* Admin/Active Directory: create new users with CN=<username> as Windows does and allow to configure profilePath, homeDirectory, homeDrive and scriptPath for new users

This commit is contained in:
Ralf Becker 2013-07-09 15:26:59 +00:00
parent a57e1c76cf
commit 5caa242314
2 changed files with 41 additions and 9 deletions

View File

@ -74,7 +74,7 @@ class accounts_ads
*/ */
protected static $user_attributes = array( protected static $user_attributes = array(
'objectsid', 'samaccounttype', 'samaccountname', 'objectsid', 'samaccounttype', 'samaccountname',
'primarygroupid', 'givenname', 'sn', 'mail', 'cn', 'telephonenumber', 'primarygroupid', 'givenname', 'sn', 'mail', 'displayname', 'telephonenumber',
'objectguid', 'useraccountcontrol', 'accountexpires', 'pwdlastset', 'whencreated', 'whenchanged', 'objectguid', 'useraccountcontrol', 'accountexpires', 'pwdlastset', 'whencreated', 'whenchanged',
); );
@ -476,7 +476,7 @@ class accounts_ads
'account_firstname' => $data['givenname'][0], 'account_firstname' => $data['givenname'][0],
'account_lastname' => $data['sn'][0], 'account_lastname' => $data['sn'][0],
'account_email' => $data['mail'][0], 'account_email' => $data['mail'][0],
'account_fullname' => $data['cn'][0], 'account_fullname' => $data['displayname'][0],
'account_phone' => $data['telephonenumber'][0], 'account_phone' => $data['telephonenumber'][0],
'account_status' => $data['useraccountcontrol'][0] & 2 ? false : 'A', 'account_status' => $data['useraccountcontrol'][0] & 2 ? false : 'A',
'account_expires' => !isset($data['accountexpires']) || $data['accountexpires'][0] == self::EXPIRES_NEVER ? -1 : 'account_expires' => !isset($data['accountexpires']) || $data['accountexpires'][0] == self::EXPIRES_NEVER ? -1 :
@ -653,7 +653,7 @@ class accounts_ads
$data['account_fullname'] = $data['account_firstname'].' '.$data['account_lastname']; $data['account_fullname'] = $data['account_firstname'].' '.$data['account_lastname'];
} }
if (!$old) // new entry if (($new_entry = !$old)) // new entry
{ {
static $new2adldap = array( static $new2adldap = array(
'account_lid' => 'username', 'account_lid' => 'username',
@ -690,17 +690,18 @@ class accounts_ads
} }
$data['account_id'] = $old['account_id']; $data['account_id'] = $old['account_id'];
} }
// check if DN/account_fullname changed (not yet supported by adLDAP) // check if DN/account_lid changed (not yet supported by adLDAP)
if (isset($data['account_fullname']) && $old['account_fullname'] !== $data['account_fullname']) /* disabled as AD does NOT allow to change user-name (account_lid), which is used for DN
if (isset($data['account_lid']) && $old['account_lid'] !== $data['account_lid'] ||
(stripos($old['account_dn'], 'CN='.$data['account_lid'].',') !== 0))
{ {
if (!($ret = ldap_rename($ds=$this->ldap_connection(), $old['account_dn'], if (!($ret = ldap_rename($ds=$this->ldap_connection(), $old['account_dn'],
'CN='.$this->adldap->utilities()->ldapSlashes($data['account_fullname']), null, true))) 'CN='.$this->adldap->utilities()->ldapSlashes($data['account_lid']), null, true)))
{ {
error_log(__METHOD__."(".array2string($data).") rename to new CN failed!"); error_log(__METHOD__."(".array2string($data).") rename to new CN failed!");
return false; return false;
} }
$old['account_fullname'] = $data['account_fullname']; }*/
}
static $egw2adldap = array( static $egw2adldap = array(
'account_lid' => 'samaccountname', 'account_lid' => 'samaccountname',
'account_firstname' => 'firstname', 'account_firstname' => 'firstname',
@ -715,6 +716,17 @@ class accounts_ads
//'account_phone' => 'telephone', not updated by accounts, only read so far //'account_phone' => 'telephone', not updated by accounts, only read so far
); );
$attributes = $ldap = array(); $attributes = $ldap = array();
// for a new entry set certain values (eg. profilePath) to in setup configured value
if ($new_entry)
{
foreach($this->frontend->config as $name => $value)
{
if (substr($name, 0, 8) == 'ads_new_')
{
$ldap[substr($name, 8)] = str_replace('%u', $data['account_lid'], $value);
}
}
}
foreach($egw2adldap as $egw => $adldap) foreach($egw2adldap as $egw => $adldap)
{ {
if (isset($data[$egw]) && (string)$data[$egw] != (string)$old[$egw]) if (isset($data[$egw]) && (string)$data[$egw] != (string)$old[$egw])
@ -1318,7 +1330,7 @@ class adLDAPUsers_egw extends adLDAPUsers
$add = $this->adldap->adldap_schema($attributes); $add = $this->adldap->adldap_schema($attributes);
// Additional stuff only used for adding accounts // Additional stuff only used for adding accounts
$add["cn"][0] = $attributes["display_name"]; $add["cn"][0] = $attributes["username"];
$add["samaccountname"][0] = $attributes["username"]; $add["samaccountname"][0] = $attributes["username"];
$add["userPrincipalName"][0] = $attributes["username"].$this->adldap->getAccountSuffix(); $add["userPrincipalName"][0] = $attributes["username"].$this->adldap->getAccountSuffix();
$add["objectclass"][0] = "top"; $add["objectclass"][0] = "top";

View File

@ -521,6 +521,26 @@
</td> </td>
<td><input name="newsettings[ads_context]" value="{value_ads_context}" size="80" /></td> <td><input name="newsettings[ads_context]" value="{value_ads_context}" size="80" /></td>
</tr> </tr>
<tr class="row_off">
<td><b>{lang_Attributes_for_new_users}</b><br/></td>
<td>{lang_use_%u_for_username,_leave_empty_to_no_set}</td>
</tr>
<tr class="row_on">
<td>profilePath</td>
<td><input name="newsettings[ads_new_profilePath]" value="{value_ads_new_profilePath}" size="40" /></td>
</tr>
<tr class="row_off">
<td>homeDirectory</td>
<td><input name="newsettings[ads_new_homeDirectory]" value="{value_ads_new_homeDirectory}" size="40" /></td>
</tr>
<tr class="row_on">
<td>homeDrive</td>
<td><input name="newsettings[ads_new_homeDrive]" value="{value_ads_new_homeDrive}" size="40" /></td>
</tr>
<tr class="row_off">
<td>scriptPath</td>
<td><input name="newsettings[ads_new_scriptPath]" value="{value_ads_new_scriptPath}" size="40" /></td>
</tr>
<tr class="row_off"> <tr class="row_off">
<td colspan="2">&nbsp;</td> <td colspan="2">&nbsp;</td>