Fixed problem that on newer SuSE (and maybe other distros too) none of our required objectclasses for groups are an structural object, which caused the adding of new groups to fail. Now I add the 'namedObject' objectclass, if the first adding fails.

This commit is contained in:
Ralf Becker 2006-06-03 19:44:44 +00:00
parent fbd2895b99
commit b4f3452ffc

View File

@ -38,10 +38,13 @@
var $requiredObjectClasses = array( var $requiredObjectClasses = array(
'user' => array( 'user' => array(
'top','organizationalperson','inetorgperson','posixaccount','shadowaccount','phpgwaccount' 'top','person','organizationalperson','inetorgperson','posixaccount','shadowaccount','phpgwaccount'
), ),
'group' => array( 'group' => array(
'top','posixgroup','phpgwaccount' 'top','posixgroup','phpgwaccount',
// some newer ldap require namedObject here, as none of the above is a structural object there
// this gets now autodetected
//'namedObject'
) )
); );
@ -113,7 +116,6 @@
function save_repository() function save_repository()
{ {
$acct_type = $this->get_type($this->account_id); $acct_type = $this->get_type($this->account_id);
/* search the dn for the given u/gidnumber */ /* search the dn for the given u/gidnumber */
@ -277,14 +279,15 @@
if($this->data['account_type'] == 'g' && $this->group_context ) if($this->data['account_type'] == 'g' && $this->group_context )
{ {
$newDN = 'cn='.$this->data['account_lid'].','.$this->group_context; $newDN = 'cn='.$this->data['account_lid'].','.$this->group_context;
$members = $this->member($this->account_id);
$newData['memberuid'] = array(); $newData['memberuid'] = array();
for($i=0;$i<count($members);$i++) if (($members = $this->member($this->account_id)))
{ {
$currname = $this->id2name($members[$i]['account_id']); foreach($members as $member)
if(!in_array($currname,$entry['memberuid']))
{ {
$newData['memberuid'][] = $currname; if (!in_array($member['account_name'],$newData['memberuid']))
{
$newData['memberuid'][] = $member['account_name'];
}
} }
} }
} }
@ -298,29 +301,31 @@
// add the new account // add the new account
#_debug_array($newData); #_debug_array($newData);
ldap_add($this->ds, $newDN, $newData); if (!@ldap_add($this->ds, $newDN, $newData) && $this->data['account_type'] == 'g')
{
// try again with namedObject added, in case we have the newer schema which eg. SuSE uses
// in which our required objectclasses for a group, have no structural object
$newData['objectclass'][] = 'namedObject';
ldap_add($this->ds, $newDN, $newData);
}
} }
/* Normal behavior for save_repository /* Normal behavior for save_repository update Account */
update Account */
else else
{ {
// add the list group members // add the list group members
if($this->data['account_type'] == 'g' && $this->group_context ) if($this->data['account_type'] == 'g' && ($members = $this->member($this->account_id)))
{ {
$members = $this->member($this->account_id) ? $this->member($this->account_id) : NULL;
#_debug_array($members);
$newData['memberuid'] = array(); $newData['memberuid'] = array();
for($i=0;$i<count($members);$i++) foreach($members as $member)
{ {
$currname = $this->id2name($members[$i]['account_id']); if (!in_array($member['account_name'],$newData['memberuid']))
if(!in_array($currname,$newData['memberuid']))
{ {
$newData['memberuid'][] = $currname; $newData['memberuid'][] = $member['account_name'];
} }
} }
} }
// modify the DN // modify the DN
//echo "<p>ldap_modify(,'{$allValues[0]['dn']}',".print_r($newData,true).")</p>\n";
ldap_modify($this->ds, $allValues[0]['dn'], $newData); ldap_modify($this->ds, $allValues[0]['dn'], $newData);
} }
@ -783,23 +788,13 @@
if ($account_info['account_type'] == 'g') if ($account_info['account_type'] == 'g')
{ {
$tmpentry['objectclass'][0] = 'top'; $tmpentry['objectclass'] = $this->requiredObjectClasses['group'];
$tmpentry['objectclass'][1] = 'posixGroup';
$tmpentry['objectclass'][2] = 'phpgwAccount';
#$tmpentry['objectclass'][3] = 'namedObject';
} }
else else
{ {
$tmpentry['objectclass'] = $this->requiredObjectClasses['user'];
$tmpentry['uidnumber'] = $account_id; $tmpentry['uidnumber'] = $account_id;
$tmpentry['objectclass'][0] = 'top';
$tmpentry['objectclass'][1] = 'person';
$tmpentry['objectclass'][2] = 'organizationalPerson';
$tmpentry['objectclass'][3] = 'inetOrgPerson';
$tmpentry['userpassword'] = $GLOBALS['egw']->common->encrypt_password($account_info['account_passwd'],False); $tmpentry['userpassword'] = $GLOBALS['egw']->common->encrypt_password($account_info['account_passwd'],False);
/* $tmpentry['objectclass'][4] = 'account'; Causes problems with some LDAP servers */
$tmpentry['objectclass'][4] = 'posixAccount';
$tmpentry['objectclass'][5] = 'shadowAccount';
$tmpentry['objectclass'][6] = 'phpgwAccount';
$tmpentry['phpgwaccountstatus'] = $account_info['account_status']; $tmpentry['phpgwaccountstatus'] = $account_info['account_status'];
$tmpentry['phpgwaccounttype'] = $account_info['account_type']; $tmpentry['phpgwaccounttype'] = $account_info['account_type'];
$tmpentry['phpgwaccountexpires'] = $account_info['account_expires']; $tmpentry['phpgwaccountexpires'] = $account_info['account_expires'];
@ -815,10 +810,7 @@
unset($entry['homedirectory']); unset($entry['homedirectory']);
unset($entry['loginshell']); unset($entry['loginshell']);
unset($entry['userpassword']); unset($entry['userpassword']);
$entry['objectclass'][0] = 'top'; $entry['objectclass'] = $this->requiredObjectClasses['group'];
$entry['objectclass'][1] = 'posixGroup';
$entry['objectclass'][2] = 'phpgwAccount';
#$entry['objectclass'][3] = 'namedObject';
$entry['cn'] = $GLOBALS['egw']->translation->convert($account_info['account_lid'],$GLOBALS['egw']->translation->charset(),'utf-8'); $entry['cn'] = $GLOBALS['egw']->translation->convert($account_info['account_lid'],$GLOBALS['egw']->translation->charset(),'utf-8');
$entry['gidnumber'] = $account_id; $entry['gidnumber'] = $account_id;
$entry['description'] = 'eGW-created group'; $entry['description'] = 'eGW-created group';
@ -863,13 +855,7 @@
$entry['uidnumber'] = $account_id; $entry['uidnumber'] = $account_id;
$entry['gidnumber'] = abs($account_info['account_primary_group']); $entry['gidnumber'] = abs($account_info['account_primary_group']);
$entry['userpassword'] = $GLOBALS['egw']->common->encrypt_password($account_info['account_passwd']); $entry['userpassword'] = $GLOBALS['egw']->common->encrypt_password($account_info['account_passwd']);
$entry['objectclass'][0] = 'top'; $entry['objectclass'] = $this->requiredObjectClasses['user'];
$entry['objectclass'][1] = 'person';
$entry['objectclass'][2] = 'organizationalPerson';
$entry['objectclass'][3] = 'inetOrgPerson';
$entry['objectclass'][4] = 'posixAccount';
$entry['objectclass'][5] = 'shadowAccount';
$entry['objectclass'][6] = 'phpgwAccount';
if($account_info['account_status']) if($account_info['account_status'])
{ {
$entry['phpgwaccountstatus'] = $account_info['account_status']; $entry['phpgwaccountstatus'] = $account_info['account_status'];
@ -881,9 +867,23 @@
#_debug_array($entry); #_debug_array($entry);
// stop processing if ldap_add fails // stop processing if ldap_add fails
if(!ldap_add($this->ds, $dn, $entry)) if(!@ldap_add($this->ds, $dn, $entry))
{ {
return false; if ($account_info['account_type'] != 'g')
{
return false;
}
// try again with namedObject added, in case we have the newer schema which eg. SuSE uses
// in which our required objectclasses for a group, have no structural object
if ($account_info['account_type'] == 'g')
{
$entry['objectclass'][] = 'namedObject';
if (!@ldap_add($this->ds, $dn, $entry))
{
return false;
}
}
} }
} }
// print ldap_error($this->ds); // print ldap_error($this->ds);