Commit a9be5a0f authored by bmortier's avatar bmortier

Merge branch '1.0.9.2-fixes'

parents e3867053 fe388dc4
......@@ -175,3 +175,5 @@ documentation and additional help.
* Felix Weissbeck <contact-fusiondirectory@w7k.de>
Method to add a change password dialog on sasl+kerberos
* Tobias Göbel
Fixes for PHP7 compatibility
FusionDirectory changelog
=========================
* FusionDirectory 1.0.9.3
Bugs #4444: Debug log prevent connection in some cases
Bugs #4452: Adding a user to a group using "Groups and roles" tab creates some PHP errors
Bugs #4453: Adding a user to a group using "Groups and roles" with trustMode fails
Bugs #4456: Can't find a way to specify a '/' in distribution or media name in the repository plugin
Bugs #4457: FusionDirectory don't find the dns server if he is in a department
Bugs #4459: Desactivate other authentification method from configuration file
Bugs #4463: There are still traces of the rsyslog plugin in the schema and config class
Bugs #4464: There are still traces of the rsyslog plugin in the schema and config class
Bugs #4465: remove from the service-fd.schema objectClass no longer used
Bugs #4466: Pull request 11 from github
Bugs #4479: In primary group in unix tab there is a «None» option
Bugs #4481: «Enable primary group filter» option is obsolete
Bugs #4485: 'fusiondirectory-insert-schema -m' should check if the specificed file exists
Wishlist #4385: Locked users can connect using SSH keys
Wishlist #4473: Locked users can connect using SSH keys
* FusionDirectory 1.0.9.2
[Fix] Bugs #3880: mailbox deletion through sieve and cyrus does not work
......
......@@ -84,6 +84,7 @@ foreach my $arg ( @ARGV ) {
push @schemas, $1;
push @gen_files, $1;
} else {
push @gen_files, $1;
die_with_error("Something went wrong while trying to convert $arg to ldif\n");
}
} else {
......
......@@ -1531,6 +1531,37 @@ sub read_ldap_config {
$aclrolerdn = ($mesg->entries)[0]->get_value('fdAclRoleRDN');
}
}
return ($mesg->entries)[0];
}
sub show_ldap_config {
my $config_node = read_ldap_config();
$config_node->dump();
}
sub set_config_var {
my ($var, $value) = @_;
if (!($var =~ m/^fd/)) {
$var = "fd$var";
}
print "Setting configuration var $var to $value\n";
# initiate the LDAP connexion
my %hash_ldap_param = get_ldap_connexion();
# LDAP's connection's parameters
my $base = $hash_ldap_param{base};
my $ldap = $hash_ldap_param{ldap};
my $result = $ldap->modify (
"$configrdn,$base",
replace => {
$var => $value
}
);
$result->code && warn "! failed to set value for '".$var."' - ".$result->error_name.": ".$result->error_text;
}
sub show_version {
......@@ -1597,21 +1628,24 @@ die ("! You have to run this script as root\n") if ($<!=0);
$commands{"--list-deprecated"} = ["List deprecated attributes and objectclasses", \&list_deprecated];
$commands{"--check-deprecated"} = ["List LDAP entries using deprecated attributes or objectclasses", \&check_deprecated];
$commands{"--ldif-deprecated"} = ["# Print an LDIF removing deprecated attributes",\&ldif_deprecated];
$commands{"--show-config"} = ["Show an LDAP dump of the FusionDirectory configuration",\&show_ldap_config];
$commands{"--set-config-VAR=value"} = ["Set the value in LDAP of a configuration field",\&set_config_var];
my $usage = 0;
set_vars();
foreach my $arg ( @ARGV ) {
if (( lc($arg) =~ m/^--set-(.*)=(.*)/ ) && (grep {$_ eq lc($1)} @vars_keys)) {
if (( lc($arg) =~ m/^--set-(.*)=(.*)$/ ) && (grep {$_ eq lc($1)} @vars_keys)) {
$vars{lc($1)} = $2;
print "Setting $1 to $2\n";
set_vars();
} elsif ( $arg =~ m/^--set-config-(.*)=(.*)$/ ) {
set_config_var($1, $2);
} elsif ( defined $commands { lc ( $arg ) } ) {
my @command = @{ $commands{ $arg } };
print( $command[0]."\n" );
$command[1]();
} elsif ( ( lc($arg) eq "--help" ) || ( lc($arg) eq "-h" ) ) {
print ( "\nCommands:\n" );
while ( my ( $key,$value ) = each %commands ) {
......@@ -1641,7 +1675,7 @@ __END__
=head1 NAME
fusiondirectory-setup - FusionDirectory setup script
fusiondirectory-setup - FusionDirectory configuration management tool
=head1 DESCRIPTION
......@@ -1717,6 +1751,15 @@ This option will list the dn of LDAP entries using deprecated attributes or obje
This option will print an LDIF to allow you to remove deprecated attributes from you ldap server. Be carefull and check before applying.
=item --show-config
This option will print a dump of the FusionDirectory configuration LDAP node.
=item --set-config-VAR=value
This option sets the value of a configuration field in the LDAP. The value needs to be in the correct LDAP format.
You cannot set multivalued field with this. The var name can be provided with or without the fd prefix.
=item --yes
This flag will answer "yes" to every yes/no question asked by the script
......
This diff is collapsed.
......@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "FUSIONDIRECTORY-INSERT-SCHEMA 1"
.TH FUSIONDIRECTORY-INSERT-SCHEMA 1 "2016-01-05" "FusionDirectory 1.0.9.2" "FusionDirectory Documentation"
.TH FUSIONDIRECTORY-INSERT-SCHEMA 1 "2016-01-29" "FusionDirectory 1.0.9.3" "FusionDirectory Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
......
......@@ -133,13 +133,13 @@
.\" ========================================================================
.\"
.IX Title "FUSIONDIRECTORY-SETUP 1"
.TH FUSIONDIRECTORY-SETUP 1 "2016-01-05" "FusionDirectory 1.0.9.2" "FusionDirectory Documentation"
.TH FUSIONDIRECTORY-SETUP 1 "2016-01-29" "FusionDirectory 1.0.9.3" "FusionDirectory Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
fusiondirectory\-setup \- FusionDirectory setup script
fusiondirectory\-setup \- FusionDirectory configuration management tool
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This script is designed to perform multiple checks on your FusionDirectory/LDAP architecture, and fix usual misconfiguration.
......@@ -195,6 +195,13 @@ This option will list the dn of \s-1LDAP\s0 entries using deprecated attributes
.IP "\-\-ldif\-deprecated" 4
.IX Item "--ldif-deprecated"
This option will print an \s-1LDIF\s0 to allow you to remove deprecated attributes from you ldap server. Be carefull and check before applying.
.IP "\-\-show\-config" 4
.IX Item "--show-config"
This option will print a dump of the FusionDirectory configuration \s-1LDAP\s0 node.
.IP "\-\-set\-config\-VAR=value" 4
.IX Item "--set-config-VAR=value"
This option sets the value of a configuration field in the \s-1LDAP.\s0 The value needs to be in the correct \s-1LDAP\s0 format.
You cannot set multivalued field with this. The var name can be provided with or without the fd prefix.
.IP "\-\-yes" 4
.IX Item "--yes"
This flag will answer \*(L"yes\*(R" to every yes/no question asked by the script
......
......@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "FUSIONDIRECTORY.CONF 1"
.TH FUSIONDIRECTORY.CONF 1 "2016-01-05" "FusionDirectory 1.0.9.2" "FusionDirectory Documentation"
.TH FUSIONDIRECTORY.CONF 1 "2016-01-29" "FusionDirectory 1.0.9.3" "FusionDirectory Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
......
......@@ -225,6 +225,7 @@ attributetype ( 1.3.6.1.4.1.38414.8.13.8 NAME 'fdForcePasswordDefaultHash'
attributetype ( 1.3.6.1.4.1.38414.8.14.1 NAME 'fdPrimaryGroupFilter'
DESC 'FusionDirectory - Primary group filter'
OBSOLETE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
......
......@@ -159,12 +159,8 @@ if (!is_readable(CONFIG_DIR.'/'.CONFIG_FILE)) {
/* Parse configuration file */
$config = new config(CONFIG_DIR.'/'.CONFIG_FILE, $BASE_DIR);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session::global_set('DEBUGLEVEL', 0);
} else {
session::global_set('DEBUGLEVEL', $config->get_cfg_value('DEBUGLEVEL'));
@DEBUG (DEBUG_CONFIG, __LINE__, __FUNCTION__, __FILE__, $config->data, 'config');
}
session::global_set('DEBUGLEVEL', $config->get_cfg_value('DEBUGLEVEL'));
@DEBUG (DEBUG_CONFIG, __LINE__, __FUNCTION__, __FILE__, $config->data, 'config');
/* Set template compile directory */
$smarty->compile_dir = $config->get_cfg_value('templateCompileDirectory', SPOOL_DIR);
......@@ -196,7 +192,7 @@ if (isset($_POST['server'])) {
}
$config->set_current($server);
if (($_SERVER['REQUEST_METHOD'] == 'POST') || ($config->get_cfg_value('casActivated') == 'TRUE')) {
if ($config->get_cfg_value('casActivated') == 'TRUE') {
session::global_set('DEBUGLEVEL', 0);
}
......
......@@ -55,7 +55,7 @@ class CopyPasteHandler
*
* \param string $config
*/
function CopyPasteHandler(&$config)
function __construct(&$config)
{
$this->config = &$config;
$this->current = NULL;
......
......@@ -537,22 +537,6 @@ class config {
$this->data['SERVERS']['FON'][$attrs['dn']] = $entry;
}
/* Get logdb server */
$ldap->cd($this->current['BASE']);
$ldap->search("(objectClass=goLogDBServer)");
if ($ldap->count()) {
$attrs = $ldap->fetch();
if (!isset($attrs['gosaLogDB'][0])) {
$attrs['gosaLogDB'][0] = "gomon";
}
$this->data['SERVERS']['LOG'] = array(
'SERVER' => $attrs['cn'][0],
'LOGIN' => $attrs['goLogAdmin'][0],
'DB' => $attrs['gosaLogDB'][0],
'PASSWORD' => $attrs['goLogPassword'][0]
);
}
/* Get NFS server lists */
$tmp = array("default");
$tmp2 = array("default");
......
......@@ -51,7 +51,7 @@ class filter
*
* \param string $filename
*/
function filter($filename)
function __construct($filename)
{
// Load eventually passed filename
if (!$this->load($filename)) {
......
......@@ -68,7 +68,7 @@ class LDAP
*
* \param boolean $tls FALSE
*/
function LDAP($binddn, $bindpw, $hostname, $follow_referral = FALSE, $tls = FALSE)
function __construct($binddn, $bindpw, $hostname, $follow_referral = FALSE, $tls = FALSE)
{
global $config;
$this->follow_referral = $follow_referral;
......@@ -112,6 +112,7 @@ class LDAP
* ( => OB
* ) => CB
* / => SL
* " => DQ
* \22 => DQ
* \endcode
*
......
......@@ -70,7 +70,7 @@ class listing {
*
* \param string $data either a filename or an array representation of the XML
*/
function listing($data)
function __construct($data)
{
global $config;
global $class_mapping;
......@@ -1786,6 +1786,7 @@ class listing {
*/
function getType($dn)
{
$dn = LDAP::fix($dn);
if (isset($this->objectDnMapping[$dn])) {
return $this->objectDnMapping[$dn];
}
......
......@@ -52,7 +52,7 @@ class log {
*
* \sa log()
*/
function log($action, $objecttype, $object, $changes_array = array(), $result = "")
function __construct($action, $objecttype, $object, $changes_array = array(), $result = "")
{
if (!is_array($changes_array)) {
trigger_error("log(string,string,string,array(),bool). Forth parameter must be an array.");
......
......@@ -1362,7 +1362,7 @@ class plugin
'newvalue' => $newvalue,
'tab' => $tabclass,
);
$filter = plugin::tpl_parse_string($filter, array('oldvalue' => $oldvalue, 'newvalue' => $newvalue));
$filter = plugin::tpl_parse_string($filter, array('oldvalue' => ldap_escape($oldvalue, '', LDAP_ESCAPE_FILTER), 'newvalue' => ldap_escape($newvalue, '', LDAP_ESCAPE_FILTER)));
} elseif ($mode == 'references') {
$foreignRefs[$objectType]['refs'][$class]['name'] = $cinfos['plShortName'];
$foreignRefs[$objectType]['refs'][$class]['fields'][$ofield] =
......@@ -1372,7 +1372,7 @@ class plugin
'field' => $field,
'value' => $this->parent->by_object[$tabclass]->$field,
);
$filter = plugin::tpl_parse_string($filter, array('oldvalue' => $this->parent->by_object[$tabclass]->$field));
$filter = plugin::tpl_parse_string($filter, array('oldvalue' => ldap_escape($this->parent->by_object[$tabclass]->$field, '', LDAP_ESCAPE_FILTER)));
}
if (!preg_match('/^\(.*\)$/', $filter)) {
$filter = '('.$filter.')';
......
......@@ -240,6 +240,9 @@ function make_seed()
function DEBUG($level, $line, $function, $file, $data, $info = "")
{
static $first = TRUE;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
return;
}
if (session::global_get('DEBUGLEVEL') & $level) {
if ($first) {
echo '<div id="debug_handling" class="notice">'.
......@@ -1991,7 +1994,7 @@ function gen_uids($rule, $attributes)
if (preg_match('/\{id(:|!)(\d+)}/', $uid, $m)) {
$size = $m[2];
$start = ($m[1] == ":"?0:-1);
$start = ($m[1] == ":" ? 0 : -1);
for ($i = $start, $p = pow(10, $size) - 1; $i < $p; $i++) {
if ($i == -1) {
$number = "";
......@@ -2074,7 +2077,7 @@ function to_byte($value)
break;
}
return ($mult * (int)substr($value, 0, -1));
return $mult * (int)substr($value, 0, -1);
} else {
return $value;
}
......@@ -2825,6 +2828,23 @@ function lock_samba_account($mode, $attrs)
return $modify;
}
/* Lock or unlock ssh account */
function lock_ssh_account($mode, $attrs, &$modify)
{
global $config;
if (!isset($attrs['sshPublicKey'])) {
return;
}
$modify['sshPublicKey'] = array();
for ($i = 0; $i < $attrs['sshPublicKey']['count']; ++$i) {
if ($mode == 'LOCK') {
$modify['sshPublicKey'][] = preg_replace('/^/', 'disabled-', $attrs['sshPublicKey'][0]);
} else {
$modify['sshPublicKey'][] = preg_replace('/^disabled-/', '', $attrs['sshPublicKey'][0]);
}
}
}
/*!
* \brief Get the Change Sequence Number of a certain DN
......@@ -3048,6 +3068,17 @@ function isIpInNet($ip, $net, $mask)
return (($ip & $mask) == $net);
}
/*!
* \brief Expands an IP v6
*/
function expandIPv6 ($ip)
{
$hex = unpack('H*hex', inet_pton($ip));
$ip = substr(preg_replace('/([A-f0-9]{4})/', "$1:", $hex['hex']), 0, -1);
return $ip;
}
/*!
* \brief Get next id
*
......@@ -3307,4 +3338,79 @@ function initLanguage($lang = NULL)
session::global_set('lang', $lang);
return $ret;
}
if (!function_exists('ldap_escape')) {
/* This bloc is for PHP<5.6 */
define('LDAP_ESCAPE_FILTER', 0x01);
define('LDAP_ESCAPE_DN', 0x02);
/**
* @param string $subject The subject string
* @param string $ignore Set of characters to leave untouched
* @param int $flags Any combination of LDAP_ESCAPE_* flags to indicate the
* set(s) of characters to escape.
* @return string
*/
function ldap_escape($subject, $ignore = '', $flags = 0)
{
static $charMaps = array(
LDAP_ESCAPE_FILTER => array('\\', '*', '(', ')', "\x00"),
LDAP_ESCAPE_DN => array('\\', ',', '=', '+', '<', '>', ';', '"', '#'),
);
// Pre-process the char maps on first call
if (!isset($charMaps[0])) {
$charMaps[0] = array();
for ($i = 0; $i < 256; $i++) {
$charMaps[0][chr($i)] = sprintf('\\%02x', $i);;
}
for ($i = 0, $l = count($charMaps[LDAP_ESCAPE_FILTER]); $i < $l; $i++) {
$chr = $charMaps[LDAP_ESCAPE_FILTER][$i];
unset($charMaps[LDAP_ESCAPE_FILTER][$i]);
$charMaps[LDAP_ESCAPE_FILTER][$chr] = $charMaps[0][$chr];
}
for ($i = 0, $l = count($charMaps[LDAP_ESCAPE_DN]); $i < $l; $i++) {
$chr = $charMaps[LDAP_ESCAPE_DN][$i];
unset($charMaps[LDAP_ESCAPE_DN][$i]);
$charMaps[LDAP_ESCAPE_DN][$chr] = $charMaps[0][$chr];
}
}
// Create the base char map to escape
$flags = (int)$flags;
$charMap = array();
if ($flags & LDAP_ESCAPE_FILTER) {
$charMap += $charMaps[LDAP_ESCAPE_FILTER];
}
if ($flags & LDAP_ESCAPE_DN) {
$charMap += $charMaps[LDAP_ESCAPE_DN];
}
if (!$charMap) {
$charMap = $charMaps[0];
}
// Remove any chars to ignore from the list
$ignore = (string)$ignore;
for ($i = 0, $l = strlen($ignore); $i < $l; $i++) {
unset($charMap[$ignore[$i]]);
}
// Do the main replacement
$result = strtr($subject, $charMap);
// Encode leading/trailing spaces if LDAP_ESCAPE_DN is passed
if ($flags & LDAP_ESCAPE_DN) {
if ($result[0] === ' ') {
$result = '\\20' . substr($result, 1);
}
if ($result[strlen($result) - 1] === ' ') {
$result = substr($result, 0, -1) . '\\20';
}
}
return $result;
}
}
?>
......@@ -174,6 +174,9 @@ class passwordMethod
// (Un)lock the samba account
$modify = lock_samba_account($mode, $attrs);
// (Un)lock SSH keys
lock_ssh_account($mode, $attrs, $modify);
// (Un)lock the account by modifying the password hash.
$pwdClass = new user($config, $dn);
$pwdClass->callHook('PRE'.$mode, array(), $ret);
......
......@@ -289,10 +289,10 @@ class simplePlugin extends plugin
$attr = $infos['mainAttr'];
$ou = $infos['ou'];
if ($this->is_template) {
$dn = 'cn='.$this->_template_cn.',ou=templates,'.$ou.$this->base;
$dn = 'cn='.ldap_escape($this->_template_cn, '', LDAP_ESCAPE_DN).',ou=templates,'.$ou.$this->base;
return $dn;
}
return $attr.'='.$this->attributesAccess[$attr]->computeLdapValue().','.$ou.$this->base;
return $attr.'='.ldap_escape($this->attributesAccess[$attr]->computeLdapValue(), '', LDAP_ESCAPE_DN).','.$ou.$this->base;
}
function getRequiredAttributes()
......
......@@ -392,7 +392,7 @@ class simpleTabs
function save()
{
$baseobject = $this->getBaseObject();
$new_dn = $baseobject->compute_dn();
$new_dn = LDAP::convert($baseobject->compute_dn());
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $new_dn, "Saving");
/* Move ? */
......
......@@ -63,7 +63,7 @@ define("FPDF_FONTPATH", "/usr/share/php/fpdf/font/"); /*! Define fpdf font path
/*!
* \brief FusionDirectory Version
*/
define ("FD_VERSION", "1.0.9.2"); /*! Define FusionDirectory version */
define ("FD_VERSION", "1.0.9.3"); /*! Define FusionDirectory version */
/*!
* \brief FusionDirectory config object RDN
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -19,8 +19,6 @@
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
*/
class dashboardUsers extends simplePlugin
{
static function plInfo()
......
......@@ -215,7 +215,13 @@ class group extends simplePlugin
function addUser($dn, $uid)
{
$this->attributesAccess['memberUid']->addValue($dn, array('uid' => array($uid), 'cn' => array($uid)));
$this->attributesAccess['memberUid']->addValue($dn,
array(
'dn' => $dn,
'uid' => array($uid),
'cn' => array($uid)
)
);
}
function removeUser($uid)
......
......@@ -55,12 +55,12 @@ class ObjectsAttribute extends GenericDialogAttribute
}
}
if (!isset($this->displays[$i])) {
trigger_error('Unkown type for "'.$attrs['dn'].'"');
$this->displays[$i] = sprintf(_("Unknown type : %s"), LDAP::fix($attrs['dn']));
trigger_error('Unkown type for "'.$this->value[$i].'"');
$this->displays[$i] = sprintf(_('Unknown type : %s'), LDAP::fix($this->value[$i]));
$this->types[$i] = 'I';
}
} else {
$this->displays[$i] = sprintf(_("Non existing dn: %s"), LDAP::fix($this->value[$i]));
$this->displays[$i] = sprintf(_('Non existing dn: %s'), LDAP::fix($this->value[$i]));
$this->types[$i] = 'I';
}
}
......@@ -265,6 +265,7 @@ class ogroup extends simplePlugin
}
$this->reload();
$this->updateAttributesValues();
}
function compute_dn()
......
......@@ -157,12 +157,6 @@ class configInLdap extends simplePlugin
'core_settings' => array(
'name' => _('Core settings'),
'attrs' => array(
new BooleanAttribute (
_('Enable primary group filter'),
_('It is time consuming to evaluate which groups are primary and which are not, so you may want to disable it if your group plugin is slow.'),
'fdPrimaryGroupFilter', FALSE,
TRUE
),
new BooleanAttribute (
_('Display summary in listings'),
_('Determines whether a status bar will be shown on the bottom of lists, displaying a short summary of type and number of elements in the list.'),
......
......@@ -288,7 +288,7 @@ class posixAccount extends simplePlugin
$this->ui = get_userinfo();
$secondaryGroups = array();
$secondaryGroups[0] = "- "._("automatic")." -";
$secondaryGroups[''] = "- "._("automatic")." -";
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$ldap->search("(objectClass=posixGroup)", array("cn", "gidNumber"));
......
......@@ -187,12 +187,19 @@ class userRoles extends simplePlugin
parent::ldap_save($cleanup);
if (!$this->is_template) {
/* We need to give an array which looks like an ldap fetch and match user filter */
$fake_attrs = array(
'objectClass' => array('inetOrgPerson','organizationalPerson','person'),
'cn' => array($this->dn),
'dn' => $this->dn
);
/* Take care about groupsMembership values: add to groups */
$groupsMembership = $this->attributesAccess['groupsMembership']->getValue();
foreach ($groupsMembership as $ogroupdn) {
if (!in_array($ogroupdn, $this->savedGroupsMembership)) {
$g = objects::open($ogroupdn, 'ogroup');
$g->getBaseObject()->attributesAccess['member']->addValue($this->dn, array('cn' => 'user'));
$g->getBaseObject()->attributesAccess['member']->addValue($this->dn, $fake_attrs);
$g->save();
}
}
......@@ -211,7 +218,7 @@ class userRoles extends simplePlugin
foreach ($rolesMembership as $roledn) {
if (!in_array($roledn, $this->savedRolesMembership)) {
$r = objects::open($roledn, 'role');
$r->getBaseObject()->attributesAccess['roleOccupant']->addValue($this->dn, array('cn' => 'user'));
$r->getBaseObject()->attributesAccess['roleOccupant']->addValue($this->dn, $fake_attrs);
$r->save();
}
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment