WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

removed host attribute from inetOrgPerson module

This commit is contained in:
Roland Gruber 2010-04-03 17:20:10 +00:00
parent 1ce98b955f
commit 00f6ffddcd
3 changed files with 39 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
lam/docs/manual-sources/howto.xml
View File

@ -601,6 +601,20 @@ Have fun!
<section id="a_versUpgrade">
<title>Version specific upgrade instructions</title>
<section>
<title>3.0.0 -&gt; 3.1.0</title>
<para>LAM supported to set a list of valid workstations on the
"Personal" page. This required to change the LDAP schema. Since
3.1.0 this is replaced by the new "Hosts" module for users.</para>
</section>
<section>
<title>2.3.0 -&gt; 3.0.0</title>
<para>No changes.</para>
</section>
<section>
<title>2.2.0 -&gt; 2.3.0</title>
@ -1157,6 +1171,26 @@ Have fun!
</screenshot>
</section>
<section>
<title>Hosts</title>
<para>You can specify a list of valid host names where the user may
login. If you add the value "*" then the user may login to any host.
This can be further restricted by adding explicit deny entries which
are prefixed with "!" (e.g. "!hr_server").</para>
<para>Please note that your PAM settings need to support host
restrictions.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/hostObject.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
<section>
<title>Samba 3</title>
@ -2335,11 +2369,13 @@ Have fun!
<entry>Unix accounts</entry>
<entry>posixAccount, shadowAccount, posixGroup</entry>
<entry>posixAccount, shadowAccount, hostObject, posixGroup</entry>
<entry>nis.schema, rfc2307bis.schema</entry>
<entry>nis.schema, rfc2307bis.schema, ldapns.schema
(hostObject)</entry>
<entry>Part of OpenLDAP installation</entry>
<entry>Part of OpenLDAP installation, part of libpam-ldap
(ldapns.schema)</entry>
<entry>The rfc2307bis.schema is only supported by LAM Pro. Use the
nis.schema if you do not want to upgrade to LAM Pro.</entry>
@ -3089,34 +3125,4 @@ Have fun!
all required packages.</para>
</section>
</appendix>
<appendix>
<title>InetOrgPerson and the host attribute</title>
<para>The attribute "host" is only in objectclass account. Unfortunatly
"account" conflicts with "inetorgperson". so there's no perfect way to use
both.</para>
<para>In order to get attribute host working you have to modify
schema/inetorgperson and include host:</para>
<literallayout># inetOrgPerson
# The inetOrgPerson represents people who are associated with an
# organization in some way. It is a structural class and is derived
# from the organizationalPerson which is defined in X.521 [X521].
objectclass ( 2.16.840.1.113730.3.2.2
NAME 'inetOrgPerson'
DESC 'RFC2798: Internet Organizational Person'
SUP organizationalPerson
STRUCTURAL
MAY (
audio $ businessCategory $ carLicense $ departmentNumber $
displayName $ employeeNumber $ employeeType $ givenName $
homePhone $ homePostalAddress $ initials $ jpegPhoto $
labeledURI $ mail $ manager $ mobile $ o $ pager $
photo $ roomNumber $ secretary $ uid $ userCertificate $
x500uniqueIdentifier $ preferredLanguage $
userSMIMECertificate $ userPKCS12 $ host )
)</literallayout>
</appendix>
</book>

BIN
lam/docs/manual-sources/images/hostObject.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

85
lam/lib/modules/inetOrgPerson.inc
View File

@ -37,39 +37,10 @@ $Id$
*/
class inetOrgPerson extends baseModule implements passwordService {
private static $unix_hosts_supported = 'unknown';
/**
* Returns if the host attribute is supported by the schema.
*
* @return boolean true if supported
*/
private function supportUnixHosts() {
if (inetOrgPerson::$unix_hosts_supported === 'unknown') {
inetOrgPerson::$unix_hosts_supported = 'no';
get_schema_objectclasses();
$classes = get_cached_schema('objectclasses');
if (isset($classes['inetorgperson'])) {
$mayAttrs = $classes['inetorgperson']->getMayAttrs();
if (is_array($mayAttrs)) {
for ($i = 0; $i < sizeof($mayAttrs); $i++) {
if ($mayAttrs[$i]->getName() === 'host') {
inetOrgPerson::$unix_hosts_supported = 'yes';
break;
}
}
}
}
}
return (inetOrgPerson::$unix_hosts_supported === 'yes');
}
/**
* This function fills the message array.
**/
function load_Messages() {
$this->messages['host'][0] = array('ERROR', _('Unix workstations'), _('Unix workstations are invalid!'));
$this->messages['host'][1] = array('ERROR', _('Account %s:') . ' inetOrgPerson_hosts', _('Unix workstations are invalid!'));
$this->messages['givenName'][0] = array('ERROR', _('First name'), _('First name contains invalid characters!'));
$this->messages['givenName'][1] = array('ERROR', _('Account %s:') . ' inetOrgPerson_lastName', _('First name contains invalid characters!'));
$this->messages['lastname'][0] = array('ERROR', _('Last name'), _('Last name contains invalid characters or is empty!'));
@ -139,9 +110,6 @@ class inetOrgPerson extends baseModule implements passwordService {
'title', 'telephoneNumber', 'facsimileTelephoneNumber', 'street', 'postOfficeBox', 'postalCode', 'postalAddress',
'sn', 'userPassword', 'description', 'homePhone', 'roomNumber', 'businessCategory', 'l', 'st', 'physicalDeliveryOfficeName',
'carLicense', 'departmentNumber');
if (isset($_SESSION['loggedIn']) && ($_SESSION['loggedIn'] === true) && $this->supportUnixHosts()) {
$return['attributes'][] = 'host';
}
// self service search attributes
$return['selfServiceSearchAttributes'] = array('uid', 'mail', 'cn', 'surname', 'givenName');
// self service field settings
@ -472,20 +440,8 @@ class inetOrgPerson extends baseModule implements passwordService {
'example' => _('YourCompany, Human Resources')
);
}
// Unix workstations for upload
if (isset($_SESSION['loggedIn']) && ($_SESSION['loggedIn'] === true)) {
if ($this->supportUnixHosts()) {
$return['upload_columns'][] = array(
'name' => 'inetOrgPerson_hosts',
'description' => _('Unix workstations'),
'help' => 'workstations',
'example' => _('pc01,pc02')
);
}
}
// available PDF fields
$return['PDF_fields'] = array(
'host',
'givenName',
'sn'
);
@ -623,10 +579,6 @@ class inetOrgPerson extends baseModule implements passwordService {
"Headline" => _("User name"),
"Text" => _("User name of the user who should be created. Valid characters are: a-z,A-Z,0-9, .-_. If user name is already used user name will be expanded with a number. The next free number will be used. Warning: Older systems have problems with user names longer than 8 characters. You can not log in to Windows if user name is longer than 16 characters.")
),
'workstations' => array (
"Headline" => _("Unix workstations"),
"Text" => _("Please enter a comma separated list of host names where this user is allowed to log in. If you enable host restrictions for your servers then \"*\" means every host and an empty field means no host.")
),
'photoUpload' => array(
"Headline" => _("Add photo"),
"Text" => _("Please select an image file to upload. It must be in JPG format (.jpg/.jpeg).")
@ -878,20 +830,6 @@ class inetOrgPerson extends baseModule implements passwordService {
}
}
// handle host-attribute in on epice because it's not set by default
if ($this->supportUnixHosts()) {
$host = $_POST['host'];
if (!get_preg($host,'unixhost')) {
$errors[] = $this->messages['host'][0];
}
$hosts = explode(",", $host);
$this->attributes['host'] = array();
for ($i = 0; $i < sizeof($hosts); $i++) {
if ($hosts[$i] != "") {
$this->attributes['host'][] = $hosts[$i];
}
}
}
if (isset($_POST['delPhoto'])) {
$this->attributes['jpegPhoto'] = array();
}
@ -1116,17 +1054,6 @@ class inetOrgPerson extends baseModule implements passwordService {
'maxlength' => '255', 'value' => $departmentNumber),
array('kind' => 'help', 'value' => 'departmentNumber'));
}
if ($this->supportUnixHosts()) {
$hostvalue = "";
if (isset($this->attributes['host']) && is_array($this->attributes['host'])) {
$hostvalue .= implode(",", $this->attributes['host']);
}
$return[] = array(
array('kind' => 'text', 'text' => _('Unix workstations')),
array('kind' => 'input', 'name' => 'host', 'type' => 'text', 'size' => '30',
'maxlength' => '255', 'value' => $hostvalue ),
array('kind' => 'help', 'value' => 'workstations'));
}
if (!$this->isBooleanConfigOptionSet('inetOrgPerson_hideManager')) {
// get list of existing users for manager attribute
$dnUsers = $_SESSION['cache']->get_cache('uid', 'inetOrgPerson', 'user');
@ -1218,7 +1145,6 @@ class inetOrgPerson extends baseModule implements passwordService {
function get_pdfEntries() {
$return = array(
get_class($this) . '_description' => array('<block><key>' . _('Description') . '</key><value>' . $this->attributes['description'][0] . '</value></block>'),
get_class($this) . '_host' => array('<block><key>' . _('Unix workstations') . '</key><value>' . $this->attributes['host'][0] . '</value></block>'),
get_class($this) . '_title' => array('<block><key>' . _('Job title') . '</key><value>' . $this->attributes['title'][0] . '</value></block>'),
get_class($this) . '_givenName' => array('<block><key>' . _('First name') . '</key><value>' . $this->attributes['givenName'][0] . '</value></block>'),
get_class($this) . '_sn' => array('<block><key>' . _('Last name') . '</key><value>' . $this->attributes['sn'][0] . '</value></block>'),
@ -1511,17 +1437,6 @@ class inetOrgPerson extends baseModule implements passwordService {
$errors[] = $errMsg;
}
}
// Unix workstations
if ($rawAccounts[$i][$ids['inetOrgPerson_hosts']] != "") {
if (get_preg($rawAccounts[$i][$ids['inetOrgPerson_hosts']], 'unixhost')) {
$partialAccounts[$i]['host'] = explode(",", $rawAccounts[$i][$ids['inetOrgPerson_hosts']]);
}
else {
$errMsg = $this->messages['host'][1];
array_push($errMsg, array($i));
$errors[] = $errMsg;
}
}
if (!in_array('posixAccount', $selectedModules)) {
// cn
if ($rawAccounts[$i][$ids['inetOrgPerson_cn']] != "") {