mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-18 04:31:06 +01:00
* Setup/Active Directory: setup_cmd_ldap sub_command=copy2ad now checks multivalue attributes caseinsensitive for doublicate values and new parameter no_sid_check=1 allow to use it for migrating mail-attributes without Samaba checks
This commit is contained in:
parent
eb7208a02d
commit
cb8f20f2b1
@ -26,13 +26,24 @@
|
|||||||
* - First run it with --dry-run to get ids to change / admin-cli command to change ids in EGroupware.
|
* - First run it with --dry-run to get ids to change / admin-cli command to change ids in EGroupware.
|
||||||
* - Then run admin/admin-cli.php --change-account-id and after this command again without --dry-run.
|
* - Then run admin/admin-cli.php --change-account-id and after this command again without --dry-run.
|
||||||
* - After that you can run the given setup/doc/chown.php command to change filesystem uid/gid in samba share.
|
* - After that you can run the given setup/doc/chown.php command to change filesystem uid/gid in samba share.
|
||||||
|
* This is usually not needed as samba-tool clasicupgrade takes care of existing filesystem uid/gid by installing
|
||||||
|
* rfc2307 schema with uidNumber attributes.
|
||||||
*
|
*
|
||||||
* setup/setup-cli.php [--dry-run] --setup-cmd-ldap <domain>,<config-user>,<config-pw> sub_command=copy2ad \
|
* setup/setup-cli.php [--dry-run] --setup-cmd-ldap <domain>,<config-user>,<config-pw> sub_command=copy2ad \
|
||||||
* ldap_base=dc=local ldap_root_dn=cn=admin,dc=local ldap_root_pw=secret ldap_host=localhost \
|
* ldap_base=dc=local ldap_root_dn=cn=admin,dc=local ldap_root_pw=secret ldap_host=localhost \
|
||||||
* ads_domain=samba4.intern [ads_admin_user=Administrator] ads_admin_pw=secret ads_host=ad.samba4.intern [ads_connection=(ssl|tls)] \
|
* ads_domain=samba4.intern [ads_admin_user=Administrator] ads_admin_pw=secret ads_host=ad.samba4.intern [ads_connection=(ssl|tls)] \
|
||||||
* attributes=@inetOrgPerson,accountExpires=shadowExpire,{smtp:}proxyAddresses=mail,{smtp:}proxyAddresses=mailalias,{quota:}proxyAddresses=mailuserquota,{forward:}proxyaddresses=maildrop
|
* attributes=@inetOrgPerson,accountExpires=shadowExpire
|
||||||
*
|
*
|
||||||
* - copies from samba-tool clasicupgrade not copied inetOrgPerson attributes and mail attributes to AD
|
* - copies from samba-tool clasicupgrade not copied inetOrgPerson attributes and mail attributes to AD
|
||||||
|
*
|
||||||
|
* setup/setup-cli.php [--dry-run] --setup-cmd-ldap <domain>,<config-user>,<config-pw> sub_command=copy2ad \
|
||||||
|
* ldap_base=dc=local ldap_root_dn=cn=admin,dc=local ldap_root_pw=secret ldap_host=localhost \
|
||||||
|
* ads_domain=samba4.intern [ads_admin_user=Administrator] ads_admin_pw=secret \
|
||||||
|
* ads_host=ad.samba4.intern [ads_connection=(ssl|tls)] [no_sid_check=1] \
|
||||||
|
* attributes={smtp:}proxyAddresses=mail,{smtp:}proxyAddresses=mailalias,{quota:}proxyAddresses=mailuserquota,{forward:}proxyaddresses=maildrop
|
||||||
|
*
|
||||||
|
* - copies mail-attributes from ldap to AD (example is from Mandriva mailAccount schema, need to adapt to other schema!)
|
||||||
|
* (no_sid_check=1 uses all objectClass=posixAccount, not checking for having a SID and uid not ending in $ for computer accounts)
|
||||||
*/
|
*/
|
||||||
class setup_cmd_ldap extends setup_cmd
|
class setup_cmd_ldap extends setup_cmd
|
||||||
{
|
{
|
||||||
@ -308,7 +319,8 @@ class setup_cmd_ldap extends setup_cmd
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!($sr = ldap_search($this->test_ldap->ds,$this->ldap_base,
|
if (!($sr = ldap_search($this->test_ldap->ds,$this->ldap_base,
|
||||||
$search='(&(objectClass=posixAccount)('.self::sambaSID.'=*)(!(uid=*$)))', $attrs)) ||
|
$search = $this->no_sid_check ? '(objectClass=posixAccount)' :
|
||||||
|
'(&(objectClass=posixAccount)('.self::sambaSID.'=*)(!(uid=*$)))', $attrs)) ||
|
||||||
!($entries = ldap_get_entries($this->test_ldap->ds, $sr)))
|
!($entries = ldap_get_entries($this->test_ldap->ds, $sr)))
|
||||||
{
|
{
|
||||||
throw new egw_exception(lang('Error searching "dn=%1" for "%2"!',$this->ldap_base, $search));
|
throw new egw_exception(lang('Error searching "dn=%1" for "%2"!',$this->ldap_base, $search));
|
||||||
@ -355,6 +367,12 @@ class setup_cmd_ldap extends setup_cmd
|
|||||||
if (isset($update[$to]))
|
if (isset($update[$to]))
|
||||||
{
|
{
|
||||||
if (!is_array($update[$to])) $update[$to] = array($update[$to]);
|
if (!is_array($update[$to])) $update[$to] = array($update[$to]);
|
||||||
|
// we need to check (caseinsensitive) if value already exists in set
|
||||||
|
// as AD chokes on doublicate values "Type or value exists"
|
||||||
|
foreach($update[$to] as $v)
|
||||||
|
{
|
||||||
|
if (!strcasecmp($v, $prefix.$val)) continue 2;
|
||||||
|
}
|
||||||
$update[$to][] = $prefix.$val;
|
$update[$to][] = $prefix.$val;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
Loading…
Reference in New Issue
Block a user