'mail' ], 'email' )) {
$return [] = $this -> messages [ 'mail' ][ 0 ];
}
}
2013-03-29 09:51:24 +00:00
// group scope
switch ( $_POST [ 'groupScope' ]) {
case windowsGroup :: SCOPE_DOMAIN_LOCAL :
$this -> attributes [ 'groupType' ][ 0 ] = 4 ;
break ;
case windowsGroup :: SCOPE_GLOBAL :
$this -> attributes [ 'groupType' ][ 0 ] = 2 ;
break ;
case windowsGroup :: SCOPE_UNIVERSAL :
$this -> attributes [ 'groupType' ][ 0 ] = 8 ;
break ;
}
// group type
if ( $_POST [ 'groupType' ] == windowsGroup :: TYPE_SECURITY ) {
$this -> attributes [ 'groupType' ][ 0 ] = $this -> attributes [ 'groupType' ][ 0 ] - 2147483648 ;
}
// notes
$this -> attributes [ 'info' ][ 0 ] = $_POST [ 'info' ];
2013-07-21 16:27:56 +00:00
// managed by
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemanagedBy' )) {
if ( isset ( $_POST [ 'form_subpage_' . get_class ( $this ) . '_attributes_removeManagedBy' ])) {
unset ( $this -> attributes [ 'managedBy' ]);
}
}
2014-02-12 19:39:51 +00:00
// NIS name
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30Name' , true )) {
if ( $this -> getAccountContainer () -> isNewAccount && ! isset ( $this -> attributes [ 'msSFU30Name' ]) && empty ( $_POST [ 'msSFU30Name' ])) {
$this -> attributes [ 'msSFU30Name' ][ 0 ] = $_POST [ 'cn' ];
}
else {
$this -> attributes [ 'msSFU30Name' ][ 0 ] = $_POST [ 'msSFU30Name' ];
}
if ( ! empty ( $this -> attributes [ 'msSFU30Name' ][ 0 ]) && ! get_preg ( $this -> attributes [ 'msSFU30Name' ][ 0 ], 'groupname' )) {
$return [] = $this -> messages [ 'msSFU30Name' ][ 0 ];
}
}
// NIS domain
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30Name' , true )) {
$this -> attributes [ 'msSFU30NisDomain' ][ 0 ] = $_POST [ 'msSFU30NisDomain' ];
}
2013-03-26 20:00:39 +00:00
return $return ;
}
2015-07-11 09:50:00 +00:00
2015-06-07 07:38:49 +00:00
/**
* Displays the memberof selection .
*
* @ return htmlElement meta HTML code
*/
function display_html_memberof () {
$return = new htmlTable ();
$groups = $this -> findGroups ();
// sort by DN
usort ( $groups , 'compareDN' );
$groupContainer = new htmlTable ();
$groupContainer -> alignment = htmlElement :: ALIGN_TOP ;
$groupContainer -> addElement ( new htmlSubTitle ( _ ( " Groups " )), true );
$groupContainer -> addElement ( new htmlOutputText ( _ ( " Selected groups " )));
$groupContainer -> addElement ( new htmlOutputText ( '' ));
$groupContainer -> addElement ( new htmlOutputText ( _ ( " Available groups " )));
$groupContainer -> addNewLine ();
2015-07-11 09:50:00 +00:00
2015-06-07 07:38:49 +00:00
$selectedGroups = array ();
if ( empty ( $this -> attributes [ 'memberOf' ])) {
$this -> attributes [ 'memberOf' ] = array ();
}
// sort by DN
usort ( $this -> attributes [ 'memberOf' ], 'compareDN' );
for ( $i = 0 ; $i < sizeof ( $this -> attributes [ 'memberOf' ]); $i ++ ) {
if ( in_array ( $this -> attributes [ 'memberOf' ][ $i ], $groups )) {
$selectedGroups [ getAbstractDN ( $this -> attributes [ 'memberOf' ][ $i ])] = $this -> attributes [ 'memberOf' ][ $i ];
}
}
$availableGroups = array ();
foreach ( $groups as $dn ) {
if ( ! in_array ( $dn , $this -> attributes [ 'memberOf' ])) {
$availableGroups [ getAbstractDN ( $dn )] = $dn ;
}
}
2015-07-11 09:50:00 +00:00
2015-06-07 07:38:49 +00:00
$remGroupSelect = new htmlSelect ( 'removegroups' , $selectedGroups , null , 15 );
$remGroupSelect -> setMultiSelect ( true );
$remGroupSelect -> setTransformSingleSelect ( false );
$remGroupSelect -> setHasDescriptiveElements ( true );
$remGroupSelect -> setRightToLeftTextDirection ( true );
$remGroupSelect -> setSortElements ( false );
$groupContainer -> addElement ( $remGroupSelect );
$buttonGroupContainer = new htmlTable ();
$buttonGroupContainer -> addElement ( new htmlButton ( 'addgroups_button' , 'back.gif' , true ), true );
$buttonGroupContainer -> addElement ( new htmlButton ( 'removegroups_button' , 'forward.gif' , true ), true );
$groupContainer -> addElement ( $buttonGroupContainer );
$addGroupSelect = new htmlSelect ( 'addgroups' , $availableGroups , null , 15 );
$addGroupSelect -> setMultiSelect ( true );
$addGroupSelect -> setHasDescriptiveElements ( true );
$addGroupSelect -> setTransformSingleSelect ( false );
$addGroupSelect -> setRightToLeftTextDirection ( true );
$addGroupSelect -> setSortElements ( false );
$groupContainer -> addElement ( $addGroupSelect );
$groupContainer -> addNewLine ();
$return -> addElement ( $groupContainer );
$return -> addNewLine ();
$backGroup = new htmlGroup ();
$backGroup -> colspan = 10 ;
$backGroup -> addElement ( new htmlSpacer ( null , '10px' ), true );
$backButton = new htmlAccountPageButton ( get_class ( $this ), 'attributes' , 'back' , _ ( 'Back' ));
$backGroup -> addElement ( $backButton );
$return -> addElement ( $backGroup );
return $return ;
}
/**
* Processes user input of the memberof selection page .
* It checks if all input values are correct and updates the associated LDAP attributes .
*
* @ return array list of info / error messages
*/
function process_memberof () {
if ( isset ( $_POST [ 'addgroups' ]) && isset ( $_POST [ 'addgroups_button' ])) { // Add groups to list
// add new group
$this -> attributes [ 'memberOf' ] = @ array_merge ( $this -> attributes [ 'memberOf' ], $_POST [ 'addgroups' ]);
}
elseif ( isset ( $_POST [ 'removegroups' ]) && isset ( $_POST [ 'removegroups_button' ])) { // remove groups from list
$this -> attributes [ 'memberOf' ] = array_delete ( $_POST [ 'removegroups' ], $this -> attributes [ 'memberOf' ]);
}
return array ();
}
2013-07-21 16:27:56 +00:00
/**
* This function will create the meta HTML code to show a page to change the member attribute .
2015-07-11 09:50:00 +00:00
*
2013-07-21 16:27:56 +00:00
* @ return htmlElement HTML meta data
*/
function display_html_managedBy () {
$return = new htmlTable ();
// show possible managers
$options = array ();
$filter = get_ldap_filter ( 'user' );
$entries = searchLDAPByFilter ( $filter , array ( 'dn' ), array ( 'user' ));
for ( $i = 0 ; $i < sizeof ( $entries ); $i ++ ) {
$entries [ $i ] = $entries [ $i ][ 'dn' ];
}
// sort by DN
usort ( $entries , 'compareDN' );
for ( $i = 0 ; $i < sizeof ( $entries ); $i ++ ) {
$options [ getAbstractDN ( $entries [ $i ])] = $entries [ $i ];
}
$selected = array ();
if ( isset ( $this -> attributes [ 'managedBy' ][ 0 ])) {
$selected = array ( $this -> attributes [ 'managedBy' ][ 0 ]);
if ( ! in_array ( $selected [ 0 ], $options )) {
$options [ getAbstractDN ( $selected [ 0 ])] = $selected [ 0 ];
}
}
$membersSelect = new htmlSelect ( 'managedBy' , $options , $selected );
$membersSelect -> setHasDescriptiveElements ( true );
$membersSelect -> setRightToLeftTextDirection ( true );
$membersSelect -> setSortElements ( false );
$membersSelect -> setTransformSingleSelect ( false );
$return -> addElement ( $membersSelect , true );
$buttonTable = new htmlTable ();
$buttonTable -> addElement ( new htmlAccountPageButton ( get_class ( $this ), 'attributes' , 'set' , _ ( 'Change' )));
$buttonTable -> addElement ( new htmlAccountPageButton ( get_class ( $this ), 'attributes' , 'cancel' , _ ( 'Cancel' )));
$return -> addElement ( $buttonTable );
return $return ;
}
2015-07-11 09:50:00 +00:00
2013-07-21 16:27:56 +00:00
/**
* Processes user input of the members page .
* It checks if all input values are correct and updates the associated LDAP attributes .
*
* @ return array list of info / error messages
*/
function process_managedBy () {
$return = array ();
if ( isset ( $_POST [ 'form_subpage_' . get_class ( $this ) . '_attributes_set' ])) {
$this -> attributes [ 'managedBy' ][] = $_POST [ 'managedBy' ];
}
return $return ;
}
2013-03-26 20:00:39 +00:00
/**
* This function will create the meta HTML code to show a page to change the member attribute .
2015-07-11 09:50:00 +00:00
*
2013-03-26 20:00:39 +00:00
* @ return htmlElement HTML meta data
*/
function display_html_user () {
$return = new htmlTable ();
// show list of possible new members
if ( isset ( $_POST [ 'form_subpage_' . get_class ( $this ) . '_user_select' ]) && isset ( $_POST [ 'type' ])) {
2015-06-03 18:32:48 +00:00
$filterGroup = new htmlGroup ();
$filterGroup -> addElement ( new htmlOutputText ( _ ( 'Filter' ) . ' ' ));
$filter = new htmlInputField ( 'windows_filter' );
$filter -> setFieldSize ( '5em' );
2016-03-19 09:06:53 +00:00
$filter -> filterSelectBox ( 'members' );
2015-06-03 18:32:48 +00:00
$filterGroup -> addElement ( $filter );
$return -> addElement ( $filterGroup , true );
2015-07-11 09:50:00 +00:00
2013-03-26 20:00:39 +00:00
$options = array ();
$filter = get_ldap_filter ( $_POST [ 'type' ]);
$entries = searchLDAPByFilter ( $filter , array ( 'dn' ), array ( $_POST [ 'type' ]));
for ( $i = 0 ; $i < sizeof ( $entries ); $i ++ ) {
$entries [ $i ] = $entries [ $i ][ 'dn' ];
}
// sort by DN
usort ( $entries , 'compareDN' );
for ( $i = 0 ; $i < sizeof ( $entries ); $i ++ ) {
if ( ! isset ( $this -> attributes [ 'member' ]) || ! in_array ( $entries [ $i ], $this -> attributes [ 'member' ])) {
$options [ getAbstractDN ( $entries [ $i ])] = $entries [ $i ];
}
}
$size = 20 ;
if ( sizeof ( $options ) < 20 ) $size = sizeof ( $options );
$membersSelect = new htmlSelect ( 'members' , $options , array (), $size );
$membersSelect -> setHasDescriptiveElements ( true );
$membersSelect -> setMultiSelect ( true );
$membersSelect -> setRightToLeftTextDirection ( true );
$membersSelect -> setSortElements ( false );
$membersSelect -> setTransformSingleSelect ( false );
$return -> addElement ( $membersSelect , true );
2015-06-03 18:32:48 +00:00
$return -> addVerticalSpace ( '10px' );
2013-03-26 20:00:39 +00:00
$buttonTable = new htmlTable ();
$buttonTable -> addElement ( new htmlAccountPageButton ( get_class ( $this ), 'user' , 'addMembers' , _ ( 'Add' )));
$buttonTable -> addElement ( new htmlAccountPageButton ( get_class ( $this ), 'user' , 'cancel' , _ ( 'Cancel' )));
$return -> addElement ( $buttonTable );
return $return ;
}
// show existing members
$membersTemp = array ();
if ( isset ( $this -> attributes [ 'member' ])) {
$membersTemp = $this -> attributes [ 'member' ];
}
// sort by DN
usort ( $membersTemp , 'compareDN' );
$members = array ();
for ( $i = 0 ; $i < sizeof ( $membersTemp ); $i ++ ) {
$members [ getAbstractDN ( $membersTemp [ $i ])] = $membersTemp [ $i ];
}
$size = 20 ;
if ( isset ( $this -> attributes [ 'member' ]) && ( sizeof ( $this -> attributes [ 'member' ]) < 20 )) {
$size = sizeof ( $this -> attributes [ 'member' ]);
}
if ( sizeof ( $members ) > 0 ) {
$membersSelect = new htmlSelect ( 'members' , $members , array (), $size );
$membersSelect -> setHasDescriptiveElements ( true );
$membersSelect -> setMultiSelect ( true );
$membersSelect -> setRightToLeftTextDirection ( true );
$membersSelect -> setSortElements ( false );
$membersSelect -> setTransformSingleSelect ( false );
$return -> addElement ( $membersSelect , true );
$removeButton = new htmlAccountPageButton ( get_class ( $this ), 'user' , 'remove' , _ ( 'Remove selected entries' ));
$removeButton -> colspan = 3 ;
$return -> addElement ( $removeButton , true );
$return -> addElement ( new htmlOutputText ( ' ' , false ), true );
}
$types = $_SESSION [ 'config' ] -> get_ActiveTypes ();
$options = array ();
$optionsSelected = array ();
for ( $i = 0 ; $i < sizeof ( $types ); $i ++ ) {
$options [ getTypeAlias ( $types [ $i ])] = $types [ $i ];
if ( $types [ $i ] == 'user' ) {
$optionsSelected [] = $types [ $i ];
}
}
$typeTable = new htmlTable ();
$typeTable -> addElement ( new htmlOutputText ( _ ( 'Add entries of this type:' ) . ' ' ));
$typeSelect = new htmlSelect ( 'type' , $options , $optionsSelected );
$typeSelect -> setHasDescriptiveElements ( true );
$typeTable -> addElement ( $typeSelect );
$typeTable -> addElement ( new htmlAccountPageButton ( get_class ( $this ), 'user' , 'select' , _ ( 'Ok' )));
$return -> addElement ( $typeTable , true );
$return -> addElement ( new htmlOutputText ( ' ' , false ), true );
$return -> addElement ( new htmlAccountPageButton ( get_class ( $this ), 'attributes' , 'membersBack' , _ ( 'Back' )));
return $return ;
}
2015-07-11 09:50:00 +00:00
2013-03-26 20:00:39 +00:00
/**
* Processes user input of the members page .
* It checks if all input values are correct and updates the associated LDAP attributes .
*
* @ return array list of info / error messages
*/
function process_user () {
$return = array ();
if ( isset ( $_POST [ 'form_subpage_' . get_class ( $this ) . '_user_remove' ]) && isset ( $_POST [ 'members' ])) {
$members = array_flip ( $this -> attributes [ 'member' ]);
for ( $i = 0 ; $i < sizeof ( $_POST [ 'members' ]); $i ++ ) {
if ( isset ( $members [ $_POST [ 'members' ][ $i ]])) {
unset ( $members [ $_POST [ 'members' ][ $i ]]);
}
}
$this -> attributes [ 'member' ] = array_values ( array_flip ( $members ));
}
elseif ( isset ( $_POST [ 'form_subpage_' . get_class ( $this ) . '_user_addMembers' ]) && isset ( $_POST [ 'members' ])) {
for ( $i = 0 ; $i < sizeof ( $_POST [ 'members' ]); $i ++ ) {
$this -> attributes [ 'member' ][] = $_POST [ 'members' ][ $i ];
$this -> attributes [ 'member' ] = array_unique ( $this -> attributes [ 'member' ]);
}
}
// check input
if ( ! isset ( $_POST [ 'form_subpage_' . get_class ( $this ) . '_user_select' ])) {
if ( ! $this -> isBooleanConfigOptionSet ( 'groupOfNames_membersOptional' )) {
if ( ! isset ( $this -> attributes [ 'member' ]) || ( sizeof ( $this -> attributes [ 'member' ]) < 1 )) {
$return [] = $this -> messages [ 'member' ][ 0 ];
}
}
}
return $return ;
}
2016-07-13 20:05:03 +00:00
/**
* This function will create the meta HTML code to show a page to list effective members .
*
* @ return htmlElement HTML meta data
*/
function display_html_effectiveMembers () {
$return = new htmlTable ();
$effectiveMembers = $this -> getEffectiveMembers ();
$entryTable = new htmlTable ();
// sort by DN, align right
usort ( $effectiveMembers , 'compareDN' );
$entryTable -> alignment = htmlElement :: ALIGN_RIGHT ;
foreach ( $effectiveMembers as $member ) {
$entry = new htmlOutputText ( getAbstractDN ( $member ));
$entry -> alignment = htmlElement :: ALIGN_RIGHT ;
$entryTable -> addElement ( $entry , true );
}
$return -> addElement ( $entryTable , true );
$return -> addVerticalSpace ( '10px' );
$return -> addElement ( new htmlAccountPageButton ( get_class ( $this ), 'attributes' , 'membersEffectiveBack' , _ ( 'Back' )));
return $return ;
}
/**
* Processes user input of the effective members page .
*
* @ return array list of info / error messages
*/
function process_effectiveMembers () {
// no processing, page is read-only
return array ();
}
2013-03-26 20:00:39 +00:00
/**
* In this function the LDAP account is built up .
*
* @ param array $rawAccounts list of hash arrays ( name => value ) from user input
* @ param array $ids list of IDs for column position ( e . g . " posixAccount_uid " => 5 )
* @ param array $partialAccounts list of hash arrays ( name => value ) which are later added to LDAP
* @ param array $selectedModules list of selected account modules
* @ return array list of error messages if any
*/
public function build_uploadAccounts ( $rawAccounts , $ids , & $partialAccounts , $selectedModules ) {
2013-03-29 09:51:24 +00:00
$errors = array ();
2013-03-26 20:00:39 +00:00
for ( $i = 0 ; $i < sizeof ( $rawAccounts ); $i ++ ) {
// add object class
if ( ! in_array ( 'group' , $partialAccounts [ $i ][ 'objectClass' ])) $partialAccounts [ $i ][ 'objectClass' ][] = 'group' ;
2013-03-29 09:51:24 +00:00
// cn + sAMAccountName
if ( $rawAccounts [ $i ][ $ids [ 'windowsGroup_name' ]] != " " ) {
if ( get_preg ( $rawAccounts [ $i ][ $ids [ 'windowsGroup_name' ]], 'groupname' )) {
$partialAccounts [ $i ][ 'cn' ] = $rawAccounts [ $i ][ $ids [ 'windowsGroup_name' ]];
$partialAccounts [ $i ][ 'sAMAccountName' ] = $rawAccounts [ $i ][ $ids [ 'windowsGroup_name' ]];
}
else {
$errMsg = $this -> messages [ 'cn' ][ 1 ];
array_push ( $errMsg , array ( $i ));
$errors [] = $errMsg ;
}
}
// description
2014-04-18 18:29:51 +00:00
$this -> mapSimpleUploadField ( $rawAccounts , $ids , $partialAccounts , $i , 'windowsGroup_description' , 'description' );
2013-03-29 09:51:24 +00:00
// notes
2014-04-18 18:29:51 +00:00
$this -> mapSimpleUploadField ( $rawAccounts , $ids , $partialAccounts , $i , 'windowsGroup_notes' , 'info' );
2013-03-29 09:51:24 +00:00
// email
2014-04-18 18:29:51 +00:00
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemail' )) {
$this -> mapSimpleUploadField ( $rawAccounts , $ids , $partialAccounts , $i , 'windowsGroup_mail' , 'mail' ,
'email' , $this -> messages [ 'mail' ][ 1 ], $errors );
2013-03-29 09:51:24 +00:00
}
2013-07-21 16:27:56 +00:00
// managed by
2014-04-18 18:29:51 +00:00
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemanagedBy' )) {
$this -> mapSimpleUploadField ( $rawAccounts , $ids , $partialAccounts , $i , 'windowsGroup_managedBy' , 'managedBy' );
2013-07-21 16:27:56 +00:00
}
2013-03-29 09:51:24 +00:00
// add members
if ( $rawAccounts [ $i ][ $ids [ 'windowsGroup_members' ]] != " " ) {
$partialAccounts [ $i ][ 'member' ] = explode ( " ; " , $rawAccounts [ $i ][ $ids [ 'windowsGroup_members' ]]);
}
// group scope
if ( $rawAccounts [ $i ][ $ids [ 'windowsGroup_scope' ]] != " " ) {
if ( in_array ( $rawAccounts [ $i ][ $ids [ 'windowsGroup_scope' ]], $this -> groupScopes )) {
switch ( $rawAccounts [ $i ][ $ids [ 'windowsGroup_scope' ]]) {
case windowsGroup :: SCOPE_DOMAIN_LOCAL :
$partialAccounts [ $i ][ 'groupType' ] = 4 ;
break ;
case windowsGroup :: SCOPE_GLOBAL :
$partialAccounts [ $i ][ 'groupType' ] = 2 ;
break ;
case windowsGroup :: SCOPE_UNIVERSAL :
$partialAccounts [ $i ][ 'groupType' ] = 8 ;
break ;
}
}
else {
$errMsg = $this -> messages [ 'groupScope' ][ 0 ];
array_push ( $errMsg , array ( $i ));
$errors [] = $errMsg ;
}
}
else {
$partialAccounts [ $i ][ 'groupType' ] = 2 ;
}
// group type
if ( $rawAccounts [ $i ][ $ids [ 'windowsGroup_type' ]] != " " ) {
if ( in_array ( $rawAccounts [ $i ][ $ids [ 'windowsGroup_type' ]], $this -> groupTypes )) {
if ( $rawAccounts [ $i ][ $ids [ 'windowsGroup_type' ]] == windowsGroup :: TYPE_SECURITY ) {
$partialAccounts [ $i ][ 'groupType' ] = $partialAccounts [ $i ][ 'groupType' ] - 2147483648 ;
}
}
else {
$errMsg = $this -> messages [ 'groupType' ][ 0 ];
array_push ( $errMsg , array ( $i ));
$errors [] = $errMsg ;
}
}
else {
$partialAccounts [ $i ][ 'groupType' ] = $partialAccounts [ $i ][ 'groupType' ] - 2147483648 ;
}
2014-02-12 19:39:51 +00:00
// NIS name
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30Name' , true )) {
2014-04-18 18:29:51 +00:00
$this -> mapSimpleUploadField ( $rawAccounts , $ids , $partialAccounts , $i , 'windowsGroup_msSFU30Name' , 'msSFU30Name' ,
'groupname' , $this -> messages [ 'msSFU30Name' ][ 1 ], $errors );
2014-02-12 19:39:51 +00:00
}
// NIS domain
if ( ! $this -> isBooleanConfigOptionSet ( 'windowsGroup_hidemsSFU30NisDomain' , true )) {
2014-04-18 18:29:51 +00:00
$this -> mapSimpleUploadField ( $rawAccounts , $ids , $partialAccounts , $i , 'windowsGroup_msSFU30NisDomain' , 'msSFU30NisDomain' );
2014-02-12 19:39:51 +00:00
}
2013-03-26 20:00:39 +00:00
}
2013-03-29 09:51:24 +00:00
return $errors ;
2013-03-26 20:00:39 +00:00
}
2015-07-11 09:50:00 +00:00
2013-03-26 20:00:39 +00:00
/**
2015-01-07 17:16:35 +00:00
* Returns a list of possible PDF entries for this account .
*
* @ param array $pdfKeys list of PDF keys that are included in document
* @ return list of PDF entries ( array ( < PDF key > => < PDF lines > ))
*/
public function get_pdfEntries ( $pdfKeys ) {
2013-03-26 20:00:39 +00:00
$return = array ();
$this -> addSimplePDFField ( $return , 'cn' , _ ( 'Group name' ));
$this -> addSimplePDFField ( $return , 'description' , _ ( 'Description' ));
$this -> addSimplePDFField ( $return , 'info' , _ ( 'Notes' ));
$this -> addSimplePDFField ( $return , 'mail' , _ ( 'Email address' ));
2014-02-12 19:39:51 +00:00
$this -> addSimplePDFField ( $return , 'msSFU30Name' , _ ( 'NIS name' ));
$this -> addSimplePDFField ( $return , 'msSFU30NisDomain' , _ ( 'NIS domain' ));
2013-03-29 09:51:24 +00:00
// group type
$groupType = windowsGroup :: TYPE_SECURITY ;
$groupScope = windowsGroup :: SCOPE_GLOBAL ;
if ( isset ( $this -> attributes [ 'groupType' ][ 0 ])) {
if ( $this -> attributes [ 'groupType' ][ 0 ] & 2 ) {
$groupScope = windowsGroup :: SCOPE_GLOBAL ;
}
elseif ( $this -> attributes [ 'groupType' ][ 0 ] & 4 ) {
$groupScope = windowsGroup :: SCOPE_DOMAIN_LOCAL ;
}
elseif ( $this -> attributes [ 'groupType' ][ 0 ] & 8 ) {
$groupScope = windowsGroup :: SCOPE_UNIVERSAL ;
}
if ( $this -> attributes [ 'groupType' ][ 0 ] & 0x80000000 ) {
$groupType = windowsGroup :: TYPE_SECURITY ;
}
else {
$groupType = windowsGroup :: TYPE_DISTRIBUTION ;
}
}
$groupTypeLabels = array_flip ( $this -> groupTypes );
$groupType = $groupTypeLabels [ $groupType ];
$groupScopeLabels = array_flip ( $this -> groupScopes );
$groupScope = $groupScopeLabels [ $groupScope ];
2015-03-15 17:38:03 +00:00
$this -> addPDFKeyValue ( $return , 'groupScope' , _ ( 'Group scope' ), $groupScope );
$this -> addPDFKeyValue ( $return , 'groupType' , _ ( 'Group type' ), $groupType );
2013-07-21 16:27:56 +00:00
// managed by
$managedBy = '' ;
if ( isset ( $this -> attributes [ 'managedBy' ][ 0 ])) {
$managedBy = getAbstractDN ( $this -> attributes [ 'managedBy' ][ 0 ]);
2015-03-15 17:38:03 +00:00
$this -> addPDFKeyValue ( $return , 'managedBy' , _ ( 'Managed by' ), $managedBy );
2013-07-21 16:27:56 +00:00
}
2013-03-26 20:00:39 +00:00
// members
2015-06-07 07:43:25 +00:00
if ( ! empty ( $this -> attributes [ 'member' ])) {
2013-03-26 20:00:39 +00:00
$memberList = array ();
if ( isset ( $this -> attributes [ 'member' ]) && is_array ( $this -> attributes [ 'member' ])) {
$memberList = $this -> attributes [ 'member' ];
}
usort ( $memberList , 'compareDN' );
2015-07-11 09:50:00 +00:00
$pdfTable = new PDFTable ( _ ( 'Members' ));
for ( $i = 0 ; $i < sizeof ( $memberList ); $i ++ ) {
$pdfRow = new PDFTableRow ();
$pdfRow -> cells [] = new PDFTableCell ( $memberList [ $i ]);
$pdfTable -> rows [] = $pdfRow ;
2013-03-26 20:00:39 +00:00
}
2015-07-11 09:50:00 +00:00
$this -> addPDFTable ( $return , 'member' , $pdfTable );
2013-03-26 20:00:39 +00:00
}
2015-06-07 07:43:25 +00:00
// member of
if ( ! empty ( $this -> attributes [ 'memberOf' ])) {
$memberOfList = array ();
if ( isset ( $this -> attributes [ 'memberOf' ]) && is_array ( $this -> attributes [ 'memberOf' ])) {
$memberOfList = $this -> attributes [ 'memberOf' ];
}
usort ( $memberOfList , 'compareDN' );
2015-07-11 09:50:00 +00:00
$pdfTable = new PDFTable ( _ ( 'Member of' ));
for ( $i = 0 ; $i < sizeof ( $memberOfList ); $i ++ ) {
$pdfRow = new PDFTableRow ();
$pdfRow -> cells [] = new PDFTableCell ( $memberOfList [ $i ]);
$pdfTable -> rows [] = $pdfRow ;
2015-06-07 07:43:25 +00:00
}
2015-07-11 09:50:00 +00:00
$this -> addPDFTable ( $return , 'memberOf' , $pdfTable );
2015-06-07 07:43:25 +00:00
}
2013-03-26 20:00:39 +00:00
return $return ;
}
2015-06-07 07:38:49 +00:00
/**
* Finds all existing groups .
*
* @ return array group DNs
*/
private function findGroups () {
if ( $this -> groupCache != null ) {
return $this -> groupCache ;
}
$return = array ();
$types = array ( 'group' );
$results = searchLDAPByFilter ( '(objectClass=group)' , array ( 'dn' ), $types );
$count = sizeof ( $results );
for ( $i = 0 ; $i < $count ; $i ++ ) {
if ( isset ( $results [ $i ][ 'dn' ])) {
$return [] = $results [ $i ][ 'dn' ];
}
}
$this -> groupCache = $return ;
return $return ;
}
2015-07-11 09:50:00 +00:00
2015-06-07 07:38:49 +00:00
/**
* Returns a list of modifications which have to be made to the LDAP account .
2015-07-11 09:50:00 +00:00
*
2015-06-07 07:38:49 +00:00
* Calling this method requires the existence of an enclosing { @ link accountContainer } .< br >
* < br >
*
* < br > This function returns an array with 3 entries :
* < br > array ( DN1 ( 'add' => array ( $attr ), 'remove' => array ( $attr ), 'modify' => array ( $attr )), DN2 .... )
* < br > DN is the DN to change . It is possible to change several DNs ( e . g . create a new user and add him
* to some groups via attribute memberUid ) < br >
* < br >< b > " add " </ b > are attributes which have to be added to the LDAP entry
* < br >< b > " remove " </ b > are attributes which have to be removed from the LDAP entry
* < br >< b > " modify " </ b > are attributes which have to be modified in the LDAP entry
* < br >< b > " notchanged " </ b > are attributes which stay unchanged
* < br >< b > " info " </ b > values with informational value ( e . g . to be used later by pre / postModify actions )
* < br >
* < br > This builds the required comands from $this - attributes and $this -> orig .
2015-07-11 09:50:00 +00:00
*
2015-06-07 07:38:49 +00:00
* @ return array list of modifications
*/
public function save_attributes () {
$attrs = $this -> attributes ;
$orig = $this -> orig ;
$attrs [ 'memberOf' ] = array ();
$orig [ 'memberOf' ] = array ();
return $this -> getAccountContainer () -> save_module_attributes ( $attrs , $orig );
}
2015-07-11 09:50:00 +00:00
2015-06-07 07:38:49 +00:00
/**
* Runs the postmodify actions .
2015-07-11 09:50:00 +00:00
*
2015-06-07 07:38:49 +00:00
* @ see baseModule :: postModifyActions ()
*
* @ param boolean $newAccount
* @ param array $attributes LDAP attributes of this entry
* @ return array array which contains status messages . Each entry is an array containing the status message parameters .
*/
public function postModifyActions ( $newAccount , $attributes ) {
$messages = array ();
// set groups
$groups = $this -> findGroups ();
if ( ! isset ( $this -> orig [ 'memberOf' ])) {
$this -> orig [ 'memberOf' ] = array ();
}
if ( ! isset ( $this -> attributes [ 'memberOf' ])) {
$this -> attributes [ 'memberOf' ] = array ();
}
$toAdd = array_values ( array_diff ( $this -> attributes [ 'memberOf' ], $this -> orig [ 'memberOf' ]));
$toRem = array_values ( array_diff ( $this -> orig [ 'memberOf' ], $this -> attributes [ 'memberOf' ]));
$toUpdate = array_values ( array_intersect ( $this -> attributes [ 'memberOf' ], $this -> orig [ 'memberOf' ]));
$ldapUser = $_SESSION [ 'ldap' ] -> decrypt_login ();
$ldapUser = $ldapUser [ 0 ];
// add groups
for ( $i = 0 ; $i < sizeof ( $toAdd ); $i ++ ) {
if ( in_array ( $toAdd [ $i ], $groups )) {
$success = @ ldap_mod_add ( $_SESSION [ 'ldap' ] -> server (), $toAdd [ $i ], array ( 'member' => array ( $this -> getAccountContainer () -> finalDN )));
if ( ! $success ) {
logNewMessage ( LOG_ERR , '[' . $ldapUser . '] Unable to add group ' . $this -> getAccountContainer () -> finalDN . ' to group: ' . $toAdd [ $i ] . ' (' . ldap_error ( $_SESSION [ 'ldap' ] -> server ()) . ').' );
$messages [] = array ( 'ERROR' , sprintf ( _ ( 'Was unable to add attributes to DN: %s.' ), $toAdd [ $i ]), getDefaultLDAPErrorString ( $_SESSION [ 'ldap' ] -> server ()));
}
else {
logNewMessage ( LOG_NOTICE , '[' . $ldapUser . '] Added group ' . $this -> getAccountContainer () -> finalDN . ' to group: ' . $toAdd [ $i ]);
}
}
}
// remove groups
for ( $i = 0 ; $i < sizeof ( $toRem ); $i ++ ) {
if ( in_array ( $toRem [ $i ], $groups )) {
$success = @ ldap_mod_del ( $_SESSION [ 'ldap' ] -> server (), $toRem [ $i ], array ( 'member' => array ( $this -> getAccountContainer () -> dn_orig )));
if ( ! $success ) {
logNewMessage ( LOG_ERR , '[' . $ldapUser . '] Unable to delete group ' . $this -> getAccountContainer () -> finalDN . ' from group: ' . $toRem [ $i ] . ' (' . ldap_error ( $_SESSION [ 'ldap' ] -> server ()) . ').' );
$messages [] = array ( 'ERROR' , sprintf ( _ ( 'Was unable to remove attributes from DN: %s.' ), $toRem [ $i ]), getDefaultLDAPErrorString ( $_SESSION [ 'ldap' ] -> server ()));
}
else {
logNewMessage ( LOG_NOTICE , '[' . $ldapUser . '] Removed group ' . $this -> getAccountContainer () -> finalDN . ' from group: ' . $toRem [ $i ]);
}
}
}
return $messages ;
}
2015-07-11 09:50:00 +00:00
2016-07-13 20:05:03 +00:00
/**
* Recursively gets the members of this group and its subgroups .
*
* @ return list of DNs
*/
private function getEffectiveMembers () {
$membersToCheck = $this -> attributes [ 'member' ];
$effectiveMembers = $membersToCheck ;
while ( ! empty ( $membersToCheck )) {
$member = array_pop ( $membersToCheck );
$attrs = ldapGetDN ( $member , array ( 'member' ));
if ( ! empty ( $attrs [ 'member' ])) {
foreach ( $attrs [ 'member' ] as $newMember ) {
if ( ! in_array ( $newMember , $effectiveMembers )) {
$effectiveMembers [] = $newMember ;
$membersToCheck [] = $newMember ;
}
}
}
}
return $effectiveMembers ;
}
2013-03-26 20:00:39 +00:00
}
?>