bn8/ldapsaisie
1
0
Fork 0
mirror of https://gitlab.easter-eggs.com/ee/ldapsaisie.git synced 2024-05-18 11:35:27 +02:00
Code Issues Projects Releases Wiki Activity

- Développement des capacité de l'interface (ajout / suppression / copie / modification)

Browse source 
- Création d'un annuaire de test (dossier lsexample)
- Debug divers
This commit is contained in:
Benjamin Renard 2008-02-12 17:59:44 +00:00
parent 7d2e3baf8b
commit bcebcb311c
38 changed files with 2142 additions and 551 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
trunk/conf/LSobjects/config.LSobjects.LSeecompany.php
View file

@ -43,7 +43,8 @@ $GLOBALS['LSobjects']['LSeecompany'] = array (
'admin' => 'w'
),
'form' => array (
'test' => 1
'modify' => 1,
'create' => 1
)
),
'dc' => array (
@ -57,7 +58,8 @@ $GLOBALS['LSobjects']['LSeecompany'] = array (
),
'view' => 1,
'form' => array (
'test' => 1
'modify' => 1,
'create' => 1
)
)
)

11
trunk/conf/LSobjects/config.LSobjects.LSeegroup.php
View file

@ -22,6 +22,7 @@
$GLOBALS['LSobjects']['LSeegroup'] = array (
'objectclass' => array(
'lsgroup',
'posixGroup'
),
'rdn' => 'cn',
@ -51,7 +52,8 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
'admin' => 'w'
),
'form' => array (
'test' => 1
'modify' => 1,
'create' => 1
)
),
'gidNumber' => array (
@ -59,6 +61,7 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
'ldap_type' => 'numeric',
'html_type' => 'text',
'required' => 1,
'generate_function' => 'generate_gidNumber',
'validation' => array (
array (
'filter' => 'gidNumber=%{val}',
@ -71,7 +74,7 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
'admin' => 'w'
),
'form' => array (
'test' => 1
'modify' => 1
)
),
'uniqueMember' => array (
@ -91,10 +94,10 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
'admin' => 'w'
),
'form' => array (
'test' => 1
'modify' => 1,
'create' => 1
),
'possible_values' => array(
'aucun' => _('-- Selectionner --'),
'OTHER_OBJECT' => array(
'object_type' => 'LSeepeople', // Nom de l'objet à lister
'display_attribute' => '%{cn} (%{uidNumber})', // Spécifie le attributs à lister pour le choix,

76
trunk/conf/LSobjects/config.LSobjects.LSeepeople.php
View file

@ -23,6 +23,7 @@
$GLOBALS['LSobjects']['LSeepeople'] = array (
'objectclass' => array(
'top',
'lspeople',
'posixAccount',
'sambaSamAccount',
),
@ -58,8 +59,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 0,
'add' => 1
'modify' => 0,
'create' => 1
)
),
'uidNumber' => array (
@ -86,7 +87,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 0,
'modify' => 0,
)
),
'cn' => array (
@ -103,8 +104,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
)
),
'givenName' => array (
@ -125,8 +126,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
),
'onDisplay' => 'return_data'
),
@ -135,15 +136,15 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'ldap_type' => 'ascii',
'html_type' => 'text',
'required' => 1,
'rights' => array( // Définition de droits : 'r' => lecture / 'w' => modification / '' => aucun (par defaut)
'self' => 'w', // définition des droits de l'utilisateur sur lui même
'user' => 'r', // définition des droits de tout les utilisateurs
'rights' => array(
'self' => 'w',
'user' => 'r',
'admin' => 'w'
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
)
),
'gidNumber' => array (
@ -166,8 +167,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
),
'possible_values' => array(
'OTHER_OBJECT' => array(
@ -200,8 +201,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
),
'possible_values' => array(
'/bin/false' => _('Aucun'),
@ -218,7 +219,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'admin' => 'r'
),
'form' => array (
//'test' => 0,
//'modify' => 0,
)
),
'homeDirectory' => array (
@ -233,7 +234,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
)
),
'mail' => array (
@ -253,8 +254,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
)
),
'personalTitle' => array (
@ -270,8 +271,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
),
'possible_values' => array(
'M.' => 'M.',
@ -295,7 +296,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
)
),
'vacationActive' => array (
@ -315,7 +316,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
),
'possible_values' => array(
'' => 'Non',
@ -333,7 +334,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
)
),
'vacationForward' => array (
@ -352,7 +353,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
)
),
'mailQuota' => array (
@ -370,7 +371,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
)
),
'description' => array (
@ -384,7 +385,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
'create' => 1
)
),
'userPassword' => array (
@ -401,23 +403,29 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'sambaNTPassword'
),
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
)
),
'sambaLMPassword' => array (
'label' => _('Mot de passe Samba (LM)'),
'ldap_type' => 'ascii',
'html_type' => 'password',
'html_type' => 'text',
'required' => 1,
'generate_function' => 'generate_sambaLMPassword'
'generate_function' => 'generate_sambaLMPassword',
'form' => array (
'modify' => 0
)
),
'sambaNTPassword' => array (
'label' => _('Mot de passe Samba (NT)'),
'ldap_type' => 'ascii',
'html_type' => 'password',
'html_type' => 'text',
'required' => 1,
'generate_function' => 'generate_sambaNTPassword'
'generate_function' => 'generate_sambaNTPassword',
'form' => array (
'modify' => 0
)
)
)
);

9
trunk/conf/config.error_code.php
View file

@ -104,6 +104,10 @@ $GLOBALS['LSerror_code'] = array (
'msg' => _("LSldapObject : L'attribut %{attr_depend} dépendant de l'attribut %{attr} n'existe pas."),
'level' => 'w'
),
35 => array (
'msg' => _("LSldapObject : Erreur durant la suppression de %{objectname}."),
'level' => 'c'
),
// LSldapObject
41 => array (
@ -238,6 +242,11 @@ $GLOBALS['LSerror_code'] = array (
1011 => array (
'msg' => _("LSsession : Vous n'êtes pas authorisé à effectuer cette action."),
'level' => 'c'
),
1012 => array (
'msg' => _("LSsession : Des informations sont manquantes pour l'affichage de cette page."),
'level' => 'c'
)
);
?>

14
trunk/conf/config.inc.php
View file

@ -28,13 +28,13 @@ $GLOBALS['LSconfig'] = array(
'cacheLSrights' => true,
'ldap_servers' => array (
array (
'name' => 'Ldap 1',
'name' => 'LSexample',
'ldap_config'=> array(
'host' => '127.0.0.1',
'port' => 389,
'version' => 3,
'starttls' => false,
'binddn' => 'uid=toto,ou=people,o=ls',
'binddn' => 'uid=eeggs,ou=people,o=ls',
'bindpw' => 'toto',
'basedn' => 'o=ls',
'options' => array(),
@ -42,9 +42,11 @@ $GLOBALS['LSconfig'] = array(
'scope' => 'sub'
),
'LSadmins' => array (
'o=ost' => array (
'uid=toto,ou=people,o=ls' => NULL,
'cn=adminldap,ou=groups,o=ost' => array (
'o=ls' => array (
'uid=eeggs,ou=people,o=ls' => NULL
),
'ou=people,o=ls' => array (
'cn=adminldap,ou=groups,o=ls' => array (
'attr' => 'uniqueMember',
'LSobject' => 'LSeegroup'
)
@ -76,7 +78,7 @@ $GLOBALS['LSconfig'] = array(
);
//Debug
$GLOBALS['LSdebug']['active'] = false;
$GLOBALS['LSdebug']['active'] = true;
// Définitions des locales
$textdomain = 'ldapsaisie';

79
trunk/create.php Normal file
View file

@ -0,0 +1,79 @@
<?php
/*******************************************************************************
* Copyright (C) 2007 Easter-eggs
* http://ldapsaisie.labs.libre-entreprise.org
*
* Author: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
******************************************************************************/
require_once 'includes/functions.php';
require_once 'includes/class/class.LSsession.php';
$GLOBALS['LSsession'] = new LSsession();
if($LSsession -> startLSsession()) {
if (isset($_POST['LSform_objecttype'])) {
$LSobject = $_POST['LSform_objecttype'];
}
else if (isset($_GET['LSobject'])) {
$LSobject = $_GET['LSobject'];
}
if (isset($LSobject)) {
// Création d'un LSobject
if (class_exists($LSobject)) {
if ( $GLOBALS['LSsession'] -> canCreate($LSobject) ) {
$object = new $LSobject();
if ($_GET['load']!='') {
$form = $object -> getForm('create',$_GET['load']);
}
else {
$form = $object -> getForm('create');
}
if ($form->validate()) {
// MàJ des données de l'objet LDAP
if ($object -> updateData('create')) {
header('Location: view.php?LSobject='.$LSobject.'&dn='.$object -> getDn());
}
}
// Définition du Titre de la page
$GLOBALS['Smarty'] -> assign('pagetitle',_('Nouveau').' : '.$object -> getLabel());
$GLOBALS['LSsession'] -> setTemplate('create.tpl');
$form -> display();
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1011);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(21);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1012);
}
}
else {
$GLOBALS['LSsession'] -> setTemplate('login.tpl');
}
// Affichage des retours d'erreurs
$GLOBALS['LSsession'] -> displayTemplate();
?>

297
trunk/includes/addons/LSaddons.samba.php
View file

@ -22,200 +22,201 @@
/*
* Données de configuration pour le support SAMBA
*/
* Données de configuration pour le support SAMBA
*/
// SID du domaine Samba géré
define('LS_SAMBA_DOMAIN_SID','S-1-5-21-2421470416-3566881284-3047381809');
// SID du domaine Samba géré
define('LS_SAMBA_DOMAIN_SID','S-1-5-21-2421470416-3566881284-3047381809');
// Nombre de base pour le calcul des sambaSID Utilisateur
define('LS_SAMBA_SID_BASE_USER',1000);
// Nombre de base pour le calcul des sambaSID Utilisateur
define('LS_SAMBA_SID_BASE_USER',1000);
// Nombre de base pour le calcul des sambaSID Groupe
define('LS_SAMBA_SID_BASE_GROUP',1001);
// Nombre de base pour le calcul des sambaSID Groupe
define('LS_SAMBA_SID_BASE_GROUP',1001);
/*
/*
* NB : C'est deux nombres doivent être pour l'un paire et pour l'autre impaire
* pour conserver l'unicité des SID
*/
* pour conserver l'unicité des SID
*/
// Nom de l'attribut LDAP uidNumber
define('LS_SAMBA_UIDNUMBER_ATTR','uidNumber');
// Nom de l'attribut LDAP uidNumber
define('LS_SAMBA_UIDNUMBER_ATTR','uidNumber');
// Nom de l'attribut LDAP gidNumber
define('LS_SAMBA_GIDNUMBER_ATTR','gidNumber');
// Nom de l'attribut LDAP gidNumber
define('LS_SAMBA_GIDNUMBER_ATTR','gidNumber');
// Nom de l'attribut LDAP userPassword
define('LS_SAMBA_USERPASSWORD_ATTR','userPassword');
// Nom de l'attribut LDAP userPassword
define('LS_SAMBA_USERPASSWORD_ATTR','userPassword');
// Message d'erreur
// Message d'erreur
$GLOBALS['error_code']['SAMBA_SUPPORT_01']= array (
'msg' => _("SAMBA Support : la classe smHash ne peut pas être chargée."),
'level' => 'c'
);
$GLOBALS['error_code']['SAMBA_SUPPORT_02']= array (
'msg' => _("SAMBA Support : La constante %{const} n'est pas définie."),
'level' => 'c'
);
$GLOBALS['error_code']['SAMBA_SUPPORT_01']= array (
'msg' => _("SAMBA Support : la classe smHash ne peut pas être chargée."),
'level' => 'c'
);
$GLOBALS['error_code']['SAMBA_SUPPORT_02']= array (
'msg' => _("SAMBA Support : La constante %{const} n'est pas définie."),
'level' => 'c'
);
$GLOBALS['error_code']['SAMBA_SUPPORT_03']= array (
'msg' => _("SAMBA Support : Les constantes LS_SAMBA_SID_BASE_USER et LS_SAMBA_SID_BASE_GROUP ne doivent pas avoir la même parité pour l'unicité des sambaSID."),
'level' => 'c'
);
$GLOBALS['error_code']['SAMBA_SUPPORT_03']= array (
'msg' => _("SAMBA Support : Les constantes LS_SAMBA_SID_BASE_USER et LS_SAMBA_SID_BASE_GROUP ne doivent pas avoir la même parité pour l'unicité des sambaSID."),
'level' => 'c'
);
$GLOBALS['error_code']['SAMBA_01']= array (
'msg' => _("SAMBA Support : L'attribut %{dependency} est introuvable. Impossible de générer l'attribut %{attr}."),
'level' => 'c'
);
$GLOBALS['error_code']['SAMBA_01']= array (
'msg' => _("SAMBA Support : L'attribut %{dependency} est introuvable. Impossible de générer l'attribut %{attr}."),
'level' => 'c'
);
/*
* Fin des données de configuration
*/
* Fin des données de configuration
*/
/*
* Verification du support Samba par ldapSaisie
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @retval boolean true si Samba est pleinement supporté, false sinon
*/
function LSaddon_samba_support() {
$retval=true;
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @retval boolean true si Samba est pleinement supporté, false sinon
*/
function LSaddon_samba_support() {
$retval=true;
// Dependance de librairie
if ( !class_exists('smbHash') ) {
if ( ! @include_once(LS_LIB_DIR . 'class.smbHash.php') ) {
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O1');
$retval=false;
}
}
// Dependance de librairie
if ( !class_exists('smbHash') ) {
if ( ! @include_once(LS_LIB_DIR . 'class.smbHash.php') ) {
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O1');
$retval=false;
}
}
$MUST_DEFINE_CONST= array(
'LS_SAMBA_DOMAIN_SID',
'LS_SAMBA_SID_BASE_USER',
'LS_SAMBA_SID_BASE_GROUP',
'LS_SAMBA_UIDNUMBER_ATTR',
'LS_SAMBA_GIDNUMBER_ATTR',
'LS_SAMBA_USERPASSWORD_ATTR'
);
$MUST_DEFINE_CONST= array(
'LS_SAMBA_DOMAIN_SID',
'LS_SAMBA_SID_BASE_USER',
'LS_SAMBA_SID_BASE_GROUP',
'LS_SAMBA_UIDNUMBER_ATTR',
'LS_SAMBA_GIDNUMBER_ATTR',
'LS_SAMBA_USERPASSWORD_ATTR'
);
foreach($MUST_DEFINE_CONST as $const) {
if ( constant($const) == '' ) {
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O2',$const);
$retval=false;
}
}
foreach($MUST_DEFINE_CONST as $const) {
if ( constant($const) == '' ) {
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O2',$const);
$retval=false;
}
}
// Pour l'intégrité des SID
if ( (LS_SAMBA_SID_BASE_USER % 2) == (LS_SAMBA_SID_BASE_GROUP % 2) ) {
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O3');
$retval=false;
}
return $retval;
}
// Pour l'intégrité des SID
if ( (LS_SAMBA_SID_BASE_USER % 2) == (LS_SAMBA_SID_BASE_GROUP % 2) ) {
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O3');
$retval=false;
}
return $retval;
}
/*
* Generation de sambaSID
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* Number = LS_SAMBA_UIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_USER
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
*
* @param[in] $ldapObject L'objet ldap
*
* @retval string SambaSID ou false si il y a un problème durant la génération
*/
function generate_sambaSID($ldapObject) {
if ( get_class($ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ]) != 'LSattribute' ) {
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_UIDNUMBER_ATTR, 'attr' => 'sambaSID'));
return;
}
* Generation de sambaSID
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* Number = LS_SAMBA_UIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_USER
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
*
* @param[in] $ldapObject L'objet ldap
*
* @retval string SambaSID ou false si il y a un problème durant la génération
*/
function generate_sambaSID($ldapObject) {
if ( get_class($ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ]) != 'LSattribute' ) {
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_UIDNUMBER_ATTR, 'attr' => 'sambaSID'));
return;
}
$uidNumber = $ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_USER;
$sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $uidNumber;
$uidNumber = $ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_USER;
$sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $uidNumber;
return ($sambaSID);
}
return ($sambaSID);
}
/*
* Generation de sambaPrimaryGroupSID
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
*
* @param[in] $ldapObject L'objet ldap
*
* @retval string sambaPrimaryGroupSID ou false si il y a un problème durant la génération
*/
function generate_sambaPrimaryGroupSID($ldapObject) {
if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) {
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_02',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaPrimaryGroupSID'));
return;
}
* Generation de sambaPrimaryGroupSID
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
*
* @param[in] $ldapObject L'objet ldap
*
* @retval string sambaPrimaryGroupSID ou false si il y a un problème durant la génération
*/
function generate_sambaPrimaryGroupSID($ldapObject) {
if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) {
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_02',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaPrimaryGroupSID'));
return;
}
$gidNumber = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_GROUP;
$sambaPrimaryGroupSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber;
$gidNumber = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_GROUP;
$sambaPrimaryGroupSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber;
return ($sambaPrimaryGroupSID);
}
return ($sambaPrimaryGroupSID);
}
/*
* Generation de sambaNTPassword
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @param[in] $ldapObject L'objet ldap
*
* @retval string sambaNTPassword ou false si il y a un problème durant la génération
*/
function generate_sambaNTPassword($ldapObject) {
* Generation de sambaNTPassword
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @param[in] $ldapObject L'objet ldap
*
* @retval string sambaNTPassword ou false si il y a un problème durant la génération
*/
function generate_sambaNTPassword($ldapObject) {
if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_03',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaNTPassword'));
return;
}
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
$sambapassword = new smbHash;
$sambaNTPassword = $sambapassword -> nthash($password);
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
debug('pwd : '.$password);
$sambapassword = new smbHash;
$sambaNTPassword = $sambapassword -> nthash($password);
if($sambaNTPassword == '') {
return;
}
return $sambaNTPassword;
}
if($sambaNTPassword == '') {
return;
}
return $sambaNTPassword;
}
/*
* Generation de sambaLMPassword
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @param[in] $ldapObject L'objet ldap
*
* @retval string sambaLMPassword ou false si il y a un problème durant la génération
*/
function generate_sambaLMPassword($ldapObject) {
* Generation de sambaLMPassword
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @param[in] $ldapObject L'objet ldap
*
* @retval string sambaLMPassword ou false si il y a un problème durant la génération
*/
function generate_sambaLMPassword($ldapObject) {
if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_04',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaLMPassword'));
return;
}
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
$sambapassword = new smbHash;
$sambaLMPassword = $sambapassword -> lmhash($password);
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
$sambapassword = new smbHash;
$sambaLMPassword = $sambapassword -> lmhash($password);
if($sambaLMPassword == '') {
return;
}
return $sambaLMPassword;
}
if($sambaLMPassword == '') {
return;
}
return $sambaLMPassword;
}
?>

8
trunk/includes/class/class.LSattr_html.php
View file

@ -80,14 +80,6 @@ class LSattr_html {
function addToForm (&$form,$idForm,$data=NULL) {
$GLOBALS['LSerror'] -> addErrorCode(101,$this -> name);
}
function __sleep() {
return ( array_keys( get_object_vars( &$this ) ) );
}
function __wakeup() {
return true;
}
}
?>

4
trunk/includes/class/class.LSattr_html_select_list.php
View file

@ -37,10 +37,10 @@ class LSattr_html_select_list extends LSattr_html{
* @retval LSformElement L'element du formulaire ajouté
*/
function addToForm (&$form,$idForm,$data=NULL) {
if (count($data)>1) {
/*if (count($data)>1) {
$GLOBALS['LSerror'] -> addErrorCode(103,'select_list');
return;
}
}*/
$possible_values=$this -> getPossibleValues();
$this -> config['text_possible_values'] = $possible_values;
$element=$form -> addElement('select', $this -> name, $this -> config['label'],$this -> config);

62
trunk/includes/class/class.LSattr_ldap_password.php
View file

@ -26,38 +26,38 @@
*/
class LSattr_ldap_password extends LSattr_ldap {
var $clearPassword = NULL;
var $clearPassword = NULL;
/**
* Retourne la valeur d'affichage de l'attribut après traitement lié à son type ldap
*
* @param[in] $data mixed La valeur de l'attribut
*
* @retval mixed La valeur d'affichage de l'attribut
*/
/**
* Retourne la valeur d'affichage de l'attribut après traitement lié à son type ldap
*
* @param[in] $data mixed La valeur de l'attribut
*
* @retval mixed La valeur d'affichage de l'attribut
*/
function getDisplayValue($data) {
return '********';
}
/**
* Retourne la valeur de l'attribut après traitement lié à son type ldap
*
* @param[in] $data mixed La valeur de l'attribut
*
* @retval mixed La valeur traitée de l'attribut
*/
/**
* Retourne la valeur de l'attribut après traitement lié à son type ldap
*
* @param[in] $data mixed La valeur de l'attribut
*
* @retval mixed La valeur traitée de l'attribut
*/
function getUpdateData($data) {
$this -> clearPassord = $data[0];
$this -> clearPassword = $data[0];
return '{CRYPT}'.crypt($data[0],'$1$'.$this -> getSalt().'$');
}
/**
* Retourne une salt (chaine de caractère aléatoire) de la longueur passée en paramètre
*
* @param[in] integer La longueur de la salt (par defaut : 8)
*
* @retval string La salt
*/
/**
* Retourne une salt (chaine de caractère aléatoire) de la longueur passée en paramètre
*
* @param[in] integer La longueur de la salt (par defaut : 8)
*
* @retval string La salt
*/
function getSalt($length=8) {
$pattern = "1234567890abcdefghijklmnopqrstuvwxyz";
$key = $pattern{rand(0,35)};
@ -68,14 +68,14 @@ class LSattr_ldap_password extends LSattr_ldap {
return $key;
}
/**
* Retourne le mot de passe en texte clair
*
* @retval string Le mot de passe en texte clair
*/
function getClearPassword() {
return $this -> clearPassword;
}
/**
* Retourne le mot de passe en texte clair
*
* @retval string Le mot de passe en texte clair
*/
function getClearPassword() {
return $this -> clearPassword;
}
}
?>

22
trunk/includes/class/class.LSattribute.php
View file

@ -184,15 +184,19 @@ class LSattribute {
* @param[in] object $form Le formulaire dans lequel doit être ajouté l'attribut
* @param[in] string $idForm L'identifiant du formulaire
* @param[in] objet &$obj Objet utilisable pour la génération de la valeur de l'attribut
* @param[in] array $value valeur de l'élement
*
* @retval boolean true si l'ajout a fonctionner ou qu'il n'est pas nécessaire, false sinon
*/
function addToForm(&$form,$idForm,&$obj=NULL) {
function addToForm(&$form,$idForm,&$obj=NULL,$value=NULL) {
if(isset($this -> config['form'][$idForm])) {
if($this -> myRights() == 'n') {
return true;
}
if($this -> data !='') {
if ($value) {
$data = $value;
}
else if($this -> data !='') {
$data=$this -> getFormVal();
}
else if (isset($this -> config['default_value'])) {
@ -235,6 +239,11 @@ class LSattribute {
return true;
}
/**
* Récupération des droits de l'utilisateur sur l'attribut
*
* @retval string 'r'/'w'/'n' pour 'read'/'write'/'none'
**/
function myRights() {
// cache
if ($this -> _myRights != NULL) {
@ -483,14 +492,7 @@ class LSattribute {
function getDependsAttrs() {
return $this -> config['dependAttrs'];
}
function __sleep() {
return ( array_keys( get_object_vars( &$this ) ) );
}
function __wakeup() {
return true;
}
}
?>

2
trunk/includes/class/class.LSform.php
View file

@ -85,7 +85,7 @@ class LSform {
$GLOBALS['Smarty'] -> assign('LSform_header',$LSform_header);
$LSform_object = array(
'type' => $this -> ldapObject -> getType(),
'dn' => $this -> ldapObject -> getDn()
'dn' => $this -> ldapObject -> getValue('dn')
);
$GLOBALS['Smarty'] -> assign('LSform_object',$LSform_object);
$fields = array();

250
trunk/includes/class/class.LSformElement.php
View file

@ -51,13 +51,13 @@ class LSformElement {
* @param[in] $params mixed Paramètres supplémentaires
*
* @retval true
*/
function LSformElement (&$form, $name, $label, $params){
*/
function LSformElement (&$form, $name, $label, $params){
$this -> name = $name;
$this -> label = $label;
$this -> params = $params;
$this -> form = $form;
return true;
$this -> label = $label;
$this -> params = $params;
$this -> form = $form;
return true;
}
/**
@ -72,15 +72,15 @@ class LSformElement {
* @retval boolean Retourne True
*/
function setValue($data) {
if (!is_array($data)) {
$data=array($data);
}
if (!is_array($data)) {
$data=array($data);
}
$this -> values = $data;
return true;
$this -> values = $data;
return true;
}
/**
/**
* Ajoute une valeur à l'élément
*
* Cette méthode ajoute une valeur à l'élément
@ -92,24 +92,24 @@ class LSformElement {
* @retval void
*/
function addValue($data) {
if (is_array($data)) {
$this -> values = array_merge($this -> values, $data);
}
else {
$this -> values[] = $data;
}
if (is_array($data)) {
$this -> values = array_merge($this -> values, $data);
}
else {
$this -> values[] = $data;
}
}
/**
* Test si l'élément est éditable
*
* Cette méthode test si l'élément est éditable
*
* @retval boolean
*/
function isFreeze(){
return $this -> _freeze;
}
/**
* Test si l'élément est éditable
*
* Cette méthode test si l'élément est éditable
*
* @retval boolean
*/
function isFreeze(){
return $this -> _freeze;
}
/*
* Freeze l'élément
@ -119,7 +119,7 @@ class LSformElement {
* @retval void
*/
function freeze() {
$this -> _freeze = true;
$this -> _freeze = true;
}
/*
@ -130,109 +130,109 @@ class LSformElement {
* @retval void
*/
function setRequired($isRequired=true) {
$this -> _required = $isRequired;
$this -> _required = $isRequired;
}
/*
* Test si l'élément est requis
*
* Cette méthode test si l'élément est requis
*
* @retval boolean
*/
function isRequired(){
return $this -> _required;
}
/*
* Test si l'élément est requis
*
* Cette méthode test si l'élément est requis
*
* @retval boolean
*/
function isRequired(){
return $this -> _required;
}
/**
* Affiche le label de l'élement
*
* @retval void
*/
function displayLabel() {
if ($this -> isRequired()) {
$required=" <span class='required_elements'>*</span>";
}
else {
$required="";
}
echo "\t\t<td>".$this -> getLabel()."$required</td>\n";
}
/**
* Affiche le label de l'élement
*
* @retval void
*/
function displayLabel() {
if ($this -> isRequired()) {
$required=" <span class='required_elements'>*</span>";
}
else {
$required="";
}
echo "\t\t<td>".$this -> getLabel()."$required</td>\n";
}
/**
* Retourne le label de l'élement
*
* @retval void
*/
function getLabelInfos() {
if ($this -> isRequired()) {
$return['required']=true;
}
$return['label'] = $this -> getLabel();
return $return;
}
/**
* Retourne le label de l'élement
*
* @retval void
*/
function getLabelInfos() {
if ($this -> isRequired()) {
$return['required']=true;
}
$return['label'] = $this -> getLabel();
return $return;
}
/**
* Recupère la valeur de l'élement passée en POST
*
* Cette méthode vérifie la présence en POST de la valeur de l'élément et la récupère
* pour la mettre dans le tableau passer en paramètre avec en clef le nom de l'élément
*
* @param[] array Pointeur sur le tableau qui recupèrera la valeur.
*
* @retval boolean true si la valeur est présente en POST, false sinon
*/
function getPostData(&$return) {
if($this -> params['form'][$this -> form -> idForm] != 1) {
return true;
}
if (isset($_POST[$this -> name])) {
if(!is_array($_POST[$this -> name])) {
$_POST[$this -> name] = array($_POST[$this -> name]);
}
foreach($_POST[$this -> name] as $key => $val) {
$return[$this -> name][$key] = $val;
}
return true;
}
else {
$return[$this -> name] = array();
return true;
}
}
/**
* Recupère la valeur de l'élement passée en POST
*
* Cette méthode vérifie la présence en POST de la valeur de l'élément et la récupère
* pour la mettre dans le tableau passer en paramètre avec en clef le nom de l'élément
*
* @param[] array Pointeur sur le tableau qui recupèrera la valeur.
*
* @retval boolean true si la valeur est présente en POST, false sinon
*/
function getPostData(&$return) {
if($this -> isFreeze()) {
return true;
}
if (isset($_POST[$this -> name])) {
if(!is_array($_POST[$this -> name])) {
$_POST[$this -> name] = array($_POST[$this -> name]);
}
foreach($_POST[$this -> name] as $key => $val) {
$return[$this -> name][$key] = $val;
}
return true;
}
else {
$return[$this -> name] = array();
return true;
}
}
/**
* Retourne le label de l'élement
*
* Retourne $this -> label, ou $this -> params['label'], ou $this -> name
*
* @retval string Le label de l'élément
*/
function getLabel() {
if ($this -> label != "") {
return $this -> label;
}
else if ($this -> params['label']) {
return $this -> params['label'];
}
else {
return $this -> name;
}
}
/**
* Retourne le label de l'élement
*
* Retourne $this -> label, ou $this -> params['label'], ou $this -> name
*
* @retval string Le label de l'élément
*/
function getLabel() {
if ($this -> label != "") {
return $this -> label;
}
else if ($this -> params['label']) {
return $this -> params['label'];
}
else {
return $this -> name;
}
}
/**
* Retourne l'HTML pour les boutons d'ajout et de suppression de champs du formulaire LSform
*
* @retval string Le code HTML des boutons
*/
function getMultipleData() {
if ($this -> params['multiple'] == true ) {
return "<img src='templates/images/add.png' id='LSform_add_field_btn_".$this -> name."_".rand()."' class='LSform-add-field-btn' alt='"._('Ajouter')."'/><img src='templates/images/remove.png' class='LSform-remove-field-btn' alt='"._('Supprimer')."'/>";
}
else {
return '';
}
}
/**
* Retourne l'HTML pour les boutons d'ajout et de suppression de champs du formulaire LSform
*
* @retval string Le code HTML des boutons
*/
function getMultipleData() {
if ($this -> params['multiple'] == true ) {
return "<img src='templates/images/add.png' id='LSform_add_field_btn_".$this -> name."_".rand()."' class='LSform-add-field-btn' alt='"._('Ajouter')."'/><img src='templates/images/remove.png' class='LSform-remove-field-btn' alt='"._('Supprimer')."'/>";
}
else {
return '';
}
}
}
?>

57
trunk/includes/class/class.LSformElement_password.php
View file

@ -32,7 +32,7 @@
class LSformElement_password extends LSformElement {
/**
/**
* Recupère la valeur de l'élement passée en POST
*
* Cette méthode vérifie la présence en POST de la valeur de l'élément et la récupère
@ -43,17 +43,17 @@ class LSformElement_password extends LSformElement {
* @retval boolean true si la valeur est présente en POST, false sinon
*/
function getPostData(&$return) {
// Récupère la valeur dans _POST, et les vérifie avec la fonction générale
$retval = parent :: getPostData($return);
// Si une valeur est recupérée
// Récupère la valeur dans _POST, et les vérifie avec la fonction générale
$retval = parent :: getPostData($return);
// Si une valeur est recupérée
if ($retval) {
$val = $this -> form -> ldapObject -> attrs[$this -> name] -> getValue();
if( (empty($return[$this -> name][0]) ) && ( ! empty( $val ) ) ) {
unset($return[$this -> name]);
$this -> form -> _notUpdate[$this -> name] == true;
return true;
}
}
$val = $this -> form -> ldapObject -> attrs[$this -> name] -> getValue();
if( (empty($return[$this -> name][0]) ) && ( ! empty( $val ) ) ) {
unset($return[$this -> name]);
$this -> form -> _notUpdate[$this -> name] == true;
return true;
}
}
return $retval;
}
@ -64,22 +64,25 @@ class LSformElement_password extends LSformElement {
*
* @retval array
*/
function getDisplay(){
$return = $this -> getLabelInfos();
if (!$this -> isFreeze()) {
$return['html'] = "<input type='password' name='".$this -> name."[]' />\n* "._('Modification uniquement').".";
}
else {
if (empty($this -> values)) {
$return['html'] = _('Aucunes valeur definie');
}
else {
$return['html'] = "********";
}
function getDisplay(){
$return = $this -> getLabelInfos();
if (!$this -> isFreeze()) {
$return['html'] = "<input type='password' name='".$this -> name."[]' />\n";
if (!empty($this -> values)) {
$return['html'] .= "* "._('Modification uniquement').".";
}
}
else {
if (empty($this -> values)) {
$return['html'] = _('Aucunes valeur definie');
}
else {
$return['html'] = "********";
}
}
return $return;
}
}
return $return;
}
}
?>

2
trunk/includes/class/class.LSformElement_select.php
View file

@ -50,7 +50,7 @@ class LSformElement_select extends LSformElement {
$multiple_tag='multiple';
}
$return['html'] = "<select name='".$this -> name."' $multiple_tag class='LSform'>\n";
$return['html'] = "<select name='".$this -> name."[]' $multiple_tag class='LSform'>\n";
foreach ($this -> params['text_possible_values'] as $choice_value => $choice_text) {
if (in_array($choice_value, $this -> values)) {
$selected=' selected';

39
trunk/includes/class/class.LSldap.php
View file

@ -212,13 +212,13 @@ class LSldap {
* @retval boolean true si l'objet a bien été mis à jour, false sinon
*/
function update($object_type,$dn,$change) {
debug($change);
debug($change);
if($entry=$this -> getEntry($object_type,$dn)) {
$entry -> replace($change);
$ret = $entry -> update();
if (Net_Ldap::isError($ret)) {
$GLOBALS['LSerror'] -> addErrorCode(5,$dn);
debug('NetLdap-Error : '.$ret->getMessage());
debug('NetLdap-Error : '.$ret->getMessage());
}
else {
return true;
@ -234,16 +234,16 @@ class LSldap {
* Test de bind
*
* Cette methode établie une connexion à l'annuaire Ldap et test un bind
* avec un login et un mot de passe passé en paramètre
* avec un login et un mot de passe passé en paramètre
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @retval boolean true si la connection à réussi, false sinon
*/
function checkBind($dn,$pwd) {
$config = $this -> config;
$config['binddn'] = $dn;
$config['bindpw'] = $pwd;
$config = $this -> config;
$config['binddn'] = $dn;
$config['bindpw'] = $pwd;
$cnx = Net_LDAP::connect($config);
if (Net_LDAP::isError($cnx)) {
return;
@ -251,14 +251,25 @@ class LSldap {
return true;
}
/**
* Retourne l'état de la connexion Ldap
*
* @retval boolean True si le serveur est connecté, false sinon.
*/
function isConnected() {
return ($this -> cnx == NULL)?false:true;
}
/**
* Retourne l'état de la connexion Ldap
*
* @retval boolean True si le serveur est connecté, false sinon.
*/
function isConnected() {
return ($this -> cnx == NULL)?false:true;
}
/**
* Supprime un objet de l'annuaire
*
* @param[in] string DN de l'objet à supprimer
*
* @retval boolean True si l'objet à été supprimé, false sinon
*/
function remove($dn) {
return $this -> cnx -> delete($dn);
}
}

81
trunk/includes/class/class.LSldapObject.php
View file

@ -87,13 +87,16 @@ class LSldapObject {
* @retval boolean true si la chargement a réussi, false sinon.
*/
function loadData($dn) {
$this -> dn = $dn;
$data = $GLOBALS['LSldap'] -> getAttrs($dn);
$this -> dn = $dn;
$data = $GLOBALS['LSldap'] -> getAttrs($dn);
if(!empty($data)) {
foreach($this -> attrs as $attr_name => $attr) {
if(!$this -> attrs[$attr_name] -> loadData($data[$attr_name]))
return;
}
return true;
}
return;
}
/**
@ -166,21 +169,39 @@ class LSldapObject {
* et de chaque attribut.
*
* @param[in] $idForm [<b>required</b>] Identifiant du formulaire a créer
* @param[in] $config Configuration spécifique pour le formulaire
* @param[in] $load DN d'un objet similaire dont la valeur des attribut doit être chargé dans le formulaire.
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @retval LSform Le formulaire crée
*/
function getForm($idForm,$config=array()) {
function getForm($idForm,$load=NULL) {
$GLOBALS['LSsession'] -> loadLSclass('LSform');
$LSform = new LSform($this,$idForm);
$this -> forms[$idForm] = array($LSform,$config);
foreach($this -> attrs as $attr_name => $attr) {
if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this)) {
$LSform -> can_validate = false;
$this -> forms[$idForm] = array($LSform,$load);
if ($load) {
$type = $this -> getType();
$loadObject = new $type();
if (!$loadObject -> loadData($load)) {
$load=false;
}
}
if ($load) {
foreach($this -> attrs as $attr_name => $attr) {
if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this,$loadObject -> getValue($attr_name))) {
$LSform -> can_validate = false;
}
}
}
else {
foreach($this -> attrs as $attr_name => $attr) {
if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this)) {
$LSform -> can_validate = false;
}
}
}
return $LSform;
}
@ -261,7 +282,7 @@ class LSldapObject {
}
else {
$GLOBALS['LSerror'] -> addErrorCode(23,$this -> type_name);
$GLOBALS['LSerror'] -> stop();
return;
}
}
$new_data = $LSform -> exportValues();
@ -276,12 +297,12 @@ class LSldapObject {
if(function_exists($this -> config['before_save'])) {
if(!$this -> config['before_save']($this)) {
$GLOBALS['LSerror'] -> addErrorCode(28,$this -> config['before_save']);
$GLOBALS['LSerror'] -> stop();
return;
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(27,$this -> config['before_save']);
$GLOBALS['LSerror'] -> stop();
return;
}
}
if ($this -> submitChange($idForm)) {
@ -290,16 +311,25 @@ class LSldapObject {
$this -> reloadData();
$this -> refreshForm($idForm);
}
else {
return;
}
if((isset($this -> config['after_save']))&&(!$this -> submitError)) {
if(function_exists($this -> config['after_save'])) {
if(!$this -> config['after_save']($this)) {
$GLOBALS['LSerror'] -> addErrorCode(30,$this -> config['after_save']);
return;
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(29,$this -> config['after_save']);
return;
}
}
return true;
}
else {
return;
}
}
@ -478,6 +508,7 @@ class LSldapObject {
if(!empty($submitData)) {
$dn=$this -> getDn();
if($dn) {
$this -> dn=$dn;
debug($submitData);
return $GLOBALS['LSldap'] -> update($this -> type_name,$dn, $submitData);
}
@ -486,6 +517,9 @@ class LSldapObject {
return;
}
}
else {
return true;
}
}
/**
@ -848,24 +882,35 @@ class LSldapObject {
return $this -> type_name;
}
/**
* Retourne qui est l'utilisateur par rapport à cet object
*
* @retval string 'admin'/'self'/'user' pour Admin , l'utilisateur lui même ou un simple utilisateur
*/
function whoami() {
if (!$this -> _whoami)
$this -> _whoami = $GLOBALS['LSsession'] -> whoami($this -> dn);
return $this -> _whoami;
}
/**
* Retourne le label de l'objet
*
* @retval string Le label de l'objet ($this -> config['label'])
*/
function getLabel() {
return $this -> config['label'];
}
function __sleep() {
return ( array_keys( get_object_vars( &$this ) ) );
}
function __wakeup() {
return true;
/**
* Supprime l'objet dans l'annuaire
*
* @retval boolean True si l'objet à été supprimé, false sinon
*/
function remove() {
return $GLOBALS['LSldap'] -> remove($this -> getDn());
}
}
?>

122
trunk/includes/class/class.LSsession.php
View file

@ -240,10 +240,10 @@ class LSsession {
if (!$this -> LSldapConnect())
return;
$this -> loadLSrights();
$this -> loadLSaccess();
}
$this -> LSuserObject = new $this -> ldapServer['authobject']();
$this -> LSuserObject -> loadData($this -> dn);
$this -> loadLSaccess();
$GLOBALS['Smarty'] -> assign('LSsession_username',$this -> LSuserObject -> getDisplayValue());
return true;
@ -589,16 +589,25 @@ class LSsession {
}
}
/**
* Charge les droits d'accès de l'utilisateur pour construire le menu de l'interface
*
* @retval void
*/
function loadLSaccess() {
$LSaccess = array(
'SELF' => array(
'label' => _('Mon compte'),
'DNs' => $this -> dn
)
);
if ($this -> canAccess($this -> LSuserObject -> getType(),$this -> dn)) {
$LSaccess = array(
'SELF' => array(
'label' => _('Mon compte'),
'DNs' => $this -> dn
)
);
}
else {
$LSaccess = array();
}
foreach ($GLOBALS['LSobjects'] as $objecttype => $objectconf) {
$objectdn = $objectconf['container_dn'].','.$this -> topDn;
if ($this -> isAdmin($objectdn) ) {
if ($this -> canAccess($objecttype) ) {
$LSaccess[$objecttype] = array (
'label' => $objectconf['label'],
'Dns' => 'All'
@ -608,6 +617,13 @@ class LSsession {
$this -> LSaccess = $LSaccess;
}
/**
* Dit si l'utilisateur est admin de le DN spécifié
*
* @param[in] string DN de l'objet
*
* @retval boolean True si l'utilisateur est admin sur l'objet, false sinon.
*/
function isAdmin($dn) {
foreach($this -> LSrights['topDn_admin'] as $topDn_admin) {
if($dn == $topDn_admin) {
@ -620,6 +636,13 @@ class LSsession {
return;
}
/**
* Retourne qui est l'utilisateur par rapport à l'object
*
* @param[in] string Le DN de l'objet
*
* @retval string 'admin'/'self'/'user' pour Admin , l'utilisateur lui même ou un simple utilisateur
*/
function whoami($dn) {
if ($this -> isAdmin($dn)) {
return 'admin';
@ -632,15 +655,51 @@ class LSsession {
return 'user';
}
function canAccess($LSobject,$dn=NULL,$right=NULL) {
/**
* Retourne le droit de l'utilisateur à accèder à un objet
*
* @param[in] string $LSobject Le type de l'objet
* @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut)
* @param[in] string $right Le type de droit d'accès à tester ('r'/'w')
* @param[in] string $attr Le nom de l'attribut auquel on test l'accès
*
* @retval boolean True si l'utilisateur a accès, false sinon
*/
function canAccess($LSobject,$dn=NULL,$right=NULL,$attr=NULL) {
if (!$this -> loadLSobject($LSobject))
return;
if ($dn) {
$whoami = $this -> whoami($dn);
}
else {
$whoami = 'user';
$objectdn=$GLOBALS['LSobjects'][$LSobject]['container_dn'].','.$this -> topDn;
$whoami = $this -> whoami($objectdn);
}
// Pour un attribut particulier
if ($attr) {
if ($attr=='rdn') {
$attr=$GLOBALS['LSobjects'][$LSobject]['rdn'];
}
if (!isset($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr])) {
return;
}
if (($right=='r')||($right=='w')) {
if ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]==$right) {
return true;
}
return;
}
else {
if ( ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]=='r') || ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]=='w') ) {
return true;
}
return;
}
}
// Pour un attribut quelconque
if (is_array($GLOBALS['LSobjects'][$LSobject]['attrs'])) {
if (($right=='r')||($right=='w')) {
foreach ($GLOBALS['LSobjects'][$LSobject]['attrs'] as $attr_name => $attr_config) {
@ -660,17 +719,42 @@ class LSsession {
return;
}
function canEdit($LSobject,$dn=NULL) {
return $this -> canAccess($LSobject,$dn,'w');
/**
* Retourne le droit de l'utilisateur à editer à un objet
*
* @param[in] string $LSobject Le type de l'objet
* @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut)
* @param[in] string $attr Le nom de l'attribut auquel on test l'accès
*
* @retval boolean True si l'utilisateur a accès, false sinon
*/
function canEdit($LSobject,$dn=NULL,$attr=NULL) {
return $this -> canAccess($LSobject,$dn,'w',$attr);
}
/**
* Retourne le droit de l'utilisateur à supprimer un objet
*
* @param[in] string $LSobject Le type de l'objet
* @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut)
*
* @retval boolean True si l'utilisateur a accès, false sinon
*/
function canRemove($LSobject,$dn) {
return $this -> canAccess($LSobject,$dn,'w','rdn');
}
function __sleep() {
return ( array_keys( get_object_vars( &$this ) ) );
}
function __wakeup() {
return true;
/**
* Retourne le droit de l'utilisateur à créer un objet
*
* @param[in] string $LSobject Le type de l'objet
*
* @retval boolean True si l'utilisateur a accès, false sinon
*/
function canCreate($LSobject) {
return $this -> canAccess($LSobject,NULL,'w','rdn');
}
}
?>

175
trunk/lsexample/ls.schema Normal file
View file

@ -0,0 +1,175 @@
# Easter-eggs OID: 1.3.6.1.4.1.10650
# 1.3.6.1.4.1.10650.2 LDAP OID
# 1.3.6.1.4.1.10650.3 Customers OID
#
# 1.3.6.1.4.1.10650.2.1 Ldap Attributes
# 1.3.6.1.4.1.10650.2.1.1 Admin sys Ldap Attributes
# 1.3.6.1.4.1.10650.2.1.2 Dev Ldap Attributes
# 1.3.6.1.4.1.10650.2.1.3 Global Attributes
# 1.3.6.1.4.1.10650.2.2 Ldap Objectclass
# 1.3.6.1.4.1.10650.2.2.1 Admin sys Ldap Objectclass
# 1.3.6.1.4.1.10650.2.2.2 Dev Ldap Objectclass
# 1.3.6.1.4.1.10650.2.2.3 Global OC
# Ost
# 1.3.6.1.4.1.10650.3.1127.2.1 Ldap attributes
# 1.3.6.1.4.1.10650.3.1127.2.2 Ldap OC
# <Ee attributes>
attributetype (1.3.6.1.4.1.10650.2.1.1.1
NAME 'eeallowedservices'
DESC 'List of allowed services'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# </Ee attributes>
# <From qmail schema>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.4 NAME 'mailAlternateAddress'
SUBSTR caseIgnoreSubstringsMatch
DESC 'Secondary (alias) mailaddresses for the same user'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.7914.1.2.1.7 NAME 'mailForwardingAddress'
DESC 'Address(es) to forward all incoming messages to.'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# </From qmail schema>
# <From courier.schema>
attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox'
DESC 'The absolute path to the mailbox for a mail account in a non-default location'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop'
DESC 'RFC822 Mailbox - mail alias'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# </From courier.schema>
# <From postfix>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.5 NAME 'mailQuota'
DESC 'The amount of space the user can use until all further messages get bounced.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
SINGLE-VALUE )
# </From postfix>
# <From gnarwl>
# Original
#attributetype ( 1.3.6.1.4.1.11048.1.1.1.1
# NAME 'vacationActive'
# SINGLE-VALUE
# EQUALITY booleanMatch
# DESC 'A flag, for marking the user as being away'
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
# Ee
attributetype ( 1.3.6.1.4.1.11048.1.1.1.1
NAME 'vacationActive'
SINGLE-VALUE
DESC 'Equal to uid@autoreponse.foo.bar, for marking the user as being away'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.11048.1.1.1.3
NAME 'vacationInfo'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
DESC 'Absentee note to leave behind, while on vacation'
EQUALITY octetStringMatch )
attributetype ( 1.3.6.1.4.1.11048.1.1.1.4
NAME 'vacationStart'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
DESC 'Beginning of vacation'
EQUALITY octetStringMatch )
# Original
#attributetype ( 1.3.6.1.4.1.11048.1.1.1.5
# NAME 'vacationEnd'
# SINGLE-VALUE
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
# DESC 'End of vacation'
# EQUALITY octetStringMatch )
# Ee
attributetype ( 1.3.6.1.4.1.11048.1.1.1.5
NAME 'vacationEnd'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
DESC 'End of vacation'
ORDERING generalizedTimeOrderingMatch
EQUALITY generalizedTimeMatch )
attributetype (1.3.6.1.4.1.11048.1.1.1.10
NAME 'vacationForward'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
DESC 'Where to forward mails to, while on vacation' )
# </From gnarwl>
## Objectclasses
# LS people
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.1
NAME 'lspeople'
DESC 'LS people Objectclass'
STRUCTURAL
MUST ( uid $ cn )
MAY ( jpegPhoto $ sn $ givenName $ postalAddress $ postalCode $ l $ st $ c $ telephoneNumber $ mobile $ fax $ mail $ mailalternateaddress $ personalTitle $ description $ userPassword $ eeallowedservices $ mailforwardingaddress $ maildrop $ mailquota $ mailbox $ vacationActive $ vacationInfo $ vacationEnd $ vacationForward ))
# LS Alias
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.2
NAME 'lsalias'
DESC 'LS alias Objectclass'
STRUCTURAL
MUST ( mail $ maildrop )
MAY ( mailalternateaddress $ description ))
# LS group
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.3
NAME 'lsgroup'
DESC 'LS group Objectclass'
STRUCTURAL
MUST ( cn )
MAY ( uniquemember $ description ))
# LS system account
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.4
NAME 'lssysaccount'
DESC 'LS system account Objectclass'
STRUCTURAL
MUST ( uid )
MAY (userpassword $ description))
# Ost mailbox
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.5
NAME 'lsmailbox'
DESC 'LS custom mailbox Objectclass'
STRUCTURAL
MUST ( uid )
MAY ( userPassword $ description $ eeallowedservices $ maildrop $ mailbox $ mail $ mailalternateaddress $ mailforwardingaddress $ mailquota ))
# Ost computer
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.6
NAME 'lscomputer'
DESC 'LS computer Objectclass'
STRUCTURAL
MUST ( uid ))
# Ost samba domains
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.8
NAME 'lssambadomain'
DESC 'LS samba domain Objectclass'
STRUCTURAL)

604
trunk/lsexample/lsexample.ldif Normal file
View file

@ -0,0 +1,604 @@
dn: o=ls
objectClass: top
objectClass: organization
o: ls
structuralObjectClass: organization
entryUUID: 2229e388-825b-1029-838c-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000001#000#000000
dn: ou=sysaccounts,o=ls
objectClass: top
objectClass: organizationalUnit
ou: sysaccounts
structuralObjectClass: organizationalUnit
entryUUID: 2238a738-825b-1029-838d-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000002#000#000000
dn: ou=people,o=ls
objectClass: top
objectClass: organizationalUnit
ou: people
structuralObjectClass: organizationalUnit
entryUUID: 223b67e8-825b-1029-838e-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000003#000#000000
dn: ou=mailboxes,o=ls
objectClass: top
objectClass: organizationalUnit
ou: mailboxes
structuralObjectClass: organizationalUnit
entryUUID: 2240f622-825b-1029-8390-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000005#000#000000
dn: ou=aliases,o=ls
objectClass: top
objectClass: organizationalUnit
ou: aliases
structuralObjectClass: organizationalUnit
entryUUID: 2243b88a-825b-1029-8391-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000006#000#000000
dn: ou=computers,o=ls
objectClass: top
objectClass: organizationalUnit
ou: computers
structuralObjectClass: organizationalUnit
entryUUID: 22468588-825b-1029-8392-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000007#000#000000
dn: ou=sambadomains,o=ls
objectClass: top
objectClass: organizationalUnit
ou: sambadomains
structuralObjectClass: organizationalUnit
entryUUID: 224cf30a-825b-1029-8394-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000009#000#000000
dn: sambaDomainName=LS_NT,ou=sambadomains,o=ls
objectClass: top
objectClass: lssambadomain
objectClass: sambaDomain
sambaDomainName: LS_NT
sambaSID: S-1-5-21-2421470416-3566881284-3047381809
structuralObjectClass: lssambadomain
entryUUID: 2250d4ac-825b-1029-8395-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#00000a#000#000000
dn: ou=groups,o=ls
objectClass: top
objectClass: organizationalUnit
ou: groups
structuralObjectClass: organizationalUnit
entryUUID: 224947d2-825b-1029-8393-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000008#000#000000
dn: cn=adminldap,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: adminldap
gidNumber: 70000
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-70000
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 226bb240-825b-1029-8396-b10e837060e0
creatorsName: cn=anonymous
createTimestamp: 20050706111625Z
uniqueMember: uid=eeggs,ou=people,o=ls
entryCSN: 20080211142717.746402Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20080211142717Z
dn: uid=mail,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: mail
structuralObjectClass: lssysaccount
userPassword: toto
entryUUID: 22958d72-825b-1029-839c-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111625Z
modifyTimestamp: 20050706111625Z
entryCSN: 20050706111625.000000Z#000007#000#000000
dn: uid=ftp,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: ftp
structuralObjectClass: lssysaccount
userPassword: toto
entryUUID: 22a46608-825b-1029-839d-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111625Z
modifyTimestamp: 20050706111625Z
entryCSN: 20050706111625.000000Z#000008#000#000000
dn: uid=http,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: http
structuralObjectClass: lssysaccount
userPassword: toto
entryUUID: 22a7274e-825b-1029-839e-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111625Z
modifyTimestamp: 20050706111625Z
entryCSN: 20050706111625.000000Z#000009#000#000000
dn: uid=samba,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: samba
structuralObjectClass: lssysaccount
entryUUID: 22a9f44c-825b-1029-839f-b10e837060e0
creatorsName: cn=anonymous
createTimestamp: 20050706111625Z
userPassword: toto
entryCSN: 20050706115506.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20050706115506Z
dn: uid=ldapsaisie,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: ldapsaisie
structuralObjectClass: lssysaccount
userPassword: toto
entryUUID: 22acb6aa-825b-1029-83a0-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111625Z
modifyTimestamp: 20050706111625Z
entryCSN: 20050706111625.000000Z#00000b#000#000000
dn: uid=nss,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: nss
structuralObjectClass: lssysaccount
entryUUID: 22b06d40-825b-1029-83a1-b10e837060e0
creatorsName: cn=anonymous
createTimestamp: 20050706111625Z
userPassword: toto
entryCSN: 20050706115152.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20050706115152Z
dn: uid=eeggs,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: sambaSamAccount
uid: eeggs
uidNumber: 100000
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-201000
structuralObjectClass: lspeople
entryUUID: 22b70a42-825b-1029-83a3-b10e837060e0
creatorsName: cn=anonymous
createTimestamp: 20050706111625Z
gidNumber: 102009
mail: eeggs@ldapsaisie.biz
facsimileTelephoneNumber: 030000000
vacationInfo: Je suis absent pour le moment
vacationEnd: 20070101000000Z
vacationForward: brenard@easter-eggs.com
eeallowedservices: MAIL
eeallowedservices: FTP
description: Utilisateur test Easter-eggs
cn: Easter Eggs
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205019
mailbox: eeggs/
personalTitle: M.
userPassword: toto
sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE
sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0
mailQuota: 5
homeDirectory: /home/eeggs
loginShell: /bin/false
givenName: Easter
maildrop: eeggs@ldapsaisie.biz
vacationActive:
sn: Eggs
entryCSN: 20080211134602.394624Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20080211134602Z
dn: uid=invite,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: sambaSamAccount
uid: invite
cn: Utilisateur de passage
givenName: Utilisateur
sn: de passage
homeDirectory: /home/invite
loginShell: /bin/false
uidNumber: 101012
gidNumber: 101009
userPassword: toto
sambaAcctFlags: [U ]
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-203019
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203024
mailbox: invite/
mailQuota: 52428800
eeallowedservices: MAIL
eeallowedservices: SAMBA
eeallowedservices: FTP
mail: invite@ldapsaisie.biz
maildrop: invite@ldapsaisie.biz
structuralObjectClass: lspeople
entryUUID: 233dd144-825b-1029-9a9d-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111626Z
sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
entryCSN: 20050706133832.000000Z#000008#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20050706133832Z
dn: uid=hmartin,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: sambaSamAccount
uid: hmartin
homeDirectory: /home/com
loginShell: /bin/false
uidNumber: 101022
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203044
structuralObjectClass: lspeople
entryUUID: 234393a4-825b-1029-9a9f-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111626Z
givenName: Henri
sn: MARTIN
gidNumber: 102001
mail: henri.martin@ldapsaisie.biz
maildrop: henri.martin@ldapsaisie.biz
mailAlternateAddress: hmartin@ldapsaisie.biz
vacationEnd: 20060101000000Z
mailQuota: 52428800
eeallowedservices: MAIL
eeallowedservices: SAMBA
eeallowedservices: FTP
cn: Henri MARTIN
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003
mailbox: hmartin/
personalTitle: M.
userPassword: toto
sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE
sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0
entryCSN: 20080211164417.161923Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20080211164417Z
dn: uid=secretariat,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: sambaSamAccount
uid: secretariat
homeDirectory: /home/secretariat
loginShell: /bin/false
uidNumber: 101036
userPassword: toto
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203072
structuralObjectClass: lspeople
entryUUID: 239920bc-825b-1029-9abb-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111627Z
sambaNTPassword: 8DB716B655D71DF6BD056A41B22B9EA9
sambaLMPassword: 6CE56DC112C920EF0F5E44C88BF9DC39
givenName: Secretariat
sn: Secretariat
gidNumber: 70513
mail: secretariat@ldapsaisie.biz
maildrop: secretariat@ldapsaisie.biz
vacationEnd: 20050101000000Z
mailQuota: 52428800
eeallowedservices: MAIL
eeallowedservices: SAMBA
eeallowedservices: FTP
cn: Secretariat Secretariat
mailbox: secretariat/
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-513
entryCSN: 20050706144306.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20050706144306Z
dn: uid=ls,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: sambaSamAccount
uid: ls
homeDirectory: /home/ls
loginShell: /bin/false
uidNumber: 101068
userPassword: toto
sambaAcctFlags: [U ]
sambaLMPassword: 6E72264E11F708C0AAD3B435B51404EE
sambaNTPassword: 8D9B9B87EE8C0423691F4F0E00C5BDE1
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203136
structuralObjectClass: lspeople
entryUUID: 23afa346-825b-1029-9ac3-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111627Z
givenName: _
sn: LdapSaisie
gidNumber: 102001
mail: ls@ldapsaisie.biz
maildrop: ls@ldapsaisie.biz
vacationEnd: 20060101000000Z
mailQuota: 52428800
eeallowedservices: MAIL
eeallowedservices: SAMBA
eeallowedservices: FTP
cn: LS
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003
mailbox: ls/
entryCSN: 20061212145541.000000Z#000001#000#000000
modifiersName: uid=catbo,ou=people,o=ls
modifyTimestamp: 20061212145541Z
dn: cn=invite,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: invite
gidNumber: 101009
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203019
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 2425636a-825b-1029-9ae1-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111628Z
entryCSN: 20070308165544.000000Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20070308165544Z
dn: cn=ls,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: ls
gidNumber: 102001
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205003
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 242bef1e-825b-1029-9ae3-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111628Z
uniqueMember: uid=secretariat,ou=people,o=ls
entryCSN: 20080211142555.171664Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20080211142555Z
dn: cn=informatique,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 102009
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205019
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 2438d9d6-825b-1029-9ae7-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111628Z
cn: informatique
uniqueMember: uid=eeggs,ou=people,o=ls
entryCSN: 20070309093000.000000Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20070309093000Z
dn: cn=direction,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: direction
gidNumber: 102007
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205015
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 243f7a34-825b-1029-9ae9-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111628Z
entryCSN: 20070309093009.000000Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20070309093009Z
dn: cn=administratif,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: administratif
gidNumber: 102005
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205011
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 245e0cb0-825b-1029-9af4-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111628Z
entryCSN: 20070308180424.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20070308180424Z
dn: cn=communication,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: communication
gidNumber: 102003
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205007
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 2460db34-825b-1029-9af5-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111628Z
entryCSN: 20070308180413.000000Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20070308180413Z
dn: uid=spam,ou=mailboxes,o=ls
uid: spam
userPassword: toto
mailQuota: 104857600
eeallowedservices: MAIL
mail: spam@ldapsaisie.biz
maildrop: spam@ldapsaisie.biz
mailbox: spam/
objectClass: top
objectClass: lsmailbox
structuralObjectClass: lsmailbox
entryUUID: c88b9eb4-8301-1029-9567-dda2c03231d0
creatorsName: uid=eeggs,ou=people,o=ls
createTimestamp: 20050707070920Z
entryCSN: 20050707070920.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20050707070920Z
dn: uid=virus,ou=mailboxes,o=ls
uid: virus
userPassword: toto
mailbox: virus/
objectClass: top
objectClass: lsmailbox
structuralObjectClass: lsmailbox
entryUUID: 974dac8c-8303-1029-9569-dda2c03231d0
creatorsName: uid=eeggs,ou=people,o=ls
createTimestamp: 20050707072216Z
mailQuota: 104857600
eeallowedservices: MAIL
mail: virus@ldapsaisie.biz
maildrop: virus@ldapsaisie.biz
entryCSN: 20050707072249.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20050707072249Z
dn: uid=gnarwl,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: gnarwl
structuralObjectClass: lssysaccount
entryUUID: f55954e0-fdcc-1029-9d72-de06c303d7ef
creatorsName: uid=eeggs,ou=people,o=ls
createTimestamp: 20051210133105Z
userPassword: toto
entryCSN: 20051210133237.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20051210133237Z
dn: mail=informatique@ldapsaisie.biz,ou=aliases,o=ls
objectClass: top
objectClass: lsalias
structuralObjectClass: lsalias
entryUUID: 081e6612-fdd0-1029-9d73-de06c303d7ef
creatorsName: uid=eeggs,ou=people,o=ls
createTimestamp: 20051210135305Z
mail: informatique@ldapsaisie.biz
description: Service Informatique
maildrop: eeggs@ldapsaisie.biz
entryCSN: 20051210141428.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20051210141428Z
dn: uid=erwpa,ou=people,o=ls
uid: erwpa
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: sambaSamAccount
uidNumber: 101082
sambaAcctFlags: [U ]
homeDirectory: /home/erwpa
loginShell: /bin/false
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203164
structuralObjectClass: lspeople
entryUUID: aa7fcb30-b1a3-102a-875e-dcce935f6f2c
sn: PAGEARD
gidNumber: 102009
mail: erwan.page@ldapsaisie.biz
maildrop: erwan.page@ldapsaisie.biz
vacationEnd: 20060101000000Z
eeallowedservices: MAIL
eeallowedservices: SAMBA
eeallowedservices: FTP
cn: Erwan PAGE
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205019
mailbox: erwpa/
personalTitle: M.
givenName: Erwan
userPassword: toto
sambaLMPassword: BAC14D04669EE1D1AAD3B435B51404EE
sambaNTPassword: FBBF55D0EF0E34D39593F55C5F2CA5F2
entryCSN: 20080211170049.821887Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20080211170049Z
dn: cn=test,ou=groups,o=ls
cn: test
description: test BR
objectClass: top
objectClass: lsgroup
objectClass: sambaGroupMapping
objectClass: posixGroup
sambaGroupType: 2
gidNumber: 102012
sambaSID: 42
structuralObjectClass: lsgroup
entryUUID: 91b290d2-6117-102b-9c6f-91889acd20dc
creatorsName: uid=eeggs,ou=people,o=ls
createTimestamp: 20070307164933Z
entryCSN: 20070308165811.000000Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20070308165811Z

208
trunk/lsexample/permissions-ls.conf Normal file
View file

@ -0,0 +1,208 @@
## Racine
access to dn.regex="^o=ls$" attrs="entry,children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * read
## Sysaccounts
### Ajout d'entrees par les admins
access to dn.regex="^ou=sysaccounts,o=ls$" attrs="children"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
### Les admins peuvent modifier le mot de passe, les autres peuvent s'en servir pour l'authentification
access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs="userPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by anonymous auth
by * none
### Les admins peuvent modifier tous les attributs, les autres ne voient rien
access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * none
## Aliases
### Ajout d'entrees par les admins
access to dn.regex="^ou=aliases,o=ls$" attrs="children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * read
access to dn.regex="^mail=[^,]+,ou=aliases,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * read
### Les admins peuvent modifier tous les attributs, tout le monde peut voir
access to dn.regex="^mail=[^,]+,ou=aliases,o=ls$"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * read
## Mailboxes
### Ajout d'entrees par les admins
access to dn.regex="^ou=mailboxes,o=ls$" attrs="children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * read
access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * read
### Les admins peuvent modifier le mot de passe, les autres peuvent s'en servir pour l'authentification
access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="userPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by anonymous auth
by * none
### Les admins peuvent modifier ces attributs, l'appli mail le voir, les autres aucun droits
access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="mailbox,mailforwardingaddress"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=mail,ou=sysaccounts,o=ls" read
by * none
### Les admins peuvent modifier ces attributs, les authentifies peuvent les voir
access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="uid,description,mail,mailalternateaddress,mailquota,eeallowedservices"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * read
## Groups
### Ajout d'entrees par les admins
access to dn.regex="^ou=groups,o=ls$" attrs="children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
access to dn.regex="^cn=[^,]+,ou=groups,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
### Les admins peuvent tout modifier, les authentifies peuvent tout voir
access to dn.regex="^cn=[^,]+,ou=groups,o=ls$"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
## Peoples
### Ajout d'entrees par les admins
access to dn.regex="^ou=people,o=ls$" attrs="children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * read
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * read
### Les admins peuvent modifier le mot de passe, samba le mettre à jour, les autres peuvent s'en servir pour l'authentification
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="userPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by self write
by anonymous auth
by * none
### Les admins peuvent modifier ces attributs, l'appli mail les voir, les autres aucun droits
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="mailbox"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=mail,ou=sysaccounts,o=ls" read
by * none
### Les admins peuvent modifier ces attributs, les authentifies peuvent les voir
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="uid,mailquota,eeallowedservices,uidNumber,gidNumber,homeDirectory,loginShell,sambaSID,sambaAcctFlags,sambaPrimaryGroupSID"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
### Les admins peuvent modifier ces attributs, le proprio aussi, gnarwl peut les modifier et mail les voir
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="mailforwardingaddress"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=gnarwl,ou=sysaccounts,o=ls" write
by self write
by dn="uid=mail,ou=sysaccounts,o=ls" read
by * none
### Les admins peuvent modifier ces attributs, le proprio aussi, les authentifies peuvent les voir, gnarwl peut les modifier
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="vacationActive"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=gnarwl,ou=sysaccounts,o=ls" write
by self write
by users read
by * none
### Les admins peuvent modifier ces attributs, le proprio aussi, mail et gnarwl peuvent les voir
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="vacationForward"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by self write
by dn="uid=mail,ou=sysaccounts,o=ls" read
by dn="uid=gnarwl,ou=sysaccounts,o=ls" read
by * none
### Les admins peuvent modifier ces attributs, le proprio aussi, samba aussi
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="sambaLMPassword,sambaNTPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by self write
by * none
### Les admins peuvent modifier ces attributs, le proprio aussi, les authentifies peuvent les voir
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="c,cn,jpegPhoto,personalTitle,sn,givenName,postalAddress,postalCode,l,st,telephoneNumber,mobile,fax,mail,mailalternateaddress,maildrop,description,vacationInfo,vacationEnd"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by self write
by users read
by * read
## Computers
### Ajout d'entrees par les admins
access to dn.regex="^ou=computers,o=ls$" attrs="children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by users read
by * none
access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by users read
by * none
### Les admins peuvent modifier ces attributs, samba peut les voir
access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="sambaLMPassword,sambaNTPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by * none
### Les admins peuvent modifier ces attributs, les authentifiés peuvent les voir
access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="cn,uid,uidNumber,gidNumber,homeDirectory,sambaSID,sambaPrimaryGroupSID,sambaAcctFlags,sambaPwdCanChange,sambaPwdMustChange,sambaPwdLastSet"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by users read
by * none
## Les authentifies peuvent voir les noeuds et les admins peuvent en ajouter
access to * attrs="entry"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
## SambaDomains
### Ajout d'entrees par les admins
access to dn.regex="^ou=sambadomains,o=ls$"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" read
by users read
by * none
## Le reste
access to *
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * none

28
trunk/lsexample/slapd.conf Normal file
View file

@ -0,0 +1,28 @@
include /etc/ldap/schema/ls.schema
database bdb
suffix "o=ls"
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/ls
# Indices to maintain
index objectClass eq
index uid pres,eq
index uidNumber eq
index gidNumber eq
index eeallowedservices eq
index cn pres,eq
index mail pres,eq
index mailalternateaddress pres,eq
index sambasid eq
index sambaDomainName eq
index memberUid eq
# Save the time that the entry gets modified, for database #1
lastmod on
include /etc/ldap/permissions-ls.conf

68
trunk/modify.php
View file

@ -30,31 +30,67 @@ if($LSsession -> startLSsession()) {
// Définition du Titre de la page
$GLOBALS['Smarty'] -> assign('pagetitle',_('Modifier'));
// Création d'un LSobject
if (class_exists($_GET['LSobject'])) {
debug('me : '.$GLOBALS['LSsession'] -> whoami($_GET['dn']));
if ( $GLOBALS['LSsession'] -> whoami($_GET['dn']) != 'user' ) {
$object = new $_GET['LSobject']();
if ($object -> loadData($_GET['dn'])) {
$form = $object -> getForm('test');
if ($form->validate()) {
// MàJ des données de l'objet LDAP
$object -> updateData('test');
if (isset($_POST['LSform_objecttype'])) {
$LSobject = $_POST['LSform_objecttype'];
}
else if (isset($_GET['LSobject'])) {
$LSobject = $_GET['LSobject'];
}
if (isset($_POST['LSform_objectdn'])) {
$dn = $_POST['LSform_objectdn'];
}
else if (isset($_GET['dn'])) {
$dn = $_GET['dn'];
}
if ((isset($dn)) && (isset($LSobject)) ) {
// Création d'un LSobject
if (class_exists($LSobject)) {
if ( $GLOBALS['LSsession'] -> canEdit($LSobject,$dn) ) {
$LSview_actions[] = array(
'label' => _('Voir'),
'url' =>'view.php?LSobject='.$LSobject.'&amp;dn='.$dn,
'action' => 'view'
);
if ($GLOBALS['LSsession'] -> canRemove($LSobject,$dn)) {
$LSview_actions[] = array(
'label' => _('Supprimer'),
'url' => 'remove.php?LSobject='.$LSobject.'&amp;dn='.$dn,
'action' => 'delete'
);
}
$object = new $LSobject();
if ($object -> loadData($dn)) {
$form = $object -> getForm('modify');
if ($form->validate()) {
// MàJ des données de l'objet LDAP
if ($object -> updateData('modify')) {
header('Location: view.php?LSobject='.$LSobject.'&dn='.$object -> getDn());
}
}
$GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
$GLOBALS['LSsession'] -> setTemplate('modify.tpl');
$form -> display();
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1011);
}
$form -> display();
}
else debug('erreur durant le chargement du dn');
else {
$GLOBALS['LSerror'] -> addErrorCode(1011);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1011);
$GLOBALS['LSerror'] -> addErrorCode(21);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(21);
$GLOBALS['LSerror'] -> addErrorCode(1012);
}
// Template
$GLOBALS['LSsession'] -> setTemplate('modify.tpl');
}
else {
$GLOBALS['LSsession'] -> setTemplate('login.tpl');

78
trunk/remove.php Normal file
View file

@ -0,0 +1,78 @@
<?php
/*******************************************************************************
* Copyright (C) 2007 Easter-eggs
* http://ldapsaisie.labs.libre-entreprise.org
*
* Author: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
******************************************************************************/
require_once 'includes/functions.php';
require_once 'includes/class/class.LSsession.php';
$GLOBALS['LSsession'] = new LSsession();
if($LSsession -> startLSsession()) {
if ((isset($_GET['LSobject'])) && (isset($_GET['dn']))) {
if ($GLOBALS['LSsession'] -> loadLSobject($_GET['LSobject'])) {
if ( $GLOBALS['LSsession'] -> canRemove($_GET['LSobject'],$_GET['dn']) ) {
$object = new $_GET['LSobject']();
if ($object -> loadData($_GET['dn'])) {
if (isset($_GET['valid'])) {
$objectname=$object -> getDisplayValue();
$GLOBALS['Smarty'] -> assign('pagetitle',_('Suppression').' : '.$objectname);
if ($object -> remove()) {
$GLOBALS['Smarty'] -> assign('question',$objectname.' '._('a bien été supprimé').'.');
}
else {
$GLOBALS['LSerror'] -> addErrorCode(35,$objectname);
}
}
else {
// Définition du Titre de la page
$GLOBALS['Smarty'] -> assign('pagetitle',_('Suppresion').' : '.$object -> getDisplayValue());
$GLOBALS['Smarty'] -> assign('question',_('Voulez-vous vraiment supprimer').' <strong>'.$object -> getDisplayValue().'</strong> ?');
$GLOBALS['Smarty'] -> assign('validation_url','remove.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$_GET['dn'].'&amp;valid');
$GLOBALS['Smarty'] -> assign('validation_txt',_('Valider'));
}
$GLOBALS['LSsession'] -> setTemplate('question.tpl');
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1012);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1011);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(21);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1012);
}
}
else {
$GLOBALS['LSsession'] -> setTemplate('login.tpl');
}
// Affichage des retours d'erreurs
$GLOBALS['LSsession'] -> displayTemplate();
?>

52
trunk/templates/create.tpl Normal file
View file

@ -0,0 +1,52 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
<link rel="stylesheet" type="text/css" href="templates/css/base.css" media="screen" title="Normal" />
{$LSsession_css}
{$LSsession_js}
</head>
<body>
<div id='LSerror'>
{$LSerrors}
</div>
<div id='LSdebug'>
<a href='#' id='LSdebug_hidden'>X</a>
<div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
</div>
<div id='main'>
<div id='left'>
<img src='templates/images/logo.png' alt='Logo' id='logo'/>
<ul class='menu'>
{foreach from=$LSaccess item=item key=LSobject}
<li class='menu'><a href='view.php?LSobject={$LSobject}' class='menu'>{$item.label}</a></li>
{/foreach}
</ul>
</div>
<div id='right'>
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
<form action='{$LSform_action}' method='post' class='LSform'>
{$LSform_header}
<dl class='LSform'>
{foreach from=$LSform_fields item=field}
<dt class='LSform'>{$field.label}</dt>
<dd class='LSform'>{$field.html}{if $field.add != ''} <span class='LSform-addfield'>+ Ajouter un champ</span>{/if}</dd>
{if $field.errors != ''}
{foreach from=$field.errors item=error}
<dd class='LSform LSform-errors'>{$error}</dd>
{/foreach}
{/if}
{/foreach}
<dd class='LSform'><input type='submit' value='{$LSform_submittxt}' class='LSform' /></dd>
</dl>
</form>
</div>
<hr class='spacer' />
</div>
</body>
</html>

17
trunk/templates/css/LSform.css
View file

@ -1,20 +1,3 @@
p.LSform-view-actions {
text-align: right;
font-size: 0.8em;
margin: 0.2em;
margin-right: 3em;
color: #0072b8;
}
a.LSform-view-actions {
text-decoration: none;
color: #0072b8;
}
a.LSform-view-actions:hover {
text-decoration: underline;
}
dl.LSform {
margin: 0;
margin-left: 2em;

22
trunk/templates/css/base.css
View file

@ -114,6 +114,10 @@ td.LSobject-list-actions {
width: 7em;
}
td.LSobject-list-names {
cursor: pointer;
}
p.LSobject-list-page {
text-align: center;
margin: 0.5em;
@ -132,3 +136,21 @@ a.LSobject-list-page:hover {
strong.LSobject-list-page {
color: #0072b8;
}
p.LSview-actions {
text-align: right;
font-size: 0.8em;
margin: 0.2em;
margin-right: 3em;
color: #0072b8;
}
p.question {
margin-left: 3em;
}
a.question {
margin-left: 10em;
margin-top: 3em;
color: #0072b8;
}

BIN
trunk/templates/images/clear.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 773 B

0
trunk/templates/images/edit.png → trunk/templates/images/copy.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 498 B

After

Width:  |  Height:  |  Size: 498 B

BIN
trunk/templates/images/create.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 477 B

BIN
trunk/templates/images/delete.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 655 B

BIN
trunk/templates/images/logout.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 805 B

After

Width:  |  Height:  |  Size: 799 B

BIN
trunk/templates/images/modify.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 317 B

8
trunk/templates/modify.tpl
View file

@ -29,7 +29,13 @@
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
<p class='LSform-view-actions'><a href='view.php?LSobject={$LSform_object.type}&amp;dn={$LSform_object.dn}' class='LSform-view-actions'>Voir</a></p>
{if $LSview_actions != ''}
<p class='LSview-actions'>
{foreach from=$LSview_actions item=item}
<a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
{/foreach}
</p>
{/if}
<form action='{$LSform_action}' method='post' class='LSform'>
{$LSform_header}

45
trunk/templates/question.tpl Normal file
View file

@ -0,0 +1,45 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
<link rel="stylesheet" type="text/css" href="templates/css/base.css" media="screen" title="Normal" />
{$LSsession_css}
{$LSsession_js}
</head>
<body>
<div id='LSerror'>
{$LSerrors}
</div>
<div id='LSdebug'>
<a href='#' id='LSdebug_hidden'>X</a>
<div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
</div>
<div id='main'>
<div id='left'>
<img src='templates/images/logo.png' alt='Logo' id='logo'/>
<ul class='menu'>
{foreach from=$LSaccess item=item key=LSobject_type}
<li class='menu'><a href='view.php?LSobject={$LSobject_type}' class='menu'>{$item.label}</a></li>
{/foreach}
</ul>
</div>
<div id='right'>
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
{if $LSview_actions != ''}
<p class='LSview-actions'>
{foreach from=$LSview_actions item=item}
<a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
{/foreach}
</p>
{/if}
<p class='question'>{$question}</p>
{if $validation_txt!=''}<a href='{$validation_url}' class='question'>Valider</a>{/if}
</div>
<hr class='spacer' />
</div>
</body>
</html>

9
trunk/templates/view.tpl
View file

@ -28,7 +28,14 @@
<div id='right'>
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
{if $LSform_canEdit == 'true'}<p class='LSform-view-actions'><a href='modify.php?LSobject={$LSform_object.type}&amp;dn={$LSform_object.dn}' class='LSform-view-actions'>Modifier</a></p>{/if}
{if $LSview_actions != ''}
<p class='LSview-actions'>
{foreach from=$LSview_actions item=item}
<a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
{/foreach}
</p>
{/if}
<dl class='LSform'>
{foreach from=$LSform_fields item=field}
<dt class='LSform'>{$field.label}</dt>

16
trunk/templates/viewList.tpl
View file

@ -28,6 +28,14 @@
<div id='right'>
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
{if $LSview_actions != ''}
<p class='LSview-actions'>
{foreach from=$LSview_actions item=item}
<a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
{/foreach}
</p>
{/if}
<table class='LSobject-list'>
<tr class='LSobject-list'>
<th class='LSobject-list'>{$LSobject_list_objectname}</th>
@ -36,7 +44,13 @@
{foreach from=$LSobject_list item=object}
<tr class='LSobject-list'>
<td class='LSobject-list LSobject-list-names'><a href='view.php?LSobject={$LSobject_list_objecttype}&amp;dn={$object.dn}' class='LSobject-list'>{$object.displayValue}</a> </td>
<td class='LSobject-list LSobject-list-actions'>{if $object.canEdit}<a href='modify.php?LSobject={$LSobject_list_objecttype}&amp;dn={$object.dn}' class='LSobject-list-actions'><img src='templates/images/edit.png' alt='{$_Modifier}' title='{$_Modifier}'/></a>{/if}</td>
<td class='LSobject-list LSobject-list-actions'>
{if $object.actions!=''}
{foreach from=$object.actions item=item}
<a href='{$item.url}' class='LSobject-list-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}'/></a>
{/foreach}
{/if}
</td>
</tr>
{/foreach}
</table>

222
trunk/view.php
View file

@ -28,82 +28,174 @@ require_once 'includes/class/class.LSsession.php';
$GLOBALS['LSsession'] = new LSsession();
if($LSsession -> startLSsession()) {
$LSobject = $_GET['LSobject'];
if ( $LSobject == 'SELF' ) {
if ($GLOBALS['LSsession'] -> canAccess($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
if ( $GLOBALS['LSsession'] -> canEdit($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
$GLOBALS['Smarty'] -> assign('LSform_canEdit',true);
if (isset($_GET['LSobject'])) {
$LSobject = $_GET['LSobject'];
if ( $LSobject == 'SELF' ) {
if ($GLOBALS['LSsession'] -> canAccess($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
if ( $GLOBALS['LSsession'] -> canEdit($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn')) ) {
$LSview_actions[] = array (
'label' => _('Modifier'),
'url' => 'modify.php?LSobject='.$GLOBALS['LSsession']-> LSuserObject -> getType().'&amp;dn='.$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'),
'action' => 'modify'
);
}
if ($GLOBALS['LSsession'] -> canCreate($GLOBALS['LSsession']-> LSuserObject -> getType())) {
$LSview_actions[] = array(
'label' => _('Copier'),
'url' =>'create.php?LSobject='.$GLOBALS['LSsession']-> LSuserObject -> getType().'&amp;load='.$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'),
'action' => 'copy'
);
}
if ($GLOBALS['LSsession'] -> canRemove($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
$LSview_actions[] = array (
'label' => _('Supprimer'),
'url' => 'remove.php?LSobject='.$GLOBALS['LSsession']-> LSuserObject -> getType().'&amp;dn='.$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'),
'action' => 'delete'
);
}
$GLOBALS['Smarty'] -> assign('pagetitle',_('Mon compte'));
$GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
$form = $GLOBALS['LSsession']-> LSuserObject -> getView();
$form -> displayView();
$GLOBALS['LSsession'] -> setTemplate('view.tpl');
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1004,$_GET['LSobject']);
}
$GLOBALS['Smarty'] -> assign('pagetitle',_('Mon compte'));
$form = $GLOBALS['LSsession']-> LSuserObject -> getView();
$form -> displayView();
$GLOBALS['LSsession'] -> setTemplate('view.tpl');
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1004,$_GET['LSobject']);
}
}
else {
if ( $GLOBALS['LSsession'] -> loadLSobject($_GET['LSobject']) ) {
if ( isset($_GET['dn']) ) {
if ($GLOBALS['LSsession'] -> canAccess($_GET['LSobject'],$_GET['dn'])) {
if ( $GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$_GET['dn']) ) {
$GLOBALS['Smarty'] -> assign('LSform_canEdit','true');
if ( $GLOBALS['LSsession'] -> loadLSobject($_GET['LSobject']) ) {
if ( isset($_GET['dn']) ) {
if ($GLOBALS['LSsession'] -> canAccess($_GET['LSobject'],$_GET['dn'])) {
if ( $GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$_GET['dn']) ) {
$LSview_actions[] = array(
'label' => _('Modifier'),
'url' =>'modify.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$_GET['dn'],
'action' => 'modify'
);
}
if ($GLOBALS['LSsession'] -> canCreate($_GET['LSobject'])) {
$LSview_actions[] = array(
'label' => _('Copier'),
'url' =>'create.php?LSobject='.$_GET['LSobject'].'&amp;load='.$_GET['dn'],
'action' => 'copy'
);
}
if ($GLOBALS['LSsession'] -> canRemove($_GET['LSobject'],$_GET['dn'])) {
$LSview_actions[] = array(
'label' => _('Supprimer'),
'url' => 'remove.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$_GET['dn'],
'action' => 'delete'
);
}
$object = new $_GET['LSobject']();
$object -> loadData($_GET['dn']);
$view = $object -> getView();
$view -> displayView();
$GLOBALS['Smarty'] -> assign('pagetitle',$object -> getDisplayValue());
$GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
$GLOBALS['LSsession'] -> setTemplate('view.tpl');
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1011);
}
$object = new $_GET['LSobject']();
$object -> loadData($_GET['dn']);
$view = $object -> getView();
$view -> displayView();
$GLOBALS['LSsession'] -> setTemplate('view.tpl');
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1011);
$objectList=array();
$object = new $_GET['LSobject']();
$GLOBALS['Smarty']->assign('pagetitle',$object -> getLabel());
$GLOBALS['Smarty']->assign('LSobject_list_objectname',$object -> getLabel());
if ($GLOBALS['LSsession'] -> canCreate($_GET['LSobject'])) {
$LSview_actions[] = array (
'label' => _('Nouveau'),
'url' => 'create.php?LSobject='.$_GET['LSobject'],
'action' => 'create'
);
$canCopy=true;
}
$list=$object -> listObjects();
$nbObjects=count($list);
if ($nbObjects > NB_LSOBJECT_LIST) {
if (isset($_GET['page'])) {
$list = array_slice($list, ($_GET['page']) * NB_LSOBJECT_LIST, NB_LSOBJECT_LIST);
$GLOBALS['Smarty']->assign('LSobject_list_currentpage',$_GET['page']);
$GLOBALS['Smarty']->assign('LSobject_list_nbpage',ceil($nbObjects / NB_LSOBJECT_LIST));
}
else {
$list = array_slice($list, 0, NB_LSOBJECT_LIST);
$GLOBALS['Smarty']->assign('LSobject_list_currentpage',0);
$GLOBALS['Smarty']->assign('LSobject_list_nbpage',ceil($nbObjects / NB_LSOBJECT_LIST));
}
}
foreach($list as $thisObject) {
unset($actions);
if ($GLOBALS['LSsession'] -> canAccess($_GET['LSobject'],$thisObject->getValue('dn'))) {
$actions[] = array(
'label' => _('Voir'),
'url' =>'view.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$thisObject -> getValue('dn'),
'action' => 'view'
);
if ($GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$thisObject->getValue('dn'))) {
$actions[]=array(
'label' => _('Modifier'),
'url' => 'modify.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$thisObject->getValue('dn'),
'action' => 'modify'
);
}
if ($canCopy) {
$actions[] = array(
'label' => _('Copier'),
'url' =>'create.php?LSobject='.$_GET['LSobject'].'&amp;load='.$thisObject -> getValue('dn'),
'action' => 'copy'
);
}
if ($GLOBALS['LSsession'] -> canRemove($thisObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
$actions[] = array (
'label' => _('Supprimer'),
'url' => 'remove.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$thisObject -> getValue('dn'),
'action' => 'delete'
);
}
$objectList[]=array(
'dn' => $thisObject->getValue('dn'),
'displayValue' => $thisObject->getDisplayValue(),
'actions' => $actions
);
}
else {
debug($thisObject->getValue('dn'));
}
}
$GLOBALS['LSsession'] -> addJSscript('LSview.js');
$GLOBALS['Smarty']->assign('_Actions',_('Actions'));
$GLOBALS['Smarty']->assign('_Modifier',_('Modifier'));
$GLOBALS['Smarty']->assign('LSobject_list',$objectList);
$GLOBALS['Smarty']->assign('LSobject_list_objecttype',$_GET['LSobject']);
$GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
$GLOBALS['LSsession'] -> setTemplate('viewList.tpl');
}
}
else {
$objectList=array();
$object = new $_GET['LSobject']();
$GLOBALS['Smarty']->assign('pagetitle',$object -> getLabel());
$GLOBALS['Smarty']->assign('LSobject_list_objectname',$object -> getLabel());
$list=$object -> listObjects();
$nbObjects=count($list);
if ($nbObjects > NB_LSOBJECT_LIST) {
if (isset($_GET['page'])) {
$list = array_slice($list, ($_GET['page']) * NB_LSOBJECT_LIST, NB_LSOBJECT_LIST);
$GLOBALS['Smarty']->assign('LSobject_list_currentpage',$_GET['page']);
$GLOBALS['Smarty']->assign('LSobject_list_nbpage',ceil($nbObjects / NB_LSOBJECT_LIST));
}
else {
$list = array_slice($list, 0, NB_LSOBJECT_LIST);
$GLOBALS['Smarty']->assign('LSobject_list_currentpage',0);
$GLOBALS['Smarty']->assign('LSobject_list_nbpage',ceil($nbObjects / NB_LSOBJECT_LIST));
}
}
foreach($list as $thisObject) {
if ($GLOBALS['LSsession'] -> canAccess($_GET['LSobject'],$thisObject->getValue('dn'))) {
$objectList[]=array(
'dn' => $thisObject->getValue('dn'),
'displayValue' => $thisObject->getDisplayValue(),
'canEdit' => $GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$thisObject->getValue('dn'))
);
}
else {
debug($thisObject->getValue('dn'));
}
}
$GLOBALS['LSsession'] -> addJSscript('LSview.js');
$GLOBALS['Smarty']->assign('_Actions',_('Actions'));
$GLOBALS['Smarty']->assign('_Modifier',_('Modifier'));
$GLOBALS['Smarty']->assign('LSobject_list',$objectList);
$GLOBALS['Smarty']->assign('LSobject_list_objecttype',$_GET['LSobject']);
$GLOBALS['LSsession'] -> setTemplate('viewList.tpl');
$GLOBALS['LSerror'] -> addErrorCode(1004,$_GET['LSobject']);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1004,$_GET['LSobject']);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1012);
}
}
else {