added options to sync Unix and group of names memberships
This commit is contained in:
Roland Gruber
parent
38bfa53285
commit
8e144b1e30
|
|
@ -2,6 +2,7 @@ June 2018 6.4
|
|||
- Imagick PHP extension required
|
||||
- Passwords can be checked against external service (e.g. https://api.pwnedpasswords.com/range)
|
||||
- Personal/Windows: image cropping support
|
||||
- Unix: Unix and group of names memberships can be synced in group selection
|
||||
- IMAP: create mailbox via file upload
|
||||
- PHP 7.2 support
|
||||
- Support for "," in DN
|
||||
|
|
|
|||
|
|
@ -1257,9 +1257,128 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$this->gonList = array_delete($_POST['removegons'], $this->gonList);
|
||||
}
|
||||
}
|
||||
// sync Unix to GoN
|
||||
if (isset($_POST['form_subpage_posixAccount_group_syncU2GON'])) {
|
||||
$this->manualSyncUnixToGon($typeId);
|
||||
}
|
||||
// sync GoN to Unix
|
||||
if (isset($_POST['form_subpage_posixAccount_group_syncGON2U'])) {
|
||||
$this->manualSyncGonToUnix($typeId);
|
||||
}
|
||||
return array();
|
||||
}
|
||||
|
||||
/**
|
||||
* Syncs the Unix groups to group of names.
|
||||
*
|
||||
* @param string $typeId type ID
|
||||
*/
|
||||
private function manualSyncUnixToGon($typeId) {
|
||||
$allGons = $this->findGroupOfNames();
|
||||
$namesToIgnore = array();
|
||||
if (!empty($this->moduleSettings['posixAccount_' . $typeId . '_syncGroupsExclusions'])) {
|
||||
$namesToIgnore = $this->moduleSettings['posixAccount_' . $typeId . '_syncGroupsExclusions'];
|
||||
array_map('trim', $namesToIgnore);
|
||||
}
|
||||
// remove all groups that are not in Unix
|
||||
if (isset($_POST['syncDeleteGroups']) && ($_POST['syncDeleteGroups'] == 'on')) {
|
||||
$toDelete = array();
|
||||
foreach ($this->gonList as $currentGon) {
|
||||
$gonName = $this->getGonName($currentGon, $allGons);
|
||||
if (in_array($gonName, $namesToIgnore) || in_array($gonName, $this->groups)) {
|
||||
continue;
|
||||
}
|
||||
$toDelete[] = $currentGon;
|
||||
}
|
||||
$this->gonList = array_delete($toDelete, $this->gonList);
|
||||
}
|
||||
// add groups that are not yet in groups of names
|
||||
foreach ($this->groups as $currentName) {
|
||||
if (in_array($currentName, $namesToIgnore)) {
|
||||
continue;
|
||||
}
|
||||
$found = false;
|
||||
foreach ($this->gonList as $currentGon) {
|
||||
if ($currentName == $this->getGonName($currentGon, $allGons)) {
|
||||
$found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if ($found) {
|
||||
continue;
|
||||
}
|
||||
foreach ($allGons as $currentGon) {
|
||||
if ($currentName == $this->getGonName($currentGon['dn'], $allGons)) {
|
||||
$this->gonList[] = $currentGon['dn'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Syncs the group of names to Unix groups.
|
||||
*
|
||||
* @param string $typeId type ID
|
||||
*/
|
||||
private function manualSyncGonToUnix($typeId) {
|
||||
$allGons = $this->findGroupOfNames();
|
||||
$allGroups = $this->findGroups($modules);
|
||||
foreach ($allGroups as $index => $groupData) {
|
||||
$allGroups[$index] = $groupData[1];
|
||||
}
|
||||
$namesToIgnore = array();
|
||||
if (!empty($this->moduleSettings['posixAccount_' . $typeId . '_syncGroupsExclusions'])) {
|
||||
$namesToIgnore = $this->moduleSettings['posixAccount_' . $typeId . '_syncGroupsExclusions'];
|
||||
array_map('trim', $namesToIgnore);
|
||||
}
|
||||
// remove all groups that are not in group of names
|
||||
if (isset($_POST['syncDeleteGroups']) && ($_POST['syncDeleteGroups'] == 'on')) {
|
||||
$toDelete = array();
|
||||
foreach ($this->groups as $currentName) {
|
||||
if (in_array($currentName, $namesToIgnore)) {
|
||||
continue;
|
||||
}
|
||||
$found = false;
|
||||
foreach ($this->gonList as $currentGon) {
|
||||
$gonName = $this->getGonName($currentGon, $allGons);
|
||||
if ($gonName == $currentName) {
|
||||
$found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!$found) {
|
||||
$toDelete[] = $currentName;
|
||||
}
|
||||
}
|
||||
$this->groups = array_delete($toDelete, $this->groups);
|
||||
}
|
||||
// add groups that are not yet in Unix groups
|
||||
foreach ($this->gonList as $currentGon) {
|
||||
$gonName = $this->getGonName($currentGon, $allGons);
|
||||
if (in_array($gonName, $namesToIgnore)) {
|
||||
continue;
|
||||
}
|
||||
if (!in_array($gonName, $this->groups) && in_array($gonName, $allGroups)) {
|
||||
$this->groups[] = $gonName;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the cn of the given group of names.
|
||||
*
|
||||
* @param string $dn DN of group of names
|
||||
* @param $allGons list of all group of names
|
||||
* @return string cn value
|
||||
*/
|
||||
private function getGonName($dn, &$allGons) {
|
||||
if (!empty($allGons[$dn]['cn'][0])) {
|
||||
return $allGons[$dn]['cn'][0];
|
||||
}
|
||||
return extractRDNValue($dn);
|
||||
}
|
||||
|
||||
/**
|
||||
* Processes user input of the homedir check page.
|
||||
* It checks if all input values are correct and updates the associated LDAP attributes.
|
||||
|
|
@ -1543,7 +1662,9 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$return = new htmlTable();
|
||||
$modules = $this->getAccountContainer()->get_type()->getModules();
|
||||
$typeId = $this->getAccountContainer()->get_type()->getId();
|
||||
if (!$this->isBooleanConfigOptionSet('posixAccount_' . $typeId . '_hideposixGroups')) {
|
||||
$showUnix = !$this->isBooleanConfigOptionSet('posixAccount_' . $typeId . '_hideposixGroups');
|
||||
$autoSyncGon = $this->isBooleanConfigOptionSet('posixGroup_autoSyncGon');
|
||||
if ($showUnix) {
|
||||
// load list with all groups
|
||||
$groups = $this->findGroups($modules);
|
||||
for ($i = 0; $i < sizeof($groups); $i++) {
|
||||
|
|
@ -1560,7 +1681,7 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$unixContainer = new htmlTable();
|
||||
$unixContainer->alignment = htmlElement::ALIGN_TOP;
|
||||
$unixContainer->addElement(new htmlSubTitle(_("Unix groups")), true);
|
||||
if ($this->isBooleanConfigOptionSet('posixGroup_autoSyncGon')) {
|
||||
if ($autoSyncGon) {
|
||||
$this->syncGonToGroups();
|
||||
foreach ($this->groups as $group) {
|
||||
$unixContainer->addElement(new htmlOutputText($group), true);
|
||||
|
|
@ -1591,7 +1712,8 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$return->addVerticalSpace('3rem');
|
||||
}
|
||||
|
||||
if (self::areGroupOfNamesActive() && !$this->isBooleanConfigOptionSet('posixAccount_' . $typeId . '_hidegon')) {
|
||||
$showGon = self::areGroupOfNamesActive() && !$this->isBooleanConfigOptionSet('posixAccount_' . $typeId . '_hidegon');
|
||||
if ($showGon) {
|
||||
$gons = $this->findGroupOfNames();
|
||||
|
||||
$gonContainer = new htmlTable();
|
||||
|
|
@ -1641,6 +1763,24 @@ class posixAccount extends baseModule implements passwordService {
|
|||
$return->addVerticalSpace('3rem');
|
||||
}
|
||||
|
||||
if ($showUnix && $showGon && !$autoSyncGon && !$this->isBooleanConfigOptionSet('posixAccount_' . $typeId . '_syncGroups')) {
|
||||
$return->addElement(new htmlSubTitle(_('Sync groups')), true);
|
||||
$syncOptionTable = new htmlTable();
|
||||
$syncOptionTable->addElement(new htmlTableExtendedInputCheckbox('syncDeleteGroups', true, _('Delete non-matching entries')), true);
|
||||
$return->addElement($syncOptionTable, true);
|
||||
$return->addVerticalSpace('1rem');
|
||||
$syncButtons = new htmlGroup();
|
||||
$u2gonButton = new htmlAccountPageButton(get_class($this), 'group', 'syncU2GON', _('Sync Unix to group of names'));
|
||||
$u2gonButton->setIconClass('unixButton');
|
||||
$syncButtons->addElement($u2gonButton);
|
||||
$syncButtons->addElement(new htmlSpacer('2rem', null));
|
||||
$gon2uButton = new htmlAccountPageButton(get_class($this), 'group', 'syncGON2U', _('Sync group of names to Unix'));
|
||||
$gon2uButton->setIconClass('groupButton');
|
||||
$syncButtons->addElement($gon2uButton);
|
||||
$return->addElement($syncButtons, true);
|
||||
$return->addVerticalSpace('3rem');
|
||||
}
|
||||
|
||||
$backButton = new htmlAccountPageButton(get_class($this), 'attributes', 'back', _('Back'));
|
||||
$return->addElement($backButton);
|
||||
return $return;
|
||||
|
|
@ -1976,6 +2116,10 @@ class posixAccount extends baseModule implements passwordService {
|
|||
if (in_array('groupOfNames', $confActiveGONModules) || in_array('groupOfMembers', $confActiveGONModules) || in_array('groupOfUniqueNames', $confActiveGONModules)) {
|
||||
$configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hidegon', false, _('Groups of names'), null, false), 12);
|
||||
$configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hideposixGroups', false, _('Unix groups'), null, false), 12);
|
||||
$syncGroupsCheckbox = new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_syncGroups', false, _('Sync groups'), null, false);
|
||||
$syncGroupsCheckbox->setTableRowsToHide(array('posixAccount_' . $typeId . '_syncGroupsExclusions'));
|
||||
$configUserContainer->add($syncGroupsCheckbox, 12);
|
||||
$configUserContainer->add(new htmlResponsiveInputTextarea('posixAccount_' . $typeId . '_syncGroupsExclusions', '', 20, 4, _('Exclude from group sync')), 12);
|
||||
}
|
||||
$configUserContainer->addVerticalSpacer('1rem');
|
||||
$configUserContainer->add(new htmlResponsiveInputField(_('User name suggestion'), 'posixAccount_' . $typeId . '_userNameSuggestion', '@givenname@%sn%', 'userNameSuggestion'), 12);
|
||||
|
|
|
|||
|
|
@ -361,6 +361,18 @@ table.collapse {
|
|||
background-position: 0px 0px !important;
|
||||
}
|
||||
|
||||
.unixButton {
|
||||
background-image: url(../graphics/tux.png) !important;
|
||||
background-size: 16px 16px;
|
||||
background-position: 0px 0px !important;
|
||||
}
|
||||
|
||||
.groupButton {
|
||||
background-image: url(../graphics/group.png) !important;
|
||||
background-size: 16px 16px;
|
||||
background-position: 0px 0px !important;
|
||||
}
|
||||
|
||||
.smallPadding span {
|
||||
padding: 0.1em 0.4em !important;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue