From 255817d7aa06564ee3058f60b22579ef6b2e95a8 Mon Sep 17 00:00:00 2001 From: Benjamin Renard Date: Fri, 11 Sep 2020 13:54:08 +0200 Subject: [PATCH] Improve POSIX support and add examples to handle this type of attributes --- lsexample/lsexample.ldif | 12 + .../LSobjects/config.LSobjects.LSpeople.php | 381 ++++++++++++------ src/includes/addons/LSaddons.posix.php | 16 + src/lang/fr_FR.UTF8/lang.php | 41 ++ 4 files changed, 324 insertions(+), 126 deletions(-) diff --git a/lsexample/lsexample.ldif b/lsexample/lsexample.ldif index bc08d0a2..f57df447 100644 --- a/lsexample/lsexample.ldif +++ b/lsexample/lsexample.ldif @@ -141,6 +141,7 @@ dn: uid=hmartin,ou=people,o=ls objectClass: top objectClass: lspeople objectClass: posixAccount +objectClass: shadowAccount objectClass: sambaSamAccount uid: hmartin homeDirectory: /home/com @@ -168,6 +169,7 @@ dn: uid=s.ldapsaisie,ou=people,o=ls objectClass: top objectClass: lspeople objectClass: posixAccount +objectClass: shadowAccount objectClass: sambaSamAccount loginShell: /bin/false uidNumber: 101036 @@ -194,6 +196,7 @@ dn: uid=ls,ou=people,o=ls objectClass: top objectClass: lspeople objectClass: posixAccount +objectClass: shadowAccount objectClass: sambaSamAccount uid: ls homeDirectory: /home/ls @@ -222,6 +225,7 @@ uid: erwpa objectClass: top objectClass: lspeople objectClass: posixAccount +objectClass: shadowAccount objectClass: sambaSamAccount uidNumber: 101082 sambaAcctFlags: [U ] @@ -248,6 +252,7 @@ dn: uid=eeggs2,ou=people,o=ls objectClass: top objectClass: lspeople objectClass: posixAccount +objectClass: shadowAccount uid: eeggs2 uidNumber: 1000000 gidNumber: 102009 @@ -269,6 +274,7 @@ dn: uid=eeggs3,ou=people,o=ls objectClass: top objectClass: lspeople objectClass: posixAccount +objectClass: shadowAccount uid: eeggs3 uidNumber: 10000000 gidNumber: 102009 @@ -368,6 +374,7 @@ dn: uid=user1,ou=people,ou=company1,ou=companies,o=ls objectClass: top objectClass: lspeople objectClass: posixAccount +objectClass: shadowAccount objectClass: sambaSamAccount givenName: prenom1 loginShell: /bin/false @@ -390,6 +397,7 @@ dn: uid=user2,ou=people,ou=company1,ou=companies,o=ls objectClass: top objectClass: lspeople objectClass: posixAccount +objectClass: shadowAccount objectClass: sambaSamAccount givenName: prenom2 loginShell: /bin/false @@ -440,6 +448,7 @@ dn: uid=eeggs,ou=people,o=ls objectClass: top objectClass: lspeople objectClass: posixAccount +objectClass: shadowAccount objectClass: sambaSamAccount loginShell: /bin/bash personalTitle: M. @@ -469,6 +478,7 @@ dn: uid=invite,ou=people,o=ls objectClass: top objectClass: lspeople objectClass: posixAccount +objectClass: shadowAccount objectClass: sambaSamAccount givenName: Utilisateur loginShell: /bin/false @@ -490,6 +500,7 @@ dn: uid=demo,ou=people,o=ls objectClass: top objectClass: lspeople objectClass: posixAccount +objectClass: shadowAccount objectClass: sambaSamAccount givenName: Demonstration loginShell: /bin/false @@ -512,6 +523,7 @@ dn: uid=admin,ou=people,o=ls objectClass: top objectClass: lspeople objectClass: posixAccount +objectClass: shadowAccount objectClass: sambaSamAccount givenName: Administration loginShell: /bin/false diff --git a/src/conf/LSobjects/config.LSobjects.LSpeople.php b/src/conf/LSobjects/config.LSobjects.LSpeople.php index e96a9c70..c0fb2da4 100644 --- a/src/conf/LSobjects/config.LSobjects.LSpeople.php +++ b/src/conf/LSobjects/config.LSobjects.LSpeople.php @@ -25,6 +25,7 @@ $GLOBALS['LSobjects']['LSpeople'] = array ( 'top', 'lspeople', 'posixAccount', + 'shadowAccount', 'sambaSamAccount', ), 'rdn' => 'uid', @@ -137,7 +138,12 @@ $GLOBALS['LSobjects']['LSpeople'] = array ( 'uidNumber', 'gidNumber', 'loginShell', - 'homeDirectory' + 'homeDirectory', + 'gecos', + 'shadowExpire', + 'shadowMax', + 'shadowInactive', + 'shadowLastChange', ) ), 'Samba' => array ( @@ -268,35 +274,6 @@ $GLOBALS['LSobjects']['LSpeople'] = array ( ), /* ----------- end -----------*/ - /* ----------- start -----------*/ - 'uidNumber' => array ( - 'label' => 'Numeric identifier', - 'ldap_type' => 'numeric', - 'html_type' => 'text', - 'required' => 1, - 'generate_function' => 'generate_samba_uidNumber', - 'check_data' => array ( - 'numeric' => array( - 'msg' => "The numeric identifier must be an integer." - ), - ), - 'validation' => array ( - array ( - 'filter' => 'uidNumber=%{val}', - 'result' => 0, - 'msg' => 'This uid is already used.' - ) - ), - 'rights' => array( - 'admin' => 'w' - ), - 'view' => 1, - 'form' => array ( - 'modify' => 0, - ) - ), - /* ----------- end -----------*/ - /* ----------- start -----------*/ 'givenName' => array ( 'label' => 'First Name', @@ -366,101 +343,8 @@ $GLOBALS['LSobjects']['LSpeople'] = array ( 'form' => array ( 'modify' => 1, 'create' => 1 - ) - ), - /* ----------- end -----------*/ - - /* ----------- start -----------*/ - 'gidNumber' => array ( - 'label' => 'Main group', - 'ldap_type' => 'numeric', - 'html_type' => 'select_list', - 'html_options' => array ( - 'possible_values' => array( - '0' => 'No group', - array ( - 'label' => 'LDAP Groups', - 'possible_values' => array ( - 'OTHER_OBJECT' => array ( - 'object_type' => 'LSgroup', // Nom de l'objet à lister - 'display_name_format' => '%{cn} (%{gidNumber})', // Spécifie le attributs à lister pour le choix, - // si non définie => utilisation du 'display_name_format' - // de la définition de l'objet - - 'value_attribute' => 'gidNumber', // Spécifie le attributs dont la valeur sera retournée par - /*'filter' => // le formulaire spécifie les filtres de recherche pour - array ( // l'établissement de la liste d'objets : - array( // Premier filtre - 'filter' => 'cn=*a*', - //'basedn' => 'o=company', - 'scope' => 'sub', - ) - )*/ - ) - ) - ) - ) ), - 'multiple' => false, - 'required' => 1, - 'validation' => array ( - array ( - 'msg' => "This group doesn't exist.", - 'object_type' => 'LSgroup', // 'object_type' : Permet definir le type d'objet recherchés - //'basedn' => 'o=company', // et d'utiliser les objectClass définis dans le fichier de configuration - 'filter' => '(gidNumber=%{val})', // pour la recherche - 'result' => 1 - ) - ), - 'rights' => array( - 'admin' => 'w', - 'godfather' => 'r' - ), - 'view' => 1, - 'form' => array ( - 'modify' => 1, - 'create' => 1 - ), - 'dependAttrs' => array( - 'sambaPrimaryGroupSID', - ) - ), - /* ----------- end -----------*/ - - /* ----------- start -----------*/ - 'loginShell' => array ( - 'label' => 'Command shell', - 'help_info' => "Allow user to connect a POSIX system.", - 'ldap_type' => 'boolean', - 'ldap_options' => array ( - 'true_value' => '/bin/bash', - 'false_value' => '/bin/false' - ), - 'html_type' => 'boolean', - 'required' => 1, - 'default_value' => 'no', - 'rights' => array( - 'admin' => 'w' - ), - 'view' => 1, - 'form' => array ( - 'modify' => 1, - 'create' => 1 - ) - ), - /* ----------- end -----------*/ - - /* ----------- start -----------*/ - 'homeDirectory' => array ( - 'label' => 'Home Directory', - 'ldap_type' => 'ascii', - 'html_type' => 'text', - 'required' => 1, - 'generate_function' => 'generate_homeDirectory', - 'rights' => array( - 'admin' => 'r' - ), - 'view' => 1 + 'dependAttrs' => array('gecos'), ), /* ----------- end -----------*/ @@ -599,7 +483,9 @@ $GLOBALS['LSobjects']['LSpeople'] = array ( ), 'dependAttrs' => array( 'sambaLMPassword', - 'sambaNTPassword' + 'sambaNTPassword', + 'sambaPwdLastSet', + 'shadowLastChange', ), 'form' => array ( 'modify' => 1, @@ -693,7 +579,250 @@ $GLOBALS['LSobjects']['LSpeople'] = array ( /* ----------- end -----------*/ /************************************************ - * Samba Attributres + * POSIX Attributes + ************************************************/ + + /* ----------- start -----------*/ + 'uidNumber' => array ( + 'label' => 'Numeric identifier', + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'required' => 1, + 'generate_function' => 'generate_samba_uidNumber', + 'check_data' => array ( + 'numeric' => array( + 'msg' => "The numeric identifier must be an integer." + ), + ), + 'validation' => array ( + array ( + 'filter' => 'uidNumber=%{val}', + 'result' => 0, + 'msg' => 'This uid is already used.' + ) + ), + 'rights' => array( + 'admin' => 'w' + ), + 'view' => 1, + 'form' => array ( + 'modify' => 0, + ) + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'gidNumber' => array ( + 'label' => 'Main group', + 'ldap_type' => 'numeric', + 'html_type' => 'select_list', + 'html_options' => array ( + 'possible_values' => array( + '0' => 'No group', + array ( + 'label' => 'LDAP Groups', + 'possible_values' => array ( + 'OTHER_OBJECT' => array ( + 'object_type' => 'LSgroup', // Nom de l'objet à lister + 'display_name_format' => '%{cn} (%{gidNumber})', // Spécifie le attributs à lister pour le choix, + // si non définie => utilisation du 'display_name_format' + // de la définition de l'objet + + 'value_attribute' => 'gidNumber', // Spécifie le attributs dont la valeur sera retournée par + /*'filter' => // le formulaire spécifie les filtres de recherche pour + array ( // l'établissement de la liste d'objets : + array( // Premier filtre + 'filter' => 'cn=*a*', + //'basedn' => 'o=company', + 'scope' => 'sub', + ) + )*/ + ) + ) + ) + ) + ), + 'multiple' => false, + 'required' => 1, + 'validation' => array ( + array ( + 'msg' => "This group doesn't exist.", + 'object_type' => 'LSgroup', // 'object_type' : Permet definir le type d'objet recherchés + //'basedn' => 'o=company', // et d'utiliser les objectClass définis dans le fichier de configuration + 'filter' => '(gidNumber=%{val})', // pour la recherche + 'result' => 1 + ) + ), + 'rights' => array( + 'admin' => 'w', + 'godfather' => 'r' + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1 + ), + 'dependAttrs' => array( + 'sambaPrimaryGroupSID', + ) + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'loginShell' => array ( + 'label' => 'Command shell', + 'help_info' => "Allow user to connect a POSIX system.", + 'ldap_type' => 'boolean', + 'ldap_options' => array ( + 'true_value' => '/bin/bash', + 'false_value' => '/bin/false' + ), + 'html_type' => 'boolean', + 'required' => 1, + 'default_value' => 'no', + 'rights' => array( + 'admin' => 'w' + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1 + ) + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'homeDirectory' => array ( + 'label' => 'Home Directory', + 'ldap_type' => 'ascii', + 'html_type' => 'text', + 'required' => 1, + 'generate_function' => 'generate_homeDirectory', + 'rights' => array( + 'admin' => 'r' + ), + 'view' => 1 + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'gecos' => array ( + 'label' => 'Gecos', + 'ldap_type' => 'ascii', + 'html_type' => 'text', + 'html_options' => array( + 'generate_value_format' => '%{cn~}', + 'autoGenerateOnModify' => true, // default : false + 'autoGenerateOnCreate' => true // default : false + ), + 'required' => 1, + 'generate_value_format' => '%{cn~}', + 'rights' => array( + 'admin' => 'w' + ), + 'view' => 1, + 'form' => array( + 'modify' => 1, + ) + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'shadowExpire' => array ( + 'label' => 'Password expiration', + 'ldap_type' => 'shadowExpire', + 'html_type' => 'date', + 'html_options' => array( + 'time' => false, + 'showNowButton' => False, + 'special_values' => array( + '0' => 'Always (disable account)', + ), + ), + 'required' => 0, + 'generate_function' => 'generate_shadowExpire_from_sambaPwdMustChange', + 'rights' => array( + 'admin' => 'w' + ), + 'view' => 1, + 'form' => array( + 'modify' => 1, + ) + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'shadowMax' => array ( + 'label' => 'Password validity (in days)', + 'help_info' => 'The maximum number of days the password is valid.', + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'check_data' => array ( + 'integer' => array( + 'params' => array( + 'positive' => true, + ), + 'msg' => "The password validity must be an positive integer.", + ), + ), + 'required' => 0, + 'rights' => array( + 'admin' => 'w' + ), + 'view' => 1, + 'form' => array( + 'create' => 1, + 'modify' => 1, + ) + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'shadowInactive' => array ( + 'label' => 'Inactivity allowed (in days)', + 'help_info' => 'The number of days of inactivity allowed for the specified user.', + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'check_data' => array ( + 'integer' => array( + 'params' => array( + 'positive' => true, + ), + 'msg' => "The inactivity allowed must be an positive integer.", + ), + ), + 'required' => 0, + 'rights' => array( + 'admin' => 'w' + ), + 'view' => 1, + 'form' => array( + 'create' => 1, + 'modify' => 1, + ) + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'shadowLastChange' => array ( + 'label' => 'Password last change time', + 'ldap_type' => 'shadowExpire', + 'html_type' => 'date', + 'html_options' => array( + 'time' => False, + 'showNowButton' => False, + ), + 'generate_function' => 'generate_shadowLastChange', + 'no_value_label' => 'Never', + 'rights' => array( + 'admin' => 'w' + ), + 'view' => 1, + ), + /* ----------- end -----------*/ + + /************************************************ + * Samba Attributes ************************************************/ /* ----------- start -----------*/ diff --git a/src/includes/addons/LSaddons.posix.php b/src/includes/addons/LSaddons.posix.php index ef3c2308..24cd27a0 100644 --- a/src/includes/addons/LSaddons.posix.php +++ b/src/includes/addons/LSaddons.posix.php @@ -261,3 +261,19 @@ LSerror :: defineError('POSIX_01', } return $uids; } + + +/** + * Generate shadowLastChange attribute value + * + * Just return a shadowLastChange value corresponding to current date. + * + * @author Benjamin Renard + * + * @param[in] $anything anything + * + * @retval integer The shadowLastChange attribute value (=current date) + */ +function generate_shadowLastChange($anything) { + return time()/86400; +} diff --git a/src/lang/fr_FR.UTF8/lang.php b/src/lang/fr_FR.UTF8/lang.php index f9e9af2f..2e9c8e4e 100644 --- a/src/lang/fr_FR.UTF8/lang.php +++ b/src/lang/fr_FR.UTF8/lang.php @@ -16,6 +16,10 @@ $GLOBALS['LSlang'] = array ( "Allow user to connect a POSIX system." => "Autorisie l'utilisateur à se connecter aux systèmes POSIX.", +# LSobjects.LSpeople.attrs.shadowExpire.html_options.special_values.0 +"Always (disable account)" => + "Toujours (compte désactivé)", + # LSobjects.LSpeople.attrs.sambaPwdMustChange.html_options.special_values.0 "At first login" => "À la première connexion", @@ -99,6 +103,10 @@ $GLOBALS['LSlang'] = array ( "Full Name" => "Nom complet", +# LSobjects.LSpeople.attrs.gecos.label +"Gecos" => + "Gecos", + # LSobjects.LSpeople.attrs.mail.check_data.email.msg "Given email address is invalid." => "L'adresse mail saisie est invalide.", @@ -128,6 +136,10 @@ $GLOBALS['LSlang'] = array ( "If not set, the user will be free to change his password whenever he wants." => "Si non défini, l'utilisateur pourra changer son mot de passe quand il le veut.", +# LSobjects.LSpeople.attrs.shadowInactive.label +"Inactivity allowed (in days)" => + "Durée d'inactivité autorisée (en jours)", + # LSobjects.LSpeople.attrs.gidNumber.html_options.possible_values.1.label "LDAP Groups" => "Groupes LDAP", @@ -192,6 +204,7 @@ $GLOBALS['LSlang'] = array ( "Nb / page :" => "Nb / page :", +# LSobjects.LSpeople.attrs.shadowLastChange.no_value_label # LSobjects.LSpeople.attrs.sambaLogonTime.no_value_label # LSobjects.LSpeople.attrs.sambaLogoffTime.no_value_label # LSobjects.LSpeople.attrs.sambaKickoffTime.html_options.special_values.2147483647 @@ -214,10 +227,22 @@ $GLOBALS['LSlang'] = array ( "One or several users don't exist." => "Un ou plusieurs utilisateurs n'existent pas.", +# LSobjects.LSpeople.attrs.shadowExpire.label +"Password expiration" => + "Expiration du mot de passe", + +# LSobjects.LSpeople.attrs.shadowLastChange.label +"Password last change time" => + "Dernière modification du mot de passe", + # LSobjects.LSpeople.attrs.lsRecoveryHash.label "Password recovery hash" => "Hash de récupération de mot de passe", +# LSobjects.LSpeople.attrs.shadowMax.label +"Password validity (in days)" => + "Durée de validité du mot de passe (en jours)", + # LSobjects.LSpeople.attrs.jpegPhoto.label "Picture" => "Image", @@ -310,10 +335,26 @@ $GLOBALS['LSlang'] = array ( "The first name must contain alphanumeric values only." => "Le prénom doit contenir uniquement des caractères alpha-numérique.", +# LSobjects.LSpeople.attrs.shadowInactive.check_data.integer.msg +"The inactivity allowed must be an positive integer." => + "La durée d'inactivité autorisée doit être un entier positif.", + +# LSobjects.LSpeople.attrs.shadowMax.help_info +"The maximum number of days the password is valid." => + "Le nombre de jours maximum durant lequel le mot de passe sera valide.", + +# LSobjects.LSpeople.attrs.shadowInactive.help_info +"The number of days of inactivity allowed for the specified user." => + "Le nombre de jours d'inactivité autorisée pour cet utilisateur.", + # LSobjects.LSpeople.attrs.uidNumber.check_data.numeric.msg "The numeric identifier must be an integer." => "L'identifiant numérique doit forcement être un entier.", +# LSobjects.LSpeople.attrs.shadowMax.check_data.integer.msg +"The password validity must be an positive integer." => + "La durée de validité du mot de passe doit être un entier positif.", + # LSobjects.LSpeople.attrs.gidNumber.validation.0.msg "This group doesn't exist." => "Ce groupe n'existe pas.",