WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

refactored dn building code to fix problems with multiple RDN values

This commit is contained in:
Roland Gruber 2011-10-15 09:46:13 +00:00
parent 6c6e58e695
commit 852a4930a8
5 changed files with 52 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
lam/lib/modules.inc
View File

@ -667,7 +667,7 @@ class accountContainer {
private $module; private $module;
/** DN suffix of the account */ /** DN suffix of the account */
public $dn; public $dnSuffix;
/** DN suffix of account when it was loaded */ /** DN suffix of account when it was loaded */
public $dn_orig; public $dn_orig;
@ -755,11 +755,11 @@ class accountContainer {
} }
elseif (!$profileLoaded) { elseif (!$profileLoaded) {
// change dn suffix // change dn suffix
if (isset($_GET['suffix']) && ($_GET['suffix'] != '') && ($this->dn == null)) { if (isset($_GET['suffix']) && ($_GET['suffix'] != '') && ($this->dnSuffix == null)) {
$this->dn = $_GET['suffix']; $this->dnSuffix = $_GET['suffix'];
} }
if (isset($_POST['accountContainerSuffix']) && ($_POST['accountContainerSuffix'] != '')) { if (isset($_POST['accountContainerSuffix']) && ($_POST['accountContainerSuffix'] != '')) {
$this->dn = $_POST['accountContainerSuffix']; $this->dnSuffix = $_POST['accountContainerSuffix'];
} }
// change RDN // change RDN
if (isset($_POST['accountContainerRDN'])) { if (isset($_POST['accountContainerRDN'])) {
@ -769,7 +769,7 @@ class accountContainer {
if (isset($_POST['accountContainerCreateAgain'])) { if (isset($_POST['accountContainerCreateAgain'])) {
// open fresh account page // open fresh account page
unset($_SESSION[$this->base]); unset($_SESSION[$this->base]);
metaRefresh("edit.php?type=" . $this->type . "&suffix=" . $this->dn); metaRefresh("edit.php?type=" . $this->type . "&suffix=" . $this->dnSuffix);
exit(); exit();
} }
// reedit account // reedit account
@ -911,13 +911,13 @@ class accountContainer {
$rootsuffix = $_SESSION['config']->get_Suffix($this->type); $rootsuffix = $_SESSION['config']->get_Suffix($this->type);
foreach ($this->getOUs() as $suffix) { foreach ($this->getOUs() as $suffix) {
echo '<option value="' . $suffix . '" '; echo '<option value="' . $suffix . '" ';
if ($this->dn == $suffix) { if ($this->dnSuffix == $suffix) {
echo 'selected'; echo 'selected';
} }
echo ">" . getAbstractDN($suffix) . "</option>\n"; echo ">" . getAbstractDN($suffix) . "</option>\n";
} }
if (!($this->dn == '') && !in_array($this->dn, $this->getOUs())) { if (!($this->dnSuffix == '') && !in_array($this->dnSuffix, $this->getOUs())) {
echo '<option value="' . $this->dn . '" selected>' . getAbstractDN($this->dn) . "</option>\n";; echo '<option value="' . $this->dnSuffix . '" selected>' . getAbstractDN($this->dnSuffix) . "</option>\n";;
} }
echo "</select>\n"; echo "</select>\n";
echo '&nbsp;&nbsp;&nbsp;&nbsp;'; echo '&nbsp;&nbsp;&nbsp;&nbsp;';
@ -1233,7 +1233,7 @@ class accountContainer {
} }
} }
if (isset($profile['ldap_suffix'][0]) && ($profile['ldap_suffix'][0] != '-')) { if (isset($profile['ldap_suffix'][0]) && ($profile['ldap_suffix'][0] != '-')) {
$this->dn = $profile['ldap_suffix'][0]; $this->dnSuffix = $profile['ldap_suffix'][0];
} }
return true; return true;
} }
@ -1348,10 +1348,10 @@ class accountContainer {
unset($torem[$attributes2[$i]]); unset($torem[$attributes2[$i]]);
} }
} }
if (count($toadd)!=0) $return[$this->dn]['add'] = $toadd; if (count($toadd)!=0) $return[$this->dn_orig]['add'] = $toadd;
if (count($torem)!=0) $return[$this->dn]['remove'] = $torem; if (count($torem)!=0) $return[$this->dn_orig]['remove'] = $torem;
if (count($tomodify)!=0) $return[$this->dn]['modify'] = $tomodify; if (count($tomodify)!=0) $return[$this->dn_orig]['modify'] = $tomodify;
if (count($notchanged)!=0) $return[$this->dn]['notchanged'] = $notchanged; if (count($notchanged)!=0) $return[$this->dn_orig]['notchanged'] = $notchanged;
return $return; return $return;
} }
@ -1376,7 +1376,7 @@ class accountContainer {
if (!$entry) { if (!$entry) {
return array(array("ERROR", _("Unable to load LDAP entry:") . " " . htmlspecialchars($dn), ldap_error($_SESSION['ldap']->server()))); return array(array("ERROR", _("Unable to load LDAP entry:") . " " . htmlspecialchars($dn), ldap_error($_SESSION['ldap']->server())));
} }
$this->dn = substr($dn, strpos($dn, ',')+1); $this->dnSuffix = substr($dn, strpos($dn, ',')+1);
$this->dn_orig = $dn; $this->dn_orig = $dn;
// extract RDN // extract RDN
$this->rdn = explode("=", substr($dn, 0, strpos($dn, ','))); $this->rdn = explode("=", substr($dn, 0, strpos($dn, ',')));
@ -1517,7 +1517,7 @@ class accountContainer {
} }
} }
if (isset($profile['ldap_suffix'][0]) && ($profile['ldap_suffix'][0] != '-')) { if (isset($profile['ldap_suffix'][0]) && ($profile['ldap_suffix'][0] != '-')) {
$this->dn = $profile['ldap_suffix'][0]; $this->dnSuffix = $profile['ldap_suffix'][0];
} }
// get titles // get titles
$typeObject = new $this->type(); $typeObject = new $this->type();
@ -1535,7 +1535,7 @@ class accountContainer {
if (!checkIfWriteAccessIsAllowed()) { if (!checkIfWriteAccessIsAllowed()) {
die(); die();
} }
$this->finalDN = $this->dn; $this->finalDN = $this->dn_orig;
$errors = array(); $errors = array();
$ldapUser = $_SESSION['ldap']->decrypt_login(); $ldapUser = $_SESSION['ldap']->decrypt_login();
$ldapUser = $ldapUser[0]; $ldapUser = $ldapUser[0];
@ -1553,39 +1553,26 @@ class accountContainer {
$ops = array_keys($temp[$DNs[$i]]); $ops = array_keys($temp[$DNs[$i]]);
for ($j=0; $j<count($ops); $j++) { for ($j=0; $j<count($ops); $j++) {
$attrs = array_keys($temp[$DNs[$i]][$ops[$j]]); $attrs = array_keys($temp[$DNs[$i]][$ops[$j]]);
for ($k=0; $k<count($attrs); $k++) for ($k=0; $k<count($attrs); $k++) {
$attributes[$DNs[$i]][$ops[$j]][$attrs[$k]] = array_unique($attributes[$DNs[$i]][$ops[$j]][$attrs[$k]]); $attributes[$DNs[$i]][$ops[$j]][$attrs[$k]] = array_unique($attributes[$DNs[$i]][$ops[$j]][$attrs[$k]]);
} }
} }
} }
// Complete dn with RDN attribute }
$search = $this->rdn; // build DN for new accounts and change it for existing ones if needed
$DNChanged = false; if (isset($attributes[$this->dn_orig]['modify'][$this->rdn][0])) {
foreach ($attributes as $DN) { $this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['modify'][$this->rdn][0] . ',' . $this->dnSuffix;
if (isset($DN['modify'][$search][0]) && !$DNChanged) { if ($this->dn_orig != $this->finalDN) {
$attributes[$search.'='.$DN['modify'][$search][0].','.$this->finalDN] = $attributes[$this->finalDN]; $attributes[$this->finalDN] = $attributes[$this->dn_orig];
unset ($attributes[$this->finalDN]); unset($attributes[$this->dn_orig]);
$this->finalDN = $search.'='.$DN['modify'][$search][0].','.$this->finalDN; }
$DNChanged = true; }
} elseif (isset($attributes[$this->dn_orig]['add'][$this->rdn][0])) {
if (isset($DN['add'][$search][0]) && !$DNChanged) { $this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['add'][$this->rdn][0] . ',' . $this->dnSuffix;
$attributes[$search.'='.$DN['add'][$search][0].','.$this->finalDN] = $attributes[$this->finalDN]; if ($this->dn_orig != $this->finalDN) {
unset ($attributes[$this->finalDN]); $attributes[$this->finalDN] = $attributes[$this->dn_orig];
$this->finalDN = $search.'='.$DN['add'][$search][0].','.$this->finalDN; unset($attributes[$this->dn_orig]);
$DNChanged = true;
}
if (isset($DN['notchanged'][$search][0]) && !$DNChanged) {
$attributes[$search.'='.$DN['notchanged'][$search][0].','.$this->finalDN] = $attributes[$this->finalDN];
unset ($attributes[$this->finalDN]);
$this->finalDN = $search.'='.$DN['notchanged'][$search][0].','.$this->finalDN;
$DNChanged = true;
}
} }
// Add old dn if dn hasn't changed
if (!$DNChanged) {
$attributes[$this->dn_orig] = $attributes[$this->finalDN];
unset ($attributes[$this->finalDN]);
$this->finalDN = $this->dn_orig;
} }
// pre modify actions // pre modify actions
$prePostModifyAttributes = array(); $prePostModifyAttributes = array();

20
lam/lib/modules/inetOrgPerson.inc
View File

@ -739,21 +739,21 @@ class inetOrgPerson extends baseModule implements passwordService {
} }
$return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig); $return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig);
// postalAddress, facsimileTelephoneNumber and jpegPhoto need special removing // postalAddress, facsimileTelephoneNumber and jpegPhoto need special removing
if (isset($return[$this->getAccountContainer()->dn]['remove']['postalAddress'])) { if (isset($return[$this->getAccountContainer()->dn_orig]['remove']['postalAddress'])) {
$return[$this->getAccountContainer()->dn]['modify']['postalAddress'] = $this->attributes['postalAddress']; $return[$this->getAccountContainer()->dn_orig]['modify']['postalAddress'] = $this->attributes['postalAddress'];
unset($return[$this->getAccountContainer()->dn]['remove']['postalAddress']); unset($return[$this->getAccountContainer()->dn_orig]['remove']['postalAddress']);
} }
if (isset($return[$this->getAccountContainer()->dn]['remove']['facsimileTelephoneNumber'])) { if (isset($return[$this->getAccountContainer()->dn_orig]['remove']['facsimileTelephoneNumber'])) {
$return[$this->getAccountContainer()->dn]['modify']['facsimileTelephoneNumber'] = $this->attributes['facsimileTelephoneNumber']; $return[$this->getAccountContainer()->dn_orig]['modify']['facsimileTelephoneNumber'] = $this->attributes['facsimileTelephoneNumber'];
unset($return[$this->getAccountContainer()->dn]['remove']['facsimileTelephoneNumber']); unset($return[$this->getAccountContainer()->dn_orig]['remove']['facsimileTelephoneNumber']);
} }
if (isset($return[$this->getAccountContainer()->dn]['remove']['jpegPhoto'])) { if (isset($return[$this->getAccountContainer()->dn_orig]['remove']['jpegPhoto'])) {
$return[$this->getAccountContainer()->dn]['modify']['jpegPhoto'] = array(); $return[$this->getAccountContainer()->dn_orig]['modify']['jpegPhoto'] = array();
unset($return[$this->getAccountContainer()->dn]['remove']['jpegPhoto']); unset($return[$this->getAccountContainer()->dn_orig]['remove']['jpegPhoto']);
} }
// add information about clear text password // add information about clear text password
if ($this->clearTextPassword != null) { if ($this->clearTextPassword != null) {
$return[$this->getAccountContainer()->dn]['info']['userPasswordClearText'][0] = $this->clearTextPassword; $return[$this->getAccountContainer()->dn_orig]['info']['userPasswordClearText'][0] = $this->clearTextPassword;
} }
return $return; return $return;
} }

12
lam/lib/modules/nisnetgroup.inc
View File

@ -159,13 +159,13 @@ class nisnetgroup extends baseModule {
function save_attributes() { function save_attributes() {
$return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig); $return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig);
// nisNetgroupTriple needs special changing // nisNetgroupTriple needs special changing
if (isset($return[$this->getAccountContainer()->dn]['remove']['nisNetgroupTriple'])) { if (isset($return[$this->getAccountContainer()->dn_orig]['remove']['nisNetgroupTriple'])) {
$return[$this->getAccountContainer()->dn]['modify']['nisNetgroupTriple'] = $this->attributes['nisNetgroupTriple']; $return[$this->getAccountContainer()->dn_orig]['modify']['nisNetgroupTriple'] = $this->attributes['nisNetgroupTriple'];
unset($return[$this->getAccountContainer()->dn]['remove']['nisNetgroupTriple']); unset($return[$this->getAccountContainer()->dn_orig]['remove']['nisNetgroupTriple']);
} }
if (isset($return[$this->getAccountContainer()->dn]['add']['nisNetgroupTriple'])) { if (isset($return[$this->getAccountContainer()->dn_orig]['add']['nisNetgroupTriple'])) {
$return[$this->getAccountContainer()->dn]['modify']['nisNetgroupTriple'] = $this->attributes['nisNetgroupTriple']; $return[$this->getAccountContainer()->dn_orig]['modify']['nisNetgroupTriple'] = $this->attributes['nisNetgroupTriple'];
unset($return[$this->getAccountContainer()->dn]['add']['nisNetgroupTriple']); unset($return[$this->getAccountContainer()->dn_orig]['add']['nisNetgroupTriple']);
} }
return $return; return $return;
} }

8
lam/lib/modules/posixAccount.inc
View File

@ -506,17 +506,17 @@ class posixAccount extends baseModule implements passwordService {
function save_attributes() { function save_attributes() {
$return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig); $return = $this->getAccountContainer()->save_module_attributes($this->attributes, $this->orig);
// add information about clear text password and password status change // add information about clear text password and password status change
$return[$this->getAccountContainer()->dn]['info']['userPasswordClearText'][0] = $this->clearTextPassword; $return[$this->getAccountContainer()->dn_orig]['info']['userPasswordClearText'][0] = $this->clearTextPassword;
if (isset($this->orig['userPassword'][0]) && isset($this->attributes['userPassword'][0])) { if (isset($this->orig['userPassword'][0]) && isset($this->attributes['userPassword'][0])) {
if ((pwd_is_enabled($this->orig['userPassword'][0]) && pwd_is_enabled($this->attributes['userPassword'][0])) if ((pwd_is_enabled($this->orig['userPassword'][0]) && pwd_is_enabled($this->attributes['userPassword'][0]))
|| (!pwd_is_enabled($this->orig['userPassword'][0]) && !pwd_is_enabled($this->attributes['userPassword'][0]))) { || (!pwd_is_enabled($this->orig['userPassword'][0]) && !pwd_is_enabled($this->attributes['userPassword'][0]))) {
$return[$this->getAccountContainer()->dn]['info']['userPasswordStatusChange'][0] = 'unchanged'; $return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'unchanged';
} }
elseif (pwd_is_enabled($this->orig['userPassword'][0])) { elseif (pwd_is_enabled($this->orig['userPassword'][0])) {
$return[$this->getAccountContainer()->dn]['info']['userPasswordStatusChange'][0] = 'locked'; $return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'locked';
} }
else { else {
$return[$this->getAccountContainer()->dn]['info']['userPasswordStatusChange'][0] = 'unlocked'; $return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'unlocked';
} }
} }
// Remove primary group from additional groups // Remove primary group from additional groups

2
lam/lib/modules/posixGroup.inc
View File

@ -143,7 +143,7 @@ class posixGroup extends baseModule implements passwordService {
$return = array(); $return = array();
$result = searchLDAPByFilter('gidNumber=' . $this->attributes['gidNumber'][0], array('dn'), array('user', 'host')); $result = searchLDAPByFilter('gidNumber=' . $this->attributes['gidNumber'][0], array('dn'), array('user', 'host'));
if (sizeof($result) > 0) { if (sizeof($result) > 0) {
$return[$this->getAccountContainer()->dn]['errors'][] = $this->messages['primaryGroup'][0]; $return[$this->getAccountContainer()->dn_orig]['errors'][] = $this->messages['primaryGroup'][0];
} }
return $return; return $return;
} }