WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

lamdaemon.pl can now be used without quota support 

Fixed problem when changing groupname
Fixed Problem with user-unix settings (weren't modified)
Improved performance when chaning DN-name
This commit is contained in:
katagia 2003-10-28 11:23:06 +00:00
parent b8bb8ebc83
commit e73932ca33
4 changed files with 88 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lam/help/help.inc
View File

@ -54,11 +54,11 @@ $helpArray = array (
":</b><br><br>".
_("ou=People,dc=yourcompany,dc=com will read and store all accounts in this subtree.")),
"203" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("UID number"),
"Text" => _("These are the minimum and maximum numbers to use for user IDs when creating new user accounts. The range has to be different from that of machines. New user accounts will allways get the highest number in use plus one.")),
"Text" => _("These are the minimum and maximum numbers to use for user IDs when creating new user accounts. The range has to be different from that of machines. New user accounts will always get the highest number in use plus one.")),
"204" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("GID number"),
"Text" => _("These are the minimum and maximum numbers to use for group IDs when creating new group accounts. New group accounts will allways get the highest number in use plus one.")),
"Text" => _("These are the minimum and maximum numbers to use for group IDs when creating new group accounts. New group accounts will always get the highest number in use plus one.")),
"205" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("Machine number"),
"Text" => _("These are the minimum and maximum numbers to use for machine IDs when creating new accounts for Samba hosts. The range has to be different from that of users. New host accounts will allways get the highest number in use plus one.")),
"Text" => _("These are the minimum and maximum numbers to use for machine IDs when creating new accounts for Samba hosts. The range has to be different from that of users. New host accounts will always get the highest number in use plus one.")),
"206" => array ("ext" => "FALSE", "Headline" => _("Configuration Wizard") . " - " . _("List attributes"),
"Text" => _("This is the list of attributes to show in the user/group/host list. The entries can either be predefined values, \"#value\", or individual ones, \"value:description\". Several entries are seperated by semicolons.") .
"<br><br><b>" .
@ -137,7 +137,7 @@ $helpArray = array (
// Tilo Lutz
// account.php
"400" => array ("ext" => "FALSE", "Headline" => _("Username"),
"Text" => _("Username of the user who should be created. Valid characters are: a-z,0-9, .-_. Lam does not allow a number as first character because useradd also does not allow it. Lam does not allow capital letters A-Z because it can cause several problems. If username is allready used username will expanded with a number. The next free number will be used. Warning: Older systems have problems with usernames longer than 8 characters. You can not log in to Windows if username is longer than 16 characters.")),
"Text" => _("Username of the user who should be created. Valid characters are: a-z,0-9, .-_. Lam does not allow a number as first character because useradd also does not allow it. Lam does not allow capital letters A-Z because it can cause several problems. If username is allready used username will be expanded with a number. The next free number will be used. Warning: Older systems have problems with usernames longer than 8 characters. You can not log in to Windows if username is longer than 16 characters.")),
"401" => array ("ext" => "FALSE", "Headline" => _("UID number"),
"Text" => _("If empty UID number will be generated automaticly. Valid values are between %s and %s."),
"variables" => array($_SESSION['config']->get_minUID(), $_SESSION['config']->get_maxUID())),
@ -152,14 +152,14 @@ $helpArray = array (
"406" => array ("ext" => "FALSE", "Headline" => _("Primary group"),
"Text" => _("The Primary Group the user should be member of.")),
"407" => array ("ext" => "FALSE", "Headline" => _("Groupname"),
"Text" => _("Group name of the group which should be created. Valid characters are: a-z,0-9, .-_. Lam does not allow a number as first character because groupadd also does not allow it. Lam does not allow capital letters A-Z because it can cause several problems. If groupname is allready used username will be expanded with a number. The next free number will be used.")),
"Text" => _("Group name of the group which should be created. Valid characters are: a-z,0-9, .-_. Lam does not allow a number as first character because groupadd also does not allow it. Lam does not allow capital letters A-Z because it can cause several problems. If groupname is allready used groupname will be expanded with a number. The next free number will be used.")),
"408" => array ("ext" => "FALSE", "Headline" => _("GID number"),
"Text" => _("If empty GID number will be generated automaticly. Valid values are between %s and %s."),
"variables" => array($_SESSION['config']->get_minGID(), $_SESSION['config']->get_maxGID())),
"409" => array ("ext" => "FALSE", "Headline" => _("Gecos"),
"Text" => _("Group description. If left empty group name will be used.")),
"410" => array ("ext" => "FALSE", "Headline" => _("Host name"),
"Text" => _("Group name of the group which should be created. Valid characters are: a-z,0-9, .-_$. Lam does not allow a number as first character because useradd also does not allow it. Lam does not allow capital letters A-Z because it can cause several problems. Hostnames are allways ending with $. If last character is not $ it will be added. If hostname is allready used username will expanded with a number. The next free number will be used.")),
"Text" => _("Host name of the host which should be created. Valid characters are: a-z,0-9, .-_$. Lam does not allow a number as first character because useradd also does not allow it. Lam does not allow capital letters A-Z because it can cause several problems. Hostnames are always ending with $. If last character is not $ it will be added. If hostname is allready used username will expanded with a number. The next free number will be used.")),
"411" => array ("ext" => "FALSE", "Headline" => _("UID number"),
"Text" => _("If empty UID number will be generated automaticly. Valid values are between %s and %s."),
"variables" => array($_SESSION['config']->get_minMachine(), $_SESSION['config']->get_maxMachine())),
@ -170,27 +170,27 @@ $helpArray = array (
"414" => array ("ext" => "FALSE", "Headline" => _("Password warn"),
"Text" => _("Days before password is to expire that user is warned of pending password expiration. If set value must be 0<."). ' '. _("Can be left empty.")),
"415" => array ("ext" => "FALSE", "Headline" => _("Password expire"),
"Text" => _("Number of days a user can login even his password has expired. -1=allways."). ' '. _("Can be left empty.")),
"Text" => _("Number of days a user can login even his password has expired. -1=always."). ' '. _("Can be left empty.")),
"416" => array ("ext" => "FALSE", "Headline" => _("Maximum password age"),
"Text" => _("Number of days after a user has to change his password again. If set value must be 0<."). ' '. _("Can be left empty.")),
"417" => array ("ext" => "FALSE", "Headline" => _("Minimum password age"),
"Text" => _("Number of days a user has to wait until he\'s allowed to change his password again. If set value must be 0<."). ' '. _("Can be left empty.")),
"418" => array ("ext" => "FALSE", "Headline" => _("Expire date"),
"Text" => _("Account expire date. If an account is expired login is only possible if option password expire is set. Format: DD-MM-YYYY")),
"Text" => _("Account expire date. Format: DD-MM-YYYY")),
"419" => array ("ext" => "FALSE", "Headline" => _("Group members"),
"Text" => _("Users wich are also members of group.")),
"420" => array ("ext" => "FALSE", "Headline" => _("Display name"),
"Text" => _("Groupname Windows clients will show as group description.")),
"Text" => _("Windows clients will show display name as group description.")),
"421" => array ("ext" => "FALSE", "Headline" => _("Load profile"),
"Text" => _("You can select a previous defined profile here. This will set all fields to the profile values.")),
"422" => array ("ext" => "FALSE", "Headline" => _("Expand suffix with primary groupname"),
"Text" => _("If select users will be added with OUs expanded with their primary group. E.G a user is in group admin, user suffix will be ou=admin,+user suffix.")),
"Text" => _("If selected users will be added with OUs expanded with their primary group. E.g. a user is in group admin the user suffix will be ou=admin,+user suffix.")),
"423" => array ("ext" => "FALSE", "Headline" => _("Group suffix"),
"Text" => _("If a not yet existing group is defined in csv-file, a new group in the selected group suffix will be created.")),
"424" => array ("ext" => "FALSE", "Headline" => _("Surname"),
"Text" => _("Surname of user. Only letters, - and spaces are allowed.")),
"425" => array ("ext" => "FALSE", "Headline" => _("Given name"),
"Text" => _("Given name of user. Only letters - and spaces are allowed.")),
"Text" => _("Given name of user. Only letters, - and spaces are allowed.")),
"426" => array ("ext" => "FALSE", "Headline" => _("Use no password"),
"Text" => _("If checked no password will be used.")),
"427" => array ("ext" => "FALSE", "Headline" => _("Account deactivated"),

108
lam/lib/account.inc
View File

@ -635,7 +635,7 @@ function checkid($values, $values_old=false) {
$i = intval($minID);
while (in_array($i, $uids)) $i++;
if ($i>$maxID) return implode(':', array($values->general_uidNumber , implode(';', array('ERROR', _('ID-Number'), _('No free ID-Number!')))));
else return implode(':', array($i, implode(';', array('WARN', _('ID-Number'), _('It\'s possible id-number is reused. This can cause several problems because some old file-permission can be still in use. To avoid this warning set maxUID to a higher value.')))));
else return implode(':', array($i, implode(';', array('WARN', _('ID-Number'), _('It is possible that this ID-number is reused. This can cause several problems because files with old permissions might still exist. To avoid this warning set maxUID to a higher value.')))));
}
else return implode(':', array($minID, ''));
// return minimum allowed id-number if no id-numbers are found
@ -1228,8 +1228,6 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
}
// Attributes which are required
if ($values->general_username != $values_old->general_username) {
$attr['cn'] = $values->general_username;
@ -1276,6 +1274,7 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
if ($values->general_gecos != $values_old->general_gecos) {
$attr['gecos'] = utf8_encode(replace_umlaut($values->general_gecos));
$attr['description'] = utf8_encode($values->general_gecos);
}
if (($values->unix_pwdminage != $values_old->unix_pwdminage) && ($values->unix_pwdminage !=''))
$attr['shadowMin'] = $values->unix_pwdminage; // shadowAccount_may
if (($values->unix_pwdminage != $values_old->unix_pwdminage) && ($values->unix_pwdminage ==''))
@ -1286,13 +1285,12 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
$attr_rem['shadowMax'] = $values_old->unix_pwdmaxage; // shadowAccount_may
if (($values->unix_pwdwarn != $values_old->unix_pwdwarn) && ($values->unix_pwdwarn !=''))
$attr['shadowWarning'] = $values->unix_pwdwarn; // shadowAccount_may
if (($values->unix_pwdwarn != $values_old->unix_pwdwarn) && ($values->general_pwdwarn ==''))
if (($values->unix_pwdwarn != $values_old->unix_pwdwarn) && ($values->unix_pwdwarn ==''))
$attr_rem['shadowWarning'] = $values_old->unix_pwdwarn; // shadowAccount_may
if (($values->unix_pwdallowlogin != $values_old->unix_pwdallowlogin) && ($values->unix_pwdallowlogin !=''))
$attr['shadowInactive'] = $values->unix_pwdallowlogin; // shadowAccount_may
if (($values->unix_pwdallowlogin != $values_old->unix_pwdallowlogin) && ($values->unix_pwdallowlogin ==''))
$attr_rem['shadowInactive'] = $values_old->unix_pwdallowlogin; // shadowAccount_may
}
// Check if shadow expire has changed
if ($values->unix_pwdexpire != $values_old->unix_pwdexpire) $attr['shadowExpire'] = intval($values->unix_pwdexpire / 86400) ;
// Set unix password
@ -1551,12 +1549,6 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
if (($values->personal_employeeType != $values_old->personal_employeeType) && ($values->personal_employeeType==''))
$attr_rem['employeeType'] = utf8_encode($values_old->personal_employeeType);
if ($attr_rem) {
// Remove old attributes which are no longer in use
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
if (!$success) return 5;
}
if ($values->general_dn != $values_old->general_dn) {
// Account should be moved to a new location
// Load old account
@ -1570,7 +1562,15 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
for ($i=0; $i < sizeof($keys); $i++)
unset($attr_old[$keys[$i]]['count']);
// Change uid to new uid. Else ldap won't create the new entry
$attr_old['uid'][0] = $values->general_username;
//$attr_old['uid'][0] = $values->general_username;
$attr_rem_keys = @array_keys($attr_rem);
for ($i=0; $i<count($attr_rem_keys); $i++) { // Remove attributes which should be deleted from array
if (isset($attr_old[$attr_rem_keys[$i]][0])) unset($attr_old[$attr_rem_keys[$i]]);
}
$attr_keys = @array_keys($attr);
for ($i=0; $i<count($attr_keys); $i++) { // Add attributes which have changed
$attr_old[$attr_keys[$i]][0] = $attr[$attr_keys[$i]];
}
// Create account at new location
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
// remove old account
@ -1587,11 +1587,17 @@ function modifyuser($values,$values_old) { // Will modify the LDAP-Account
$entry = ldap_next_entry($_SESSION['ldap']->server(), $entry);
}
}
if ($attr) {
// Change or add new attributes
$success = ldap_modify($_SESSION['ldap']->server(),$values->general_dn, $attr);
if (!$success) return 5;
else { // Just modify, not recreate
if ($attr) {
// Change or add new attributes
$success = ldap_modify($_SESSION['ldap']->server(),$values->general_dn, $attr);
if (!$success) return 5;
}
if ($attr_rem) {
// Remove old attributes which are no longer in use
$success = ldap_mod_del($_SESSION['ldap']->server(),$values->general_dn, $attr_rem);
if (!$success) return 5;
}
}
// Write additional groupmemberchips
@ -1897,12 +1903,6 @@ function modifyhost($values,$values_old) {
if (($values->smb_domain=='') && ($values->smb_domain!=$values_old->smb_domain)) $attr_rem['domain'] = $values_old->smb_domain; // sambaAccount_may
}
if ($attr_rem) {
// Remove old attributes which are no longer in use
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
if (!$success) return 5;
}
if ($values->general_dn != $values_old->general_dn) {
// Account should be moved to a new location
// Load old account
@ -1916,19 +1916,34 @@ function modifyhost($values,$values_old) {
for ($i=0; $i < sizeof($keys); $i++)
unset($attr_old[$keys[$i]]['count']);
// Change uid to new uid. Else ldap won't create the new entry
$attr_old['uid'][0] = $values->general_username;
//$attr_old['uid'][0] = $values->general_username;
$attr_rem_keys = @array_keys($attr_rem);
for ($i=0; $i<count($attr_rem_keys); $i++) { // Remove attributes which should be deleted from array
if (isset($attr_old[$attr_rem_keys[$i]][0])) unset($attr_old[$attr_rem_keys[$i]]);
}
$attr_keys = @array_keys($attr);
for ($i=0; $i<count($attr_keys); $i++) { // Add attributes which have changed
$attr_old[$attr_keys[$i]][0] = $attr[$attr_keys[$i]];
}
// Create account at new location
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
// remove old account
if ($success) $success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
if (!$success) return 5;
}
if ($attr) {
// Change or add new attributes
$success = ldap_modify($_SESSION['ldap']->server(),$values_old->general_dn, $attr);
if (!$success) return 5;
else { // Just modify, not recreate
if ($attr) {
// Change or add new attributes
$success = ldap_modify($_SESSION['ldap']->server(),$values->general_dn, $attr);
if (!$success) return 5;
}
if ($attr_rem) {
// Remove old attributes which are no longer in use
$success = ldap_mod_del($_SESSION['ldap']->server(),$values->general_dn, $attr_rem);
if (!$success) return 5;
}
}
//make required changes in cache-array
if ((isset($_SESSION['hostDN']))) {
if ($values->general_dn != $values_old->general_dn) {
@ -2032,12 +2047,6 @@ function modifygroup($values,$values_old) {
else $attr['memberUid'] = $values->unix_memberUid;
}
if ($attr_rem) {
// Remove attributes which are no longer in use
$success = ldap_mod_del($_SESSION['ldap']->server(),$values_old->general_dn, $attr_rem);
if (!$success) return 5;
}
if ($values->general_dn != $values_old->general_dn) {
// Account should be moved to a new location
// Load old account
@ -2047,24 +2056,39 @@ function modifygroup($values,$values_old) {
// remove "count" from array
unset($attr_old['count']);
for ($i=0; $i < sizeof($attr_old); $i++) unset($attr_old[$i]);
$keys = array_keys($attr_old);
$keys = @array_keys($attr_old);
for ($i=0; $i < sizeof($keys); $i++)
unset($attr_old[$keys[$i]]['count']);
// Change cn to new cn. Else ldap won't create the new entry
$attr_old['cn'][0] = $values->general_username;
//$attr_old['cn'][0] = $values->general_username;
$attr_rem_keys = @array_keys($attr_rem);
for ($i=0; $i<count($attr_rem_keys); $i++) { // Remove attributes which should be deleted from array
if (isset($attr_old[$attr_rem_keys[$i]][0])) unset($attr_old[$attr_rem_keys[$i]]);
}
$attr_keys = array_keys($attr);
for ($i=0; $i<count($attr_keys); $i++) { // Add attributes which have changed
$attr_old[$attr_keys[$i]][0] = $attr[$attr_keys[$i]];
}
// Create account at new location
$success = ldap_add($_SESSION['ldap']->server(),$values->general_dn, $attr_old);
// remove old account
if ($success) $success = ldap_delete($_SESSION['ldap']->server(),$values_old->general_dn);
if (!$success) return 5;
}
if ($attr) {
// Change or add new attributes
$success = ldap_modify($_SESSION['ldap']->server(),$values->general_dn, $attr);
if (!$success) return 5;
else { // Just modify, not recreate
if ($attr) {
// Change or add new attributes
$success = ldap_modify($_SESSION['ldap']->server(),$values->general_dn, $attr);
if (!$success) return 5;
}
if ($attr_rem) {
// Remove old attributes which are no longer in use
$success = ldap_mod_del($_SESSION['ldap']->server(),$values->general_dn, $attr_rem);
if (!$success) return 5;
}
}
// Chnage GIDs of all users which are member of group
if ( $_SESSION['final_changegids']==true ) {
$result = ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_UserSuffix(), 'gidNumber=' . $values_old->general_uidNumber, array(''));

7
lam/lib/lamdaemon.pl
View File

@ -69,8 +69,10 @@ sub get_fs { # Load mountpoints from mtab if enabled quotas
# ***************** Check values
if ($( == 0 ) {
if ($ARGV[2] eq "*test") { print "sudo set up correctly.\n"; }
use Quota; # Needed to get and set quotas
if ($ARGV[2] eq "*test") { print "Perl quota module successfully installed.\n"; }
if ($ARGV[2] eq "*test") {
print "Perl quota module successfully installed.\n";
use Quota; # Needed to get and set quotas
}
# Drop root Previleges
($<, $>) = ($>, $<);
switch: {
@ -113,6 +115,7 @@ if ($( == 0 ) {
last switch;
};
$vals[3] eq 'quota' && do {
use Quota; # Needed to get and set quotas
get_fs(); # Load list of devices with enabled quotas
# Store quota information in array
@quota_temp1 = split (':', $vals[6]);

7
lam/templates/account/useredit.php
View File

@ -741,7 +741,12 @@ echo "</title>\n".
if (is_array($errors))
for ($i=0; $i<sizeof($errors); $i++) StatusMessage($errors[$i][0], $errors[$i][1], $errors[$i][2]);
// print_r($account_new);
//print_r($account_new);
//print_r($account_old);
//if (($account_new->unix_pwdwarn != $account_old->unix_pwdwarn) && ($account_new->unix_pwdwarn !=''))
// print "treffer";
switch ($select_local) {
/* Select which part of page should be loaded and check values