From b5e6e5f34a66c3ec48fbaaf5363f8113700b8b2f Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sat, 3 Dec 2011 18:23:08 +0000
Subject: [PATCH] fixed RDN change and moving to other DNs

---
 lam/lib/account.inc | 24 ++++++++++++++++++++++++
 lam/lib/modules.inc | 12 ++++++++----
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index d5c1f14a..3e6ef6af 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -821,4 +821,28 @@ function isObfuscatedText($text) {
 	}
 }
 
+/**
+ * Extracts the RDN attribute name from a given DN.
+ * 
+ * @param String $dn DN
+ * @return String RDN attribute name
+ */
+function extractRDNAttribute($dn) {
+	if ($dn == null) return null;
+	$parts = explode("=", substr($dn, 0, strpos($dn, ',')));
+	return $parts[0];
+}
+
+/**
+ * Extracts the DN suffix from a given DN.
+ * E.g. ou=people,dc=test,dc=com will result in dc=test,dc=com.
+ * 
+ * @param String $dn DN
+ * @return String DN suffix
+ */
+function extractDNSuffix($dn) {
+	if ($dn == null) return null;
+	return substr($dn, strpos($dn, ',')+1);
+}
+
 ?>
diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc
index fd82ac10..8e64c0b4 100644
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@@ -669,7 +669,7 @@ class accountContainer {
 	/** DN suffix of the account */
 	public $dnSuffix;
 
-	/** DN suffix of account when it was loaded */
+	/** DN of account when it was loaded */
 	public $dn_orig;
 
 	/** RDN attribute of this account */
@@ -1381,11 +1381,10 @@ class accountContainer {
 		if (!$entry) {
 			return array(array("ERROR", _("Unable to load LDAP entry:") . " " . htmlspecialchars($dn), ldap_error($_SESSION['ldap']->server())));
 		}
-		$this->dnSuffix = substr($dn, strpos($dn, ',')+1);
+		$this->dnSuffix = extractDNSuffix($dn);
 		$this->dn_orig = $dn;
 		// extract RDN
-		$this->rdn = explode("=", substr($dn, 0, strpos($dn, ',')));
-		$this->rdn = $this->rdn[0];
+		$this->rdn = extractRDNAttribute($dn);
 		$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
 		$attr = array($attr);
 		cleanLDAPResult($attr);
@@ -1579,6 +1578,11 @@ class accountContainer {
 				unset($attributes[$this->dn_orig]);
 			}
 		}
+		elseif (!$this->isNewAccount && (($this->dnSuffix != extractDNSuffix($this->dn_orig)) || ($this->rdn != extractRDNAttribute($this->rdn)))) {
+			$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['notchanged'][$this->rdn][0] . ',' . $this->dnSuffix;
+			$attributes[$this->finalDN] = $attributes[$this->dn_orig];
+			unset($attributes[$this->dn_orig]);
+		}
 		// pre modify actions
 		$prePostModifyAttributes = array();
 		if (isset($attributes[$this->finalDN]) && is_array($attributes[$this->finalDN])) {