Added LDAP objectClass: posixAccount

This commit is contained in:
Juan Ferrer 2019-08-07 14:36:20 +02:00
parent 5102571b5f
commit d04ba0695a
3 changed files with 33 additions and 45 deletions

2
debian/changelog vendored
View File

@ -1,4 +1,4 @@
hedera-web (1.406.60) stable; urgency=low
hedera-web (1.406.61) stable; urgency=low
* Initial Release.

View File

@ -1,6 +1,6 @@
{
"name": "hedera-web",
"version": "1.406.60",
"version": "1.406.61",
"description": "Verdnatura web page",
"license": "GPL-3.0",
"repository": {

View File

@ -54,7 +54,8 @@ class Account {
$conf = $db->getObject(
'SELECT host, rdn, password, baseDn, filter
FROM account.ldapConfig');
FROM account.ldapConfig'
);
// Connects an authenticates against server
@ -75,12 +76,17 @@ class Account {
$domain = $db->getValue('SELECT domain FROM account.mailConfig');
$user = $db->getObject(
'SELECT id, nickname, lang
'SELECT `id`, `nickname`, `lang`, `role`
FROM account.user
WHERE name = #',
WHERE `name` = #',
[$userName]
);
$accountCfg = $db->getObject(
'SELECT homedir, shell, idBase
FROM account.accountConfig'
);
$cn = empty($user->nickname) ? $userName : $user->nickname;
$nameArgs = explode(' ', $user->nickname);
@ -98,7 +104,11 @@ class Account {
'sn' => $sn,
'mail' => "$userName@{$domain}",
'userPassword' => sshaEncode($password),
'preferredLanguage' => $user->lang
'preferredLanguage' => $user->lang,
'homeDirectory' => "$accountCfg->homedir/$userName",
'loginShell' => $accountCfg->shell,
'uidNumber' => $accountCfg->idBase + $user->id,
'gidNumber' => $accountCfg->idBase + $user->role
];
// Search the user entry
@ -115,46 +125,19 @@ class Account {
$dn = "uid=$userName,{$conf->baseDn}";
$entry = ldap_first_entry($ds, $res);
if ($entry) ldap_delete($ds, $dn);
$classes = ldap_get_values($ds, $entry, 'objectClass');
$addAttrs = [];
if (!in_array('inetOrgPerson', $classes)) {
ldap_delete($ds, $dn);
$entry = NULL;
}
foreach ($attrs as $attribute => $value)
if (!empty($value))
$addAttrs[$attribute] = $value;
if ($entry) {
$modifs = [];
$curAttrs = ldap_get_attributes($ds, $entry);
foreach ($attrs as $attribute => $value)
if (!empty($value)) {
$modifs[] = [
'attrib' => $attribute,
'modtype' => LDAP_MODIFY_BATCH_REPLACE,
'values' => [$value]
];
} elseif (isset($curAttrs[$attribute])) {
$modifs[] = [
'attrib' => $attribute,
'modtype' => LDAP_MODIFY_BATCH_REMOVE_ALL
];
}
$updated = ldap_modify_batch($ds, $dn, $modifs);
} else {
$addAttrs = [];
foreach ($attrs as $attribute => $value)
if (!empty($value))
$addAttrs[$attribute] = $value;
$addAttrs = array_merge($addAttrs, [
'objectClass' => ['inetOrgPerson'],
'uid' => $userName
]);
$updated = ldap_add($ds, $dn, $addAttrs);
}
$addAttrs = array_merge($addAttrs, [
'objectClass' => ['inetOrgPerson', 'posixAccount'],
'uid' => $userName
]);
$updated = ldap_add($ds, $dn, $addAttrs);
if (!$updated)
throw new Exception("Can't update the LDAP entry: ". ldapError($ds));
@ -169,9 +152,14 @@ class Account {
*/
static function sambaSync($db, $userName, $password) {
$conf = $db->getObject(
'SELECT host, sshUser, sshPass, uidBase
'SELECT host, sshUser, sshPass
FROM account.sambaConfig'
);
$accountCfg = $db->getObject(
'SELECT idBase
FROM account.accountConfig'
);
$domain = $db->getValue('SELECT domain FROM account.mailConfig');
@ -189,7 +177,7 @@ class Account {
$samba->exec("$scriptDir/create-user.sh %s %s %s"
,$userName
,$conf->uidBase + $userId
,$accountCfg->idBase + $userId
,"$userName@{$domain}"
);