separated group and host modify/create
This commit is contained in:
katagia
parent
4df44c8b18
commit
5bbb4135e5
|
|
@ -977,27 +977,6 @@ function createhost() { // Will create the LDAP-Account
|
|||
$attr['homeDirectory'] = $_SESSION['account']->general_homedir; // posixAccount_req
|
||||
|
||||
// posixAccount_may shadowAccount_may
|
||||
if ($_SESSION['modify']==1) {
|
||||
$password_old = str_replace('{CRYPT}', '',$_SESSION['account_old']->unix_password);
|
||||
if (substr($password_old,0,1) == '!' ) $password_old = substr($password_old,1,strlen($password_old));
|
||||
if ($_SESSION['account']->unix_password=='') {
|
||||
if ($_SESSION['account']->unix_password_no) $password_old = '';
|
||||
if ($_SESSION['account']->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . $password_old;
|
||||
else $attr['userPassword'] = '{CRYPT}' . $password_old;
|
||||
$attr['shadowLastChange'] = $_SESSION['account_old']->unix_shadowLastChange; // shadowAccount_may
|
||||
}
|
||||
else {
|
||||
if ($_SESSION['account']->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($_SESSION['account']->unix_password);
|
||||
else $attr['userPassword'] = '{CRYPT}' . crypt($_SESSION['account']->unix_password);
|
||||
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
||||
}
|
||||
if ($_SESSION['account']->smb_password!='') {
|
||||
$attr['ntPassword'] = exec('../lib/createntlm.pl nt ' . $_SESSION['account']->smb_password);
|
||||
$attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $_SESSION['account']->smb_password);
|
||||
$attr['pwdLastSet'] = time(); // sambaAccount_may
|
||||
}
|
||||
}
|
||||
else {
|
||||
if ($_SESSION['account']->unix_password_no) $_SESSION['account']->unix_password = '';
|
||||
if ($_SESSION['account']->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($_SESSION['account']->unix_password);
|
||||
else $attr['userPassword'] = '{CRYPT}' . crypt($_SESSION['account']->unix_password);
|
||||
|
|
@ -1005,7 +984,6 @@ function createhost() { // Will create the LDAP-Account
|
|||
$attr['ntPassword'] = exec('../lib/createntlm.pl nt ' . $_SESSION['account']->smb_password);
|
||||
$attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $_SESSION['account']->smb_password);
|
||||
$attr['pwdLastSet'] = time(); // sambaAccount_may
|
||||
}
|
||||
if ($_SESSION['account']->smb_password_no) {
|
||||
$attr['ntPassword'] = 'NO PASSWORD*****';
|
||||
$attr['lmPassword'] = 'NO PASSWORD*****';
|
||||
|
|
@ -1027,13 +1005,119 @@ function createhost() { // Will create the LDAP-Account
|
|||
$attr['acctFlags'] = smbflag(); // sambaAccount_may
|
||||
$attr['displayName'] = $_SESSION['account']->general_gecos; // sambaAccount_may
|
||||
if ($_SESSION['account']->smb_domain!='') $attr['domain'] = $_SESSION['account']->smb_domain; // sambaAccount_may
|
||||
$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
|
||||
if (!$success) return 4;
|
||||
// Add host to groups
|
||||
$result = ldap_search($_SESSION['ldap']->server(), 'cn='.$_SESSION['account']->general_group.','.$_SESSION['config']->get_GroupSuffix(), "objectclass=posixGroup");
|
||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||
$group = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||
if ($group['memberUid']) array_shift($group['memberUid']);
|
||||
if (! in_array($_SESSION['account']->general_username, $group)) {
|
||||
$toadd['memberUid'] = $_SESSION['account']->general_username;
|
||||
$success = ldap_mod_add($_SESSION['ldap']->server(), 'cn='.$_SESSION['account']->general_group.','.$_SESSION['config']->get_GroupSuffix(), $toadd);
|
||||
}
|
||||
if (!$success) return 4;
|
||||
// Add Host to Additional Groups
|
||||
if ($_SESSION['account']->general_groupadd)
|
||||
foreach ($_SESSION['account']->general_groupadd as $group2) {
|
||||
$result = ldap_search($_SESSION['ldap']->server(), 'cn='.$group2.','.$_SESSION['config']->get_GroupSuffix(), "objectclass=posixGroup");
|
||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||
$group = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||
if ($group['memberUid']) array_shift($group['memberUid']);
|
||||
if (! in_array($_SESSION['account']->general_username, $group['memberUid'])) {
|
||||
$toadd['memberUid'] = $_SESSION['account']->general_username;
|
||||
$success = ldap_mod_add($_SESSION['ldap']->server(), 'cn='.$group2.','.$_SESSION['config']->get_GroupSuffix(), $toadd);
|
||||
}
|
||||
if (!$success) return 4;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( $_SESSION['modify'] == 1 ) {
|
||||
if ($_SESSION['account']->general_username == $_SESSION['account_old']->general_username) // Hostname hasn't changed
|
||||
function modifyhost() { // Will modify the LDAP-Account
|
||||
// 2 == Account allready exists at different location
|
||||
// 3 == Account has been modified
|
||||
// 5 == Error while modifying Account
|
||||
// Value stored in shadowExpire, days since 1.1.1970
|
||||
$date = mktime(10,0,0, $_SESSION['account']->unix_pwdexpire_mon, $_SESSION['account']->unix_pwdexpire_day, $_SESSION['account']->unix_pwdexpire_yea) / 86400 ;
|
||||
settype($date, 'integer');
|
||||
$_SESSION['account']->general_dn = 'uid=' . $_SESSION['account']->general_username . ',' . $_SESSION['config']->get_UserSuffix();
|
||||
if ($_SESSION['account']->general_username != $_SESSION['account_old']->general_username) {
|
||||
$attr['cn'] = $_SESSION['account']->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
|
||||
$attr['uid'] = $_SESSION['account']->general_username; // posixAccount_req
|
||||
}
|
||||
if ($_SESSION['account']->general_uidNumber != $_SESSION['account_old']->general_uidNumber) {
|
||||
$attr['uidNumber'] = $_SESSION['account']->general_uidNumber; // posixAccount_req
|
||||
$attr['rid'] = (2 * $_SESSION['account']->general_uidNumber + 1000); // sambaAccount_may
|
||||
}
|
||||
if ($_SESSION['account']->general_group != $_SESSION['account_old']->general_group) {
|
||||
$attr['gidNumber'] = getgid($_SESSION['account']->general_group); // posixAccount_req
|
||||
$attr['PrimaryGroupID'] = (2 * getgid($_SESSION['account']->general_group) + 1001); // sambaAccount_req
|
||||
}
|
||||
if ($_SESSION['account']->general_homedir != $_SESSION['account_old']->general_homedir)
|
||||
$attr['homeDirectory'] = $_SESSION['account']->general_homedir; // posixAccount_req
|
||||
// posixAccount_may shadowAccount_may
|
||||
$password_old = str_replace('{CRYPT}', '',$_SESSION['account_old']->unix_password);
|
||||
if (substr($password_old,0,1) == '!' ) $password_old = substr($password_old,1,strlen($password_old));
|
||||
if ($_SESSION['account']->unix_password=='') {
|
||||
if ($_SESSION['account']->unix_password_no) $password_old = '';
|
||||
if ($_SESSION['account']->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . $password_old;
|
||||
else $attr['userPassword'] = '{CRYPT}' . $password_old;
|
||||
$attr['shadowLastChange'] = $_SESSION['account_old']->unix_shadowLastChange; // shadowAccount_may
|
||||
}
|
||||
else {
|
||||
if ($_SESSION['account']->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($_SESSION['account']->unix_password);
|
||||
else $attr['userPassword'] = '{CRYPT}' . crypt($_SESSION['account']->unix_password);
|
||||
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
|
||||
}
|
||||
if ($_SESSION['account']->smb_password_no) {
|
||||
$attr['ntPassword'] = 'NO PASSWORD*****';
|
||||
$attr['lmPassword'] = 'NO PASSWORD*****';
|
||||
$attr['pwdLastSet'] = time(); // sambaAccount_may
|
||||
}
|
||||
else
|
||||
if ($_SESSION['account']->smb_password!='') {
|
||||
$attr['ntPassword'] = exec('../lib/createntlm.pl nt ' . $_SESSION['account']->smb_password);
|
||||
$attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $_SESSION['account']->smb_password);
|
||||
$attr['pwdLastSet'] = time(); // sambaAccount_may
|
||||
}
|
||||
if ($_SESSION['account']->general_shell != $_SESSION['account_old']->general_shell)
|
||||
$attr['loginShell'] = $_SESSION['account']->general_shell; // posixAccount_may
|
||||
if ($_SESSION['account']->general_gecos != $_SESSION['account_old']->general_gecos) {
|
||||
$attr['gecos'] = $_SESSION['account']->general_gecos; // posixAccount_may
|
||||
$attr['description'] = $_SESSION['account']->general_gecos; // posixAccount_may sambaAccount_may
|
||||
$attr['displayName'] = $_SESSION['account']->general_gecos; // sambaAccount_may
|
||||
}
|
||||
if ($_SESSION['account']->general_pwdminage != $_SESSION['account_old']->general_pwdminage)
|
||||
$attr['shadowMin'] = $_SESSION['account']->unix_pwdminage; // shadowAccount_may
|
||||
if ($_SESSION['account']->general_pwdmaxage != $_SESSION['account_old']->general_pwdmaxage)
|
||||
$attr['shadowMax'] = $_SESSION['account']->unix_pwdmaxage; // shadowAccount_may
|
||||
if ($_SESSION['account']->general_pwdwarn != $_SESSION['account_old']->general_pwdwarn)
|
||||
$attr['shadowWarning'] = $_SESSION['account']->unix_pwdwarn; // shadowAccount_may
|
||||
if ($_SESSION['account']->general_pwdallowlogin != $_SESSION['account_old']->general_pwdallowlogin)
|
||||
$attr['shadowInactive'] = $_SESSION['account']->unix_pwdallowlogin; // shadowAccount_may
|
||||
if (($_SESSION['account']->unix_pwdexpire_day = $date['mday']!=$_SESSION['account_old']->unix_pwdexpire_day = $date['mday']) ||
|
||||
($_SESSION['account']->unix_pwdexpire_mon = $date['mon'] != $_SESSION['account_old']->unix_pwdexpire_mon = $date['mon']) ||
|
||||
($_SESSION['account']->unix_pwdexpire_yea = $date['year'] != $_SESSION['account']->unix_pwdexpire_yea = $date['year']))
|
||||
$attr['shadowExpire'] = $date ; // shadowAccount_may
|
||||
if ($_SESSION['account']->smb_pwdcanchange && $_SESSION['account_old']->smb_pwdcanchange==0) $attr['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
|
||||
if ($_SESSION['account']->smb_pwdcanchange==0 && $_SESSION['account_old']->smb_pwdcanchange==1) $attr_rem['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
|
||||
if ($_SESSION['account']->smb_pwdmustchange && $_SESSION['account']->smb_pwdmustchange==0) $attr['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
|
||||
if ($_SESSION['account']->smb_pwdmustchange==0 && $_SESSION['account']->smb_pwdmustchange==1) $attr_rem['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
|
||||
$attr['acctFlags'] = smbflag(); // sambaAccount_may
|
||||
if (($_SESSION['account']->smb_domain!='') && ($_SESSION['account']->smb_domain!=$_SESSION['account_old']->smb_domain)) $attr['domain'] = $_SESSION['account']->smb_domain; // sambaAccount_may
|
||||
if (($_SESSION['account']->smb_domain=='') && ($_SESSION['account']->smb_domain!=$_SESSION['account_old']->smb_domain)) $attr_rem['domain'] = $_SESSION['account_old']->smb_domain; // sambaAccount_may
|
||||
|
||||
if ($attr_rem) $success = ldap_mod_del($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr_rem);
|
||||
if (!$success) return 5;
|
||||
if ($_SESSION['account']->general_username == $_SESSION['account_old']->general_username) // Username hasn't changed
|
||||
$success = ldap_modify($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
|
||||
else {
|
||||
$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
|
||||
if ($success) ldap_delete($_SESSION['ldap']->server(),$_SESSION['account_old']->general_dn);
|
||||
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
|
||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||
$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr_old);
|
||||
if ($success) $success = ldap_delete($_SESSION['ldap']->server(),$_SESSION['account_old']->general_dn);
|
||||
if ($success) $success = ldap_mod_replace($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
|
||||
}
|
||||
if (!$success) return 5;
|
||||
// Write Groupmemberchips
|
||||
|
|
@ -1072,36 +1156,7 @@ function createhost() { // Will create the LDAP-Account
|
|||
if (!$success) return 5;
|
||||
return 3;
|
||||
}
|
||||
else {
|
||||
// Write a new entry if host doesn't exists
|
||||
$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
|
||||
if (!$success) return 4;
|
||||
// Add host to groups
|
||||
$result = ldap_search($_SESSION['ldap']->server(), 'cn='.$_SESSION['account']->general_group.','.$_SESSION['config']->get_GroupSuffix(), "objectclass=posixGroup");
|
||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||
$group = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||
if ($group['memberUid']) array_shift($group['memberUid']);
|
||||
if (! in_array($_SESSION['account']->general_username, $group)) {
|
||||
$toadd['memberUid'] = $_SESSION['account']->general_username;
|
||||
$success = ldap_mod_add($_SESSION['ldap']->server(), 'cn='.$_SESSION['account']->general_group.','.$_SESSION['config']->get_GroupSuffix(), $toadd);
|
||||
}
|
||||
if (!$success) return 4;
|
||||
// Add Host to Additional Groups
|
||||
if ($_SESSION['account']->general_groupadd)
|
||||
foreach ($_SESSION['account']->general_groupadd as $group2) {
|
||||
$result = ldap_search($_SESSION['ldap']->server(), 'cn='.$group2.','.$_SESSION['config']->get_GroupSuffix(), "objectclass=posixGroup");
|
||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||
$group = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||
if ($group['memberUid']) array_shift($group['memberUid']);
|
||||
if (! in_array($_SESSION['account']->general_username, $group['memberUid'])) {
|
||||
$toadd['memberUid'] = $_SESSION['account']->general_username;
|
||||
$success = ldap_mod_add($_SESSION['ldap']->server(), 'cn='.$group2.','.$_SESSION['config']->get_GroupSuffix(), $toadd);
|
||||
}
|
||||
if (!$success) return 4;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
function creategroup() { // Will create the LDAP-Group
|
||||
|
|
@ -1116,22 +1171,32 @@ function creategroup() { // Will create the LDAP-Group
|
|||
$attr['gidNumber'] = $_SESSION['account']->general_uidNumber;
|
||||
$attr['description'] = $_SESSION['account']->general_gecos;
|
||||
if ($_SESSION['account']->general_memeberUid) $attr['memberUid'] = $_SESSION['account']->general_memberUid;
|
||||
if ( $_SESSION['modify']==0 ) { // Write a new entry if group doesn't exists
|
||||
$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
|
||||
if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0]);
|
||||
if ($success) return 1;
|
||||
else return 4;
|
||||
}
|
||||
else { // Modify an Existing entry
|
||||
|
||||
function modifygroup() { // Will modify the LDAP-Group
|
||||
// 2 == Group allready exists at different location
|
||||
// 3 == Group has been modified
|
||||
// 5 == Error while modifying Group
|
||||
$_SESSION['account']->general_dn = 'cn=' . $_SESSION['account']->general_username . ',' . $_SESSION['config']->get_GroupSuffix();
|
||||
if ($_SESSION['account']->general_username != $_SESSION['account_old']->general_username) $attr['cn'] = $_SESSION['account']->general_username;
|
||||
if ($_SESSION['account']->general_uidNumber != $_SESSION['account_old']->general_uidNumber) $attr['gidNumber'] = $_SESSION['account']->general_uidNumber;
|
||||
if ($_SESSION['account']->general_gecos != $_SESSION['account_old']->general_gecos) $attr['description'] = $_SESSION['account']->general_gecos;
|
||||
if ($_SESSION['account']->general_memeberUid != $_SESSION['account_old']->general_memberUid) $attr['memberUid'] = $_SESSION['account']->general_memberUid;
|
||||
if ($_SESSION['account']->general_username == $_SESSION['account_old']->general_username) // Groupname hasn't changed
|
||||
$success = ldap_modify($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
|
||||
$success = ldap_mod_replace($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
|
||||
else {
|
||||
$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
|
||||
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixGroup");
|
||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||
$attr_old = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
|
||||
$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr_old);
|
||||
if ($success) ldap_delete($_SESSION['ldap']->server(),$_SESSION['account_old']->general_dn);
|
||||
if ($success) $success = ldap_mod_replace($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
|
||||
}
|
||||
echo "draussen";
|
||||
if ( $_SESSION['final_changegids']==true ) {
|
||||
echo "drin";
|
||||
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(), 'gidNumber=' . $_SESSION['account_old']->general_uidNumber, array('gidNumber'));
|
||||
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||
while ($entry) {
|
||||
|
|
@ -1144,6 +1209,6 @@ function creategroup() { // Will create the LDAP-Group
|
|||
if ($success) return 3;
|
||||
else return 5;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -233,11 +233,13 @@ if ( $_POST['create'] ) { // Create-Button was pressed
|
|||
if ( $result==1 || $result==3 ) $select_local = 'finish';
|
||||
break;
|
||||
case 'group':
|
||||
$result = creategroup(); // account.inc
|
||||
if ($_SESSION['modify']==1) $result = modifygroup();
|
||||
else $result = creategroup(); // account.inc
|
||||
if ( $result==1 || $result==3 ) $select_local = 'finish';
|
||||
break;
|
||||
case 'host':
|
||||
$result = createhost(); // account.inc
|
||||
if ($_SESSION['modify']==1) $result = modifyhost();
|
||||
else $result = createhost(); // account.inc
|
||||
if ( $result==1 || $result==3 ) $select_local = 'finish';
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue