mirror of
https://github.com/wheelybird/ldap-user-manager.git
synced 2025-01-18 23:42:54 +01:00
Fixes to allow overriding attribute labels properly
This commit is contained in:
Brian Lycett
parent
d8eb7ae81d
commit
15f99a49ef
@ -289,14 +289,13 @@ render_js_email_generator('uid','mail');
|
||||
|
||||
foreach ($attribute_map as $attribute => $attr_r) {
|
||||
$label = $attr_r['label'];
|
||||
$onkeyup = $attr_r['onkeyup'];
|
||||
if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>*</sup>"; }
|
||||
?>
|
||||
<div class="form-group" id="<?php print $attribute; ?>_div">
|
||||
<label for="<?php print $attribute; ?>" class="col-sm-3 control-label"><?php print $label; ?></label>
|
||||
<div class="col-sm-6">
|
||||
<input type="text" class="form-control" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>" value="<?php if (isset($$attribute)) { print $$attribute; } ?>" <?php
|
||||
if (isset($onkeyup)) { print "onkeyup=\"$onkeyup;\""; } ?>>
|
||||
if (isset($attr_r['onkeyup'])) { print "onkeyup=\"${attr_r['onkeyup']};\""; } ?>>
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
|
||||
@ -89,22 +89,16 @@ if (isset($_POST["update_members"])) {
|
||||
$members_to_add = array_diff($updated_membership,$current_members);
|
||||
|
||||
if ($initialise_group == TRUE) {
|
||||
if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); }
|
||||
if ($rfc2307bis_available == TRUE) {
|
||||
$initial_member = array_shift($members_to_add);
|
||||
}
|
||||
else {
|
||||
$initial_member = "";
|
||||
}
|
||||
$initial_member = array_shift($members_to_add);
|
||||
$group_add = ldap_new_group($ldap_connection,$group_cn,$initial_member);
|
||||
}
|
||||
foreach ($members_to_add as $this_member) {
|
||||
ldap_add_member_to_group($ldap_connection,$group_cn,$this_member);
|
||||
}
|
||||
|
||||
foreach ($members_to_del as $this_member) {
|
||||
ldap_delete_member_from_group($ldap_connection,$group_cn,$this_member);
|
||||
}
|
||||
foreach ($members_to_add as $this_member) {
|
||||
ldap_add_member_to_group($ldap_connection,$group_cn,$this_member);
|
||||
}
|
||||
|
||||
$non_members = array_diff($all_people,$updated_membership);
|
||||
$group_members = $updated_membership;
|
||||
|
||||
@ -390,8 +390,8 @@ if ($ldap_search) {
|
||||
<?php
|
||||
|
||||
foreach ($attribute_map as $attribute => $attr_r) {
|
||||
if (isset($attr_r['label'])) { $label = $attr_r['label']; } else { $label = ""; }
|
||||
if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $label = ""; }
|
||||
$label = $attr_r['label'];
|
||||
if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; }
|
||||
if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>*</sup>"; }
|
||||
?>
|
||||
<div class="form-group" id="<?php print $attribute; ?>_div">
|
||||
|
||||
@ -587,20 +587,14 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="") {
|
||||
$highest_gid = ldap_get_highest_id($ldap_connection,'gid');
|
||||
$new_gid = $highest_gid + 1;
|
||||
|
||||
if ($rfc2307bis_available == FALSE) {
|
||||
$new_group_array=array( 'objectClass' => array('top','posixGroup'),
|
||||
'cn' => $new_group,
|
||||
'gidNumber' => $new_gid
|
||||
);
|
||||
}
|
||||
else {
|
||||
if ($LDAP['group_membership_uses_uid'] == FALSE) { $initial_member = "${LDAP['account_attribute']}=$initial_member,${LDAP['user_dn']}"; }
|
||||
$new_group_array=array( 'objectClass' => array('top','groupOfUniqueNames','posixGroup'),
|
||||
'cn' => $new_group,
|
||||
'gidNumber' => $new_gid,
|
||||
$LDAP['group_membership_attribute'] => $initial_member
|
||||
);
|
||||
}
|
||||
if ($rfc2307bis_available == FALSE) { $objectclasses = array('top','posixGroup'); } else { array('top','groupOfUniqueNames','posixGroup'); }
|
||||
if ($LDAP['group_membership_uses_uid'] == FALSE) { $initial_member = "${LDAP['account_attribute']}=$initial_member,${LDAP['user_dn']}"; }
|
||||
|
||||
$new_group_array=array( 'objectClass' => $objectclasses,
|
||||
'cn' => $new_group,
|
||||
'gidNumber' => $new_gid,
|
||||
$LDAP['group_membership_attribute'] => $initial_member
|
||||
);
|
||||
|
||||
$group_dn="cn=$new_group,${LDAP['group_dn']}";
|
||||
|
||||
@ -743,94 +737,97 @@ function ldap_complete_account_attribute_array() {
|
||||
|
||||
function ldap_new_account($ldap_connection,$account_r) {
|
||||
|
||||
global $log_prefix, $LDAP, $LDAP_DEBUG, $DEFAULT_USER_SHELL, $DEFAULT_USER_GROUP;
|
||||
global $log_prefix, $LDAP, $LDAP_DEBUG, $DEFAULT_USER_SHELL, $DEFAULT_USER_GROUP;
|
||||
|
||||
if ( isset($account_r['givenname'])
|
||||
and isset($account_r['sn'])
|
||||
and isset($account_r['cn'])
|
||||
and isset($account_r['uid'])
|
||||
and isset($account_r[$LDAP['account_attribute']])
|
||||
and isset($account_r['password'])) {
|
||||
if ( isset($account_r['givenname'])
|
||||
and isset($account_r['sn'])
|
||||
and isset($account_r['cn'])
|
||||
and isset($account_r['uid'])
|
||||
and isset($account_r[$LDAP['account_attribute']])
|
||||
and isset($account_r['password'])) {
|
||||
|
||||
$account_identifier = $account_r[$LDAP['account_attribute']];
|
||||
$ldap_search_query = "(${LDAP['account_attribute']}=" . ldap_escape($account_identifier, "", LDAP_ESCAPE_FILTER) . ",${LDAP['user_dn']})";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['user_dn']}", $ldap_search_query);
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
$account_identifier = $account_r[$LDAP['account_attribute']];
|
||||
$ldap_search_query = "(${LDAP['account_attribute']}=" . ldap_escape($account_identifier, "", LDAP_ESCAPE_FILTER) . ",${LDAP['user_dn']})";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['user_dn']}", $ldap_search_query);
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
|
||||
if ($result['count'] == 0) {
|
||||
if ($result['count'] == 0) {
|
||||
|
||||
$highest_uid = ldap_get_highest_id($ldap_connection,'uid');
|
||||
$new_uid = $highest_uid + 1;
|
||||
$hashed_pass = ldap_hashed_password($account_r['password']);
|
||||
unset($account_r['password']);
|
||||
|
||||
$default_gid = ldap_get_gid_of_group($ldap_connection,$DEFAULT_USER_GROUP);
|
||||
|
||||
if (!is_numeric($default_gid)) {
|
||||
$group_add = ldap_new_group($ldap_connection,$account_identifier);
|
||||
$gid = ldap_get_gid_of_group($ldap_connection,$account_identifier);
|
||||
$add_to_group = $account_identifier;
|
||||
}
|
||||
else {
|
||||
$gid = $default_gid;
|
||||
$add_to_group = $DEFAULT_USER_GROUP;
|
||||
}
|
||||
|
||||
$hashed_pass = ldap_hashed_password($account_r['password']);
|
||||
|
||||
$objectclasses = $LDAP['account_objectclasses'];
|
||||
if (isset($LDAP['account_additional_objectclasses']) and $LDAP['account_additional_objectclasses'] != "") {
|
||||
$objectclasses = array_merge($objectclasses, explode(",", $LDAP['account_additional_objectclasses']));
|
||||
}
|
||||
|
||||
$account_attributes = array('objectClass' => $objectclasses,
|
||||
'displayName' => $account_r['givenname'] . " " . $account_r['sn'],
|
||||
'uidNumber' => $new_uid,
|
||||
'gidNumber' => $gid,
|
||||
'loginShell' => $DEFAULT_USER_SHELL,
|
||||
'homeDirectory' => "/home/" . $account_r['uid'],
|
||||
'userPassword' => $hashed_pass,
|
||||
);
|
||||
|
||||
unset($account_r['password']);
|
||||
$account_attributes = array_merge($account_attributes, $account_r);
|
||||
|
||||
$add_account = @ ldap_add($ldap_connection,
|
||||
"${LDAP['account_attribute']}=$account_identifier,${LDAP['user_dn']}",
|
||||
$account_attributes
|
||||
);
|
||||
|
||||
if ($add_account) {
|
||||
error_log("$log_prefix Created new account: $account_identifier",0);
|
||||
ldap_add_member_to_group($ldap_connection,$add_to_group,$account_identifier);
|
||||
|
||||
$this_uid = fetch_id_stored_in_ldap($ldap_connection,"uid");
|
||||
if ($this_uid != FALSE) {
|
||||
$update_uid = @ ldap_mod_replace($ldap_connection, "cn=lastUID,${LDAP['base_dn']}", array( 'serialNumber' => $new_uid ));
|
||||
if ($update_uid) {
|
||||
error_log("$log_prefix Create account; Updated cn=lastUID with $new_uid",0);
|
||||
$objectclasses = $LDAP['account_objectclasses'];
|
||||
if (isset($LDAP['account_additional_objectclasses']) and $LDAP['account_additional_objectclasses'] != "") {
|
||||
$objectclasses = array_merge($objectclasses, explode(",", $LDAP['account_additional_objectclasses']));
|
||||
}
|
||||
|
||||
$account_attributes = array('objectclass' => $objectclasses,
|
||||
'userpassword' => $hashed_pass,
|
||||
);
|
||||
|
||||
$account_attributes = array_merge($account_r, $account_attributes);
|
||||
|
||||
if (!isset($account_attributes['uidnumber']) or !is_numeric($account_attributes['uidnumber'])) {
|
||||
$highest_uid = ldap_get_highest_id($ldap_connection,'uid');
|
||||
$account_attributes['uidnumber'] = $highest_uid + 1;
|
||||
}
|
||||
|
||||
if (!isset($account_attributes['gidnumber']) or !is_numeric($account_attributes['gidnumber'])) {
|
||||
$default_gid = ldap_get_gid_of_group($ldap_connection,$DEFAULT_USER_GROUP);
|
||||
if (!is_numeric($default_gid)) {
|
||||
$group_add = ldap_new_group($ldap_connection,$account_identifier,$account_identifier);
|
||||
$account_attributes['gidnumber'] = ldap_get_gid_of_group($ldap_connection,$account_identifier);
|
||||
}
|
||||
else {
|
||||
$account_attributes['gidnumber'] = $default_gid;
|
||||
$add_to_group = $DEFAULT_USER_GROUP;
|
||||
}
|
||||
}
|
||||
|
||||
if (empty($account_attributes['displayname'])) { $account_attributes['displayname'] = $account_attributes['givenname'] . " " . $account_attributes['sn']; }
|
||||
if (empty($account_attributes['loginshell'])) { $account_attributes['loginshell'] = $DEFAULT_USER_SHELL; }
|
||||
if (empty($account_attributes['homedirectory'])) { $account_attributes['homedirectory'] = "/home/${account_identifier}"; }
|
||||
|
||||
$add_account = @ ldap_add($ldap_connection,
|
||||
"${LDAP['account_attribute']}=$account_identifier,${LDAP['user_dn']}",
|
||||
$account_attributes
|
||||
);
|
||||
|
||||
if ($add_account) {
|
||||
error_log("$log_prefix Created new account: $account_identifier",0);
|
||||
ldap_add_member_to_group($ldap_connection,$add_to_group,$account_identifier);
|
||||
|
||||
$this_uid = fetch_id_stored_in_ldap($ldap_connection,"uid");
|
||||
$new_uid = $account_attributes['uidnumber'];
|
||||
|
||||
if ($this_uid != FALSE) {
|
||||
$update_uid = @ ldap_mod_replace($ldap_connection, "cn=lastUID,${LDAP['base_dn']}", array( 'serialNumber' => $new_uid ));
|
||||
if ($update_uid) {
|
||||
error_log("$log_prefix Create account; Updated cn=lastUID with $new_uid",0);
|
||||
}
|
||||
else {
|
||||
error_log("$log_prefix Unable to update cn=lastUID to $new_uid - this could cause user accounts to share the same UID.",0);
|
||||
}
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
else {
|
||||
error_log("$log_prefix Unable to update cn=lastUID to $new_uid - this could cause user accounts to share the same UID.",0);
|
||||
ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $detailed_err);
|
||||
error_log("$log_prefix Create account; couldn't create the account for ${account_identifier}: " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
|
||||
}
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
}
|
||||
else {
|
||||
ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $detailed_err);
|
||||
error_log("$log_prefix Create account; couldn't create the account for ${account_identifier}: " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
|
||||
error_log("$log_prefix Create account; Account for ${account_identifier} already exists",0);
|
||||
}
|
||||
|
||||
}
|
||||
else {
|
||||
error_log("$log_prefix Create account; Account for ${account_identifier} already exists",0);
|
||||
error_log("$log_prefix Create account; missing parameters",0);
|
||||
}
|
||||
|
||||
}
|
||||
else {
|
||||
error_log("$log_prefix Create account; missing parameters",0);
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
return FALSE;
|
||||
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user