From 08c24c96d8262f4bf14b1faebe58f7c58db285fd Mon Sep 17 00:00:00 2001 From: huzvar <89766648+huzvar@users.noreply.github.com> Date: Fri, 11 Mar 2022 11:59:48 +0100 Subject: [PATCH] Add Group Additional (#113) * Add doku Group additional. * Read Group additional configuration. * New group add Additional objectclasses --- README.md | 6 +++++- www/includes/config.inc.php | 2 ++ www/includes/ldap_functions.inc.php | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index afb5015..97cf5f1 100644 --- a/README.md +++ b/README.md @@ -134,7 +134,11 @@ These settings should only be changed if you're trying to make the user manager * `LDAP_GROUP_ATTRIBUTE` (default: *cn*): The attribute used as the group identifier. * `LDAP_GROUP_MEMBERSHIP_ATTRIBUTE` (default: *memberUID* or *uniqueMember*): The attribute used when adding a user's account to a group. When the `groupOfMembers` objectClass is detected `FORCE_RFC2307BIS` is `TRUE` it defaults to `uniqueMember`, otherwise it'll default to `memberUID`. Explicitly setting this variable will override any default. - + +* `LDAP_GROUP_ADDITIONAL_OBJECTCLASSES` (no default): A comma-separated list of additional objectClasses to use when creating an group. See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information. + +* `LDAP_GROUP_ADDITIONAL_ATTRIBUTE` (no default): A comma-separated list of extra attributes to display when creating an group. See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information. + * `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` (no default): A comma-separated list of additional objectClasses to use when creating an account. See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information. * `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` (no default): A comma-separated list of extra attributes to display when creating an account. See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information. diff --git a/www/includes/config.inc.php b/www/includes/config.inc.php index 66cb44a..4b5abe9 100644 --- a/www/includes/config.inc.php +++ b/www/includes/config.inc.php @@ -33,6 +33,8 @@ if (getenv('LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES')) { $LDAP['account_additional_objectclasses'] = strtolower(getenv('LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES')); } if (getenv('LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES')) { $LDAP['account_additional_attributes'] = getenv('LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES'); } + if (getenv('LDAP_GROUP_ADDITIONAL_OBJECTCLASSES')) { $LDAP['group_additional_objectclasses'] = getenv('LDAP_GROUP_ADDITIONAL_OBJECTCLASSES'); } + if (getenv('LDAP_GROUP_ADDITIONAL_ATTRIBUTE')) { $LDAP['group_additional_attribute'] = getenv('LDAP_GROUP_ADDITIONAL_ATTRIBUTE'); } if (getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE')) { $LDAP['group_membership_attribute'] = getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE'); } if (getenv('LDAP_GROUP_MEMBERSHIP_USES_UID')) { if (strtoupper(getenv('LDAP_GROUP_MEMBERSHIP_USES_UID')) == 'TRUE' ) { $LDAP['group_membership_uses_uid'] = TRUE; } diff --git a/www/includes/ldap_functions.inc.php b/www/includes/ldap_functions.inc.php index 8f0a452..b0ca524 100644 --- a/www/includes/ldap_functions.inc.php +++ b/www/includes/ldap_functions.inc.php @@ -588,6 +588,8 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="") { $new_gid = $highest_gid + 1; if ($rfc2307bis_available == FALSE) { $objectclasses = array('top','posixGroup'); } else { $objectclasses = array('top','groupOfUniqueNames','posixGroup'); } + if (isset($LDAP['group_additional_objectclasses']) and $LDAP['group_additional_objectclasses'] != "") + $objectclasses = array_merge($objectclasses, explode(",", $LDAP['group_additional_objectclasses'])); if ($LDAP['group_membership_uses_uid'] == FALSE and $initial_member != "") { $initial_member = "${LDAP['account_attribute']}=$initial_member,${LDAP['user_dn']}"; } $new_group_array=array( 'objectClass' => $objectclasses,