WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

support Samba 4

This commit is contained in:
Roland Gruber 2013-08-18 12:24:53 +00:00
parent bad02085dc
commit 24646635f9
1 changed files with 297 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
lam/lib/modules/posixAccount.inc
View File

@ -73,6 +73,18 @@ class posixAccount extends baseModule implements passwordService {
'ß' => 'ss', 'é' => 'e', 'è' => 'e', 'ô' => 'o', 'ç' => 'c'
);
/**
* Creates a new windowsPosixGroup object.
*
* @param string $scope account type (user, group, host)
*/
public function __construct($scope) {
// call parent constructor
parent::__construct($scope);
// make optional if needed
$this->autoAddObjectClasses = !$this->isOptional();
}
/**
* This function fills the error message array with messages.
**/
@ -154,8 +166,11 @@ class posixAccount extends baseModule implements passwordService {
// LDAP aliases
$return['LDAPaliases'] = array('commonName' => 'cn', 'userid' => 'uid');
// managed attributes
$return['attributes'] = array('cn', 'uid', 'uidNumber', 'gidNumber', 'homeDirectory',
$return['attributes'] = array('uid', 'uidNumber', 'gidNumber', 'homeDirectory',
'userPassword', 'loginShell', 'gecos', 'INFO.userPasswordClearText');
if ($this->manageCn()) {
$return['attributes'][] = 'cn';
}
if ($this->get_scope() == "user") {
// self service search attributes
$return['selfServiceSearchAttributes'] = array('uid');
@ -264,12 +279,6 @@ class posixAccount extends baseModule implements passwordService {
'required' => true,
'unique' => true
),
array(
'name' => 'posixAccount_cn',
'description' => _('Common name'),
'help' => 'cn',
'example' => _('Steve Miller')
),
array(
'name' => 'posixAccount_uid',
'description' => _('UID number'),
@ -326,6 +335,14 @@ class posixAccount extends baseModule implements passwordService {
'default' => 'false'
),
);
if ($this->manageCn()) {
array_unshift($return['upload_columns'], array(
'name' => 'posixAccount_cn',
'description' => _('Common name'),
'help' => 'cn',
'example' => _('Steve Miller')
));
}
if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
$return['upload_columns'][] = array(
'name' => 'posixAccount_gecos',
@ -391,9 +408,11 @@ class posixAccount extends baseModule implements passwordService {
'additionalGroups' => _('Additional groups'),
'homeDirectory' => _('Home directory'),
'loginShell' => _('Login shell'),
'cn' => _('Common name'),
'userPassword' => _('Password')
));
if ($this->manageCn()) {
$return['PDF_fields']['cn'] = _('Common name');
}
if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
$return['PDF_fields']['gecos'] = _('Gecos');
}
@ -402,6 +421,10 @@ class posixAccount extends baseModule implements passwordService {
}
// help Entries
$return['help'] = array(
'autoAdd' => array(
"Headline" => _("Automatically add this extension"),
"Text" => _("This will enable the extension automatically if this profile is loaded.")
),
'userNameSuggestion' => array(
"Headline" => _("User name suggestion"),
"Text" => _("LAM will suggest a user name based on e.g. first and last name. Here you can specify the suggestion. %sn% will be replaced by the last name. @givenname@ will be replaced by the first character of first name. Only attributes of tab Personal may be used.")
@ -557,6 +580,10 @@ class posixAccount extends baseModule implements passwordService {
* @return boolean true, if settings are complete
*/
function module_complete() {
if (!isset($this->attributes['objectClass']) || !in_array('posixAccount', $this->attributes['objectClass'])) {
// no checks if object class is not set
return true;
}
if (!isset($this->attributes['uid'][0]) || ($this->attributes['uid'][0] == '')) return false;
if (!isset($this->attributes['uidNumber'][0]) || ($this->attributes['uidNumber'][0] == '')) return false;
if (!isset($this->attributes['gidNumber'][0]) || ($this->attributes['gidNumber'][0] == '')) return false;
@ -607,6 +634,10 @@ class posixAccount extends baseModule implements passwordService {
*/
function save_attributes() {
$return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig);
if (!in_array('posixAccount', $this->attributes['objectClass']) && !in_array('posixAccount', $this->orig['objectClass'])) {
// skip saving if the extension was not added/modified
return array();
}
// add information about clear text password and password status change
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordClearText'][0] = $this->clearTextPassword;
if (isset($this->orig['userPassword'][0]) && isset($this->attributes['userPassword'][0])) {
@ -621,6 +652,7 @@ class posixAccount extends baseModule implements passwordService {
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'unlocked';
}
}
if (in_array('posixAccount', $this->attributes['objectClass'])) {
// Remove primary group from additional groups
if (!isset($this->moduleSettings['posixAccount_primaryGroupAsSecondary'][0])
|| ($this->moduleSettings['posixAccount_primaryGroupAsSecondary'][0] != 'true')) {
@ -667,6 +699,15 @@ class posixAccount extends baseModule implements passwordService {
}
}
}
}
elseif (in_array('posixAccount', $this->orig['objectClass']) && !empty($this->orig['uid'][0])) {
// Unix extension was removed, clean group memberships
$groupList = searchLDAPByAttribute('memberUid', $this->orig['uid'][0], 'posixGroup', array('dn'), array('group'));
for ($i = 0; $i < sizeof($groupList); $i++) {
// remove user name
$return[$groupList[$i]['dn']]['remove']['memberUid'][] = $this->orig['uid'][0];
}
}
return $return;
}
@ -905,6 +946,29 @@ class posixAccount extends baseModule implements passwordService {
*/
function process_attributes() {
$errors = array();
if (isset($_POST['addObjectClass'])) {
if (!isset($this->attributes['objectClass'])) {
$this->attributes['objectClass'] = array();
}
if (!in_array('posixAccount', $this->attributes['objectClass'])) {
$this->attributes['objectClass'][] = 'posixAccount';
}
return $errors;
}
if (isset($_POST['remObjectClass'])) {
$this->attributes['objectClass'] = array_delete(array('posixAccount'), $this->attributes['objectClass']);
$attrs = $this->getManagedAttributes();
foreach ($attrs as $name) {
if (isset($this->attributes[$name])) {
unset($this->attributes[$name]);
}
}
return $errors;
}
// skip processing if object class is not set
if ($this->isOptional() && (!isset($this->attributes['objectClass']) || !in_array('posixAccount', $this->attributes['objectClass']))) {
return $errors;
}
$groups = $this->findGroups(); // list of all groupnames
if (count($groups)==0) {
// abort if no groups were found
@ -960,10 +1024,12 @@ class posixAccount extends baseModule implements passwordService {
if (isset($_POST['removePassword'])) {
unset($this->attributes['userPassword']);
}
if ($this->manageCn()) {
$this->attributes['cn'][0] = $_POST['cn'];
if (!get_preg($this->attributes['cn'][0], 'cn')) {
$errors[] = $this->messages['cn'][0];
}
}
$this->attributes['uidNumber'][0] = trim($_POST['uidNumber']);
$this->attributes['gidNumber'][0] = $_POST['gidNumber'];
if ($this->get_scope()=='user') {
@ -1207,6 +1273,7 @@ class posixAccount extends baseModule implements passwordService {
*/
function display_html_attributes() {
$return = new htmlTable();
if (!$this->isOptional() || (isset($this->attributes['objectClass']) && in_array('posixAccount', $this->attributes['objectClass']))) {
$groupList = $this->findGroups(); // list of all group names
$groups = array();
for ($i = 0; $i < sizeof($groupList); $i++) {
@ -1224,7 +1291,7 @@ class posixAccount extends baseModule implements passwordService {
$attrs = $this->getAccountContainer()->getAccountModule('inetOrgPerson')->getAttributes();
$this->attributes['uid'][0] = $this->getUserNameSuggestion($attrs);
}
if (!isset($this->attributes['cn'][0]) || ($this->attributes['cn'][0] == '')) {
if ($this->manageCn() && (!isset($this->attributes['cn'][0]) || ($this->attributes['cn'][0] == ''))) {
// set a default value for common name
if (($this->get_scope() == 'host') && isset($_POST['uid']) && (substr($_POST['uid'], -1, 1) == '$')) {
$this->attributes['cn'][0] = substr($_POST['uid'], 0, strlen($_POST['uid']) - 1);
@ -1256,9 +1323,11 @@ class posixAccount extends baseModule implements passwordService {
$uidInput->setRequired(true);
$uidInput->setFieldMaxLength(100);
$return->addElement($uidInput, true);
if ($this->manageCn()) {
$commonName = '';
if (isset($this->attributes['cn'][0])) $commonName = $this->attributes['cn'][0];
$return->addElement(new htmlTableExtendedInputField(_("Common name"), 'cn', $commonName, 'cn'), true);
}
$uidNumber = '';
if (isset($this->attributes['uidNumber'][0])) $uidNumber = $this->attributes['uidNumber'][0];
$uidNumberInput = new htmlTableExtendedInputField(_('UID number'), 'uidNumber', $uidNumber, 'uidNumber');
@ -1335,6 +1404,18 @@ class posixAccount extends baseModule implements passwordService {
$pwdContainer->colspan = 2;
$return->addElement($pwdContainer);
}
// remove button
if ($this->isOptional()) {
$return->addElement(new htmlSpacer(null, '20px'), true);
$remButton = new htmlButton('remObjectClass', _('Remove Unix extension'));
$remButton->colspan = 5;
$return->addElement($remButton);
}
}
else {
// add button
$return->addElement(new htmlButton('addObjectClass', _('Add Unix extension')));
}
return $return;
}
@ -1592,6 +1673,9 @@ class posixAccount extends baseModule implements passwordService {
// primary Unix group
$return->addElement(new htmlTableExtendedSelect('posixAccount_primaryGroup', $groups, array(), _('Primary group'), 'gidNumber'));
}
if ($this->isOptional()) {
$return->addElement(new htmlTableExtendedInputCheckbox('posixAccount_addExt', false, _('Automatically add this extension'), 'autoAdd'), true);
}
return $return;
}
@ -1634,6 +1718,12 @@ class posixAccount extends baseModule implements passwordService {
}
}
}
// add extension
if (isset($profile['posixAccount_addExt'][0]) && ($profile['posixAccount_addExt'][0] == "true")) {
if (!in_array('posixAccount', $this->attributes['objectClass'])) {
$this->attributes['objectClass'][] = 'posixAccount';
}
}
}
/**
@ -1951,6 +2041,7 @@ class posixAccount extends baseModule implements passwordService {
$errors[] = $errMsg;
}
// cn
if ($this->manageCn()) {
if ($rawAccounts[$i][$ids['posixAccount_cn']] != "") {
if (get_preg($rawAccounts[$i][$ids['posixAccount_cn']], 'cn')) {
$partialAccounts[$i]['cn'] = $rawAccounts[$i][$ids['posixAccount_cn']];
@ -1973,6 +2064,7 @@ class posixAccount extends baseModule implements passwordService {
}
}
}
}
// host specific attributes
elseif ($this->get_scope() == 'host') {
// host name
@ -2860,6 +2952,34 @@ class posixAccount extends baseModule implements passwordService {
);
}
/**
* Returns if the cn attribute should be managed.
* If Windows modules are active then cn will not be managed.
*
* @return boolean manage cn attribute
*/
private function manageCn() {
if (isset($_SESSION['config'])) {
$conf = $_SESSION['config'];
if (in_array('windowsUser', $conf->get_AccountModules($this->get_scope()))) {
return false;
}
else {
return true;
}
}
return false;
}
/**
* Returns if the Unix part can be added and removed.
*
* @return boolean is optional
*/
private function isOptional() {
return !$this->manageCn();
}
}
?>