support msSFU30DomainInfo

This commit is contained in:
Roland Gruber 2015-06-07 07:04:02 +00:00
parent 69db640b85
commit c5e07d35f3
2 changed files with 74 additions and 11 deletions

View File

@ -2092,7 +2092,7 @@ class posixAccount extends baseModule implements passwordService {
$needAutoUID[] = $i; $needAutoUID[] = $i;
} }
elseif (get_preg($rawAccount[$ids['posixAccount_uid']], 'digit')) { elseif (get_preg($rawAccount[$ids['posixAccount_uid']], 'digit')) {
if ($this->get_scope() == 'user') { if (($this->get_scope() == 'user') && ($this->moduleSettings['posixAccount_uidGeneratorUsers'][0] == 'range')) {
if (($rawAccount[$ids['posixAccount_uid']] > $this->moduleSettings['posixAccount_minUID'][0]) && if (($rawAccount[$ids['posixAccount_uid']] > $this->moduleSettings['posixAccount_minUID'][0]) &&
($rawAccount[$ids['posixAccount_uid']] < $this->moduleSettings['posixAccount_maxUID'][0])) { ($rawAccount[$ids['posixAccount_uid']] < $this->moduleSettings['posixAccount_maxUID'][0])) {
$partialAccounts[$i]['uidNumber'] = trim($rawAccount[$ids['posixAccount_uid']]); $partialAccounts[$i]['uidNumber'] = trim($rawAccount[$ids['posixAccount_uid']]);
@ -2103,7 +2103,7 @@ class posixAccount extends baseModule implements passwordService {
$errors[] = $errMsg; $errors[] = $errMsg;
} }
} }
elseif ($this->get_scope() == 'host') { elseif (($this->get_scope() == 'host') && ($this->moduleSettings['posixAccount_uidGeneratorHosts'][0] == 'range')) {
if (($rawAccount[$ids['posixAccount_uid']] > $this->moduleSettings['posixAccount_minMachine'][0]) && if (($rawAccount[$ids['posixAccount_uid']] > $this->moduleSettings['posixAccount_minMachine'][0]) &&
($rawAccount[$ids['posixAccount_uid']] < $this->moduleSettings['posixAccount_maxMachine'][0])) { ($rawAccount[$ids['posixAccount_uid']] < $this->moduleSettings['posixAccount_maxMachine'][0])) {
$partialAccounts[$i]['uidNumber'] = trim($rawAccount[$ids['posixAccount_uid']]); $partialAccounts[$i]['uidNumber'] = trim($rawAccount[$ids['posixAccount_uid']]);

View File

@ -521,12 +521,16 @@ class posixGroup extends baseModule implements passwordService {
), ),
'gidGenerator' => array ( 'gidGenerator' => array (
"Headline" => _("GID generator"), "Headline" => _("GID generator"),
"Text" => _("LAM will automatically suggest UID/GID numbers. You can either use a fixed range of numbers or an LDAP entry with object class \"sambaUnixIdPool\".") "Text" => _("LAM will automatically suggest UID/GID numbers. You can either use a fixed range of numbers or an LDAP entry with object class \"sambaUnixIdPool\" or \"msSFU30DomainInfo\".")
), ),
'sambaIDPoolDN' => array ( 'sambaIDPoolDN' => array (
"Headline" => _("Samba ID pool DN"), "Headline" => _("Samba ID pool DN"),
"Text" => _("Please enter the DN of the LDAP entry with object class \"sambaUnixIdPool\".") "Text" => _("Please enter the DN of the LDAP entry with object class \"sambaUnixIdPool\".")
), ),
'windowsIDPoolDN' => array (
"Headline" => _("Windows domain info DN"),
"Text" => _("Please enter the DN of the LDAP entry with object class \"msSFU30DomainInfo\".")
),
'filter' => array( 'filter' => array(
"Headline" => _("Filter"), "Headline" => _("Filter"),
"Text" => _("Here you can enter a filter value. Only entries which contain the filter text will be shown.") "Text" => _("Here you can enter a filter value. Only entries which contain the filter text will be shown.")
@ -561,10 +565,23 @@ class posixGroup extends baseModule implements passwordService {
// configuration options // configuration options
$configContainer = new htmlTable(); $configContainer = new htmlTable();
$configContainer->addElement(new htmlSubTitle(_("Groups")), true); $configContainer->addElement(new htmlSubTitle(_("Groups")), true);
$gidGeneratorSelect = new htmlTableExtendedSelect('posixGroup_gidGenerator', array(_('Fixed range') => 'range', _('Samba ID pool') => 'sambaPool'), array('range'), _('GID generator'), 'gidGenerator'); $genOptions = array(
_('Fixed range') => 'range',
_('Samba ID pool') => 'sambaPool',
_('Windows domain info') => 'windowsDomain'
);
$gidGeneratorSelect = new htmlTableExtendedSelect('posixGroup_gidGenerator', $genOptions, array('range'), _('GID generator'), 'gidGenerator');
$gidGeneratorSelect->setHasDescriptiveElements(true); $gidGeneratorSelect->setHasDescriptiveElements(true);
$gidGeneratorSelect->setTableRowsToHide(array('range' => array('posixGroup_sambaIDPoolDN'), 'sambaPool' => array('posixGroup_minGID', 'posixGroup_maxGID'))); $gidGeneratorSelect->setTableRowsToHide(array(
$gidGeneratorSelect->setTableRowsToShow(array('range' => array('posixGroup_minGID', 'posixGroup_maxGID'), 'sambaPool' => array('posixGroup_sambaIDPoolDN'))); 'range' => array('posixGroup_sambaIDPoolDN', 'posixGroup_windowsIDPoolDN'),
'sambaPool' => array('posixGroup_minGID', 'posixGroup_maxGID', 'posixGroup_windowsIDPoolDN'),
'windowsDomain' => array('posixGroup_minGID', 'posixGroup_maxGID', 'posixGroup_sambaIDPoolDN'),
));
$gidGeneratorSelect->setTableRowsToShow(array(
'range' => array('posixGroup_minGID', 'posixGroup_maxGID'),
'sambaPool' => array('posixGroup_sambaIDPoolDN'),
'windowsDomain' => array('posixGroup_windowsIDPoolDN'),
));
$configContainer->addElement($gidGeneratorSelect, true); $configContainer->addElement($gidGeneratorSelect, true);
$minGidInput = new htmlTableExtendedInputField(_('Minimum GID number'), 'posixGroup_minGID', null, 'minMaxGID'); $minGidInput = new htmlTableExtendedInputField(_('Minimum GID number'), 'posixGroup_minGID', null, 'minMaxGID');
$minGidInput->setRequired(true); $minGidInput->setRequired(true);
@ -575,6 +592,9 @@ class posixGroup extends baseModule implements passwordService {
$gidGeneratorDN = new htmlTableExtendedInputField(_('Samba ID pool DN'), 'posixGroup_sambaIDPoolDN', null, 'sambaIDPoolDN'); $gidGeneratorDN = new htmlTableExtendedInputField(_('Samba ID pool DN'), 'posixGroup_sambaIDPoolDN', null, 'sambaIDPoolDN');
$gidGeneratorDN->setRequired(true); $gidGeneratorDN->setRequired(true);
$configContainer->addElement($gidGeneratorDN, true); $configContainer->addElement($gidGeneratorDN, true);
$winGeneratorDN = new htmlTableExtendedInputField(_('Windows domain info DN'), 'posixGroup_windowsIDPoolDN', null, 'windowsIDPoolDN');
$winGeneratorDN->setRequired(true);
$configContainer->addElement($winGeneratorDN, true);
$configContainer->addElement(new htmlTableExtendedInputField(_('Suffix for GID/group name check'), 'posixGroup_gidCheckSuffix', '', 'gidCheckSuffix'), true); $configContainer->addElement(new htmlTableExtendedInputField(_('Suffix for GID/group name check'), 'posixGroup_gidCheckSuffix', '', 'gidCheckSuffix'), true);
$configContainer->addElement(new htmlTableExtendedInputCheckbox('posixGroup_hidememberUid', false, _('Disable membership management'), 'hidememberUid'), true); $configContainer->addElement(new htmlTableExtendedInputCheckbox('posixGroup_hidememberUid', false, _('Disable membership management'), 'hidememberUid'), true);
$x = $this->get_scope(); $x = $this->get_scope();
@ -648,6 +668,7 @@ class posixGroup extends baseModule implements passwordService {
$this->messages['memberUID'][0] = array('ERROR', _('Account %s:') . ' posixGroup_members', _("This value must be a list of user names separated by semicolons.")); $this->messages['memberUID'][0] = array('ERROR', _('Account %s:') . ' posixGroup_members', _("This value must be a list of user names separated by semicolons."));
$this->messages['primaryGroup'][0] = array('ERROR', _('There are still users who have this group as their primary group.')); $this->messages['primaryGroup'][0] = array('ERROR', _('There are still users who have this group as their primary group.'));
$this->messages['sambaIDPoolDN'][0] = array('ERROR', _('Samba ID pool DN'), _('This is not a valid DN!')); $this->messages['sambaIDPoolDN'][0] = array('ERROR', _('Samba ID pool DN'), _('This is not a valid DN!'));
$this->messages['windowsIDPoolDN'][0] = array('ERROR', _('Windows domain info DN'), _('This is not a valid DN!'));
} }
@ -757,10 +778,12 @@ class posixGroup extends baseModule implements passwordService {
// Check manual ID // Check manual ID
if ($this->getAccountContainer()->isNewAccount || !isset($this->orig['gidNumber'][0]) || ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0])) { if ($this->getAccountContainer()->isNewAccount || !isset($this->orig['gidNumber'][0]) || ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0])) {
// check range // check range
if (($this->attributes['gidNumber'][0] < $minID) || ($this->attributes['gidNumber'][0] > $maxID) || !is_numeric($this->attributes['gidNumber'][0])) { if ($this->moduleSettings['posixGroup_gidGenerator'][0] == 'range') {
$errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID)); if (($this->attributes['gidNumber'][0] < $minID) || ($this->attributes['gidNumber'][0] > $maxID) || !is_numeric($this->attributes['gidNumber'][0])) {
if (isset($this->orig['gidNumber'][0])) $this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0]; $errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
else unset($this->attributes['gidNumber'][0]); if (isset($this->orig['gidNumber'][0])) $this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0];
else unset($this->attributes['gidNumber'][0]);
}
} }
// $uids is allways an array but not if no entries were found // $uids is allways an array but not if no entries were found
if (is_array($gids)) { if (is_array($gids)) {
@ -993,7 +1016,7 @@ class posixGroup extends baseModule implements passwordService {
'cmp_name2' => 'posixGroup_minGID', 'cmp_name2' => 'posixGroup_minGID',
'error_message' => $this->messages['gidNumber'][7]); 'error_message' => $this->messages['gidNumber'][7]);
} }
else { elseif ($options['posixGroup_gidGenerator'][0] == 'sambaPool') {
$this->meta['config_checks']['group']['posixGroup_sambaIDPoolDN'] = array ( $this->meta['config_checks']['group']['posixGroup_sambaIDPoolDN'] = array (
'type' => 'ext_preg', 'type' => 'ext_preg',
'regex' => 'dn', 'regex' => 'dn',
@ -1001,6 +1024,14 @@ class posixGroup extends baseModule implements passwordService {
'required_message' => $this->messages['sambaIDPoolDN'][0], 'required_message' => $this->messages['sambaIDPoolDN'][0],
'error_message' => $this->messages['sambaIDPoolDN'][0]); 'error_message' => $this->messages['sambaIDPoolDN'][0]);
} }
elseif ($options['posixGroup_gidGenerator'][0] == 'windowsDomain') {
$this->meta['config_checks']['group']['posixGroup_windowsIDPoolDN'] = array (
'type' => 'ext_preg',
'regex' => 'dn',
'required' => true,
'required_message' => $this->messages['windowsIDPoolDN'][0],
'error_message' => $this->messages['windowsIDPoolDN'][0]);
}
return parent::check_configOptions($scopes, $options); return parent::check_configOptions($scopes, $options);
} }
@ -1016,6 +1047,10 @@ class posixGroup extends baseModule implements passwordService {
if (isset($this->moduleSettings['posixGroup_gidGenerator']) && ($this->moduleSettings['posixGroup_gidGenerator'][0] == 'sambaPool')) { if (isset($this->moduleSettings['posixGroup_gidGenerator']) && ($this->moduleSettings['posixGroup_gidGenerator'][0] == 'sambaPool')) {
return $this->getNextSambaPoolGIDs($count, $errors); return $this->getNextSambaPoolGIDs($count, $errors);
} }
// check if UIDs should be taken from domain info entry
if (isset($this->moduleSettings['posixGroup_gidGenerator']) && ($this->moduleSettings['posixGroup_gidGenerator'][0] == 'windowsDomain')) {
return $this->getNextDomainInfoGIDs($count, $errors);
}
$ret = array(); $ret = array();
$minID = intval($this->moduleSettings['posixGroup_minGID'][0]); $minID = intval($this->moduleSettings['posixGroup_minGID'][0]);
$maxID = intval($this->moduleSettings['posixGroup_maxGID'][0]); $maxID = intval($this->moduleSettings['posixGroup_maxGID'][0]);
@ -1090,6 +1125,34 @@ class posixGroup extends baseModule implements passwordService {
return null; return null;
} }
/**
* Gets the free GID numbers from an Windows domain info entry in LDAP.
*
* @param integer $count number of needed free GIDs.
* @param array $errors list of error messages where errors can be added
* @return mixed null if no GIDs are free else an array of free GIDs
*/
private function getNextDomainInfoGIDs($count, &$errors) {
$dn = $this->moduleSettings['posixGroup_windowsIDPoolDN'][0];
$attrs = ldapGetDN($dn, array('msSFU30MaxGidNumber'));
if (isset($attrs['mssfu30maxgidnumber'][0]) && ($attrs['mssfu30maxgidnumber'][0] != '')) {
$newValue = $attrs['mssfu30maxgidnumber'][0] + $count;
$ldapHandle = $_SESSION['ldap']->server();
ldap_modify($ldapHandle, $dn, array('mssfu30maxgidnumber' => array($newValue)));
logNewMessage(LOG_DEBUG, 'Updated domain info ' . $dn . ' with GID number ' . $newValue . ' and LDAP code ' . ldap_errno($ldapHandle));
if (ldap_errno($ldapHandle) != 0) {
logNewMessage(LOG_NOTICE, 'Updating domain info ' . $dn . ' with GID number ' . $newValue . ' failed. ' . ldap_error($ldapHandle));
return null;
}
$result = array();
for ($i = 0; $i < $count; $i++) {
$result[] = $attrs['mssfu30maxgidnumber'][0] + $i;
}
return $result;
}
return null;
}
/** /**
* This method specifies if a module manages password attributes. * This method specifies if a module manages password attributes.
* @see passwordService::managesPasswordAttributes * @see passwordService::managesPasswordAttributes