Bugfixes for compatibility with older osixia/openldap versions. Change SIMPLE_INTERFACE to SHOW_POSIX_ATTRIBUTES.

2025-01-18 23:42:54 +01:00 · 2022-04-12 15:39:40 +01:00 · 2022-04-12 15:39:40 +01:00 · 624cd497e1
commit 624cd497e1
parent 529303f22c
8 changed files with 163 additions and 94 deletions
--- a/README.md
+++ b/README.md
@ -112,7 +112,7 @@ For example, if you're using Docker Swarm and you've set the LDAP bind password
 * `SITE_NAME` (default: *`ORGANISATION_NAME` user manager*):  Change this to replace the title in the menu, e.g. "My Company Account Management".
-* `SIMPLE_INTERFACE` (default: *FALSE*):  If set to `TRUE` this will hide most **posixAccount** and **posixGroup** attributes from the account and group forms.  This is useful if you won't use the LDAP accounts for server accounts.   The Posix values are still set in the background using the default values. Enabling this won't prevent any `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` or `LDAP_GROUP_ADDITIONAL_ATTRIBUTES` from being displayed.
+* `SHOW_POSIX_ATTRIBUTES` (default: *FALSE*):  If set to `TRUE` this show extra attributes for **posixAccount** and **posixGroup** in the account and group forms.  Leave this set to `FALSE` if you don't use LDAP accounts to log into servers etc., as it makes the interface much simpler.   The Posix values are still set in the background using the default values.  This setting doesn't hide any Posix attributes set via `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` or `LDAP_GROUP_ADDITIONAL_ATTRIBUTES`.
 #### LDAP settings
--- a/8
+++ b/8
@ -58,7 +58,7 @@ else
  ########################
  #If there aren't any SSL certs then create a CA and then CA-signed certificate
-  if [ ! -f "${ssl_dir}/{$SERVER_CERT_FILENAME:-server.crt}" ] && [ ! -f "${ssl_dir}/{$SERVER_KEY_FILENAME:-server.key}" ]; then
+  if [ ! -f "${ssl_dir}/${SERVER_CERT_FILENAME:-server.crt}" ] && [ ! -f "${ssl_dir}/${SERVER_KEY_FILENAME:-server.key}" ]; then
    mkdir -p $ssl_dir
    confout="${ssl_dir}/conf"
@ -124,7 +124,7 @@ EoCertConf
  ########################
  #Create Apache config
-  if [ -f "${ssl_dir}/{$CA_CERT_FILENAME}" ]; then ssl_chain="SSLCertificateChainFile ${ssl_dir}/{$CA_CERT_FILENAME}"; fi
+  if [ -f "${ssl_dir}/${CA_CERT_FILENAME}" ]; then ssl_chain="SSLCertificateChainFile ${ssl_dir}/${CA_CERT_FILENAME}"; fi
  echo  > /etc/apache2/sites-enabled/lum.conf
  echo  > /etc/apache2/ports.conf
@ -163,8 +163,8 @@ EoHTTPrd
 </Directory>
 SSLEngine On
- SSLCertificateFile ${ssl_dir}/{$SERVER_CERT_FILENAME:-server.crt}
+ SSLCertificateFile ${ssl_dir}/${SERVER_CERT_FILENAME:-server.crt}
- SSLCertificateKeyFile ${ssl_dir}/{$SERVER_KEY_FILENAME:-server.key}
+ SSLCertificateKeyFile ${ssl_dir}/${SERVER_KEY_FILENAME:-server.key}
 $ssl_chain
 </VirtualHost>
--- a/www/account_manager/new_user.php
+++ b/www/account_manager/new_user.php
@ -8,6 +8,9 @@ include_once "module_functions.inc.php";
 $attribute_map = $LDAP['default_attribute_map'];
 if (isset($LDAP['account_additional_attributes'])) { $attribute_map = ldap_complete_attribute_array($attribute_map,$LDAP['account_additional_attributes']); }
 unset($attribute_map['uidnumber']);
 unset($attribute_map['gidnumber']);
 if (! array_key_exists($LDAP['account_attribute'], $attribute_map)) {
  $attribute_r = array_merge($attribute_map, array($LDAP['account_attribute'] => array("label" => "Account UID")));
 }
@ -65,19 +68,21 @@ foreach ($attribute_map as $attribute => $attr_r) {
    $this_attribute = array();
-    if (is_array($_POST[$attribute])) {
+    if (is_array($_POST[$attribute]) and count($_POST[$attribute]) > 0) {
      $this_attribute['count'] = count($_POST[$attribute]);
      foreach($_POST[$attribute] as $key => $value) {
-        $this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        if ($value != "") { $this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS); }
      }
      if (count($this_attribute) > 0) {
        $this_attribute['count'] = count($this_attribute);
        $$attribute = $this_attribute;
      }
    }
-    else {
+    elseif ($_POST[$attribute] != "") {
      $this_attribute['count'] = 1;
      $this_attribute[0] = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
      $$attribute = $this_attribute;
    }
    $$attribute = $this_attribute;
  }
  if (!isset($$attribute) and isset($attr_r['default'])) {
@ -119,7 +124,8 @@ if (isset($_GET['account_request'])) {
 }
-if (isset($_POST['create_account'])) {
+
 if (isset($_GET['account_request']) or isset($_POST['create_account'])) {
  if (!isset($uid[0])) {
    $uid[0] = generate_username($givenname[0],$sn[0]);
@ -138,6 +144,11 @@ if (isset($_POST['create_account'])) {
    unset($new_account_r['cn']['count']);
  }
 }
 if (isset($_POST['create_account'])) {
 $password  = $_POST['password'];
 $new_account_r['password'][0] = $password;
 $account_identifier = $new_account_r[$account_attribute][0];
@ -265,6 +276,7 @@ render_js_username_check();
 render_js_username_generator('givenname','sn','uid','uid_div');
 render_js_cn_generator('givenname','sn','cn','cn_div');
 render_js_email_generator('uid','mail');
 render_js_homedir_generator('uid','homedirectory');
 $tabindex=1;
--- a/www/account_manager/show_group.php
+++ b/www/account_manager/show_group.php
@ -40,7 +40,13 @@ if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE and !preg_match("/$USERNAME_REGEX/",$grou
 ######################################################################################
 $initialise_group = FALSE;
 $new_group = FALSE;
 $group_exists = FALSE;
 $create_group_message = "Add members to create the new group";
 $current_members = array();
 $full_dn = $create_group_message;
 $has_been = "";
 $attribute_map = $LDAP['default_group_attribute_map'];
 if (isset($LDAP['group_additional_attributes'])) {
@ -52,23 +58,22 @@ $this_group = array();
 if (isset($_POST['new_group'])) {
  $new_group = TRUE;
  $current_members = array();
  $full_dn = $create_group_message;
  $has_been = "";
 }
 elseif (isset($_POST['initialise_group'])) {
  $new_group = FALSE;
  $initialise_group = TRUE;
  $current_members = array();
  $full_dn = "${LDAP['group_attribute']}=$group_cn,${LDAP['group_dn']}";
  $has_been = "created";
 }
 else {
  $new_group = FALSE;
  $current_members = ldap_get_group_members($ldap_connection,$group_cn);
  $this_group = ldap_get_group_entry($ldap_connection,$group_cn);
-  $full_dn = $this_group[0]['dn'];
+  if ($this_group) {
-  $has_been = "updated";
+    $current_members = ldap_get_group_members($ldap_connection,$group_cn);
    $full_dn = $this_group[0]['dn'];
    $has_been = "updated";
  }
  else {
    $new_group = TRUE;
  }
 }
 foreach ($attribute_map as $attribute => $attr_r) {
@ -96,12 +101,12 @@ foreach ($attribute_map as $attribute => $attr_r) {
    $this_attribute = array();
    if (is_array($_POST[$attribute])) {
      $this_attribute['count'] = count($_POST[$attribute]);
      foreach($_POST[$attribute] as $key => $value) {
-        $this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        if ($value != "") { $this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS); }
      }
      $this_attribute['count'] = count($this_attribute);
    }
-    else {
+    elseif ($_POST[$attribute] != "") {
      $this_attribute['count'] = 1;
      $this_attribute[0] = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
    }
@ -155,52 +160,77 @@ if (isset($_POST["update_members"])) {
  $members_to_add = array_diff($updated_membership,$current_members);
  if ($initialise_group == TRUE) {
    $initial_member = array_shift($members_to_add);
    $group_add = ldap_new_group($ldap_connection,$group_cn,$initial_member,$to_update);
-  }
+    if (!$group_add) {
-  elseif(count($to_update) > 0) {
+      render_alert_banner("There was a problem creating the group.  See the logs for more information.","danger",10000);
-
+      $group_exists = FALSE;
-    if (isset($this_group[0]['objectclass'])) {
+      $new_group = TRUE;
      $existing_objectclasses = $this_group[0]['objectclass'];
      unset($existing_objectclasses['count']);
      if ($existing_objectclasses != $LDAP['group_objectclasses']) { $to_update['objectclass'] = $LDAP['group_objectclasses']; }
    }
    $updated_attr = ldap_update_group_attributes($ldap_connection,$group_cn,$to_update);
    if ($updated_attr) {
      render_alert_banner("The group attributes have been updated.");
    }
    else {
-      render_alert_banner("There was a problem updating the group attributes.  See the logs for more information.","danger",15000);
+      $group_exists = TRUE;
      $new_group = FALSE;
    }
  }
-  foreach ($members_to_add as $this_member) {
+  if ($group_exists == TRUE) {
    ldap_add_member_to_group($ldap_connection,$group_cn,$this_member);
  }
-  foreach ($members_to_del as $this_member) {
+    if ($initialise_group != TRUE and count($to_update) > 0) {
    ldap_delete_member_from_group($ldap_connection,$group_cn,$this_member);
  }
-  $non_members = array_diff($all_people,$updated_membership);
+      if (isset($this_group[0]['objectclass'])) {
-  $group_members = $updated_membership;
+        $existing_objectclasses = $this_group[0]['objectclass'];
        unset($existing_objectclasses['count']);
        if ($existing_objectclasses != $LDAP['group_objectclasses']) { $to_update['objectclass'] = $LDAP['group_objectclasses']; }
      }
-  $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
+      $updated_attr = ldap_update_group_attributes($ldap_connection,$group_cn,$to_update);
-  if ($rfc2307bis_available == TRUE and count($group_members) == 0) {
+
      if ($updated_attr) {
        render_alert_banner("The group attributes have been updated.");
      }
      else {
        render_alert_banner("There was a problem updating the group attributes.  See the logs for more information.","danger",15000);
      }
    }
    foreach ($members_to_add as $this_member) {
      ldap_add_member_to_group($ldap_connection,$group_cn,$this_member);
    }
    foreach ($members_to_del as $this_member) {
      ldap_delete_member_from_group($ldap_connection,$group_cn,$this_member);
    }
    $non_members = array_diff($all_people,$updated_membership);
    $group_members = $updated_membership;
    $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
    if ($rfc2307bis_available == TRUE and count($group_members) == 0) {
      $group_members = ldap_get_group_members($ldap_connection,$group_cn);
      $non_members = array_diff($all_people,$group_members);
      render_alert_banner("Groups can't be empty, so the final member hasn't been removed.  You could try deleting the group","danger",15000);
    }
    else {
      render_alert_banner("The group has been ${has_been}.");
    }
    $group_members = ldap_get_group_members($ldap_connection,$group_cn);
    $non_members = array_diff($all_people,$group_members);
    render_alert_banner("Groups can't be empty, so the final member hasn't been removed.  You could try deleting the group","danger",15000);
  }
  else {
-    render_alert_banner("The group has been ${has_been}.");
+
    $group_members = array();
    $non_members = $all_people;
  }
 }
 else {
  $group_members = $current_members;
 }
 ldap_close($ldap_connection);
@ -401,10 +431,6 @@ ldap_close($ldap_connection);
      </div>
 <?php
 if ($SIMPLE_INTERFACE == TRUE) {
  unset($attribute_map['gidnumber']);
 }
 if (count($attribute_map) > 0) { ?>
      <div class="panel panel-default">
        <div class="panel-heading clearfix">
@ -419,7 +445,8 @@ if (count($attribute_map) > 0) { ?>
                if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
                print "<div class='row'>";
                $dl_identifider = ($full_dn != $create_group_message) ? $full_dn : "";
-                render_attribute_fields($attribute,$label,$these_values,$dl_identifider,"",$attr_r['inputtype'],$tabindex);
+                if (isset($attr_r['inputtype'])) { $inputtype = $attr_r['inputtype']; } else { $inputtype=""; }
                render_attribute_fields($attribute,$label,$these_values,$dl_identifider,"",$inputtype,$tabindex);
                print "</div>";
                $tabindex++;
              }
--- a/www/account_manager/show_user.php
+++ b/www/account_manager/show_user.php
@ -18,10 +18,6 @@ $to_update = array();
 if ($SMTP['host'] != "") { $can_send_email = TRUE; } else { $can_send_email = FALSE; }
 if ($SIMPLE_INTERFACE == FALSE) {
  $LDAP['default_attribute_map']["uidnumber"]  = array("label" => "UID");
  $LDAP['default_attribute_map']["gidnumber"]  = array("label" => "GID");
 }
 $LDAP['default_attribute_map']["mail"]  = array("label" => "Email", "onkeyup" => "check_if_we_should_enable_sending_email();");
 $attribute_map = $LDAP['default_attribute_map'];
@ -82,12 +78,12 @@ if ($ldap_search) {
      $this_attribute = array();
      if (is_array($_POST[$attribute])) {
        $this_attribute['count'] = count($_POST[$attribute]);
        foreach($_POST[$attribute] as $key => $value) {
-          $this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+          if ($value != "") { $this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS); }
        }
        $this_attribute['count'] = count($this_attribute);
      }
-      else {
+      elseif ($_POST[$attribute] != "") {
        $this_attribute['count'] = 1;
        $this_attribute[0] = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
      }
--- a/www/includes/config.inc.php
+++ b/www/includes/config.inc.php
@ -2,25 +2,40 @@
 $log_prefix="";
 # User account defaults
 $DEFAULT_USER_GROUP = (getenv('DEFAULT_USER_GROUP') ? getenv('DEFAULT_USER_GROUP') : 'everybody');
 $DEFAULT_USER_SHELL = (getenv('DEFAULT_USER_SHELL') ? getenv('DEFAULT_USER_SHELL') : '/bin/bash');
 $ENFORCE_SAFE_SYSTEM_NAMES = ((strcasecmp(getenv('ENFORCE_SAFE_SYSTEM_NAMES'),'FALSE') == 0) ? FALSE : TRUE);
 $USERNAME_FORMAT = (getenv('USERNAME_FORMAT') ? getenv('USERNAME_FORMAT') : '{first_name}-{last_name}');
 $USERNAME_REGEX  = (getenv('USERNAME_REGEX')  ? getenv('USERNAME_REGEX') : '^[a-z][a-zA-Z0-9\._-]{3,32}$');   #We use the username regex for groups too.
 if (getenv('PASSWORD_HASH')) { $PASSWORD_HASH = strtoupper(getenv('PASSWORD_HASH')); }
 $ACCEPT_WEAK_PASSWORDS = ((strcasecmp(getenv('ACCEPT_WEAK_PASSWORDS'),'TRUE') == 0) ? TRUE : FALSE);
 $min_uid = 2000;
 $min_gid = 2000;
 #Default attributes and objectclasses
 $LDAP['account_attribute'] = (getenv('LDAP_ACCOUNT_ATTRIBUTE') ? getenv('LDAP_ACCOUNT_ATTRIBUTE') : 'uid');
 $LDAP['account_objectclasses'] = array( 'person', 'inetOrgPerson', 'posixAccount' );
- $LDAP['default_attribute_map'] = array( "givenname" => array("label" => "First name",      "onkeyup" => "update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value);"),
+ $LDAP['default_attribute_map'] = array( "givenname" => array("label" => "First name",      "onkeyup" => "update_username(); update_email(); update_cn(); update_homedir(); check_email_validity(document.getElementById('mail').value);"),
-                                         "sn"        => array("label" => "Last name",       "onkeyup" => "update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value);"),
+                                         "sn"        => array("label" => "Last name",       "onkeyup" => "update_username(); update_email(); update_cn(); update_homedir(); check_email_validity(document.getElementById('mail').value);"),
-                                         "uid"       => array("label" => "System username", "onkeyup" => "check_entity_name_validity(document.getElementById('uid').value,'uid_div'); update_email(); check_email_validity(document.getElementById('mail').value);"),
+                                         "uid"       => array("label" => "System username", "onkeyup" => "check_entity_name_validity(document.getElementById('uid').value,'uid_div'); update_email(); update_homedir(); check_email_validity(document.getElementById('mail').value);"),
                                         "cn"        => array("label" => "Common name",     "onkeyup" => "auto_cn_update = false;"),
                                         "mail"      => array("label" => "Email",           "onkeyup" => "auto_email_update = false; check_email_validity(document.getElementById('mail').value);")
                                        );
 $LDAP['group_attribute'] = (getenv('LDAP_GROUP_ATTRIBUTE') ? getenv('LDAP_GROUP_ATTRIBUTE') : 'cn');
 $LDAP['group_objectclasses'] = array( 'top', 'posixGroup' ); #groupOfUniqueNames is added automatically if rfc2307bis is available.
 $LDAP['default_group_attribute_map'] = array(  "gidnumber" => array("label" => "Group ID number")
                                             );
- $SIMPLE_INTERFACE = ((strcasecmp(getenv('SIMPLE_INTERFACE'),'TRUE') == 0) ? TRUE : FALSE);
+ $LDAP['default_group_attribute_map'] = array( "description" => array("label" => "Description"));
- if ($SIMPLE_INTERFACE == TRUE) {
+ $SHOW_POSIX_ATTRIBUTES = ((strcasecmp(getenv('SHOW_POSIX_ATTRIBUTES'),'TRUE') == 0) ? TRUE : FALSE);
 if ($SHOW_POSIX_ATTRIBUTES != TRUE) {
   if ($LDAP['account_attribute'] == "uid") {
     unset($LDAP['default_attribute_map']['cn']);
   }
@ -28,6 +43,13 @@
     unset($LDAP['default_attribute_map']['uid']);
   }
 }
 else {
   $LDAP['default_attribute_map']["uidnumber"]  = array("label" => "UID");
   $LDAP['default_attribute_map']["gidnumber"]  = array("label" => "GID");
   $LDAP['default_attribute_map']["homedirectory"]  = array("label" => "Home directory", "onkeyup" => "auto_homedir_update = false;");
   $LDAP['default_attribute_map']["loginshell"]  = array("label" => "Shell", "default" => $DEFAULT_USER_SHELL);
   $LDAP['default_group_attribute_map']["gidnumber"] = array("label" => "Group ID number");
 }
 ## LDAP server
@ -85,21 +107,6 @@
 $REMOTE_HTTP_HEADERS_LOGIN = ((strcasecmp(getenv('REMOTE_HTTP_HEADERS_LOGIN'),'TRUE') == 0) ? TRUE : FALSE);
 # User account defaults
 $DEFAULT_USER_GROUP = (getenv('DEFAULT_USER_GROUP') ? getenv('DEFAULT_USER_GROUP') : 'everybody');
 $DEFAULT_USER_SHELL = (getenv('DEFAULT_USER_SHELL') ? getenv('DEFAULT_USER_SHELL') : '/bin/bash');
 $ENFORCE_SAFE_SYSTEM_NAMES = ((strcasecmp(getenv('ENFORCE_SAFE_SYSTEM_NAMES'),'FALSE') == 0) ? FALSE : TRUE);
 $USERNAME_FORMAT = (getenv('USERNAME_FORMAT') ? getenv('USERNAME_FORMAT') : '{first_name}-{last_name}');
 $USERNAME_REGEX  = (getenv('USERNAME_REGEX')  ? getenv('USERNAME_REGEX') : '^[a-z][a-zA-Z0-9\._-]{3,32}$');   #We use the username regex for groups too.
 if (getenv('PASSWORD_HASH')) { $PASSWORD_HASH = strtoupper(getenv('PASSWORD_HASH')); }
 $ACCEPT_WEAK_PASSWORDS = ((strcasecmp(getenv('ACCEPT_WEAK_PASSWORDS'),'TRUE') == 0) ? TRUE : FALSE);
 $min_uid = 2000;
 $min_gid = 2000;
 # Sending email
 $SMTP['host'] = getenv('SMTP_HOSTNAME');
--- a/www/includes/ldap_functions.inc.php
+++ b/www/includes/ldap_functions.inc.php
@ -448,7 +448,12 @@ function ldap_get_group_entry($ldap_connection,$group_name) {
  $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
  $result = @ ldap_get_entries($ldap_connection, $ldap_search);
-  return $result;
+  if ($result['count'] > 0) {
    return $result;
  }
  else {
    return FALSE;
  }
 }
@ -468,7 +473,7 @@ function ldap_get_group_members($ldap_connection,$group_name,$start=0,$entries=N
 $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query, array($LDAP['group_membership_attribute']));
 $result = @ ldap_get_entries($ldap_connection, $ldap_search);
- $result_count = $result[0]['count'];
+ if ($result) { $result_count = $result['count']; } else { $result_count = 0; }
 $records = array();
@ -605,7 +610,7 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="",$extra_a
     if (! $add_group ) {
       $this_error="$log_prefix LDAP: unable to add new group (${group_dn}): " . ldap_error($ldap_connection);
-       if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix DEBUG add_group array: ". print_r($new_group_array,true),0); }
+       if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix DEBUG add_group array: ". strip_tags(print_r($new_group_array,true)),0); }
       error_log($this_error,0);
     }
     else {
@ -622,8 +627,8 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="",$extra_a
             error_log("$log_prefix Unable to update cn=lastGID to $new_gid - this could cause groups to share the same GID.",0);
           }
         }
         return TRUE;
       }
       return TRUE;
     }
   }
@ -824,9 +829,8 @@ function ldap_new_account($ldap_connection,$account_r) {
       }
     }
     if (empty($account_attributes['loginshell']))    { $account_attributes['loginshell']    = $DEFAULT_USER_SHELL; }
-     if (empty($account_attributes['homedirectory'])) { $account_attributes['homedirectory'] = "/home/${account_identifier}"; }
+     if (empty($account_attributes['homedirectory'])) { $account_attributes['homedirectory'] = "/home/" . $account_r['uid'][0]; }
     $add_account = @ ldap_add($ldap_connection,
                               "${LDAP['account_attribute']}=$account_identifier,${LDAP['user_dn']}",
--- a/www/includes/web_functions.inc.php
+++ b/www/includes/web_functions.inc.php
@ -113,7 +113,6 @@ function validate_passkey_cookie() {
  $this_time=time();
  $VALIDATED = FALSE;
  unset($USER_ID);
  $IS_ADMIN = FALSE;
  if (isset($_COOKIE['orf_cookie'])) {
@ -569,6 +568,29 @@ EoRenderEmailJS;
 }
 ######################################################
 function render_js_homedir_generator($username_field_id,$homedir_field_id) {
  print <<<EoRenderHomedirJS
 <script>
 var auto_homedir_update = true;
 function update_homedir() {
  if ( auto_homedir_update == true ) {
    var username = document.getElementById('$username_field_id').value;
    document.getElementById('$homedir_field_id').value = "/home/" + username;
  }
 }
 </script>
 EoRenderHomedirJS;
 }
 ######################################################
 function render_dynamic_field_js() {
@ -637,7 +659,8 @@ function render_attribute_fields($attribute,$label,$values_r,$resource_identifie
              </div>
            <?php
               if (isset($values_r['count']) and $values_r['count'] > 0) {
-                 $remaining_values = array_slice($values_r, 2);
+                 unset($values_r['count']);
                 $remaining_values = array_slice($values_r, 1);
                 print "<script>";
                 foreach($remaining_values as $this_value) { print "add_field_to('$attribute','$this_value');"; }
                 print "</script>";