allow multiple cn values

This commit is contained in:
Roland Gruber 2014-04-21 19:21:47 +00:00
parent 180d2a8800
commit 0e74a752f8
4 changed files with 69 additions and 25 deletions

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2013 Roland Gruber Copyright (C) 2003 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -1722,6 +1722,13 @@ class accountContainer {
unset($attributes[$this->dn_orig]); unset($attributes[$this->dn_orig]);
} }
} }
elseif (isset($attributes[$this->dn_orig]['remove'][$this->rdn][0]) && isset($attributes[$this->dn_orig]['notchanged'][$this->rdn][0])) {
$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['notchanged'][$this->rdn][0] . ',' . $this->dnSuffix;
if ($this->dn_orig != $this->finalDN) {
$attributes[$this->finalDN] = $attributes[$this->dn_orig];
unset($attributes[$this->dn_orig]);
}
}
elseif (!$this->isNewAccount && (($this->dnSuffix != extractDNSuffix($this->dn_orig)) || ($this->rdn != extractRDNAttribute($this->dn_orig)))) { elseif (!$this->isNewAccount && (($this->dnSuffix != extractDNSuffix($this->dn_orig)) || ($this->rdn != extractRDNAttribute($this->dn_orig)))) {
$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['notchanged'][$this->rdn][0] . ',' . $this->dnSuffix; $this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['notchanged'][$this->rdn][0] . ',' . $this->dnSuffix;
$attributes[$this->finalDN] = $attributes[$this->dn_orig]; $attributes[$this->finalDN] = $attributes[$this->dn_orig];
@ -1812,7 +1819,8 @@ class accountContainer {
$removeOldRDN = true; $removeOldRDN = true;
unset($attributes[$this->finalDN]['modify'][extractRDNAttribute($this->finalDN)]); unset($attributes[$this->finalDN]['modify'][extractRDNAttribute($this->finalDN)]);
} }
if (isset($attributes[$this->finalDN]['notchanged'][$rdnAttr])) { if (isset($attributes[$this->finalDN]['notchanged'][$rdnAttr])
&& !(isset($attributes[$this->finalDN]['add'][$rdnAttr]) || isset($attributes[$this->finalDN]['modify'][$rdnAttr]) || isset($attributes[$this->finalDN]['remove'][$rdnAttr]))) {
// fix for AD which requires to remove RDN even if not changed // fix for AD which requires to remove RDN even if not changed
$removeOldRDN = true; $removeOldRDN = true;
} }
@ -1820,6 +1828,13 @@ class accountContainer {
$success = ldap_rename($_SESSION['ldap']->server(), $this->dn_orig, $this->getRDN($this->finalDN), $this->getParentDN($this->finalDN), $removeOldRDN); $success = ldap_rename($_SESSION['ldap']->server(), $this->dn_orig, $this->getRDN($this->finalDN), $this->getParentDN($this->finalDN), $removeOldRDN);
if ($success) { if ($success) {
logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Renamed DN ' . $this->dn_orig . " to " . $this->finalDN); logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Renamed DN ' . $this->dn_orig . " to " . $this->finalDN);
// do not add attribute value as new one if added via rename operation
if (!empty($attributes[$this->finalDN]['add'][$rdnAttr]) && in_array(extractRDNValue($this->finalDN), $attributes[$this->finalDN]['add'][$rdnAttr])) {
$attributes[$this->finalDN]['add'][$rdnAttr] = array_delete(array(extractRDNValue($this->finalDN)), $attributes[$this->finalDN]['add'][$rdnAttr]);
if (empty($attributes[$this->finalDN]['add'][$rdnAttr])) {
unset($attributes[$this->finalDN]['add'][$rdnAttr]);
}
}
} }
else { else {
logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to rename DN: ' . $this->dn_orig . ' (' . ldap_error($_SESSION['ldap']->server()) . '). ' logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to rename DN: ' . $this->dn_orig . ' (' . ldap_error($_SESSION['ldap']->server()) . '). '

View File

@ -143,10 +143,13 @@ class inetOrgPerson extends baseModule implements passwordService {
'fax' => 'facsimileTelephoneNumber', 'gn' => 'givenName', 'userid' => 'uid', 'rfc822Mailbox' => 'mail', 'fax' => 'facsimileTelephoneNumber', 'gn' => 'givenName', 'userid' => 'uid', 'rfc822Mailbox' => 'mail',
'mobileTelephoneNumber' => 'mobile', 'organizationName' => 'o', 'organizationalUnitName' => 'ou'); 'mobileTelephoneNumber' => 'mobile', 'organizationName' => 'o', 'organizationalUnitName' => 'ou');
// managed attributes // managed attributes
$return['attributes'] = array('uid', 'cn', 'employeeType', 'givenName', 'jpegPhoto', 'mail', 'manager', 'mobile', $return['attributes'] = array('uid', 'employeeType', 'givenName', 'jpegPhoto', 'mail', 'manager', 'mobile',
'title', 'telephoneNumber', 'facsimileTelephoneNumber', 'street', 'postOfficeBox', 'postalCode', 'postalAddress', 'title', 'telephoneNumber', 'facsimileTelephoneNumber', 'street', 'postOfficeBox', 'postalCode', 'postalAddress',
'sn', 'userPassword', 'description', 'homePhone', 'roomNumber', 'businessCategory', 'l', 'st', 'physicalDeliveryOfficeName', 'sn', 'userPassword', 'description', 'homePhone', 'roomNumber', 'businessCategory', 'l', 'st', 'physicalDeliveryOfficeName',
'carLicense', 'departmentNumber', 'o', 'employeeNumber', 'initials', 'registeredAddress', 'labeledURI', 'ou', 'userCertificate;binary'); 'carLicense', 'departmentNumber', 'o', 'employeeNumber', 'initials', 'registeredAddress', 'labeledURI', 'ou', 'userCertificate;binary');
if (!$this->isUnixActive()) {
$return['attributes'][] = 'cn';
}
// self service search attributes // self service search attributes
$return['selfServiceSearchAttributes'] = array('uid', 'mail', 'cn', 'surname', 'givenName', 'employeeNumber'); $return['selfServiceSearchAttributes'] = array('uid', 'mail', 'cn', 'surname', 'givenName', 'employeeNumber');
// self service field settings // self service field settings
@ -1093,8 +1096,7 @@ class inetOrgPerson extends baseModule implements passwordService {
$this->attributes['initials'] = preg_split('/;[ ]*/', $_POST['initials']); $this->attributes['initials'] = preg_split('/;[ ]*/', $_POST['initials']);
} }
$modules = $_SESSION['config']->get_AccountModules($this->get_scope()); if (!$this->isUnixActive()) {
if (!in_array('posixAccount', $modules)) {
// uid // uid
if (!$this->isBooleanConfigOptionSet('inetOrgPerson_hideUID') && !$this->isAdminReadOnly('uid')) { if (!$this->isBooleanConfigOptionSet('inetOrgPerson_hideUID') && !$this->isAdminReadOnly('uid')) {
if (isset($_POST['uid']) && ($_POST['uid'] != '')) { if (isset($_POST['uid']) && ($_POST['uid'] != '')) {
@ -1111,7 +1113,8 @@ class inetOrgPerson extends baseModule implements passwordService {
} }
// cn // cn
if (!$this->isAdminReadOnly('cn')) { if (!$this->isAdminReadOnly('cn')) {
if ($_POST['cn'] == '') { $this->processMultiValueInputTextField('cn', $errors, 'cn');
if (empty($this->attributes['cn'][0])) {
if ($_POST['givenName'] != '') { if ($_POST['givenName'] != '') {
$this->attributes['cn'][0] = $_POST['givenName'] . " " . $_POST['sn']; $this->attributes['cn'][0] = $_POST['givenName'] . " " . $_POST['sn'];
} }
@ -1119,12 +1122,6 @@ class inetOrgPerson extends baseModule implements passwordService {
$this->attributes['cn'][0] = $_POST['sn']; $this->attributes['cn'][0] = $_POST['sn'];
} }
} }
else {
$this->attributes['cn'][0] = $_POST['cn'];
}
if (!get_preg($this->attributes['cn'][0], 'cn')) {
$errors[] = $this->messages['cn'][0];
}
} }
if (!$this->isAdminReadOnly('userPassword')) { if (!$this->isAdminReadOnly('userPassword')) {
if (isset($_POST['lockPassword'])) { if (isset($_POST['lockPassword'])) {
@ -1157,9 +1154,8 @@ class inetOrgPerson extends baseModule implements passwordService {
$container = new htmlTable(); $container = new htmlTable();
$fieldContainer = new htmlTable(); $fieldContainer = new htmlTable();
$container->addElement($fieldContainer); $container->addElement($fieldContainer);
$modules = $_SESSION['config']->get_AccountModules($this->get_scope());
// uid // uid
if (!in_array('posixAccount', $modules) && !$this->isBooleanConfigOptionSet('inetOrgPerson_hideUID')) { if (!$this->isUnixActive() && !$this->isBooleanConfigOptionSet('inetOrgPerson_hideUID')) {
if ($this->isAdminReadOnly('uid')) { if ($this->isAdminReadOnly('uid')) {
$this->addSimpleReadOnlyField($fieldContainer, 'uid', _('User name')); $this->addSimpleReadOnlyField($fieldContainer, 'uid', _('User name'));
} }
@ -1195,12 +1191,12 @@ class inetOrgPerson extends baseModule implements passwordService {
} }
} }
// common name // common name
if (!in_array('posixAccount', $modules)) { if (!$this->isUnixActive()) {
if ($this->isAdminReadOnly('cn')) { if ($this->isAdminReadOnly('cn')) {
$this->addSimpleReadOnlyField($fieldContainer, 'cn', _('Common name')); $this->addSimpleReadOnlyField($fieldContainer, 'cn', _('Common name'));
} }
else { else {
$this->addSimpleInputTextField($fieldContainer, 'cn', _('Common name'), true); $this->addMultiValueInputTextField($fieldContainer, 'cn', _('Common name'), true);
$equalWidthElements[] = 'cn'; $equalWidthElements[] = 'cn';
} }
} }
@ -1555,7 +1551,7 @@ class inetOrgPerson extends baseModule implements passwordService {
} }
} }
// password buttons // password buttons
if (!in_array('posixAccount', $modules) && checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes['userPassword'][0]) && !$this->isAdminReadOnly('userPassword')) { if (!$this->isUnixActive() && checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes['userPassword'][0]) && !$this->isAdminReadOnly('userPassword')) {
$fieldContainer->addElement(new htmlSubTitle(_('Password')), true); $fieldContainer->addElement(new htmlSubTitle(_('Password')), true);
$pwdContainer = new htmlTable(); $pwdContainer = new htmlTable();
if (pwd_is_enabled($this->attributes['userPassword'][0])) { if (pwd_is_enabled($this->attributes['userPassword'][0])) {
@ -3561,6 +3557,19 @@ class inetOrgPerson extends baseModule implements passwordService {
return $this->emailCheckCache[$mail]; return $this->emailCheckCache[$mail];
} }
/**
* Returns if the Unix module is also active.
*
* @return boolean Unix is active
*/
private function isUnixActive() {
if (!isset($_SESSION['config'])) {
return false;
}
$modules = $_SESSION['config']->get_AccountModules($this->get_scope());
return in_array('posixAccount', $modules);
}
} }
?> ?>

View File

@ -1081,10 +1081,7 @@ class posixAccount extends baseModule implements passwordService {
unset($this->attributes[$this->getPasswordAttrName()]); unset($this->attributes[$this->getPasswordAttrName()]);
} }
if ($this->manageCn()) { if ($this->manageCn()) {
$this->attributes['cn'][0] = $_POST['cn']; $this->processMultiValueInputTextField('cn', $errors, 'cn');
if (!get_preg($this->attributes['cn'][0], 'cn')) {
$errors[] = $this->messages['cn'][0];
}
} }
$this->attributes['uidNumber'][0] = trim($_POST['uidNumber']); $this->attributes['uidNumber'][0] = trim($_POST['uidNumber']);
$this->attributes['gidNumber'][0] = $_POST['gidNumber']; $this->attributes['gidNumber'][0] = $_POST['gidNumber'];
@ -1398,9 +1395,7 @@ class posixAccount extends baseModule implements passwordService {
$uidInput->setFieldMaxLength(100); $uidInput->setFieldMaxLength(100);
$return->addElement($uidInput, true); $return->addElement($uidInput, true);
if ($this->manageCn()) { if ($this->manageCn()) {
$commonName = ''; $this->addMultiValueInputTextField($return, 'cn', _("Common name"));
if (isset($this->attributes['cn'][0])) $commonName = $this->attributes['cn'][0];
$return->addElement(new htmlTableExtendedInputField(_("Common name"), 'cn', $commonName, 'cn'), true);
} }
$uidNumber = ''; $uidNumber = '';
if (isset($this->attributes['uidNumber'][0])) $uidNumber = $this->attributes['uidNumber'][0]; if (isset($this->attributes['uidNumber'][0])) $uidNumber = $this->attributes['uidNumber'][0];

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz Copyright (C) 2003 - 2006 Tilo Lutz
2007 - 2012 Roland Gruber 2007 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -826,6 +826,31 @@ class quota extends baseModule {
return array('status' => 'finished'); return array('status' => 'finished');
} }
/**
* Returns a list of modifications which have to be made to the LDAP account.
*
* Calling this method requires the existence of an enclosing {@link accountContainer}.<br>
* <br>
*
* <br>This function returns an array with 3 entries:
* <br>array( DN1 ('add' => array($attr), 'remove' => array($attr), 'modify' => array($attr)), DN2 .... )
* <br>DN is the DN to change. It is possible to change several DNs (e.g. create a new user and add him
* to some groups via attribute memberUid)<br>
* <br><b>"add"</b> are attributes which have to be added to the LDAP entry
* <br><b>"remove"</b> are attributes which have to be removed from the LDAP entry
* <br><b>"modify"</b> are attributes which have to be modified in the LDAP entry
* <br><b>"notchanged"</b> are attributes which stay unchanged
* <br><b>"info"</b> values with informational value (e.g. to be used later by pre/postModify actions)
* <br>
* <br>This builds the required comands from $this-attributes and $this->orig.
*
* @return array list of modifications
*/
public function save_attributes() {
// no LDAP changes
return $this->getAccountContainer()->save_module_attributes(array(), array());
}
} }
?> ?>