Skip to content
GitLab
Select Git revision
  • dev default
  • 6378-orcid-test-method-is-wrong-and-break-orcid-saving
  • core-php8
  • master
  • 6342-update-the-locales-for-1-5
  • 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen
  • 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account
  • 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock
  • fusiondirectory-1.5
  • fusiondirectory-1.4
  • fusiondirectory-1.3.1
  • fusiondirectory-1.3
  • fusiondirectory-1.2.3
  • fusiondirectory-1.2.2
  • fusiondirectory-1.2.1
  • fusiondirectory-1.2
  • fusiondirectory-1.1.1
  • fusiondirectory-1.1
  • fusiondirectory-1.0.20
  • fusiondirectory-1.0.19
  • fusiondirectory-1.0.18
  • fusiondirectory-1.0.17
  • fusiondirectory-1.0.16
  • fusiondirectory-1.0.15
  • fusiondirectory-1.0.14
  • fusiondirectory-1.0.13
  • fusiondirectory-1.0.12
  • fusiondirectory-1.0.11
Find file BlameHistoryPermalink
  • Côme Bernigaud's avatar
    Fixes #2919 Rewriting setup using simplePlugin and config classes · 8bf6a6d9
    Côme Bernigaud authored 
    Conflicts:
	html/themes/default/setup.css
	plugins/config/class_configInLdap.inc
	setup/class_setupStep_Checks.inc
	setup/class_setupStep_Config1.inc
	setup/class_setupStep_Config2.inc
	setup/class_setupStep_Config3.inc
	setup/class_setupStep_Finish.inc
	setup/class_setupStep_Language.inc
	setup/class_setupStep_Ldap.inc
	setup/class_setupStep_Migrate.inc
	setup/class_setupStep_Welcome.inc
	setup/setup_checks.tpl
	setup/setup_config1.tpl
	setup/setup_config2.tpl
	setup/setup_finish.tpl
	setup/setup_frame.tpl
	setup/setup_welcome.tpl
    8bf6a6d9
class_setupStep_Migrate.inc 96.39 KiB
1 
<?php
2 
/*
3 
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4 
  Copyright (C) 2007  Fabian Hickert
5 
  Copyright (C) 2011-2015  FusionDirectory
6
7 
  This program is free software; you can redistribute it and/or modify
8 
  it under the terms of the GNU General Public License as published by
9 
  the Free Software Foundation; either version 2 of the License, or
10 
  (at your option) any later version.
11
12 
  This program is distributed in the hope that it will be useful,
13 
  but WITHOUT ANY WARRANTY; without even the implied warranty of
14 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 
  GNU General Public License for more details.
16
17 
  You should have received a copy of the GNU General Public License
18 
  along with this program; if not, write to the Free Software
19 
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
20 
*/
21
22 
/****************
23 
 * FUNCTIONS
24
25 
Step_Migrate                - Constructor.
26 
update_strings              - Used to update the displayed step informations.
27 
initialize_checks           - Initialize migration steps.
28 
check_ldap_permissions      - Check if the used admin account has full access to the ldap database.
29 
check_gosaAccounts          - Check if there are users without the required objectClasses.
30 
migrate_gosaAccounts        - Migrate selected users to FusionDirectory user accounts.
31 
check_organizationalUnits   - Check if there are departments, that are not visible for FusionDirectory
32 
migrate_organizationalUnits - Migrate selected departments
33 
check_administrativeAccount - Check if there is at least one acl entry available
34 
checkBase                   - Check if there is a root object available
35
36 
get_user_list               - Get list of available users
37
38 
create_admin
39 
create_admin_user
40
41 
execute                     - Generate html output of this plugin
42 
save_object                 - Save posts
43 
array_to_ldif               - Create ldif output of an ldap result array
44
45 
 ****************/
46
47 
class Step_Migrate extends setup_step
48 
{
49 
  var $languages      = array();
50 
  var $attributes     = array('valid_admin');
51 
  var $header_image   = 'geticon.php?context=applications&icon=utilities-system-monitor&size=48';
52 
  var $checks         = array();
53
54 
  /* Department migration attributes */
55 
  var $dep_migration_dialog = FALSE;
56 
  var $deps_to_migrate      = array();
57 
  var $show_details         = FALSE;
58
59 
  /* Department migration attributes */
60 
  var $users_migration_dialog = FALSE;
61 
  var $users_to_migrate       = array();
62
63 
  /* Create Acl attributes */
64 
  var $acl_create_dialog    = FALSE;
65 
  var $acl_create_selected  = ""; // Currently selected element, that should receive admin rights
66 
  var $acl_create_changes   = ""; // Contains ldif information about changes
67 
  var $acl_create_confirmed = FALSE;
68
69 
  /* Checks initialised ? */
70 
  var $checks_initialised = FALSE;
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
/* Users outside to people ou */ var $outside_users = array(); var $outside_users_dialog = FALSE; /* Users outside to groups ou */ var $outside_groups = array(); var $outside_groups_dialog = FALSE; /* Device migration */ var $device_dialog = FALSE; var $device = array(); /* Service migration */ var $service_dialog = FALSE; var $service = array(); /* Group menus */ var $menu_dialog = FALSE; var $menu = array(); /* check for multiple use of same uidNumber */ var $check_uidNumbers = array(); var $check_uidNumbers_dialog = FALSE; /* check for multiple use of same gidNumber */ var $check_gidNumbers = array(); var $check_gidNumbers_dialog = FALSE; var $group_list = array(); /* Migrable users */ var $migrate_users = array(); var $acl_migrate_dialog = FALSE; var $migrate_acl_base_entry = ""; /* Root object classes */ var $rootOC_migrate_dialog = FALSE; var $rootOC_details = array(); /* One valid admin dn */ var $valid_admin = FALSE; /* Defaults ACL roles */ var $defaultRoles; function __construct() { $this->update_strings(); $this->fill_defaultRoles(); } function update_strings() { $this->s_title = _("LDAP inspection"); $this->s_title_long = _("LDAP inspection"); $this->s_info = _("Analyze your current LDAP for FusionDirectory compatibility"); } function fill_defaultRoles() { $this->defaultRoles = array( array( 'cn' => 'manager', 'description' => _('Give all rights on users in the given branch'), 'objectclass' => array('top', 'gosaRole'), 'gosaAclTemplate' => '0:user/password;cmdrw,user/user;cmdrw,user/posixAccount;cmdrw' ), array( 'cn' => 'editowninfos',
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
'description' => _('Allow users to edit their own information (main tab and posix use only on base)'), 'objectclass' => array('top', 'gosaRole'), 'gosaAclTemplate' => '0:user/posixAccount;srw,user/user;srw' ), array( 'cn' => 'editowninfos', 'description' => _('Allow users to edit their own password (use only on base)'), 'objectclass' => array('top', 'gosaRole'), 'gosaAclTemplate' => '0:user/password;srw' ), ); } function initialize_checks() { $this->checks = array(); $this->checks['root']['TITLE'] = _("Checking for root object"); $this->checks['root']['STATUS'] = FALSE; $this->checks['root']['STATUS_MSG'] = ""; $this->checks['root']['ERROR_MSG'] = ""; $this->checkBase(); $this->checks['rootOC']['TITLE'] = _("Inspecting object classes in root object"); $this->checks['rootOC']['STATUS'] = FALSE; $this->checks['rootOC']['STATUS_MSG'] = ""; $this->checks['rootOC']['ERROR_MSG'] = ""; $this->checkBaseOC(); $this->checks['permissions']['TITLE'] = _("Checking permission for LDAP database"); $this->checks['permissions']['STATUS'] = FALSE; $this->checks['permissions']['STATUS_MSG'] = ""; $this->checks['permissions']['ERROR_MSG'] = ""; $this->check_ldap_permissions(); $this->checks['deps_visible']['TITLE'] = _("Checking for invisible departments"); $this->checks['deps_visible']['STATUS'] = FALSE; $this->checks['deps_visible']['STATUS_MSG'] = ""; $this->checks['deps_visible']['ERROR_MSG'] = ""; $this->checks['users_visible']['TITLE'] = _("Checking for invisible users"); $this->checks['users_visible']['STATUS'] = FALSE; $this->checks['users_visible']['STATUS_MSG'] = ""; $this->checks['users_visible']['ERROR_MSG'] = ""; $this->check_gosaAccounts(); $this->migrate_users = array(); $this->checks['acls']['TITLE'] = _("Checking for super administrator"); $this->checks['acls']['STATUS'] = FALSE; $this->checks['acls']['STATUS_MSG'] = ""; $this->checks['acls']['ERROR_MSG'] = ""; $this->check_administrativeAccount(); $this->checks['default_acls']['TITLE'] = _("Checking for default ACL roles and groupes"); $this->checks['default_acls']['STATUS'] = FALSE; $this->checks['default_acls']['STATUS_MSG'] = ""; $this->checks['default_acls']['ERROR_MSG'] = ""; $this->check_defaultACLs(); $this->checks['outside_users']['TITLE'] = _("Checking for users outside the people tree"); $this->checks['outside_users']['STATUS'] = FALSE; $this->checks['outside_users']['STATUS_MSG'] = ""; $this->checks['outside_users']['ERROR_MSG'] = ""; $this->search_outside_users(); $this->checks['outside_groups']['TITLE'] = _("Checking for groups outside the groups tree"); $this->checks['outside_groups']['STATUS'] = FALSE; $this->checks['outside_groups']['STATUS_MSG'] = ""; $this->checks['outside_groups']['ERROR_MSG'] = ""; $this->search_outside_groups(); $this->check_organizationalUnits();
211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280
$this->checks['uidNumber_usage']['TITLE'] = _("Checking for duplicated user ids"); $this->checks['uidNumber_usage']['STATUS'] = FALSE; $this->checks['uidNumber_usage']['STATUS_MSG'] = ""; $this->checks['uidNumber_usage']['ERROR_MSG'] = ""; $this->check_uidNumber(); $this->checks['gidNumber_usage']['TITLE'] = _("Checking for duplicate group ids"); $this->checks['gidNumber_usage']['STATUS'] = FALSE; $this->checks['gidNumber_usage']['STATUS_MSG'] = ""; $this->checks['gidNumber_usage']['ERROR_MSG'] = ""; $this->check_gidNumber(); $this->checks['old_style_devices']['TITLE'] = _("Checking for old style USB devices"); $this->checks['old_style_devices']['STATUS'] = FALSE; $this->checks['old_style_devices']['STATUS_MSG'] = ""; $this->checks['old_style_devices']['ERROR_MSG'] = ""; $this->check_usb_devices(); $this->checks['old_style_services']['TITLE'] = _("Checking for old services that have to be migrated"); $this->checks['old_style_services']['STATUS'] = FALSE; $this->checks['old_style_services']['STATUS_MSG'] = ""; $this->checks['old_style_services']['ERROR_MSG'] = ""; $this->check_services(); $this->checks['old_style_menus']['TITLE'] = _("Checking for old style application menus"); $this->checks['old_style_menus']['STATUS'] = FALSE; $this->checks['old_style_menus']['STATUS_MSG'] = ""; $this->checks['old_style_menus']['ERROR_MSG'] = ""; $this->check_menus(); } /* Check if there are uidNumbers which are used more than once */ function check_uidNumber() { global $config; $ldap = $config->get_ldap_link(); $ldap->cd($config->current['BASE']); $res = $ldap->search("(&(objectClass=posixAccount)(uidNumber=*))", array("dn","uidNumber")); if (!$res) { $this->checks['uidNumber_usage']['STATUS'] = FALSE; $this->checks['uidNumber_usage']['STATUS_MSG'] = _("LDAP query failed"); $this->checks['uidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); return FALSE; } $this->check_uidNumbers = array(); $tmp = array(); while ($attrs = $ldap->fetch()) { $tmp[$attrs['uidNumber'][0]][] = $attrs; } foreach ($tmp as $entries) { if (count($entries) > 1) { foreach ($entries as $entry) { $this->check_uidNumbers[base64_encode($entry['dn'])] = $entry; } } } if ($this->check_uidNumbers) { $this->checks['uidNumber_usage']['STATUS'] = FALSE; $this->checks['uidNumber_usage']['STATUS_MSG'] = "<div style='color:#F0A500'>"._("Warning")."</div>"; $this->checks['uidNumber_usage']['ERROR_MSG'] = sprintf(_("Found %s duplicate values for attribute 'uidNumber'."), count($this->check_uidNumbers)); return FALSE; } else { $this->checks['uidNumber_usage']['STATUS'] = TRUE;
281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350
$this->checks['uidNumber_usage']['STATUS_MSG'] = _("Ok"); $this->checks['uidNumber_usage']['ERROR_MSG'] = ""; return TRUE; } } /* Check if there are duplicated gidNumbers present in ldap */ function check_gidNumber() { global $config; $ldap = $config->get_ldap_link(); $ldap->cd($config->current['BASE']); $res = $ldap->search("(&(objectClass=posixGroup)(gidNumber=*))", array("dn","gidNumber")); if (!$res) { $this->checks['gidNumber_usage']['STATUS'] = FALSE; $this->checks['gidNumber_usage']['STATUS_MSG'] = _("LDAP query failed"); $this->checks['gidNumber_usage']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); return FALSE; } $this->check_gidNumbers = array(); $tmp = array(); while ($attrs = $ldap->fetch()) { $tmp[$attrs['gidNumber'][0]][] = $attrs; } foreach ($tmp as $entries) { if (count($entries) > 1) { foreach ($entries as $entry) { $this->check_gidNumbers[base64_encode($entry['dn'])] = $entry; } } } if ($this->check_gidNumbers) { $this->checks['gidNumber_usage']['STATUS'] = FALSE; $this->checks['gidNumber_usage']['STATUS_MSG'] = "<div style='color:#F0A500'>"._("Warning")."</div>"; $this->checks['gidNumber_usage']['ERROR_MSG'] = sprintf(_("Found %s duplicate values for attribute 'gidNumber'."), count($this->check_gidNumbers)); return FALSE; } else { $this->checks['gidNumber_usage']['STATUS'] = TRUE; $this->checks['gidNumber_usage']['STATUS_MSG'] = _("Ok"); $this->checks['gidNumber_usage']['ERROR_MSG'] = ""; return TRUE; } } /* Search for groups outside the group ou */ function search_outside_groups() { global $config; $ldap = $config->get_ldap_link(); $group_ou = get_ou('groupRDN'); $ldap->cd($config->current['BASE']); /*********** * Get all gosaDepartments to be able to * validate correct ldap tree position of every single user ***********/ $valid_deps = array(); $valid_deps['/'] = $config->current['BASE']; $ldap->search("(&(objectClass=gosaDepartment)(ou=*))", array("dn","ou")); while ($attrs = $ldap->fetch()) { $valid_deps[] = $attrs['dn']; }
351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420
/*********** * Get all groups ***********/ $res = $ldap->search("(objectClass=posixGroup)", array("dn")); if (!$res) { $this->checks['outside_groups']['STATUS'] = FALSE; $this->checks['outside_groups']['STATUS_MSG'] = _("LDAP query failed"); $this->checks['outside_groups']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); return FALSE; } $this->outside_groups = array(); $this->groups_list = array();; while ($attrs = $ldap->fetch()) { $group_db_base = preg_replace("/^[^,]+,".preg_quote($group_ou, '/')."+/i", "", $attrs['dn']); /* Check if entry is not an addressbook only user * and verify that he is in a valid department */ if ( !preg_match("/".preg_quote("dc=addressbook,", '/')."/", $group_db_base) && !in_array($group_db_base, $valid_deps) ) { $attrs['selected'] = FALSE; $attrs['ldif'] = ""; $this->outside_groups[base64_encode($attrs['dn'])] = $attrs; } $this->group_list[] = $attrs['dn']; } if (count($this->outside_groups)) { $this->checks['outside_groups']['STATUS'] = FALSE; $this->checks['outside_groups']['STATUS_MSG'] = "<div style='color:#F0A500'>"._("Warning")."</div>"; $this->checks['outside_groups']['ERROR_MSG'] = sprintf(_("Found %s groups outside the configured tree '%s'."), count($this->outside_groups), $group_ou); $this->checks['outside_groups']['ERROR_MSG'] .= "&nbsp;<input type='submit' name='outside_groups_dialog' value='"._("Move")."...'>"; return FALSE; } else { $this->checks['outside_groups']['STATUS'] = TRUE; $this->checks['outside_groups']['STATUS_MSG'] = _("Ok"); $this->checks['outside_groups']['ERROR_MSG'] = ""; return TRUE; } } /* Search for users outside the people ou */ function search_outside_users() { global $config; $ldap = $config->get_ldap_link(); $ldap->cd($config->current['BASE']); /*********** * Get all gosaDepartments to be able to * validate correct ldap tree position of every single user ***********/ $valid_deps = array(); $valid_deps['/'] = $config->current['BASE']; $ldap->search("(&(objectClass=gosaDepartment)(ou=*))", array("dn","ou")); while ($attrs = $ldap->fetch()) { $valid_deps[] = $attrs['dn']; } /*********** * Search for all users ***********/ $res = $ldap->search("(&(objectClass=gosaAccount)(!(uid=*$)))", array("dn")); if (!$res) { $this->checks['outside_users']['STATUS'] = FALSE; $this->checks['outside_users']['STATUS_MSG'] = _("LDAP query failed");
421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490
$this->checks['outside_users']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); return FALSE; } /*********** * Check if returned users are within a valid GOsa department. (peopleou,gosaDepartment,base) ***********/ $this->outside_users = array(); $people_ou = trim(get_ou('userRDN')); while ($attrs = $ldap->fetch()) { $people_db_base = preg_replace("/^[^,]+,".preg_quote($people_ou, '/')."/i", "", $attrs['dn']); /* Check if entry is not an addressbook only user * and verify that he is in a valid department */ if ( !preg_match("/dc=addressbook,/", $people_db_base) && !in_array($people_db_base, $valid_deps) ) { $attrs['selected'] = FALSE; $attrs['ldif'] = ""; $this->outside_users[base64_encode($attrs['dn'])] = $attrs; } } if (count($this->outside_users)) { $this->checks['outside_users']['STATUS'] = FALSE; $this->checks['outside_users']['STATUS_MSG'] = "<div style='color:#F0A500'>"._("Warning")."</div>"; $this->checks['outside_users']['ERROR_MSG'] = sprintf(_("Found %s user(s) outside the configured tree '%s'."), count($this->outside_users), $people_ou); $this->checks['outside_users']['ERROR_MSG'] .= "<input type='submit' name='outside_users_dialog' value='"._("Move")."...'>"; return FALSE; } else { $this->checks['outside_users']['STATUS'] = TRUE; $this->checks['outside_users']['STATUS_MSG'] = _("Ok"); $this->checks['outside_users']['ERROR_MSG'] = ""; return TRUE; } } /* Check ldap accessibility * Create and remove a dummy object, * to ensure that we have the necessary permissions */ function check_ldap_permissions() { global $config; $ldap = $config->get_ldap_link(); /* Create dummy entry */ $name = "GOsa_setup_text_entry_".session_id().rand(0, 999999); $dn = "ou=".$name.",".$config->current['BASE']; $testEntry = array(); $testEntry['objectClass'][] = "top"; $testEntry['objectClass'][] = "organizationalUnit"; $testEntry['objectClass'][] = "gosaDepartment"; $testEntry['description'] = "Created by FusionDirectory setup, this object can be removed."; $testEntry['ou'] = $name; /* check if simple ldap cat will be successful */ $res = $ldap->cat($config->current['BASE']); if (!$res) { $this->checks['permissions']['STATUS'] = FALSE; $this->checks['permissions']['STATUS_MSG'] = _("LDAP query failed"); $this->checks['permissions']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); return FALSE; }
491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560
/* Try to create dummy object */ $ldap->cd ($dn); $res = $ldap->add($testEntry); $ldap->cat($dn); if (!$ldap->count()) { new log("view", "setup/".get_class($this), $dn, array(), $ldap->get_error()); $this->checks['permissions']['STATUS'] = FALSE; $this->checks['permissions']['STATUS_MSG'] = _("Failed"); $this->checks['permissions']['ERROR_MSG'] = sprintf(_("The specified user '%s' does not have full access to your ldap database."), $config->current['ADMINDN']); return FALSE; } /* Try to remove created entry */ $res = $ldap->rmDir($dn); $ldap->cat($dn); if ($ldap->count()) { new log("view", "setup/".get_class($this), $dn, array(), $ldap->get_error()); $this->checks['permissions']['STATUS'] = FALSE; $this->checks['permissions']['STATUS_MSG'] = _("Failed"); $this->checks['permissions']['ERROR_MSG'] = sprintf(_("The specified user '%s' does not have full access to your ldap database."), $config->current['ADMINDN']); return FALSE; } /* Create & remove of dummy object was successful */ $this->checks['permissions']['STATUS'] = TRUE; $this->checks['permissions']['STATUS_MSG'] = _("Ok"); $this->checks['permissions']['ERROR_MSG'] = ""; return TRUE; } /* Check if there are users which will * be invisible for FusionDirectory */ function check_gosaAccounts() { global $config; $ldap = $config->get_ldap_link(); /* Remember old list of invisible users, to be able to set * the 'html checked' status for the checkboxes again */ $old = $this->users_to_migrate; $this->users_to_migrate = array(); /* Get all invisible users */ $ldap->cd($config->current['BASE']); $res = $ldap->search("(&(|(objectClass=posixAccount)(&(objectClass=inetOrgPerson)(objectClass=organizationalPerson))(objectClass=OpenLDAPperson))(!(objectClass=gosaAccount))(!(&(objectClass=Account)(objectClass=sambaSamAccount)))(uid=*))", array("sn","givenName","cn","uid")); while ($attrs = $ldap->fetch()) { if (!preg_match("/,dc=addressbook,/", $attrs['dn'])) { $attrs['checked'] = FALSE; $attrs['before'] = ""; $attrs['after'] = ""; /* Set objects to selected, that were selected before reload */ if (isset($old[base64_encode($attrs['dn'])])) { $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked']; } $this->users_to_migrate[base64_encode($attrs['dn'])] = $attrs; } } /* No invisible */ if (!$res) { $this->checks['users_visible']['STATUS'] = FALSE; $this->checks['users_visible']['STATUS_MSG'] = _("LDAP query failed");
561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630
$this->checks['users_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); } elseif (count($this->users_to_migrate) == 0) { $this->checks['users_visible']['STATUS'] = TRUE; $this->checks['users_visible']['STATUS_MSG'] = _("Ok"); $this->checks['users_visible']['ERROR_MSG'] = ""; } else { $this->checks['users_visible']['STATUS'] = FALSE; $this->checks['users_visible']['STATUS_MSG'] = "<div style='color:#F0A500'>"._("Warning")."</div>"; $this->checks['users_visible']['ERROR_MSG'] = sprintf(_("Found %s user(s) that will not be visible in FusionDirectory or which are incomplete."), count($this->users_to_migrate)); $this->checks['users_visible']['ERROR_MSG'] .= "<input type='submit' name='users_visible_migrate' value='"._("Migrate")."...'>"; } } /* Start user account migration */ function migrate_gosaAccounts($only_ldif = FALSE) { global $config; $ldap = $config->get_ldap_link(); $this->show_details = $only_ldif; /* Add gosaAccount objectClass to the selected users */ foreach ($this->users_to_migrate as $key => $dep) { if ($dep['checked']) { /* Get old objectClasses */ $ldap->cat($dep['dn'], array("objectClass")); $attrs = $ldap->fetch(); /* Create new objectClass array */ $new_attrs = array(); $new_attrs['objectClass'] = array("gosaAccount","inetOrgPerson","organizationalPerson","person"); for ($i = 0; $i < $attrs['objectClass']['count']; $i++) { if (!in_array_ics($attrs['objectClass'][$i], $new_attrs['objectClass'])) { $new_attrs['objectClass'][] = $attrs['objectClass'][$i]; } } /* Set info attributes for current object, * or write changes to the ldap database */ if ($only_ldif) { $this->users_to_migrate[$key]['before'] = $this->array_to_ldif($attrs); $this->users_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs); } else { $ldap->cd($attrs['dn']); if (!$ldap->modify($new_attrs)) { msg_dialog::display(_("Migration error"), sprintf(_("Cannot migrate department '%s':")."<br><br><i>%s</i>", LDAP::fix($attrs['dn']), $ldap->get_error()), ERROR_DIALOG); return FALSE; } } } } return TRUE; } /* Check if there are invisible organizational Units */ function check_organizationalUnits() { global $config; $ldap = $config->get_ldap_link(); $old = $this->deps_to_migrate; $this->deps_to_migrate = array(); /* Skip FusionDirectory internal departments */ $skip_dns = array("/".get_ou('userRDN')."/","/".get_ou('groupRDN')."/","/".get_ou('aclRoleRDN')."/",
631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700
"/^ou=people,/","/^ou=groups,/","/^ou=sudoers,/", "/(,|)ou=configs,/","/(,|)ou=systems,/","/(,|)ou=tokens,/", "/(,|)ou=apps,/","/(,|)ou=mime,/","/(,|)ou=devices/", "/ou=snapshots,/","/(,|)dc=addressbook,/","/^(,|)ou=machineaccounts,/","/^ou=opsi,/","/^ou=structures,/", "/(,|)ou=winstations,/","/^ou=hosts,/","/^ou=computers,/","/^ou=idmap,/","/^ou=Idmap,/","/(,|)ou=roles,/"); /* Get all invisible departments */ $ldap->cd($config->current['BASE']); $res = $ldap->search("(&(objectClass=organizationalUnit)(!(objectClass=gosaDepartment)))", array("ou","description","dn")); while ($attrs = $ldap->fetch()) { $attrs['checked'] = FALSE; $attrs['before'] = ""; $attrs['after'] = ""; /* Set objects to selected, that were selected before reload */ if (isset($old[base64_encode($attrs['dn'])])) { $attrs['checked'] = $old[base64_encode($attrs['dn'])]['checked']; } $this->deps_to_migrate[base64_encode($attrs['dn'])] = $attrs; } /* Filter returned list of departments and ensure that * FusionDirectory internal departments will not be listed */ foreach ($this->deps_to_migrate as $key => $attrs) { $dn = $attrs['dn']; $skip = FALSE; /* Check if this object is an application release object e.g. groups-> application menus. */ if (preg_match("/^.*,[ ]*cn=/", $dn)) { $cn_dn = preg_replace("/^.*,[ ]*cn=/", "cn=", $dn); if (in_array($cn_dn, $this->group_list)) { $skip = TRUE; } } foreach ($skip_dns as $skip_dn) { if (preg_match($skip_dn, $dn)) { $skip = TRUE; } } if ($skip) { unset($this->deps_to_migrate[$key]); } } /* If we have no invisible departments found * tell the user that everything is ok */ if (!$res) { $this->checks['deps_visible']['STATUS'] = FALSE; $this->checks['deps_visible']['STATUS_MSG'] = _("LDAP query failed"); $this->checks['deps_visible']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); } elseif (count($this->deps_to_migrate) == 0 ) { $this->checks['deps_visible']['STATUS'] = TRUE; $this->checks['deps_visible']['STATUS_MSG'] = _("Ok"); $this->checks['deps_visible']['ERROR_MSG'] = ""; } else { $this->checks['deps_visible']['STATUS'] = TRUE; $this->checks['deps_visible']['STATUS_MSG'] = '<font style="color:#FFA500">'._("Warning").'</font>'; $this->checks['deps_visible']['ERROR_MSG'] = sprintf(_("Found %s department(s) that will not be visible in FusionDirectory."), count($this->deps_to_migrate)); $this->checks['deps_visible']['ERROR_MSG'] .= "&nbsp;<input type='submit' name='deps_visible_migrate' value='"._("Migrate")."...'>"; } } /* Start deparmtment migration */
701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770
function migrate_organizationalUnits($only_ldif = FALSE) { global $config; $ldap = $config->get_ldap_link(); $this->show_details = $only_ldif; /* Add gosaDepartment objectClass to each selected entry */ foreach ($this->deps_to_migrate as $key => $dep) { if ($dep['checked']) { /* Get current objectClasses */ $ldap->cat($dep['dn'], array("objectClass","description")); $attrs = $ldap->fetch(); /* Create new objectClass attribute including gosaDepartment*/ $new_attrs = array(); for ($i = 0; $i < $attrs['objectClass']['count']; $i++) { $new_attrs['objectClass'][] = $attrs['objectClass'][$i]; } $new_attrs['objectClass'][] = "gosaDepartment"; /* Append description it is missing */ if (!isset($attrs['description'])) { $new_attrs['description'][] = "GOsa department"; } /* Depending on the parameter >only_diff< we save the changes as ldif * or we write our changes directly to the ldap database */ if ($only_ldif) { $this->deps_to_migrate[$key]['before'] = $this->array_to_ldif($attrs); $this->deps_to_migrate[$key]['after'] = $this->array_to_ldif($new_attrs); } else { $ldap->cd($attrs['dn']); if (!$ldap->modify($new_attrs)) { msg_dialog::display(_("Migration error"), sprintf(_("Cannot migrate department '%s':")."<br><br><i>%s</i>", LDAP::fix($attrs['dn']), $ldap->get_error()), ERROR_DIALOG); return FALSE; } } } } return TRUE; } /* Check Acls if there is at least one object with acls defined */ function check_administrativeAccount() { global $config; /* Reset settings */ $FD_1_0_8_found = FALSE; $this->migrate_users = array(); $this->acl_migrate_dialog = FALSE; $this->migrate_acl_base_entry = ""; $valid_admin = FALSE; /* Establish ldap connection */ $ldap = $config->get_ldap_link(); $ldap->cd($config->current['BASE']); $res = $ldap->cat($config->current['BASE']); if (!$res) { $this->checks['acls']['STATUS'] = FALSE; $this->checks['acls']['STATUS_MSG'] = _("LDAP query failed"); $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); } else { $FD_1_0_8_found = FALSE; // GOsa 2.6 Account found $FD_1_0_7_found = FALSE; // GOsa 2.5 Account found, allow migration
771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840
$attrs = $ldap->fetch(); /* Collect a list of available FusionDirectory users and groups */ $users = array(); $ldap->search("(&(objectClass=gosaAccount)(objectClass=person)". "(objectClass=inetOrgPerson)(objectClass=organizationalPerson))", array("uid","dn")); while ($user_attrs = $ldap->fetch()) { $users[$user_attrs['dn']] = $user_attrs['uid'][0]; $rusers[$user_attrs['uid'][0]] = $user_attrs['dn']; } $groups = array(); $ldap->search("objectClass=posixGroup", array("cn","dn")); while ($group_attrs = $ldap->fetch()) { $groups[$group_attrs['dn']] = $group_attrs['cn'][0]; } /* Check if a valid FusionDirectory 1.0.8 admin exists -> gosaAclEntry for an existing and accessible user. */ $valid_users = ""; $valid_groups = ""; if (isset($attrs['gosaAclEntry'])) { $acls = $attrs['gosaAclEntry']; for ($i = 0; $i < $acls['count']; $i++) { $acl = $acls[$i]; $tmp = explode(":", $acl); if ($tmp[1] == "subtree") { /* Check if acl owner is a valid FusionDirectory user account */ $ldap->cat(base64_decode($tmp[2]), array("gosaAclTemplate"), '(gosaAclTemplate=*:all;cmdrw)'); if ($ldap->count()) { $members = explode(",", $tmp[3]); foreach ($members as $member) { $member = base64_decode($member); if (isset($users[$member])) { if (!$valid_admin) { $valid_admin = $member; } $valid_users .= $users[$member].", "; $FD_1_0_8_found = TRUE; } if (isset($groups[$member])) { $ldap->cat($member); $group_attrs = $ldap->fetch(); $val_users = ""; if (isset($group_attrs['memberUid'])) { for ($e = 0; $e < $group_attrs['memberUid']['count']; $e ++) { if (isset($rusers[$group_attrs['memberUid'][$e]])) { if (!$valid_admin) { $valid_admin = $rusers[$group_attrs['memberUid'][$e]]; } $val_users .= $group_attrs['memberUid'][$e].", "; } } } if (!empty($val_users)) { $valid_groups .= $groups[$member]."(<i>".trim($val_users, ", ")."</i>), "; $FD_1_0_8_found = TRUE; } } } } } } } /* Try to find an old FD 1.0.7 administrator account that may be migrated */ if (!$FD_1_0_8_found) {