Added LDAP objectClass: posixAccount
This commit is contained in:
parent
5102571b5f
commit
d04ba0695a
|
@ -1,4 +1,4 @@
|
|||
hedera-web (1.406.60) stable; urgency=low
|
||||
hedera-web (1.406.61) stable; urgency=low
|
||||
|
||||
* Initial Release.
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "hedera-web",
|
||||
"version": "1.406.60",
|
||||
"version": "1.406.61",
|
||||
"description": "Verdnatura web page",
|
||||
"license": "GPL-3.0",
|
||||
"repository": {
|
||||
|
|
|
@ -54,7 +54,8 @@ class Account {
|
|||
|
||||
$conf = $db->getObject(
|
||||
'SELECT host, rdn, password, baseDn, filter
|
||||
FROM account.ldapConfig');
|
||||
FROM account.ldapConfig'
|
||||
);
|
||||
|
||||
// Connects an authenticates against server
|
||||
|
||||
|
@ -75,12 +76,17 @@ class Account {
|
|||
$domain = $db->getValue('SELECT domain FROM account.mailConfig');
|
||||
|
||||
$user = $db->getObject(
|
||||
'SELECT id, nickname, lang
|
||||
'SELECT `id`, `nickname`, `lang`, `role`
|
||||
FROM account.user
|
||||
WHERE name = #',
|
||||
WHERE `name` = #',
|
||||
[$userName]
|
||||
);
|
||||
|
||||
$accountCfg = $db->getObject(
|
||||
'SELECT homedir, shell, idBase
|
||||
FROM account.accountConfig'
|
||||
);
|
||||
|
||||
$cn = empty($user->nickname) ? $userName : $user->nickname;
|
||||
|
||||
$nameArgs = explode(' ', $user->nickname);
|
||||
|
@ -98,7 +104,11 @@ class Account {
|
|||
'sn' => $sn,
|
||||
'mail' => "$userName@{$domain}",
|
||||
'userPassword' => sshaEncode($password),
|
||||
'preferredLanguage' => $user->lang
|
||||
'preferredLanguage' => $user->lang,
|
||||
'homeDirectory' => "$accountCfg->homedir/$userName",
|
||||
'loginShell' => $accountCfg->shell,
|
||||
'uidNumber' => $accountCfg->idBase + $user->id,
|
||||
'gidNumber' => $accountCfg->idBase + $user->role
|
||||
];
|
||||
|
||||
// Search the user entry
|
||||
|
@ -115,46 +125,19 @@ class Account {
|
|||
|
||||
$dn = "uid=$userName,{$conf->baseDn}";
|
||||
$entry = ldap_first_entry($ds, $res);
|
||||
if ($entry) ldap_delete($ds, $dn);
|
||||
|
||||
$classes = ldap_get_values($ds, $entry, 'objectClass');
|
||||
$addAttrs = [];
|
||||
|
||||
if (!in_array('inetOrgPerson', $classes)) {
|
||||
ldap_delete($ds, $dn);
|
||||
$entry = NULL;
|
||||
}
|
||||
foreach ($attrs as $attribute => $value)
|
||||
if (!empty($value))
|
||||
$addAttrs[$attribute] = $value;
|
||||
|
||||
if ($entry) {
|
||||
$modifs = [];
|
||||
$curAttrs = ldap_get_attributes($ds, $entry);
|
||||
|
||||
foreach ($attrs as $attribute => $value)
|
||||
if (!empty($value)) {
|
||||
$modifs[] = [
|
||||
'attrib' => $attribute,
|
||||
'modtype' => LDAP_MODIFY_BATCH_REPLACE,
|
||||
'values' => [$value]
|
||||
];
|
||||
} elseif (isset($curAttrs[$attribute])) {
|
||||
$modifs[] = [
|
||||
'attrib' => $attribute,
|
||||
'modtype' => LDAP_MODIFY_BATCH_REMOVE_ALL
|
||||
];
|
||||
}
|
||||
|
||||
$updated = ldap_modify_batch($ds, $dn, $modifs);
|
||||
} else {
|
||||
$addAttrs = [];
|
||||
|
||||
foreach ($attrs as $attribute => $value)
|
||||
if (!empty($value))
|
||||
$addAttrs[$attribute] = $value;
|
||||
|
||||
$addAttrs = array_merge($addAttrs, [
|
||||
'objectClass' => ['inetOrgPerson'],
|
||||
'uid' => $userName
|
||||
]);
|
||||
$updated = ldap_add($ds, $dn, $addAttrs);
|
||||
}
|
||||
$addAttrs = array_merge($addAttrs, [
|
||||
'objectClass' => ['inetOrgPerson', 'posixAccount'],
|
||||
'uid' => $userName
|
||||
]);
|
||||
$updated = ldap_add($ds, $dn, $addAttrs);
|
||||
|
||||
if (!$updated)
|
||||
throw new Exception("Can't update the LDAP entry: ". ldapError($ds));
|
||||
|
@ -169,9 +152,14 @@ class Account {
|
|||
*/
|
||||
static function sambaSync($db, $userName, $password) {
|
||||
$conf = $db->getObject(
|
||||
'SELECT host, sshUser, sshPass, uidBase
|
||||
'SELECT host, sshUser, sshPass
|
||||
FROM account.sambaConfig'
|
||||
);
|
||||
|
||||
$accountCfg = $db->getObject(
|
||||
'SELECT idBase
|
||||
FROM account.accountConfig'
|
||||
);
|
||||
|
||||
$domain = $db->getValue('SELECT domain FROM account.mailConfig');
|
||||
|
||||
|
@ -189,7 +177,7 @@ class Account {
|
|||
|
||||
$samba->exec("$scriptDir/create-user.sh %s %s %s"
|
||||
,$userName
|
||||
,$conf->uidBase + $userId
|
||||
,$accountCfg->idBase + $userId
|
||||
,"$userName@{$domain}"
|
||||
);
|
||||
|
||||
|
|
Loading…
Reference in New Issue