mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-25 09:23:28 +01:00
* Admin/Active Directory: create new users with CN=<username> as Windows does and allow to configure profilePath, homeDirectory, homeDrive and scriptPath for new users
This commit is contained in:
parent
a57e1c76cf
commit
5caa242314
@ -74,7 +74,7 @@ class accounts_ads
|
|||||||
*/
|
*/
|
||||||
protected static $user_attributes = array(
|
protected static $user_attributes = array(
|
||||||
'objectsid', 'samaccounttype', 'samaccountname',
|
'objectsid', 'samaccounttype', 'samaccountname',
|
||||||
'primarygroupid', 'givenname', 'sn', 'mail', 'cn', 'telephonenumber',
|
'primarygroupid', 'givenname', 'sn', 'mail', 'displayname', 'telephonenumber',
|
||||||
'objectguid', 'useraccountcontrol', 'accountexpires', 'pwdlastset', 'whencreated', 'whenchanged',
|
'objectguid', 'useraccountcontrol', 'accountexpires', 'pwdlastset', 'whencreated', 'whenchanged',
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -476,7 +476,7 @@ class accounts_ads
|
|||||||
'account_firstname' => $data['givenname'][0],
|
'account_firstname' => $data['givenname'][0],
|
||||||
'account_lastname' => $data['sn'][0],
|
'account_lastname' => $data['sn'][0],
|
||||||
'account_email' => $data['mail'][0],
|
'account_email' => $data['mail'][0],
|
||||||
'account_fullname' => $data['cn'][0],
|
'account_fullname' => $data['displayname'][0],
|
||||||
'account_phone' => $data['telephonenumber'][0],
|
'account_phone' => $data['telephonenumber'][0],
|
||||||
'account_status' => $data['useraccountcontrol'][0] & 2 ? false : 'A',
|
'account_status' => $data['useraccountcontrol'][0] & 2 ? false : 'A',
|
||||||
'account_expires' => !isset($data['accountexpires']) || $data['accountexpires'][0] == self::EXPIRES_NEVER ? -1 :
|
'account_expires' => !isset($data['accountexpires']) || $data['accountexpires'][0] == self::EXPIRES_NEVER ? -1 :
|
||||||
@ -653,7 +653,7 @@ class accounts_ads
|
|||||||
$data['account_fullname'] = $data['account_firstname'].' '.$data['account_lastname'];
|
$data['account_fullname'] = $data['account_firstname'].' '.$data['account_lastname'];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$old) // new entry
|
if (($new_entry = !$old)) // new entry
|
||||||
{
|
{
|
||||||
static $new2adldap = array(
|
static $new2adldap = array(
|
||||||
'account_lid' => 'username',
|
'account_lid' => 'username',
|
||||||
@ -690,17 +690,18 @@ class accounts_ads
|
|||||||
}
|
}
|
||||||
$data['account_id'] = $old['account_id'];
|
$data['account_id'] = $old['account_id'];
|
||||||
}
|
}
|
||||||
// check if DN/account_fullname changed (not yet supported by adLDAP)
|
// check if DN/account_lid changed (not yet supported by adLDAP)
|
||||||
if (isset($data['account_fullname']) && $old['account_fullname'] !== $data['account_fullname'])
|
/* disabled as AD does NOT allow to change user-name (account_lid), which is used for DN
|
||||||
|
if (isset($data['account_lid']) && $old['account_lid'] !== $data['account_lid'] ||
|
||||||
|
(stripos($old['account_dn'], 'CN='.$data['account_lid'].',') !== 0))
|
||||||
{
|
{
|
||||||
if (!($ret = ldap_rename($ds=$this->ldap_connection(), $old['account_dn'],
|
if (!($ret = ldap_rename($ds=$this->ldap_connection(), $old['account_dn'],
|
||||||
'CN='.$this->adldap->utilities()->ldapSlashes($data['account_fullname']), null, true)))
|
'CN='.$this->adldap->utilities()->ldapSlashes($data['account_lid']), null, true)))
|
||||||
{
|
{
|
||||||
error_log(__METHOD__."(".array2string($data).") rename to new CN failed!");
|
error_log(__METHOD__."(".array2string($data).") rename to new CN failed!");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$old['account_fullname'] = $data['account_fullname'];
|
}*/
|
||||||
}
|
|
||||||
static $egw2adldap = array(
|
static $egw2adldap = array(
|
||||||
'account_lid' => 'samaccountname',
|
'account_lid' => 'samaccountname',
|
||||||
'account_firstname' => 'firstname',
|
'account_firstname' => 'firstname',
|
||||||
@ -715,6 +716,17 @@ class accounts_ads
|
|||||||
//'account_phone' => 'telephone', not updated by accounts, only read so far
|
//'account_phone' => 'telephone', not updated by accounts, only read so far
|
||||||
);
|
);
|
||||||
$attributes = $ldap = array();
|
$attributes = $ldap = array();
|
||||||
|
// for a new entry set certain values (eg. profilePath) to in setup configured value
|
||||||
|
if ($new_entry)
|
||||||
|
{
|
||||||
|
foreach($this->frontend->config as $name => $value)
|
||||||
|
{
|
||||||
|
if (substr($name, 0, 8) == 'ads_new_')
|
||||||
|
{
|
||||||
|
$ldap[substr($name, 8)] = str_replace('%u', $data['account_lid'], $value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
foreach($egw2adldap as $egw => $adldap)
|
foreach($egw2adldap as $egw => $adldap)
|
||||||
{
|
{
|
||||||
if (isset($data[$egw]) && (string)$data[$egw] != (string)$old[$egw])
|
if (isset($data[$egw]) && (string)$data[$egw] != (string)$old[$egw])
|
||||||
@ -1318,7 +1330,7 @@ class adLDAPUsers_egw extends adLDAPUsers
|
|||||||
$add = $this->adldap->adldap_schema($attributes);
|
$add = $this->adldap->adldap_schema($attributes);
|
||||||
|
|
||||||
// Additional stuff only used for adding accounts
|
// Additional stuff only used for adding accounts
|
||||||
$add["cn"][0] = $attributes["display_name"];
|
$add["cn"][0] = $attributes["username"];
|
||||||
$add["samaccountname"][0] = $attributes["username"];
|
$add["samaccountname"][0] = $attributes["username"];
|
||||||
$add["userPrincipalName"][0] = $attributes["username"].$this->adldap->getAccountSuffix();
|
$add["userPrincipalName"][0] = $attributes["username"].$this->adldap->getAccountSuffix();
|
||||||
$add["objectclass"][0] = "top";
|
$add["objectclass"][0] = "top";
|
||||||
|
@ -521,6 +521,26 @@
|
|||||||
</td>
|
</td>
|
||||||
<td><input name="newsettings[ads_context]" value="{value_ads_context}" size="80" /></td>
|
<td><input name="newsettings[ads_context]" value="{value_ads_context}" size="80" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr class="row_off">
|
||||||
|
<td><b>{lang_Attributes_for_new_users}</b><br/></td>
|
||||||
|
<td>{lang_use_%u_for_username,_leave_empty_to_no_set}</td>
|
||||||
|
</tr>
|
||||||
|
<tr class="row_on">
|
||||||
|
<td>profilePath</td>
|
||||||
|
<td><input name="newsettings[ads_new_profilePath]" value="{value_ads_new_profilePath}" size="40" /></td>
|
||||||
|
</tr>
|
||||||
|
<tr class="row_off">
|
||||||
|
<td>homeDirectory</td>
|
||||||
|
<td><input name="newsettings[ads_new_homeDirectory]" value="{value_ads_new_homeDirectory}" size="40" /></td>
|
||||||
|
</tr>
|
||||||
|
<tr class="row_on">
|
||||||
|
<td>homeDrive</td>
|
||||||
|
<td><input name="newsettings[ads_new_homeDrive]" value="{value_ads_new_homeDrive}" size="40" /></td>
|
||||||
|
</tr>
|
||||||
|
<tr class="row_off">
|
||||||
|
<td>scriptPath</td>
|
||||||
|
<td><input name="newsettings[ads_new_scriptPath]" value="{value_ads_new_scriptPath}" size="40" /></td>
|
||||||
|
</tr>
|
||||||
|
|
||||||
<tr class="row_off">
|
<tr class="row_off">
|
||||||
<td colspan="2"> </td>
|
<td colspan="2"> </td>
|
||||||
|
Loading…
Reference in New Issue
Block a user