WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

optional posixAccount object class

This commit is contained in:
Roland Gruber 2016-05-09 20:10:14 +02:00
parent 0b3c6b1036
commit 88b7a32187
3 changed files with 56 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lam/docs/manual-sources/howto.xml
View File

@ -3070,6 +3070,26 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
<para>Hidden options: Some input fields can be hidden to simplify <para>Hidden options: Some input fields can be hidden to simplify
the GUI if you do not need them.</para> the GUI if you do not need them.</para>
</listitem> </listitem>
<listitem>
<para>Set primary group as memberUid: By default primary group
membership is not set on group objects but only on user
(gidNumber). Activate this if you need to have the primary group
membership in group object, too.</para>
</listitem>
<listitem>
<para>Do not add object class: This is for Windows only. When the
checkbox is activated then the posixAccount object class will not
be added to a user.</para>
</listitem>
<listitem>
<para>User name suggestion: The user name is automatically filled
as specified in the configuration (default smiller for Steve
Miller). Of course, the suggested value can be changed any time.
Common name is also filled with first/last name by default.</para>
</listitem>
</itemizedlist> </itemizedlist>
<screenshot> <screenshot>
@ -3080,10 +3100,8 @@ mysql&gt; GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
</mediaobject> </mediaobject>
</screenshot> </screenshot>
<para>The user name is automatically filled as specified in the <literallayout>
configuration (default smiller for Steve Miller). Of course, the </literallayout>
suggested value can be changed any time. Common name is also filled
with first/last name by default.</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>

BIN
lam/docs/manual-sources/images/mod_unixUserConfig.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 38 KiB

After

Width:  |  Height:  |  Size: 41 KiB

43
lam/lib/modules/posixAccount.inc
View File

@ -82,7 +82,7 @@ class posixAccount extends baseModule implements passwordService {
// call parent constructor // call parent constructor
parent::__construct($scope); parent::__construct($scope);
// make optional if needed // make optional if needed
$this->autoAddObjectClasses = !$this->isOptional(); $this->autoAddObjectClasses = !$this->isOptional() && !$this->skipObjectClass();
} }
/** /**
@ -447,6 +447,10 @@ class posixAccount extends baseModule implements passwordService {
"Headline" => _("Magic number"), "Headline" => _("Magic number"),
"Text" => _("Please enter the magic number you configured on server side.") "Text" => _("Please enter the magic number you configured on server side.")
), ),
'noObjectClass' => array(
"Headline" => _("Do not add object class"),
"Text" => _("This will not add the posixAccount object class to the account.")
),
'user' => array( 'user' => array(
'uid' => array( 'uid' => array(
"Headline" => _("User name"), 'attr' => 'uid', "Headline" => _("User name"), 'attr' => 'uid',
@ -541,7 +545,7 @@ class posixAccount extends baseModule implements passwordService {
* @return boolean true, if settings are complete * @return boolean true, if settings are complete
*/ */
function module_complete() { function module_complete() {
if (!isset($this->attributes['objectClass']) || !in_array('posixAccount', $this->attributes['objectClass'])) { if (!$this->skipObjectClass() && (!isset($this->attributes['objectClass']) || !in_array('posixAccount', $this->attributes['objectClass']))) {
// no checks if object class is not set // no checks if object class is not set
return true; return true;
} }
@ -616,7 +620,7 @@ class posixAccount extends baseModule implements passwordService {
* <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions) * <br>"info" are values with informational value (e.g. to be used later by pre/postModify actions)
*/ */
function save_attributes() { function save_attributes() {
if (!in_array('posixAccount', $this->attributes['objectClass']) && !in_array('posixAccount', $this->orig['objectClass'])) { if (!$this->skipObjectClass() && (!in_array('posixAccount', $this->attributes['objectClass']) && !in_array('posixAccount', $this->orig['objectClass']))) {
// skip saving if the extension was not added/modified // skip saving if the extension was not added/modified
return array(); return array();
} }
@ -637,7 +641,7 @@ class posixAccount extends baseModule implements passwordService {
$return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'unlocked'; $return[$this->getAccountContainer()->dn_orig]['info']['userPasswordStatusChange'][0] = 'unlocked';
} }
} }
if (in_array('posixAccount', $this->attributes['objectClass'])) { if ($this->skipObjectClass() || in_array('posixAccount', $this->attributes['objectClass'])) {
// Remove primary group from additional groups // Remove primary group from additional groups
if (!isset($this->moduleSettings['posixAccount_primaryGroupAsSecondary'][0]) if (!isset($this->moduleSettings['posixAccount_primaryGroupAsSecondary'][0])
|| ($this->moduleSettings['posixAccount_primaryGroupAsSecondary'][0] != 'true')) { || ($this->moduleSettings['posixAccount_primaryGroupAsSecondary'][0] != 'true')) {
@ -1002,7 +1006,7 @@ class posixAccount extends baseModule implements passwordService {
return $errors; return $errors;
} }
// skip processing if object class is not set // skip processing if object class is not set
if ($this->isOptional() && (!isset($this->attributes['objectClass']) || !in_array('posixAccount', $this->attributes['objectClass']))) { if ($this->isOptional() && !$this->skipObjectClass() && (!isset($this->attributes['objectClass']) || !in_array('posixAccount', $this->attributes['objectClass']))) {
return $errors; return $errors;
} }
$groups = $this->findGroups(); // list of all groupnames $groups = $this->findGroups(); // list of all groupnames
@ -1331,7 +1335,7 @@ class posixAccount extends baseModule implements passwordService {
*/ */
function display_html_attributes() { function display_html_attributes() {
$return = new htmlTable(); $return = new htmlTable();
if (!$this->isOptional() || (isset($this->attributes['objectClass']) && in_array('posixAccount', $this->attributes['objectClass']))) { if (!$this->isOptional() || $this->skipObjectClass() || (isset($this->attributes['objectClass']) && in_array('posixAccount', $this->attributes['objectClass']))) {
$groupList = $this->findGroups(); // list of all group names $groupList = $this->findGroups(); // list of all group names
$groups = array(); $groups = array();
for ($i = 0; $i < sizeof($groupList); $i++) { for ($i = 0; $i < sizeof($groupList); $i++) {
@ -1485,7 +1489,7 @@ class posixAccount extends baseModule implements passwordService {
$return->addElement($pwdContainer, true); $return->addElement($pwdContainer, true);
} }
// remove button // remove button
if ($this->isOptional()) { if ($this->isOptional() && !$this->skipObjectClass()) {
$return->addElement(new htmlSpacer(null, '20px'), true); $return->addElement(new htmlSpacer(null, '20px'), true);
$remButton = new htmlButton('remObjectClass', _('Remove Unix extension')); $remButton = new htmlButton('remObjectClass', _('Remove Unix extension'));
$remButton->colspan = 5; $remButton->colspan = 5;
@ -1813,7 +1817,7 @@ class posixAccount extends baseModule implements passwordService {
} }
// add extension // add extension
if (isset($profile['posixAccount_addExt'][0]) && ($profile['posixAccount_addExt'][0] == "true")) { if (isset($profile['posixAccount_addExt'][0]) && ($profile['posixAccount_addExt'][0] == "true")) {
if (!in_array('posixAccount', $this->attributes['objectClass'])) { if (!$this->skipObjectClass() && !in_array('posixAccount', $this->attributes['objectClass'])) {
$this->attributes['objectClass'][] = 'posixAccount'; $this->attributes['objectClass'][] = 'posixAccount';
} }
} }
@ -1981,6 +1985,10 @@ class posixAccount extends baseModule implements passwordService {
$configOptionsContainer->addElement($hiddenOptionsContainer, true); $configOptionsContainer->addElement($hiddenOptionsContainer, true);
$advancedOptions = new htmlTable(); $advancedOptions = new htmlTable();
$advancedOptions->addElement(new htmlTableExtendedInputCheckbox('posixAccount_primaryGroupAsSecondary', false, _('Set primary group as memberUid'), 'primaryGroupAsSecondary'), true); $advancedOptions->addElement(new htmlTableExtendedInputCheckbox('posixAccount_primaryGroupAsSecondary', false, _('Set primary group as memberUid'), 'primaryGroupAsSecondary'), true);
$isWindows = array_key_exists('windowsUser', $allScopes);
if ($isWindows) {
$advancedOptions->addElement(new htmlTableExtendedInputCheckbox('posixAccount_noObjectClass', false, _('Do not add object class'), 'noObjectClass'), true);
}
$advancedOptions->addElement(new htmlTableExtendedInputField(_('User name suggestion'), 'posixAccount_userNameSuggestion', '@givenname@%sn%', 'userNameSuggestion')); $advancedOptions->addElement(new htmlTableExtendedInputField(_('User name suggestion'), 'posixAccount_userNameSuggestion', '@givenname@%sn%', 'userNameSuggestion'));
$advancedOptionsAccordion = new htmlAccordion('posixAccountAdvancedOptions', array(_('Advanced options') => $advancedOptions), false); $advancedOptionsAccordion = new htmlAccordion('posixAccountAdvancedOptions', array(_('Advanced options') => $advancedOptions), false);
$advancedOptionsAccordion->colspan = 5; $advancedOptionsAccordion->colspan = 5;
@ -2106,7 +2114,9 @@ class posixAccount extends baseModule implements passwordService {
} }
// check input // check input
foreach ($rawAccounts as $i => $rawAccount) { foreach ($rawAccounts as $i => $rawAccount) {
if (!in_array("posixAccount", $partialAccounts[$i]['objectClass'])) $partialAccounts[$i]['objectClass'][] = "posixAccount"; if (!$this->skipObjectClass() && !in_array("posixAccount", $partialAccounts[$i]['objectClass'])) {
$partialAccounts[$i]['objectClass'][] = "posixAccount";
}
// UID // UID
if ($rawAccount[$ids['posixAccount_uid']] == "") { if ($rawAccount[$ids['posixAccount_uid']] == "") {
// autoUID // autoUID
@ -3049,6 +3059,9 @@ class posixAccount extends baseModule implements passwordService {
$this->cachedUIDList = array(); $this->cachedUIDList = array();
$attrs = array('uidNumber'); $attrs = array('uidNumber');
$filter = '(&(objectClass=posixAccount)(uidNumber=*))'; $filter = '(&(objectClass=posixAccount)(uidNumber=*))';
if ($this->skipObjectClass()) {
$filter = '(uidNumber=*)';
}
$types = $_SESSION['config']->get_ActiveTypes(); $types = $_SESSION['config']->get_ActiveTypes();
// get user UIDs // get user UIDs
if (in_array('user', $types)) { if (in_array('user', $types)) {
@ -3100,6 +3113,9 @@ class posixAccount extends baseModule implements passwordService {
$this->cachedUserNameList = array(); $this->cachedUserNameList = array();
$attrs = array('uid'); $attrs = array('uid');
$filter = '(&(objectClass=posixAccount)(uid=*))'; $filter = '(&(objectClass=posixAccount)(uid=*))';
if ($this->skipObjectClass()) {
$filter = '(uid=*)';
}
$types = $_SESSION['config']->get_ActiveTypes(); $types = $_SESSION['config']->get_ActiveTypes();
// get user names // get user names
if (in_array('user', $types)) { if (in_array('user', $types)) {
@ -3421,6 +3437,15 @@ class posixAccount extends baseModule implements passwordService {
} }
} }
/**
* Returns if the object class should not be added.
*
* @return do not add
*/
private function skipObjectClass() {
return $this->isBooleanConfigOptionSet('posixAccount_noObjectClass');
}
} }
?> ?>