From 12eceb447de0471be28541b19d582d0932b665d1 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Fri, 24 May 2013 18:30:30 +0000
Subject: [PATCH] update owner attribute on dn change

---
 lam/lib/modules/posixAccount.inc | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc
index 1538aeff..6c72affd 100644
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@@ -725,6 +725,7 @@ class posixAccount extends baseModule implements passwordService {
 			$ldapUser = $ldapUser[0];
 			// update groups if DN changed
 			if (isset($this->getAccountContainer()->dn_orig) && ($this->getAccountContainer()->dn_orig != $this->getAccountContainer()->finalDN)) {
+				// update member attributes
 				for ($i = 0; $i < sizeof($toUpdate); $i++) {
 					if (isset($gons[$toUpdate[$i]])) {
 						$attrName = 'member';
@@ -749,6 +750,33 @@ class posixAccount extends baseModule implements passwordService {
 						}
 					}
 				}
+				// update owner attributes
+				$types = $_SESSION['config']->get_ActiveTypes();
+				if (in_array('gon', $types)) {
+					$gonTypes[] = 'gon';
+				}
+				if (in_array('group', $types)) {
+					$gonTypes[] = 'group';
+				}
+				$ownerGroups = searchLDAPByAttribute('owner', $this->getAccountContainer()->dn_orig, null, array('dn', 'owner'), $gonTypes);
+				for ($i = 0; $i < sizeof($ownerGroups); $i++) {
+					$found = false;
+					$newOwners = $ownerGroups[$i]['owner'];
+					for ($o = 0; $o < sizeof($newOwners); $o++) {
+						if ($newOwners[$o] == $this->getAccountContainer()->dn_orig) {
+							$newOwners[$o] = $this->getAccountContainer()->finalDN;
+							$found = true;
+							break;
+						}
+					}
+					if ($found) {
+						$success = @ldap_mod_replace($_SESSION['ldap']->server(), $ownerGroups[$i]['dn'], array('owner' => $newOwners));
+						if (!$success) {
+							logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $ownerGroups[$i]['dn'] . ' (' . ldap_err2str(ldap_errno($_SESSION['ldap']->server())) . ').');
+							$messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $ownerGroups[$i]['dn']), ldap_error($_SESSION['ldap']->server()));
+						}
+					}
+				}
 			}
 			// add groups
 			for ($i = 0; $i < sizeof($toAdd); $i++) {