Added LDAP objectClass: posixAccount

debian/changelog

@@ -1,4 +1,4 @@
-hedera-web (1.406.60) stable; urgency=low
+hedera-web (1.406.61) stable; urgency=low
 
   * Initial Release.
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "hedera-web",
-  "version": "1.406.60",
+  "version": "1.406.61",
   "description": "Verdnatura web page",
   "license": "GPL-3.0",
   "repository": {

rest/core/account.php

@@ -54,7 +54,8 @@ class Account {
 
 		$conf = $db->getObject(
 			'SELECT host, rdn, password, baseDn, filter
-				FROM account.ldapConfig');
+				FROM account.ldapConfig'
+		);
 
 		// Connects an authenticates against server
 
@@ -75,12 +76,17 @@ class Account {
 			$domain = $db->getValue('SELECT domain FROM account.mailConfig');
 
 			$user = $db->getObject(
-				'SELECT id, nickname, lang
+				'SELECT `id`, `nickname`, `lang`, `role`
 					FROM account.user
-					WHERE name = #',
+					WHERE `name` = #',
 				[$userName]
 			);
 
+			$accountCfg = $db->getObject(
+				'SELECT homedir, shell, idBase
+					FROM account.accountConfig'
+			);
+
 			$cn = empty($user->nickname) ? $userName : $user->nickname;
 
 			$nameArgs = explode(' ', $user->nickname);
@@ -98,7 +104,11 @@ class Account {
 				'sn'                => $sn,
 				'mail'              => "$userName@{$domain}",
 				'userPassword'      => sshaEncode($password),
-				'preferredLanguage' => $user->lang
+				'preferredLanguage' => $user->lang,
+				'homeDirectory'     => "$accountCfg->homedir/$userName",
+				'loginShell'        => $accountCfg->shell,
+				'uidNumber'         => $accountCfg->idBase + $user->id,
+				'gidNumber'         => $accountCfg->idBase + $user->role
 			];
 
 			// Search the user entry
@@ -115,46 +125,19 @@ class Account {
 
 			$dn = "uid=$userName,{$conf->baseDn}";
 			$entry = ldap_first_entry($ds, $res);
+			if ($entry) ldap_delete($ds, $dn);
 
-			$classes = ldap_get_values($ds, $entry, 'objectClass');
+			$addAttrs = [];
 
-			if (!in_array('inetOrgPerson', $classes)) {
+			foreach ($attrs as $attribute => $value)
-				ldap_delete($ds, $dn);
+			if (!empty($value))
-				$entry = NULL;
+				$addAttrs[$attribute] = $value;
-			}
 
-			if ($entry) {
+			$addAttrs = array_merge($addAttrs, [
-				$modifs = [];
+				'objectClass' => ['inetOrgPerson', 'posixAccount'],
-				$curAttrs = ldap_get_attributes($ds, $entry);
+				'uid'         => $userName
-
+			]);
-				foreach ($attrs as $attribute => $value)
+			$updated = ldap_add($ds, $dn, $addAttrs);
-				if (!empty($value)) {
-					$modifs[] = [
-						'attrib'  => $attribute,
-						'modtype' => LDAP_MODIFY_BATCH_REPLACE,
-						'values'  => [$value]
-					];
-				} elseif (isset($curAttrs[$attribute])) {
-					$modifs[] = [
-						'attrib'  => $attribute,
-						'modtype' => LDAP_MODIFY_BATCH_REMOVE_ALL
-					];
-				}
-
-				$updated = ldap_modify_batch($ds, $dn, $modifs);
-			} else {
-				$addAttrs = [];
-	
-				foreach ($attrs as $attribute => $value)
-				if (!empty($value))
-					$addAttrs[$attribute] = $value;
-	
-				$addAttrs = array_merge($addAttrs, [
-					'objectClass' => ['inetOrgPerson'],
-					'uid'         => $userName
-				]);
-				$updated = ldap_add($ds, $dn, $addAttrs);
-			}
 
 			if (!$updated)
 				throw new Exception("Can't update the LDAP entry: ". ldapError($ds));
@@ -169,9 +152,14 @@ class Account {
 	 */
 	static function sambaSync($db, $userName, $password) {
 		$conf = $db->getObject(
-			'SELECT host, sshUser, sshPass, uidBase
+			'SELECT host, sshUser, sshPass
 				FROM account.sambaConfig'
 		);
+
+		$accountCfg = $db->getObject(
+			'SELECT idBase
+				FROM account.accountConfig'
+		);
 		
 		$domain = $db->getValue('SELECT domain FROM account.mailConfig');
 
@@ -189,7 +177,7 @@ class Account {
 
 		$samba->exec("$scriptDir/create-user.sh %s %s %s"
 			,$userName
-			,$conf->uidBase + $userId
+			,$accountCfg->idBase + $userId
 			,"$userName@{$domain}"
 		);