extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-22 16:03:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

* Univention/Admin: renaming of accounts or groups works now (failed with removed old account)

Browse Source
This commit is contained in:
Ralf Becker 2015-08-06 12:12:16 +00:00
parent 824fcf77f1
commit 3a6544afff
1 changed files with 74 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
phpgwapi/inc/class.accounts_univention.inc.php
View File

@ -15,8 +15,12 @@
* Univention LDAP Backend for accounts
*
* This backend is mostly identical to LDAP backend and need to be configured in the same way.
*
* Only difference is that new users get created via univention-directory-manager CLI program,
* to generate necesary Kerberos stuff.
*
* Existing users and groups need to be renamed via same CLI, as removing and
* adding entry under new dn via LDAP fails (Type or value exists).
*/
class accounts_univention extends accounts_ldap
{
@ -43,10 +47,13 @@ class accounts_univention extends accounts_ldap
*/
function save(&$data)
{
if (!$data['account_id'] && $data['account_type'] !== 'g' && self::available())
if (self::available())
{
$config = $this->frontend->config && $this->frontend->config['ldap_context'] ?
$this->frontend->config : $GLOBALS['egw_info']['server'];
if (!$data['account_id'] && $data['account_type'] !== 'g')
{
$params = array(
'users/user','create',
'--binddn', $config['ldap_root_dn'],
@ -92,6 +99,33 @@ class accounts_univention extends accounts_ldap
$data['account_dn'] = $matches[1];
$data['account_id'] = $this->name2id($data['account_lid'], 'account_lid', 'u');
}
elseif($data['account_id'] && ($data['old_loginid'] || ($data['old_loginid'] = $this->id2name($data['account_id']))) &&
$data['account_lid'] != $data['old_loginid'] &&
($data['account_dn'] = $this->id2name($data['account_id'], 'account_dn')))
{
$params = array(
$data['account_type'] !== 'g' ? 'users/user' : 'groups/group', 'modify',
'--binddn', $config['ldap_root_dn'],
'--bindpwd', 5=>$config['ldap_root_pw'],
'--dn', $data['account_dn'],
'--set', ($data['account_type'] !== 'g' ? 'username' : 'name').'='.$data['account_lid'],
);
$cmd = self::DIRECTORY_MANAGER_BIN.' '.implode(' ', array_map('escapeshellarg', $params));
$output_arr = $ret = $matches = null;
exec($cmd, $output_arr, $ret);
$output = implode("\n", $output_arr);
if ($ret || !preg_match('/^Object modified: ((uid|cn)=.*)$/mui', $output, $matches))
{
$params[5] = '********'; // mask out password!
$cmd = self::DIRECTORY_MANAGER_BIN.' '.implode(' ', array_map('escapeshellarg', $params));
throw new egw_exception_wrong_userinput($cmd."\nreturned\n".$output);
}
$data['account_dn'] = $data['account_type'] !== 'g' ? $matches[1] :
// duno why but directory-manager returns old dn for groups ...
preg_replace('/^cn=[^,]+,/', 'cn='.$data['account_lid'].',', $data['account_dn']);
}
}
//else error_log(__METHOD__."() ".self::DIRECTORY_MANAGER_BIN." is NOT available!");
return parent::save($data);
}