From 5caa2423148610d42a6dd9fbacb648724743d4ed Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Tue, 9 Jul 2013 15:26:59 +0000
Subject: [PATCH] * Admin/Active Directory: create new users with CN=<username>
 as Windows does and allow to configure profilePath, homeDirectory, homeDrive
 and scriptPath for new users

---
 phpgwapi/inc/class.accounts_ads.inc.php | 30 +++++++++++++++++--------
 setup/templates/default/config.tpl      | 20 +++++++++++++++++
 2 files changed, 41 insertions(+), 9 deletions(-)

diff --git a/phpgwapi/inc/class.accounts_ads.inc.php b/phpgwapi/inc/class.accounts_ads.inc.php
index f3a40ed655..c05ebabb5c 100644
--- a/phpgwapi/inc/class.accounts_ads.inc.php
+++ b/phpgwapi/inc/class.accounts_ads.inc.php
@@ -74,7 +74,7 @@ class accounts_ads
 	 */
 	protected static $user_attributes = array(
 		'objectsid', 'samaccounttype', 'samaccountname',
-		'primarygroupid', 'givenname', 'sn', 'mail', 'cn', 'telephonenumber',
+		'primarygroupid', 'givenname', 'sn', 'mail', 'displayname', 'telephonenumber',
 		'objectguid', 'useraccountcontrol', 'accountexpires', 'pwdlastset', 'whencreated', 'whenchanged',
 	);
 
@@ -476,7 +476,7 @@ class accounts_ads
 			'account_firstname' => $data['givenname'][0],
 			'account_lastname'  => $data['sn'][0],
 			'account_email'     => $data['mail'][0],
-			'account_fullname'  => $data['cn'][0],
+			'account_fullname'  => $data['displayname'][0],
 			'account_phone'     => $data['telephonenumber'][0],
 			'account_status'    => $data['useraccountcontrol'][0] & 2 ? false : 'A',
 			'account_expires'   => !isset($data['accountexpires']) || $data['accountexpires'][0] == self::EXPIRES_NEVER ? -1 :
@@ -653,7 +653,7 @@ class accounts_ads
 			$data['account_fullname'] = $data['account_firstname'].' '.$data['account_lastname'];
 		}
 
-		if (!$old)	// new entry
+		if (($new_entry = !$old))	// new entry
 		{
 			static $new2adldap = array(
 				'account_lid'       => 'username',
@@ -690,17 +690,18 @@ class accounts_ads
 			}
 			$data['account_id'] = $old['account_id'];
 		}
-		// check if DN/account_fullname changed (not yet supported by adLDAP)
-		if (isset($data['account_fullname']) && $old['account_fullname'] !== $data['account_fullname'])
+		// check if DN/account_lid changed (not yet supported by adLDAP)
+		/* disabled as AD does NOT allow to change user-name (account_lid), which is used for DN
+		if (isset($data['account_lid']) && $old['account_lid'] !== $data['account_lid'] ||
+			(stripos($old['account_dn'], 'CN='.$data['account_lid'].',') !== 0))
 		{
 			if (!($ret = ldap_rename($ds=$this->ldap_connection(), $old['account_dn'],
-				'CN='.$this->adldap->utilities()->ldapSlashes($data['account_fullname']), null, true)))
+				'CN='.$this->adldap->utilities()->ldapSlashes($data['account_lid']), null, true)))
 			{
 				error_log(__METHOD__."(".array2string($data).") rename to new CN failed!");
 				return false;
 			}
-			$old['account_fullname'] = $data['account_fullname'];
-		}
+		}*/
 		static $egw2adldap = array(
 			'account_lid'       => 'samaccountname',
 			'account_firstname' => 'firstname',
@@ -715,6 +716,17 @@ class accounts_ads
 			//'account_phone'   => 'telephone',	not updated by accounts, only read so far
 		);
 		$attributes = $ldap = array();
+		// for a new entry set certain values (eg. profilePath) to in setup configured value
+		if ($new_entry)
+		{
+			foreach($this->frontend->config as $name => $value)
+			{
+				if (substr($name, 0, 8) == 'ads_new_')
+				{
+					$ldap[substr($name, 8)] = str_replace('%u', $data['account_lid'], $value);
+				}
+			}
+		}
 		foreach($egw2adldap as $egw => $adldap)
 		{
 			if (isset($data[$egw]) && (string)$data[$egw] != (string)$old[$egw])
@@ -1318,7 +1330,7 @@ class adLDAPUsers_egw extends adLDAPUsers
 		$add = $this->adldap->adldap_schema($attributes);
 
 		// Additional stuff only used for adding accounts
-		$add["cn"][0] = $attributes["display_name"];
+		$add["cn"][0] = $attributes["username"];
 		$add["samaccountname"][0] = $attributes["username"];
 		$add["userPrincipalName"][0] = $attributes["username"].$this->adldap->getAccountSuffix();
 		$add["objectclass"][0] = "top";
diff --git a/setup/templates/default/config.tpl b/setup/templates/default/config.tpl
index ec8030ed6f..483f95e497 100644
--- a/setup/templates/default/config.tpl
+++ b/setup/templates/default/config.tpl
@@ -521,6 +521,26 @@
      </td>
      <td><input name="newsettings[ads_context]" value="{value_ads_context}" size="80" /></td>
    </tr>
+   <tr class="row_off">
+     <td><b>{lang_Attributes_for_new_users}</b><br/></td>
+     <td>{lang_use_%u_for_username,_leave_empty_to_no_set}</td>
+   </tr>
+   <tr class="row_on">
+     <td>profilePath</td>
+     <td><input name="newsettings[ads_new_profilePath]" value="{value_ads_new_profilePath}" size="40" /></td>
+   </tr>
+   <tr class="row_off">
+     <td>homeDirectory</td>
+     <td><input name="newsettings[ads_new_homeDirectory]" value="{value_ads_new_homeDirectory}" size="40" /></td>
+   </tr>
+   <tr class="row_on">
+     <td>homeDrive</td>
+     <td><input name="newsettings[ads_new_homeDrive]" value="{value_ads_new_homeDrive}" size="40" /></td>
+   </tr>
+   <tr class="row_off">
+     <td>scriptPath</td>
+     <td><input name="newsettings[ads_new_scriptPath]" value="{value_ads_new_scriptPath}" size="40" /></td>
+   </tr>
 
    <tr class="row_off">
     <td colspan="2">&nbsp;</td>