added support for samba 3.0 schemas

added support for different ldap-suffixes
fixed small bug (primaryGroupID)
This commit is contained in:
katagia 2003-06-26 16:26:06 +00:00
parent 7b0e7d36bd
commit aee3cd1735
3 changed files with 294 additions and 108 deletions

View File

@ -283,7 +283,13 @@ $helpArray = array (
"459" => array ("ext" => "FALSE", "Headline" => _("Host must change Password"),
"Text" => _("Host must change Password")),
"460" => array ("ext" => "FALSE", "Headline" => _("Windows Domain"),
"Text" => _("Windows Domain of host. Can be left empty."))
"Text" => _("Windows Domain of host. Can be left empty.")),
"461" => array ("ext" => "FALSE", "Headline" => _("Suffix"),
"Text" => _("Suffix")),
"462" => array ("ext" => "FALSE", "Headline" => _("Suffix"),
"Text" => _("Suffix")),
"463" => array ("ext" => "FALSE", "Headline" => _("Suffix"),
"Text" => _("Suffix"))
/* This is a sample help entry. Just copy this line an modify the vakues between the [] brackets.
Help text is located in the array:
"[Helpnumber]" => array ("ext" => "FALSE", "Headline" => _("[Headline]"), "Text" => _("[Text]"), "SeeAlso" => "[SeeAlso link]"),

View File

@ -688,6 +688,20 @@ function loaduser($dn) { // Will load all needed values from an existing account
$return->unix_pwdexpire_yea = $date['year'];
}
if ($attr['pwdCanChange'][0]) $return->smb_pwdcanchange = $attr['pwdCanChange'][0];
if ($_SESSION['config']->samba3) {
if ($attr['sambaAcctFlags'][0]) {
if (strrpos($attr['sambaAcctFlags'][0], 'W')) $return->smb_flagsW=true;
if (strrpos($attr['sambaAcctFlags'][0], 'D')) $return->smb_flagsD=true;
if (strrpos($attr['sambaAcctFlags'][0], 'X')) $return->smb_flagsX=true;
}
if ($attr['sambaHomePath'][0]) $return->smb_smbhome = $attr['sambaHomePath'][0];
if ($attr['sambaHomeDrive'][0]) $return->smb_homedrive = $attr['sambaHomeDrive'][0];
if ($attr['sambaLogonScript'][0]) $return->smb_scriptPath = $attr['sambaLogonScript'][0];
if ($attr['sambaProfilePath'][0]) $return->smb_profilePath = $attr['sambaProfilePath'][0];
if ($attr['sambaUserWorkstations'][0]) $return->smb_smbuserworkstations = $attr['sambaUserWorkstations'][0];
if ($attr['sambaDomainName'][0]) $return->smb_domain = $attr['sambaDomainName'][0];
}
else {
if ($attr['acctFlags'][0]) {
if (strrpos($attr['acctFlags'][0], 'W')) $return->smb_flagsW=true;
if (strrpos($attr['acctFlags'][0], 'D')) $return->smb_flagsD=true;
@ -699,6 +713,7 @@ function loaduser($dn) { // Will load all needed values from an existing account
if ($attr['profilePath'][0]) $return->smb_profilePath = $attr['profilePath'][0];
if ($attr['userWorkstations'][0]) $return->smb_smbuserworkstations = $attr['userWorkstations'][0];
if ($attr['domain'][0]) $return->smb_domain = $attr['domain'][0];
}
if ($attr['givenName'][0]) $return->general_givenname = $attr['givenName'][0];
if ($attr['sn'][0]) $return->general_surname = $attr['sn'][0];
if ($attr['title'][0]) $return->personal_title = $attr['title'][0];
@ -763,12 +778,22 @@ function loadhost($dn) { // Will load all needed values from an existing account
$return->unix_pwdexpire_yea = $date['year'];
}
if ($attr['pwdCanChange'][0]) $return->smb_pwdcanchange = $attr['pwdCanChange'][0];
if ($_SESSION['config']->samba3) {
if ($attr['sambaAcctFlags'][0]) {
if (strrpos($attr['sambaAcctFlags'][0], 'W')) $return->smb_flagsW=true;
if (strrpos($attr['sambaAcctFlags'][0], 'D')) $return->smb_flagsD=true;
if (strrpos($attr['sambaAcctFlags'][0], 'X')) $return->smb_flagsX=true;
}
if ($attr['sambaDomainName'][0]) $return->smb_domain = $attr['sambaDomainName'][0];
}
else {
if ($attr['acctFlags'][0]) {
if (strrpos($attr['acctFlags'][0], 'W')) $return->smb_flagsW=true;
if (strrpos($attr['acctFlags'][0], 'D')) $return->smb_flagsD=true;
if (strrpos($attr['acctFlags'][0], 'X')) $return->smb_flagsX=true;
}
if ($attr['domain'][0]) $return->smb_domain = $attr['domain'][0];
}
if ($attr['givenName'][0]) $return->general_givenname = $attr['givenName'][0];
if ($attr['sn'][0]) $return->general_surname = $attr['sn'][0];
if (substr(str_replace('{CRYPT}', '',$attr['userPassword'][0]),0,1) == '!' ) $return->unix_deactivated=true;
@ -811,7 +836,7 @@ function createuser($values) { // Will create the LDAP-Account
$date = mktime(10,0,0, $values->unix_pwdexpire_mon, $values->unix_pwdexpire_day, $values->unix_pwdexpire_yea) / 86400 ;
settype($date, 'integer');
}
$values->general_dn = 'uid=' . $values->general_username . ',' . $_SESSION['config']->get_UserSuffix();
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
// decrypt password
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
@ -828,7 +853,52 @@ function createuser($values) { // Will create the LDAP-Account
// General Objectclasses
$attr['objectClass'][0] = 'posixAccount';
$attr['objectClass'][1] = 'shadowAccount';
if ($_SESSION['config']->samba3) {
$attr['objectClass'][2] = 'sambaSamAccount';
$attr['sambaNTPassword'] = exec('../lib/createntlm.pl nt ' . $values->smb_password);
$attr['sambaLMPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
if ($values->smb_password_no) {
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
$attr['sambaSID'] = $_SESSION[config]->get_domainSID() . "-" . (2 * $values->general_uidNumber + 1000); // sambaAccount_may
$attr['sambaPrimaryGroupSID'] = $_SESSION[config]->get_domainSID() . "-" . (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($values->smb_pwdcanchange) $attr['sambaPwdCanChange'] = "1"; else $attr['sambaPwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange) $attr['sambaPwdMustChange'] = "1"; else $attr['sambaPwdMustChange'] = "0"; // sambaAccount_may
$attr['sambaAcctFlags'] = smbflag(values); // sambaAccount_may
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
if ($values->smb_smbhome!='') $attr['sambaHomePath'] = $values->smb_smbhome; // sambaAccount_may
if ($values->smb_homedrive!='') $attr['sambaHomeDrive'] = $values->smb_homedrive; // sambaAccount_may
if ($values->smb_scriptPath!='') $attr['sambaLogonScript'] = $values->smb_scriptPath; // sambaAccount_may
if ($values->smb_profilePath!='') $attr['sambaProfilePath'] = $values->smb_profilePath; // sambaAccount_may
if ($values->smb_smbuserworkstations!='') $attr['sambaUserWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
if ($values->smb_domain!='') $attr['sambaDomainName'] = $values->smb_domain; // sambaAccount_may
}
else {
$attr['objectClass'][2] = 'sambaAccount';
$attr['ntPassword'] = exec('../lib/createntlm.pl nt ' . $values->smb_password);
$attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['pwdLastSet'] = time(); // sambaAccount_may
if ($values->smb_password_no) {
$attr['ntPassword'] = 'NO PASSWORD*****';
$attr['lmPassword'] = 'NO PASSWORD*****';
$attr['pwdLastSet'] = time(); // sambaAccount_may
}
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
$attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($values->smb_pwdcanchange) $attr['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange) $attr['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
$attr['acctFlags'] = smbflag(values); // sambaAccount_may
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
if ($values->smb_smbhome!='') $attr['smbHome'] = $values->smb_smbhome; // sambaAccount_may
if ($values->smb_homedrive!='') $attr['homeDrive'] = $values->smb_homedrive; // sambaAccount_may
if ($values->smb_scriptPath!='') $attr['scriptPath'] = $values->smb_scriptPath; // sambaAccount_may
if ($values->smb_profilePath!='') $attr['profilePath'] = $values->smb_profilePath; // sambaAccount_may
if ($values->smb_smbuserworkstations!='') $attr['userWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
}
$attr['objectClass'][3] = 'inetOrgPerson';
$attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
$attr['uid'] = $values->general_username; // posixAccount_req
@ -849,14 +919,6 @@ function createuser($values) { // Will create the LDAP-Account
if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password);
else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password);
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
$attr['ntPassword'] = exec('../lib/createntlm.pl nt ' . $values->smb_password);
$attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['pwdLastSet'] = time(); // sambaAccount_may
if ($values->smb_password_no) {
$attr['ntPassword'] = 'NO PASSWORD*****';
$attr['lmPassword'] = 'NO PASSWORD*****';
$attr['pwdLastSet'] = time(); // sambaAccount_may
}
$attr['loginShell'] = $values->general_shell; // posixAccount_may
$attr['gecos'] = $values->general_gecos; // posixAccount_may
$attr['description'] = $values->general_gecos; // posixAccount_may sambaAccount_may
@ -866,18 +928,6 @@ function createuser($values) { // Will create the LDAP-Account
if ($values->unix_pwdwarn!='') $attr['shadowWarning'] = $values->unix_pwdwarn; // shadowAccount_may
if ($values->unix_pwdallowlogin!='') $attr['shadowInactive'] = $values->unix_pwdallowlogin; // shadowAccount_may
if ($date) $attr['shadowExpire'] = $date ; // shadowAccount_may
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
$attr['PrimaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($values->smb_pwdcanchange) $attr['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange) $attr['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
$attr['acctFlags'] = smbflag(values); // sambaAccount_may
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
if ($values->smb_smbhome!='') $attr['smbHome'] = $values->smb_smbhome; // sambaAccount_may
if ($values->smb_homedrive!='') $attr['homeDrive'] = $values->smb_homedrive; // sambaAccount_may
if ($values->smb_scriptPath!='') $attr['scriptPath'] = $values->smb_scriptPath; // sambaAccount_may
if ($values->smb_profilePath!='') $attr['profilePath'] = $values->smb_profilePath; // sambaAccount_may
if ($values->smb_smbuserworkstations!='') $attr['userWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
if ($values->general_givenname!='') $attr['givenName'] = $values->general_givenname;
if ($values->general_surname!='') $attr['sn'] = $values->general_surname;
@ -932,18 +982,20 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
$date = mktime(10,0,0, $values->unix_pwdexpire_mon, $values->unix_pwdexpire_day, $values->unix_pwdexpire_yea) / 86400 ;
settype($date, 'integer');
}
$values->general_dn = 'uid=' . $values->general_username . ',' . $_SESSION['config']->get_UserSuffix();
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
if ($values->general_username != $values_old->general_username) {
$attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
$attr['uid'] = $values->general_username; // posixAccount_req
}
if ($values->general_uidNumber != $values_old->general_uidNumber) {
$attr['uidNumber'] = $values->general_uidNumber; // posixAccount_req
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
if ($_SESSION['config']->samba3) $attr['sambaSid'] = $_SESSION[config]->get_domainSID() . "-" . (2 * $values->general_uidNumber + 1000); // sambaAccount_may
else $attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
}
if ($values->general_group != $values_old->general_group) {
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
$attr['PrimaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($_SESSION['config']->samba3) $attr['sambaPrimaryGroupSID'] = $_SESSION[config]->get_domainSID() . "-" . (2 * getgid($values->general_group) + 1001); // sambaAccount_req
else $attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
}
if ($values->general_homedir != $values_old->general_homedir)
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
@ -961,6 +1013,38 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password);
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
}
if ($_SESSION['config']->samba3) {
if ($values->smb_password_no) {
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
else
if ($values->smb_password!='') {
$attr['sambaNTPassword'] = exec('../lib/createntlm.pl nt ' . $values->smb_password);
$attr['sambaLMPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
if ($values->smb_pwdcanchange && $values_old->smb_pwdcanchange==0) $attr['sambaPwdCanChange'] = "1"; else $attr['sambaPwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdcanchange==0 && $values_old->smb_pwdcanchange==1) $attr_rem['sambaPwdCanChange'] = "1"; else $attr['sambaPwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange && $values->smb_pwdmustchange==0) $attr['sambaPwdMustChange'] = "1"; else $attr['sambaPwdMustChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange==0 && $values->smb_pwdmustchange==1) $attr_rem['sambaPwdMustChange'] = "1"; else $attr['sambaPwdMustChange'] = "0"; // sambaAccount_may
$attr['sambaAcctFlags'] = smbflag($values); // sambaAccount_may
if (($values->smb_smbhome!='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr['sambaHomePath'] = $values->smb_smbhome; // sambaAccount_may
if (($values->smb_smbhome=='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr_rem['sambaHomePath'] = $values_old->smb_smbhome; // sambaAccount_may
if (($values->smb_homedrive!='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr['sambaHomeDrive'] = $values->smb_homedrive; // sambaAccount_may
if (($values->smb_homedrive=='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr_rem['sambaHomeDrive'] = $values_old->smb_homedrive; // sambaAccount_may
if (($values->smb_scriptPath!='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr['sambaLogonScript'] = $values->smb_scriptPath; // sambaAccount_may
if (($values->smb_scriptPath=='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr_rem['sambaLogonScript'] = $values_old->smb_scriptPath; // sambaAccount_may
if (($values->smb_profilePath!='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr['sambaProfilePath'] = $values->smb_profilePath; // sambaAccount_may
if (($values->smb_profilePath=='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr_rem['sambaProfilePath'] = $values_old->smb_profilePath; // sambaAccount_may
if (($values->smb_smbuserworkstations!='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr['sambaUserWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
if (($values->smb_smbuserworkstations=='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr_rem['sambaUserWorkstations'] = $values_old->smb_smbuserworkstations; // sambaAccount_may
if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['sambaDomainName'] = $values->smb_domain; // sambaAccount_may
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['sambaDomainName'] = $values_old->smb_domain; // sambaAccount_may
if ($values->general_gecos != $values_old->general_gecos) $attr['displayName'] = $values->general_gecos; // sambaAccount_may
}
else {
if ($values->smb_password_no) {
$attr['ntPassword'] = 'NO PASSWORD*****';
$attr['lmPassword'] = 'NO PASSWORD*****';
@ -972,12 +1056,30 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
$attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['pwdLastSet'] = time(); // sambaAccount_may
}
if ($values->smb_pwdcanchange && $values_old->smb_pwdcanchange==0) $attr['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdcanchange==0 && $values_old->smb_pwdcanchange==1) $attr_rem['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange && $values->smb_pwdmustchange==0) $attr['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange==0 && $values->smb_pwdmustchange==1) $attr_rem['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
if (($values->smb_smbhome!='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr['smbHome'] = $values->smb_smbhome; // sambaAccount_may
if (($values->smb_smbhome=='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr_rem['smbHome'] = $values_old->smb_smbhome; // sambaAccount_may
if (($values->smb_homedrive!='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr['homeDrive'] = $values->smb_homedrive; // sambaAccount_may
if (($values->smb_homedrive=='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr_rem['homeDrive'] = $values_old->smb_homedrive; // sambaAccount_may
if (($values->smb_scriptPath!='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr['scriptPath'] = $values->smb_scriptPath; // sambaAccount_may
if (($values->smb_scriptPath=='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr_rem['scriptPath'] = $values_old->smb_scriptPath; // sambaAccount_may
if (($values->smb_profilePath!='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr['profilePath'] = $values->smb_profilePath; // sambaAccount_may
if (($values->smb_profilePath=='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr_rem['profilePath'] = $values_old->smb_profilePath; // sambaAccount_may
if (($values->smb_smbuserworkstations!='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr['userWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
if (($values->smb_smbuserworkstations=='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr_rem['userWorkstations'] = $values_old->smb_smbuserworkstations; // sambaAccount_may
if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['domain'] = $values->smb_domain; // sambaAccount_may
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['domain'] = $values_old->smb_domain; // sambaAccount_may
if ($values->general_gecos != $values_old->general_gecos) $attr['displayName'] = $values->general_gecos; // sambaAccount_may
}
if ($values->general_shell != $values_old->general_shell)
$attr['loginShell'] = $values->general_shell; // posixAccount_may
if ($values->general_gecos != $values_old->general_gecos) {
$attr['gecos'] = $values->general_gecos; // posixAccount_may
$attr['description'] = $values->general_gecos; // posixAccount_may sambaAccount_may
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
}
if (($values->unix_pwdminage != $values_old->unix_pwdminage) && ($values->unix_pwdminage !=''))
$attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
@ -1037,23 +1139,6 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
($values->unix_pwdexpire_mon = $date['mon'] != $values_old->unix_pwdexpire_mon = $date['mon']) ||
($values->unix_pwdexpire_yea = $date['year'] != $values->unix_pwdexpire_yea = $date['year']))
$attr['shadowExpire'] = $date ; // shadowAccount_may
if ($values->smb_pwdcanchange && $values_old->smb_pwdcanchange==0) $attr['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdcanchange==0 && $values_old->smb_pwdcanchange==1) $attr_rem['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange && $values->smb_pwdmustchange==0) $attr['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange==0 && $values->smb_pwdmustchange==1) $attr_rem['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
if (($values->smb_smbhome!='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr['smbHome'] = $values->smb_smbhome; // sambaAccount_may
if (($values->smb_smbhome=='') && ($values->smb_smbhome!=$values_old->smb_smbhome)) $attr_rem['smbHome'] = $values_old->smb_smbhome; // sambaAccount_may
if (($values->smb_homedrive!='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr['homeDrive'] = $values->smb_homedrive; // sambaAccount_may
if (($values->smb_homedrive=='') && ($values->smb_homedrive!=$values_old->smb_homedrive)) $attr_rem['homeDrive'] = $values_old->smb_homedrive; // sambaAccount_may
if (($values->smb_scriptPath!='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr['scriptPath'] = $values->smb_scriptPath; // sambaAccount_may
if (($values->smb_scriptPath=='') && ($values->smb_scriptPath!=$values_old->smb_scriptPath)) $attr_rem['scriptPath'] = $values_old->smb_scriptPath; // sambaAccount_may
if (($values->smb_profilePath!='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr['profilePath'] = $values->smb_profilePath; // sambaAccount_may
if (($values->smb_profilePath=='') && ($values->smb_profilePath!=$values_old->smb_profilePath)) $attr_rem['profilePath'] = $values_old->smb_profilePath; // sambaAccount_may
if (($values->smb_smbuserworkstations!='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr['userWorkstations'] = $values->smb_smbuserworkstations; // sambaAccount_may
if (($values->smb_smbuserworkstations=='') && ($values->smb_smbuserworkstations!=$values_old->smb_smbuserworkstations))$attr_rem['userWorkstations'] = $values_old->smb_smbuserworkstations; // sambaAccount_may
if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['domain'] = $values->smb_domain; // sambaAccount_may
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['domain'] = $values_old->smb_domain; // sambaAccount_may
if ($values->general_givenname!=$values_old->general_givenname) $attr['givenName'] = $values->general_givenname;
if ($values->general_surname!=$values_old->general_surname) $attr['sn'] = $values->general_surname;
@ -1120,7 +1205,7 @@ function createhost($values) { // Will create the LDAP-Account
$date = mktime(10,0,0, $values->unix_pwdexpire_mon, $values->unix_pwdexpire_day, $values->unix_pwdexpire_yea) / 86400 ;
settype($date, 'integer');
}
$values->general_dn = 'uid=' . $values->general_username . ',' . $_SESSION['config']->get_HostSuffix();
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
// decrypt password
$iv = base64_decode($_COOKIE["IV"]);
@ -1137,7 +1222,42 @@ function createhost($values) { // Will create the LDAP-Account
// General Objectclasses
$attr['objectClass'][0] = 'posixAccount';
$attr['objectClass'][1] = 'shadowAccount';
if ($_SESSION['config']->samba3) {
$attr['objectClass'][2] = 'sambaSamAccount';
$attr['sambaNTPassword'] = exec('../lib/createntlm.pl nt ' . $values->smb_password);
$attr['sambaLMPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
if ($values->smb_password_no) {
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
$attr['sambaSID'] = $_SESSION[config]->get_domainSID() . "-" . (2 * $values->general_uidNumber + 1000); // sambaAccount_may
$attr['sambaPrimaryGroupSID'] = $_SESSION[config]->get_domainSID() . "-" . (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($values->smb_pwdcanchange) $attr['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange) $attr['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
$attr['sambaAcctFlags'] = smbflag($values); // sambaAccount_may
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
if ($values->smb_domain!='') $attr['sambaDomainName'] = $values->smb_domain; // sambaAccount_may
}
else {
$attr['objectClass'][2] = 'sambaAccount';
$attr['ntPassword'] = exec('../lib/createntlm.pl nt ' . $values->smb_password);
$attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['pwdLastSet'] = time(); // sambaAccount_may
if ($values->smb_password_no) {
$attr['ntPassword'] = 'NO PASSWORD*****';
$attr['lmPassword'] = 'NO PASSWORD*****';
$attr['pwdLastSet'] = time(); // sambaAccount_may
}
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
$attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($values->smb_pwdcanchange) $attr['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange) $attr['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
}
$attr['objectClass'][3] = 'account';
$attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
$attr['uid'] = $values->general_username; // posixAccount_req
@ -1150,14 +1270,6 @@ function createhost($values) { // Will create the LDAP-Account
if ($values->unix_deactivated) $attr['userPassword'] = '{CRYPT}!' . crypt($values->unix_password);
else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password);
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
$attr['ntPassword'] = exec('../lib/createntlm.pl nt ' . $values->smb_password);
$attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['pwdLastSet'] = time(); // sambaAccount_may
if ($values->smb_password_no) {
$attr['ntPassword'] = 'NO PASSWORD*****';
$attr['lmPassword'] = 'NO PASSWORD*****';
$attr['pwdLastSet'] = time(); // sambaAccount_may
}
$attr['loginShell'] = $values->general_shell; // posixAccount_may
$attr['gecos'] = $values->general_gecos; // posixAccount_may
$attr['description'] = $values->general_gecos; // posixAccount_may sambaAccount_may
@ -1167,13 +1279,6 @@ function createhost($values) { // Will create the LDAP-Account
if ($values->unix_pwdwarn!='') $attr['shadowWarning'] = $values->unix_pwdwarn; // shadowAccount_may
if ($values->unix_pwdallowlogin!='') $attr['shadowInactive'] = $values->unix_pwdallowlogin; // shadowAccount_may
if ($date!='') $attr['shadowExpire'] = $date ; // shadowAccount_may
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
$attr['PrimaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($values->smb_pwdcanchange) $attr['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange) $attr['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
$attr['displayName'] = $values->general_gecos; // sambaAccount_may
if ($values->smb_domain!='') $attr['domain'] = $values->smb_domain; // sambaAccount_may
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr);
if (!$success) return 4;
// Add Host to Additional Groups
@ -1216,18 +1321,20 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
}
$values->general_dn = 'uid=' . $values->general_username . ',' . $_SESSION['config']->get_HostSuffix();
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
if ($values->general_username != $values_old->general_username) {
$attr['cn'] = $values->general_username; // posixAccount_req shadowAccount_req sambaAccount_may
$attr['uid'] = $values->general_username; // posixAccount_req
}
if ($values->general_uidNumber != $values_old->general_uidNumber) {
$attr['uidNumber'] = $values->general_uidNumber; // posixAccount_req
$attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
if ($_SESSION['config']->samba3) $attr['sambaSid'] = $_SESSION[config]->get_domainSID() . "-" . (2 * $values->general_uidNumber + 1000); // sambaAccount_may
else $attr['rid'] = (2 * $values->general_uidNumber + 1000); // sambaAccount_may
}
if ($values->general_group != $values_old->general_group) {
$attr['gidNumber'] = getgid($values->general_group); // posixAccount_req
$attr['PrimaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
if ($_SESSION['config']->samba3) $attr['sambaPrimaryGroupSID'] = $_SESSION[config]->get_domainSID() . "-" . (2 * getgid($values->general_group) + 1001); // sambaAccount_req
else $attr['primaryGroupID'] = (2 * getgid($values->general_group) + 1001); // sambaAccount_req
}
if ($values->general_homedir != $values_old->general_homedir)
$attr['homeDirectory'] = $values->general_homedir; // posixAccount_req
@ -1245,6 +1352,28 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
else $attr['userPassword'] = '{CRYPT}' . crypt($values->unix_password);
$attr['shadowLastChange'] = getdays(); // shadowAccount_may
}
if ($_SESSION['config']->samba3) {
if ($values->smb_password_no) {
$attr['sambaNTPassword'] = 'NO PASSWORD*****';
$attr['sambaLMPassword'] = 'NO PASSWORD*****';
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
else
if ($values->smb_password!='') {
$attr['sambaNTPassword'] = exec('../lib/createntlm.pl nt ' . $values->smb_password);
$attr['sambaLMPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['sambaPwdLastSet'] = time(); // sambaAccount_may
}
if ($values->general_gecos != $values_old->general_gecos) $attr['displayName'] = $values->general_gecos; // sambaAccount_may
if ($values->smb_pwdcanchange && $values_old->smb_pwdcanchange==0) $attr['sambaPwdCanChange'] = "1"; else $attr['sambaPwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdcanchange==0 && $values_old->smb_pwdcanchange==1) $attr_rem['sambaPwdCanChange'] = "1"; else $attr['sambaPwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange && $values->smb_pwdmustchange==0) $attr['sambaPwdMustChange'] = "1"; else $attr['sambaPwdMustChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange==0 && $values->smb_pwdmustchange==1) $attr_rem['sambaPwdMustChange'] = "1"; else $attr['sambaPwdMustChange'] = "0"; // sambaAccount_may
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['sambaDomainName'] = $values->smb_domain; // sambaAccount_may
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['sambaDomainName'] = $values_old->smb_domain; // sambaAccount_may
}
else {
if ($values->smb_password_no) {
$attr['ntPassword'] = 'NO PASSWORD*****';
$attr['lmPassword'] = 'NO PASSWORD*****';
@ -1256,6 +1385,16 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
$attr['lmPassword'] = exec('../lib/createntlm.pl lm ' . $values->smb_password);
$attr['pwdLastSet'] = time(); // sambaAccount_may
}
if ($values->general_gecos != $values_old->general_gecos) $attr['displayName'] = $values->general_gecos; // sambaAccount_may
if ($values->smb_pwdcanchange && $values_old->smb_pwdcanchange==0) $attr['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdcanchange==0 && $values_old->smb_pwdcanchange==1) $attr_rem['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange && $values->smb_pwdmustchange==0) $attr['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange==0 && $values->smb_pwdmustchange==1) $attr_rem['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['domain'] = $values->smb_domain; // sambaAccount_may
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['domain'] = $values_old->smb_domain; // sambaAccount_may
}
if ($values->general_shell != $values_old->general_shell)
$attr['loginShell'] = $values->general_shell; // posixAccount_may
if ($values->general_gecos != $values_old->general_gecos) {
@ -1281,13 +1420,6 @@ function modifyhost($values,$values_old) { // Will modify the LDAP-Account
$attr_rem['shadowInactive'] = $values->unix_pwdallowlogin; // shadowAccount_may
if (($date != $date_old) && $date) $attr['shadowExpire'] = $date ; // shadowAccount_may
if (($date != $date_old) && !$date) $attr_rem['shadowExpire'] = $date_old ; // shadowAccount_may
if ($values->smb_pwdcanchange && $values_old->smb_pwdcanchange==0) $attr['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdcanchange==0 && $values_old->smb_pwdcanchange==1) $attr_rem['pwdCanChange'] = "1"; else $attr['pwdCanChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange && $values->smb_pwdmustchange==0) $attr['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
if ($values->smb_pwdmustchange==0 && $values->smb_pwdmustchange==1) $attr_rem['pwdMustChange'] = "1"; else $attr['pwdMustChange'] = "0"; // sambaAccount_may
$attr['acctFlags'] = smbflag($values); // sambaAccount_may
if (($values->smb_domain!='') && ($values->smb_domain!=$values_old->smb_domain)) $attr['domain'] = $values->smb_domain; // sambaAccount_may
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['domain'] = $values_old->smb_domain; // sambaAccount_may
if ($attr_rem) {
$success = ldap_mod_del($_SESSION['ldap']->server(),$values->general_dn, $attr_rem);
@ -1345,7 +1477,7 @@ function creategroup($values) { // Will create the LDAP-Group
// 3 == Group has been modified
// 4 == Error while creating Group
// 5 == Error while modifying Group
$values->general_dn = 'cn=' . $values->general_username . ',' . $_SESSION['config']->get_GroupSuffix();
$values->general_dn = 'cn=' . $values->general_username . ',' . $values->general_dn;
// decrypt password
$iv = base64_decode($_COOKIE["IV"]);
@ -1373,7 +1505,7 @@ function modifygroup($values,$values_old) { // Will modify the LDAP-Group
// 2 == Group allready exists at different location
// 3 == Group has been modified
// 5 == Error while modifying Group
$values->general_dn = 'cn=' . $values->general_username . ',' . $_SESSION['config']->get_GroupSuffix();
$values->general_dn = 'cn=' . $values->general_username . ',' . $values->general_dn;
// decrypt password
$iv = base64_decode($_COOKIE["IV"]);

View File

@ -25,13 +25,30 @@ $Id$
include_once('../lib/account.inc'); // File with all account-funtions
include_once('../lib/config.inc'); // File with configure-functions
include_once('../lib/ldap.inc'); // LDAP-functions
include_once('../lib/profiles.inc'); // functions to load and save profiles
include_once('../lib/status.inc'); // Return error-message
include_once('../lib/pdf.inc'); // Return a pdf-file
include_once('../lib/ldap.inc'); // LDAP-functions
initvars($_GET['type'], $_GET['DN']); // Initialize all needed vars
// returns an array with all organizational units under the given suffix
function search_units($suffix) {
$sr = @ldap_search($_SESSION["ldap"]->server(), $suffix, "objectClass=organizationalunit", array("DN"));
if ($sr) {
$units = ldap_get_entries($_SESSION["ldap"]->server, $sr);
// delete first array entry which is "count"
array_shift($units);
// remove sub arrays
for ($i = 0; $i < sizeof($units); $i++) $units[$i] = $units[$i]['dn'];
// add root suffix if needed
if (!in_array($suffix, $units)) {
array_push($units, $suffix);
}
}
return $units;
}
switch ($_POST['select']) { // Select which part of page should be loaded and check values
// general = startpage, general account paramters
// unix = page with all shadow-options and password
@ -44,6 +61,7 @@ switch ($_POST['select']) { // Select which part of page should be loaded and ch
case 'general':
// Write all general values into $_SESSION['account'] if no profile should be loaded
if (!$_POST['load']) {
$_SESSION['account']->general_dn = $_POST['f_general_suffix'];
if ($_POST['f_general_username']) $_SESSION['account']->general_username = $_POST['f_general_username'];
else $_SESSION['account']->general_username = $_POST['f_general_username'];
if ($_POST['f_general_surname']) $_SESSION['account']->general_surname = $_POST['f_general_surname'];
@ -465,6 +483,16 @@ switch ($select_local) { // Select which part of page will be loaded
echo '</select></td>'."\n".'<td>
<a href="help.php?HelpNumber=405" target="lamhelp">'._('Help').'</a>
</td></tr>'."\n".'<tr><td>';
echo _('Suffix'); echo '</td><td><select name="f_general_suffix">';
foreach (search_units($_SESSION['config']->get_UserSuffix()) as $suffix) {
if ($_SESSION['account']->general_dn) {
if ($_SESSION['account']->general_dn == $suffix) echo '<option selected>' . $suffix;
else echo '<option>' . $suffix;
}
else echo '<option>' . $suffix;
}
echo '</select></td><td><a href="help.php?HelpNumber=461" target="lamhelp">'._('Help').'</a>
</td></tr><tr><td>';
echo _('Values with * are required');
echo '</td></tr><tr><td><select name="f_general_selectprofile">';
// loop through profiles
@ -495,6 +523,16 @@ switch ($select_local) { // Select which part of page will be loaded
</td>'."\n".'<td>
<a href="help.php?HelpNumber=409" target="lamhelp">'._('Help').'</a>
</td></tr><tr><td>';
echo _('Suffix'); echo '</td><td><select name="f_general_suffix">';
foreach (search_units($_SESSION['config']->get_UserSuffix()) as $suffix) {
if ($_SESSION['account']->general_dn) {
if ($_SESSION['account']->general_dn == $suffix) echo '<option selected>' . $suffix;
else echo '<option>' . $suffix;
}
else echo '<option>' . $suffix;
}
echo '</select></td><td><a href="help.php?HelpNumber=462" target="lamhelp">'._('Help').'</a>
</td></tr><tr><td>';
echo _('Values with * are required');
echo '</td></tr>'."\n".'<tr><td><select name="f_general_selectprofile" >';
foreach ($profilelist as $profile) echo '<option>' . $profile;
@ -545,6 +583,16 @@ switch ($select_local) { // Select which part of page will be loaded
</td>'."\n".'<td>
<a href="help.php?HelpNumber=413" target="lamhelp">'._('Help').'</a>
</td></tr><tr><td>';
echo _('Suffix'); echo '</td><td><select name="f_general_suffix">';
foreach (search_units($_SESSION['config']->get_UserSuffix()) as $suffix) {
if ($_SESSION['account']->general_dn) {
if ($_SESSION['account']->general_dn == $suffix) echo '<option selected>' . $suffix;
else echo '<option>' . $suffix;
}
else echo '<option>' . $suffix;
}
echo '</select></td><td><a href="help.php?HelpNumber=463" target="lamhelp">'._('Help').'</a>
</td></tr><tr><td>';
echo _('Values with * are required');
echo '</td></tr>'."\n".'<tr><td><select name="f_general_selectprofile">';
foreach ($profilelist as $profile) echo '<option>' . $profile;