support msSFU30DomainInfo
This commit is contained in:
parent
69db640b85
commit
c5e07d35f3
|
@ -2092,7 +2092,7 @@ class posixAccount extends baseModule implements passwordService {
|
||||||
$needAutoUID[] = $i;
|
$needAutoUID[] = $i;
|
||||||
}
|
}
|
||||||
elseif (get_preg($rawAccount[$ids['posixAccount_uid']], 'digit')) {
|
elseif (get_preg($rawAccount[$ids['posixAccount_uid']], 'digit')) {
|
||||||
if ($this->get_scope() == 'user') {
|
if (($this->get_scope() == 'user') && ($this->moduleSettings['posixAccount_uidGeneratorUsers'][0] == 'range')) {
|
||||||
if (($rawAccount[$ids['posixAccount_uid']] > $this->moduleSettings['posixAccount_minUID'][0]) &&
|
if (($rawAccount[$ids['posixAccount_uid']] > $this->moduleSettings['posixAccount_minUID'][0]) &&
|
||||||
($rawAccount[$ids['posixAccount_uid']] < $this->moduleSettings['posixAccount_maxUID'][0])) {
|
($rawAccount[$ids['posixAccount_uid']] < $this->moduleSettings['posixAccount_maxUID'][0])) {
|
||||||
$partialAccounts[$i]['uidNumber'] = trim($rawAccount[$ids['posixAccount_uid']]);
|
$partialAccounts[$i]['uidNumber'] = trim($rawAccount[$ids['posixAccount_uid']]);
|
||||||
|
@ -2103,7 +2103,7 @@ class posixAccount extends baseModule implements passwordService {
|
||||||
$errors[] = $errMsg;
|
$errors[] = $errMsg;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
elseif ($this->get_scope() == 'host') {
|
elseif (($this->get_scope() == 'host') && ($this->moduleSettings['posixAccount_uidGeneratorHosts'][0] == 'range')) {
|
||||||
if (($rawAccount[$ids['posixAccount_uid']] > $this->moduleSettings['posixAccount_minMachine'][0]) &&
|
if (($rawAccount[$ids['posixAccount_uid']] > $this->moduleSettings['posixAccount_minMachine'][0]) &&
|
||||||
($rawAccount[$ids['posixAccount_uid']] < $this->moduleSettings['posixAccount_maxMachine'][0])) {
|
($rawAccount[$ids['posixAccount_uid']] < $this->moduleSettings['posixAccount_maxMachine'][0])) {
|
||||||
$partialAccounts[$i]['uidNumber'] = trim($rawAccount[$ids['posixAccount_uid']]);
|
$partialAccounts[$i]['uidNumber'] = trim($rawAccount[$ids['posixAccount_uid']]);
|
||||||
|
|
|
@ -521,12 +521,16 @@ class posixGroup extends baseModule implements passwordService {
|
||||||
),
|
),
|
||||||
'gidGenerator' => array (
|
'gidGenerator' => array (
|
||||||
"Headline" => _("GID generator"),
|
"Headline" => _("GID generator"),
|
||||||
"Text" => _("LAM will automatically suggest UID/GID numbers. You can either use a fixed range of numbers or an LDAP entry with object class \"sambaUnixIdPool\".")
|
"Text" => _("LAM will automatically suggest UID/GID numbers. You can either use a fixed range of numbers or an LDAP entry with object class \"sambaUnixIdPool\" or \"msSFU30DomainInfo\".")
|
||||||
),
|
),
|
||||||
'sambaIDPoolDN' => array (
|
'sambaIDPoolDN' => array (
|
||||||
"Headline" => _("Samba ID pool DN"),
|
"Headline" => _("Samba ID pool DN"),
|
||||||
"Text" => _("Please enter the DN of the LDAP entry with object class \"sambaUnixIdPool\".")
|
"Text" => _("Please enter the DN of the LDAP entry with object class \"sambaUnixIdPool\".")
|
||||||
),
|
),
|
||||||
|
'windowsIDPoolDN' => array (
|
||||||
|
"Headline" => _("Windows domain info DN"),
|
||||||
|
"Text" => _("Please enter the DN of the LDAP entry with object class \"msSFU30DomainInfo\".")
|
||||||
|
),
|
||||||
'filter' => array(
|
'filter' => array(
|
||||||
"Headline" => _("Filter"),
|
"Headline" => _("Filter"),
|
||||||
"Text" => _("Here you can enter a filter value. Only entries which contain the filter text will be shown.")
|
"Text" => _("Here you can enter a filter value. Only entries which contain the filter text will be shown.")
|
||||||
|
@ -561,10 +565,23 @@ class posixGroup extends baseModule implements passwordService {
|
||||||
// configuration options
|
// configuration options
|
||||||
$configContainer = new htmlTable();
|
$configContainer = new htmlTable();
|
||||||
$configContainer->addElement(new htmlSubTitle(_("Groups")), true);
|
$configContainer->addElement(new htmlSubTitle(_("Groups")), true);
|
||||||
$gidGeneratorSelect = new htmlTableExtendedSelect('posixGroup_gidGenerator', array(_('Fixed range') => 'range', _('Samba ID pool') => 'sambaPool'), array('range'), _('GID generator'), 'gidGenerator');
|
$genOptions = array(
|
||||||
|
_('Fixed range') => 'range',
|
||||||
|
_('Samba ID pool') => 'sambaPool',
|
||||||
|
_('Windows domain info') => 'windowsDomain'
|
||||||
|
);
|
||||||
|
$gidGeneratorSelect = new htmlTableExtendedSelect('posixGroup_gidGenerator', $genOptions, array('range'), _('GID generator'), 'gidGenerator');
|
||||||
$gidGeneratorSelect->setHasDescriptiveElements(true);
|
$gidGeneratorSelect->setHasDescriptiveElements(true);
|
||||||
$gidGeneratorSelect->setTableRowsToHide(array('range' => array('posixGroup_sambaIDPoolDN'), 'sambaPool' => array('posixGroup_minGID', 'posixGroup_maxGID')));
|
$gidGeneratorSelect->setTableRowsToHide(array(
|
||||||
$gidGeneratorSelect->setTableRowsToShow(array('range' => array('posixGroup_minGID', 'posixGroup_maxGID'), 'sambaPool' => array('posixGroup_sambaIDPoolDN')));
|
'range' => array('posixGroup_sambaIDPoolDN', 'posixGroup_windowsIDPoolDN'),
|
||||||
|
'sambaPool' => array('posixGroup_minGID', 'posixGroup_maxGID', 'posixGroup_windowsIDPoolDN'),
|
||||||
|
'windowsDomain' => array('posixGroup_minGID', 'posixGroup_maxGID', 'posixGroup_sambaIDPoolDN'),
|
||||||
|
));
|
||||||
|
$gidGeneratorSelect->setTableRowsToShow(array(
|
||||||
|
'range' => array('posixGroup_minGID', 'posixGroup_maxGID'),
|
||||||
|
'sambaPool' => array('posixGroup_sambaIDPoolDN'),
|
||||||
|
'windowsDomain' => array('posixGroup_windowsIDPoolDN'),
|
||||||
|
));
|
||||||
$configContainer->addElement($gidGeneratorSelect, true);
|
$configContainer->addElement($gidGeneratorSelect, true);
|
||||||
$minGidInput = new htmlTableExtendedInputField(_('Minimum GID number'), 'posixGroup_minGID', null, 'minMaxGID');
|
$minGidInput = new htmlTableExtendedInputField(_('Minimum GID number'), 'posixGroup_minGID', null, 'minMaxGID');
|
||||||
$minGidInput->setRequired(true);
|
$minGidInput->setRequired(true);
|
||||||
|
@ -575,6 +592,9 @@ class posixGroup extends baseModule implements passwordService {
|
||||||
$gidGeneratorDN = new htmlTableExtendedInputField(_('Samba ID pool DN'), 'posixGroup_sambaIDPoolDN', null, 'sambaIDPoolDN');
|
$gidGeneratorDN = new htmlTableExtendedInputField(_('Samba ID pool DN'), 'posixGroup_sambaIDPoolDN', null, 'sambaIDPoolDN');
|
||||||
$gidGeneratorDN->setRequired(true);
|
$gidGeneratorDN->setRequired(true);
|
||||||
$configContainer->addElement($gidGeneratorDN, true);
|
$configContainer->addElement($gidGeneratorDN, true);
|
||||||
|
$winGeneratorDN = new htmlTableExtendedInputField(_('Windows domain info DN'), 'posixGroup_windowsIDPoolDN', null, 'windowsIDPoolDN');
|
||||||
|
$winGeneratorDN->setRequired(true);
|
||||||
|
$configContainer->addElement($winGeneratorDN, true);
|
||||||
$configContainer->addElement(new htmlTableExtendedInputField(_('Suffix for GID/group name check'), 'posixGroup_gidCheckSuffix', '', 'gidCheckSuffix'), true);
|
$configContainer->addElement(new htmlTableExtendedInputField(_('Suffix for GID/group name check'), 'posixGroup_gidCheckSuffix', '', 'gidCheckSuffix'), true);
|
||||||
$configContainer->addElement(new htmlTableExtendedInputCheckbox('posixGroup_hidememberUid', false, _('Disable membership management'), 'hidememberUid'), true);
|
$configContainer->addElement(new htmlTableExtendedInputCheckbox('posixGroup_hidememberUid', false, _('Disable membership management'), 'hidememberUid'), true);
|
||||||
$x = $this->get_scope();
|
$x = $this->get_scope();
|
||||||
|
@ -648,6 +668,7 @@ class posixGroup extends baseModule implements passwordService {
|
||||||
$this->messages['memberUID'][0] = array('ERROR', _('Account %s:') . ' posixGroup_members', _("This value must be a list of user names separated by semicolons."));
|
$this->messages['memberUID'][0] = array('ERROR', _('Account %s:') . ' posixGroup_members', _("This value must be a list of user names separated by semicolons."));
|
||||||
$this->messages['primaryGroup'][0] = array('ERROR', _('There are still users who have this group as their primary group.'));
|
$this->messages['primaryGroup'][0] = array('ERROR', _('There are still users who have this group as their primary group.'));
|
||||||
$this->messages['sambaIDPoolDN'][0] = array('ERROR', _('Samba ID pool DN'), _('This is not a valid DN!'));
|
$this->messages['sambaIDPoolDN'][0] = array('ERROR', _('Samba ID pool DN'), _('This is not a valid DN!'));
|
||||||
|
$this->messages['windowsIDPoolDN'][0] = array('ERROR', _('Windows domain info DN'), _('This is not a valid DN!'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -757,10 +778,12 @@ class posixGroup extends baseModule implements passwordService {
|
||||||
// Check manual ID
|
// Check manual ID
|
||||||
if ($this->getAccountContainer()->isNewAccount || !isset($this->orig['gidNumber'][0]) || ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0])) {
|
if ($this->getAccountContainer()->isNewAccount || !isset($this->orig['gidNumber'][0]) || ($this->orig['gidNumber'][0] != $this->attributes['gidNumber'][0])) {
|
||||||
// check range
|
// check range
|
||||||
if (($this->attributes['gidNumber'][0] < $minID) || ($this->attributes['gidNumber'][0] > $maxID) || !is_numeric($this->attributes['gidNumber'][0])) {
|
if ($this->moduleSettings['posixGroup_gidGenerator'][0] == 'range') {
|
||||||
$errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
|
if (($this->attributes['gidNumber'][0] < $minID) || ($this->attributes['gidNumber'][0] > $maxID) || !is_numeric($this->attributes['gidNumber'][0])) {
|
||||||
if (isset($this->orig['gidNumber'][0])) $this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0];
|
$errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
|
||||||
else unset($this->attributes['gidNumber'][0]);
|
if (isset($this->orig['gidNumber'][0])) $this->attributes['gidNumber'][0] = $this->orig['gidNumber'][0];
|
||||||
|
else unset($this->attributes['gidNumber'][0]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// $uids is allways an array but not if no entries were found
|
// $uids is allways an array but not if no entries were found
|
||||||
if (is_array($gids)) {
|
if (is_array($gids)) {
|
||||||
|
@ -993,7 +1016,7 @@ class posixGroup extends baseModule implements passwordService {
|
||||||
'cmp_name2' => 'posixGroup_minGID',
|
'cmp_name2' => 'posixGroup_minGID',
|
||||||
'error_message' => $this->messages['gidNumber'][7]);
|
'error_message' => $this->messages['gidNumber'][7]);
|
||||||
}
|
}
|
||||||
else {
|
elseif ($options['posixGroup_gidGenerator'][0] == 'sambaPool') {
|
||||||
$this->meta['config_checks']['group']['posixGroup_sambaIDPoolDN'] = array (
|
$this->meta['config_checks']['group']['posixGroup_sambaIDPoolDN'] = array (
|
||||||
'type' => 'ext_preg',
|
'type' => 'ext_preg',
|
||||||
'regex' => 'dn',
|
'regex' => 'dn',
|
||||||
|
@ -1001,6 +1024,14 @@ class posixGroup extends baseModule implements passwordService {
|
||||||
'required_message' => $this->messages['sambaIDPoolDN'][0],
|
'required_message' => $this->messages['sambaIDPoolDN'][0],
|
||||||
'error_message' => $this->messages['sambaIDPoolDN'][0]);
|
'error_message' => $this->messages['sambaIDPoolDN'][0]);
|
||||||
}
|
}
|
||||||
|
elseif ($options['posixGroup_gidGenerator'][0] == 'windowsDomain') {
|
||||||
|
$this->meta['config_checks']['group']['posixGroup_windowsIDPoolDN'] = array (
|
||||||
|
'type' => 'ext_preg',
|
||||||
|
'regex' => 'dn',
|
||||||
|
'required' => true,
|
||||||
|
'required_message' => $this->messages['windowsIDPoolDN'][0],
|
||||||
|
'error_message' => $this->messages['windowsIDPoolDN'][0]);
|
||||||
|
}
|
||||||
return parent::check_configOptions($scopes, $options);
|
return parent::check_configOptions($scopes, $options);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1016,6 +1047,10 @@ class posixGroup extends baseModule implements passwordService {
|
||||||
if (isset($this->moduleSettings['posixGroup_gidGenerator']) && ($this->moduleSettings['posixGroup_gidGenerator'][0] == 'sambaPool')) {
|
if (isset($this->moduleSettings['posixGroup_gidGenerator']) && ($this->moduleSettings['posixGroup_gidGenerator'][0] == 'sambaPool')) {
|
||||||
return $this->getNextSambaPoolGIDs($count, $errors);
|
return $this->getNextSambaPoolGIDs($count, $errors);
|
||||||
}
|
}
|
||||||
|
// check if UIDs should be taken from domain info entry
|
||||||
|
if (isset($this->moduleSettings['posixGroup_gidGenerator']) && ($this->moduleSettings['posixGroup_gidGenerator'][0] == 'windowsDomain')) {
|
||||||
|
return $this->getNextDomainInfoGIDs($count, $errors);
|
||||||
|
}
|
||||||
$ret = array();
|
$ret = array();
|
||||||
$minID = intval($this->moduleSettings['posixGroup_minGID'][0]);
|
$minID = intval($this->moduleSettings['posixGroup_minGID'][0]);
|
||||||
$maxID = intval($this->moduleSettings['posixGroup_maxGID'][0]);
|
$maxID = intval($this->moduleSettings['posixGroup_maxGID'][0]);
|
||||||
|
@ -1090,6 +1125,34 @@ class posixGroup extends baseModule implements passwordService {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the free GID numbers from an Windows domain info entry in LDAP.
|
||||||
|
*
|
||||||
|
* @param integer $count number of needed free GIDs.
|
||||||
|
* @param array $errors list of error messages where errors can be added
|
||||||
|
* @return mixed null if no GIDs are free else an array of free GIDs
|
||||||
|
*/
|
||||||
|
private function getNextDomainInfoGIDs($count, &$errors) {
|
||||||
|
$dn = $this->moduleSettings['posixGroup_windowsIDPoolDN'][0];
|
||||||
|
$attrs = ldapGetDN($dn, array('msSFU30MaxGidNumber'));
|
||||||
|
if (isset($attrs['mssfu30maxgidnumber'][0]) && ($attrs['mssfu30maxgidnumber'][0] != '')) {
|
||||||
|
$newValue = $attrs['mssfu30maxgidnumber'][0] + $count;
|
||||||
|
$ldapHandle = $_SESSION['ldap']->server();
|
||||||
|
ldap_modify($ldapHandle, $dn, array('mssfu30maxgidnumber' => array($newValue)));
|
||||||
|
logNewMessage(LOG_DEBUG, 'Updated domain info ' . $dn . ' with GID number ' . $newValue . ' and LDAP code ' . ldap_errno($ldapHandle));
|
||||||
|
if (ldap_errno($ldapHandle) != 0) {
|
||||||
|
logNewMessage(LOG_NOTICE, 'Updating domain info ' . $dn . ' with GID number ' . $newValue . ' failed. ' . ldap_error($ldapHandle));
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
$result = array();
|
||||||
|
for ($i = 0; $i < $count; $i++) {
|
||||||
|
$result[] = $attrs['mssfu30maxgidnumber'][0] + $i;
|
||||||
|
}
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This method specifies if a module manages password attributes.
|
* This method specifies if a module manages password attributes.
|
||||||
* @see passwordService::managesPasswordAttributes
|
* @see passwordService::managesPasswordAttributes
|
||||||
|
|
Loading…
Reference in New Issue