diff --git a/lam/docs/devel/upgrade.htm b/lam/docs/devel/upgrade.htm index f867206a..199d5603 100644 --- a/lam/docs/devel/upgrade.htm +++ b/lam/docs/devel/upgrade.htm @@ -18,6 +18,8 @@ + + @@ -48,8 +50,17 @@ This is a list of API changes for all LAM releases.

5.5 -> 5.6

-Functions in lib/types.inc got namespace LAM/TYPES (e.g. getTypeAlias()).
-New API to access configured account types: LAM\TYPES\TypeManager.
+ +

5.4 -> 5.5

Functions Ldap::encrypt/decrypt in ldap.inc moved to lamEncrypt/lamDecrypt in security.inc.

diff --git a/lam/lib/baseType.inc b/lam/lib/baseType.inc index ef208bf1..5833d189 100644 --- a/lam/lib/baseType.inc +++ b/lam/lib/baseType.inc @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2005 - 2014 Roland Gruber + Copyright (C) 2005 - 2016 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -130,50 +130,12 @@ class baseType { } /** - * Returns a list of LDAP suffixes for this type. + * Returns the LDAP filter to find the possible suffixes for this account type. * - * @return array sorted list of possible suffixes for this type. + * @return string LDAP filter */ - public function getSuffixList() { - if (isset($_SESSION["config"])) { - $suffix = $_SESSION["config"]->get_Suffix(get_class($this)); - $connection = $_SESSION["ldap"]->server(); - } - else { - $suffix = $_SESSION['selfServiceProfile']->LDAPSuffix; - $connection = $_SESSION['ldapHandle']; - } - $ret = array(); - $filter = "(|(objectClass=organizationalunit)(objectClass=country)(objectClass=organization)(objectClass=krbRealmContainer)(objectClass=container))"; - $sr = @ldap_search($connection, escapeDN($suffix),$filter , array('dn', 'objectClass'), 0, 0, 0, LDAP_DEREF_NEVER); - if ($sr) { - $units = ldap_get_entries($connection, $sr); - cleanLDAPResult($units); - // extract Dns - $count = sizeof($units); - for ($i = 0; $i < $count; $i++) { - if (in_array('container', $units[$i]['objectclass'])) { - // Active Directory fix, hide system containers - if (preg_match('/.*cn=system,dc=.+/i', $units[$i]['dn']) || preg_match('/.*CN=program data,dc=.+/i', $units[$i]['dn'])) { - continue; - } - } - $ret[] = $units[$i]['dn']; - } - } - // add root suffix if needed - $found = false; - for ($i = 0; $i < sizeof($ret); $i++) { // search suffix case-intensitive - if (strtolower($suffix) == strtolower($ret[$i])) { - $found = true; - break; - } - } - if (!$found) { - $ret[] = $suffix; - } - usort($ret, 'compareDN'); - return $ret; + public function getSuffixFilter() { + return "(|(objectClass=organizationalunit)(objectClass=country)(objectClass=organization)(objectClass=krbRealmContainer)(objectClass=container))"; } /** diff --git a/lam/lib/lists.inc b/lam/lib/lists.inc index 49b7750a..bfd687a9 100644 --- a/lam/lib/lists.inc +++ b/lam/lib/lists.inc @@ -962,7 +962,7 @@ class lamList { call_user_func_array('StatusMessage', $lastError); } // generate list of possible suffixes - $this->possibleSuffixes = $this->type->getBaseType()->getSuffixList(); + $this->possibleSuffixes = $this->type->getSuffixList(); } /** diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc index 1c956c0b..39de01e8 100644 --- a/lam/lib/modules.inc +++ b/lam/lib/modules.inc @@ -812,7 +812,7 @@ class accountContainer { */ function get_type() { return $this->type; - } + } /** * This function is called when the user clicks on any button on the account pages. @@ -2146,8 +2146,7 @@ class accountContainer { if ($this->cachedOUs != null) { return $this->cachedOUs; } - $typeObj = $this->type->getBaseType(); - $this->cachedOUs = $typeObj->getSuffixList(); + $this->cachedOUs = $this->type->getSuffixList(); return $this->cachedOUs; } diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc index 15df66e0..4bf5ef80 100644 --- a/lam/lib/modules/inetOrgPerson.inc +++ b/lam/lib/modules/inetOrgPerson.inc @@ -2809,7 +2809,13 @@ class inetOrgPerson extends baseModule implements passwordService { } else { $userObj = new user(); - $ouList = $userObj->getSuffixList(); + $filter = $userObj->getSuffixFilter(); + $suffix = $_SESSION['selfServiceProfile']->LDAPSuffix; + $foundOus = searchLDAPPaged($_SESSION['ldapHandle'], $suffix, $filter, array('dn'), false, 0); + $ouList = array(); + foreach ($foundOus as $foundOu) { + $ouList[] = $foundOu['dn']; + } if (!empty($attributes['ou'][0]) && !in_array($attributes['ou'][0], $ouList)) { $ouList[] = $attributes['ou'][0]; usort($ouList, 'compareDN'); diff --git a/lam/lib/modules/nisMailAliasUser.inc b/lam/lib/modules/nisMailAliasUser.inc index 12931565..fad3ee73 100644 --- a/lam/lib/modules/nisMailAliasUser.inc +++ b/lam/lib/modules/nisMailAliasUser.inc @@ -36,7 +36,7 @@ class nisMailAliasUser extends baseModule { /** alias cache */ private $cachedAliasList = null; - + /** recipient entries to delete (list of arrays: dn => attributes) */ private $recipientsToDelete = array(); /** complete alias entries to delete */ @@ -45,10 +45,10 @@ class nisMailAliasUser extends baseModule { private $aliasesToAdd = array(); /** alias entries to extend with new recipients (list of arrays: dn => recipients) */ private $recipientsToAdd = array(); - + /** * Returns true if this module can manage accounts of the current type, otherwise false. - * + * * @return boolean true if module fits */ public function can_manage() { @@ -59,7 +59,7 @@ class nisMailAliasUser extends baseModule { * Returns meta data that is interpreted by parent class * * @return array array with meta data - * + * * @see baseModule::get_metaData() */ function get_metaData() { @@ -122,7 +122,7 @@ class nisMailAliasUser extends baseModule { /** * Returns the HTML meta data for the main account page. - * + * * @return htmlElement HTML meta data */ function display_html_attributes() { @@ -247,10 +247,10 @@ class nisMailAliasUser extends baseModule { } return $errors; } - + /** * Removes a recipient from the given DN. - * + * * @param String $recipient recipient as user name or email * @param String $dn alias DN */ @@ -300,7 +300,7 @@ class nisMailAliasUser extends baseModule { /** * Removes an alias with the given DN. - * + * * @param String $dn alias DN */ private function deleteAlias($dn) { @@ -324,10 +324,10 @@ class nisMailAliasUser extends baseModule { unset($this->recipientsToDelete[$dn]); } } - + /** * Returns the HTML meta data for the add page. - * + * * @return htmlElement HTML meta data */ function display_html_add() { @@ -357,9 +357,18 @@ class nisMailAliasUser extends baseModule { $return->addElement(new htmlHiddenInput('recipient', $recipient), true); // new mail alias $return->addElement(new htmlSubTitle(_('Create new alias')), true); - $typeObj = new mailAlias(); - $ous = $typeObj->getSuffixList(); - $return->addElement(new htmlTableExtendedSelect('new_ou', $ous, array(), _('Suffix'), 'suffix'), true); + $typeManager = new \LAM\TYPES\TypeManager(); + $mailAliasTypes = $typeManager->getConfiguredTypesForScope('mailAlias'); + $ous = array(); + foreach ($mailAliasTypes as $type) { + $ous = array_merge($ous, $type->getSuffixList()); + } + $ous = array_unique($ous); + usort($ous, 'compareDN'); + $suffixSelect = new htmlTableExtendedSelect('new_ou', $ous, array(), _('Suffix'), 'suffix'); + $suffixSelect->setRightToLeftTextDirection(true); + $suffixSelect->setSortElements(false); + $return->addElement($suffixSelect, true); $newAliasCn = empty($_POST['new_cn']) ? '' : $_POST['new_cn']; $return->addElement(new htmlTableExtendedInputField(_('Alias name'), 'new_cn', $newAliasCn, 'newAlias'), true); $return->addVerticalSpace('5px'); @@ -367,9 +376,9 @@ class nisMailAliasUser extends baseModule { $addButton->setIconClass('createButton'); $addButton->colspan = 5; $return->addElement($addButton, true); - + $return->addVerticalSpace('20px'); - + // add to existing alias $return->addElement(new htmlSubTitle(_('Add to existing alias')), true); $aliasesToAdd = array(); @@ -388,7 +397,7 @@ class nisMailAliasUser extends baseModule { $addButton->setIconClass('createButton'); $addButton->colspan = 5; $return->addElement($addButton, true); - + $return->addElement(new htmlEqualWidth(array('new_ou', 'new_cn', 'ex_cn'))); return $return; } @@ -446,13 +455,13 @@ class nisMailAliasUser extends baseModule { } } } - + return $errors; } - + /** * Allows the module to run commands after the LDAP entry is changed or created. - * + * * Calling this method requires the existence of an enclosing {@link accountContainer}. * * @param boolean $newAccount new account @@ -545,7 +554,7 @@ class nisMailAliasUser extends baseModule { /** * Returns a list of configuration options. - * + * * Calling this method does not require the existence of an enclosing {@link accountContainer}.
*
* The field names are used as keywords to load and save settings. @@ -554,7 +563,7 @@ class nisMailAliasUser extends baseModule { * @param array $scopes account types (user, group, host) * @param array $allScopes list of all active account modules and their scopes (module => array(scopes)) * @return mixed htmlElement or array of htmlElement - * + * * @see baseModule::get_metaData() * @see htmlElement */ @@ -584,10 +593,10 @@ class nisMailAliasUser extends baseModule { $this->cachedAliasList = searchLDAPByAttribute('cn', '*', 'nisMailAlias', array('dn', 'cn', 'rfc822MailMember'), array('mailAlias')); return $this->cachedAliasList; } - + /** * Returns the user name of this account. - * + * * @return String user name */ private function getUserName() { @@ -605,10 +614,10 @@ class nisMailAliasUser extends baseModule { } return null; } - + /** * Returns the email addresses of this account. - * + * * @return String mail addresses */ private function getMailAddresses() { @@ -620,10 +629,10 @@ class nisMailAliasUser extends baseModule { } return null; } - + /** * Returns if the mail alias type is active. Otherwise, aliases cannot be managed. - * + * * @return boolean is active */ private function isMailAliasTypeActive() { diff --git a/lam/lib/types.inc b/lam/lib/types.inc index 405646c9..7f22bb57 100644 --- a/lam/lib/types.inc +++ b/lam/lib/types.inc @@ -271,6 +271,46 @@ class ConfiguredType { return $this->baseType; } + /** + * Returns a list of LDAP suffixes for this type. + * + * @return array sorted list of possible suffixes for this type. + */ + public function getSuffixList() { + $connection = $_SESSION["ldap"]->server(); + $ret = array(); + $filter = $this->getBaseType()->getSuffixFilter(); + $sr = @ldap_search($connection, escapeDN($this->suffix), $filter, array('dn', 'objectClass'), 0, 0, 0, LDAP_DEREF_NEVER); + if ($sr) { + $units = ldap_get_entries($connection, $sr); + cleanLDAPResult($units); + // extract Dns + $count = sizeof($units); + for ($i = 0; $i < $count; $i++) { + if (in_array('container', $units[$i]['objectclass'])) { + // Active Directory fix, hide system containers + if (preg_match('/.*cn=system,dc=.+/i', $units[$i]['dn']) || preg_match('/.*CN=program data,dc=.+/i', $units[$i]['dn'])) { + continue; + } + } + $ret[] = $units[$i]['dn']; + } + } + // add root suffix if needed + $found = false; + for ($i = 0; $i < sizeof($ret); $i++) { // search suffix case-intensitive + if (strtolower($this->suffix) == strtolower($ret[$i])) { + $found = true; + break; + } + } + if (!$found) { + $ret[] = $this->suffix; + } + usort($ret, 'compareDN'); + return $ret; + } + } /** @@ -389,6 +429,23 @@ class TypeManager { return $configuredTypes; } + /** + * Returns a list of configured types for this scope. + * + * @param string $scope scope (e.g. user) + * @return \LAM\TYPES\ConfiguredType[] list of ConfiguredType + */ + public function getConfiguredTypesForScope($scope) { + $allTypes = $this->getConfiguredTypes(); + $scopedTypes = array(); + foreach ($allTypes as $type) { + if ($type->getScope() == $scope) { + $scopedTypes[] = $type; + } + } + return $scopedTypes; + } + /** * Builds a configured account type. * diff --git a/lam/lib/types/asteriskExt.inc b/lam/lib/types/asteriskExt.inc index 617a41ed..319d271d 100644 --- a/lam/lib/types/asteriskExt.inc +++ b/lam/lib/types/asteriskExt.inc @@ -180,7 +180,7 @@ class lamAsteriskExtList extends lamList { $entries = $this->normalizeLdapOutput($entries); $this->entries = $entries; // generate list of possible suffixes - $this->possibleSuffixes = $this->type->getBaseType()->getSuffixList(); + $this->possibleSuffixes = $this->type->getSuffixList(); } /** diff --git a/lam/templates/profedit/profilepage.php b/lam/templates/profedit/profilepage.php index 07866e25..1e0aef15 100644 --- a/lam/templates/profedit/profilepage.php +++ b/lam/templates/profedit/profilepage.php @@ -207,8 +207,7 @@ $dnContent->addElement(new htmlSpacer(null, '10px'), true); $rootsuffix = $type->getSuffix(); // get subsuffixes $suffixes = array('-' => '-'); -$typeObj = $type->getBaseType(); -$possibleSuffixes = $typeObj->getSuffixList(); +$possibleSuffixes = $type->getSuffixList(); foreach ($possibleSuffixes as $suffix) { $suffixes[getAbstractDN($suffix)] = $suffix; }