From 71489f3eda542454ce68cbbb67da2af6ab54b695 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Tue, 9 Jul 2013 09:56:32 +0000 Subject: [PATCH] * Setup/Active Directory: setup_cmd_ldap sub_command=copy2ad now checks multivalue attributes caseinsensitive for doublicate values and new parameter no_sid_check=1 allow to use it for migrating mail-attributes without Samaba checks --- setup/inc/class.setup_cmd_ldap.inc.php | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/setup/inc/class.setup_cmd_ldap.inc.php b/setup/inc/class.setup_cmd_ldap.inc.php index c95153cfaa..ce98b908fe 100644 --- a/setup/inc/class.setup_cmd_ldap.inc.php +++ b/setup/inc/class.setup_cmd_ldap.inc.php @@ -26,13 +26,24 @@ * - First run it with --dry-run to get ids to change / admin-cli command to change ids in EGroupware. * - Then run admin/admin-cli.php --change-account-id and after this command again without --dry-run. * - After that you can run the given setup/doc/chown.php command to change filesystem uid/gid in samba share. + * This is usually not needed as samba-tool clasicupgrade takes care of existing filesystem uid/gid by installing + * rfc2307 schema with uidNumber attributes. * * setup/setup-cli.php [--dry-run] --setup-cmd-ldap ,, sub_command=copy2ad \ * ldap_base=dc=local ldap_root_dn=cn=admin,dc=local ldap_root_pw=secret ldap_host=localhost \ * ads_domain=samba4.intern [ads_admin_user=Administrator] ads_admin_pw=secret ads_host=ad.samba4.intern [ads_connection=(ssl|tls)] \ - * attributes=@inetOrgPerson,accountExpires=shadowExpire,{smtp:}proxyAddresses=mail,{smtp:}proxyAddresses=mailalias,{quota:}proxyAddresses=mailuserquota,{forward:}proxyaddresses=maildrop + * attributes=@inetOrgPerson,accountExpires=shadowExpire * * - copies from samba-tool clasicupgrade not copied inetOrgPerson attributes and mail attributes to AD + * + * setup/setup-cli.php [--dry-run] --setup-cmd-ldap ,, sub_command=copy2ad \ + * ldap_base=dc=local ldap_root_dn=cn=admin,dc=local ldap_root_pw=secret ldap_host=localhost \ + * ads_domain=samba4.intern [ads_admin_user=Administrator] ads_admin_pw=secret \ + * ads_host=ad.samba4.intern [ads_connection=(ssl|tls)] [no_sid_check=1] \ + * attributes={smtp:}proxyAddresses=mail,{smtp:}proxyAddresses=mailalias,{quota:}proxyAddresses=mailuserquota,{forward:}proxyaddresses=maildrop + * + * - copies mail-attributes from ldap to AD (example is from Mandriva mailAccount schema, need to adapt to other schema!) + * (no_sid_check=1 uses all objectClass=posixAccount, not checking for having a SID and uid not ending in $ for computer accounts) */ class setup_cmd_ldap extends setup_cmd { @@ -308,7 +319,8 @@ class setup_cmd_ldap extends setup_cmd } if (!($sr = ldap_search($this->test_ldap->ds,$this->ldap_base, - $search='(&(objectClass=posixAccount)('.self::sambaSID.'=*)(!(uid=*$)))', $attrs)) || + $search = $this->no_sid_check ? '(objectClass=posixAccount)' : + '(&(objectClass=posixAccount)('.self::sambaSID.'=*)(!(uid=*$)))', $attrs)) || !($entries = ldap_get_entries($this->test_ldap->ds, $sr))) { throw new egw_exception(lang('Error searching "dn=%1" for "%2"!',$this->ldap_base, $search)); @@ -355,6 +367,12 @@ class setup_cmd_ldap extends setup_cmd if (isset($update[$to])) { if (!is_array($update[$to])) $update[$to] = array($update[$to]); + // we need to check (caseinsensitive) if value already exists in set + // as AD chokes on doublicate values "Type or value exists" + foreach($update[$to] as $v) + { + if (!strcasecmp($v, $prefix.$val)) continue 2; + } $update[$to][] = $prefix.$val; } else