referential integrity overlay

This commit is contained in:
Roland Gruber 2017-12-31 13:48:16 +01:00
parent 39e5cf1985
commit 21d0b7eb02
4 changed files with 41 additions and 10 deletions

View File

@ -1,4 +1,5 @@
March 2018 6.3 March 2018 6.3
- Server profile: added option if referential integrity overlay is active to sip cleanup actions
- LAM Pro: - LAM Pro:
-> Support custom structural object classes with new custom type -> Support custom structural object classes with new custom type
-> Support dynamic lists -> Support dynamic lists

View File

@ -368,24 +368,49 @@
<para><emphasis role="bold">Advanced options</emphasis></para> <para><emphasis role="bold">Advanced options</emphasis></para>
<para>Sometimes, you may not want to display the server address on the <para>Display name: Sometimes, you may not want to display the server
login page. In this case you can setup a display name here (e.g. address on the login page. In this case you can setup a display name
"Production").</para> here (e.g. "Production").</para>
<para>By default LAM will not follow LDAP referrals. This is ok for <para>Follow referrals: By default LAM will not follow LDAP referrals.
most installations. If you use LDAP referrals please activate the This is ok for most installations. If you use LDAP referrals please
referral option in advanced settings.</para> activate the referral option in advanced settings.</para>
<para>Paged results should be activated only if you encounter any <para>Paged results: Paged results should be activated only if you
problems regarding size limits on Active Directory. LAM will then encounter any problems regarding size limits on Active Directory. LAM
query LDAP to return results in chunks of 999 entries.</para> will then query LDAP to return results in chunks of 999
entries.</para>
<para>Referential integrity overlay: Activate this checkbox if you
have any server side extension for referential integrity in place. In
this case the server will cleanup references to LDAP entries that are
deleted.</para>
<para>The following actions are skipped in this case:</para>
<itemizedlist>
<listitem>
<para>Users: group of (unique) names: memberships are not deleted
when user is deleted</para>
</listitem>
<listitem>
<para>Users: organizational roles: role assignments are not
deleted when user is deleted</para>
</listitem>
<listitem>
<para>Groups: groupOf(Unique)Names: memberships are not deleted
when group is deleted</para>
</listitem>
</itemizedlist>
<literallayout> <literallayout>
</literallayout> </literallayout>
<para>LAM is translated to many different languages. Here you can <para>LAM is translated to many different languages. Here you can
select the default language for this server profile. The language select the default language for this server profile. The language
setting may be overriden at the LAM login page.</para> setting may be overridden at the LAM login page.</para>
<para>Please also set your time zone here.</para> <para>Please also set your time zone here.</para>

Binary file not shown.

Before

Width:  |  Height:  |  Size: 35 KiB

After

Width:  |  Height:  |  Size: 39 KiB

View File

@ -904,6 +904,11 @@ class posixAccount extends baseModule implements passwordService {
for ($i = 0; $i < sizeof($groups); $i++) { for ($i = 0; $i < sizeof($groups); $i++) {
$return[$groups[$i]['dn']]['remove']['memberUid'][] = $this->attributes['uid'][0]; $return[$groups[$i]['dn']]['remove']['memberUid'][] = $this->attributes['uid'][0];
} }
// stop here if referential integrity overlay is active
$config = $this->getAccountContainer()->get_type()->getTypeManager()->getConfig();
if ($config->isReferentialIntegrityOverlayActive()) {
return $return;
}
// remove from group of names // remove from group of names
$dn = $this->getAccountContainer()->dn_orig; $dn = $this->getAccountContainer()->dn_orig;
$gons = searchLDAPByFilter('(|(member=' . $dn . ')(uniqueMember=' . $dn . '))', array('member', 'uniqueMember'), array('group', 'gon')); $gons = searchLDAPByFilter('(|(member=' . $dn . ')(uniqueMember=' . $dn . '))', array('member', 'uniqueMember'), array('group', 'gon'));