Fixed serveral things in lamdaemon.

objectClasses are now checked Removed small bug when DN has to be changed
2003-08-12 19:45:24 +00:00 · 2003-08-12 19:45:24 +00:00 · 3d2241b4e8
parent dcf11d1ee7
commit 3d2241b4e8
4 changed files with 223 additions and 36 deletions
--- a/lam/docs/README.lamdaemon.pl
+++ b/lam/docs/README.lamdaemon.pl
@ -6,13 +6,21 @@ thins to get it work.
 1. Set values in LDAP Account manager
   * Set the remote or local host in the configuration
    (e.g. 127.0.0.1)
   * Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl  
 2. Set up SSH
   I don't know if this step is really needed but I had some
   problems using Net::SSH without keys.
   * Log in on remote host as $admin
   * run "ssh-keygen -t dsa" to create all needed keys
     if not yet done
 3. Set up sudo
   The perlskript has to run as root (very ugly I know but
   I haven't found any other solution). Therefor we need
   a wrapper, sudo.
-   Edit /etc/sudoers and add the following line:
+   Edit /etc/sudoers on host homedirs or quotas should be used
   and add the following line:
   $admin All= NOPASSWD: $path
   $admin is the adminuser from lam and $path
   is the path include the filename of lamdaemon.pl
@ -24,11 +32,24 @@ thins to get it work.
   perl -MCPAN -e shell
   install Quota
   install Net::LDAP
-   install Net:SSH
+   install Net::SSH::Perl
   Please answer all questions to describe your system
   Every additional needed module should be installed
   automaticly
   I installed Math::Pari, a needed module, by hand.
   I had many problems to install Math::Pari, a module needed
   by Net:SSH::Perl. The reason is a bug in gcc 3.3 (In my case).
   I found the following solution to prevent this bug:
   * Download and untar pari (http://www.parigp-home.de)
   * Download and untar Math::Pari
   * run perl Makefile.PL
   * edit Makefile and libPARI/Makefile
     Replace line "OPTIMIZE = -O3 --pipe" with
     "OPTIMIZE = -O1 --pipe".
   * run make
   * run make install
 5. Set up lamdaemon.pl
   Make all needed changes in lamdaemon.pl
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@ -25,6 +25,7 @@ $Id$
 class account { // This class keeps all needed values for any account
 	// General Settings
 	var $general_objectClass;	// Array, contains old objectclasses of loaded account
 	var $general_username;		// string Username, Hostname or Groupname
 	var $general_uidNumber;		// string UIDNumber(user|host) GIDNumber(group) only natural numbers allowed
 	var $general_surname;		// string Surname (user)
@ -516,7 +517,7 @@ function setquotas($values,$type,$values_old=false) { // Whis function will set
 			}
 		$i++;
 		}
-	if ($i!=0) exec($$_SESSION['config']->scriptPath." $towrite", $vals);
+	if ($i!=0) exec($_SESSION['config']->scriptPath." $towrite", $vals);
 	//if ($i!=0) exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
 	}
@ -717,6 +718,11 @@ function loaduser($dn) { // Will load all needed values from an existing account
 			else $return->unix_host = $return->unix_host . ', ' . $attr['host'][$i];
 		$i++;
 		}
 	$i=0;
 	while (isset($attr['objectClass'][$i])) {
 		$return->general_objectClass[$i] = $attr['objectClass'][$i];
 		$i++;
 		}
 	if ($_SESSION['config']->samba3 == 'yes') {
 		if (isset($attr['sambaAcctFlags'][0])) {
 			if (strrpos($attr['sambaAcctFlags'][0], 'W')) $return->smb_flagsW=true;
@ -779,6 +785,11 @@ function loadhost($dn) { // Will load all needed values from an existing account
 	$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
 	$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
 	$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
 	$i=0;
 	while (isset($attr['objectClass'][$i])) {
 		$return->general_objectClass[$i] = $attr['objectClass'][$i];
 		$i++;
 		}
 	if (isset($attr['uid'][0])) $return->general_username = $attr['uid'][0];
 	if (isset($attr['uidNumber'][0])) $return->general_uidNumber = $attr['uidNumber'][0];
 	if (isset($attr['shadowLastChange'][0])) $return->unix_shadowLastChange = $attr['shadowLastChange'][0];
@ -839,16 +850,28 @@ function loadgroup($dn) { // Will load all needed values from an existing group
 	$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
 	$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
 	$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
 	$i=0;
 	while (isset($attr['objectClass'][$i])) {
 		$return->general_objectClass[$i] = $attr['objectClass'][$i];
 		$i++;
 		}
 	if (isset($attr['gidNumber'][0])) $return->general_uidNumber = $attr['gidNumber'][0];
 	if (isset($attr['description'][0])) $return->general_gecos = $attr['description'][0];
 	if (isset($attr['cn'][0])) {
 		$return->general_username = $attr['cn'][0];
 		if ($_SESSION['config']->scriptServer) getquotas('group',$attr['cn'][0]);
 		}
-	if (isset($attr['memberUid'])) $return->general_memberUid = $attr['memberUid'];
+	if (isset($attr['memberUid'][0])) $return->general_memberUid = $attr['memberUid'][0];
 	if (is_array($return->general_memberUid)) array_shift($return->general_memberUid);
-	if (isset($attr['sambaSID'])) $return->smb_mapgroup = $attr['sambaSID'];
+	if (isset($attr['sambaSID'][0])) {
-	if (isset($attr['displayName'])) $return->smb_displayName = $attr['displayName'];
+		$return->smb_mapgroup = $attr['sambaSID'][0];
 		$temp = explode('-', $attr['sambaSID'][0]);
 		$SID = $temp[0].'-'.$temp[1].'-'.$temp[2].'-'.$temp[3].'-'.$temp[4].'-'.$temp[5].'-'.$temp[6];
 		$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
 		for ($i=0; $i<sizeof($samba3domains); $i++)
 			if ($SID == $samba3domains[$i]->SID) $return->smb_domain = $samba3domains[$i];
 		}
 	if (isset($attr['displayName'][0])) $return->smb_displayName = $attr['displayName'][0];
 	if ($_SESSION['config']->scriptServer) {
 		$values = getquotas('group',$return->general_username);
 		if (is_object($values)) {
@ -961,7 +984,7 @@ function createuser($values) { // Will create the LDAP-Account
 	$hosts = explode (',', $values->unix_host);
 	$i=0;
 	while(isset($hosts[$i])) {
-		$attr['host'][$i] = $hosts[$i];
+		if ($hosts[$i]!='') $attr['host'][$i] = $hosts[$i];
 		$i++;
 		}
 	if ($values->unix_pwdminage!='') $attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
@ -976,7 +999,7 @@ function createuser($values) { // Will create the LDAP-Account
 	$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
 	if (!$success) return 4;
 	if ($_SESSION['config']->scriptServer) {
-		setquotas($values->general_username,'user');
+		setquotas($values,'user');
 		addhomedir($values->general_username);
 		}
 	// Add User to Additional Groups
@ -1136,7 +1159,7 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
 	$j=0;
 	while(isset($hosts[$i])) {
 		if ($hosts[$i]!='') {
-			$attr['host'][$j] = $hosts[$i];
+			if ($hosts[$i]!='') $attr['host'][$j] = $hosts[$i];
 			$j++;
 			}
 		$i++;
@ -1145,7 +1168,7 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
 	$j=0;
 	while(isset($hosts_old[$i])) {
 		if ($hosts_old[$i]!='') {
-			$attr_rem['host'][$j] = $hosts_old[$i];
+			if ($hosts_old[$i]!='') $attr_rem['host'][$j] = $hosts_old[$i];
 			$j++;
 			}
 		$i++;
@ -1212,6 +1235,32 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
 	if ($values->general_givenname!=$values_old->general_givenname) $attr['givenName'] = $values->general_givenname;
 	if ($values->general_surname!=$values_old->general_surname) $attr['sn'] = $values->general_surname;
 	if ( (!in_array('posixAccount', $_SESSION['account_old']->general_objectClass)) ||
 		(!in_array('shadowAccount', $_SESSION['account_old']->general_objectClass)) ||
 		(!in_array('inetOrgPerson', $_SESSION['account_old']->general_objectClass)) ||
 		(($_SESSION['config']->samba3 =='yes') && (!in_array('sambaSamAccount', $_SESSION['account_old']->general_objectClass))) ||
 		(($_SESSION['config']->samba3 !='yes') && (!in_array('sambaAccount', $_SESSION['account_old']->general_objectClass)))) {
 			$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixGroup");
 			$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
 			$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
 			// remove "count" from array
 			unset($attr_old['count']);
 			for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
 			$keys = array_keys($attr_old);
 			for ($i=0; $i < sizeof($keys); $i++)
 				unset($attr_old[$keys[$i]]['count']);
 			unset ($attr_old['objectClass']);
 			$attr_old['objectClass'][0] = 'posixAccount';
 			$attr_old['objectClass'][1] = 'shadowAccount';
 			$attr_old['objectClass'][2] = 'inetOrgPerson';
 			if ($_SESSION['config']->samba3 !='yes') $attr_old['objectClass'][3] = 'sambaSamAccount';
 				else $attr_old['objectClass'][3] = 'sambaAccount';
 			$success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
 			if ($success) $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
 				else return 5;
 			}
 	if ($attr_rem) {
 			$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
 			if (!$success) return 5;
@ -1265,7 +1314,7 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
 			}
 		$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
 		}
-	if ($_SESSION['config']->scriptServer) setquotas($values->general_username,'user',$values_old->general_username);
+	if ($_SESSION['config']->scriptServer) setquotas($values,'user',$values_old);
 	return 3;
 	}
@ -1396,6 +1445,32 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
 		$attr['displayName'] = $values->general_gecos; // sambaAccount_may
 		}
 	if ( (!in_array('posixAccount', $_SESSION['account_old']->general_objectClass)) ||
 		(!in_array('shadowAccount', $_SESSION['account_old']->general_objectClass)) ||
 		(!in_array('account', $_SESSION['account_old']->general_objectClass)) ||
 		(($_SESSION['config']->samba3 =='yes') && (!in_array('sambaSamAccount', $_SESSION['account_old']->general_objectClass))) ||
 		(($_SESSION['config']->samba3 !='yes') && (!in_array('sambaAccount', $_SESSION['account_old']->general_objectClass)))) {
 			$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixGroup");
 			$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
 			$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
 			// remove "count" from array
 			unset($attr_old['count']);
 			for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
 			$keys = array_keys($attr_old);
 			for ($i=0; $i < sizeof($keys); $i++)
 				unset($attr_old[$keys[$i]]['count']);
 			unset ($attr_old['objectClass']);
 			$attr_old['objectClass'][0] = 'posixAccount';
 			$attr_old['objectClass'][1] = 'shadowAccount';
 			$attr_old['objectClass'][2] = 'account';
 			if ($_SESSION['config']->samba3 !='yes') $attr_old['objectClass'][3] = 'sambaSamAccount';
 				else $attr_old['objectClass'][3] = 'sambaAccount';
 			$success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
 			if ($success) $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
 				else return 5;
 			}
 	if ($attr_rem) {
 		$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
 		if (!$success) return 5;
@ -1405,7 +1480,7 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
 		if (!$success) return 5;
 		}
 	if ($values->general_dn != $values_old->general_dn) {// Hostname hasn't changed
-		$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
+		$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixAccount");
 		$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
 		$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
 		// remove "count" from array
@ -1416,8 +1491,8 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
 			unset($attr_old[$keys[$i]]['count']);
 		$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
 		if ($success) $success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
 		}
 		if (!$success) return 5;
 		}
 	return 3;
 	}
@ -1454,7 +1529,7 @@ function creategroup($values) { // Will create the LDAP-Group
 		if ($values->smb_displayName) $attr['displayName'] = $values->smb_displayName;
 		}
 	$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
-	if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0],'group');
+	if ($_SESSION['config']->scriptServer) setquotas($values,'group');
 	if ($success) return 1;
 	else return 4;
 	}
@ -1492,12 +1567,29 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group
 		$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
 		if (!$success) return 5;
 		}
 	if (($_SESSION['config']->samba3 = 'yes') && (!in_array('sambaGroupMapping', $_SESSION['account_old']->general_objectClass))) {
 		$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixGroup");
 		$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
 		$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
 		// remove "count" from array
 		unset($attr_old['count']);
 		for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
 		$keys = array_keys($attr_old);
 		for ($i=0; $i < sizeof($keys); $i++)
 			unset($attr_old[$keys[$i]]['count']);
 		unset ($attr_old['objectClass']);
 		$attr_old['objectClass'][0] = 'posixGroup';
 		$attr_old['objectClass'][1] = 'sambaGroupMapping';
 		$success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
 		if ($success) $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
 			else return 5;
 		}
 	if ($attr) {
 		$success = ldap_mod_replace($_SESSION['ldap']->server(),$values->general_dn, $attr);
 		if (!$success) return 5;
 		}
 	if ($values->general_dn != $values_old->general_dn) {// Groupname hasn't changed
-		$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixGroup");
+		$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixGroup");
 		$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
 		$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
 		// remove "count" from array
@ -1509,8 +1601,8 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group
 		$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
 		if ($success) ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
 		if ($success) $success = ldap_mod_replace($_SESSION['ldap']->server(),$values->general_dn, $attr);
 		}
 		if (!$success) return 5;
 		}
 	if ( $_SESSION['final_changegids']==true ) {
 		$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(), 'gidNumber=' . $values_old->general_uidNumber, array('gidNumber'));
 		$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
@ -1520,7 +1612,7 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group
 			$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
 			}
 		}
-	if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0],'group');
+	if ($_SESSION['config']->scriptServer) setquotas($values,'group',$values_old);
 	return 3;
 	}
--- a/lam/lib/lamdaemon.pl
+++ b/lam/lib/lamdaemon.pl
@ -25,19 +25,19 @@
 # Configure-Options
 # change only variables starting from here
 	# list of valid admins
-@admins = ('cn=Manager,dc=my-domain,dc=com');
+@admins = ('cn=Manager,dc=my-domain,dc=com',
 	    'uid=test,ou=people,dc=my-domain,dc=com');
 $server_ldap="127.0.0.1"; # IP or DNS of ldap-server
 $server_ssh="127.0.0.1"; # IP or DNS of host to create homedirs, quota, ....
-$server_ssh_ident = "/var/lib/wwwrun/.ssh/id_dsa";
+$server_ssh_ident = "/var/lib/wwwrun/.ssh/id_dsa"; # SSH-Key to use
-$server_ssh_known = "/var/lib/wwwrun/.ssh/knownhosts";
+$path = "/srv/www/htdocs/lam/lib/lamdaemon.pl"; # path to ldap on remote-host
 $server_ldap_port='389'; # Port used from ldap
 $server_tls='no'; # Use TLS?
 $server_tls_verify='require'; # none,optional or require a valid server certificated
 $server_tls_clientcert=''; # path to client certificate
 $server_tls_clientkey=''; # path to client certificate
 $server_tls_decryptkey=''; # To to decrypt clientkey
-$server_tls_cafile=''; # Path to CA-File
+$server_tls_cafile='/etc/certificates/ca.cert'; # Path to CA-File
 $debug=true; # Show debug messages
 # Don't change anything below this line
@ -182,7 +182,7 @@ if ($found==true) {
 						$i=0;
 						($<, $>) = ($>, $<); # Get root privileges
 						while ($quota_usr[$i][0]) {
-							$dev = Quota::getqcarg($quota[$i][1]);
+							$dev = Quota::getqcarg($quota[$i][0]);
 							$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
 							$i++;
 							}
@ -223,10 +223,9 @@ else {
    $username[0] =~ s/uid=//;
    my $ssh = Net::SSH::Perl->new($server_ssh, options=>[
 	"IdentityFile $server_ssh_ident",
-	"UserKnownHostsFile $server_ssh_known"
+	"UserKnownHostsFile /dev/null"
 	]);
    $ssh->login($username[0], $vals[1]);
-    #$path = "/srv/www/htdocs/lam/lib/lamdaemon.pl";
+    ($stdout, $stderr, $exit) = $ssh->cmd("sudo $path @ARGV");
    ($stdout, $stderr, $exit) = $ssh->cmd("sudo $0 @ARGV");
    print "$stdout";
    }
--- a/lam/templates/account.php
+++ b/lam/templates/account.php
@ -152,10 +152,7 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
 			else $_SESSION['account']->smb_flagsD = false;
 		if ($_POST['f_smb_flagsX']) $_SESSION['account']->smb_flagsX = true;
 			else $_SESSION['account']->smb_flagsX = false;
-		if ($_POST['f_smb_mapgroup'] == _('Domain Guests')) $_SESSION['account']->smb_mapgroup = $_SESSION[config]->get_domainSID() . "-" . '514';
+		if (isset($_POST['f_smb_displayName'])) $_SESSION['account']->smb_displayName = $_POST['f_smb_displayName'];
 		if ($_POST['f_smb_mapgroup'] == _('Domain Users')) $_SESSION['account']->smb_mapgroup = $_SESSION[config]->get_domainSID() . "-" . '513';
 		if ($_POST['f_smb_mapgroup'] == _('Domain Admins')) $_SESSION['account']->smb_mapgroup = $_SESSION[config]->get_domainSID() . "-" . '512';
 		if (isset($_POST['f_smb_domain'])) $_SESSION['account']->smb_displayName = $_POST['f_smb_domain'];
 			else $_SESSION['account']->smb_displayName = '';
 		if ($_SESSION['config']->samba3 == 'yes') {
@ -164,6 +161,9 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
 				if ($_POST['f_smb_domain'] == $samba3domains[$i]->name) {
 					$_SESSION['account']->smb_domain = $samba3domains[$i];
 					}
 			if ($_POST['f_smb_mapgroup'] == _('Domain Guests')) $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '514';
 			if ($_POST['f_smb_mapgroup'] == _('Domain Users')) $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '513';
 			if ($_POST['f_smb_mapgroup'] == _('Domain Admins')) $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '512';
 			}
 		else {
 			if (isset($_POST['f_smb_domain'])) $_SESSION['account']->smb_domain = $_POST['f_smb_domain'];
@ -828,7 +828,7 @@ switch ($select_local) { // Select which part of page will be loaded
 				echo '<tr><td>';
 				echo _('Windows well known group');
 				echo '</td>'."\n".'<td><select name="f_smb_mapgroup" >';
-					if ( $_SESSION['account']->smb_mapgroup == $_SESSION[config]->get_domainSID() . "-" . '514' ) {
+					if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '514' ) {
 						echo '<option selected> ';
 						echo _('Domain Guests');
 						echo "</option>\n"; }
@ -837,7 +837,7 @@ switch ($select_local) { // Select which part of page will be loaded
 						echo _('Domain Guests');
 						echo "</option>\n";
 						}
-					if ( $_SESSION['account']->smb_mapgroup == $_SESSION[config]->get_domainSID() . "-" . '513' ) {
+					if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '513' ) {
 						echo '<option selected> ';
 						echo _('Domain Users');
 						echo "</option>\n"; }
@ -846,7 +846,7 @@ switch ($select_local) { // Select which part of page will be loaded
 						echo _('Domain Users');
 						echo "</option>\n";
 						}
-					if ( $_SESSION['account']->smb_mapgroup == $_SESSION[config]->get_domainSID() . "-" . '512' ) {
+					if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '512' ) {
 						echo '<option selected> ';
 						echo _('Domain Admins');
 						echo "</option>\n"; }
@ -860,14 +860,25 @@ switch ($select_local) { // Select which part of page will be loaded
 					'</td></tr>'."\n".'<tr><td>';
 					echo _('Windows Groupname');
 					echo '</td><td>'.
-					'<input name="f_smb_domain" type="text" size="30" maxlength="80" value="' . $_SESSION['account']->smb_displayName . '">'.
+					'<input name="f_smb_displayName" type="text" size="30" maxlength="80" value="' . $_SESSION['account']->smb_displayName . '">'.
 					'</td><td>'.
 					'<a href="help.php?HelpNumber=465" target="lamhelp">'._('Help').'</a>'.
-					'</td></tr>'."\n";
+					'</td></tr>'."\n".'<tr><td>';
 				echo _('Domain');
 				echo '</td><td><select name="f_smb_domain">';
 				for ($i=0; $i<sizeof($samba3domains); $i++) {
 					if ($_SESSION['account']->smb_domain->name) {
 						if ($_SESSION['account']->smb_domain->name == $samba3domains[$i]->name)
 							echo '<option selected>' . $samba3domains[$i]->name. '</option>';
 						else echo '<option>' . $samba3domains[$i]->name. '</option>';
 						}
 					else echo '<option>' . $samba3domains[$i]->name. '</option>';
 					}
 				break;
 			case 'host':
 				// set smb_flgasW true because account is host
 				$_SESSION['account']->smb_flagsW = 1;
 				if ($_SESSION['account']->smb_password_no) echo '<input name="f_smb_password_no" type="hidden" value="1l">';
 				echo '<input name="f_unix_password_no" type="hidden" value="';
 				if ($_SESSION['account']->unix_password_no) echo 'checked';
 				echo  '">';
@ -1023,6 +1034,33 @@ switch ($select_local) { // Select which part of page will be loaded
 					'mv ' . $_SESSION['account_old' ]->general_homedir . ' ' . $_SESSION['account']->general_homedir);
 					echo '</tr>'."\n";
 					}
 				if (!in_array('posixAccount', $_SESSION['account_old']->general_objectClass)) {
 					echo '<tr>';
 					StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
 					echo "</tr>\n";
 					}
 				if (!in_array('shadowAccount', $_SESSION['account_old']->general_objectClass)) {
 					echo '<tr>';
 					StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
 					echo "</tr>\n";
 					}
 				if (!in_array('inetOrgPerson', $_SESSION['account_old']->general_objectClass)) {
 					echo '<tr>';
 					StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
 					echo "</tr>\n";
 					}
 				if ($_SESSION['config']->samba3 == 'yes') {
 					if (!in_array('sambaSamAccount', $_SESSION['account_old']->general_objectClass)) {
 						echo '<tr>';
 						StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
 						echo "</tr>\n";
 						}}
 					else
 					if (!in_array('sambaAccount', $_SESSION['account_old']->general_objectClass)) {
 						echo '<tr>';
 						StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
 						echo "</tr>\n";
 						}
 				break;
 			case 'group' :
 				if (($_SESSION['account_old']) && ($_SESSION['account']->general_uidNumber != $_SESSION['account_old']->general_uidNumber)) {
@ -1037,6 +1075,16 @@ switch ($select_local) { // Select which part of page will be loaded
 					echo _('Change GID-Number of all users in group to new value');
 					echo '</td></tr>'."\n";
 					}
 				if (($_SESSION['config']->samba3 == 'yes') && (!in_array('sambaGroupMapping', $_SESSION['account_old']->general_objectClass))) {
 					echo '<tr>';
 					StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
 					echo "</tr>\n";
 					}
 				if (!in_array('posixGroup', $_SESSION['account_old']->general_objectClass)) {
 					echo '<tr>';
 					StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
 					echo "</tr>\n";
 					}
 				break;
 			case 'host':
 				if (($_SESSION['account_old']) && ($_SESSION['account']->general_uidNumber != $_SESSION['account_old']->general_uidNumber)) {
@ -1045,6 +1093,33 @@ switch ($select_local) { // Select which part of page will be loaded
 					'find / -gid ' . $_SESSION['account_old' ]->general_uidNumber . ' -exec chown ' . $_SESSION['account']->general_uidNumber . ' {} \;');
 					echo '</tr>'."\n";
 					}
 				if (!in_array('posixAccount', $_SESSION['account_old']->general_objectClass)) {
 					echo '<tr>';
 					StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
 					echo "</tr>\n";
 					}
 				if (!in_array('shadowAccount', $_SESSION['account_old']->general_objectClass)) {
 					echo '<tr>';
 					StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
 					echo "</tr>\n";
 					}
 				if (!in_array('account', $_SESSION['account_old']->general_objectClass)) {
 					echo '<tr>';
 					StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
 					echo "</tr>\n";
 					}
 				if ($_SESSION['config']->samba3 == 'yes') {
 					if (!in_array('sambaSamAccount', $_SESSION['account_old']->general_objectClass)) {
 						echo '<tr>';
 						StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
 						echo "</tr>\n";
 						}}
 					else
 					if (!in_array('sambaAccount', $_SESSION['account_old']->general_objectClass)) {
 						echo '<tr>';
 						StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
 						echo "</tr>\n";
 						}
 				break;
 			}
 		echo '<tr><td>'.