WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Serveral smaller bugfixes.

This commit is contained in:
katagia 2003-05-14 21:12:17 +00:00
parent 4a1f87ce1e
commit dbba71339e
6 changed files with 159 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lam/config/shells Normal file
View File

@ -0,0 +1,17 @@
/bin/ash
/bin/bash
/bin/bash1
/bin/csh
/bin/false
/bin/ksh
/bin/sh
/bin/tcsh
/bin/true
/bin/zsh
/usr/bin/csh
/usr/bin/ksh
/usr/bin/passwd
/usr/bin/bash
/usr/bin/rbash
/usr/bin/tcsh
/usr/bin/zsh

2
lam/docs/README.lamdaemon.pl
View File

@ -25,7 +25,7 @@ thins to get it work.
* Check if the user your webserver is running as does * Check if the user your webserver is running as does
also exists on remote-host also exists on remote-host
* Copy the content of ~/.ssh/id_dsa.pub from the system * Copy the content of ~/.ssh/id_dsa.pub from the system
LDAP Account manager into ~/.ssh/known_hosts on the LDAP Account manager into ~/.ssh/authorized_keys on the
remote machine remote machine
* Connect to the remote server via ssh $remotehost * Connect to the remote server via ssh $remotehost
Answer the next question with yes if the remote key is Answer the next question with yes if the remote key is

106
lam/lib/account.inc
View File

@ -93,8 +93,14 @@ function registervars() { // This function registers all needes session-varibale
} }
function getshells() { // Return a list of all shells listed in /etc/shells function getshells() { // Return a list of all shells listed in /etc/shells
$shells = file('/etc/shells'); $shells = file('../config/shells');
foreach ($shells as $shell) chop($shell); $i=0;
while ($shells[$i]) {
// ******** Fixme remove everthing starting from # and every empty line
chop($shells[$i]);
trim($shells[$i]);
$i++;
}
return $shells; return $shells;
} }
@ -103,6 +109,19 @@ function checkglobal() { // This functions checks all global account parameters
$error = "0"; $error = "0";
switch ( $_SESSION['type2'] ) { switch ( $_SESSION['type2'] ) {
case 'user' : case 'user' :
if ( ($_SESSION['account_temp']->general_gecos=='') || ($_SESSION['account_temp']->general_gecos==' ')) $_SESSION['account_temp']->general_gecos = $_SESSION['account_temp']->general_givenname . " " . $_SESSION['account_temp']->general_surname ;
// Check if Homedir is valid
if ($_SESSION['account_temp']->general_username != '')
$_SESSION['account_temp']->general_homedir = str_replace('$user', $_SESSION['account_temp']->general_username, $_SESSION['account_temp']->general_homedir);
$_SESSION['account_temp']->general_homedir = str_replace('$group', $_SESSION['account_temp']->general_group, $_SESSION['account_temp']->general_homedir);
if ( !ereg('^[/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*)*$', $_SESSION['account_temp']->general_homedir )) $error = _('Homedirectory contents invalid characters.');
// Check if givenname is valid
if ( !ereg('^([a-z]|[A-Z])*$', $_SESSION['account_temp']->givenname)) $error = _('Givenname contents invalid characters');
// Check if surname is valid
if ( !ereg('^([a-z]|[A-Z])*$', $_SESSION['account_temp']->surname)) $error = _('Surname contents invalid characters');
// Check if UID is valid. If none value was entered, the next useable value will be inserted
$temp = checkid();
if ($temp) $error = $temp;
// Check if Username-length is OK. minLength=3, maxLength=20 // Check if Username-length is OK. minLength=3, maxLength=20
if ( !ereg('.{3,20}', $_SESSION['account_temp']->general_username)) $error = _('Username must content between 3 and 20 characters.'); if ( !ereg('.{3,20}', $_SESSION['account_temp']->general_username)) $error = _('Username must content between 3 and 20 characters.');
// Check if Username starts with letter // Check if Username starts with letter
@ -112,18 +131,6 @@ function checkglobal() { // This functions checks all global account parameters
// Check if user already exists // Check if user already exists
$temp = ldapexists(); $temp = ldapexists();
if ($temp) $error = $temp; if ($temp) $error = $temp;
// Check if surname is valid
if ( !ereg('^([a-z]|[A-Z])*$', $_SESSION['account_temp']->surname)) $error = _('Surname contents invalid characters');
// Check if givenname is valid
if ( !ereg('^([a-z]|[A-Z])*$', $_SESSION['account_temp']->givenname)) $error = _('Givenname contents invalid characters');
// Check if Homedir is valid
$_SESSION['account_temp']->general_homedir = str_replace('$user', $_SESSION['account_temp']->general_username, $_SESSION['account_temp']->general_homedir);
$_SESSION['account_temp']->general_homedir = str_replace('$group', $_SESSION['account_temp']->general_group, $_SESSION['account_temp']->general_homedir);
if ( !ereg('^[/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*)*$', $_SESSION['account_temp']->general_homedir )) $error = _('Homedirectory contents invalid characters.');
if ($_SESSION['account_temp']->general_gecos=='') $_SESSION['account_temp']->general_gecos = $_SESSION['account_temp']->general_givenname . " " . $_SESSION['account_temp']->general_surname ;
// Check if UID is valid. If none value was entered, the next useable value will be inserted
$temp = checkid();
if ($temp) $error = $temp;
break; break;
case 'group' : case 'group' :
// Check if Groupname-length is OK. minLength=3, maxLength=20 // Check if Groupname-length is OK. minLength=3, maxLength=20
@ -177,17 +184,17 @@ function checkunix() { // This function checks all unix account paramters
$error = "0"; $error = "0";
switch ( $_SESSION['type2'] ) { switch ( $_SESSION['type2'] ) {
case 'user' : case 'user' :
// Sonderzeichen |#*,.;:_-+!$%&/|?{[()]} ****************************************************
if ( !ereg('^([a-z]|[A-Z]|[0-9])*$', $_SESSION['account_temp']->unix_password)) $error = _('Password contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !');
if ($_SESSION['account_temp']->unix_pwdwarn=='') $error = _('No value for Password Warn.');
if ( !ereg('^([1-9]+)([0-9]*)$', $_SESSION['account_temp']->unix_pwdwarn)) $error = _('Password Warn must be are natural number.');
if ($_SESSION['account_temp']->unix_pwdallowlogin=='') $error = _('No value for Password Expire.');
if ( !ereg('^(([-][1])|([0-9]*))$', $_SESSION['account_temp']->unix_pwdallowlogin)) $error = _('Password Expire must be are natural number or -1.');
if ($_SESSION['account_temp']->unix_pwdmaxage=='') $error = _('No value for Password Maxage.');
if ( !ereg('^([1-9]+)([0-9]*)$', $_SESSION['account_temp']->unix_pwdmaxage)) $error = _('Password Maxage must be are natural number.');
if ($_SESSION['account_temp']->unix_pwdminage=='') $error = _('No value for Password Minage.');
if ( !ereg('^([0-9]*)$', $_SESSION['account_temp']->unix_pwdminage)) $error = _('Password Minage must be are natural number.'); if ( !ereg('^([0-9]*)$', $_SESSION['account_temp']->unix_pwdminage)) $error = _('Password Minage must be are natural number.');
if ( $_SESSION['account_temp']->unix_pwdminage > $_SESSION['account_temp']->unix_pwdmaxage ) $error = _('Password Maxage must bigger as Password Minage.'); if ( $_SESSION['account_temp']->unix_pwdminage > $_SESSION['account_temp']->unix_pwdmaxage ) $error = _('Password Maxage must bigger as Password Minage.');
if ( !ereg('^([1-9]+)([0-9]*)$', $_SESSION['account_temp']->unix_pwdmaxage)) $error = _('Password Maxage must be are natural number.');
if ($_SESSION['account_temp']->unix_pwdminage=='') $error = _('No value for Password Minage.');
if ( !ereg('^(([-][1])|([0-9]*))$', $_SESSION['account_temp']->unix_pwdallowlogin)) $error = _('Password Expire must be are natural number or -1.');
if ($_SESSION['account_temp']->unix_pwdmaxage=='') $error = _('No value for Password Maxage.');
if ( !ereg('^([1-9]+)([0-9]*)$', $_SESSION['account_temp']->unix_pwdwarn)) $error = _('Password Warn must be are natural number.');
if ($_SESSION['account_temp']->unix_pwdallowlogin=='') $error = _('No value for Password Expire.');
if ( !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$',
$_SESSION['account_temp']->unix_password)) $error = _('Password contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !');
if ($_SESSION['account_temp']->unix_pwdwarn=='') $error = _('No value for Password Warn.');
break; break;
case 'host' : case 'host' :
// Sonderzeichen |#*,.;:_-+!$%&/|?{[()]} **************************************************** // Sonderzeichen |#*,.;:_-+!$%&/|?{[()]} ****************************************************
@ -228,8 +235,8 @@ function checksamba() { // This function checks all samba account paramters
$_SESSION['account_temp']->smb_profilePath = str_replace('$group', $_SESSION['account_temp']->general_group, $_SESSION['account_temp']->smb_profilePath); $_SESSION['account_temp']->smb_profilePath = str_replace('$group', $_SESSION['account_temp']->general_group, $_SESSION['account_temp']->smb_profilePath);
$_SESSION['account_temp']->smb_smbHome = str_replace('$user', $_SESSION['account_temp']->general_username, $_SESSION['account_temp']->smb_smbHome); $_SESSION['account_temp']->smb_smbHome = str_replace('$user', $_SESSION['account_temp']->general_username, $_SESSION['account_temp']->smb_smbHome);
$_SESSION['account_temp']->smb_smbHome = str_replace('$group', $_SESSION['account_temp']->general_group, $_SESSION['account_temp']->smb_smbHome); $_SESSION['account_temp']->smb_smbHome = str_replace('$group', $_SESSION['account_temp']->general_group, $_SESSION['account_temp']->smb_smbHome);
// Sonderzeichen |#*,.;:_-+!$%&/|?{[()]} **************************************************** if ( !ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$',
if ( !ereg('^([a-z]|[A-Z]|[0-9])*$', $_SESSION['account_temp']->smb_password)) $error = _('Password contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'); $_SESSION['account_temp']->smb_password)) $error = _('Password contents invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !');
if ( (!$_SESSION['account_temp']->smb_scriptpath=='') && (!ereg('^([/])*[a-z]([a-z]|[0-9]|[.]|[-]|[_])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*)*$', $_SESSION['account_temp']->smb_scriptpath))) $error = _('Scriptpath is invalid'); if ( (!$_SESSION['account_temp']->smb_scriptpath=='') && (!ereg('^([/])*[a-z]([a-z]|[0-9]|[.]|[-]|[_])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*)*$', $_SESSION['account_temp']->smb_scriptpath))) $error = _('Scriptpath is invalid');
if ( (!$_SESSION['account_temp']->smb_profilePath=='') && (!ereg('^[/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*)*$', $_SESSION['account_temp']->smb_profilePath)) && (!ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-])+)+$', $_SESSION['account_temp']->smb_profilePath))) $error = _('ProfilePath is invalid.'); if ( (!$_SESSION['account_temp']->smb_profilePath=='') && (!ereg('^[/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*([/][a-z]([a-z]|[0-9]|[.]|[-]|[_])*)*$', $_SESSION['account_temp']->smb_profilePath)) && (!ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-])+)+$', $_SESSION['account_temp']->smb_profilePath))) $error = _('ProfilePath is invalid.');
if ( (!$_SESSION['account_temp']->smb_smbHome=='') && !ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-])+)+$', $_SESSION['account_temp']->smb_smbhome)) $error = _('smbHome is invalid.'); if ( (!$_SESSION['account_temp']->smb_smbHome=='') && !ereg('^[\][\]([a-z]|[A-Z]|[0-9]|[.]|[-])+([\]([a-z]|[A-Z]|[0-9]|[.]|[-])+)+$', $_SESSION['account_temp']->smb_smbhome)) $error = _('smbHome is invalid.');
@ -353,52 +360,55 @@ function RndInt($Format){
function getquotas($user='+') { // Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned function getquotas($user='+') { // Whis function will return the quotas from the specified user If empty only filesystems with enabled quotas are returned
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota get '; // *****************
//$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota get ';
$towrite = 'cn=Manager,dc=my-domain,dc=com secret '.$user.' quota get ';
if ($_SESSION['type2']=='user') $towrite = $towrite.'u'; if ($_SESSION['type2']=='user') $towrite = $towrite.'u';
else $towrite = $towrite.'g'; else $towrite = $towrite.'g';
exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals); exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
$vals = explode(';', $vals[0]); $vals = explode(':', $vals[0]);
while ($vals[$i]) { for ($i=0; $i<sizeof($vals); $i++) {
$vals2 = explode(',', $vals[$i]); $vals2 = explode(',', $vals[$i]);
$j=0; for ($j=0; $j<sizeof($vals2); $j++) {
while ($vals2[$j]) {
$_SESSION['account']->quota[$i][$j] = $vals2[$j]; $_SESSION['account']->quota[$i][$j] = $vals2[$j];
$j++;
} }
if ($_SESSION['account']->quota[$i][4]<$time) $_SESSION['account']->quota[$i][4] = ''; if ($_SESSION['account']->quota[$i][4]<$time) $_SESSION['account']->quota[$i][4] = '';
else $_SESSION['account']->quota[$i][4] = strval(($_SESSION['account']->quota[$i][4]-$time)/3600) . _('hours'); else $_SESSION['account']->quota[$i][4] = strval(($_SESSION['account']->quota[$i][4]-$time)/3600) . _(' hours');
if ($_SESSION['account']->quota[$i][8]<$time) $_SESSION['account']->quota[$i][8] = ''; if ($_SESSION['account']->quota[$i][8]<$time) $_SESSION['account']->quota[$i][8] = '';
else $_SESSION['account']->quota[$i][8] = strval(($_SESSION['account']->quota[$i][8]-$time)/3600) . _('hours'); else $_SESSION['account']->quota[$i][8] = strval(($_SESSION['account']->quota[$i][8]-$time)/3600) . _(' hours');
$i++;
} }
} }
function setquotas($user) { // Whis function will set the quotas from the specified user. function setquotas($user) { // Whis function will set the quotas from the specified user.
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota set '; //$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' quota set ';
$towrite = 'cn=Manager,dc=my-domain,dc=com secret '.$user.' quota set ';
if ($_SESSION['type2']=='user') $towrite = $towrite.'u '; if ($_SESSION['type2']=='user') $towrite = $towrite.'u ';
else $towrite = $towrite.'g '; else $towrite = $towrite.'g ';
$i=0; $i=0;
while ($_SESSION['account']->quota[$i][0]) { while ($_SESSION['account']->quota[$i][0]) {
if ($_SESSION['account']->quota[$i] != $_SESSION['account_old']->quota[$i]) { if ($_SESSION['account']->quota[$i] != $_SESSION['account_old']->quota[$i]) {
$towrite = $towrite. $_SESSION['account']->quota[$i][0] .','.$_SESSION['account']->quota[$i][2] .','.$_SESSION['account']->quota[$i][3] $towrite = $towrite. $_SESSION['account']->quota[$i][0] .','.$_SESSION['account']->quota[$i][2] .','.$_SESSION['account']->quota[$i][3]
.','.$_SESSION['account']->quota[$i][6] .','. $_SESSION['account']->quota[$i][7] .';'. .','.$_SESSION['account']->quota[$i][6] .','. $_SESSION['account']->quota[$i][7] .':'.
$i++; $i++;
} }
} }
echo("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite");
if ($i!=0) exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals); if ($i!=0) exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
} }
function addhomedir($user) { // Create Homedirectory function addhomedir($user) { // Create Homedirectory
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home add'; //$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home add';
$towrite = 'cn=Manager,dc=my-domain,dc=com secret '.$user.' home add ';
exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals); exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
} }
function remhomedir($user) { // Remove Homedirectory function remhomedir($user) { // Remove Homedirectory
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt();
$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem'; //$towrite = $ldap_q[0].' '.$ldap_q[1].' '.$user.' home rem';
$towrite = 'cn=Manager,dc=my-domain,dc=com secret '.$user.' home rem ';
exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals); exec("/usr/bin/ssh ".$_SESSION['config']->scriptServer." sudo ".$_SESSION['config']->scriptPath." $towrite", $vals);
} }
@ -516,7 +526,10 @@ function loaduser($dn) { // Will load all needed values from an existing account
$result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount"); $result = ldap_search($_SESSION['ldap']->server(), $dn, "objectclass=PosixAccount");
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result); $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry); $attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
if ($attr['uid'][0]) $_SESSION['account']->general_username = $attr['uid'][0]; if ($attr['uid'][0]) {
$_SESSION['account']->general_username = $attr['uid'][0];
if ($_SESSION['config']->scriptServer) getquotas($attr['uid'][0]);
}
if ($attr['uidNumber'][0]) $_SESSION['account']->general_uidNumber = $attr['uidNumber'][0]; if ($attr['uidNumber'][0]) $_SESSION['account']->general_uidNumber = $attr['uidNumber'][0];
if ($attr['homeDirectory'][0]) $_SESSION['account']->general_homedir = $attr['homeDirectory'][0]; if ($attr['homeDirectory'][0]) $_SESSION['account']->general_homedir = $attr['homeDirectory'][0];
if ($attr['shadowLastChange'][0]) $_SESSION['account']->unix_shadowLastChange = $attr['shadowLastChange'][0]; if ($attr['shadowLastChange'][0]) $_SESSION['account']->unix_shadowLastChange = $attr['shadowLastChange'][0];
@ -638,7 +651,10 @@ function loadgroup($dn) { // Will load all needed values from an existing group
$attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry); $attr = ldap_get_attributes($_SESSION['ldap']->server(), $entry);
if ($attr['gidNumber'][0]) $_SESSION['account']->general_uidNumber = $attr['gidNumber'][0]; if ($attr['gidNumber'][0]) $_SESSION['account']->general_uidNumber = $attr['gidNumber'][0];
if ($attr['description'][0]) $_SESSION['account']->general_gecos = $attr['description'][0]; if ($attr['description'][0]) $_SESSION['account']->general_gecos = $attr['description'][0];
if ($attr['cn'][0]) $_SESSION['account']->general_username = $attr['cn'][0]; if ($attr['cn'][0]) {
$_SESSION['account']->general_username = $attr['cn'][0];
if ($_SESSION['config']->scriptServer) getquotas($attr['cn'][0]);
}
if ($attr['memberUid']) $_SESSION['account']->general_memberUid = $attr['memberUid']; if ($attr['memberUid']) $_SESSION['account']->general_memberUid = $attr['memberUid'];
if (is_array($_SESSION['account']->general_memberUid)) array_shift($_SESSION['account']->general_memberUid); if (is_array($_SESSION['account']->general_memberUid)) array_shift($_SESSION['account']->general_memberUid);
$_SESSION['account']->general_dn = $dn; $_SESSION['account']->general_dn = $dn;
@ -776,14 +792,18 @@ function createuser() { // Will create the LDAP-Account
} }
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry); $entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
} }
if ($_SESSION['config']->scriptServer) setquotas($_SESSION['account']->general_username);
if (!$success) return 5; if (!$success) return 5;
if ($_SESSION['config']->scriptServer) setquotas($attr['uid'][0]);
return 3; return 3;
} }
else { else {
// Write a new entry if user doesn't exists // Write a new entry if user doesn't exists
$success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr); $success = ldap_add($_SESSION['ldap']->server(),$_SESSION['account']->general_dn, $attr);
if (!$success) return 4; if (!$success) return 4;
if ($_SESSION['config']->scriptServer) {
setquotas($_SESSION['account']->general_username);
addhomedir($_SESSION['account']->general_username);
}
// Add user to groups // Add user to groups
$result = ldap_search($_SESSION['ldap']->server(), 'cn='.$_SESSION['account']->general_group.','.$_SESSION['config']->get_GroupSuffix(), "objectclass=posixGroup", array('memberUid')); $result = ldap_search($_SESSION['ldap']->server(), 'cn='.$_SESSION['account']->general_group.','.$_SESSION['config']->get_GroupSuffix(), "objectclass=posixGroup", array('memberUid'));
$entry = ldap_first_entry($_SESSION['ldap']->server(), $result); $entry = ldap_first_entry($_SESSION['ldap']->server(), $result);
@ -807,10 +827,6 @@ function createuser() { // Will create the LDAP-Account
} }
if (!$success) return 4; if (!$success) return 4;
} }
if ($_SESSION['config']->scriptServer) {
setquotas($attr['uid'][0]);
addhomedir($attr['uid'][0]);
}
return 1; return 1;
} }
} }

12
lam/lib/lamdaemon.pl
View File

@ -30,7 +30,7 @@
# list of valid admins # list of valid admins
@admins = ('cn=Manager,dc=my-domain,dc=com'); @admins = ('cn=Manager,dc=my-domain,dc=com');
$server="127.0.0.1"; # IP or DNS of ldap-server $server="127.0.0.1"; # IP or DNS of ldap-server
$server_port='387'; # Port used from ldap $server_port='389'; # Port used from ldap
$server_ssl='no'; # Use SSL? ************* Not working yet $server_ssl='no'; # Use SSL? ************* Not working yet
$debug=true; # Show debug messages $debug=true; # Show debug messages
@ -109,8 +109,8 @@ if ($found==true) {
($<, $>) = ($>, $<); # Get root privileges ($<, $>) = ($>, $<); # Get root privileges
system 'mkdir', '-m 755 -p', $patch; # Create paths to homedir system 'mkdir', '-m 755 -p', $patch; # Create paths to homedir
system 'mkdir', '-m 700', $user[7]; # Create himdir itself system 'mkdir', '-m 700', $user[7]; # Create himdir itself
system 'cp', '-a', '/etc/skel/', $user[7]; # Copy /etc/sekl into homedir system 'cp', '-a', '/etc/skel/*', $user[7]; # Copy /etc/sekl into homedir
system 'chown', '-R', $user[2], $user[3] , $user[7]; # Change owner to new user system 'chown', '-R', "$user[2]:$user[3]" , $user[7]; # Change owner to new user
system '/usr/sbin/useradd.local', $user[0]; # run useradd-script system '/usr/sbin/useradd.local', $user[0]; # run useradd-script
($<, $>) = ($>, $<); # Give up root previleges ($<, $>) = ($>, $<); # Give up root previleges
last switch2; last switch2;
@ -128,7 +128,7 @@ if ($found==true) {
$vals[3] eq 'quota' && do { $vals[3] eq 'quota' && do {
get_fs(); # Load list of devices with enabled quotas get_fs(); # Load list of devices with enabled quotas
# Store quota information in array # Store quota information in array
@quota_temp1 = split (';', $vals[6]); @quota_temp1 = split (':', $vals[6]);
$i=0; $i=0;
while ($quota_temp1[$i]) { while ($quota_temp1[$i]) {
$j=0; $j=0;
@ -158,9 +158,9 @@ if ($found==true) {
while ($quota_usr[$i][0]) { while ($quota_usr[$i][0]) {
if ($vals[2]ne'+') { if ($vals[2]ne'+') {
@temp = Quota::query($quota_usr[$i][0],$user[2],$group); @temp = Quota::query($quota_usr[$i][0],$user[2],$group);
$return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7];$return"; $return = "$quota_usr[$i][1],$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$temp[7]:$return";
} }
else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0;$return"; } else { $return = "$quota_usr[$i][1],0,0,0,0,0,0,0,0:$return"; }
$i++; $i++;
} }
($<, $>) = ($>, $<); # Give up root previleges ($<, $>) = ($>, $<); # Give up root previleges

50
lam/templates/account.php
View File

@ -29,6 +29,8 @@ include_once('../lib/ldap.inc'); // LDAP-functions
include_once('../lib/profiles.inc'); // functions to load and save profiles include_once('../lib/profiles.inc'); // functions to load and save profiles
include_once('../lib/status.inc'); // Return error-message include_once('../lib/status.inc'); // Return error-message
registervars(); // Register all needed variables in session and register session registervars(); // Register all needed variables in session and register session
$error = "0"; $error = "0";
if ( $_GET['type'] ) { // Type is true if account.php was called from Users/Group/Hosts-List if ( $_GET['type'] ) { // Type is true if account.php was called from Users/Group/Hosts-List
@ -38,7 +40,7 @@ if ( $_GET['type'] ) { // Type is true if account.php was called from Users/Grou
$_SESSION['account_temp'] = ""; // Delete $_SESSION['account_temp'] because values are now invalid $_SESSION['account_temp'] = ""; // Delete $_SESSION['account_temp'] because values are now invalid
$_SESSION['modify'] = 0; // Set modify back to false $_SESSION['modify'] = 0; // Set modify back to false
$_SESSION['shelllist'] = getshells(); // Write List of all valid shells in variable $_SESSION['shelllist'] = getshells(); // Write List of all valid shells in variable
//if (($_GET['type']=='user')||($_GET['type']=='group')) getquotas(); if ((($_GET['type']=='user')||($_GET['type']=='group')) && ($_SESSION['config']->scriptServer)) getquotas();
} }
if ( $_GET['DN'] ) { // $DN is true if an entry should be modified and account.php was called from Users/Group/Host-List if ( $_GET['DN'] ) { // $DN is true if an entry should be modified and account.php was called from Users/Group/Host-List
@ -53,6 +55,7 @@ if ( $_GET['DN'] ) { // $DN is true if an entry should be modified and account.p
switch ($_POST['select']) { switch ($_POST['select']) {
case 'general': case 'general':
if (!$_POST['load']) { // No Profile was loaded
// Write alle values in temporary object // Write alle values in temporary object
if ($_POST['f_general_username']) $_SESSION['account_temp']->general_username = $_POST['f_general_username']; if ($_POST['f_general_username']) $_SESSION['account_temp']->general_username = $_POST['f_general_username'];
else $_SESSION['account_temp']->general_username = $_POST['f_general_username']; else $_SESSION['account_temp']->general_username = $_POST['f_general_username'];
@ -78,6 +81,7 @@ switch ($_POST['select']) {
case 'group': $select_local = 'quota'; break; case 'group': $select_local = 'quota'; break;
case 'host': $select_local = 'unix'; break; case 'host': $select_local = 'unix'; break;
} }
}
break; break;
case 'unix': case 'unix':
// Write alle values in temporary object // Write alle values in temporary object
@ -102,9 +106,10 @@ switch ($_POST['select']) {
// Check Values // Check Values
$error = checkunix(); // account.inc $error = checkunix(); // account.inc
// Check which part Site should be displayd // Check which part Site should be displayd
if ($_POST['back'] && ($error=="0")) $select_local = 'general';
if ($_POST['genpass']) $select_local = 'unix'; if ($_POST['genpass']) $select_local = 'unix';
if ($_POST['next'] && ($error=="0")) $select_local = 'samba'; if (($_POST['next']) && ($error=="0")) $select_local = 'samba';
else $select_local = 'unix';
if ($_POST['back']) $select_local = 'general';
break; break;
case 'samba': case 'samba':
// Write alle values in temporary object // Write alle values in temporary object
@ -138,12 +143,15 @@ switch ($_POST['select']) {
// Check Values // Check Values
$error = checksamba(); // account.inc $error = checksamba(); // account.inc
// Check which part Site should be displayd // Check which part Site should be displayd
if ($_POST['back'] && ($error=="0")) $select_local = 'unix'; if ($_POST['back']) $select_local = 'unix';
if ($_POST['next'] && ($error=="0")) if ($_POST['next']) {
if ($error=="0")
switch ($_SESSION['type2']) { switch ($_SESSION['type2']) {
case 'user': $select_local = 'quota'; break; case 'user': $select_local = 'quota'; break;
case 'host': $select_local = 'final'; break; case 'host': $select_local = 'final'; break;
} }
else $select_local = 'samba';
}
break; break;
case 'quota': case 'quota':
$i=0; $i=0;
@ -156,16 +164,19 @@ switch ($_POST['select']) {
} }
$error = checkquota(); $error = checkquota();
// Check which part Site should be displayd // Check which part Site should be displayd
if ($_POST['back'] && ($error=="0")) if ($_POST['back'])
switch ($_SESSION['type2']) { switch ($_SESSION['type2']) {
case 'user': $select_local = 'samba'; break; case 'user': $select_local = 'samba'; break;
case 'group': $select_local = 'general'; break; case 'group': $select_local = 'general'; break;
} }
if ($_POST['next'] && ($error=="0")) if ($_POST['next']) {
if ($error=="0")
switch ($_SESSION['type2']) { switch ($_SESSION['type2']) {
case 'user': $select_local = 'personal'; break; case 'user': $select_local = 'personal'; break;
case 'group': $select_local = 'final'; break; case 'group': $select_local = 'final'; break;
} }
else $select_local = 'quota';
}
break; break;
case 'personal': case 'personal':
if ($_POST['f_personal_title']) $_SESSION['account_temp']->personal_title = $_POST['f_personal_title']; if ($_POST['f_personal_title']) $_SESSION['account_temp']->personal_title = $_POST['f_personal_title'];
@ -221,6 +232,7 @@ if ( $_POST['create'] ) { // Create-Button was pressed
} }
} }
// Write HTML-Header and part of Table // Write HTML-Header and part of Table
echo '<html><head><title>'; echo '<html><head><title>';
echo _('Create new Account'); echo _('Create new Account');
@ -253,8 +265,6 @@ if ($_POST['load']) $select_local='load';
if ($_POST['save']) $select_local='save'; if ($_POST['save']) $select_local='save';
getquotas();
switch ($select_local) { switch ($select_local) {
case 'general': case 'general':
// General Account Settings // General Account Settings
@ -322,8 +332,8 @@ switch ($select_local) {
echo _('Login Shell'); echo _('Login Shell');
echo '</td><td><select name="f_general_shell" >'; echo '</td><td><select name="f_general_shell" >';
foreach ($_SESSION['shelllist'] as $shell) foreach ($_SESSION['shelllist'] as $shell)
if ($_SESSION['account']->general_shell==$shell) echo '<option selected> '.$shell; if ($_SESSION['account']->general_shell==trim($shell)) echo '<option selected>'.$shell;
else echo '<option> '.$shell; else echo '<option>'.$shell;
echo '</select></td><td>'; echo '</select></td><td>';
echo _('To disable login use /bin/false.'); echo _('To disable login use /bin/false.');
echo '</td></tr><tr><td><select name="f_general_selectprofile">'; echo '</td></tr><tr><td><select name="f_general_selectprofile">';
@ -333,6 +343,7 @@ switch ($select_local) {
</td><td>'; </td><td>';
break; break;
case 'group': case 'group':
$profilelist = getGroupProfiles();
echo '<tr><td>'; echo '<tr><td>';
echo _('Groupname'); echo _('Groupname');
echo '</td><td> echo '</td><td>
@ -348,7 +359,11 @@ switch ($select_local) {
echo '</td><td><input name="f_general_gecos" type="text" size="30" value="' . $_SESSION['account']->general_gecos . '"> echo '</td><td><input name="f_general_gecos" type="text" size="30" value="' . $_SESSION['account']->general_gecos . '">
</td><td>'; </td><td>';
echo _('User descriptopn. If left empty groupname will be used.'); echo _('User descriptopn. If left empty groupname will be used.');
echo '</td></tr>'; echo '</td></tr><tr><td><select name="f_general_selectprofile">';
foreach ($profilelist as $profile) echo '<option>' . $profile;
echo '</select>
<input name="load" type="submit" value="'; echo _('Load Profile'); echo '">
</td><td>';
break; break;
case 'host': case 'host':
$profilelist = getHostProfiles(); $profilelist = getHostProfiles();
@ -851,13 +866,18 @@ switch ($select_local) {
case 'load': case 'load':
switch ( $_SESSION['type2'] ) { switch ( $_SESSION['type2'] ) {
case 'user': case 'user':
$_SESSION['account'] = loadUserProfile($f_general_selectprofile); $_SESSION['account'] = loadUserProfile($_POST['f_general_selectprofile']);
if ($_SESSION['config']->scriptServer) getquotas();
break; break;
case 'host': case 'host':
$_SESSION['account'] = loadHostProfile($f_general_selectprofile); $_SESSION['account'] = loadHostProfile($_POST['f_general_selectprofile']);
break;
case 'group':
$_SESSION['account'] = loadGroupProfile($_POST['f_general_selectprofile']);
if ($_SESSION['config']->scriptServer) getquotas();
break; break;
} }
echo '<meta http-equiv="refresh" content="2; URL=account.php">'; echo '<meta http-equiv="refresh" content="0; URL=account.php">';
break; break;
case 'save': case 'save':
switch ( $_SESSION['type2'] ) { switch ( $_SESSION['type2'] ) {

6
lam/templates/delete.php
View File

@ -23,6 +23,7 @@ $Id$
LDAP Account Manager Delete user, hosts or groups LDAP Account Manager Delete user, hosts or groups
*/ */
include_once('../lib/ldap.inc'); include_once('../lib/ldap.inc');
include_once('../lib/account.inc');
include_once('../lib/config.inc'); include_once('../lib/config.inc');
session_save_path('../sess'); session_save_path('../sess');
@session_start(); @session_start();
@ -70,6 +71,11 @@ if ($_POST['delete_yes']) {
case 'user': case 'user':
$success = ldap_delete($_SESSION['ldap']->server(), $dn); $success = ldap_delete($_SESSION['ldap']->server(), $dn);
if (!$success) $error = _('Could not delete user: ').$dn; if (!$success) $error = _('Could not delete user: ').$dn;
else {
$temp=explode(',', $dn);
$username = str_replace('cn=', '', $temp[0]);
if ($_SESSION['config']->scriptServer) remhomedir($username);
}
break; break;
case 'host': case 'host':
$success = ldap_delete($_SESSION['ldap']->server(), $dn); $success = ldap_delete($_SESSION['ldap']->server(), $dn);