Bugfixes including SHOW_POSIX_ATTRIBUTES not working for new accounts.

This commit is contained in:
Brian Lycett 2022-10-10 13:55:14 +01:00
parent 591ba7629e
commit 318091fc35
6 changed files with 58 additions and 31 deletions

View File

@ -25,7 +25,7 @@ COPY www/ /opt/ldap_user_manager
RUN tar -xzf /tmp/v6.3.0.tar.gz -C /opt && mv /opt/PHPMailer-6.3.0 /opt/PHPMailer
COPY entrypoint /usr/local/bin/entrypoint
RUN chmod a+x /usr/local/bin/entrypoint
RUN chmod a+x /usr/local/bin/entrypoint && touch /etc/ldap/ldap.conf
CMD ["apache2-foreground"]
ENTRYPOINT ["/usr/local/bin/entrypoint"]

View File

@ -181,7 +181,7 @@ To send emails you'll need to use an existing SMTP server. Email sending will b
* `SMTP_PASSWORD` (no default): The password to use when the SMTP server requires authentication.
* `SMTP_USE_TLS` (default: *FALSE*): Set to TRUE if the SMTP server requires TLS to be enabled. Overrides `SMTP_USE_TLS`.
* `SMTP_USE_TLS` (default: *FALSE*): Set to TRUE if the SMTP server requires TLS to be enabled. Overrides `SMTP_USE_SSL`.
* `SMTP_USE_SSL` (default: *FALSE*): Set to TRUE if the SMTP server requires SSL to be enabled. This will be unset if `SMTP_USE_TLS` is `TRUE`.

View File

@ -14,17 +14,17 @@ $ldap_connection = open_ldap_connection();
if (isset($_POST['delete_user'])) {
$this_user = $_POST['delete_user'];
$this_user = urldecode($this_user);
$this_user = $_POST['delete_user'];
$this_user = urldecode($this_user);
$del_user = ldap_delete_account($ldap_connection,$this_user);
$del_user = ldap_delete_account($ldap_connection,$this_user);
if ($del_user) {
render_alert_banner("User <strong>$this_user</strong> was deleted.");
}
else {
render_alert_banner("User <strong>$this_user</strong> wasn't deleted. See the logs for more information.","danger",15000);
}
if ($del_user) {
render_alert_banner("User <strong>$this_user</strong> was deleted.");
}
else {
render_alert_banner("User <strong>$this_user</strong> wasn't deleted. See the logs for more information.","danger",15000);
}
}
@ -61,15 +61,15 @@ $people = ldap_get_user_list($ldap_connection);
<?php
foreach ($people as $account_identifier => $attribs){
$group_membership = ldap_user_group_membership($ldap_connection,$account_identifier);
if (isset($people[$account_identifier]['mail'])) { $this_mail = $people[$account_identifier]['mail']; } else { $this_mail = ""; }
$group_membership = ldap_user_group_membership($ldap_connection,$account_identifier);
if (isset($people[$account_identifier]['mail'])) { $this_mail = $people[$account_identifier]['mail']; } else { $this_mail = ""; }
print " <tr>\n <td><a href='${THIS_MODULE_PATH}/show_user.php?account_identifier=" . urlencode($account_identifier) . "'>$account_identifier</a></td>\n";
print " <td>" . $people[$account_identifier]['givenname'] . "</td>\n";
print " <td>" . $people[$account_identifier]['sn'] . "</td>\n";
print " <td>$this_mail</td>\n";
print " <td>" . implode(", ", $group_membership) . "</td>\n";
print " </tr>\n";
print " <tr>\n <td><a href='${THIS_MODULE_PATH}/show_user.php?account_identifier=" . urlencode($account_identifier) . "'>$account_identifier</a></td>\n";
print " <td>" . $people[$account_identifier]['givenname'] . "</td>\n";
print " <td>" . $people[$account_identifier]['sn'] . "</td>\n";
print " <td>$this_mail</td>\n";
print " <td>" . implode(", ", $group_membership) . "</td>\n";
print " </tr>\n";
}
?>
</tbody>

View File

@ -8,8 +8,6 @@ include_once "module_functions.inc.php";
$attribute_map = $LDAP['default_attribute_map'];
if (isset($LDAP['account_additional_attributes'])) { $attribute_map = ldap_complete_attribute_array($attribute_map,$LDAP['account_additional_attributes']); }
unset($attribute_map['uidnumber']);
unset($attribute_map['gidnumber']);
if (! array_key_exists($LDAP['account_attribute'], $attribute_map)) {
$attribute_r = array_merge($attribute_map, array($LDAP['account_attribute'] => array("label" => "Account UID")));
@ -51,6 +49,10 @@ $account_attribute = $LDAP['account_attribute'];
$new_account_r = array();
if ($SHOW_POSIX_ATTRIBUTES == TRUE) {
}
foreach ($attribute_map as $attribute => $attr_r) {
if (isset($_FILES[$attribute]['size']) and $_FILES[$attribute]['size'] > 0) {
@ -103,11 +105,9 @@ if (isset($_GET['account_request'])) {
$givenname[0]=filter_var($_GET['first_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$new_account_r['givenname'] = $givenname[0];
unset($new_account_r['givenname']['count']);
$sn[0]=filter_var($_GET['last_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$new_account_r['sn'] = $sn[0];
unset($new_account_r['sn']['count']);
$mail[0]=filter_var($_GET['email'], FILTER_SANITIZE_EMAIL);
if ($mail[0] == "") {

View File

@ -174,7 +174,7 @@ function generate_salt($length) {
$permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./';
mt_srand((double)microtime() * 1000000);
mt_srand(intval(microtime()) * 1000000);
$salt = '';
while (strlen($salt) < $length) {
@ -724,6 +724,29 @@ function ldap_get_gid_of_group($ldap_connection,$group_name) {
}
##################################
function ldap_get_group_name_from_gid($ldap_connection,$gid) {
global $log_prefix, $LDAP, $LDAP_DEBUG;
if (isset($gid)) {
$ldap_search_query = "(gidnumber=" . ldap_escape($gid, "", LDAP_ESCAPE_FILTER) . ")";
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query , array("cn"));
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
if (isset($result[0]['cn'][0])) {
return $result[0]['cn'][0];
}
}
return FALSE;
}
##################################
function ldap_complete_attribute_array($default_attributes,$additional_attributes) {
@ -812,22 +835,26 @@ function ldap_new_account($ldap_connection,$account_r) {
$account_attributes = array_merge($account_r, $account_attributes);
if (!isset($account_attributes['uidnumber']) or !is_numeric($account_attributes['uidnumber'])) {
if (!isset($account_attributes['uidnumber'][0]) or !is_numeric($account_attributes['uidnumber'][0])) {
$highest_uid = ldap_get_highest_id($ldap_connection,'uid');
$account_attributes['uidnumber'] = $highest_uid + 1;
$account_attributes['uidnumber'][0] = $highest_uid + 1;
}
if (!isset($account_attributes['gidnumber']) or !is_numeric($account_attributes['gidnumber'])) {
if (!isset($account_attributes['gidnumber'][0]) or !is_numeric($account_attributes['gidnumber'][0])) {
$default_gid = ldap_get_gid_of_group($ldap_connection,$DEFAULT_USER_GROUP);
if (!is_numeric($default_gid)) {
$group_add = ldap_new_group($ldap_connection,$account_identifier,$account_identifier);
$account_attributes['gidnumber'] = ldap_get_gid_of_group($ldap_connection,$account_identifier);
$account_attributes['gidnumber'][0] = ldap_get_gid_of_group($ldap_connection,$account_identifier);
}
else {
$account_attributes['gidnumber'] = $default_gid;
$account_attributes['gidnumber'][0] = $default_gid;
$add_to_group = $DEFAULT_USER_GROUP;
}
}
else {
$add_to_group = ldap_get_group_name_from_gid($ldap_connection,$account_attributes['gidnumber'][0]);
if (!$add_to_group) { $add_to_group = $DEFAULT_USER_GROUP; }
}
if (empty($account_attributes['loginshell'])) { $account_attributes['loginshell'] = $DEFAULT_USER_SHELL; }
if (empty($account_attributes['homedirectory'])) { $account_attributes['homedirectory'] = "/home/" . $account_r['uid'][0]; }
@ -842,7 +869,7 @@ function ldap_new_account($ldap_connection,$account_r) {
ldap_add_member_to_group($ldap_connection,$add_to_group,$account_identifier);
$this_uid = fetch_id_stored_in_ldap($ldap_connection,"uid");
$new_uid = $account_attributes['uidnumber'];
$new_uid = $account_attributes['uidnumber'][0];
if ($this_uid != FALSE) {
$update_uid = @ ldap_mod_replace($ldap_connection, "cn=lastUID,${LDAP['base_dn']}", array( 'serialNumber' => $new_uid ));

View File

@ -75,7 +75,7 @@ else {
<?php } ?>
<form class="form-horizontal" action='' method='post'>
<?php if (isset($redirect_to) and ($redirect_to != "")) { ?><input type="hidden" name="redirect_to" value="<?php print $redirect_to; ?>"><?php } ?>
<?php if (isset($redirect_to) and ($redirect_to != "")) { ?><input type="hidden" name="redirect_to" value="<?php print htmlspecialchars($redirect_to); ?>"><?php } ?>
<div class="form-group">
<label for="username" class="col-sm-4 control-label">Username</label>