From d04ba0695aaccc3f1417dd25b1b4e43740842979 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 7 Aug 2019 14:36:20 +0200 Subject: [PATCH] Added LDAP objectClass: posixAccount --- debian/changelog | 2 +- package.json | 2 +- rest/core/account.php | 74 ++++++++++++++++++------------------------- 3 files changed, 33 insertions(+), 45 deletions(-) diff --git a/debian/changelog b/debian/changelog index fc4dda8d..e5a6f225 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -hedera-web (1.406.60) stable; urgency=low +hedera-web (1.406.61) stable; urgency=low * Initial Release. diff --git a/package.json b/package.json index e26e79ec..6396f35d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "hedera-web", - "version": "1.406.60", + "version": "1.406.61", "description": "Verdnatura web page", "license": "GPL-3.0", "repository": { diff --git a/rest/core/account.php b/rest/core/account.php index 819cd79e..f4c161ae 100644 --- a/rest/core/account.php +++ b/rest/core/account.php @@ -54,7 +54,8 @@ class Account { $conf = $db->getObject( 'SELECT host, rdn, password, baseDn, filter - FROM account.ldapConfig'); + FROM account.ldapConfig' + ); // Connects an authenticates against server @@ -75,12 +76,17 @@ class Account { $domain = $db->getValue('SELECT domain FROM account.mailConfig'); $user = $db->getObject( - 'SELECT id, nickname, lang + 'SELECT `id`, `nickname`, `lang`, `role` FROM account.user - WHERE name = #', + WHERE `name` = #', [$userName] ); + $accountCfg = $db->getObject( + 'SELECT homedir, shell, idBase + FROM account.accountConfig' + ); + $cn = empty($user->nickname) ? $userName : $user->nickname; $nameArgs = explode(' ', $user->nickname); @@ -98,7 +104,11 @@ class Account { 'sn' => $sn, 'mail' => "$userName@{$domain}", 'userPassword' => sshaEncode($password), - 'preferredLanguage' => $user->lang + 'preferredLanguage' => $user->lang, + 'homeDirectory' => "$accountCfg->homedir/$userName", + 'loginShell' => $accountCfg->shell, + 'uidNumber' => $accountCfg->idBase + $user->id, + 'gidNumber' => $accountCfg->idBase + $user->role ]; // Search the user entry @@ -115,46 +125,19 @@ class Account { $dn = "uid=$userName,{$conf->baseDn}"; $entry = ldap_first_entry($ds, $res); + if ($entry) ldap_delete($ds, $dn); - $classes = ldap_get_values($ds, $entry, 'objectClass'); + $addAttrs = []; - if (!in_array('inetOrgPerson', $classes)) { - ldap_delete($ds, $dn); - $entry = NULL; - } + foreach ($attrs as $attribute => $value) + if (!empty($value)) + $addAttrs[$attribute] = $value; - if ($entry) { - $modifs = []; - $curAttrs = ldap_get_attributes($ds, $entry); - - foreach ($attrs as $attribute => $value) - if (!empty($value)) { - $modifs[] = [ - 'attrib' => $attribute, - 'modtype' => LDAP_MODIFY_BATCH_REPLACE, - 'values' => [$value] - ]; - } elseif (isset($curAttrs[$attribute])) { - $modifs[] = [ - 'attrib' => $attribute, - 'modtype' => LDAP_MODIFY_BATCH_REMOVE_ALL - ]; - } - - $updated = ldap_modify_batch($ds, $dn, $modifs); - } else { - $addAttrs = []; - - foreach ($attrs as $attribute => $value) - if (!empty($value)) - $addAttrs[$attribute] = $value; - - $addAttrs = array_merge($addAttrs, [ - 'objectClass' => ['inetOrgPerson'], - 'uid' => $userName - ]); - $updated = ldap_add($ds, $dn, $addAttrs); - } + $addAttrs = array_merge($addAttrs, [ + 'objectClass' => ['inetOrgPerson', 'posixAccount'], + 'uid' => $userName + ]); + $updated = ldap_add($ds, $dn, $addAttrs); if (!$updated) throw new Exception("Can't update the LDAP entry: ". ldapError($ds)); @@ -169,9 +152,14 @@ class Account { */ static function sambaSync($db, $userName, $password) { $conf = $db->getObject( - 'SELECT host, sshUser, sshPass, uidBase + 'SELECT host, sshUser, sshPass FROM account.sambaConfig' ); + + $accountCfg = $db->getObject( + 'SELECT idBase + FROM account.accountConfig' + ); $domain = $db->getValue('SELECT domain FROM account.mailConfig'); @@ -189,7 +177,7 @@ class Account { $samba->exec("$scriptDir/create-user.sh %s %s %s" ,$userName - ,$conf->uidBase + $userId + ,$accountCfg->idBase + $userId ,"$userName@{$domain}" );