From 0e74a752f8d153ed5301e390e08e4d55f80c52aa Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Mon, 21 Apr 2014 19:21:47 +0000
Subject: [PATCH] allow multiple cn values

---
 lam/lib/modules.inc               | 19 +++++++++++++--
 lam/lib/modules/inetOrgPerson.inc | 39 +++++++++++++++++++------------
 lam/lib/modules/posixAccount.inc  |  9 ++-----
 lam/lib/modules/quota.inc         | 27 ++++++++++++++++++++-
 4 files changed, 69 insertions(+), 25 deletions(-)

diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc
index b240ef4e..deb71789 100644
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2013  Roland Gruber
+  Copyright (C) 2003 - 2014  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -1722,6 +1722,13 @@ class accountContainer {
 				unset($attributes[$this->dn_orig]);
 			}
 		}
+		elseif (isset($attributes[$this->dn_orig]['remove'][$this->rdn][0]) && isset($attributes[$this->dn_orig]['notchanged'][$this->rdn][0])) {
+			$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['notchanged'][$this->rdn][0] . ',' . $this->dnSuffix;
+			if ($this->dn_orig != $this->finalDN) {
+				$attributes[$this->finalDN] = $attributes[$this->dn_orig];
+				unset($attributes[$this->dn_orig]);
+			}
+		}
 		elseif (!$this->isNewAccount && (($this->dnSuffix != extractDNSuffix($this->dn_orig)) || ($this->rdn != extractRDNAttribute($this->dn_orig)))) {
 			$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['notchanged'][$this->rdn][0] . ',' . $this->dnSuffix;
 			$attributes[$this->finalDN] = $attributes[$this->dn_orig];
@@ -1812,7 +1819,8 @@ class accountContainer {
 					$removeOldRDN = true;
 					unset($attributes[$this->finalDN]['modify'][extractRDNAttribute($this->finalDN)]);
 				}
-				if (isset($attributes[$this->finalDN]['notchanged'][$rdnAttr])) {
+				if (isset($attributes[$this->finalDN]['notchanged'][$rdnAttr])
+					&& !(isset($attributes[$this->finalDN]['add'][$rdnAttr]) || isset($attributes[$this->finalDN]['modify'][$rdnAttr]) || isset($attributes[$this->finalDN]['remove'][$rdnAttr]))) {
 					// fix for AD which requires to remove RDN even if not changed
 					$removeOldRDN = true;
 				}
@@ -1820,6 +1828,13 @@ class accountContainer {
 				$success = ldap_rename($_SESSION['ldap']->server(), $this->dn_orig, $this->getRDN($this->finalDN), $this->getParentDN($this->finalDN), $removeOldRDN);
 				if ($success) {
 					logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Renamed DN ' . $this->dn_orig . " to " . $this->finalDN);
+					// do not add attribute value as new one if added via rename operation
+					if (!empty($attributes[$this->finalDN]['add'][$rdnAttr]) && in_array(extractRDNValue($this->finalDN), $attributes[$this->finalDN]['add'][$rdnAttr])) {
+						$attributes[$this->finalDN]['add'][$rdnAttr] = array_delete(array(extractRDNValue($this->finalDN)), $attributes[$this->finalDN]['add'][$rdnAttr]);
+						if (empty($attributes[$this->finalDN]['add'][$rdnAttr])) {
+							unset($attributes[$this->finalDN]['add'][$rdnAttr]);
+						}
+					}
 				}
 				else {
 					logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to rename DN: ' . $this->dn_orig . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '
diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc
index b5e37a2d..97117498 100644
--- a/lam/lib/modules/inetOrgPerson.inc
+++ b/lam/lib/modules/inetOrgPerson.inc
@@ -143,10 +143,13 @@ class inetOrgPerson extends baseModule implements passwordService {
 			'fax' => 'facsimileTelephoneNumber', 'gn' => 'givenName', 'userid' => 'uid', 'rfc822Mailbox' => 'mail',
 			'mobileTelephoneNumber' => 'mobile', 'organizationName' => 'o', 'organizationalUnitName' => 'ou');
 		// managed attributes
-		$return['attributes'] = array('uid', 'cn', 'employeeType', 'givenName', 'jpegPhoto', 'mail', 'manager', 'mobile',
+		$return['attributes'] = array('uid', 'employeeType', 'givenName', 'jpegPhoto', 'mail', 'manager', 'mobile',
 			'title', 'telephoneNumber', 'facsimileTelephoneNumber', 'street', 'postOfficeBox', 'postalCode', 'postalAddress',
 			'sn', 'userPassword', 'description', 'homePhone', 'roomNumber', 'businessCategory', 'l', 'st', 'physicalDeliveryOfficeName',
 			'carLicense', 'departmentNumber', 'o', 'employeeNumber', 'initials', 'registeredAddress', 'labeledURI', 'ou', 'userCertificate;binary');
+		if (!$this->isUnixActive()) {
+			$return['attributes'][] = 'cn';
+		}
 		// self service search attributes
 		$return['selfServiceSearchAttributes'] = array('uid', 'mail', 'cn', 'surname', 'givenName', 'employeeNumber');
 		// self service field settings
@@ -1093,8 +1096,7 @@ class inetOrgPerson extends baseModule implements passwordService {
 			$this->attributes['initials'] = preg_split('/;[ ]*/', $_POST['initials']);
 		}
 		
-		$modules = $_SESSION['config']->get_AccountModules($this->get_scope());
-		if (!in_array('posixAccount', $modules)) {
+		if (!$this->isUnixActive()) {
 			// uid
 			if (!$this->isBooleanConfigOptionSet('inetOrgPerson_hideUID') && !$this->isAdminReadOnly('uid')) {
 				if (isset($_POST['uid']) && ($_POST['uid'] != '')) {
@@ -1111,7 +1113,8 @@ class inetOrgPerson extends baseModule implements passwordService {
 			}
 			// cn
 			if (!$this->isAdminReadOnly('cn')) {
-				if ($_POST['cn'] == '') {
+				$this->processMultiValueInputTextField('cn', $errors, 'cn');
+				if (empty($this->attributes['cn'][0])) {
 					if ($_POST['givenName'] != '') {
 						$this->attributes['cn'][0] = $_POST['givenName'] . " " . $_POST['sn'];
 					}
@@ -1119,12 +1122,6 @@ class inetOrgPerson extends baseModule implements passwordService {
 						$this->attributes['cn'][0] = $_POST['sn'];
 					}
 				}
-				else {
-					$this->attributes['cn'][0] = $_POST['cn'];
-				}
-				if (!get_preg($this->attributes['cn'][0], 'cn')) {
-					$errors[] = $this->messages['cn'][0];
-				}
 			}
 			if (!$this->isAdminReadOnly('userPassword')) {
 				if (isset($_POST['lockPassword'])) {
@@ -1157,9 +1154,8 @@ class inetOrgPerson extends baseModule implements passwordService {
 		$container = new htmlTable();
 		$fieldContainer = new htmlTable();
 		$container->addElement($fieldContainer);
-		$modules = $_SESSION['config']->get_AccountModules($this->get_scope());
 		// uid
-		if (!in_array('posixAccount', $modules) && !$this->isBooleanConfigOptionSet('inetOrgPerson_hideUID')) {
+		if (!$this->isUnixActive() && !$this->isBooleanConfigOptionSet('inetOrgPerson_hideUID')) {
 			if ($this->isAdminReadOnly('uid')) {
 				$this->addSimpleReadOnlyField($fieldContainer, 'uid', _('User name'));
 			}
@@ -1195,12 +1191,12 @@ class inetOrgPerson extends baseModule implements passwordService {
 			}
 		}
 		// common name
-		if (!in_array('posixAccount', $modules)) {
+		if (!$this->isUnixActive()) {
 			if ($this->isAdminReadOnly('cn')) {
 				$this->addSimpleReadOnlyField($fieldContainer, 'cn', _('Common name'));
 			}
 			else {
-				$this->addSimpleInputTextField($fieldContainer, 'cn', _('Common name'), true);
+				$this->addMultiValueInputTextField($fieldContainer, 'cn', _('Common name'), true);
 				$equalWidthElements[] = 'cn';
 			}
 		}
@@ -1555,7 +1551,7 @@ class inetOrgPerson extends baseModule implements passwordService {
 			}
 		}
 		// password buttons
-		if (!in_array('posixAccount', $modules) && checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes['userPassword'][0]) && !$this->isAdminReadOnly('userPassword')) {
+		if (!$this->isUnixActive() && checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes['userPassword'][0]) && !$this->isAdminReadOnly('userPassword')) {
 			$fieldContainer->addElement(new htmlSubTitle(_('Password')), true);
 			$pwdContainer = new htmlTable();
 			if (pwd_is_enabled($this->attributes['userPassword'][0])) {
@@ -3561,6 +3557,19 @@ class inetOrgPerson extends baseModule implements passwordService {
 		return $this->emailCheckCache[$mail];
 	}
 	
+	/**
+	 * Returns if the Unix module is also active.
+	 * 
+	 * @return boolean Unix is active
+	 */
+	private function isUnixActive() {
+		if (!isset($_SESSION['config'])) {
+			return false;
+		}
+		$modules = $_SESSION['config']->get_AccountModules($this->get_scope());
+		return in_array('posixAccount', $modules);
+	}
+	
 }
 
 ?>
diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc
index ebdf7a6f..9420fd4f 100644
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@@ -1081,10 +1081,7 @@ class posixAccount extends baseModule implements passwordService {
 			unset($this->attributes[$this->getPasswordAttrName()]);
 		}
 		if ($this->manageCn()) {
-			$this->attributes['cn'][0] = $_POST['cn'];
-			if (!get_preg($this->attributes['cn'][0], 'cn')) {
-				$errors[] = $this->messages['cn'][0];
-			}
+			$this->processMultiValueInputTextField('cn', $errors, 'cn');
 		}
 		$this->attributes['uidNumber'][0] = trim($_POST['uidNumber']);
 		$this->attributes['gidNumber'][0] = $_POST['gidNumber'];
@@ -1398,9 +1395,7 @@ class posixAccount extends baseModule implements passwordService {
 			$uidInput->setFieldMaxLength(100);
 			$return->addElement($uidInput, true);
 			if ($this->manageCn()) {
-				$commonName = '';
-				if (isset($this->attributes['cn'][0])) $commonName = $this->attributes['cn'][0];
-				$return->addElement(new htmlTableExtendedInputField(_("Common name"), 'cn', $commonName, 'cn'), true);
+				$this->addMultiValueInputTextField($return, 'cn', _("Common name"));
 			}
 			$uidNumber = '';
 			if (isset($this->attributes['uidNumber'][0])) $uidNumber = $this->attributes['uidNumber'][0];
diff --git a/lam/lib/modules/quota.inc b/lam/lib/modules/quota.inc
index b68a5aa6..92d9a644 100644
--- a/lam/lib/modules/quota.inc
+++ b/lam/lib/modules/quota.inc
@@ -4,7 +4,7 @@ $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
   Copyright (C) 2003 - 2006  Tilo Lutz
-                2007 - 2012  Roland Gruber
+                2007 - 2014  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -826,6 +826,31 @@ class quota extends baseModule {
 		return array('status' => 'finished');
 	}
 	
+	/**
+	* Returns a list of modifications which have to be made to the LDAP account.
+	* 
+	* Calling this method requires the existence of an enclosing {@link accountContainer}.<br>
+	* <br>
+	*
+	* <br>This function returns an array with 3 entries:
+	* <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
+	* <br>DN is the DN to change. It is possible to change several DNs (e.g. create a new user and add him
+	* to some groups via attribute memberUid)<br>
+	* <br><b>"add"</b> are attributes which have to be added to the LDAP entry
+	* <br><b>"remove"</b> are attributes which have to be removed from the LDAP entry
+	* <br><b>"modify"</b> are attributes which have to be modified in the LDAP entry
+	* <br><b>"notchanged"</b> are attributes which stay unchanged
+	* <br><b>"info"</b> values with informational value (e.g. to be used later by pre/postModify actions)
+	* <br>
+	* <br>This builds the required comands from $this-attributes and $this->orig.
+	* 
+	* @return array list of modifications
+	*/
+	public function save_attributes() {
+		// no LDAP changes
+		return $this->getAccountContainer()->save_module_attributes(array(), array());
+	}
+
 }
 
 ?>