← Back to branch summary

~ubuntu-branches/ubuntu/trusty/ldap-account-manager/trusty-proposed

« back to all changes in this revision

Viewing changes to lib/modules/posixAccount.inc

  • Committer: Package Import Robot
  • Author(s): Roland Gruber
  • Date: 2013-07-21 11:15:58 UTC
  • mfrom: (1.2.21)
  • Revision ID: package-import@ubuntu.com-20130721111558-ex49xgcpo71fh0xg
Tags: 4.2.1-2
http://bugs.debian.org/669824
http://bugs.debian.org/711778
* Apache 2.4 support
* Fix "transition towards Apache 2.4" 
  support conf-enabled (Closes: #669824)
* Fix "[ldap-account-manager] Can't install ldap-account-manager"
  support conf-enabled (Closes: #711778)

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/modules/posixAccount.inc
1
1
<?php
2
2
/*
3
 
        $Id: posixAccount.inc 4814 2013-03-16 17:12:00Z gruberroland $
 
3
        $Id: posixAccount.inc 4952 2013-06-17 18:38:42Z gruberroland $
4
4
 
5
5
        This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
6
6
        Copyright (C) 2003 - 2006  Tilo Lutz
66
66
        private $cachedUIDList = null;
67
67
        /** caches the list of known user names */
68
68
        private $cachedUserNameList = null;
69
 
        /** if set to true the suggested user name for John Doe will be john.doe instead of jdoe */
70
 
        protected $SUGGEST_LONG_USER_NAME = false;
 
69
        
 
70
        /** replacements for common umlauts */
 
71
        private $umlautReplacements = array(
 
72
                'ä' => 'ae', 'Ä' => 'Ae', 'ö' => 'oe', 'Ö' => 'Oe', 'ü' => 'ue', 'Ü' => 'Ue',
 
73
                'ß' => 'ss', 'é' => 'e', 'è' => 'e', 'ô' => 'o', 'ç' => 'c'
 
74
        );
71
75
 
72
76
        /**
73
77
         *  This function fills the error message array with messages.
219
223
                $configOptionsContainer->addElement(new htmlSubTitle(_('Options')), true);
220
224
                $configOptionsContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(),
221
225
                        array('SSHA'), _("Password hash type"), 'pwdHash'), true);
222
 
                $configOptionsContainer->addElement(new htmlTableExtendedInputCheckbox('posixAccount_primaryGroupAsSecondary', false, _('Set primary group as memberUid'), 'primaryGroupAsSecondary'), true);
223
226
                $configOptionsContainer->addElement(new htmlTableExtendedInputTextarea('posixAccount_shells', implode("\r\n", $this->getShells()), 30, 4, _('Login shells'), 'loginShells'), true);
 
227
                $hiddenOptionsContainer = new htmlGroup();
 
228
                $hiddenOptionsContainer->colspan = 5;
 
229
                $hiddenOptionsContainerHead = new htmlTable();
 
230
                $hiddenOptionsContainerHead->addElement(new htmlOutputText(_('Hidden options')));
 
231
                $hiddenOptionsContainerHead->addElement(new htmlHelpLink('hiddenOptions'));
 
232
                $hiddenOptionsContainer->addElement($hiddenOptionsContainerHead);
 
233
                $configContainerOptions = new htmlTable();
 
234
                $configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('posixAccount_hidegecos', false, _('Gecos'), null, false));
 
235
                if (isset($_SESSION['conf_config'])) {
 
236
                        $confActiveGONModules = array_merge($_SESSION['conf_config']->get_AccountModules('group'), $_SESSION['conf_config']->get_AccountModules('gon'));
 
237
                        if (in_array('groupOfNames', $confActiveGONModules) || in_array('groupOfUniqueNames', $confActiveGONModules)) {
 
238
                                $configContainerOptions->addElement(new htmlOutputText(' '));
 
239
                                $configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('posixAccount_hidegon', false, _('Groups of names'), null, false));
 
240
                                $configContainerOptions->addElement(new htmlOutputText(' '));
 
241
                                $configContainerOptions->addElement(new htmlTableExtendedInputCheckbox('posixAccount_hideposixGroups', false, _('Unix groups'), null, false));
 
242
                        }
 
243
                }               
 
244
                $hiddenOptionsContainer->addElement($configContainerOptions);
 
245
                $configOptionsContainer->addElement($hiddenOptionsContainer, true);
 
246
                $advancedOptions = new htmlTable();
 
247
                $advancedOptions->addElement(new htmlTableExtendedInputCheckbox('posixAccount_primaryGroupAsSecondary', false, _('Set primary group as memberUid'), 'primaryGroupAsSecondary'), true);
 
248
                $advancedOptions->addElement(new htmlTableExtendedInputField(_('User name suggestion'), 'posixAccount_userNameSuggestion', '@givenname@%sn%', 'userNameSuggestion'));
 
249
                $advancedOptionsAccordion = new htmlAccordion('posixAccountAdvancedOptions', array(_('Advanced options') => $advancedOptions), false);
 
250
                $advancedOptionsAccordion->colspan = 5;
 
251
                $configOptionsContainer->addElement($advancedOptionsAccordion);
 
252
                
224
253
                $return['config_options']['all'] = $configOptionsContainer;
225
254
                // upload
226
255
                $return['upload_preDepends'] = array('inetOrgPerson');
296
325
                                'values' => 'true, false',
297
326
                                'default' => 'false'
298
327
                        ),
299
 
                        array(
300
 
                                'name' => 'posixAccount_gecos',
301
 
                                'description' => _('Gecos'),
302
 
                                'help' => 'gecos',
303
 
                                'example' => _('Steve Miller,Room 2.14,123-123-1234,123-123-1234')
304
 
                        )
305
328
                        );
 
329
                        if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
 
330
                                $return['upload_columns'][] = array(
 
331
                                        'name' => 'posixAccount_gecos',
 
332
                                        'description' => _('Gecos'),
 
333
                                        'help' => 'gecos',
 
334
                                        'example' => _('Steve Miller,Room 2.14,123-123-1234,123-123-1234')
 
335
                                );
 
336
                        }
306
337
                        if (self::areGroupOfNamesActive()) {
307
338
                                $return['upload_columns'][] = array(
308
339
                                        'name' => 'posixAccount_gon',
309
 
                                        'description' => _('Group of names'),
 
340
                                        'description' => _('Groups of names'),
310
341
                                        'help' => 'addgroup_upload',
311
342
                                        'example' => _('group01,group02')
312
343
                                );
336
367
                                'example' => _('machines'),
337
368
                                'required' => true
338
369
                        ),
339
 
                        array(
340
 
                                'name' => 'posixAccount_gecos',
341
 
                                'description' => _('Gecos'),
342
 
                                'help' => 'gecos',
343
 
                                'example' => _('pc01,Room 2.34')
344
 
                        )
345
370
                        );
 
371
                        if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
 
372
                                $return['upload_columns'][] = array(
 
373
                                        'name' => 'posixAccount_gecos',
 
374
                                        'description' => _('Gecos'),
 
375
                                        'help' => 'gecos',
 
376
                                        'example' => _('pc01,Room 2.34')
 
377
                                ); 
 
378
                        }
346
379
                }
347
380
                // available PDF fields
348
381
                if ($this->get_scope() == 'host') {
354
387
                $return['PDF_fields'] = array_merge($return['PDF_fields'], array(
355
388
                        'uidNumber' => _('UID number'),
356
389
                        'gidNumber' => _('GID number'),
357
 
                        'gecos' => _('Gecos'),
358
390
                        'primaryGroup' => _('Primary group'),
359
391
                        'additionalGroups' => _('Additional groups'),
360
392
                        'homeDirectory' => _('Home directory'),
362
394
                        'cn' => _('Common name'),
363
395
                        'userPassword' => _('Password')
364
396
                ));
 
397
                if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
 
398
                        $return['PDF_fields']['gecos'] = _('Gecos');
 
399
                }
365
400
                if (self::areGroupOfNamesActive()) {
366
 
                        $return['PDF_fields']['gon'] = _('Group of names');
 
401
                        $return['PDF_fields']['gon'] = _('Groups of names');
367
402
                }
368
403
                // help Entries
369
404
                $return['help'] = array(
 
405
                        'userNameSuggestion' => array(
 
406
                                "Headline" => _("User name suggestion"),
 
407
                                "Text" => _("LAM will suggest a user name based on e.g. first and last name. Here you can specify the suggestion. %sn% will be replaced by the last name. @givenname@ will be replaced by the first character of first name. Only attributes of tab Personal may be used.")
 
408
                                                        . '<br>' . _('Common examples are "@givenname@%sn%" or "%givenname%.%sn%".')
 
409
                        ),
 
410
                        'hiddenOptions' => array(
 
411
                                "Headline" => _("Hidden options"),
 
412
                                "Text" => _("The selected options will not be managed inside LAM. You can use this to reduce the number of displayed input fields.")
 
413
                        ),
370
414
                        'primaryGroupAsSecondary' => array(
371
415
                                'Headline' => _('Set primary group as memberUid'),
372
416
                                'Text' => _('Usually, users are not added to groups as memberUid if they have this group as primary group. If your application ignores primary groups then you can select this option to override this behaviour.')
544
588
                        for ($i = 0; $i < sizeof($gonList); $i++) {
545
589
                                $this->gonList_orig[] = $gonList[$i]['dn'];
546
590
                        }
 
591
                        $this->gonList_orig = array_values(array_unique($this->gonList_orig));
547
592
                        $this->gonList = $this->gonList_orig;
548
593
                }
549
594
        }
686
731
                        $ldapUser = $ldapUser[0];
687
732
                        // update groups if DN changed
688
733
                        if (isset($this->getAccountContainer()->dn_orig) && ($this->getAccountContainer()->dn_orig != $this->getAccountContainer()->finalDN)) {
 
734
                                // update member attributes
689
735
                                for ($i = 0; $i < sizeof($toUpdate); $i++) {
690
736
                                        if (isset($gons[$toUpdate[$i]])) {
691
737
                                                $attrName = 'member';
694
740
                                                }
695
741
                                                $success = @ldap_mod_add($_SESSION['ldap']->server(), $toUpdate[$i], array($attrName => array($this->getAccountContainer()->finalDN)));
696
742
                                                if (!$success) {
697
 
                                                        logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add attributes to DN: ' . $toUpdate[$i] . ' (' . ldap_err2str(ldap_errno($_SESSION['ldap']->server())) . ').');
 
743
                                                        logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add changed user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toUpdate[$i] . ' (' . ldap_err2str(ldap_errno($_SESSION['ldap']->server())) . ').');
698
744
                                                        $messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toUpdate[$i]), ldap_error($_SESSION['ldap']->server()));
699
745
                                                }
 
746
                                                else {
 
747
                                                        logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added changed user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toUpdate[$i]);
 
748
                                                }
700
749
                                                $success = @ldap_mod_del($_SESSION['ldap']->server(), $toUpdate[$i], array($attrName => array($this->getAccountContainer()->dn_orig)));
701
750
                                                if (!$success) {
702
 
                                                        logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to remove attributes from DN: ' . $toUpdate[$i] . ' (' . ldap_err2str(ldap_errno($_SESSION['ldap']->server())) . ').');
 
751
                                                        logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to remove changed user ' . $this->getAccountContainer()->dn_orig . ' from group: ' . $toUpdate[$i] . ' (' . ldap_err2str(ldap_errno($_SESSION['ldap']->server())) . ').');
703
752
                                                        $messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toUpdate[$i]), ldap_error($_SESSION['ldap']->server()));
704
753
                                                }
 
754
                                                else {
 
755
                                                        logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed changed user ' . $this->getAccountContainer()->dn_orig . ' from group: ' . $toUpdate[$i]);
 
756
                                                }
 
757
                                        }
 
758
                                }
 
759
                                // update owner attributes
 
760
                                $types = $_SESSION['config']->get_ActiveTypes();
 
761
                                if (in_array('gon', $types)) {
 
762
                                        $gonTypes[] = 'gon';
 
763
                                }
 
764
                                if (in_array('group', $types)) {
 
765
                                        $gonTypes[] = 'group';
 
766
                                }
 
767
                                $ownerGroups = searchLDAPByAttribute('owner', $this->getAccountContainer()->dn_orig, null, array('dn', 'owner'), $gonTypes);
 
768
                                for ($i = 0; $i < sizeof($ownerGroups); $i++) {
 
769
                                        $found = false;
 
770
                                        $newOwners = $ownerGroups[$i]['owner'];
 
771
                                        for ($o = 0; $o < sizeof($newOwners); $o++) {
 
772
                                                if ($newOwners[$o] == $this->getAccountContainer()->dn_orig) {
 
773
                                                        $newOwners[$o] = $this->getAccountContainer()->finalDN;
 
774
                                                        $found = true;
 
775
                                                        break;
 
776
                                                }
 
777
                                        }
 
778
                                        if ($found) {
 
779
                                                $success = @ldap_mod_replace($_SESSION['ldap']->server(), $ownerGroups[$i]['dn'], array('owner' => $newOwners));
 
780
                                                if (!$success) {
 
781
                                                        logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to modify attributes of DN: ' . $ownerGroups[$i]['dn'] . ' (' . ldap_err2str(ldap_errno($_SESSION['ldap']->server())) . ').');
 
782
                                                        $messages[] = array('ERROR', sprintf(_('Was unable to modify attributes of DN: %s.'), $ownerGroups[$i]['dn']), ldap_error($_SESSION['ldap']->server()));
 
783
                                                }
705
784
                                        }
706
785
                                }
707
786
                        }
714
793
                                        }
715
794
                                        $success = @ldap_mod_add($_SESSION['ldap']->server(), $toAdd[$i], array($attrName => array($this->getAccountContainer()->finalDN)));
716
795
                                        if (!$success) {
717
 
                                                logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add attributes to DN: ' . $toAdd[$i] . ' (' . ldap_err2str(ldap_errno($_SESSION['ldap']->server())) . ').');
 
796
                                                logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to add user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i] . ' (' . ldap_err2str(ldap_errno($_SESSION['ldap']->server())) . ').');
718
797
                                                $messages[] = array('ERROR', sprintf(_('Was unable to add attributes to DN: %s.'), $toAdd[$i]), ldap_error($_SESSION['ldap']->server()));
719
798
                                        }
 
799
                                        else {
 
800
                                                logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Added user ' . $this->getAccountContainer()->finalDN . ' to group: ' . $toAdd[$i]);
 
801
                                        }
720
802
                                }
721
803
                        }
722
804
                        // remove groups
728
810
                                        }
729
811
                                        $success = @ldap_mod_del($_SESSION['ldap']->server(), $toRem[$i], array($attrName => array($this->getAccountContainer()->dn_orig)));
730
812
                                        if (!$success) {
731
 
                                                logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete attributes from DN: ' . $toRem[$i] . ' (' . ldap_err2str(ldap_errno($_SESSION['ldap']->server())) . ').');
 
813
                                                logNewMessage(LOG_ERR, '[' . $ldapUser .'] Unable to delete user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i] . ' (' . ldap_err2str(ldap_errno($_SESSION['ldap']->server())) . ').');
732
814
                                                $messages[] = array('ERROR', sprintf(_('Was unable to remove attributes from DN: %s.'), $toRem[$i]), ldap_error($_SESSION['ldap']->server()));
733
815
                                        }
 
816
                                        else {
 
817
                                                logNewMessage(LOG_NOTICE, '[' . $ldapUser .'] Removed user ' . $this->getAccountContainer()->finalDN . ' from group: ' . $toRem[$i]);
 
818
                                        }
734
819
                                }
735
820
                        }
736
821
                }
828
913
                if (isset($_POST['loginShell'])) {
829
914
                        $this->attributes['loginShell'][0] = $_POST['loginShell'];
830
915
                }
831
 
                if (isset($_POST['gecos'])) $this->attributes['gecos'][0] = $_POST['gecos'];
832
 
                if (isset($this->orig['uid'][0]) && ($this->orig['uid'][0] != '') && ($_POST['uid'] != $this->attributes['uid'][0])) {
 
916
                if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
 
917
                        if (isset($_POST['gecos'])) $this->attributes['gecos'][0] = $_POST['gecos'];
 
918
                }
 
919
                if (isset($this->orig['uid'][0]) && ($this->orig['uid'][0] != '') && (trim($_POST['uid']) != $this->attributes['uid'][0])) {
833
920
                        $errors[] = $this->messages['uid'][0];
834
921
                }
835
922
                if (isset($this->orig['gidNumber'][0]) && ($this->orig['gidNumber'][0] != '') && ($_POST['gidNumber'] != $this->attributes['gidNumber'][0])) {
837
924
                        $errorMessage[] = array($this->orig['gidNumber'][0], $this->orig['uidNumber'][0], $_POST['gidNumber']);
838
925
                        $errors[] = $errorMessage;
839
926
                }
840
 
                if (isset($this->orig['uidNumber'][0]) && $this->orig['uidNumber'][0]!='' && $_POST['uidNumber']!=$this->attributes['uidNumber'][0]) {
 
927
                if (isset($this->orig['uidNumber'][0]) && $this->orig['uidNumber'][0]!='' && trim($_POST['uidNumber'])!=$this->attributes['uidNumber'][0]) {
841
928
                        $errorMessage = $this->messages['uidNumber'][5];
842
929
                        $errorMessage[] = array($this->orig['uidNumber'][0], $_POST['uidNumber']);
843
930
                        $errors[] = $errorMessage;
877
964
                if (!get_preg($this->attributes['cn'][0], 'cn')) {
878
965
                        $errors[] = $this->messages['cn'][0];
879
966
                }
880
 
                $this->attributes['uidNumber'][0] = $_POST['uidNumber'];
 
967
                $this->attributes['uidNumber'][0] = trim($_POST['uidNumber']);
881
968
                $this->attributes['gidNumber'][0] = $_POST['gidNumber'];
882
969
                if ($this->get_scope()=='user') {
883
970
                        if (($this->attributes['uid'][0] != $_POST['uid']) && !get_preg($_POST['uid'], '!upper')) {
887
974
                                $errors[] = $this->messages['homeDirectory'][0];
888
975
                        }
889
976
                }
890
 
                $this->attributes['uid'][0] = $_POST['uid'];
 
977
                $this->attributes['uid'][0] = trim($_POST['uid']);
891
978
                // Check if UID is valid. If none value was entered, the next useable value will be inserted
892
979
                // load min and may uidNumber
893
980
                if ($this->get_scope()=='user') {
918
1005
                        // check manual ID
919
1006
                        if ($this->getAccountContainer()->isNewAccount || !isset($this->orig['uidNumber'][0]) || ($this->orig['uidNumber'][0] != $this->attributes['uidNumber'][0])) {
920
1007
                                // check range
921
 
                                if (!is_numeric($this->attributes['uidNumber'][0]) || ($this->attributes['uidNumber'][0] < $minID) || ($this->attributes['uidNumber'][0] > $maxID)) $errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
 
1008
                                if (($this->get_scope() == 'user') && (!isset($this->moduleSettings['posixAccount_uidGeneratorUsers']) || ($this->moduleSettings['posixAccount_uidGeneratorUsers'][0] != 'sambaPool'))) {
 
1009
                                        if (!is_numeric($this->attributes['uidNumber'][0]) || ($this->attributes['uidNumber'][0] < $minID) || ($this->attributes['uidNumber'][0] > $maxID)) {
 
1010
                                                $errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
 
1011
                                        }
 
1012
                                }
 
1013
                                if (($this->get_scope() == 'host') && (!isset($this->moduleSettings['posixAccount_uidGeneratorHosts']) || ($this->moduleSettings['posixAccount_uidGeneratorHosts'][0] != 'sambaPool'))) {
 
1014
                                        if (!is_numeric($this->attributes['uidNumber'][0]) || ($this->attributes['uidNumber'][0] < $minID) || ($this->attributes['uidNumber'][0] > $maxID)) {
 
1015
                                                $errors[] = array('ERROR', _('ID-Number'), sprintf(_('Please enter a value between %s and %s!'), $minID, $maxID));
 
1016
                                        }
 
1017
                                }
922
1018
                                // id-number is in use and account is a new account
923
1019
                                if ((in_array($this->attributes['uidNumber'][0], $uids)) && $this->orig['uidNumber'][0]=='') $errors[] = array('ERROR', _('ID-Number'), _('ID is already in use'));
924
1020
                                // id-number is in use, account is existing account and id-number is not used by itself
941
1037
                        }
942
1038
                }
943
1039
                // Show warning if LAM has changed username
944
 
                if ($this->attributes['uid'][0] != $_POST['uid']) {
 
1040
                if ($this->attributes['uid'][0] != trim($_POST['uid'])) {
945
1041
                        if ($this->get_scope()=='user') $errors[] = $this->messages['uid'][5];
946
1042
                        if ($this->get_scope()=='host') $errors[] = $this->messages['uid'][6];
947
1043
                }
966
1062
                                $this->attributes['loginShell'][0] = '/bin/false';
967
1063
                        }
968
1064
                }
969
 
                $attributeList = array('gecos', 'homeDirectory');
 
1065
                $attributeList = array('homeDirectory');
 
1066
                if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
 
1067
                        $attributeList[] = 'gecos';
 
1068
                }
970
1069
                for ($i = 0; $i < sizeof($attributeList); $i++) {
971
1070
                        if (isset($this->attributes[$attributeList[$i]][0])) {
972
1071
                                $value = $this->attributes[$attributeList[$i]][0];
988
1087
        * @return string attribute value with replaced non-ASCII characters
989
1088
        */
990
1089
        function checkASCII($attribute) {
991
 
                // convert UTF8 to ASCII
992
 
                $convert = array ( 'ä' => 'ae', 'Ä' => 'Ae', 'ö' => 'oe', 'Ö' => 'Oe', 'ü' => 'ue', 'Ü' => 'Ue',
993
 
                        'ß' => 'ss', 'é' => 'e', 'è' => 'e', 'ô' => 'o', 'ç' => 'c'
994
 
                        );
 
1090
                if ($attribute == null) {
 
1091
                        return '';
 
1092
                }
995
1093
                // replace special characters
996
 
                foreach ($convert as $key => $value) {
997
 
                        $attribute = str_replace($key, $value, $attribute);
998
 
                }
 
1094
                $attribute = str_replace(array_keys($this->umlautReplacements), array_values($this->umlautReplacements), $attribute);
999
1095
                // remove remaining UTF-8 characters
1000
1096
                for ($c = 0; $c < strlen($attribute); $c++) {
1001
1097
                        if (ord($attribute[$c]) > 127) {
1014
1110
        */
1015
1111
        function process_group() {
1016
1112
                // Unix groups
1017
 
                if (isset($_POST['addgroups']) && isset($_POST['addgroups_button'])) { // Add groups to list
1018
 
                        // add new group
1019
 
                        $this->groups = @array_merge($this->groups, $_POST['addgroups']);
1020
 
                }
1021
 
                elseif (isset($_POST['removegroups']) && isset($_POST['removegroups_button'])) { // remove groups from list
1022
 
                        $this->groups = array_delete($_POST['removegroups'], $this->groups);
 
1113
                if (!$this->isBooleanConfigOptionSet('posixAccount_hideposixGroups')) {
 
1114
                        if (isset($_POST['addgroups']) && isset($_POST['addgroups_button'])) { // Add groups to list
 
1115
                                // add new group
 
1116
                                $this->groups = @array_merge($this->groups, $_POST['addgroups']);
 
1117
                        }
 
1118
                        elseif (isset($_POST['removegroups']) && isset($_POST['removegroups_button'])) { // remove groups from list
 
1119
                                $this->groups = array_delete($_POST['removegroups'], $this->groups);
 
1120
                        }
1023
1121
                }
1024
1122
                // group of names
1025
 
                if (self::areGroupOfNamesActive()) {
 
1123
                if (self::areGroupOfNamesActive() && !$this->isBooleanConfigOptionSet('posixAccount_hidegon')) {
1026
1124
                        if (isset($_POST['addgons']) && isset($_POST['addgons_button'])) { // Add groups to list
1027
1125
                                // add new group
1028
1126
                                $this->gonList = @array_merge($this->gonList, $_POST['addgons']);
1167
1265
                $uidNumberInput->setFieldMaxLength(20);
1168
1266
                $uidNumberInput->setValidationRule(htmlElement::VALIDATE_NUMERIC);
1169
1267
                $return->addElement($uidNumberInput, true);
1170
 
                $gecos = '';
1171
 
                if (isset($this->attributes['gecos'][0])) $gecos = $this->attributes['gecos'][0];
1172
 
                $return->addElement(new htmlTableExtendedInputField(_('Gecos'), 'gecos', $gecos, 'gecos'), true);
 
1268
                if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
 
1269
                        $gecos = '';
 
1270
                        if (isset($this->attributes['gecos'][0])) $gecos = $this->attributes['gecos'][0];
 
1271
                        $return->addElement(new htmlTableExtendedInputField(_('Gecos'), 'gecos', $gecos, 'gecos'), true);
 
1272
                }
1173
1273
                $primaryGroup = array();
1174
1274
                if (isset($this->attributes['gidNumber'][0])) {
1175
1275
                        $primaryGroup[] = $this->attributes['gidNumber'][0];
1180
1280
 
1181
1281
                if ($this->get_scope()=='user') {
1182
1282
                        // additional groups
1183
 
                        $return->addElement(new htmlOutputText(_('Additional groups')));
1184
 
                        $return->addElement(new htmlAccountPageButton(get_class($this), 'group', 'open', _('Edit groups')));
1185
 
                        $return->addElement(new htmlHelpLink('addgroup'), true);
 
1283
                        if (!$this->isBooleanConfigOptionSet('posixAccount_hidegon') || !$this->isBooleanConfigOptionSet('posixAccount_hideposixGroups')) {
 
1284
                                $return->addElement(new htmlOutputText(_('Additional groups')));
 
1285
                                $return->addElement(new htmlAccountPageButton(get_class($this), 'group', 'open', _('Edit groups')));
 
1286
                                $return->addElement(new htmlHelpLink('addgroup'), true);
 
1287
                        }
1186
1288
                        // home directory
1187
1289
                        $homedirInput = new htmlTableExtendedInputField(_('Home directory'), 'homeDirectory', $this->attributes['homeDirectory'][0], 'homeDirectory');
1188
1290
                        $homedirInput->setRequired(true);
1257
1359
        */
1258
1360
        function display_html_group() {
1259
1361
                $return = new htmlTable();
1260
 
                // load list with all groups
1261
 
                $groups = $this->findGroups();
1262
 
                for ($i = 0; $i < sizeof($groups); $i++) {
1263
 
                        $groups[$i] = $groups[$i][1];
 
1362
                if (!$this->isBooleanConfigOptionSet('posixAccount_hideposixGroups')) {
 
1363
                        // load list with all groups
 
1364
                        $groups = $this->findGroups();
 
1365
                        for ($i = 0; $i < sizeof($groups); $i++) {
 
1366
                                $groups[$i] = $groups[$i][1];
 
1367
                        }
 
1368
                        // remove groups the user is member of from grouplist
 
1369
                        $groups = array_delete($this->groups, $groups);
 
1370
                        // Remove primary group from grouplist
 
1371
                        $group = $this->getGroupName($this->attributes['gidNumber'][0]);
 
1372
                        $groups = array_flip($groups);
 
1373
                        unset ($groups[$group]);
 
1374
                        $groups = array_flip($groups);
 
1375
        
 
1376
                        $unixContainer = new htmlTable();
 
1377
                        $unixContainer->alignment = htmlElement::ALIGN_TOP;
 
1378
                        $unixContainer->addElement(new htmlSubTitle(_("Unix groups")), true);
 
1379
                        $unixContainer->addElement(new htmlOutputText(_("Selected groups")));
 
1380
                        $unixContainer->addElement(new htmlOutputText(''));
 
1381
                        $unixContainer->addElement(new htmlOutputText(_("Available groups")));
 
1382
                        $unixContainer->addNewLine();
 
1383
                        
 
1384
                        $remSelect = new htmlSelect('removegroups', $this->groups, null, 15);
 
1385
                        $remSelect->setMultiSelect(true);
 
1386
                        $remSelect->setTransformSingleSelect(false);
 
1387
                        $unixContainer->addElement($remSelect);
 
1388
                        $buttonContainer = new htmlTable();
 
1389
                        $buttonContainer->addElement(new htmlButton('addgroups_button', 'back.gif', true), true);
 
1390
                        $buttonContainer->addElement(new htmlButton('removegroups_button', 'forward.gif', true), true);
 
1391
                        $buttonContainer->addElement(new htmlHelpLink('addgroup'));
 
1392
                        $unixContainer->addElement($buttonContainer);
 
1393
                        $addSelect = new htmlSelect('addgroups', $groups, null, 15);
 
1394
                        $addSelect->setMultiSelect(true);
 
1395
                        $addSelect->setTransformSingleSelect(false);
 
1396
                        $unixContainer->addElement($addSelect);
 
1397
                        $unixContainer->addNewLine();
 
1398
                
 
1399
                        $return->addElement($unixContainer);
1264
1400
                }
1265
 
                // remove groups the user is member of from grouplist
1266
 
                $groups = array_delete($this->groups, $groups);
1267
 
                // Remove primary group from grouplist
1268
 
                $group = $this->getGroupName($this->attributes['gidNumber'][0]);
1269
 
                $groups = array_flip($groups);
1270
 
                unset ($groups[$group]);
1271
 
                $groups = array_flip($groups);
1272
 
 
1273
 
                $unixContainer = new htmlTable();
1274
 
                $unixContainer->alignment = htmlElement::ALIGN_TOP;
1275
 
                $unixContainer->addElement(new htmlSubTitle(_("Unix groups")), true);
1276
 
                $unixContainer->addElement(new htmlOutputText(_("Selected groups")));
1277
 
                $unixContainer->addElement(new htmlOutputText(''));
1278
 
                $unixContainer->addElement(new htmlOutputText(_("Available groups")));
1279
 
                $unixContainer->addNewLine();
1280
 
                
1281
 
                $remSelect = new htmlSelect('removegroups', $this->groups, null, 15);
1282
 
                $remSelect->setMultiSelect(true);
1283
 
                $remSelect->setTransformSingleSelect(false);
1284
 
                $unixContainer->addElement($remSelect);
1285
 
                $buttonContainer = new htmlTable();
1286
 
                $buttonContainer->addElement(new htmlButton('addgroups_button', 'back.gif', true), true);
1287
 
                $buttonContainer->addElement(new htmlButton('removegroups_button', 'forward.gif', true), true);
1288
 
                $buttonContainer->addElement(new htmlHelpLink('addgroup'));
1289
 
                $unixContainer->addElement($buttonContainer);
1290
 
                $addSelect = new htmlSelect('addgroups', $groups, null, 15);
1291
 
                $addSelect->setMultiSelect(true);
1292
 
                $addSelect->setTransformSingleSelect(false);
1293
 
                $unixContainer->addElement($addSelect);
1294
 
                $unixContainer->addNewLine();
1295
 
        
1296
 
                $return->addElement($unixContainer);
1297
 
 
1298
 
                if (self::areGroupOfNamesActive()) {
1299
 
                        $return->addElement(new htmlSpacer('100px', null));
 
1401
 
 
1402
                if (self::areGroupOfNamesActive() && !$this->isBooleanConfigOptionSet('posixAccount_hidegon')) {
 
1403
                        if (!$this->isBooleanConfigOptionSet('posixAccount_hideposixGroups')) {
 
1404
                                $return->addElement(new htmlSpacer('100px', null));
 
1405
                        }
1300
1406
                        
1301
1407
                        $gons = $this->findGroupOfNames();
1302
1408
                        
1303
1409
                        $gonContainer = new htmlTable();
1304
1410
                        $gonContainer->alignment = htmlElement::ALIGN_TOP;
1305
 
                        $gonContainer->addElement(new htmlSubTitle(_("Group of names")), true);
 
1411
                        $gonContainer->addElement(new htmlSubTitle(_("Groups of names")), true);
1306
1412
                        $gonContainer->addElement(new htmlOutputText(_("Selected groups")));
1307
1413
                        $gonContainer->addElement(new htmlOutputText(''));
1308
1414
                        $gonContainer->addElement(new htmlOutputText(_("Available groups")));
1341
1447
                }
1342
1448
                
1343
1449
                $return->addNewLine();
1344
 
                $return->addElement(new htmlSpacer(null, '10px'), true);
1345
 
                
 
1450
 
 
1451
                $backGroup = new htmlGroup();
 
1452
                $backGroup->colspan = 10;
 
1453
                $backGroup->addElement(new htmlSpacer(null, '10px'), true);
1346
1454
                $backButton = new htmlAccountPageButton(get_class($this), 'attributes', 'back', _('Back'));
1347
 
                $return->addElement($backButton);
 
1455
                $backGroup->addElement($backButton);
 
1456
                $return->addElement($backGroup);
1348
1457
                return $return;
1349
1458
        }
1350
1459
 
1448
1557
                                foreach ($gons as $dn => $attr) {
1449
1558
                                        $gonList[$attr['cn'][0]] = $dn;
1450
1559
                                }
1451
 
                                $gonSelect = new htmlTableExtendedSelect('posixAccount_gon', $gonList, array(), _('Group of names'), 'addgroup', 10);
 
1560
                                $gonSelect = new htmlTableExtendedSelect('posixAccount_gon', $gonList, array(), _('Groups of names'), 'addgroup', 10);
1452
1561
                                $gonSelect->setHasDescriptiveElements(true);
1453
1562
                                $gonSelect->setMultiSelect(true);
1454
1563
                                $gonSelect->setTransformSingleSelect(false);
1538
1647
                        $uidLabel = _('Host name');
1539
1648
                }
1540
1649
                $return = array(
1541
 
                        'posixAccount_uid' => array('<block><key>' . $uidLabel . '</key><value>' . $this->attributes['uid'][0] . '</value></block>'),
1542
 
                        'posixAccount_cn' => array('<block><key>' . _('Common name') . '</key><value>' . $this->attributes['cn'][0] . '</value></block>'),
1543
 
                        'posixAccount_uidNumber' => array('<block><key>' . _('UID number') . '</key><value>' . $this->attributes['uidNumber'][0] . '</value></block>'),
1544
 
                        'posixAccount_gidNumber' => array('<block><key>' . _('GID number') . '</key><value>' . $this->attributes['gidNumber'][0] . '</value></block>'),
1545
1650
                        'posixAccount_primaryGroup' => array('<block><key>' . _('Primary group') . '</key><value>' . $this->getGroupName($this->attributes['gidNumber'][0]) . '</value></block>'),
1546
1651
                        'posixAccount_additionalGroups' => array('<block><key>' . _('Additional groups') . '</key><value>' . implode(", ", $this->groups) . '</value></block>'),
1547
 
                        'posixAccount_homeDirectory' => array('<block><key>' . _('Home directory') . '</key><value>' . $this->attributes['homeDirectory'][0] . '</value></block>'),
1548
 
                        'posixAccount_loginShell' => array('<block><key>' . _('Login shell') . '</key><value>' . $this->attributes['loginShell'][0] . '</value></block>'),
1549
1652
                );
1550
 
                if (isset($this->attributes['gecos'][0])) {
1551
 
                        $return['posixAccount_gecos'] = array('<block><key>' . _('Gecos') . '</key><value>' . $this->attributes['gecos'][0] . '</value></block>');
1552
 
                }
 
1653
                $this->addSimplePDFField($return, 'uid', $uidLabel);
 
1654
                $this->addSimplePDFField($return, 'cn', _('Common name'));
 
1655
                $this->addSimplePDFField($return, 'uidNumber', _('UID number'));
 
1656
                $this->addSimplePDFField($return, 'gidNumber', _('GID number'));
 
1657
                $this->addSimplePDFField($return, 'homeDirectory', _('Home directory'));
 
1658
                $this->addSimplePDFField($return, 'loginShell', _('Login shell'));
 
1659
                $this->addSimplePDFField($return, 'gecos', _('Gecos'));
1553
1660
                if (self::areGroupOfNamesActive()) {
1554
1661
                        $allGons = $this->findGroupOfNames();
1555
1662
                        $gons = array();
1558
1665
                                        $gons[] = $allGons[$this->gonList[$i]]['cn'][0];
1559
1666
                                }
1560
1667
                        }
1561
 
                        $return['posixAccount_gon'] = array('<block><key>' . _('Group of names') . '</key><value>' . implode(", ", $gons) . '</value></block>');
 
1668
                        $return['posixAccount_gon'] = array('<block><key>' . _('Groups of names') . '</key><value>' . implode(", ", $gons) . '</value></block>');
1562
1669
                }
1563
1670
                if (isset($this->clearTextPassword)) {
1564
1671
                        $return['posixAccount_userPassword'] = array('<block><key>' . _('Password') . '</key><value>' . $this->clearTextPassword . '</value></block>');
1683
1790
                                if ($this->get_scope() == 'user') {
1684
1791
                                        if (($rawAccounts[$i][$ids['posixAccount_uid']] > $this->moduleSettings['posixAccount_minUID'][0]) &&
1685
1792
                                                ($rawAccounts[$i][$ids['posixAccount_uid']] < $this->moduleSettings['posixAccount_maxUID'][0])) {
1686
 
                                                $partialAccounts[$i]['uidNumber'] = $rawAccounts[$i][$ids['posixAccount_uid']];
 
1793
                                                $partialAccounts[$i]['uidNumber'] = trim($rawAccounts[$i][$ids['posixAccount_uid']]);
1687
1794
                                        }
1688
1795
                                        else {
1689
1796
                                                $errMsg = $this->messages['uidNumber'][4];
1694
1801
                                elseif ($this->get_scope() == 'host') {
1695
1802
                                        if (($rawAccounts[$i][$ids['posixAccount_uid']] > $this->moduleSettings['posixAccount_minMachine'][0]) &&
1696
1803
                                                ($rawAccounts[$i][$ids['posixAccount_uid']] < $this->moduleSettings['posixAccount_maxMachine'][0])) {
1697
 
                                                $partialAccounts[$i]['uidNumber'] = $rawAccounts[$i][$ids['posixAccount_uid']];
 
1804
                                                $partialAccounts[$i]['uidNumber'] = trim($rawAccounts[$i][$ids['posixAccount_uid']]);
1698
1805
                                        }
1699
1806
                                        else {
1700
1807
                                                $errMsg = $this->messages['uidNumber'][4];
1729
1836
                                $errors[] = $errMsg;
1730
1837
                        }
1731
1838
                        // GECOS
1732
 
                        if ($rawAccounts[$i][$ids['posixAccount_gecos']] != "") {
1733
 
                                if (get_preg($rawAccounts[$i][$ids['posixAccount_gecos']], 'gecos')) {
1734
 
                                        $partialAccounts[$i]['gecos'] = $this->checkASCII($rawAccounts[$i][$ids['posixAccount_gecos']]);
 
1839
                        if (!$this->isBooleanConfigOptionSet('posixAccount_hidegecos')) {
 
1840
                                if ($rawAccounts[$i][$ids['posixAccount_gecos']] != "") {
 
1841
                                        if (get_preg($rawAccounts[$i][$ids['posixAccount_gecos']], 'gecos')) {
 
1842
                                                $partialAccounts[$i]['gecos'] = $this->checkASCII($rawAccounts[$i][$ids['posixAccount_gecos']]);
 
1843
                                        }
 
1844
                                        else {
 
1845
                                                $errMsg = $this->messages['gecos'][0];
 
1846
                                                array_push($errMsg, array($i));
 
1847
                                                $errors[] = $errMsg;
 
1848
                                        }
1735
1849
                                }
1736
1850
                                else {
1737
 
                                        $errMsg = $this->messages['gecos'][0];
1738
 
                                        array_push($errMsg, array($i));
1739
 
                                        $errors[] = $errMsg;
1740
 
                                }
1741
 
                        }
1742
 
                        else {
1743
 
                                $gecos = "";
1744
 
                                if (($rawAccounts[$i][$ids['inetOrgPerson_firstName']] != "") && ($rawAccounts[$i][$ids['inetOrgPerson_lastName']] != "")) {
1745
 
                                        $gecos = $rawAccounts[$i][$ids['inetOrgPerson_firstName']] . " " . $rawAccounts[$i][$ids['inetOrgPerson_lastName']];
1746
 
                                        if ($rawAccounts[$i][$ids['inetOrgPerson_telephone']] != "") {
1747
 
                                                $gecos = $gecos . ",," . $rawAccounts[$i][$ids['inetOrgPerson_telephone']];  // double "," because room is unknown
1748
 
                                                if ($rawAccounts[$i][$ids['inetOrgPerson_fax']] != "") {
1749
 
                                                        $gecos = $gecos . "," . $rawAccounts[$i][$ids['inetOrgPerson_fax']];
 
1851
                                        $gecos = "";
 
1852
                                        if (($rawAccounts[$i][$ids['inetOrgPerson_firstName']] != "") && ($rawAccounts[$i][$ids['inetOrgPerson_lastName']] != "")) {
 
1853
                                                $gecos = $rawAccounts[$i][$ids['inetOrgPerson_firstName']] . " " . $rawAccounts[$i][$ids['inetOrgPerson_lastName']];
 
1854
                                                if ($rawAccounts[$i][$ids['inetOrgPerson_telephone']] != "") {
 
1855
                                                        $gecos = $gecos . ",," . $rawAccounts[$i][$ids['inetOrgPerson_telephone']];  // double "," because room is unknown
 
1856
                                                        if ($rawAccounts[$i][$ids['inetOrgPerson_fax']] != "") {
 
1857
                                                                $gecos = $gecos . "," . $rawAccounts[$i][$ids['inetOrgPerson_fax']];
 
1858
                                                        }
1750
1859
                                                }
1751
1860
                                        }
1752
 
                                }
1753
 
                                if ($gecos != "") {
1754
 
                                        $partialAccounts[$i]['gecos'] = $this->checkASCII($gecos);
 
1861
                                        if ($gecos != "") {
 
1862
                                                $partialAccounts[$i]['gecos'] = $this->checkASCII($gecos);
 
1863
                                        }
1755
1864
                                }
1756
1865
                        }
1757
1866
                        // user specific attributes
2580
2689
         * @return String user name
2581
2690
         */
2582
2691
        protected function getUserNameSuggestion($attrs) {
2583
 
                if (isset($attrs['sn'][0])) {
2584
 
                        if (isset($attrs['givenName'][0]) && ($attrs['givenName'][0] != '')) {
2585
 
                                if ($this->SUGGEST_LONG_USER_NAME) {
2586
 
                                        return preg_replace('/[^a-z0-9_\\.-]/', '', strtolower($attrs['givenName'][0] . '.' . $attrs['sn'][0]));
2587
 
                                }
2588
 
                                else {
2589
 
                                        return preg_replace('/[^a-z0-9_-]/', '', strtolower($attrs['givenName'][0][0] . $attrs['sn'][0]));
2590
 
                                }
2591
 
                        }
2592
 
                        else {
2593
 
                                return preg_replace('/[^a-z0-9_-]/', '', strtolower($attrs['sn'][0]));
2594
 
                        }
2595
 
                }
2596
 
                return null;
 
2692
                $attributes = array_change_key_case($attrs, CASE_LOWER);
 
2693
                $format = '@givenname@%sn%';
 
2694
                if (isset($this->moduleSettings['posixAccount_userNameSuggestion'][0])) {
 
2695
                        $format = strtolower($this->moduleSettings['posixAccount_userNameSuggestion'][0]);
 
2696
                }
 
2697
                // search for @key@ wildcards in format string and replace with first character of attribute
 
2698
                $wildcards = array();
 
2699
                if (preg_match_all('/@([^@]|[a-zA-Z_-])+@/', $format, $wildcards) > 0) {
 
2700
                        for ($i = 0; $i < sizeof($wildcards[0]); $i++) {
 
2701
                                $wc = substr($wildcards[0][$i], 1, strlen($wildcards[0][$i]) - 2);
 
2702
                                $value = '';
 
2703
                                if (isset($attributes[$wc][0]) && !empty($attributes[$wc][0])) {
 
2704
                                        $value = $attributes[$wc][0][0];
 
2705
                                }
 
2706
                                $format = str_replace('@' . $wc . '@', $value, $format);
 
2707
                        }
 
2708
                }
 
2709
                // search for %key% wildcards in format string and replace with attribute
 
2710
                $wildcards = array();
 
2711
                if (preg_match_all('/%([^%]|[a-zA-Z_-])+%/', $format, $wildcards) > 0) {
 
2712
                        for ($i = 0; $i < sizeof($wildcards[0]); $i++) {
 
2713
                                $wc = substr($wildcards[0][$i], 1, strlen($wildcards[0][$i]) - 2);
 
2714
                                $value = '';
 
2715
                                if (isset($attributes[$wc][0])) {
 
2716
                                        $value = $attributes[$wc][0];
 
2717
                                }
 
2718
                                $format = str_replace('%' . $wc . '%', $value, $format);
 
2719
                        }
 
2720
                }
 
2721
                return str_replace(array_keys($this->umlautReplacements), array_values($this->umlautReplacements), strtolower($format));
2597
2722
        }
2598
2723
        
2599
2724
        /**
2601
2726
         * This is the case if a hashed password is set ("{" at the beginning).
2602
2727
         */
2603
2728
        public function isLockable() {
2604
 
                if (isset($this->attributes['userPassword'][0]) && ((substr($this->attributes['userPassword'][0], 0, 1) == "{") || (substr($this->attributes['userPassword'][0], 1, 1) == "{"))) {
 
2729
                if (isset($this->attributes['userPassword'][0]) && pwd_is_lockable($this->attributes['userPassword'][0])) {
2605
2730
                        return true;
2606
2731
                }
2607
2732
                return false;