From ac487777b7d8458ea1170946dae5da953f3e2151 Mon Sep 17 00:00:00 2001 From: Lars Kneschke Date: Sat, 13 Sep 2003 17:14:30 +0000 Subject: [PATCH] added support for primary group --- admin/inc/class.boaccounts.inc.php | 20 +- admin/inc/class.uiaccounts.inc.php | 7 +- admin/templates/default/account_form.tpl | 4 +- admin/templates/default/account_form_ldap.tpl | 4 +- admin/templates/default/accounts.tpl | 15 +- phpgwapi/inc/class.accounts_ldap.inc.php | 268 +++++++++++++----- 6 files changed, 227 insertions(+), 91 deletions(-) diff --git a/admin/inc/class.boaccounts.inc.php b/admin/inc/class.boaccounts.inc.php index 22f19a4c6c..c6e60dde55 100755 --- a/admin/inc/class.boaccounts.inc.php +++ b/admin/inc/class.boaccounts.inc.php @@ -315,6 +315,7 @@ 'account_status' => ($_POST['account_status'] ? 'A' : ''), 'old_loginid' => ($_GET['old_loginid']?rawurldecode($_GET['old_loginid']):''), 'account_id' => ($_GET['account_id']?$_GET['account_id']:0), + 'account_primary_group' => $_POST['account_primary_group'], 'account_passwd_2' => $_POST['account_passwd_2'], 'account_groups' => $_POST['account_groups'], 'anonymous' => $_POST['anonymous'], @@ -672,17 +673,6 @@ { $totalerrors = 0; - /* - if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap' && ! $allow_long_loginids) - { - if (strlen($_userData['account_lid']) > 8) - { - $error[$totalerrors] = lang('The loginid can not be more then 8 characters'); - $totalerrors++; - } - } - */ - if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap' && (!$_userData['account_lastname'] && !$_userData['lastname'])) { @@ -695,7 +685,13 @@ $error[$totalerrors] = lang('You must enter a loginid'); $totalerrors++; } - + + if(!in_array($_userData['account_primary_group'],$_userData['account_groups'])) + { + $error[$totalerrors] = lang('The groups must include the primary group'); + $totalerrors++; + } + if ($_userData['old_loginid'] != $_userData['account_lid']) { if ($GLOBALS['phpgw']->accounts->exists($_userData['account_lid'])) diff --git a/admin/inc/class.uiaccounts.inc.php b/admin/inc/class.uiaccounts.inc.php index 72461be103..3ab0ff4272 100755 --- a/admin/inc/class.uiaccounts.inc.php +++ b/admin/inc/class.uiaccounts.inc.php @@ -253,7 +253,6 @@ 'lang_edit' => lang('edit'), 'lang_delete' => lang('delete'), 'lang_view' => lang('view'), - 'actionurl' => $GLOBALS['phpgw']->link('/index.php','menuaction=admin.uiaccounts.add_user'), 'accounts_url' => $url, 'lang_search' => lang('search') ); @@ -261,7 +260,7 @@ if (! $GLOBALS['phpgw']->acl->check('account_access',4,'admin')) { - $p->set_var('input_add',''); + $p->set_var('url_add','' . lang('Add') . ''); } if (! $GLOBALS['phpgw']->acl->check('account_access',2,'admin')) @@ -959,6 +958,8 @@ { $userData = Array(); $userData=$_userData; + $userData['account_firstname'] = $userData['firstname']; + $userData['account_lastname'] = $userData['lastname']; @reset($userData['account_groups']); while (list($key, $value) = @each($userData['account_groups'])) { @@ -1027,7 +1028,7 @@ $lang_homedir = lang('home directory'); $lang_shell = lang('login shell'); $homedirectory = ''; $loginshell = ' - {lang_primary_group} - {primary_group_select}  {lang_groups} {groups_select}  + {lang_primary_group} + {primary_group_select}  {permissions_list} diff --git a/admin/templates/default/account_form_ldap.tpl b/admin/templates/default/account_form_ldap.tpl index 7aca00b499..5a6ca63fee 100644 --- a/admin/templates/default/account_form_ldap.tpl +++ b/admin/templates/default/account_form_ldap.tpl @@ -52,10 +52,10 @@ - {lang_primary_group} - {primary_group_select}  {lang_groups} {groups_select}  + {lang_primary_group} + {primary_group_select}  {permissions_list} diff --git a/admin/templates/default/accounts.tpl b/admin/templates/default/accounts.tpl index de2834693b..13a013388e 100644 --- a/admin/templates/default/accounts.tpl +++ b/admin/templates/default/accounts.tpl @@ -1,5 +1,15 @@

+

+ + + + +
+ {url_add} +
+
+
@@ -26,14 +36,9 @@
-
-
- {input_add} - -
{input_search} diff --git a/phpgwapi/inc/class.accounts_ldap.inc.php b/phpgwapi/inc/class.accounts_ldap.inc.php index c3727bb310..96c48bd9d7 100644 --- a/phpgwapi/inc/class.accounts_ldap.inc.php +++ b/phpgwapi/inc/class.accounts_ldap.inc.php @@ -65,10 +65,11 @@ } else { - $this->data['account_id'] = $allValues[0]['uidnumber'][0]; - $this->data['account_lid'] = $allValues[0]['uid'][0]; - $this->data['firstname'] = utf8_decode($allValues[0]['givenname'][0]); - $this->data['lastname'] = utf8_decode($allValues[0]['sn'][0]); + $this->data['account_id'] = $allValues[0]['uidnumber'][0]; + $this->data['account_primary_group'] = $allValues[0]['gidnumber'][0]; + $this->data['account_lid'] = $allValues[0]['uid'][0]; + $this->data['firstname'] = utf8_decode($allValues[0]['givenname'][0]); + $this->data['lastname'] = utf8_decode($allValues[0]['sn'][0]); } $this->data['account_dn'] = $allValues[0]['dn']; $this->data['fullname'] = $allValues[0]['cn'][0]; @@ -105,6 +106,9 @@ $allValues = ldap_get_entries($this->ds, $sri); $this->data['account_type'] = $allValues[0]['phpgwaccounttype'][0]; + + // get a copy of the DN + $updatedValues = $allValues; if($acct_type == 'u') { @@ -115,20 +119,72 @@ $entry['cn'] = utf8_encode($this->data['firstname']); } - $entry['sn'] = utf8_encode($this->data['lastname']); - $entry['givenname'] = utf8_encode($this->data['firstname']); - $entry['phpgwaccountlastlogin'] = $this->data['lastlogin']; + $entry['sn'] = utf8_encode($this->data['lastname']); + $entry['givenname'] = utf8_encode($this->data['firstname']); + $entry['phpgwaccountlastlogin'] = $this->data['lastlogin']; $entry['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom']; - $entry['phpgwlastpasswdchange'] = $this->data['lastpasswd_change']; - $entry['phpgwaccountstatus'] = $this->data['status']; - $entry['phpgwaccounttype'] = $this->data['type']; - $entry['phpgwaccountexpires'] = $this->data['expires']; - + $entry['phpgwlastpasswdchange'] = $this->data['lastpasswd_change']; + $entry['phpgwaccountstatus'] = $this->data['status']; + $entry['phpgwaccounttype'] = $this->data['type']; + $entry['phpgwaccountexpires'] = $this->data['expires']; + $entry['gid'] = $this->data['account_primary_group']; if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes']) { $entry['homedirectory'] = $this->data['homedirectory']; $entry['loginshell'] = $this->data['loginshell']; } + else + { + // the posixaccount schema requires this + $entry['homedirectory'] = '/home/'.$this->data['account_lid']; + $entry['loginshell'] = '/bin/false'; + } + + + if($acct_type == 'u') + { + // data for posixaccount + $newData['cn'] = utf8_encode(sprintf("%s %s", + $this->data['firstname'], + $this->data['lastname'])); + $newData['uid'] = $allValues[0]['uid'][0]; + if($this->data['lastname']) + $newData['sn'] = utf8_encode($this->data['lastname']); + if($this->data['firstname']) + $newData['givenname'] = utf8_encode($this->data['firstname']); + if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes']) + { + $newData['homedirectory'] = $this->data['homedirectory']; + $newData['loginshell'] = $this->data['loginshell']; + } + else + { + // the posixaccount schema requires this + $entry['homedirectory'] = '/home/'.$this->data['account_lid']; + $entry['loginshell'] = '/bin/false'; + } + if($this->data['account_primary_group']) + $newData['gidNumber'] = $this->data['account_primary_group']; + if($this->data['lastlogin']) + $newData['phpgwaccountlastlogin'] = $this->data['lastlogin']; + if($this->data['lastloginfrom']) + $newData['phpgwaccountlastloginfrom'] = $this->data['lastloginfrom']; + if($this->data['lastpasswd_change']) + $newData['phpgwlastpasswdchange'] = $this->data['lastpasswd_change']; + if($this->data['status']) + $newData['phpgwaccountstatus'] = $this->data['status']; + else + $newData['phpgwaccountstatus'] = array(); + if($this->data['expires']) + $newData['phpgwaccountexpires'] = $this->data['expires']; + } + else + { + // data for posixgroup + $newData['cn'] = utf8_encode($this->data['firstname']); + } + if($this->data['type']) + $newData['phpgwaccounttype'] = $this->data['type']; /* Changing the uid: Need to delete and add new, since @@ -202,86 +258,114 @@ else { $dn = 'uid='.$this->data['account_lid'].','.$this->user_context; - $entry['uidnumber'] = $this->data['account_id']; - $entry['cn'] = utf8_encode(sprintf("%s %s", $this->data['firstname'], $this->data['lastname'])); - $entry['uid'] = $this->data['account_lid']; - $entry['givenname'] = utf8_encode($this->data['firstname']); - $entry['sn'] = utf8_encode($this->data['lastname']); - $entry['objectclass'] = ''; - $entry['objectclass'][0] = 'top'; - $entry['objectclass'][1] = 'person'; - $entry['objectclass'][2] = 'organizationalPerson'; - $entry['objectclass'][3] = 'inetOrgPerson'; - /* $entry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */ - $entry['objectclass'][4] = 'posixAccount'; - $entry['objectclass'][5] = 'shadowAccount'; - $entry['objectclass'][6] = 'phpgwAccount'; + $entry['uidnumber'] = $this->data['account_id']; + $entry['cn'] = utf8_encode(sprintf("%s %s", $this->data['firstname'], $this->data['lastname'])); + $entry['uid'] = $this->data['account_lid']; + $entry['gid'] = $this->data['account_primary_group']; + $entry['givenname'] = utf8_encode($this->data['firstname']); + $entry['sn'] = utf8_encode($this->data['lastname']); + $entry['objectclass'] = array(); + $entry['objectclass'][0] = 'top'; + $entry['objectclass'][1] = 'person'; + $entry['objectclass'][2] = 'organizationalPerson'; + $entry['objectclass'][3] = 'inetOrgPerson'; + $entry['objectclass'][4] = 'posixAccount'; + $entry['objectclass'][5] = 'shadowAccount'; + $entry['objectclass'][6] = 'phpgwAccount'; if ($GLOBALS['phpgw_info']['server']['ldap_extra_attributes']) { $entry['homedirectory'] = $this->data['homedirectory']; $entry['loginshell'] = $this->data['loginshell']; } + else + { + // the posixaccount schema requires this + $entry['homedirectory'] = '/home/'.$this->data['account_lid']; + $entry['loginshell'] = '/bin/false'; + } } /* print_r($entry); exit;*/ ldap_add($this->ds, $dn, $entry); } - /* Normal behavior for save_repository */ + /* Normal behavior for save_repository + update Account */ else { + // add the list group members if ($this->data['account_type'] == 'g' && $this->group_context ) { $members = $this->member($this->data['account_id']); - $entry['memberuid'] = array(); + #_debug_array($members); + $newData['memberuid'] = array(); for ($i=0;$iid2name($members[$i]['account_id']); - if (!$this->isin_array($currname,$entry['memberuid'])) + if (!$this->isin_array($currname,$newData['memberuid'])) { - $entry['memberuid'][] = $currname; - } - } - unset($entry['givenname']); - unset($entry['sn']); - } - while (list($key,$val) = each($entry)) - { - $tmpentry = ''; - if(is_array($val)) - { - $tmpentry[$key] = $val; - } - else - { - $tmpentry[$key] = trim($val); /* must trim! */ - } - - if ($tmpentry[$key] && $key) - { - if (!$allValues[0][$key][0]) - { - /* attribute was not in LDAP, add it */ - ldap_mod_add($this->ds, $allValues[0]['dn'], $tmpentry); - } - else - { - /* attribute was in LDAP, modify it */ - ldap_modify($this->ds, $allValues[0]['dn'], $tmpentry); + $newData['memberuid'][] = $currname; } } } - /* If status is to be set inactive, insert a space here. This is trimmed in read_repository. */ - if (!$entry['phpgwaccountstatus']) + // modify the DN + ldap_modify($this->ds, $allValues[0]['dn'], $newData); + + // lets check for groups, the user needs to be removed + $accountID = $newData['uid']; + + // first lets search for the groups, the user is currently member of + // and from which he needs to be removed + $filter = "(&(objectclass=posixgroup)(memberuid=$accountID))"; + $justThese = array('memberuid','gidnumber'); + $sri = ldap_search($this->ds, $this->group_context, $filter, $justThese); + if($sri) { - if (!$allValues[0]['phpgwaccountstatus'][0]) + $allValues = ldap_get_entries($this->ds, $sri); + if($allValues['count'] > 0) { - /* attribute was not in LDAP, add it */ - ldap_mod_add($this->ds, $allValues[0]['dn'], array('phpgwaccountstatus' => ' ')); + unset($allValues['count']); + foreach($allValues as $key) + { + #_debug_array($key); + #_debug_array($this->data['account_groups']); + if(!in_array($key['gidnumber'][0],$this->data['account_groups'])) + { + $dn = $key['dn']; + $newData = array(); + $newData['memberuid'] = $key['memberuid']; + unset($newData['memberuid']['count']); + // remove the uid from memberuid + $newData['memberuid'] = array_flip($newData['memberuid']); + unset($newData['memberuid'][$accountID]); + $newData['memberuid'] = array_values(array_unique(array_flip($newData['memberuid']))); + ldap_mod_replace($this->ds, $dn, $newData); + #print ldap_error($this->ds); + } + } } - else + } + + // lets check group the user needs to be added + foreach($this->data['account_groups'] as $key => $value) + { + // search for the group + $filter = 'gidnumber='.$value; + $justThese = array('memberuid'); + $sri = ldap_search($this->ds, $this->group_context, 'gidnumber='.$value, $justThese); + if($sri) { - /* attribute was in LDAP, modify it */ - ldap_modify($this->ds, $allValues[0]['dn'], array('phpgwaccountstatus' => ' ')); + $allValues = ldap_get_entries($this->ds, $sri); + // if the user is not member of this group, add him + if(!in_array($newData['uid'],$allValues[0]['memberuid'])) + { + $dn = $allValues[0]['dn']; + $newData = array(); + $newData['memberuid'] = $allValues[0]['memberuid']; + unset($newData['memberuid']['count']); + $newData['memberuid'][] = $accountID; + $newData['memberuid'] = array_values(array_unique($newData['memberuid'])); + ldap_mod_replace($this->ds, $dn, $newData); + } } } } @@ -303,18 +387,43 @@ $account_lid = $this->id2name($account_id); $sri = ldap_search($this->ds, $this->group_context, 'gidnumber='.$account_id); - $allValues = ldap_get_entries($this->ds, $sri); if(!$allValues[0]['dn']) { $sri = ldap_search($this->ds, $this->user_context, 'uid='.$account_lid); $allValues = ldap_get_entries($this->ds, $sri); + $accountID = $allValues['0']['uid'][0]; } if ($allValues[0]['dn']) { $del = ldap_delete($this->ds, $allValues[0]['dn']); } + + // remove the user from any group he is member of + $filter = "(&(objectclass=posixgroup)(memberuid=$accountID))"; + $justThese = array('memberuid','gidnumber'); + $sri = ldap_search($this->ds, $this->group_context, $filter, $justThese); + if($sri) + { + $allValues = ldap_get_entries($this->ds, $sri); + if($allValues['count'] > 0) + { + unset($allValues['count']); + foreach($allValues as $key) + { + $dn = $key['dn']; + $newData = array(); + $newData['memberuid'] = $key['memberuid']; + unset($newData['memberuid']['count']); + // remove the uid from memberuid + $newData['memberuid'] = array_flip($newData['memberuid']); + unset($newData['memberuid'][$accountID]); + $newData['memberuid'] = array_unique(array_flip($newData['memberuid'])); + ldap_mod_replace($this->ds, $dn, $newData); + } + } + } } function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '') @@ -766,6 +875,31 @@ } // print ldap_error($this->ds); + // lets check group the user needs to be added + foreach($account_info['account_groups'] as $key => $value) + { + // search for the group + $filter = 'gidnumber='.$value; + $justThese = array('memberuid'); + $sri = ldap_search($this->ds, $this->group_context, 'gidnumber='.$value, $justThese); + if($sri) + { + $allValues = ldap_get_entries($this->ds, $sri); + // if the user is not member of this group, add him + if(!in_array($account_info['account_lid'],$allValues[0]['memberuid'])) + { + $dn = $allValues[0]['dn']; + $newData = array(); + $newData['memberuid'] = $allValues[0]['memberuid']; + unset($newData['memberuid']['count']); + $newData['memberuid'][] = $account_info['account_lid']; + $newData['memberuid'] = array_unique($newData['memberuid']); + ldap_mod_replace($this->ds, $dn, $newData); + #print ldap_error($this->ds)."
"; + } + } + } + if($account_id && is_object($GLOBALS['phpgw']->preferences) && $default_prefs) { $GLOBALS['phpgw']->preferences->create_defaults($account_id);