Fixed serveral things in lamdaemon.
objectClasses are now checked Removed small bug when DN has to be changed
This commit is contained in:
parent
dcf11d1ee7
commit
3d2241b4e8
|
@ -6,13 +6,21 @@ thins to get it work.
|
||||||
1. Set values in LDAP Account manager
|
1. Set values in LDAP Account manager
|
||||||
* Set the remote or local host in the configuration
|
* Set the remote or local host in the configuration
|
||||||
(e.g. 127.0.0.1)
|
(e.g. 127.0.0.1)
|
||||||
|
* Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl
|
||||||
|
|
||||||
|
2. Set up SSH
|
||||||
|
I don't know if this step is really needed but I had some
|
||||||
|
problems using Net::SSH without keys.
|
||||||
|
* Log in on remote host as $admin
|
||||||
|
* run "ssh-keygen -t dsa" to create all needed keys
|
||||||
|
if not yet done
|
||||||
|
|
||||||
3. Set up sudo
|
3. Set up sudo
|
||||||
The perlskript has to run as root (very ugly I know but
|
The perlskript has to run as root (very ugly I know but
|
||||||
I haven't found any other solution). Therefor we need
|
I haven't found any other solution). Therefor we need
|
||||||
a wrapper, sudo.
|
a wrapper, sudo.
|
||||||
Edit /etc/sudoers and add the following line:
|
Edit /etc/sudoers on host homedirs or quotas should be used
|
||||||
|
and add the following line:
|
||||||
$admin All= NOPASSWD: $path
|
$admin All= NOPASSWD: $path
|
||||||
$admin is the adminuser from lam and $path
|
$admin is the adminuser from lam and $path
|
||||||
is the path include the filename of lamdaemon.pl
|
is the path include the filename of lamdaemon.pl
|
||||||
|
@ -24,11 +32,24 @@ thins to get it work.
|
||||||
perl -MCPAN -e shell
|
perl -MCPAN -e shell
|
||||||
install Quota
|
install Quota
|
||||||
install Net::LDAP
|
install Net::LDAP
|
||||||
install Net:SSH
|
install Net::SSH::Perl
|
||||||
Please answer all questions to describe your system
|
Please answer all questions to describe your system
|
||||||
Every additional needed module should be installed
|
Every additional needed module should be installed
|
||||||
automaticly
|
automaticly
|
||||||
|
|
||||||
|
I installed Math::Pari, a needed module, by hand.
|
||||||
|
I had many problems to install Math::Pari, a module needed
|
||||||
|
by Net:SSH::Perl. The reason is a bug in gcc 3.3 (In my case).
|
||||||
|
I found the following solution to prevent this bug:
|
||||||
|
* Download and untar pari (http://www.parigp-home.de)
|
||||||
|
* Download and untar Math::Pari
|
||||||
|
* run perl Makefile.PL
|
||||||
|
* edit Makefile and libPARI/Makefile
|
||||||
|
Replace line "OPTIMIZE = -O3 --pipe" with
|
||||||
|
"OPTIMIZE = -O1 --pipe".
|
||||||
|
* run make
|
||||||
|
* run make install
|
||||||
|
|
||||||
5. Set up lamdaemon.pl
|
5. Set up lamdaemon.pl
|
||||||
Make all needed changes in lamdaemon.pl
|
Make all needed changes in lamdaemon.pl
|
||||||
|
|
||||||
|
|
|
@ -25,6 +25,7 @@ $Id$
|
||||||
|
|
||||||
class account { // This class keeps all needed values for any account
|
class account { // This class keeps all needed values for any account
|
||||||
// General Settings
|
// General Settings
|
||||||
|
var $general_objectClass; // Array, contains old objectclasses of loaded account
|
||||||
var $general_username; // string Username, Hostname or Groupname
|
var $general_username; // string Username, Hostname or Groupname
|
||||||
var $general_uidNumber; // string UIDNumber(user|host) GIDNumber(group) only natural numbers allowed
|
var $general_uidNumber; // string UIDNumber(user|host) GIDNumber(group) only natural numbers allowed
|
||||||
var $general_surname; // string Surname (user)
|
var $general_surname; // string Surname (user)
|
||||||
|
@ -516,7 +517,7 @@ function setquotas($values,$type,$values_old=false) { // Whis function will set
|
||||||
}
|
}
|
||||||
$i++;
|
$i++;
|
||||||
}
|
}
|
||||||
if ($i!=0) exec($$_SESSION['config']->scriptPath." $towrite", $vals);
|
if ($i!=0) exec($_SESSION['config']->scriptPath." $towrite", $vals);
|
||||||
//if ($i!=0) exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
|
//if ($i!=0) exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -717,6 +718,11 @@ function loaduser($dn) { // Will load all needed values from an existing account
|
||||||
else $return->unix_host = $return->unix_host . ', ' . $attr['host'][$i];
|
else $return->unix_host = $return->unix_host . ', ' . $attr['host'][$i];
|
||||||
$i++;
|
$i++;
|
||||||
}
|
}
|
||||||
|
$i=0;
|
||||||
|
while (isset($attr['objectClass'][$i])) {
|
||||||
|
$return->general_objectClass[$i] = $attr['objectClass'][$i];
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
if ($_SESSION['config']->samba3 == 'yes') {
|
if ($_SESSION['config']->samba3 == 'yes') {
|
||||||
if (isset($attr['sambaAcctFlags'][0])) {
|
if (isset($attr['sambaAcctFlags'][0])) {
|
||||||
if (strrpos($attr['sambaAcctFlags'][0], 'W')) $return->smb_flagsW=true;
|
if (strrpos($attr['sambaAcctFlags'][0], 'W')) $return->smb_flagsW=true;
|
||||||
|
@ -779,6 +785,11 @@ function loadhost($dn) { // Will load all needed values from an existing account
|
||||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||||
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
||||||
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||||
|
$i=0;
|
||||||
|
while (isset($attr['objectClass'][$i])) {
|
||||||
|
$return->general_objectClass[$i] = $attr['objectClass'][$i];
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
if (isset($attr['uid'][0])) $return->general_username = $attr['uid'][0];
|
if (isset($attr['uid'][0])) $return->general_username = $attr['uid'][0];
|
||||||
if (isset($attr['uidNumber'][0])) $return->general_uidNumber = $attr['uidNumber'][0];
|
if (isset($attr['uidNumber'][0])) $return->general_uidNumber = $attr['uidNumber'][0];
|
||||||
if (isset($attr['shadowLastChange'][0])) $return->unix_shadowLastChange = $attr['shadowLastChange'][0];
|
if (isset($attr['shadowLastChange'][0])) $return->unix_shadowLastChange = $attr['shadowLastChange'][0];
|
||||||
|
@ -839,16 +850,28 @@ function loadgroup($dn) { // Will load all needed values from an existing group
|
||||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||||
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
$return->general_dn = (ldap_get_dn($_SESSION['ldap']->server(), $entry));
|
||||||
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||||
|
$i=0;
|
||||||
|
while (isset($attr['objectClass'][$i])) {
|
||||||
|
$return->general_objectClass[$i] = $attr['objectClass'][$i];
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
if (isset($attr['gidNumber'][0])) $return->general_uidNumber = $attr['gidNumber'][0];
|
if (isset($attr['gidNumber'][0])) $return->general_uidNumber = $attr['gidNumber'][0];
|
||||||
if (isset($attr['description'][0])) $return->general_gecos = $attr['description'][0];
|
if (isset($attr['description'][0])) $return->general_gecos = $attr['description'][0];
|
||||||
if (isset($attr['cn'][0])) {
|
if (isset($attr['cn'][0])) {
|
||||||
$return->general_username = $attr['cn'][0];
|
$return->general_username = $attr['cn'][0];
|
||||||
if ($_SESSION['config']->scriptServer) getquotas('group',$attr['cn'][0]);
|
if ($_SESSION['config']->scriptServer) getquotas('group',$attr['cn'][0]);
|
||||||
}
|
}
|
||||||
if (isset($attr['memberUid'])) $return->general_memberUid = $attr['memberUid'];
|
if (isset($attr['memberUid'][0])) $return->general_memberUid = $attr['memberUid'][0];
|
||||||
if (is_array($return->general_memberUid)) array_shift($return->general_memberUid);
|
if (is_array($return->general_memberUid)) array_shift($return->general_memberUid);
|
||||||
if (isset($attr['sambaSID'])) $return->smb_mapgroup = $attr['sambaSID'];
|
if (isset($attr['sambaSID'][0])) {
|
||||||
if (isset($attr['displayName'])) $return->smb_displayName = $attr['displayName'];
|
$return->smb_mapgroup = $attr['sambaSID'][0];
|
||||||
|
$temp = explode('-', $attr['sambaSID'][0]);
|
||||||
|
$SID = $temp[0].'-'.$temp[1].'-'.$temp[2].'-'.$temp[3].'-'.$temp[4].'-'.$temp[5].'-'.$temp[6];
|
||||||
|
$samba3domains = $_SESSION['ldap']->search_domains($_SESSION[config]->get_domainSuffix());
|
||||||
|
for ($i=0; $i<sizeof($samba3domains); $i++)
|
||||||
|
if ($SID == $samba3domains[$i]->SID) $return->smb_domain = $samba3domains[$i];
|
||||||
|
}
|
||||||
|
if (isset($attr['displayName'][0])) $return->smb_displayName = $attr['displayName'][0];
|
||||||
if ($_SESSION['config']->scriptServer) {
|
if ($_SESSION['config']->scriptServer) {
|
||||||
$values = getquotas('group',$return->general_username);
|
$values = getquotas('group',$return->general_username);
|
||||||
if (is_object($values)) {
|
if (is_object($values)) {
|
||||||
|
@ -961,7 +984,7 @@ function createuser($values) { // Will create the LDAP-Account
|
||||||
$hosts = explode (',', $values->unix_host);
|
$hosts = explode (',', $values->unix_host);
|
||||||
$i=0;
|
$i=0;
|
||||||
while(isset($hosts[$i])) {
|
while(isset($hosts[$i])) {
|
||||||
$attr['host'][$i] = $hosts[$i];
|
if ($hosts[$i]!='') $attr['host'][$i] = $hosts[$i];
|
||||||
$i++;
|
$i++;
|
||||||
}
|
}
|
||||||
if ($values->unix_pwdminage!='') $attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
|
if ($values->unix_pwdminage!='') $attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
|
||||||
|
@ -976,7 +999,7 @@ function createuser($values) { // Will create the LDAP-Account
|
||||||
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
||||||
if (!$success) return 4;
|
if (!$success) return 4;
|
||||||
if ($_SESSION['config']->scriptServer) {
|
if ($_SESSION['config']->scriptServer) {
|
||||||
setquotas($values->general_username,'user');
|
setquotas($values,'user');
|
||||||
addhomedir($values->general_username);
|
addhomedir($values->general_username);
|
||||||
}
|
}
|
||||||
// Add User to Additional Groups
|
// Add User to Additional Groups
|
||||||
|
@ -1136,7 +1159,7 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
|
||||||
$j=0;
|
$j=0;
|
||||||
while(isset($hosts[$i])) {
|
while(isset($hosts[$i])) {
|
||||||
if ($hosts[$i]!='') {
|
if ($hosts[$i]!='') {
|
||||||
$attr['host'][$j] = $hosts[$i];
|
if ($hosts[$i]!='') $attr['host'][$j] = $hosts[$i];
|
||||||
$j++;
|
$j++;
|
||||||
}
|
}
|
||||||
$i++;
|
$i++;
|
||||||
|
@ -1145,7 +1168,7 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
|
||||||
$j=0;
|
$j=0;
|
||||||
while(isset($hosts_old[$i])) {
|
while(isset($hosts_old[$i])) {
|
||||||
if ($hosts_old[$i]!='') {
|
if ($hosts_old[$i]!='') {
|
||||||
$attr_rem['host'][$j] = $hosts_old[$i];
|
if ($hosts_old[$i]!='') $attr_rem['host'][$j] = $hosts_old[$i];
|
||||||
$j++;
|
$j++;
|
||||||
}
|
}
|
||||||
$i++;
|
$i++;
|
||||||
|
@ -1212,6 +1235,32 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
|
||||||
if ($values->general_givenname!=$values_old->general_givenname) $attr['givenName'] = $values->general_givenname;
|
if ($values->general_givenname!=$values_old->general_givenname) $attr['givenName'] = $values->general_givenname;
|
||||||
if ($values->general_surname!=$values_old->general_surname) $attr['sn'] = $values->general_surname;
|
if ($values->general_surname!=$values_old->general_surname) $attr['sn'] = $values->general_surname;
|
||||||
|
|
||||||
|
if ( (!in_array('posixAccount', $_SESSION['account_old']->general_objectClass)) ||
|
||||||
|
(!in_array('shadowAccount', $_SESSION['account_old']->general_objectClass)) ||
|
||||||
|
(!in_array('inetOrgPerson', $_SESSION['account_old']->general_objectClass)) ||
|
||||||
|
(($_SESSION['config']->samba3 =='yes') && (!in_array('sambaSamAccount', $_SESSION['account_old']->general_objectClass))) ||
|
||||||
|
(($_SESSION['config']->samba3 !='yes') && (!in_array('sambaAccount', $_SESSION['account_old']->general_objectClass)))) {
|
||||||
|
|
||||||
|
$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixGroup");
|
||||||
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||||
|
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||||
|
// remove "count" from array
|
||||||
|
unset($attr_old['count']);
|
||||||
|
for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
|
||||||
|
$keys = array_keys($attr_old);
|
||||||
|
for ($i=0; $i < sizeof($keys); $i++)
|
||||||
|
unset($attr_old[$keys[$i]]['count']);
|
||||||
|
unset ($attr_old['objectClass']);
|
||||||
|
$attr_old['objectClass'][0] = 'posixAccount';
|
||||||
|
$attr_old['objectClass'][1] = 'shadowAccount';
|
||||||
|
$attr_old['objectClass'][2] = 'inetOrgPerson';
|
||||||
|
if ($_SESSION['config']->samba3 !='yes') $attr_old['objectClass'][3] = 'sambaSamAccount';
|
||||||
|
else $attr_old['objectClass'][3] = 'sambaAccount';
|
||||||
|
$success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
|
||||||
|
if ($success) $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
|
||||||
|
else return 5;
|
||||||
|
}
|
||||||
|
|
||||||
if ($attr_rem) {
|
if ($attr_rem) {
|
||||||
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
|
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
|
||||||
if (!$success) return 5;
|
if (!$success) return 5;
|
||||||
|
@ -1265,7 +1314,7 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
|
||||||
}
|
}
|
||||||
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
|
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
|
||||||
}
|
}
|
||||||
if ($_SESSION['config']->scriptServer) setquotas($values->general_username,'user',$values_old->general_username);
|
if ($_SESSION['config']->scriptServer) setquotas($values,'user',$values_old);
|
||||||
return 3;
|
return 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1396,6 +1445,32 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
|
||||||
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
|
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( (!in_array('posixAccount', $_SESSION['account_old']->general_objectClass)) ||
|
||||||
|
(!in_array('shadowAccount', $_SESSION['account_old']->general_objectClass)) ||
|
||||||
|
(!in_array('account', $_SESSION['account_old']->general_objectClass)) ||
|
||||||
|
(($_SESSION['config']->samba3 =='yes') && (!in_array('sambaSamAccount', $_SESSION['account_old']->general_objectClass))) ||
|
||||||
|
(($_SESSION['config']->samba3 !='yes') && (!in_array('sambaAccount', $_SESSION['account_old']->general_objectClass)))) {
|
||||||
|
|
||||||
|
$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixGroup");
|
||||||
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||||
|
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||||
|
// remove "count" from array
|
||||||
|
unset($attr_old['count']);
|
||||||
|
for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
|
||||||
|
$keys = array_keys($attr_old);
|
||||||
|
for ($i=0; $i < sizeof($keys); $i++)
|
||||||
|
unset($attr_old[$keys[$i]]['count']);
|
||||||
|
unset ($attr_old['objectClass']);
|
||||||
|
$attr_old['objectClass'][0] = 'posixAccount';
|
||||||
|
$attr_old['objectClass'][1] = 'shadowAccount';
|
||||||
|
$attr_old['objectClass'][2] = 'account';
|
||||||
|
if ($_SESSION['config']->samba3 !='yes') $attr_old['objectClass'][3] = 'sambaSamAccount';
|
||||||
|
else $attr_old['objectClass'][3] = 'sambaAccount';
|
||||||
|
$success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
|
||||||
|
if ($success) $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
|
||||||
|
else return 5;
|
||||||
|
}
|
||||||
|
|
||||||
if ($attr_rem) {
|
if ($attr_rem) {
|
||||||
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
|
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
|
||||||
if (!$success) return 5;
|
if (!$success) return 5;
|
||||||
|
@ -1405,7 +1480,7 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
|
||||||
if (!$success) return 5;
|
if (!$success) return 5;
|
||||||
}
|
}
|
||||||
if ($values->general_dn != $values_old->general_dn) {// Hostname hasn't changed
|
if ($values->general_dn != $values_old->general_dn) {// Hostname hasn't changed
|
||||||
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
|
$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixAccount");
|
||||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||||
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||||
// remove "count" from array
|
// remove "count" from array
|
||||||
|
@ -1416,8 +1491,8 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
|
||||||
unset($attr_old[$keys[$i]]['count']);
|
unset($attr_old[$keys[$i]]['count']);
|
||||||
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
|
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
|
||||||
if ($success) $success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
|
if ($success) $success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
|
||||||
|
if (!$success) return 5;
|
||||||
}
|
}
|
||||||
if (!$success) return 5;
|
|
||||||
return 3;
|
return 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1454,7 +1529,7 @@ function creategroup($values) { // Will create the LDAP-Group
|
||||||
if ($values->smb_displayName) $attr['displayName'] = $values->smb_displayName;
|
if ($values->smb_displayName) $attr['displayName'] = $values->smb_displayName;
|
||||||
}
|
}
|
||||||
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
||||||
if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0],'group');
|
if ($_SESSION['config']->scriptServer) setquotas($values,'group');
|
||||||
if ($success) return 1;
|
if ($success) return 1;
|
||||||
else return 4;
|
else return 4;
|
||||||
}
|
}
|
||||||
|
@ -1492,12 +1567,29 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group
|
||||||
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
|
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
|
||||||
if (!$success) return 5;
|
if (!$success) return 5;
|
||||||
}
|
}
|
||||||
|
if (($_SESSION['config']->samba3 = 'yes') && (!in_array('sambaGroupMapping', $_SESSION['account_old']->general_objectClass))) {
|
||||||
|
$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixGroup");
|
||||||
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||||
|
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||||
|
// remove "count" from array
|
||||||
|
unset($attr_old['count']);
|
||||||
|
for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
|
||||||
|
$keys = array_keys($attr_old);
|
||||||
|
for ($i=0; $i < sizeof($keys); $i++)
|
||||||
|
unset($attr_old[$keys[$i]]['count']);
|
||||||
|
unset ($attr_old['objectClass']);
|
||||||
|
$attr_old['objectClass'][0] = 'posixGroup';
|
||||||
|
$attr_old['objectClass'][1] = 'sambaGroupMapping';
|
||||||
|
$success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
|
||||||
|
if ($success) $success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
|
||||||
|
else return 5;
|
||||||
|
}
|
||||||
if ($attr) {
|
if ($attr) {
|
||||||
$success = ldap_mod_replace($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
$success = ldap_mod_replace($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
||||||
if (!$success) return 5;
|
if (!$success) return 5;
|
||||||
}
|
}
|
||||||
if ($values->general_dn != $values_old->general_dn) {// Groupname hasn't changed
|
if ($values->general_dn != $values_old->general_dn) {// Groupname hasn't changed
|
||||||
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixGroup");
|
$result = ldap_search($_SESSION['ldap']->server(), $values_old->general_dn, "objectclass=PosixGroup");
|
||||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||||
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||||
// remove "count" from array
|
// remove "count" from array
|
||||||
|
@ -1509,8 +1601,8 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group
|
||||||
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
|
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
|
||||||
if ($success) ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
|
if ($success) ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
|
||||||
if ($success) $success = ldap_mod_replace($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
if ($success) $success = ldap_mod_replace($_SESSION['ldap']->server(),$values->general_dn, $attr);
|
||||||
|
if (!$success) return 5;
|
||||||
}
|
}
|
||||||
if (!$success) return 5;
|
|
||||||
if ( $_SESSION['final_changegids']==true ) {
|
if ( $_SESSION['final_changegids']==true ) {
|
||||||
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(), 'gidNumber=' . $values_old->general_uidNumber, array('gidNumber'));
|
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(), 'gidNumber=' . $values_old->general_uidNumber, array('gidNumber'));
|
||||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||||
|
@ -1520,7 +1612,7 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group
|
||||||
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
|
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0],'group');
|
if ($_SESSION['config']->scriptServer) setquotas($values,'group',$values_old);
|
||||||
return 3;
|
return 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -25,19 +25,19 @@
|
||||||
# Configure-Options
|
# Configure-Options
|
||||||
# change only variables starting from here
|
# change only variables starting from here
|
||||||
# list of valid admins
|
# list of valid admins
|
||||||
@admins = ('cn=Manager,dc=my-domain,dc=com');
|
@admins = ('cn=Manager,dc=my-domain,dc=com',
|
||||||
|
'uid=test,ou=people,dc=my-domain,dc=com');
|
||||||
$server_ldap="127.0.0.1"; # IP or DNS of ldap-server
|
$server_ldap="127.0.0.1"; # IP or DNS of ldap-server
|
||||||
$server_ssh="127.0.0.1"; # IP or DNS of host to create homedirs, quota, ....
|
$server_ssh="127.0.0.1"; # IP or DNS of host to create homedirs, quota, ....
|
||||||
$server_ssh_ident = "/var/lib/wwwrun/.ssh/id_dsa";
|
$server_ssh_ident = "/var/lib/wwwrun/.ssh/id_dsa"; # SSH-Key to use
|
||||||
$server_ssh_known = "/var/lib/wwwrun/.ssh/knownhosts";
|
$path = "/srv/www/htdocs/lam/lib/lamdaemon.pl"; # path to ldap on remote-host
|
||||||
|
|
||||||
$server_ldap_port='389'; # Port used from ldap
|
$server_ldap_port='389'; # Port used from ldap
|
||||||
$server_tls='no'; # Use TLS?
|
$server_tls='no'; # Use TLS?
|
||||||
$server_tls_verify='require'; # none,optional or require a valid server certificated
|
$server_tls_verify='require'; # none,optional or require a valid server certificated
|
||||||
$server_tls_clientcert=''; # path to client certificate
|
$server_tls_clientcert=''; # path to client certificate
|
||||||
$server_tls_clientkey=''; # path to client certificate
|
$server_tls_clientkey=''; # path to client certificate
|
||||||
$server_tls_decryptkey=''; # To to decrypt clientkey
|
$server_tls_decryptkey=''; # To to decrypt clientkey
|
||||||
$server_tls_cafile=''; # Path to CA-File
|
$server_tls_cafile='/etc/certificates/ca.cert'; # Path to CA-File
|
||||||
$debug=true; # Show debug messages
|
$debug=true; # Show debug messages
|
||||||
|
|
||||||
# Don't change anything below this line
|
# Don't change anything below this line
|
||||||
|
@ -182,7 +182,7 @@ if ($found==true) {
|
||||||
$i=0;
|
$i=0;
|
||||||
($<, $>) = ($>, $<); # Get root privileges
|
($<, $>) = ($>, $<); # Get root privileges
|
||||||
while ($quota_usr[$i][0]) {
|
while ($quota_usr[$i][0]) {
|
||||||
$dev = Quota::getqcarg($quota[$i][1]);
|
$dev = Quota::getqcarg($quota[$i][0]);
|
||||||
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
|
$return = Quota::setqlim($dev,$user[2],$quota[$i][1],$quota[$i][2],$quota[$i][3],$quota[$i][4],1,$group);
|
||||||
$i++;
|
$i++;
|
||||||
}
|
}
|
||||||
|
@ -223,10 +223,9 @@ else {
|
||||||
$username[0] =~ s/uid=//;
|
$username[0] =~ s/uid=//;
|
||||||
my $ssh = Net::SSH::Perl->new($server_ssh, options=>[
|
my $ssh = Net::SSH::Perl->new($server_ssh, options=>[
|
||||||
"IdentityFile $server_ssh_ident",
|
"IdentityFile $server_ssh_ident",
|
||||||
"UserKnownHostsFile $server_ssh_known"
|
"UserKnownHostsFile /dev/null"
|
||||||
]);
|
]);
|
||||||
$ssh->login($username[0], $vals[1]);
|
$ssh->login($username[0], $vals[1]);
|
||||||
#$path = "/srv/www/htdocs/lam/lib/lamdaemon.pl";
|
($stdout, $stderr, $exit) = $ssh->cmd("sudo $path @ARGV");
|
||||||
($stdout, $stderr, $exit) = $ssh->cmd("sudo $0 @ARGV");
|
|
||||||
print "$stdout";
|
print "$stdout";
|
||||||
}
|
}
|
|
@ -152,10 +152,7 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
|
||||||
else $_SESSION['account']->smb_flagsD = false;
|
else $_SESSION['account']->smb_flagsD = false;
|
||||||
if ($_POST['f_smb_flagsX']) $_SESSION['account']->smb_flagsX = true;
|
if ($_POST['f_smb_flagsX']) $_SESSION['account']->smb_flagsX = true;
|
||||||
else $_SESSION['account']->smb_flagsX = false;
|
else $_SESSION['account']->smb_flagsX = false;
|
||||||
if ($_POST['f_smb_mapgroup'] == _('Domain Guests')) $_SESSION['account']->smb_mapgroup = $_SESSION[config]->get_domainSID() . "-" . '514';
|
if (isset($_POST['f_smb_displayName'])) $_SESSION['account']->smb_displayName = $_POST['f_smb_displayName'];
|
||||||
if ($_POST['f_smb_mapgroup'] == _('Domain Users')) $_SESSION['account']->smb_mapgroup = $_SESSION[config]->get_domainSID() . "-" . '513';
|
|
||||||
if ($_POST['f_smb_mapgroup'] == _('Domain Admins')) $_SESSION['account']->smb_mapgroup = $_SESSION[config]->get_domainSID() . "-" . '512';
|
|
||||||
if (isset($_POST['f_smb_domain'])) $_SESSION['account']->smb_displayName = $_POST['f_smb_domain'];
|
|
||||||
else $_SESSION['account']->smb_displayName = '';
|
else $_SESSION['account']->smb_displayName = '';
|
||||||
|
|
||||||
if ($_SESSION['config']->samba3 == 'yes') {
|
if ($_SESSION['config']->samba3 == 'yes') {
|
||||||
|
@ -164,6 +161,9 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
|
||||||
if ($_POST['f_smb_domain'] == $samba3domains[$i]->name) {
|
if ($_POST['f_smb_domain'] == $samba3domains[$i]->name) {
|
||||||
$_SESSION['account']->smb_domain = $samba3domains[$i];
|
$_SESSION['account']->smb_domain = $samba3domains[$i];
|
||||||
}
|
}
|
||||||
|
if ($_POST['f_smb_mapgroup'] == _('Domain Guests')) $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '514';
|
||||||
|
if ($_POST['f_smb_mapgroup'] == _('Domain Users')) $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '513';
|
||||||
|
if ($_POST['f_smb_mapgroup'] == _('Domain Admins')) $_SESSION['account']->smb_mapgroup = $_SESSION['account']->smb_domain->SID . "-" . '512';
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (isset($_POST['f_smb_domain'])) $_SESSION['account']->smb_domain = $_POST['f_smb_domain'];
|
if (isset($_POST['f_smb_domain'])) $_SESSION['account']->smb_domain = $_POST['f_smb_domain'];
|
||||||
|
@ -828,7 +828,7 @@ switch ($select_local) { // Select which part of page will be loaded
|
||||||
echo '<tr><td>';
|
echo '<tr><td>';
|
||||||
echo _('Windows well known group');
|
echo _('Windows well known group');
|
||||||
echo '</td>'."\n".'<td><select name="f_smb_mapgroup" >';
|
echo '</td>'."\n".'<td><select name="f_smb_mapgroup" >';
|
||||||
if ( $_SESSION['account']->smb_mapgroup == $_SESSION[config]->get_domainSID() . "-" . '514' ) {
|
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '514' ) {
|
||||||
echo '<option selected> ';
|
echo '<option selected> ';
|
||||||
echo _('Domain Guests');
|
echo _('Domain Guests');
|
||||||
echo "</option>\n"; }
|
echo "</option>\n"; }
|
||||||
|
@ -837,7 +837,7 @@ switch ($select_local) { // Select which part of page will be loaded
|
||||||
echo _('Domain Guests');
|
echo _('Domain Guests');
|
||||||
echo "</option>\n";
|
echo "</option>\n";
|
||||||
}
|
}
|
||||||
if ( $_SESSION['account']->smb_mapgroup == $_SESSION[config]->get_domainSID() . "-" . '513' ) {
|
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '513' ) {
|
||||||
echo '<option selected> ';
|
echo '<option selected> ';
|
||||||
echo _('Domain Users');
|
echo _('Domain Users');
|
||||||
echo "</option>\n"; }
|
echo "</option>\n"; }
|
||||||
|
@ -846,7 +846,7 @@ switch ($select_local) { // Select which part of page will be loaded
|
||||||
echo _('Domain Users');
|
echo _('Domain Users');
|
||||||
echo "</option>\n";
|
echo "</option>\n";
|
||||||
}
|
}
|
||||||
if ( $_SESSION['account']->smb_mapgroup == $_SESSION[config]->get_domainSID() . "-" . '512' ) {
|
if ( $_SESSION['account']->smb_mapgroup == $_SESSION['account']->smb_domain->SID . "-" . '512' ) {
|
||||||
echo '<option selected> ';
|
echo '<option selected> ';
|
||||||
echo _('Domain Admins');
|
echo _('Domain Admins');
|
||||||
echo "</option>\n"; }
|
echo "</option>\n"; }
|
||||||
|
@ -860,14 +860,25 @@ switch ($select_local) { // Select which part of page will be loaded
|
||||||
'</td></tr>'."\n".'<tr><td>';
|
'</td></tr>'."\n".'<tr><td>';
|
||||||
echo _('Windows Groupname');
|
echo _('Windows Groupname');
|
||||||
echo '</td><td>'.
|
echo '</td><td>'.
|
||||||
'<input name="f_smb_domain" type="text" size="30" maxlength="80" value="' . $_SESSION['account']->smb_displayName . '">'.
|
'<input name="f_smb_displayName" type="text" size="30" maxlength="80" value="' . $_SESSION['account']->smb_displayName . '">'.
|
||||||
'</td><td>'.
|
'</td><td>'.
|
||||||
'<a href="help.php?HelpNumber=465" target="lamhelp">'._('Help').'</a>'.
|
'<a href="help.php?HelpNumber=465" target="lamhelp">'._('Help').'</a>'.
|
||||||
'</td></tr>'."\n";
|
'</td></tr>'."\n".'<tr><td>';
|
||||||
|
echo _('Domain');
|
||||||
|
echo '</td><td><select name="f_smb_domain">';
|
||||||
|
for ($i=0; $i<sizeof($samba3domains); $i++) {
|
||||||
|
if ($_SESSION['account']->smb_domain->name) {
|
||||||
|
if ($_SESSION['account']->smb_domain->name == $samba3domains[$i]->name)
|
||||||
|
echo '<option selected>' . $samba3domains[$i]->name. '</option>';
|
||||||
|
else echo '<option>' . $samba3domains[$i]->name. '</option>';
|
||||||
|
}
|
||||||
|
else echo '<option>' . $samba3domains[$i]->name. '</option>';
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 'host':
|
case 'host':
|
||||||
// set smb_flgasW true because account is host
|
// set smb_flgasW true because account is host
|
||||||
$_SESSION['account']->smb_flagsW = 1;
|
$_SESSION['account']->smb_flagsW = 1;
|
||||||
|
if ($_SESSION['account']->smb_password_no) echo '<input name="f_smb_password_no" type="hidden" value="1l">';
|
||||||
echo '<input name="f_unix_password_no" type="hidden" value="';
|
echo '<input name="f_unix_password_no" type="hidden" value="';
|
||||||
if ($_SESSION['account']->unix_password_no) echo 'checked';
|
if ($_SESSION['account']->unix_password_no) echo 'checked';
|
||||||
echo '">';
|
echo '">';
|
||||||
|
@ -1023,6 +1034,33 @@ switch ($select_local) { // Select which part of page will be loaded
|
||||||
'mv ' . $_SESSION['account_old' ]->general_homedir . ' ' . $_SESSION['account']->general_homedir);
|
'mv ' . $_SESSION['account_old' ]->general_homedir . ' ' . $_SESSION['account']->general_homedir);
|
||||||
echo '</tr>'."\n";
|
echo '</tr>'."\n";
|
||||||
}
|
}
|
||||||
|
if (!in_array('posixAccount', $_SESSION['account_old']->general_objectClass)) {
|
||||||
|
echo '<tr>';
|
||||||
|
StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
|
||||||
|
echo "</tr>\n";
|
||||||
|
}
|
||||||
|
if (!in_array('shadowAccount', $_SESSION['account_old']->general_objectClass)) {
|
||||||
|
echo '<tr>';
|
||||||
|
StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
|
||||||
|
echo "</tr>\n";
|
||||||
|
}
|
||||||
|
if (!in_array('inetOrgPerson', $_SESSION['account_old']->general_objectClass)) {
|
||||||
|
echo '<tr>';
|
||||||
|
StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
|
||||||
|
echo "</tr>\n";
|
||||||
|
}
|
||||||
|
if ($_SESSION['config']->samba3 == 'yes') {
|
||||||
|
if (!in_array('sambaSamAccount', $_SESSION['account_old']->general_objectClass)) {
|
||||||
|
echo '<tr>';
|
||||||
|
StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
|
||||||
|
echo "</tr>\n";
|
||||||
|
}}
|
||||||
|
else
|
||||||
|
if (!in_array('sambaAccount', $_SESSION['account_old']->general_objectClass)) {
|
||||||
|
echo '<tr>';
|
||||||
|
StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
|
||||||
|
echo "</tr>\n";
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 'group' :
|
case 'group' :
|
||||||
if (($_SESSION['account_old']) && ($_SESSION['account']->general_uidNumber != $_SESSION['account_old']->general_uidNumber)) {
|
if (($_SESSION['account_old']) && ($_SESSION['account']->general_uidNumber != $_SESSION['account_old']->general_uidNumber)) {
|
||||||
|
@ -1037,6 +1075,16 @@ switch ($select_local) { // Select which part of page will be loaded
|
||||||
echo _('Change GID-Number of all users in group to new value');
|
echo _('Change GID-Number of all users in group to new value');
|
||||||
echo '</td></tr>'."\n";
|
echo '</td></tr>'."\n";
|
||||||
}
|
}
|
||||||
|
if (($_SESSION['config']->samba3 == 'yes') && (!in_array('sambaGroupMapping', $_SESSION['account_old']->general_objectClass))) {
|
||||||
|
echo '<tr>';
|
||||||
|
StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
|
||||||
|
echo "</tr>\n";
|
||||||
|
}
|
||||||
|
if (!in_array('posixGroup', $_SESSION['account_old']->general_objectClass)) {
|
||||||
|
echo '<tr>';
|
||||||
|
StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
|
||||||
|
echo "</tr>\n";
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 'host':
|
case 'host':
|
||||||
if (($_SESSION['account_old']) && ($_SESSION['account']->general_uidNumber != $_SESSION['account_old']->general_uidNumber)) {
|
if (($_SESSION['account_old']) && ($_SESSION['account']->general_uidNumber != $_SESSION['account_old']->general_uidNumber)) {
|
||||||
|
@ -1045,6 +1093,33 @@ switch ($select_local) { // Select which part of page will be loaded
|
||||||
'find / -gid ' . $_SESSION['account_old' ]->general_uidNumber . ' -exec chown ' . $_SESSION['account']->general_uidNumber . ' {} \;');
|
'find / -gid ' . $_SESSION['account_old' ]->general_uidNumber . ' -exec chown ' . $_SESSION['account']->general_uidNumber . ' {} \;');
|
||||||
echo '</tr>'."\n";
|
echo '</tr>'."\n";
|
||||||
}
|
}
|
||||||
|
if (!in_array('posixAccount', $_SESSION['account_old']->general_objectClass)) {
|
||||||
|
echo '<tr>';
|
||||||
|
StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
|
||||||
|
echo "</tr>\n";
|
||||||
|
}
|
||||||
|
if (!in_array('shadowAccount', $_SESSION['account_old']->general_objectClass)) {
|
||||||
|
echo '<tr>';
|
||||||
|
StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
|
||||||
|
echo "</tr>\n";
|
||||||
|
}
|
||||||
|
if (!in_array('account', $_SESSION['account_old']->general_objectClass)) {
|
||||||
|
echo '<tr>';
|
||||||
|
StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
|
||||||
|
echo "</tr>\n";
|
||||||
|
}
|
||||||
|
if ($_SESSION['config']->samba3 == 'yes') {
|
||||||
|
if (!in_array('sambaSamAccount', $_SESSION['account_old']->general_objectClass)) {
|
||||||
|
echo '<tr>';
|
||||||
|
StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
|
||||||
|
echo "</tr>\n";
|
||||||
|
}}
|
||||||
|
else
|
||||||
|
if (!in_array('sambaAccount', $_SESSION['account_old']->general_objectClass)) {
|
||||||
|
echo '<tr>';
|
||||||
|
StatusMessage('WARN', _('ObjectClass doesn\'t fit.'), _('Have to recreate entry.'));
|
||||||
|
echo "</tr>\n";
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
echo '<tr><td>'.
|
echo '<tr><td>'.
|
||||||
|
|
Loading…
Reference in New Issue