diff --git a/trunk/conf/LSobjects/config.LSobjects.LSeecompany.php b/trunk/conf/LSobjects/config.LSobjects.LSeecompany.php index a63b2cf1..c5ad5936 100644 --- a/trunk/conf/LSobjects/config.LSobjects.LSeecompany.php +++ b/trunk/conf/LSobjects/config.LSobjects.LSeecompany.php @@ -43,7 +43,8 @@ $GLOBALS['LSobjects']['LSeecompany'] = array ( 'admin' => 'w' ), 'form' => array ( - 'test' => 1 + 'modify' => 1, + 'create' => 1 ) ), 'dc' => array ( @@ -57,7 +58,8 @@ $GLOBALS['LSobjects']['LSeecompany'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1 + 'modify' => 1, + 'create' => 1 ) ) ) diff --git a/trunk/conf/LSobjects/config.LSobjects.LSeegroup.php b/trunk/conf/LSobjects/config.LSobjects.LSeegroup.php index 3fe24d32..d49eecf0 100644 --- a/trunk/conf/LSobjects/config.LSobjects.LSeegroup.php +++ b/trunk/conf/LSobjects/config.LSobjects.LSeegroup.php @@ -22,6 +22,7 @@ $GLOBALS['LSobjects']['LSeegroup'] = array ( 'objectclass' => array( + 'lsgroup', 'posixGroup' ), 'rdn' => 'cn', @@ -51,7 +52,8 @@ $GLOBALS['LSobjects']['LSeegroup'] = array ( 'admin' => 'w' ), 'form' => array ( - 'test' => 1 + 'modify' => 1, + 'create' => 1 ) ), 'gidNumber' => array ( @@ -59,6 +61,7 @@ $GLOBALS['LSobjects']['LSeegroup'] = array ( 'ldap_type' => 'numeric', 'html_type' => 'text', 'required' => 1, + 'generate_function' => 'generate_gidNumber', 'validation' => array ( array ( 'filter' => 'gidNumber=%{val}', @@ -71,7 +74,7 @@ $GLOBALS['LSobjects']['LSeegroup'] = array ( 'admin' => 'w' ), 'form' => array ( - 'test' => 1 + 'modify' => 1 ) ), 'uniqueMember' => array ( @@ -91,10 +94,10 @@ $GLOBALS['LSobjects']['LSeegroup'] = array ( 'admin' => 'w' ), 'form' => array ( - 'test' => 1 + 'modify' => 1, + 'create' => 1 ), 'possible_values' => array( - 'aucun' => _('-- Selectionner --'), 'OTHER_OBJECT' => array( 'object_type' => 'LSeepeople', // Nom de l'objet à lister 'display_attribute' => '%{cn} (%{uidNumber})', // Spécifie le attributs à lister pour le choix, diff --git a/trunk/conf/LSobjects/config.LSobjects.LSeepeople.php b/trunk/conf/LSobjects/config.LSobjects.LSeepeople.php index 948c4e4c..5d0b329c 100644 --- a/trunk/conf/LSobjects/config.LSobjects.LSeepeople.php +++ b/trunk/conf/LSobjects/config.LSobjects.LSeepeople.php @@ -23,6 +23,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( 'objectclass' => array( 'top', + 'lspeople', 'posixAccount', 'sambaSamAccount', ), @@ -58,8 +59,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 0, - 'add' => 1 + 'modify' => 0, + 'create' => 1 ) ), 'uidNumber' => array ( @@ -86,7 +87,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 0, + 'modify' => 0, ) ), 'cn' => array ( @@ -103,8 +104,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, - 'add' => 1 + 'modify' => 1, + 'create' => 1 ) ), 'givenName' => array ( @@ -125,8 +126,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, - 'add' => 1 + 'modify' => 1, + 'create' => 1 ), 'onDisplay' => 'return_data' ), @@ -135,15 +136,15 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( 'ldap_type' => 'ascii', 'html_type' => 'text', 'required' => 1, - 'rights' => array( // Définition de droits : 'r' => lecture / 'w' => modification / '' => aucun (par defaut) - 'self' => 'w', // définition des droits de l'utilisateur sur lui même - 'user' => 'r', // définition des droits de tout les utilisateurs + 'rights' => array( + 'self' => 'w', + 'user' => 'r', 'admin' => 'w' ), 'view' => 1, 'form' => array ( - 'test' => 1, - 'add' => 1 + 'modify' => 1, + 'create' => 1 ) ), 'gidNumber' => array ( @@ -166,8 +167,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, - 'add' => 1 + 'modify' => 1, + 'create' => 1 ), 'possible_values' => array( 'OTHER_OBJECT' => array( @@ -200,8 +201,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, - 'add' => 1 + 'modify' => 1, + 'create' => 1 ), 'possible_values' => array( '/bin/false' => _('Aucun'), @@ -218,7 +219,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( 'admin' => 'r' ), 'form' => array ( - //'test' => 0, + //'modify' => 0, ) ), 'homeDirectory' => array ( @@ -233,7 +234,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, + 'modify' => 1, ) ), 'mail' => array ( @@ -253,8 +254,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, - 'add' => 1 + 'modify' => 1, + 'create' => 1 ) ), 'personalTitle' => array ( @@ -270,8 +271,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, - 'add' => 1 + 'modify' => 1, + 'create' => 1 ), 'possible_values' => array( 'M.' => 'M.', @@ -295,7 +296,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, + 'modify' => 1, ) ), 'vacationActive' => array ( @@ -315,7 +316,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, + 'modify' => 1, ), 'possible_values' => array( '' => 'Non', @@ -333,7 +334,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, + 'modify' => 1, ) ), 'vacationForward' => array ( @@ -352,7 +353,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, + 'modify' => 1, ) ), 'mailQuota' => array ( @@ -370,7 +371,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, + 'modify' => 1, ) ), 'description' => array ( @@ -384,7 +385,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( ), 'view' => 1, 'form' => array ( - 'test' => 1, + 'modify' => 1, + 'create' => 1 ) ), 'userPassword' => array ( @@ -401,23 +403,29 @@ $GLOBALS['LSobjects']['LSeepeople'] = array ( 'sambaNTPassword' ), 'form' => array ( - 'test' => 1, - 'add' => 1 + 'modify' => 1, + 'create' => 1 ) ), 'sambaLMPassword' => array ( 'label' => _('Mot de passe Samba (LM)'), 'ldap_type' => 'ascii', - 'html_type' => 'password', + 'html_type' => 'text', 'required' => 1, - 'generate_function' => 'generate_sambaLMPassword' + 'generate_function' => 'generate_sambaLMPassword', + 'form' => array ( + 'modify' => 0 + ) ), 'sambaNTPassword' => array ( 'label' => _('Mot de passe Samba (NT)'), 'ldap_type' => 'ascii', - 'html_type' => 'password', + 'html_type' => 'text', 'required' => 1, - 'generate_function' => 'generate_sambaNTPassword' + 'generate_function' => 'generate_sambaNTPassword', + 'form' => array ( + 'modify' => 0 + ) ) ) ); diff --git a/trunk/conf/config.error_code.php b/trunk/conf/config.error_code.php index f45b6eac..d34348ff 100644 --- a/trunk/conf/config.error_code.php +++ b/trunk/conf/config.error_code.php @@ -104,6 +104,10 @@ $GLOBALS['LSerror_code'] = array ( 'msg' => _("LSldapObject : L'attribut %{attr_depend} dépendant de l'attribut %{attr} n'existe pas."), 'level' => 'w' ), + 35 => array ( + 'msg' => _("LSldapObject : Erreur durant la suppression de %{objectname}."), + 'level' => 'c' + ), // LSldapObject 41 => array ( @@ -238,6 +242,11 @@ $GLOBALS['LSerror_code'] = array ( 1011 => array ( 'msg' => _("LSsession : Vous n'êtes pas authorisé à effectuer cette action."), 'level' => 'c' + ), + 1012 => array ( + 'msg' => _("LSsession : Des informations sont manquantes pour l'affichage de cette page."), + 'level' => 'c' ) + ); ?> diff --git a/trunk/conf/config.inc.php b/trunk/conf/config.inc.php index 969c1382..c866b6b6 100644 --- a/trunk/conf/config.inc.php +++ b/trunk/conf/config.inc.php @@ -28,13 +28,13 @@ $GLOBALS['LSconfig'] = array( 'cacheLSrights' => true, 'ldap_servers' => array ( array ( - 'name' => 'Ldap 1', + 'name' => 'LSexample', 'ldap_config'=> array( 'host' => '127.0.0.1', 'port' => 389, 'version' => 3, 'starttls' => false, - 'binddn' => 'uid=toto,ou=people,o=ls', + 'binddn' => 'uid=eeggs,ou=people,o=ls', 'bindpw' => 'toto', 'basedn' => 'o=ls', 'options' => array(), @@ -42,9 +42,11 @@ $GLOBALS['LSconfig'] = array( 'scope' => 'sub' ), 'LSadmins' => array ( - 'o=ost' => array ( - 'uid=toto,ou=people,o=ls' => NULL, - 'cn=adminldap,ou=groups,o=ost' => array ( + 'o=ls' => array ( + 'uid=eeggs,ou=people,o=ls' => NULL + ), + 'ou=people,o=ls' => array ( + 'cn=adminldap,ou=groups,o=ls' => array ( 'attr' => 'uniqueMember', 'LSobject' => 'LSeegroup' ) @@ -76,7 +78,7 @@ $GLOBALS['LSconfig'] = array( ); //Debug -$GLOBALS['LSdebug']['active'] = false; +$GLOBALS['LSdebug']['active'] = true; // Définitions des locales $textdomain = 'ldapsaisie'; diff --git a/trunk/create.php b/trunk/create.php new file mode 100644 index 00000000..f3c4bea1 --- /dev/null +++ b/trunk/create.php @@ -0,0 +1,79 @@ + startLSsession()) { + + if (isset($_POST['LSform_objecttype'])) { + $LSobject = $_POST['LSform_objecttype']; + } + else if (isset($_GET['LSobject'])) { + $LSobject = $_GET['LSobject']; + } + + if (isset($LSobject)) { + // Création d'un LSobject + if (class_exists($LSobject)) { + if ( $GLOBALS['LSsession'] -> canCreate($LSobject) ) { + $object = new $LSobject(); + + if ($_GET['load']!='') { + $form = $object -> getForm('create',$_GET['load']); + } + else { + $form = $object -> getForm('create'); + } + if ($form->validate()) { + // MàJ des données de l'objet LDAP + if ($object -> updateData('create')) { + header('Location: view.php?LSobject='.$LSobject.'&dn='.$object -> getDn()); + } + } + // Définition du Titre de la page + $GLOBALS['Smarty'] -> assign('pagetitle',_('Nouveau').' : '.$object -> getLabel()); + $GLOBALS['LSsession'] -> setTemplate('create.tpl'); + $form -> display(); + } + else { + $GLOBALS['LSerror'] -> addErrorCode(1011); + } + } + else { + $GLOBALS['LSerror'] -> addErrorCode(21); + } + } + else { + $GLOBALS['LSerror'] -> addErrorCode(1012); + } + +} +else { + $GLOBALS['LSsession'] -> setTemplate('login.tpl'); +} + +// Affichage des retours d'erreurs +$GLOBALS['LSsession'] -> displayTemplate(); +?> diff --git a/trunk/includes/addons/LSaddons.samba.php b/trunk/includes/addons/LSaddons.samba.php index b5a8c9e1..5afbab1c 100644 --- a/trunk/includes/addons/LSaddons.samba.php +++ b/trunk/includes/addons/LSaddons.samba.php @@ -22,200 +22,201 @@ /* - * Données de configuration pour le support SAMBA - */ + * Données de configuration pour le support SAMBA + */ - // SID du domaine Samba géré - define('LS_SAMBA_DOMAIN_SID','S-1-5-21-2421470416-3566881284-3047381809'); + // SID du domaine Samba géré + define('LS_SAMBA_DOMAIN_SID','S-1-5-21-2421470416-3566881284-3047381809'); - // Nombre de base pour le calcul des sambaSID Utilisateur - define('LS_SAMBA_SID_BASE_USER',1000); + // Nombre de base pour le calcul des sambaSID Utilisateur + define('LS_SAMBA_SID_BASE_USER',1000); - // Nombre de base pour le calcul des sambaSID Groupe - define('LS_SAMBA_SID_BASE_GROUP',1001); + // Nombre de base pour le calcul des sambaSID Groupe + define('LS_SAMBA_SID_BASE_GROUP',1001); - /* + /* * NB : C'est deux nombres doivent être pour l'un paire et pour l'autre impaire - * pour conserver l'unicité des SID - */ + * pour conserver l'unicité des SID + */ - // Nom de l'attribut LDAP uidNumber - define('LS_SAMBA_UIDNUMBER_ATTR','uidNumber'); + // Nom de l'attribut LDAP uidNumber + define('LS_SAMBA_UIDNUMBER_ATTR','uidNumber'); - // Nom de l'attribut LDAP gidNumber - define('LS_SAMBA_GIDNUMBER_ATTR','gidNumber'); + // Nom de l'attribut LDAP gidNumber + define('LS_SAMBA_GIDNUMBER_ATTR','gidNumber'); - // Nom de l'attribut LDAP userPassword - define('LS_SAMBA_USERPASSWORD_ATTR','userPassword'); + // Nom de l'attribut LDAP userPassword + define('LS_SAMBA_USERPASSWORD_ATTR','userPassword'); - // Message d'erreur + // Message d'erreur - $GLOBALS['error_code']['SAMBA_SUPPORT_01']= array ( - 'msg' => _("SAMBA Support : la classe smHash ne peut pas être chargée."), - 'level' => 'c' - ); - $GLOBALS['error_code']['SAMBA_SUPPORT_02']= array ( - 'msg' => _("SAMBA Support : La constante %{const} n'est pas définie."), - 'level' => 'c' - ); + $GLOBALS['error_code']['SAMBA_SUPPORT_01']= array ( + 'msg' => _("SAMBA Support : la classe smHash ne peut pas être chargée."), + 'level' => 'c' + ); + $GLOBALS['error_code']['SAMBA_SUPPORT_02']= array ( + 'msg' => _("SAMBA Support : La constante %{const} n'est pas définie."), + 'level' => 'c' + ); - $GLOBALS['error_code']['SAMBA_SUPPORT_03']= array ( - 'msg' => _("SAMBA Support : Les constantes LS_SAMBA_SID_BASE_USER et LS_SAMBA_SID_BASE_GROUP ne doivent pas avoir la même parité pour l'unicité des sambaSID."), - 'level' => 'c' - ); + $GLOBALS['error_code']['SAMBA_SUPPORT_03']= array ( + 'msg' => _("SAMBA Support : Les constantes LS_SAMBA_SID_BASE_USER et LS_SAMBA_SID_BASE_GROUP ne doivent pas avoir la même parité pour l'unicité des sambaSID."), + 'level' => 'c' + ); - $GLOBALS['error_code']['SAMBA_01']= array ( - 'msg' => _("SAMBA Support : L'attribut %{dependency} est introuvable. Impossible de générer l'attribut %{attr}."), - 'level' => 'c' - ); - + $GLOBALS['error_code']['SAMBA_01']= array ( + 'msg' => _("SAMBA Support : L'attribut %{dependency} est introuvable. Impossible de générer l'attribut %{attr}."), + 'level' => 'c' + ); + /* - * Fin des données de configuration - */ + * Fin des données de configuration + */ /* * Verification du support Samba par ldapSaisie - * - * @author Benjamin Renard - * - * @retval boolean true si Samba est pleinement supporté, false sinon - */ - function LSaddon_samba_support() { - - $retval=true; + * + * @author Benjamin Renard + * + * @retval boolean true si Samba est pleinement supporté, false sinon + */ + function LSaddon_samba_support() { + + $retval=true; - // Dependance de librairie - if ( !class_exists('smbHash') ) { - if ( ! @include_once(LS_LIB_DIR . 'class.smbHash.php') ) { - $GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O1'); - $retval=false; - } - } + // Dependance de librairie + if ( !class_exists('smbHash') ) { + if ( ! @include_once(LS_LIB_DIR . 'class.smbHash.php') ) { + $GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O1'); + $retval=false; + } + } - $MUST_DEFINE_CONST= array( - 'LS_SAMBA_DOMAIN_SID', - 'LS_SAMBA_SID_BASE_USER', - 'LS_SAMBA_SID_BASE_GROUP', - 'LS_SAMBA_UIDNUMBER_ATTR', - 'LS_SAMBA_GIDNUMBER_ATTR', - 'LS_SAMBA_USERPASSWORD_ATTR' - ); + $MUST_DEFINE_CONST= array( + 'LS_SAMBA_DOMAIN_SID', + 'LS_SAMBA_SID_BASE_USER', + 'LS_SAMBA_SID_BASE_GROUP', + 'LS_SAMBA_UIDNUMBER_ATTR', + 'LS_SAMBA_GIDNUMBER_ATTR', + 'LS_SAMBA_USERPASSWORD_ATTR' + ); - foreach($MUST_DEFINE_CONST as $const) { - if ( constant($const) == '' ) { - $GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O2',$const); - $retval=false; - } - } + foreach($MUST_DEFINE_CONST as $const) { + if ( constant($const) == '' ) { + $GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O2',$const); + $retval=false; + } + } - // Pour l'intégrité des SID - if ( (LS_SAMBA_SID_BASE_USER % 2) == (LS_SAMBA_SID_BASE_GROUP % 2) ) { - $GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O3'); - $retval=false; - } - - return $retval; - } + // Pour l'intégrité des SID + if ( (LS_SAMBA_SID_BASE_USER % 2) == (LS_SAMBA_SID_BASE_GROUP % 2) ) { + $GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O3'); + $retval=false; + } + + return $retval; + } /* - * Generation de sambaSID - * - * @author Benjamin Renard - * - * Number = LS_SAMBA_UIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_USER - * sambaSID = LS_SAMBA_DOMAIN_SID-Number - * - * @param[in] $ldapObject L'objet ldap - * - * @retval string SambaSID ou false si il y a un problème durant la génération - */ - function generate_sambaSID($ldapObject) { - if ( get_class($ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ]) != 'LSattribute' ) { - $GLOBALS['LSerror'] -> addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_UIDNUMBER_ATTR, 'attr' => 'sambaSID')); - return; - } + * Generation de sambaSID + * + * @author Benjamin Renard + * + * Number = LS_SAMBA_UIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_USER + * sambaSID = LS_SAMBA_DOMAIN_SID-Number + * + * @param[in] $ldapObject L'objet ldap + * + * @retval string SambaSID ou false si il y a un problème durant la génération + */ + function generate_sambaSID($ldapObject) { + if ( get_class($ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ]) != 'LSattribute' ) { + $GLOBALS['LSerror'] -> addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_UIDNUMBER_ATTR, 'attr' => 'sambaSID')); + return; + } - $uidNumber = $ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_USER; - $sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $uidNumber; + $uidNumber = $ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_USER; + $sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $uidNumber; - return ($sambaSID); - } + return ($sambaSID); + } /* - * Generation de sambaPrimaryGroupSID - * - * @author Benjamin Renard - * - * Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP - * sambaSID = LS_SAMBA_DOMAIN_SID-Number - * - * @param[in] $ldapObject L'objet ldap - * - * @retval string sambaPrimaryGroupSID ou false si il y a un problème durant la génération - */ - function generate_sambaPrimaryGroupSID($ldapObject) { - if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) { - $GLOBALS['LSerror'] -> addErrorCode('SAMBA_02',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaPrimaryGroupSID')); - return; - } + * Generation de sambaPrimaryGroupSID + * + * @author Benjamin Renard + * + * Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP + * sambaSID = LS_SAMBA_DOMAIN_SID-Number + * + * @param[in] $ldapObject L'objet ldap + * + * @retval string sambaPrimaryGroupSID ou false si il y a un problème durant la génération + */ + function generate_sambaPrimaryGroupSID($ldapObject) { + if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) { + $GLOBALS['LSerror'] -> addErrorCode('SAMBA_02',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaPrimaryGroupSID')); + return; + } - $gidNumber = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_GROUP; - $sambaPrimaryGroupSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber; + $gidNumber = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_GROUP; + $sambaPrimaryGroupSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber; - return ($sambaPrimaryGroupSID); - } + return ($sambaPrimaryGroupSID); + } /* - * Generation de sambaNTPassword - * - * @author Benjamin Renard - * - * @param[in] $ldapObject L'objet ldap - * - * @retval string sambaNTPassword ou false si il y a un problème durant la génération - */ - function generate_sambaNTPassword($ldapObject) { + * Generation de sambaNTPassword + * + * @author Benjamin Renard + * + * @param[in] $ldapObject L'objet ldap + * + * @retval string sambaNTPassword ou false si il y a un problème durant la génération + */ + function generate_sambaNTPassword($ldapObject) { if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) { $GLOBALS['LSerror'] -> addErrorCode('SAMBA_03',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaNTPassword')); return; } - $password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword(); - $sambapassword = new smbHash; - $sambaNTPassword = $sambapassword -> nthash($password); + $password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword(); + debug('pwd : '.$password); + $sambapassword = new smbHash; + $sambaNTPassword = $sambapassword -> nthash($password); - if($sambaNTPassword == '') { - return; - } - return $sambaNTPassword; - } + if($sambaNTPassword == '') { + return; + } + return $sambaNTPassword; + } /* - * Generation de sambaLMPassword - * - * @author Benjamin Renard - * - * @param[in] $ldapObject L'objet ldap - * - * @retval string sambaLMPassword ou false si il y a un problème durant la génération - */ - function generate_sambaLMPassword($ldapObject) { + * Generation de sambaLMPassword + * + * @author Benjamin Renard + * + * @param[in] $ldapObject L'objet ldap + * + * @retval string sambaLMPassword ou false si il y a un problème durant la génération + */ + function generate_sambaLMPassword($ldapObject) { if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) { $GLOBALS['LSerror'] -> addErrorCode('SAMBA_04',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaLMPassword')); return; } - $password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword(); - $sambapassword = new smbHash; - $sambaLMPassword = $sambapassword -> lmhash($password); + $password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword(); + $sambapassword = new smbHash; + $sambaLMPassword = $sambapassword -> lmhash($password); - if($sambaLMPassword == '') { - return; - } - return $sambaLMPassword; - } + if($sambaLMPassword == '') { + return; + } + return $sambaLMPassword; + } ?> diff --git a/trunk/includes/class/class.LSattr_html.php b/trunk/includes/class/class.LSattr_html.php index 394e39df..17cafeb2 100644 --- a/trunk/includes/class/class.LSattr_html.php +++ b/trunk/includes/class/class.LSattr_html.php @@ -80,14 +80,6 @@ class LSattr_html { function addToForm (&$form,$idForm,$data=NULL) { $GLOBALS['LSerror'] -> addErrorCode(101,$this -> name); } - - function __sleep() { - return ( array_keys( get_object_vars( &$this ) ) ); - } - - function __wakeup() { - return true; - } } ?> diff --git a/trunk/includes/class/class.LSattr_html_select_list.php b/trunk/includes/class/class.LSattr_html_select_list.php index 1c21248c..a06392ba 100644 --- a/trunk/includes/class/class.LSattr_html_select_list.php +++ b/trunk/includes/class/class.LSattr_html_select_list.php @@ -37,10 +37,10 @@ class LSattr_html_select_list extends LSattr_html{ * @retval LSformElement L'element du formulaire ajouté */ function addToForm (&$form,$idForm,$data=NULL) { - if (count($data)>1) { + /*if (count($data)>1) { $GLOBALS['LSerror'] -> addErrorCode(103,'select_list'); return; - } + }*/ $possible_values=$this -> getPossibleValues(); $this -> config['text_possible_values'] = $possible_values; $element=$form -> addElement('select', $this -> name, $this -> config['label'],$this -> config); diff --git a/trunk/includes/class/class.LSattr_ldap_password.php b/trunk/includes/class/class.LSattr_ldap_password.php index 385968f2..05718c7d 100644 --- a/trunk/includes/class/class.LSattr_ldap_password.php +++ b/trunk/includes/class/class.LSattr_ldap_password.php @@ -26,38 +26,38 @@ */ class LSattr_ldap_password extends LSattr_ldap { - var $clearPassword = NULL; + var $clearPassword = NULL; - /** - * Retourne la valeur d'affichage de l'attribut après traitement lié à son type ldap - * - * @param[in] $data mixed La valeur de l'attribut - * - * @retval mixed La valeur d'affichage de l'attribut - */ + /** + * Retourne la valeur d'affichage de l'attribut après traitement lié à son type ldap + * + * @param[in] $data mixed La valeur de l'attribut + * + * @retval mixed La valeur d'affichage de l'attribut + */ function getDisplayValue($data) { return '********'; } - /** - * Retourne la valeur de l'attribut après traitement lié à son type ldap - * - * @param[in] $data mixed La valeur de l'attribut - * - * @retval mixed La valeur traitée de l'attribut - */ + /** + * Retourne la valeur de l'attribut après traitement lié à son type ldap + * + * @param[in] $data mixed La valeur de l'attribut + * + * @retval mixed La valeur traitée de l'attribut + */ function getUpdateData($data) { - $this -> clearPassord = $data[0]; + $this -> clearPassword = $data[0]; return '{CRYPT}'.crypt($data[0],'$1$'.$this -> getSalt().'$'); } - /** - * Retourne une salt (chaine de caractère aléatoire) de la longueur passée en paramètre - * - * @param[in] integer La longueur de la salt (par defaut : 8) - * - * @retval string La salt - */ + /** + * Retourne une salt (chaine de caractère aléatoire) de la longueur passée en paramètre + * + * @param[in] integer La longueur de la salt (par defaut : 8) + * + * @retval string La salt + */ function getSalt($length=8) { $pattern = "1234567890abcdefghijklmnopqrstuvwxyz"; $key = $pattern{rand(0,35)}; @@ -68,14 +68,14 @@ class LSattr_ldap_password extends LSattr_ldap { return $key; } - /** - * Retourne le mot de passe en texte clair - * - * @retval string Le mot de passe en texte clair - */ - function getClearPassword() { - return $this -> clearPassword; - } + /** + * Retourne le mot de passe en texte clair + * + * @retval string Le mot de passe en texte clair + */ + function getClearPassword() { + return $this -> clearPassword; + } } ?> diff --git a/trunk/includes/class/class.LSattribute.php b/trunk/includes/class/class.LSattribute.php index b9fa1b9f..4aaf5785 100644 --- a/trunk/includes/class/class.LSattribute.php +++ b/trunk/includes/class/class.LSattribute.php @@ -184,15 +184,19 @@ class LSattribute { * @param[in] object $form Le formulaire dans lequel doit être ajouté l'attribut * @param[in] string $idForm L'identifiant du formulaire * @param[in] objet &$obj Objet utilisable pour la génération de la valeur de l'attribut + * @param[in] array $value valeur de l'élement * * @retval boolean true si l'ajout a fonctionner ou qu'il n'est pas nécessaire, false sinon */ - function addToForm(&$form,$idForm,&$obj=NULL) { + function addToForm(&$form,$idForm,&$obj=NULL,$value=NULL) { if(isset($this -> config['form'][$idForm])) { if($this -> myRights() == 'n') { return true; } - if($this -> data !='') { + if ($value) { + $data = $value; + } + else if($this -> data !='') { $data=$this -> getFormVal(); } else if (isset($this -> config['default_value'])) { @@ -235,6 +239,11 @@ class LSattribute { return true; } + /** + * Récupération des droits de l'utilisateur sur l'attribut + * + * @retval string 'r'/'w'/'n' pour 'read'/'write'/'none' + **/ function myRights() { // cache if ($this -> _myRights != NULL) { @@ -483,14 +492,7 @@ class LSattribute { function getDependsAttrs() { return $this -> config['dependAttrs']; } - - function __sleep() { - return ( array_keys( get_object_vars( &$this ) ) ); - } - - function __wakeup() { - return true; - } + } ?> diff --git a/trunk/includes/class/class.LSform.php b/trunk/includes/class/class.LSform.php index 45a21118..5713f781 100644 --- a/trunk/includes/class/class.LSform.php +++ b/trunk/includes/class/class.LSform.php @@ -85,7 +85,7 @@ class LSform { $GLOBALS['Smarty'] -> assign('LSform_header',$LSform_header); $LSform_object = array( 'type' => $this -> ldapObject -> getType(), - 'dn' => $this -> ldapObject -> getDn() + 'dn' => $this -> ldapObject -> getValue('dn') ); $GLOBALS['Smarty'] -> assign('LSform_object',$LSform_object); $fields = array(); diff --git a/trunk/includes/class/class.LSformElement.php b/trunk/includes/class/class.LSformElement.php index c15343fc..6ddcc885 100644 --- a/trunk/includes/class/class.LSformElement.php +++ b/trunk/includes/class/class.LSformElement.php @@ -51,13 +51,13 @@ class LSformElement { * @param[in] $params mixed Paramètres supplémentaires * * @retval true - */ - function LSformElement (&$form, $name, $label, $params){ + */ + function LSformElement (&$form, $name, $label, $params){ $this -> name = $name; - $this -> label = $label; - $this -> params = $params; - $this -> form = $form; - return true; + $this -> label = $label; + $this -> params = $params; + $this -> form = $form; + return true; } /** @@ -72,15 +72,15 @@ class LSformElement { * @retval boolean Retourne True */ function setValue($data) { - if (!is_array($data)) { - $data=array($data); - } + if (!is_array($data)) { + $data=array($data); + } - $this -> values = $data; - return true; + $this -> values = $data; + return true; } - /** + /** * Ajoute une valeur à l'élément * * Cette méthode ajoute une valeur à l'élément @@ -92,24 +92,24 @@ class LSformElement { * @retval void */ function addValue($data) { - if (is_array($data)) { - $this -> values = array_merge($this -> values, $data); - } - else { - $this -> values[] = $data; - } + if (is_array($data)) { + $this -> values = array_merge($this -> values, $data); + } + else { + $this -> values[] = $data; + } } - /** - * Test si l'élément est éditable - * - * Cette méthode test si l'élément est éditable - * - * @retval boolean - */ - function isFreeze(){ - return $this -> _freeze; - } + /** + * Test si l'élément est éditable + * + * Cette méthode test si l'élément est éditable + * + * @retval boolean + */ + function isFreeze(){ + return $this -> _freeze; + } /* * Freeze l'élément @@ -119,7 +119,7 @@ class LSformElement { * @retval void */ function freeze() { - $this -> _freeze = true; + $this -> _freeze = true; } /* @@ -130,109 +130,109 @@ class LSformElement { * @retval void */ function setRequired($isRequired=true) { - $this -> _required = $isRequired; + $this -> _required = $isRequired; } - /* - * Test si l'élément est requis - * - * Cette méthode test si l'élément est requis - * - * @retval boolean - */ - function isRequired(){ - return $this -> _required; - } + /* + * Test si l'élément est requis + * + * Cette méthode test si l'élément est requis + * + * @retval boolean + */ + function isRequired(){ + return $this -> _required; + } - /** - * Affiche le label de l'élement - * - * @retval void - */ - function displayLabel() { - if ($this -> isRequired()) { - $required=" *"; - } - else { - $required=""; - } - echo "\t\t".$this -> getLabel()."$required\n"; - } + /** + * Affiche le label de l'élement + * + * @retval void + */ + function displayLabel() { + if ($this -> isRequired()) { + $required=" *"; + } + else { + $required=""; + } + echo "\t\t".$this -> getLabel()."$required\n"; + } - /** - * Retourne le label de l'élement - * - * @retval void - */ - function getLabelInfos() { - if ($this -> isRequired()) { - $return['required']=true; - } - $return['label'] = $this -> getLabel(); - return $return; - } + /** + * Retourne le label de l'élement + * + * @retval void + */ + function getLabelInfos() { + if ($this -> isRequired()) { + $return['required']=true; + } + $return['label'] = $this -> getLabel(); + return $return; + } - /** - * Recupère la valeur de l'élement passée en POST - * - * Cette méthode vérifie la présence en POST de la valeur de l'élément et la récupère - * pour la mettre dans le tableau passer en paramètre avec en clef le nom de l'élément - * - * @param[] array Pointeur sur le tableau qui recupèrera la valeur. - * - * @retval boolean true si la valeur est présente en POST, false sinon - */ - function getPostData(&$return) { - if($this -> params['form'][$this -> form -> idForm] != 1) { - return true; - } - if (isset($_POST[$this -> name])) { - if(!is_array($_POST[$this -> name])) { - $_POST[$this -> name] = array($_POST[$this -> name]); - } - foreach($_POST[$this -> name] as $key => $val) { - $return[$this -> name][$key] = $val; - } - return true; - } - else { - $return[$this -> name] = array(); - return true; - } - } + /** + * Recupère la valeur de l'élement passée en POST + * + * Cette méthode vérifie la présence en POST de la valeur de l'élément et la récupère + * pour la mettre dans le tableau passer en paramètre avec en clef le nom de l'élément + * + * @param[] array Pointeur sur le tableau qui recupèrera la valeur. + * + * @retval boolean true si la valeur est présente en POST, false sinon + */ + function getPostData(&$return) { + if($this -> isFreeze()) { + return true; + } + if (isset($_POST[$this -> name])) { + if(!is_array($_POST[$this -> name])) { + $_POST[$this -> name] = array($_POST[$this -> name]); + } + foreach($_POST[$this -> name] as $key => $val) { + $return[$this -> name][$key] = $val; + } + return true; + } + else { + $return[$this -> name] = array(); + return true; + } + } - /** - * Retourne le label de l'élement - * - * Retourne $this -> label, ou $this -> params['label'], ou $this -> name - * - * @retval string Le label de l'élément - */ - function getLabel() { - if ($this -> label != "") { - return $this -> label; - } - else if ($this -> params['label']) { - return $this -> params['label']; - } - else { - return $this -> name; - } - } + /** + * Retourne le label de l'élement + * + * Retourne $this -> label, ou $this -> params['label'], ou $this -> name + * + * @retval string Le label de l'élément + */ + function getLabel() { + if ($this -> label != "") { + return $this -> label; + } + else if ($this -> params['label']) { + return $this -> params['label']; + } + else { + return $this -> name; + } + } - /** - * Retourne l'HTML pour les boutons d'ajout et de suppression de champs du formulaire LSform - * - * @retval string Le code HTML des boutons - */ - function getMultipleData() { - if ($this -> params['multiple'] == true ) { - return ""._("._("; - } - else { - return ''; - } - } + /** + * Retourne l'HTML pour les boutons d'ajout et de suppression de champs du formulaire LSform + * + * @retval string Le code HTML des boutons + */ + function getMultipleData() { + if ($this -> params['multiple'] == true ) { + return ""._("._("; + } + else { + return ''; + } + } } ?> diff --git a/trunk/includes/class/class.LSformElement_password.php b/trunk/includes/class/class.LSformElement_password.php index 51b1b126..34523068 100644 --- a/trunk/includes/class/class.LSformElement_password.php +++ b/trunk/includes/class/class.LSformElement_password.php @@ -32,7 +32,7 @@ class LSformElement_password extends LSformElement { - /** + /** * Recupère la valeur de l'élement passée en POST * * Cette méthode vérifie la présence en POST de la valeur de l'élément et la récupère @@ -43,17 +43,17 @@ class LSformElement_password extends LSformElement { * @retval boolean true si la valeur est présente en POST, false sinon */ function getPostData(&$return) { - // Récupère la valeur dans _POST, et les vérifie avec la fonction générale - $retval = parent :: getPostData($return); - // Si une valeur est recupérée + // Récupère la valeur dans _POST, et les vérifie avec la fonction générale + $retval = parent :: getPostData($return); + // Si une valeur est recupérée if ($retval) { - $val = $this -> form -> ldapObject -> attrs[$this -> name] -> getValue(); - if( (empty($return[$this -> name][0]) ) && ( ! empty( $val ) ) ) { - unset($return[$this -> name]); - $this -> form -> _notUpdate[$this -> name] == true; - return true; - } - } + $val = $this -> form -> ldapObject -> attrs[$this -> name] -> getValue(); + if( (empty($return[$this -> name][0]) ) && ( ! empty( $val ) ) ) { + unset($return[$this -> name]); + $this -> form -> _notUpdate[$this -> name] == true; + return true; + } + } return $retval; } @@ -64,22 +64,25 @@ class LSformElement_password extends LSformElement { * * @retval array */ - function getDisplay(){ - $return = $this -> getLabelInfos(); - if (!$this -> isFreeze()) { - $return['html'] = "\n* "._('Modification uniquement')."."; - } - else { - if (empty($this -> values)) { - $return['html'] = _('Aucunes valeur definie'); - } - else { - $return['html'] = "********"; - } + function getDisplay(){ + $return = $this -> getLabelInfos(); + if (!$this -> isFreeze()) { + $return['html'] = "\n"; + if (!empty($this -> values)) { + $return['html'] .= "* "._('Modification uniquement')."."; + } + } + else { + if (empty($this -> values)) { + $return['html'] = _('Aucunes valeur definie'); + } + else { + $return['html'] = "********"; + } - } - return $return; - } + } + return $return; + } } - + ?> diff --git a/trunk/includes/class/class.LSformElement_select.php b/trunk/includes/class/class.LSformElement_select.php index 65895b90..bb7502c6 100644 --- a/trunk/includes/class/class.LSformElement_select.php +++ b/trunk/includes/class/class.LSformElement_select.php @@ -50,7 +50,7 @@ class LSformElement_select extends LSformElement { $multiple_tag='multiple'; } - $return['html'] = "\n"; foreach ($this -> params['text_possible_values'] as $choice_value => $choice_text) { if (in_array($choice_value, $this -> values)) { $selected=' selected'; diff --git a/trunk/includes/class/class.LSldap.php b/trunk/includes/class/class.LSldap.php index 66618e5c..767fc05d 100644 --- a/trunk/includes/class/class.LSldap.php +++ b/trunk/includes/class/class.LSldap.php @@ -212,13 +212,13 @@ class LSldap { * @retval boolean true si l'objet a bien été mis à jour, false sinon */ function update($object_type,$dn,$change) { - debug($change); + debug($change); if($entry=$this -> getEntry($object_type,$dn)) { $entry -> replace($change); $ret = $entry -> update(); if (Net_Ldap::isError($ret)) { $GLOBALS['LSerror'] -> addErrorCode(5,$dn); - debug('NetLdap-Error : '.$ret->getMessage()); + debug('NetLdap-Error : '.$ret->getMessage()); } else { return true; @@ -234,16 +234,16 @@ class LSldap { * Test de bind * * Cette methode établie une connexion à l'annuaire Ldap et test un bind - * avec un login et un mot de passe passé en paramètre + * avec un login et un mot de passe passé en paramètre * * @author Benjamin Renard * * @retval boolean true si la connection à réussi, false sinon */ function checkBind($dn,$pwd) { - $config = $this -> config; - $config['binddn'] = $dn; - $config['bindpw'] = $pwd; + $config = $this -> config; + $config['binddn'] = $dn; + $config['bindpw'] = $pwd; $cnx = Net_LDAP::connect($config); if (Net_LDAP::isError($cnx)) { return; @@ -251,14 +251,25 @@ class LSldap { return true; } - /** - * Retourne l'état de la connexion Ldap - * - * @retval boolean True si le serveur est connecté, false sinon. - */ - function isConnected() { - return ($this -> cnx == NULL)?false:true; - } + /** + * Retourne l'état de la connexion Ldap + * + * @retval boolean True si le serveur est connecté, false sinon. + */ + function isConnected() { + return ($this -> cnx == NULL)?false:true; + } + + /** + * Supprime un objet de l'annuaire + * + * @param[in] string DN de l'objet à supprimer + * + * @retval boolean True si l'objet à été supprimé, false sinon + */ + function remove($dn) { + return $this -> cnx -> delete($dn); + } } diff --git a/trunk/includes/class/class.LSldapObject.php b/trunk/includes/class/class.LSldapObject.php index 399be385..4b8089af 100644 --- a/trunk/includes/class/class.LSldapObject.php +++ b/trunk/includes/class/class.LSldapObject.php @@ -87,13 +87,16 @@ class LSldapObject { * @retval boolean true si la chargement a réussi, false sinon. */ function loadData($dn) { - $this -> dn = $dn; - $data = $GLOBALS['LSldap'] -> getAttrs($dn); + $this -> dn = $dn; + $data = $GLOBALS['LSldap'] -> getAttrs($dn); + if(!empty($data)) { foreach($this -> attrs as $attr_name => $attr) { if(!$this -> attrs[$attr_name] -> loadData($data[$attr_name])) return; } return true; + } + return; } /** @@ -166,21 +169,39 @@ class LSldapObject { * et de chaque attribut. * * @param[in] $idForm [required] Identifiant du formulaire a créer - * @param[in] $config Configuration spécifique pour le formulaire + * @param[in] $load DN d'un objet similaire dont la valeur des attribut doit être chargé dans le formulaire. * * @author Benjamin Renard * * @retval LSform Le formulaire crée */ - function getForm($idForm,$config=array()) { + function getForm($idForm,$load=NULL) { $GLOBALS['LSsession'] -> loadLSclass('LSform'); $LSform = new LSform($this,$idForm); - $this -> forms[$idForm] = array($LSform,$config); - foreach($this -> attrs as $attr_name => $attr) { - if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this)) { - $LSform -> can_validate = false; + $this -> forms[$idForm] = array($LSform,$load); + + if ($load) { + $type = $this -> getType(); + $loadObject = new $type(); + if (!$loadObject -> loadData($load)) { + $load=false; } } + + if ($load) { + foreach($this -> attrs as $attr_name => $attr) { + if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this,$loadObject -> getValue($attr_name))) { + $LSform -> can_validate = false; + } + } + } + else { + foreach($this -> attrs as $attr_name => $attr) { + if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this)) { + $LSform -> can_validate = false; + } + } + } return $LSform; } @@ -261,7 +282,7 @@ class LSldapObject { } else { $GLOBALS['LSerror'] -> addErrorCode(23,$this -> type_name); - $GLOBALS['LSerror'] -> stop(); + return; } } $new_data = $LSform -> exportValues(); @@ -276,12 +297,12 @@ class LSldapObject { if(function_exists($this -> config['before_save'])) { if(!$this -> config['before_save']($this)) { $GLOBALS['LSerror'] -> addErrorCode(28,$this -> config['before_save']); - $GLOBALS['LSerror'] -> stop(); + return; } } else { $GLOBALS['LSerror'] -> addErrorCode(27,$this -> config['before_save']); - $GLOBALS['LSerror'] -> stop(); + return; } } if ($this -> submitChange($idForm)) { @@ -290,16 +311,25 @@ class LSldapObject { $this -> reloadData(); $this -> refreshForm($idForm); } + else { + return; + } if((isset($this -> config['after_save']))&&(!$this -> submitError)) { if(function_exists($this -> config['after_save'])) { if(!$this -> config['after_save']($this)) { $GLOBALS['LSerror'] -> addErrorCode(30,$this -> config['after_save']); + return; } } else { $GLOBALS['LSerror'] -> addErrorCode(29,$this -> config['after_save']); + return; } } + return true; + } + else { + return; } } @@ -478,6 +508,7 @@ class LSldapObject { if(!empty($submitData)) { $dn=$this -> getDn(); if($dn) { + $this -> dn=$dn; debug($submitData); return $GLOBALS['LSldap'] -> update($this -> type_name,$dn, $submitData); } @@ -486,6 +517,9 @@ class LSldapObject { return; } } + else { + return true; + } } /** @@ -848,24 +882,35 @@ class LSldapObject { return $this -> type_name; } + /** + * Retourne qui est l'utilisateur par rapport à cet object + * + * @retval string 'admin'/'self'/'user' pour Admin , l'utilisateur lui même ou un simple utilisateur + */ function whoami() { if (!$this -> _whoami) $this -> _whoami = $GLOBALS['LSsession'] -> whoami($this -> dn); return $this -> _whoami; } + /** + * Retourne le label de l'objet + * + * @retval string Le label de l'objet ($this -> config['label']) + */ function getLabel() { return $this -> config['label']; } - - function __sleep() { - return ( array_keys( get_object_vars( &$this ) ) ); - } - function __wakeup() { - return true; + + /** + * Supprime l'objet dans l'annuaire + * + * @retval boolean True si l'objet à été supprimé, false sinon + */ + function remove() { + return $GLOBALS['LSldap'] -> remove($this -> getDn()); } - } ?> diff --git a/trunk/includes/class/class.LSsession.php b/trunk/includes/class/class.LSsession.php index 9a89f005..cafe86cd 100644 --- a/trunk/includes/class/class.LSsession.php +++ b/trunk/includes/class/class.LSsession.php @@ -240,10 +240,10 @@ class LSsession { if (!$this -> LSldapConnect()) return; $this -> loadLSrights(); - $this -> loadLSaccess(); } $this -> LSuserObject = new $this -> ldapServer['authobject'](); $this -> LSuserObject -> loadData($this -> dn); + $this -> loadLSaccess(); $GLOBALS['Smarty'] -> assign('LSsession_username',$this -> LSuserObject -> getDisplayValue()); return true; @@ -589,16 +589,25 @@ class LSsession { } } + /** + * Charge les droits d'accès de l'utilisateur pour construire le menu de l'interface + * + * @retval void + */ function loadLSaccess() { - $LSaccess = array( - 'SELF' => array( - 'label' => _('Mon compte'), - 'DNs' => $this -> dn - ) - ); + if ($this -> canAccess($this -> LSuserObject -> getType(),$this -> dn)) { + $LSaccess = array( + 'SELF' => array( + 'label' => _('Mon compte'), + 'DNs' => $this -> dn + ) + ); + } + else { + $LSaccess = array(); + } foreach ($GLOBALS['LSobjects'] as $objecttype => $objectconf) { - $objectdn = $objectconf['container_dn'].','.$this -> topDn; - if ($this -> isAdmin($objectdn) ) { + if ($this -> canAccess($objecttype) ) { $LSaccess[$objecttype] = array ( 'label' => $objectconf['label'], 'Dns' => 'All' @@ -608,6 +617,13 @@ class LSsession { $this -> LSaccess = $LSaccess; } + /** + * Dit si l'utilisateur est admin de le DN spécifié + * + * @param[in] string DN de l'objet + * + * @retval boolean True si l'utilisateur est admin sur l'objet, false sinon. + */ function isAdmin($dn) { foreach($this -> LSrights['topDn_admin'] as $topDn_admin) { if($dn == $topDn_admin) { @@ -620,6 +636,13 @@ class LSsession { return; } + /** + * Retourne qui est l'utilisateur par rapport à l'object + * + * @param[in] string Le DN de l'objet + * + * @retval string 'admin'/'self'/'user' pour Admin , l'utilisateur lui même ou un simple utilisateur + */ function whoami($dn) { if ($this -> isAdmin($dn)) { return 'admin'; @@ -632,15 +655,51 @@ class LSsession { return 'user'; } - function canAccess($LSobject,$dn=NULL,$right=NULL) { + /** + * Retourne le droit de l'utilisateur à accèder à un objet + * + * @param[in] string $LSobject Le type de l'objet + * @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut) + * @param[in] string $right Le type de droit d'accès à tester ('r'/'w') + * @param[in] string $attr Le nom de l'attribut auquel on test l'accès + * + * @retval boolean True si l'utilisateur a accès, false sinon + */ + function canAccess($LSobject,$dn=NULL,$right=NULL,$attr=NULL) { if (!$this -> loadLSobject($LSobject)) return; if ($dn) { $whoami = $this -> whoami($dn); } else { - $whoami = 'user'; + $objectdn=$GLOBALS['LSobjects'][$LSobject]['container_dn'].','.$this -> topDn; + $whoami = $this -> whoami($objectdn); } + + // Pour un attribut particulier + if ($attr) { + if ($attr=='rdn') { + $attr=$GLOBALS['LSobjects'][$LSobject]['rdn']; + } + if (!isset($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr])) { + return; + } + + if (($right=='r')||($right=='w')) { + if ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]==$right) { + return true; + } + return; + } + else { + if ( ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]=='r') || ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]=='w') ) { + return true; + } + return; + } + } + + // Pour un attribut quelconque if (is_array($GLOBALS['LSobjects'][$LSobject]['attrs'])) { if (($right=='r')||($right=='w')) { foreach ($GLOBALS['LSobjects'][$LSobject]['attrs'] as $attr_name => $attr_config) { @@ -660,17 +719,42 @@ class LSsession { return; } - function canEdit($LSobject,$dn=NULL) { - return $this -> canAccess($LSobject,$dn,'w'); + /** + * Retourne le droit de l'utilisateur à editer à un objet + * + * @param[in] string $LSobject Le type de l'objet + * @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut) + * @param[in] string $attr Le nom de l'attribut auquel on test l'accès + * + * @retval boolean True si l'utilisateur a accès, false sinon + */ + function canEdit($LSobject,$dn=NULL,$attr=NULL) { + return $this -> canAccess($LSobject,$dn,'w',$attr); + } + + /** + * Retourne le droit de l'utilisateur à supprimer un objet + * + * @param[in] string $LSobject Le type de l'objet + * @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut) + * + * @retval boolean True si l'utilisateur a accès, false sinon + */ + function canRemove($LSobject,$dn) { + return $this -> canAccess($LSobject,$dn,'w','rdn'); } - function __sleep() { - return ( array_keys( get_object_vars( &$this ) ) ); - } - - function __wakeup() { - return true; + /** + * Retourne le droit de l'utilisateur à créer un objet + * + * @param[in] string $LSobject Le type de l'objet + * + * @retval boolean True si l'utilisateur a accès, false sinon + */ + function canCreate($LSobject) { + return $this -> canAccess($LSobject,NULL,'w','rdn'); } + } ?> diff --git a/trunk/lsexample/ls.schema b/trunk/lsexample/ls.schema new file mode 100644 index 00000000..452f74a3 --- /dev/null +++ b/trunk/lsexample/ls.schema @@ -0,0 +1,175 @@ +# Easter-eggs OID: 1.3.6.1.4.1.10650 +# 1.3.6.1.4.1.10650.2 LDAP OID +# 1.3.6.1.4.1.10650.3 Customers OID +# +# 1.3.6.1.4.1.10650.2.1 Ldap Attributes +# 1.3.6.1.4.1.10650.2.1.1 Admin sys Ldap Attributes +# 1.3.6.1.4.1.10650.2.1.2 Dev Ldap Attributes +# 1.3.6.1.4.1.10650.2.1.3 Global Attributes +# 1.3.6.1.4.1.10650.2.2 Ldap Objectclass +# 1.3.6.1.4.1.10650.2.2.1 Admin sys Ldap Objectclass +# 1.3.6.1.4.1.10650.2.2.2 Dev Ldap Objectclass +# 1.3.6.1.4.1.10650.2.2.3 Global OC + +# Ost +# 1.3.6.1.4.1.10650.3.1127.2.1 Ldap attributes +# 1.3.6.1.4.1.10650.3.1127.2.2 Ldap OC + + +# +attributetype (1.3.6.1.4.1.10650.2.1.1.1 + NAME 'eeallowedservices' + DESC 'List of allowed services' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# + +# +attributetype ( 1.3.6.1.4.1.7914.1.2.1.4 NAME 'mailAlternateAddress' + SUBSTR caseIgnoreSubstringsMatch + DESC 'Secondary (alias) mailaddresses for the same user' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.7914.1.2.1.7 NAME 'mailForwardingAddress' + DESC 'Address(es) to forward all incoming messages to.' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# + +# +attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox' + DESC 'The absolute path to the mailbox for a mail account in a non-default location' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + + +attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop' + DESC 'RFC822 Mailbox - mail alias' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# + +# +attributetype ( 1.3.6.1.4.1.7914.1.2.1.5 NAME 'mailQuota' + DESC 'The amount of space the user can use until all further messages get bounced.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 + SINGLE-VALUE ) +# + +# +# Original +#attributetype ( 1.3.6.1.4.1.11048.1.1.1.1 +# NAME 'vacationActive' +# SINGLE-VALUE +# EQUALITY booleanMatch +# DESC 'A flag, for marking the user as being away' +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) + +# Ee +attributetype ( 1.3.6.1.4.1.11048.1.1.1.1 + NAME 'vacationActive' + SINGLE-VALUE + DESC 'Equal to uid@autoreponse.foo.bar, for marking the user as being away' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 1.3.6.1.4.1.11048.1.1.1.3 + NAME 'vacationInfo' + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + DESC 'Absentee note to leave behind, while on vacation' + EQUALITY octetStringMatch ) + +attributetype ( 1.3.6.1.4.1.11048.1.1.1.4 + NAME 'vacationStart' + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + DESC 'Beginning of vacation' + EQUALITY octetStringMatch ) + +# Original +#attributetype ( 1.3.6.1.4.1.11048.1.1.1.5 +# NAME 'vacationEnd' +# SINGLE-VALUE +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 +# DESC 'End of vacation' +# EQUALITY octetStringMatch ) + +# Ee +attributetype ( 1.3.6.1.4.1.11048.1.1.1.5 + NAME 'vacationEnd' + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + DESC 'End of vacation' + ORDERING generalizedTimeOrderingMatch + EQUALITY generalizedTimeMatch ) + +attributetype (1.3.6.1.4.1.11048.1.1.1.10 + NAME 'vacationForward' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} + DESC 'Where to forward mails to, while on vacation' ) + +# + +## Objectclasses +# LS people +objectclass (1.3.6.1.4.1.10650.3.1127.2.2.1 + NAME 'lspeople' + DESC 'LS people Objectclass' + STRUCTURAL + MUST ( uid $ cn ) + MAY ( jpegPhoto $ sn $ givenName $ postalAddress $ postalCode $ l $ st $ c $ telephoneNumber $ mobile $ fax $ mail $ mailalternateaddress $ personalTitle $ description $ userPassword $ eeallowedservices $ mailforwardingaddress $ maildrop $ mailquota $ mailbox $ vacationActive $ vacationInfo $ vacationEnd $ vacationForward )) + +# LS Alias +objectclass (1.3.6.1.4.1.10650.3.1127.2.2.2 + NAME 'lsalias' + DESC 'LS alias Objectclass' + STRUCTURAL + MUST ( mail $ maildrop ) + MAY ( mailalternateaddress $ description )) + +# LS group +objectclass (1.3.6.1.4.1.10650.3.1127.2.2.3 + NAME 'lsgroup' + DESC 'LS group Objectclass' + STRUCTURAL + MUST ( cn ) + MAY ( uniquemember $ description )) + +# LS system account +objectclass (1.3.6.1.4.1.10650.3.1127.2.2.4 + NAME 'lssysaccount' + DESC 'LS system account Objectclass' + STRUCTURAL + MUST ( uid ) + MAY (userpassword $ description)) + +# Ost mailbox +objectclass (1.3.6.1.4.1.10650.3.1127.2.2.5 + NAME 'lsmailbox' + DESC 'LS custom mailbox Objectclass' + STRUCTURAL + MUST ( uid ) + MAY ( userPassword $ description $ eeallowedservices $ maildrop $ mailbox $ mail $ mailalternateaddress $ mailforwardingaddress $ mailquota )) + +# Ost computer +objectclass (1.3.6.1.4.1.10650.3.1127.2.2.6 + NAME 'lscomputer' + DESC 'LS computer Objectclass' + STRUCTURAL + MUST ( uid )) + +# Ost samba domains +objectclass (1.3.6.1.4.1.10650.3.1127.2.2.8 + NAME 'lssambadomain' + DESC 'LS samba domain Objectclass' + STRUCTURAL) + diff --git a/trunk/lsexample/lsexample.ldif b/trunk/lsexample/lsexample.ldif new file mode 100644 index 00000000..05fb9f00 --- /dev/null +++ b/trunk/lsexample/lsexample.ldif @@ -0,0 +1,604 @@ +dn: o=ls +objectClass: top +objectClass: organization +o: ls +structuralObjectClass: organization +entryUUID: 2229e388-825b-1029-838c-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111624Z +modifyTimestamp: 20050706111624Z +entryCSN: 20050706111624.000000Z#000001#000#000000 + +dn: ou=sysaccounts,o=ls +objectClass: top +objectClass: organizationalUnit +ou: sysaccounts +structuralObjectClass: organizationalUnit +entryUUID: 2238a738-825b-1029-838d-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111624Z +modifyTimestamp: 20050706111624Z +entryCSN: 20050706111624.000000Z#000002#000#000000 + +dn: ou=people,o=ls +objectClass: top +objectClass: organizationalUnit +ou: people +structuralObjectClass: organizationalUnit +entryUUID: 223b67e8-825b-1029-838e-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111624Z +modifyTimestamp: 20050706111624Z +entryCSN: 20050706111624.000000Z#000003#000#000000 + +dn: ou=mailboxes,o=ls +objectClass: top +objectClass: organizationalUnit +ou: mailboxes +structuralObjectClass: organizationalUnit +entryUUID: 2240f622-825b-1029-8390-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111624Z +modifyTimestamp: 20050706111624Z +entryCSN: 20050706111624.000000Z#000005#000#000000 + +dn: ou=aliases,o=ls +objectClass: top +objectClass: organizationalUnit +ou: aliases +structuralObjectClass: organizationalUnit +entryUUID: 2243b88a-825b-1029-8391-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111624Z +modifyTimestamp: 20050706111624Z +entryCSN: 20050706111624.000000Z#000006#000#000000 + +dn: ou=computers,o=ls +objectClass: top +objectClass: organizationalUnit +ou: computers +structuralObjectClass: organizationalUnit +entryUUID: 22468588-825b-1029-8392-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111624Z +modifyTimestamp: 20050706111624Z +entryCSN: 20050706111624.000000Z#000007#000#000000 + +dn: ou=sambadomains,o=ls +objectClass: top +objectClass: organizationalUnit +ou: sambadomains +structuralObjectClass: organizationalUnit +entryUUID: 224cf30a-825b-1029-8394-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111624Z +modifyTimestamp: 20050706111624Z +entryCSN: 20050706111624.000000Z#000009#000#000000 + +dn: sambaDomainName=LS_NT,ou=sambadomains,o=ls +objectClass: top +objectClass: lssambadomain +objectClass: sambaDomain +sambaDomainName: LS_NT +sambaSID: S-1-5-21-2421470416-3566881284-3047381809 +structuralObjectClass: lssambadomain +entryUUID: 2250d4ac-825b-1029-8395-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111624Z +modifyTimestamp: 20050706111624Z +entryCSN: 20050706111624.000000Z#00000a#000#000000 + +dn: ou=groups,o=ls +objectClass: top +objectClass: organizationalUnit +ou: groups +structuralObjectClass: organizationalUnit +entryUUID: 224947d2-825b-1029-8393-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111624Z +modifyTimestamp: 20050706111624Z +entryCSN: 20050706111624.000000Z#000008#000#000000 + +dn: cn=adminldap,ou=groups,o=ls +objectClass: top +objectClass: lsgroup +objectClass: posixGroup +objectClass: sambaGroupMapping +cn: adminldap +gidNumber: 70000 +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-70000 +sambaGroupType: 2 +structuralObjectClass: lsgroup +entryUUID: 226bb240-825b-1029-8396-b10e837060e0 +creatorsName: cn=anonymous +createTimestamp: 20050706111625Z +uniqueMember: uid=eeggs,ou=people,o=ls +entryCSN: 20080211142717.746402Z#000000#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20080211142717Z + +dn: uid=mail,ou=sysaccounts,o=ls +objectClass: top +objectClass: lssysaccount +uid: mail +structuralObjectClass: lssysaccount +userPassword: toto +entryUUID: 22958d72-825b-1029-839c-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111625Z +modifyTimestamp: 20050706111625Z +entryCSN: 20050706111625.000000Z#000007#000#000000 + +dn: uid=ftp,ou=sysaccounts,o=ls +objectClass: top +objectClass: lssysaccount +uid: ftp +structuralObjectClass: lssysaccount +userPassword: toto +entryUUID: 22a46608-825b-1029-839d-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111625Z +modifyTimestamp: 20050706111625Z +entryCSN: 20050706111625.000000Z#000008#000#000000 + +dn: uid=http,ou=sysaccounts,o=ls +objectClass: top +objectClass: lssysaccount +uid: http +structuralObjectClass: lssysaccount +userPassword: toto +entryUUID: 22a7274e-825b-1029-839e-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111625Z +modifyTimestamp: 20050706111625Z +entryCSN: 20050706111625.000000Z#000009#000#000000 + +dn: uid=samba,ou=sysaccounts,o=ls +objectClass: top +objectClass: lssysaccount +uid: samba +structuralObjectClass: lssysaccount +entryUUID: 22a9f44c-825b-1029-839f-b10e837060e0 +creatorsName: cn=anonymous +createTimestamp: 20050706111625Z +userPassword: toto +entryCSN: 20050706115506.000000Z#000001#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20050706115506Z + +dn: uid=ldapsaisie,ou=sysaccounts,o=ls +objectClass: top +objectClass: lssysaccount +uid: ldapsaisie +structuralObjectClass: lssysaccount +userPassword: toto +entryUUID: 22acb6aa-825b-1029-83a0-b10e837060e0 +creatorsName: cn=anonymous +modifiersName: cn=anonymous +createTimestamp: 20050706111625Z +modifyTimestamp: 20050706111625Z +entryCSN: 20050706111625.000000Z#00000b#000#000000 + +dn: uid=nss,ou=sysaccounts,o=ls +objectClass: top +objectClass: lssysaccount +uid: nss +structuralObjectClass: lssysaccount +entryUUID: 22b06d40-825b-1029-83a1-b10e837060e0 +creatorsName: cn=anonymous +createTimestamp: 20050706111625Z +userPassword: toto +entryCSN: 20050706115152.000000Z#000001#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20050706115152Z + +dn: uid=eeggs,ou=people,o=ls +objectClass: top +objectClass: lspeople +objectClass: posixAccount +objectClass: sambaSamAccount +uid: eeggs +uidNumber: 100000 +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-201000 +structuralObjectClass: lspeople +entryUUID: 22b70a42-825b-1029-83a3-b10e837060e0 +creatorsName: cn=anonymous +createTimestamp: 20050706111625Z +gidNumber: 102009 +mail: eeggs@ldapsaisie.biz +facsimileTelephoneNumber: 030000000 +vacationInfo: Je suis absent pour le moment +vacationEnd: 20070101000000Z +vacationForward: brenard@easter-eggs.com +eeallowedservices: MAIL +eeallowedservices: FTP +description: Utilisateur test Easter-eggs +cn: Easter Eggs +sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205019 +mailbox: eeggs/ +personalTitle: M. +userPassword: toto +sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE +sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0 +mailQuota: 5 +homeDirectory: /home/eeggs +loginShell: /bin/false +givenName: Easter +maildrop: eeggs@ldapsaisie.biz +vacationActive: +sn: Eggs +entryCSN: 20080211134602.394624Z#000000#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20080211134602Z + +dn: uid=invite,ou=people,o=ls +objectClass: top +objectClass: lspeople +objectClass: posixAccount +objectClass: sambaSamAccount +uid: invite +cn: Utilisateur de passage +givenName: Utilisateur +sn: de passage +homeDirectory: /home/invite +loginShell: /bin/false +uidNumber: 101012 +gidNumber: 101009 +userPassword: toto +sambaAcctFlags: [U ] +sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-203019 +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203024 +mailbox: invite/ +mailQuota: 52428800 +eeallowedservices: MAIL +eeallowedservices: SAMBA +eeallowedservices: FTP +mail: invite@ldapsaisie.biz +maildrop: invite@ldapsaisie.biz +structuralObjectClass: lspeople +entryUUID: 233dd144-825b-1029-9a9d-8f6e2b792dd2 +creatorsName: cn=anonymous +createTimestamp: 20050706111626Z +sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX +entryCSN: 20050706133832.000000Z#000008#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20050706133832Z + +dn: uid=hmartin,ou=people,o=ls +objectClass: top +objectClass: lspeople +objectClass: posixAccount +objectClass: sambaSamAccount +uid: hmartin +homeDirectory: /home/com +loginShell: /bin/false +uidNumber: 101022 +sambaAcctFlags: [U ] +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203044 +structuralObjectClass: lspeople +entryUUID: 234393a4-825b-1029-9a9f-8f6e2b792dd2 +creatorsName: cn=anonymous +createTimestamp: 20050706111626Z +givenName: Henri +sn: MARTIN +gidNumber: 102001 +mail: henri.martin@ldapsaisie.biz +maildrop: henri.martin@ldapsaisie.biz +mailAlternateAddress: hmartin@ldapsaisie.biz +vacationEnd: 20060101000000Z +mailQuota: 52428800 +eeallowedservices: MAIL +eeallowedservices: SAMBA +eeallowedservices: FTP +cn: Henri MARTIN +sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003 +mailbox: hmartin/ +personalTitle: M. +userPassword: toto +sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE +sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0 +entryCSN: 20080211164417.161923Z#000000#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20080211164417Z + +dn: uid=secretariat,ou=people,o=ls +objectClass: top +objectClass: lspeople +objectClass: posixAccount +objectClass: sambaSamAccount +uid: secretariat +homeDirectory: /home/secretariat +loginShell: /bin/false +uidNumber: 101036 +userPassword: toto +sambaAcctFlags: [U ] +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203072 +structuralObjectClass: lspeople +entryUUID: 239920bc-825b-1029-9abb-8f6e2b792dd2 +creatorsName: cn=anonymous +createTimestamp: 20050706111627Z +sambaNTPassword: 8DB716B655D71DF6BD056A41B22B9EA9 +sambaLMPassword: 6CE56DC112C920EF0F5E44C88BF9DC39 +givenName: Secretariat +sn: Secretariat +gidNumber: 70513 +mail: secretariat@ldapsaisie.biz +maildrop: secretariat@ldapsaisie.biz +vacationEnd: 20050101000000Z +mailQuota: 52428800 +eeallowedservices: MAIL +eeallowedservices: SAMBA +eeallowedservices: FTP +cn: Secretariat Secretariat +mailbox: secretariat/ +sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-513 +entryCSN: 20050706144306.000000Z#000001#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20050706144306Z + +dn: uid=ls,ou=people,o=ls +objectClass: top +objectClass: lspeople +objectClass: posixAccount +objectClass: sambaSamAccount +uid: ls +homeDirectory: /home/ls +loginShell: /bin/false +uidNumber: 101068 +userPassword: toto +sambaAcctFlags: [U ] +sambaLMPassword: 6E72264E11F708C0AAD3B435B51404EE +sambaNTPassword: 8D9B9B87EE8C0423691F4F0E00C5BDE1 +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203136 +structuralObjectClass: lspeople +entryUUID: 23afa346-825b-1029-9ac3-8f6e2b792dd2 +creatorsName: cn=anonymous +createTimestamp: 20050706111627Z +givenName: _ +sn: LdapSaisie +gidNumber: 102001 +mail: ls@ldapsaisie.biz +maildrop: ls@ldapsaisie.biz +vacationEnd: 20060101000000Z +mailQuota: 52428800 +eeallowedservices: MAIL +eeallowedservices: SAMBA +eeallowedservices: FTP +cn: LS +sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003 +mailbox: ls/ +entryCSN: 20061212145541.000000Z#000001#000#000000 +modifiersName: uid=catbo,ou=people,o=ls +modifyTimestamp: 20061212145541Z + +dn: cn=invite,ou=groups,o=ls +objectClass: top +objectClass: lsgroup +objectClass: posixGroup +objectClass: sambaGroupMapping +cn: invite +gidNumber: 101009 +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203019 +sambaGroupType: 2 +structuralObjectClass: lsgroup +entryUUID: 2425636a-825b-1029-9ae1-8f6e2b792dd2 +creatorsName: cn=anonymous +createTimestamp: 20050706111628Z +entryCSN: 20070308165544.000000Z#000000#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20070308165544Z + +dn: cn=ls,ou=groups,o=ls +objectClass: top +objectClass: lsgroup +objectClass: posixGroup +objectClass: sambaGroupMapping +cn: ls +gidNumber: 102001 +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205003 +sambaGroupType: 2 +structuralObjectClass: lsgroup +entryUUID: 242bef1e-825b-1029-9ae3-8f6e2b792dd2 +creatorsName: cn=anonymous +createTimestamp: 20050706111628Z +uniqueMember: uid=secretariat,ou=people,o=ls +entryCSN: 20080211142555.171664Z#000000#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20080211142555Z + +dn: cn=informatique,ou=groups,o=ls +objectClass: top +objectClass: lsgroup +objectClass: posixGroup +objectClass: sambaGroupMapping +gidNumber: 102009 +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205019 +sambaGroupType: 2 +structuralObjectClass: lsgroup +entryUUID: 2438d9d6-825b-1029-9ae7-8f6e2b792dd2 +creatorsName: cn=anonymous +createTimestamp: 20050706111628Z +cn: informatique +uniqueMember: uid=eeggs,ou=people,o=ls +entryCSN: 20070309093000.000000Z#000000#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20070309093000Z + +dn: cn=direction,ou=groups,o=ls +objectClass: top +objectClass: lsgroup +objectClass: posixGroup +objectClass: sambaGroupMapping +cn: direction +gidNumber: 102007 +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205015 +sambaGroupType: 2 +structuralObjectClass: lsgroup +entryUUID: 243f7a34-825b-1029-9ae9-8f6e2b792dd2 +creatorsName: cn=anonymous +createTimestamp: 20050706111628Z +entryCSN: 20070309093009.000000Z#000000#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20070309093009Z + +dn: cn=administratif,ou=groups,o=ls +objectClass: top +objectClass: lsgroup +objectClass: posixGroup +objectClass: sambaGroupMapping +cn: administratif +gidNumber: 102005 +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205011 +sambaGroupType: 2 +structuralObjectClass: lsgroup +entryUUID: 245e0cb0-825b-1029-9af4-8f6e2b792dd2 +creatorsName: cn=anonymous +createTimestamp: 20050706111628Z +entryCSN: 20070308180424.000000Z#000001#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20070308180424Z + +dn: cn=communication,ou=groups,o=ls +objectClass: top +objectClass: lsgroup +objectClass: posixGroup +objectClass: sambaGroupMapping +cn: communication +gidNumber: 102003 +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205007 +sambaGroupType: 2 +structuralObjectClass: lsgroup +entryUUID: 2460db34-825b-1029-9af5-8f6e2b792dd2 +creatorsName: cn=anonymous +createTimestamp: 20050706111628Z +entryCSN: 20070308180413.000000Z#000000#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20070308180413Z + +dn: uid=spam,ou=mailboxes,o=ls +uid: spam +userPassword: toto +mailQuota: 104857600 +eeallowedservices: MAIL +mail: spam@ldapsaisie.biz +maildrop: spam@ldapsaisie.biz +mailbox: spam/ +objectClass: top +objectClass: lsmailbox +structuralObjectClass: lsmailbox +entryUUID: c88b9eb4-8301-1029-9567-dda2c03231d0 +creatorsName: uid=eeggs,ou=people,o=ls +createTimestamp: 20050707070920Z +entryCSN: 20050707070920.000000Z#000001#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20050707070920Z + +dn: uid=virus,ou=mailboxes,o=ls +uid: virus +userPassword: toto +mailbox: virus/ +objectClass: top +objectClass: lsmailbox +structuralObjectClass: lsmailbox +entryUUID: 974dac8c-8303-1029-9569-dda2c03231d0 +creatorsName: uid=eeggs,ou=people,o=ls +createTimestamp: 20050707072216Z +mailQuota: 104857600 +eeallowedservices: MAIL +mail: virus@ldapsaisie.biz +maildrop: virus@ldapsaisie.biz +entryCSN: 20050707072249.000000Z#000001#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20050707072249Z + +dn: uid=gnarwl,ou=sysaccounts,o=ls +objectClass: top +objectClass: lssysaccount +uid: gnarwl +structuralObjectClass: lssysaccount +entryUUID: f55954e0-fdcc-1029-9d72-de06c303d7ef +creatorsName: uid=eeggs,ou=people,o=ls +createTimestamp: 20051210133105Z +userPassword: toto +entryCSN: 20051210133237.000000Z#000001#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20051210133237Z + +dn: mail=informatique@ldapsaisie.biz,ou=aliases,o=ls +objectClass: top +objectClass: lsalias +structuralObjectClass: lsalias +entryUUID: 081e6612-fdd0-1029-9d73-de06c303d7ef +creatorsName: uid=eeggs,ou=people,o=ls +createTimestamp: 20051210135305Z +mail: informatique@ldapsaisie.biz +description: Service Informatique +maildrop: eeggs@ldapsaisie.biz +entryCSN: 20051210141428.000000Z#000001#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20051210141428Z + +dn: uid=erwpa,ou=people,o=ls +uid: erwpa +objectClass: top +objectClass: lspeople +objectClass: posixAccount +objectClass: sambaSamAccount +uidNumber: 101082 +sambaAcctFlags: [U ] +homeDirectory: /home/erwpa +loginShell: /bin/false +sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203164 +structuralObjectClass: lspeople +entryUUID: aa7fcb30-b1a3-102a-875e-dcce935f6f2c +sn: PAGEARD +gidNumber: 102009 +mail: erwan.page@ldapsaisie.biz +maildrop: erwan.page@ldapsaisie.biz +vacationEnd: 20060101000000Z +eeallowedservices: MAIL +eeallowedservices: SAMBA +eeallowedservices: FTP +cn: Erwan PAGE +sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205019 +mailbox: erwpa/ +personalTitle: M. +givenName: Erwan +userPassword: toto +sambaLMPassword: BAC14D04669EE1D1AAD3B435B51404EE +sambaNTPassword: FBBF55D0EF0E34D39593F55C5F2CA5F2 +entryCSN: 20080211170049.821887Z#000000#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20080211170049Z + +dn: cn=test,ou=groups,o=ls +cn: test +description: test BR +objectClass: top +objectClass: lsgroup +objectClass: sambaGroupMapping +objectClass: posixGroup +sambaGroupType: 2 +gidNumber: 102012 +sambaSID: 42 +structuralObjectClass: lsgroup +entryUUID: 91b290d2-6117-102b-9c6f-91889acd20dc +creatorsName: uid=eeggs,ou=people,o=ls +createTimestamp: 20070307164933Z +entryCSN: 20070308165811.000000Z#000000#000#000000 +modifiersName: uid=eeggs,ou=people,o=ls +modifyTimestamp: 20070308165811Z + diff --git a/trunk/lsexample/permissions-ls.conf b/trunk/lsexample/permissions-ls.conf new file mode 100644 index 00000000..25469218 --- /dev/null +++ b/trunk/lsexample/permissions-ls.conf @@ -0,0 +1,208 @@ +## Racine +access to dn.regex="^o=ls$" attrs="entry,children,objectclass" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by users read + by * read + +## Sysaccounts +### Ajout d'entrees par les admins +access to dn.regex="^ou=sysaccounts,o=ls$" attrs="children" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by users read + by * none + +access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs="entry,objectclass" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by users read + by * none + +### Les admins peuvent modifier le mot de passe, les autres peuvent s'en servir pour l'authentification +access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs="userPassword" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by anonymous auth + by * none + +### Les admins peuvent modifier tous les attributs, les autres ne voient rien +access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by * none + +## Aliases +### Ajout d'entrees par les admins +access to dn.regex="^ou=aliases,o=ls$" attrs="children,objectclass" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by * read + +access to dn.regex="^mail=[^,]+,ou=aliases,o=ls$" attrs="entry,objectclass" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by * read + +### Les admins peuvent modifier tous les attributs, tout le monde peut voir +access to dn.regex="^mail=[^,]+,ou=aliases,o=ls$" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by * read + +## Mailboxes +### Ajout d'entrees par les admins +access to dn.regex="^ou=mailboxes,o=ls$" attrs="children,objectclass" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by * read + +access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="entry,objectclass" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by * read + +### Les admins peuvent modifier le mot de passe, les autres peuvent s'en servir pour l'authentification +access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="userPassword" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by anonymous auth + by * none + +### Les admins peuvent modifier ces attributs, l'appli mail le voir, les autres aucun droits +access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="mailbox,mailforwardingaddress" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by dn="uid=mail,ou=sysaccounts,o=ls" read + by * none + +### Les admins peuvent modifier ces attributs, les authentifies peuvent les voir +access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="uid,description,mail,mailalternateaddress,mailquota,eeallowedservices" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by * read + +## Groups +### Ajout d'entrees par les admins +access to dn.regex="^ou=groups,o=ls$" attrs="children,objectclass" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by users read + by * none + +access to dn.regex="^cn=[^,]+,ou=groups,o=ls$" attrs="entry,objectclass" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by users read + by * none + +### Les admins peuvent tout modifier, les authentifies peuvent tout voir +access to dn.regex="^cn=[^,]+,ou=groups,o=ls$" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by users read + by * none + + +## Peoples +### Ajout d'entrees par les admins +access to dn.regex="^ou=people,o=ls$" attrs="children,objectclass" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by users read + by * read + +access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="entry,objectclass" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by users read + by * read + + +### Les admins peuvent modifier le mot de passe, samba le mettre à jour, les autres peuvent s'en servir pour l'authentification +access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="userPassword" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by dn="uid=samba,ou=sysaccounts,o=ls" write + by self write + by anonymous auth + by * none + +### Les admins peuvent modifier ces attributs, l'appli mail les voir, les autres aucun droits +access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="mailbox" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by dn="uid=mail,ou=sysaccounts,o=ls" read + by * none + +### Les admins peuvent modifier ces attributs, les authentifies peuvent les voir +access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="uid,mailquota,eeallowedservices,uidNumber,gidNumber,homeDirectory,loginShell,sambaSID,sambaAcctFlags,sambaPrimaryGroupSID" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by users read + by * none + +### Les admins peuvent modifier ces attributs, le proprio aussi, gnarwl peut les modifier et mail les voir +access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="mailforwardingaddress" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by dn="uid=gnarwl,ou=sysaccounts,o=ls" write + by self write + by dn="uid=mail,ou=sysaccounts,o=ls" read + by * none + +### Les admins peuvent modifier ces attributs, le proprio aussi, les authentifies peuvent les voir, gnarwl peut les modifier +access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="vacationActive" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by dn="uid=gnarwl,ou=sysaccounts,o=ls" write + by self write + by users read + by * none + +### Les admins peuvent modifier ces attributs, le proprio aussi, mail et gnarwl peuvent les voir +access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="vacationForward" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by self write + by dn="uid=mail,ou=sysaccounts,o=ls" read + by dn="uid=gnarwl,ou=sysaccounts,o=ls" read + by * none + +### Les admins peuvent modifier ces attributs, le proprio aussi, samba aussi +access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="sambaLMPassword,sambaNTPassword" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by dn="uid=samba,ou=sysaccounts,o=ls" write + by self write + by * none + +### Les admins peuvent modifier ces attributs, le proprio aussi, les authentifies peuvent les voir +access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="c,cn,jpegPhoto,personalTitle,sn,givenName,postalAddress,postalCode,l,st,telephoneNumber,mobile,fax,mail,mailalternateaddress,maildrop,description,vacationInfo,vacationEnd" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by self write + by users read + by * read + +## Computers +### Ajout d'entrees par les admins +access to dn.regex="^ou=computers,o=ls$" attrs="children,objectclass" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by dn="uid=samba,ou=sysaccounts,o=ls" write + by users read + by * none + +access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="entry,objectclass" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by dn="uid=samba,ou=sysaccounts,o=ls" write + by users read + by * none + + +### Les admins peuvent modifier ces attributs, samba peut les voir +access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="sambaLMPassword,sambaNTPassword" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by dn="uid=samba,ou=sysaccounts,o=ls" write + by * none + +### Les admins peuvent modifier ces attributs, les authentifiés peuvent les voir +access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="cn,uid,uidNumber,gidNumber,homeDirectory,sambaSID,sambaPrimaryGroupSID,sambaAcctFlags,sambaPwdCanChange,sambaPwdMustChange,sambaPwdLastSet" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by dn="uid=samba,ou=sysaccounts,o=ls" write + by users read + by * none + + +## Les authentifies peuvent voir les noeuds et les admins peuvent en ajouter +access to * attrs="entry" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by users read + by * none + +## SambaDomains +### Ajout d'entrees par les admins +access to dn.regex="^ou=sambadomains,o=ls$" + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by dn="uid=samba,ou=sysaccounts,o=ls" read + by users read + by * none + +## Le reste +access to * + by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write + by * none diff --git a/trunk/lsexample/slapd.conf b/trunk/lsexample/slapd.conf new file mode 100644 index 00000000..a1c47915 --- /dev/null +++ b/trunk/lsexample/slapd.conf @@ -0,0 +1,28 @@ +include /etc/ldap/schema/ls.schema + + +database bdb +suffix "o=ls" + +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +directory /var/lib/ldap/ls + +# Indices to maintain +index objectClass eq +index uid pres,eq +index uidNumber eq +index gidNumber eq +index eeallowedservices eq +index cn pres,eq +index mail pres,eq +index mailalternateaddress pres,eq +index sambasid eq +index sambaDomainName eq +index memberUid eq + +# Save the time that the entry gets modified, for database #1 +lastmod on + +include /etc/ldap/permissions-ls.conf diff --git a/trunk/modify.php b/trunk/modify.php index 3c682a66..ff00e9f7 100644 --- a/trunk/modify.php +++ b/trunk/modify.php @@ -30,31 +30,67 @@ if($LSsession -> startLSsession()) { // Définition du Titre de la page $GLOBALS['Smarty'] -> assign('pagetitle',_('Modifier')); - // Création d'un LSobject - if (class_exists($_GET['LSobject'])) { - debug('me : '.$GLOBALS['LSsession'] -> whoami($_GET['dn'])); - if ( $GLOBALS['LSsession'] -> whoami($_GET['dn']) != 'user' ) { - $object = new $_GET['LSobject'](); - if ($object -> loadData($_GET['dn'])) { - $form = $object -> getForm('test'); - if ($form->validate()) { - // MàJ des données de l'objet LDAP - $object -> updateData('test'); + if (isset($_POST['LSform_objecttype'])) { + $LSobject = $_POST['LSform_objecttype']; + } + else if (isset($_GET['LSobject'])) { + $LSobject = $_GET['LSobject']; + } + + if (isset($_POST['LSform_objectdn'])) { + $dn = $_POST['LSform_objectdn']; + } + else if (isset($_GET['dn'])) { + $dn = $_GET['dn']; + } + + if ((isset($dn)) && (isset($LSobject)) ) { + // Création d'un LSobject + if (class_exists($LSobject)) { + if ( $GLOBALS['LSsession'] -> canEdit($LSobject,$dn) ) { + $LSview_actions[] = array( + 'label' => _('Voir'), + 'url' =>'view.php?LSobject='.$LSobject.'&dn='.$dn, + 'action' => 'view' + ); + + if ($GLOBALS['LSsession'] -> canRemove($LSobject,$dn)) { + $LSview_actions[] = array( + 'label' => _('Supprimer'), + 'url' => 'remove.php?LSobject='.$LSobject.'&dn='.$dn, + 'action' => 'delete' + ); + } + + $object = new $LSobject(); + if ($object -> loadData($dn)) { + $form = $object -> getForm('modify'); + if ($form->validate()) { + // MàJ des données de l'objet LDAP + if ($object -> updateData('modify')) { + header('Location: view.php?LSobject='.$LSobject.'&dn='.$object -> getDn()); + } + } + $GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions); + $GLOBALS['LSsession'] -> setTemplate('modify.tpl'); + $form -> display(); + } + else { + $GLOBALS['LSerror'] -> addErrorCode(1011); } - $form -> display(); } - else debug('erreur durant le chargement du dn'); + else { + $GLOBALS['LSerror'] -> addErrorCode(1011); + } } else { - $GLOBALS['LSerror'] -> addErrorCode(1011); + $GLOBALS['LSerror'] -> addErrorCode(21); } } else { - $GLOBALS['LSerror'] -> addErrorCode(21); + $GLOBALS['LSerror'] -> addErrorCode(1012); } - // Template - $GLOBALS['LSsession'] -> setTemplate('modify.tpl'); } else { $GLOBALS['LSsession'] -> setTemplate('login.tpl'); diff --git a/trunk/remove.php b/trunk/remove.php new file mode 100644 index 00000000..8f580071 --- /dev/null +++ b/trunk/remove.php @@ -0,0 +1,78 @@ + startLSsession()) { + + if ((isset($_GET['LSobject'])) && (isset($_GET['dn']))) { + + if ($GLOBALS['LSsession'] -> loadLSobject($_GET['LSobject'])) { + if ( $GLOBALS['LSsession'] -> canRemove($_GET['LSobject'],$_GET['dn']) ) { + $object = new $_GET['LSobject'](); + if ($object -> loadData($_GET['dn'])) { + if (isset($_GET['valid'])) { + $objectname=$object -> getDisplayValue(); + $GLOBALS['Smarty'] -> assign('pagetitle',_('Suppression').' : '.$objectname); + if ($object -> remove()) { + $GLOBALS['Smarty'] -> assign('question',$objectname.' '._('a bien été supprimé').'.'); + } + else { + $GLOBALS['LSerror'] -> addErrorCode(35,$objectname); + } + } + else { + // Définition du Titre de la page + $GLOBALS['Smarty'] -> assign('pagetitle',_('Suppresion').' : '.$object -> getDisplayValue()); + $GLOBALS['Smarty'] -> assign('question',_('Voulez-vous vraiment supprimer').' '.$object -> getDisplayValue().' ?'); + $GLOBALS['Smarty'] -> assign('validation_url','remove.php?LSobject='.$_GET['LSobject'].'&dn='.$_GET['dn'].'&valid'); + $GLOBALS['Smarty'] -> assign('validation_txt',_('Valider')); + } + $GLOBALS['LSsession'] -> setTemplate('question.tpl'); + } + else { + $GLOBALS['LSerror'] -> addErrorCode(1012); + } + } + else { + $GLOBALS['LSerror'] -> addErrorCode(1011); + } + } + else { + $GLOBALS['LSerror'] -> addErrorCode(21); + } + } + else { + $GLOBALS['LSerror'] -> addErrorCode(1012); + } + +} +else { + $GLOBALS['LSsession'] -> setTemplate('login.tpl'); +} + +// Affichage des retours d'erreurs +$GLOBALS['LSsession'] -> displayTemplate(); +?> diff --git a/trunk/templates/create.tpl b/trunk/templates/create.tpl new file mode 100644 index 00000000..32132a6a --- /dev/null +++ b/trunk/templates/create.tpl @@ -0,0 +1,52 @@ + + + + LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if} + + {$LSsession_css} + {$LSsession_js} + + +
+{$LSerrors} +
+
+ X +
{if $LSdebug != ''}{$LSdebug}{/if}
+
+ +
+
+ +
    + {foreach from=$LSaccess item=item key=LSobject} +
  • {$item.label}
    • + {/foreach} +
+
+ +
+
+ + diff --git a/trunk/templates/css/LSform.css b/trunk/templates/css/LSform.css index 0487ff14..b766001b 100644 --- a/trunk/templates/css/LSform.css +++ b/trunk/templates/css/LSform.css @@ -1,20 +1,3 @@ -p.LSform-view-actions { - text-align: right; - font-size: 0.8em; - margin: 0.2em; - margin-right: 3em; - color: #0072b8; -} - -a.LSform-view-actions { - text-decoration: none; - color: #0072b8; -} - -a.LSform-view-actions:hover { - text-decoration: underline; -} - dl.LSform { margin: 0; margin-left: 2em; diff --git a/trunk/templates/css/base.css b/trunk/templates/css/base.css index 72236f58..2d34e454 100644 --- a/trunk/templates/css/base.css +++ b/trunk/templates/css/base.css @@ -114,6 +114,10 @@ td.LSobject-list-actions { width: 7em; } +td.LSobject-list-names { + cursor: pointer; +} + p.LSobject-list-page { text-align: center; margin: 0.5em; @@ -132,3 +136,21 @@ a.LSobject-list-page:hover { strong.LSobject-list-page { color: #0072b8; } + +p.LSview-actions { + text-align: right; + font-size: 0.8em; + margin: 0.2em; + margin-right: 3em; + color: #0072b8; +} + +p.question { + margin-left: 3em; +} + +a.question { + margin-left: 10em; + margin-top: 3em; + color: #0072b8; +} diff --git a/trunk/templates/images/clear.png b/trunk/templates/images/clear.png new file mode 100644 index 00000000..e6c8e8b9 Binary files /dev/null and b/trunk/templates/images/clear.png differ diff --git a/trunk/templates/images/edit.png b/trunk/templates/images/copy.png similarity index 100% rename from trunk/templates/images/edit.png rename to trunk/templates/images/copy.png diff --git a/trunk/templates/images/create.png b/trunk/templates/images/create.png new file mode 100644 index 00000000..4c3efdd6 Binary files /dev/null and b/trunk/templates/images/create.png differ diff --git a/trunk/templates/images/delete.png b/trunk/templates/images/delete.png new file mode 100644 index 00000000..0e0953c7 Binary files /dev/null and b/trunk/templates/images/delete.png differ diff --git a/trunk/templates/images/logout.png b/trunk/templates/images/logout.png index ad5e36eb..0010931e 100644 Binary files a/trunk/templates/images/logout.png and b/trunk/templates/images/logout.png differ diff --git a/trunk/templates/images/modify.png b/trunk/templates/images/modify.png new file mode 100644 index 00000000..663cbadd Binary files /dev/null and b/trunk/templates/images/modify.png differ diff --git a/trunk/templates/modify.tpl b/trunk/templates/modify.tpl index 79b24311..dcaf0634 100644 --- a/trunk/templates/modify.tpl +++ b/trunk/templates/modify.tpl @@ -29,7 +29,13 @@

Connecté en tant que {$LSsession_username} Logout

{if $pagetitle != ''}

{$pagetitle}

{/if} -

Voir

+ {if $LSview_actions != ''} +

+ {foreach from=$LSview_actions item=item} + {$item.label} + {/foreach} +

+ {/if}
{$LSform_header} diff --git a/trunk/templates/question.tpl b/trunk/templates/question.tpl new file mode 100644 index 00000000..1dddb5ee --- /dev/null +++ b/trunk/templates/question.tpl @@ -0,0 +1,45 @@ + + + + LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if} + + {$LSsession_css} + {$LSsession_js} + + +
+{$LSerrors} +
+
+ X +
{if $LSdebug != ''}{$LSdebug}{/if}
+
+ +
+
+ +
    + {foreach from=$LSaccess item=item key=LSobject_type} +
  • {$item.label}
    • + {/foreach} +
+
+ +
+
+ + diff --git a/trunk/templates/view.tpl b/trunk/templates/view.tpl index 196c3e62..b7449881 100644 --- a/trunk/templates/view.tpl +++ b/trunk/templates/view.tpl @@ -28,7 +28,14 @@