- Développement des capacité de l'interface (ajout / suppression / copie / modification)

- Création d'un annuaire de test (dossier lsexample)
- Debug divers

trunk/conf/LSobjects/config.LSobjects.LSeecompany.php

@@ -43,7 +43,8 @@ $GLOBALS['LSobjects']['LSeecompany'] = array (
         'admin' => 'w'
       ),
       'form' => array (
-        'test' => 1
+        'modify' => 1,
+        'create' => 1
       )
     ),
     'dc' => array (
@@ -57,7 +58,8 @@ $GLOBALS['LSobjects']['LSeecompany'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1
+        'modify' => 1,
+        'create' => 1
       )
     )
   )

trunk/conf/LSobjects/config.LSobjects.LSeegroup.php

@@ -22,6 +22,7 @@
 
 $GLOBALS['LSobjects']['LSeegroup'] = array (
   'objectclass' => array(
+    'lsgroup',
     'posixGroup'
   ),
   'rdn' => 'cn',
@@ -51,7 +52,8 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
         'admin' => 'w'
       ),
       'form' => array (
-        'test' => 1
+        'modify' => 1,
+        'create' => 1
       )
     ),
     'gidNumber' => array (
@@ -59,6 +61,7 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
       'ldap_type' => 'numeric',
       'html_type' => 'text',
       'required' => 1,
+      'generate_function' => 'generate_gidNumber',
       'validation' => array (
         array (
           'filter' => 'gidNumber=%{val}',
@@ -71,7 +74,7 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
         'admin' => 'w'
       ),
       'form' => array (
-        'test' => 1
+        'modify' => 1
       )
     ),
     'uniqueMember' => array (
@@ -91,10 +94,10 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
         'admin' => 'w'
       ),
       'form' => array (
-        'test' => 1
+        'modify' => 1,
+        'create' => 1
       ),
       'possible_values' => array(
-        'aucun' => _('-- Selectionner --'),
         'OTHER_OBJECT' => array(
           'object_type' => 'LSeepeople',                      // Nom de l'objet à lister
           'display_attribute' => '%{cn} (%{uidNumber})',      // Spécifie le attributs à lister pour le choix,

trunk/conf/LSobjects/config.LSobjects.LSeepeople.php

@@ -23,6 +23,7 @@
 $GLOBALS['LSobjects']['LSeepeople'] = array (
   'objectclass' => array(
     'top',
+    'lspeople',
     'posixAccount',
     'sambaSamAccount',
   ),
@@ -58,8 +59,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 0,
+        'modify' => 0,
-        'add' => 1
+        'create' => 1
       )
     ),
     'uidNumber' => array (
@@ -86,7 +87,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 0,
+        'modify' => 0,
       )
     ),
     'cn' => array (
@@ -103,8 +104,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
-        'add' => 1
+        'create' => 1
       )
     ),
     'givenName' => array (
@@ -125,8 +126,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
-        'add' => 1
+        'create' => 1
       ),
       'onDisplay' => 'return_data'
     ),
@@ -135,15 +136,15 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       'ldap_type' => 'ascii',
       'html_type' => 'text',
       'required' => 1,
-      'rights' => array(                  // Définition de droits : 'r' => lecture / 'w' => modification / '' => aucun (par defaut)
+      'rights' => array(
-        'self' => 'w',                    // définition des droits de l'utilisateur sur lui même
+        'self' => 'w',
-        'user' => 'r',                    // définition des droits de tout les utilisateurs
+        'user' => 'r',
         'admin' => 'w'
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
-        'add' => 1
+        'create' => 1
       )
     ),
     'gidNumber' => array (
@@ -166,8 +167,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
-        'add' => 1
+        'create' => 1
       ),
       'possible_values' => array(
         'OTHER_OBJECT' => array(
@@ -200,8 +201,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
-        'add' => 1
+        'create' => 1
       ),
       'possible_values' => array(
         '/bin/false' => _('Aucun'),
@@ -218,7 +219,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
         'admin' => 'r'
       ),
       'form' => array (
-        //'test' => 0,
+        //'modify' => 0,
       )
     ),
     'homeDirectory' => array (
@@ -233,7 +234,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
       )
     ),
     'mail' => array (
@@ -253,8 +254,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
-        'add' => 1
+        'create' => 1
       )
     ),
     'personalTitle' => array (
@@ -270,8 +271,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
-        'add' => 1
+        'create' => 1
       ),
       'possible_values' => array(
         'M.' => 'M.',
@@ -295,7 +296,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
       )
     ),
     'vacationActive' => array (
@@ -315,7 +316,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
       ),
       'possible_values' => array(
         '' => 'Non',
@@ -333,7 +334,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
       )
     ),
     'vacationForward' => array (
@@ -352,7 +353,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
       )
     ),
     'mailQuota' => array (
@@ -370,7 +371,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
       )
     ),
     'description' => array (
@@ -384,7 +385,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
       ),
       'view' => 1,
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
+        'create' => 1
       )
     ),
     'userPassword' => array (
@@ -401,23 +403,29 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
         'sambaNTPassword'
       ),
       'form' => array (
-        'test' => 1,
+        'modify' => 1,
-        'add' => 1
+        'create' => 1
       )
     ),
     'sambaLMPassword' => array (
       'label' => _('Mot de passe Samba (LM)'),
       'ldap_type' => 'ascii',
-      'html_type' => 'password',
+      'html_type' => 'text',
       'required' => 1,
-      'generate_function' => 'generate_sambaLMPassword'
+      'generate_function' => 'generate_sambaLMPassword',
+      'form' => array (
+        'modify' => 0
+      )
     ),
     'sambaNTPassword' => array (
       'label' => _('Mot de passe Samba (NT)'),
       'ldap_type' => 'ascii',
-      'html_type' => 'password',
+      'html_type' => 'text',
       'required' => 1,
-      'generate_function' => 'generate_sambaNTPassword'
+      'generate_function' => 'generate_sambaNTPassword',
+      'form' => array (
+        'modify' => 0
+      )
     )
   )
 );

trunk/conf/config.error_code.php

@@ -104,6 +104,10 @@ $GLOBALS['LSerror_code'] = array (
     'msg' => _("LSldapObject : L'attribut %{attr_depend} dépendant de l'attribut %{attr} n'existe pas."),
     'level' => 'w'
   ),
+  35 => array (
+    'msg' => _("LSldapObject : Erreur durant la suppression de %{objectname}."),
+    'level' => 'c'
+  ),
   
   // LSldapObject
   41 => array (
@@ -238,6 +242,11 @@ $GLOBALS['LSerror_code'] = array (
   1011 => array (
     'msg' => _("LSsession : Vous n'êtes pas authorisé à effectuer cette action."),
     'level' => 'c'
+  ),
+  1012 => array (
+    'msg' => _("LSsession : Des informations sont manquantes pour l'affichage de cette page."),
+    'level' => 'c'
   )
+
 );
 ?>

trunk/conf/config.inc.php

@@ -28,13 +28,13 @@ $GLOBALS['LSconfig'] = array(
   'cacheLSrights' => true,
   'ldap_servers' => array (
     array (
-      'name' => 'Ldap 1',
+      'name' => 'LSexample',
       'ldap_config'=> array(
             'host'     => '127.0.0.1',
             'port'     => 389,
             'version'  => 3,
             'starttls' => false,
-        'binddn'   => 'uid=toto,ou=people,o=ls',
+        'binddn'   => 'uid=eeggs,ou=people,o=ls',
         'bindpw'   => 'toto',
         'basedn'   => 'o=ls',
         'options'  => array(),
@@ -42,9 +42,11 @@ $GLOBALS['LSconfig'] = array(
         'scope'    => 'sub'
         ),
         'LSadmins' => array (
-          'o=ost' => array (
+          'o=ls' => array (
-            'uid=toto,ou=people,o=ls' => NULL,
+            'uid=eeggs,ou=people,o=ls' => NULL
-            'cn=adminldap,ou=groups,o=ost' => array (
+          ),
+          'ou=people,o=ls' => array (
+            'cn=adminldap,ou=groups,o=ls' => array (
               'attr' => 'uniqueMember',
               'LSobject' => 'LSeegroup'
             )
@@ -76,7 +78,7 @@ $GLOBALS['LSconfig'] = array(
 );
 
 //Debug
-$GLOBALS['LSdebug']['active'] = false;
+$GLOBALS['LSdebug']['active'] = true;
 
 // Définitions des locales
 $textdomain = 'ldapsaisie';

trunk/create.php

@@ -0,0 +1,79 @@
+<?php
+/*******************************************************************************
+ * Copyright (C) 2007 Easter-eggs
+ * http://ldapsaisie.labs.libre-entreprise.org
+ *
+ * Author: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+******************************************************************************/
+
+require_once 'includes/functions.php';
+require_once 'includes/class/class.LSsession.php';
+
+$GLOBALS['LSsession'] = new LSsession();
+
+if($LSsession -> startLSsession()) {
+
+  if (isset($_POST['LSform_objecttype'])) {
+    $LSobject = $_POST['LSform_objecttype'];
+  }
+  else if (isset($_GET['LSobject'])) {
+    $LSobject = $_GET['LSobject'];
+  }
+  
+  if (isset($LSobject)) {
+    // Création d'un LSobject
+    if (class_exists($LSobject)) {
+      if ( $GLOBALS['LSsession'] -> canCreate($LSobject) ) {
+        $object = new $LSobject();
+        
+        if ($_GET['load']!='') {
+          $form = $object -> getForm('create',$_GET['load']);
+        }
+        else {
+          $form = $object -> getForm('create');
+        }
+        if ($form->validate()) {
+          // MàJ des données de l'objet LDAP
+          if ($object -> updateData('create')) {
+            header('Location: view.php?LSobject='.$LSobject.'&dn='.$object -> getDn());
+          }
+        }
+        // Définition du Titre de la page
+        $GLOBALS['Smarty'] -> assign('pagetitle',_('Nouveau').' : '.$object -> getLabel());
+        $GLOBALS['LSsession'] -> setTemplate('create.tpl');
+        $form -> display();
+      }
+      else {
+        $GLOBALS['LSerror'] -> addErrorCode(1011);
+      }
+    }
+    else {
+      $GLOBALS['LSerror'] -> addErrorCode(21);
+    }
+  }
+  else {
+    $GLOBALS['LSerror'] -> addErrorCode(1012);
+  }
+
+}
+else {
+  $GLOBALS['LSsession'] -> setTemplate('login.tpl');
+}
+
+// Affichage des retours d'erreurs
+$GLOBALS['LSsession'] -> displayTemplate();
+?>

trunk/includes/addons/LSaddons.samba.php

@@ -184,6 +184,7 @@
     }
 
     $password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
+    debug('pwd : '.$password);
     $sambapassword = new smbHash;
     $sambaNTPassword = $sambapassword -> nthash($password);
 

trunk/includes/class/class.LSattr_html.php

@@ -80,14 +80,6 @@ class LSattr_html {
   function addToForm (&$form,$idForm,$data=NULL) {
     $GLOBALS['LSerror'] -> addErrorCode(101,$this -> name);
   }
-
-  function __sleep() {
-    return ( array_keys( get_object_vars( &$this ) ) );
-  }
-  
-  function __wakeup() {
-    return true;
-  }
 }
 
 ?>

trunk/includes/class/class.LSattr_html_select_list.php

@@ -37,10 +37,10 @@ class LSattr_html_select_list extends LSattr_html{
 	 * @retval LSformElement L'element du formulaire ajouté
 	 */
   function addToForm (&$form,$idForm,$data=NULL) {
-    if (count($data)>1) {
+    /*if (count($data)>1) {
       $GLOBALS['LSerror'] -> addErrorCode(103,'select_list');
       return;
-    }
+    }*/
     $possible_values=$this -> getPossibleValues();
 		$this -> config['text_possible_values'] = $possible_values;
     $element=$form -> addElement('select', $this -> name, $this -> config['label'],$this -> config);

trunk/includes/class/class.LSattr_ldap_password.php

@@ -47,7 +47,7 @@ class LSattr_ldap_password extends LSattr_ldap {
    * @retval mixed La valeur traitée de l'attribut
    */
   function getUpdateData($data) {
-		$this -> clearPassord = $data[0];
+    $this -> clearPassword = $data[0];
     return '{CRYPT}'.crypt($data[0],'$1$'.$this -> getSalt().'$');
   }
  

trunk/includes/class/class.LSattribute.php

@@ -184,15 +184,19 @@ class LSattribute {
    * @param[in] object $form Le formulaire dans lequel doit être ajouté l'attribut
    * @param[in] string $idForm L'identifiant du formulaire
    * @param[in] objet  &$obj Objet utilisable pour la génération de la valeur de l'attribut
+   * @param[in] array  $value valeur de l'élement
    *
    * @retval boolean true si l'ajout a fonctionner ou qu'il n'est pas nécessaire, false sinon
    */
-  function addToForm(&$form,$idForm,&$obj=NULL) {
+  function addToForm(&$form,$idForm,&$obj=NULL,$value=NULL) {
     if(isset($this -> config['form'][$idForm])) {
       if($this -> myRights() == 'n') {
         return true;
       }
-      if($this -> data !='') {
+      if ($value) {
+        $data = $value;
+      }
+      else if($this -> data !='') {
         $data=$this -> getFormVal();
       }
       else if (isset($this -> config['default_value'])) {
@@ -235,6 +239,11 @@ class LSattribute {
     return true;
   }
 
+  /**
+   * Récupération des droits de l'utilisateur sur l'attribut
+   * 
+   * @retval string 'r'/'w'/'n' pour 'read'/'write'/'none'
+   **/
   function myRights() {
     // cache
     if ($this -> _myRights != NULL) {
@@ -484,13 +493,6 @@ class LSattribute {
     return $this -> config['dependAttrs'];
   }
 
-  function __sleep() {
-    return ( array_keys( get_object_vars( &$this ) ) );
-  }
-  
-  function __wakeup() {
-    return true;
-  }
 }
 
 ?>

trunk/includes/class/class.LSform.php

@@ -85,7 +85,7 @@ class LSform {
     $GLOBALS['Smarty'] -> assign('LSform_header',$LSform_header);
     $LSform_object = array(
       'type' => $this -> ldapObject -> getType(),
-      'dn' => $this -> ldapObject -> getDn()
+      'dn' => $this -> ldapObject -> getValue('dn')
     );
     $GLOBALS['Smarty'] -> assign('LSform_object',$LSform_object);
     $fields = array();

trunk/includes/class/class.LSformElement.php

@@ -183,7 +183,7 @@ class LSformElement {
    * @retval boolean true si la valeur est présente en POST, false sinon
    */
   function getPostData(&$return) {
-		if($this -> params['form'][$this -> form -> idForm] != 1) {
+    if($this -> isFreeze()) {
       return true;
     }
     if (isset($_POST[$this -> name])) {

trunk/includes/class/class.LSformElement_password.php

@@ -67,7 +67,10 @@ class LSformElement_password extends LSformElement {
   function getDisplay(){
     $return = $this -> getLabelInfos();
     if (!$this -> isFreeze()) {
-			$return['html'] = "<input type='password' name='".$this -> name."[]' />\n* "._('Modification uniquement').".";
+      $return['html'] = "<input type='password' name='".$this -> name."[]' />\n";
+      if (!empty($this -> values)) {
+        $return['html'] .= "* "._('Modification uniquement').".";
+      }
     }
     else {
       if (empty($this -> values)) {

trunk/includes/class/class.LSformElement_select.php

@@ -50,7 +50,7 @@ class LSformElement_select extends LSformElement {
         $multiple_tag='multiple';
       }
         
-      $return['html'] = "<select name='".$this -> name."' $multiple_tag class='LSform'>\n";
+      $return['html'] = "<select name='".$this -> name."[]' $multiple_tag class='LSform'>\n";
       foreach ($this -> params['text_possible_values'] as $choice_value => $choice_text) {
         if (in_array($choice_value, $this -> values)) {
           $selected=' selected';

trunk/includes/class/class.LSldap.php

@@ -260,6 +260,17 @@ class LSldap {
     return ($this -> cnx == NULL)?false:true;
   }
   
+  /**
+   * Supprime un objet de l'annuaire
+   *
+   * @param[in] string DN de l'objet à supprimer
+   * 
+   * @retval boolean True si l'objet à été supprimé, false sinon
+   */
+  function remove($dn) {
+    return $this -> cnx -> delete($dn);
+  }
+
 }
 
 ?>

trunk/includes/class/class.LSldapObject.php

@@ -89,12 +89,15 @@ class LSldapObject {
   function loadData($dn) {
     $this -> dn = $dn;
     $data = $GLOBALS['LSldap'] -> getAttrs($dn);
+    if(!empty($data)) {
       foreach($this -> attrs as $attr_name => $attr) {
         if(!$this -> attrs[$attr_name] -> loadData($data[$attr_name]))
           return;
       }
       return true;
     }
+    return;
+  }
   
   /**
    * Recharge les données de l'objet
@@ -166,21 +169,39 @@ class LSldapObject {
    * et de chaque attribut.
    *
    * @param[in] $idForm [<b>required</b>] Identifiant du formulaire a créer
-   * @param[in] $config Configuration spécifique pour le formulaire
+   * @param[in] $load DN d'un objet similaire dont la valeur des attribut doit être chargé dans le formulaire.
    *
    * @author Benjamin Renard <brenard@easter-eggs.com>
    *
    * @retval LSform Le formulaire crée
    */ 
-  function getForm($idForm,$config=array()) {
+  function getForm($idForm,$load=NULL) {
     $GLOBALS['LSsession'] -> loadLSclass('LSform');
     $LSform = new LSform($this,$idForm);
-    $this -> forms[$idForm] = array($LSform,$config);
+    $this -> forms[$idForm] = array($LSform,$load);
+    
+    if ($load) {
+      $type = $this -> getType();
+      $loadObject = new $type();
+      if (!$loadObject -> loadData($load)) {
+        $load=false;
+      }
+    }
+    
+    if ($load) {
+      foreach($this -> attrs as $attr_name => $attr) {
+        if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this,$loadObject -> getValue($attr_name))) {
+          $LSform -> can_validate = false;
+        }
+      }
+    }
+    else {
       foreach($this -> attrs as $attr_name => $attr) {
         if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this)) {
           $LSform -> can_validate = false;
         }
       }      
+    }
     return $LSform;
   }
   
@@ -261,7 +282,7 @@ class LSldapObject {
       }
       else {
         $GLOBALS['LSerror'] -> addErrorCode(23,$this -> type_name);
-        $GLOBALS['LSerror'] -> stop();
+        return;
       }
     }
     $new_data = $LSform -> exportValues();
@@ -276,12 +297,12 @@ class LSldapObject {
         if(function_exists($this -> config['before_save'])) {
           if(!$this -> config['before_save']($this)) {
             $GLOBALS['LSerror'] -> addErrorCode(28,$this -> config['before_save']);
-            $GLOBALS['LSerror'] -> stop();
+            return;
           }
         }
         else {
           $GLOBALS['LSerror'] -> addErrorCode(27,$this -> config['before_save']);
-          $GLOBALS['LSerror'] -> stop();
+          return;
         }
       }
       if ($this -> submitChange($idForm)) {
@@ -290,16 +311,25 @@ class LSldapObject {
         $this -> reloadData();
         $this -> refreshForm($idForm);
       }
+      else {
+        return;
+      }
       if((isset($this -> config['after_save']))&&(!$this -> submitError)) {
         if(function_exists($this -> config['after_save'])) {
           if(!$this -> config['after_save']($this)) {
             $GLOBALS['LSerror'] -> addErrorCode(30,$this -> config['after_save']);
+            return;
           }
         }
         else {
           $GLOBALS['LSerror'] -> addErrorCode(29,$this -> config['after_save']);
+          return;
         }
       }
+      return true;
+    }
+    else {
+      return;
     }
   }
   
@@ -478,6 +508,7 @@ class LSldapObject {
     if(!empty($submitData)) {
       $dn=$this -> getDn();
       if($dn) {
+        $this -> dn=$dn;
         debug($submitData);
         return $GLOBALS['LSldap'] -> update($this -> type_name,$dn, $submitData);
       }
@@ -486,6 +517,9 @@ class LSldapObject {
         return;
       }
     }
+    else {
+      return true;
+    }
   }
   
   /**
@@ -848,24 +882,35 @@ class LSldapObject {
     return $this -> type_name;
   }
   
+  /**
+   * Retourne qui est l'utilisateur par rapport à cet object
+   *
+   * @retval string 'admin'/'self'/'user' pour Admin , l'utilisateur lui même ou un simple utilisateur
+   */
   function whoami() {
     if (!$this -> _whoami)
       $this -> _whoami = $GLOBALS['LSsession'] -> whoami($this -> dn);
     return $this -> _whoami;
   }
   
+  /**
+   * Retourne le label de l'objet
+   *
+   * @retval string Le label de l'objet ($this -> config['label'])
+   */
   function getLabel() {
     return $this -> config['label'];
   }
   
-  function __sleep() {
-    return ( array_keys( get_object_vars( &$this ) ) );
-  }
   
-  function __wakeup() {
+  /**
-    return true;
+   * Supprime l'objet dans l'annuaire
+   *
+   * @retval boolean True si l'objet à été supprimé, false sinon
+   */
+  function remove() {
+    return $GLOBALS['LSldap'] -> remove($this -> getDn());
   }
-
 }
 
 ?>

trunk/includes/class/class.LSsession.php

@@ -240,10 +240,10 @@ class LSsession {
           if (!$this -> LSldapConnect())
             return;
           $this -> loadLSrights();
-          $this -> loadLSaccess();
         }
         $this -> LSuserObject = new $this -> ldapServer['authobject']();
         $this -> LSuserObject -> loadData($this -> dn);
+        $this -> loadLSaccess();
         $GLOBALS['Smarty'] -> assign('LSsession_username',$this -> LSuserObject -> getDisplayValue());
         return true;
         
@@ -589,16 +589,25 @@ class LSsession {
     }
   }
   
+  /**
+   * Charge les droits d'accès de l'utilisateur pour construire le menu de l'interface
+   *
+   * @retval void
+   */
   function loadLSaccess() {
+    if ($this -> canAccess($this -> LSuserObject -> getType(),$this -> dn)) {
       $LSaccess = array(
         'SELF' => array(
           'label' => _('Mon compte'),
           'DNs' => $this -> dn
         )
       );
+    }
+    else {
+      $LSaccess = array();
+    }
     foreach ($GLOBALS['LSobjects'] as $objecttype => $objectconf) {
-      $objectdn = $objectconf['container_dn'].','.$this -> topDn;
+      if ($this -> canAccess($objecttype) ) {
-      if ($this -> isAdmin($objectdn) ) {
         $LSaccess[$objecttype] = array (
           'label' => $objectconf['label'],
           'Dns' => 'All'
@@ -608,6 +617,13 @@ class LSsession {
     $this -> LSaccess = $LSaccess;
   }
   
+  /**
+   * Dit si l'utilisateur est admin de le DN spécifié
+   *
+   * @param[in] string DN de l'objet
+   * 
+   * @retval boolean True si l'utilisateur est admin sur l'objet, false sinon.
+   */
   function isAdmin($dn) {
     foreach($this -> LSrights['topDn_admin'] as $topDn_admin) {
       if($dn == $topDn_admin) {
@@ -620,6 +636,13 @@ class LSsession {
     return;
   }
   
+  /**
+   * Retourne qui est l'utilisateur par rapport à l'object
+   *
+   * @param[in] string Le DN de l'objet
+   * 
+   * @retval string 'admin'/'self'/'user' pour Admin , l'utilisateur lui même ou un simple utilisateur
+   */
   function whoami($dn) {
     if ($this -> isAdmin($dn)) {
       return 'admin';
@@ -632,15 +655,51 @@ class LSsession {
     return 'user';
   }
   
-  function canAccess($LSobject,$dn=NULL,$right=NULL) {
+  /**
+   * Retourne le droit de l'utilisateur à accèder à un objet
+   * 
+   * @param[in] string $LSobject Le type de l'objet
+   * @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut)
+   * @param[in] string $right Le type de droit d'accès à tester ('r'/'w')
+   * @param[in] string $attr Le nom de l'attribut auquel on test l'accès
+   *
+   * @retval boolean True si l'utilisateur a accès, false sinon
+   */
+  function canAccess($LSobject,$dn=NULL,$right=NULL,$attr=NULL) {
     if (!$this -> loadLSobject($LSobject))
       return;
     if ($dn) {
       $whoami = $this -> whoami($dn);
     }
     else {
-      $whoami = 'user';
+      $objectdn=$GLOBALS['LSobjects'][$LSobject]['container_dn'].','.$this -> topDn;
+      $whoami = $this -> whoami($objectdn);
     }
+    
+    // Pour un attribut particulier
+    if ($attr) {
+      if ($attr=='rdn') {
+        $attr=$GLOBALS['LSobjects'][$LSobject]['rdn'];
+      }
+      if (!isset($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr])) {
+        return;
+      }
+      
+      if (($right=='r')||($right=='w')) {
+        if ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]==$right) {
+          return true;
+        }
+        return;
+      }
+      else {
+        if ( ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]=='r') || ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]=='w') ) {
+          return true;
+        }
+        return;
+      }
+    }
+    
+    // Pour un attribut quelconque
     if (is_array($GLOBALS['LSobjects'][$LSobject]['attrs'])) {
       if (($right=='r')||($right=='w')) {
         foreach ($GLOBALS['LSobjects'][$LSobject]['attrs'] as $attr_name => $attr_config) {
@@ -660,17 +719,42 @@ class LSsession {
     return;
   }
   
-  function canEdit($LSobject,$dn=NULL) {
+  /**
-    return $this -> canAccess($LSobject,$dn,'w');
+   * Retourne le droit de l'utilisateur à editer à un objet
+   * 
+   * @param[in] string $LSobject Le type de l'objet
+   * @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut)
+   * @param[in] string $attr Le nom de l'attribut auquel on test l'accès
+   *
+   * @retval boolean True si l'utilisateur a accès, false sinon
+   */
+  function canEdit($LSobject,$dn=NULL,$attr=NULL) {
+    return $this -> canAccess($LSobject,$dn,'w',$attr);
   }
 
-  function __sleep() {
+  /**
-    return ( array_keys( get_object_vars( &$this ) ) );
+   * Retourne le droit de l'utilisateur à supprimer un objet
+   * 
+   * @param[in] string $LSobject Le type de l'objet
+   * @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut)
+   *
+   * @retval boolean True si l'utilisateur a accès, false sinon
+   */  
+  function canRemove($LSobject,$dn) {
+    return $this -> canAccess($LSobject,$dn,'w','rdn');
   }
   
-  function __wakeup() {
+  /**
-    return true;
+   * Retourne le droit de l'utilisateur à créer un objet
+   * 
+   * @param[in] string $LSobject Le type de l'objet
+   *
+   * @retval boolean True si l'utilisateur a accès, false sinon
+   */    
+  function canCreate($LSobject) {
+    return $this -> canAccess($LSobject,NULL,'w','rdn');
   }
+
 }
 
 ?>

trunk/lsexample/ls.schema

@@ -0,0 +1,175 @@
+# Easter-eggs OID: 1.3.6.1.4.1.10650
+# 1.3.6.1.4.1.10650.2            LDAP OID
+# 1.3.6.1.4.1.10650.3            Customers OID
+# 
+# 1.3.6.1.4.1.10650.2.1          Ldap Attributes
+# 1.3.6.1.4.1.10650.2.1.1        Admin sys Ldap Attributes
+# 1.3.6.1.4.1.10650.2.1.2        Dev Ldap Attributes
+# 1.3.6.1.4.1.10650.2.1.3        Global Attributes
+# 1.3.6.1.4.1.10650.2.2          Ldap Objectclass
+# 1.3.6.1.4.1.10650.2.2.1        Admin sys Ldap Objectclass
+# 1.3.6.1.4.1.10650.2.2.2        Dev Ldap Objectclass
+# 1.3.6.1.4.1.10650.2.2.3        Global OC
+
+# Ost
+# 1.3.6.1.4.1.10650.3.1127.2.1 Ldap attributes
+# 1.3.6.1.4.1.10650.3.1127.2.2 Ldap OC
+
+
+# <Ee attributes>
+attributetype (1.3.6.1.4.1.10650.2.1.1.1
+  NAME 'eeallowedservices'
+  DESC 'List of allowed services'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# </Ee attributes>
+
+# <From qmail schema>
+attributetype ( 1.3.6.1.4.1.7914.1.2.1.4 NAME 'mailAlternateAddress'
+        SUBSTR caseIgnoreSubstringsMatch
+        DESC 'Secondary (alias) mailaddresses for the same user'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.7914.1.2.1.7 NAME 'mailForwardingAddress'
+        DESC 'Address(es) to forward all incoming messages to.'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# </From qmail schema>
+
+# <From courier.schema>
+attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox'
+        DESC 'The absolute path to the mailbox for a mail account in a non-default location'
+        EQUALITY caseExactIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop'
+        DESC 'RFC822 Mailbox - mail alias'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreIA5SubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+# </From courier.schema>
+
+# <From postfix>
+attributetype ( 1.3.6.1.4.1.7914.1.2.1.5 NAME 'mailQuota'
+        DESC 'The amount of space the user can use until all further messages get bounced.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
+        SINGLE-VALUE )
+# </From postfix>
+
+# <From gnarwl>
+# Original
+#attributetype ( 1.3.6.1.4.1.11048.1.1.1.1
+#       NAME 'vacationActive'
+#       SINGLE-VALUE
+#       EQUALITY booleanMatch
+#       DESC 'A flag, for marking the user as being away'
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+# Ee
+attributetype ( 1.3.6.1.4.1.11048.1.1.1.1
+        NAME 'vacationActive'
+        SINGLE-VALUE
+        DESC 'Equal to uid@autoreponse.foo.bar, for marking the user as being away'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreIA5SubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.11048.1.1.1.3
+        NAME 'vacationInfo'
+        SINGLE-VALUE
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+        DESC 'Absentee note to leave behind, while on vacation'
+        EQUALITY octetStringMatch )
+
+attributetype ( 1.3.6.1.4.1.11048.1.1.1.4
+        NAME 'vacationStart'
+        SINGLE-VALUE
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+        DESC 'Beginning of vacation'
+        EQUALITY octetStringMatch )
+
+# Original
+#attributetype ( 1.3.6.1.4.1.11048.1.1.1.5
+#       NAME 'vacationEnd'
+#       SINGLE-VALUE
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+#       DESC 'End of vacation'
+#       EQUALITY octetStringMatch )
+
+# Ee
+attributetype ( 1.3.6.1.4.1.11048.1.1.1.5
+        NAME 'vacationEnd'
+        SINGLE-VALUE
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+        DESC 'End of vacation'
+        ORDERING generalizedTimeOrderingMatch
+        EQUALITY generalizedTimeMatch )
+
+attributetype (1.3.6.1.4.1.11048.1.1.1.10
+        NAME 'vacationForward'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreIA5SubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+        DESC 'Where to forward mails to, while on vacation' )
+
+# </From gnarwl>
+
+## Objectclasses
+# LS people
+objectclass (1.3.6.1.4.1.10650.3.1127.2.2.1
+  NAME 'lspeople'
+  DESC 'LS people Objectclass'
+  STRUCTURAL
+  MUST ( uid $ cn )
+  MAY ( jpegPhoto $ sn $ givenName $ postalAddress $ postalCode $ l $ st $ c $ telephoneNumber $ mobile $ fax $ mail $ mailalternateaddress $ personalTitle $ description $ userPassword $ eeallowedservices $ mailforwardingaddress $ maildrop $ mailquota $ mailbox $ vacationActive $ vacationInfo $ vacationEnd $ vacationForward ))
+
+# LS Alias
+objectclass (1.3.6.1.4.1.10650.3.1127.2.2.2
+  NAME 'lsalias'
+  DESC 'LS alias Objectclass'
+  STRUCTURAL
+  MUST ( mail $ maildrop )
+  MAY  ( mailalternateaddress $ description ))
+
+# LS group
+objectclass (1.3.6.1.4.1.10650.3.1127.2.2.3
+  NAME 'lsgroup'
+  DESC 'LS group Objectclass'
+  STRUCTURAL
+  MUST ( cn )
+  MAY ( uniquemember $ description ))
+
+# LS system account
+objectclass (1.3.6.1.4.1.10650.3.1127.2.2.4
+  NAME 'lssysaccount'
+  DESC 'LS system account Objectclass'
+  STRUCTURAL
+  MUST ( uid )
+  MAY (userpassword $ description))
+
+# Ost mailbox
+objectclass (1.3.6.1.4.1.10650.3.1127.2.2.5
+  NAME 'lsmailbox'
+  DESC 'LS custom mailbox Objectclass'
+  STRUCTURAL
+  MUST ( uid )
+  MAY ( userPassword $ description $ eeallowedservices $ maildrop $ mailbox $ mail $ mailalternateaddress $ mailforwardingaddress $ mailquota ))
+
+# Ost computer
+objectclass (1.3.6.1.4.1.10650.3.1127.2.2.6
+  NAME 'lscomputer'
+  DESC 'LS computer Objectclass'
+  STRUCTURAL
+  MUST ( uid ))
+
+# Ost samba domains
+objectclass (1.3.6.1.4.1.10650.3.1127.2.2.8
+  NAME 'lssambadomain'
+  DESC 'LS samba domain Objectclass'
+  STRUCTURAL) 
+

trunk/lsexample/lsexample.ldif

@@ -0,0 +1,604 @@
+dn: o=ls
+objectClass: top
+objectClass: organization
+o: ls
+structuralObjectClass: organization
+entryUUID: 2229e388-825b-1029-838c-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111624Z
+modifyTimestamp: 20050706111624Z
+entryCSN: 20050706111624.000000Z#000001#000#000000
+
+dn: ou=sysaccounts,o=ls
+objectClass: top
+objectClass: organizationalUnit
+ou: sysaccounts
+structuralObjectClass: organizationalUnit
+entryUUID: 2238a738-825b-1029-838d-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111624Z
+modifyTimestamp: 20050706111624Z
+entryCSN: 20050706111624.000000Z#000002#000#000000
+
+dn: ou=people,o=ls
+objectClass: top
+objectClass: organizationalUnit
+ou: people
+structuralObjectClass: organizationalUnit
+entryUUID: 223b67e8-825b-1029-838e-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111624Z
+modifyTimestamp: 20050706111624Z
+entryCSN: 20050706111624.000000Z#000003#000#000000
+
+dn: ou=mailboxes,o=ls
+objectClass: top
+objectClass: organizationalUnit
+ou: mailboxes
+structuralObjectClass: organizationalUnit
+entryUUID: 2240f622-825b-1029-8390-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111624Z
+modifyTimestamp: 20050706111624Z
+entryCSN: 20050706111624.000000Z#000005#000#000000
+
+dn: ou=aliases,o=ls
+objectClass: top
+objectClass: organizationalUnit
+ou: aliases
+structuralObjectClass: organizationalUnit
+entryUUID: 2243b88a-825b-1029-8391-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111624Z
+modifyTimestamp: 20050706111624Z
+entryCSN: 20050706111624.000000Z#000006#000#000000
+
+dn: ou=computers,o=ls
+objectClass: top
+objectClass: organizationalUnit
+ou: computers
+structuralObjectClass: organizationalUnit
+entryUUID: 22468588-825b-1029-8392-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111624Z
+modifyTimestamp: 20050706111624Z
+entryCSN: 20050706111624.000000Z#000007#000#000000
+
+dn: ou=sambadomains,o=ls
+objectClass: top
+objectClass: organizationalUnit
+ou: sambadomains
+structuralObjectClass: organizationalUnit
+entryUUID: 224cf30a-825b-1029-8394-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111624Z
+modifyTimestamp: 20050706111624Z
+entryCSN: 20050706111624.000000Z#000009#000#000000
+
+dn: sambaDomainName=LS_NT,ou=sambadomains,o=ls
+objectClass: top
+objectClass: lssambadomain
+objectClass: sambaDomain
+sambaDomainName: LS_NT
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809
+structuralObjectClass: lssambadomain
+entryUUID: 2250d4ac-825b-1029-8395-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111624Z
+modifyTimestamp: 20050706111624Z
+entryCSN: 20050706111624.000000Z#00000a#000#000000
+
+dn: ou=groups,o=ls
+objectClass: top
+objectClass: organizationalUnit
+ou: groups
+structuralObjectClass: organizationalUnit
+entryUUID: 224947d2-825b-1029-8393-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111624Z
+modifyTimestamp: 20050706111624Z
+entryCSN: 20050706111624.000000Z#000008#000#000000
+
+dn: cn=adminldap,ou=groups,o=ls
+objectClass: top
+objectClass: lsgroup
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+cn: adminldap
+gidNumber: 70000
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-70000
+sambaGroupType: 2
+structuralObjectClass: lsgroup
+entryUUID: 226bb240-825b-1029-8396-b10e837060e0
+creatorsName: cn=anonymous
+createTimestamp: 20050706111625Z
+uniqueMember: uid=eeggs,ou=people,o=ls
+entryCSN: 20080211142717.746402Z#000000#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20080211142717Z
+
+dn: uid=mail,ou=sysaccounts,o=ls
+objectClass: top
+objectClass: lssysaccount
+uid: mail
+structuralObjectClass: lssysaccount
+userPassword: toto
+entryUUID: 22958d72-825b-1029-839c-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111625Z
+modifyTimestamp: 20050706111625Z
+entryCSN: 20050706111625.000000Z#000007#000#000000
+
+dn: uid=ftp,ou=sysaccounts,o=ls
+objectClass: top
+objectClass: lssysaccount
+uid: ftp
+structuralObjectClass: lssysaccount
+userPassword: toto
+entryUUID: 22a46608-825b-1029-839d-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111625Z
+modifyTimestamp: 20050706111625Z
+entryCSN: 20050706111625.000000Z#000008#000#000000
+
+dn: uid=http,ou=sysaccounts,o=ls
+objectClass: top
+objectClass: lssysaccount
+uid: http
+structuralObjectClass: lssysaccount
+userPassword: toto
+entryUUID: 22a7274e-825b-1029-839e-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111625Z
+modifyTimestamp: 20050706111625Z
+entryCSN: 20050706111625.000000Z#000009#000#000000
+
+dn: uid=samba,ou=sysaccounts,o=ls
+objectClass: top
+objectClass: lssysaccount
+uid: samba
+structuralObjectClass: lssysaccount
+entryUUID: 22a9f44c-825b-1029-839f-b10e837060e0
+creatorsName: cn=anonymous
+createTimestamp: 20050706111625Z
+userPassword: toto
+entryCSN: 20050706115506.000000Z#000001#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20050706115506Z
+
+dn: uid=ldapsaisie,ou=sysaccounts,o=ls
+objectClass: top
+objectClass: lssysaccount
+uid: ldapsaisie
+structuralObjectClass: lssysaccount
+userPassword: toto
+entryUUID: 22acb6aa-825b-1029-83a0-b10e837060e0
+creatorsName: cn=anonymous
+modifiersName: cn=anonymous
+createTimestamp: 20050706111625Z
+modifyTimestamp: 20050706111625Z
+entryCSN: 20050706111625.000000Z#00000b#000#000000
+
+dn: uid=nss,ou=sysaccounts,o=ls
+objectClass: top
+objectClass: lssysaccount
+uid: nss
+structuralObjectClass: lssysaccount
+entryUUID: 22b06d40-825b-1029-83a1-b10e837060e0
+creatorsName: cn=anonymous
+createTimestamp: 20050706111625Z
+userPassword: toto
+entryCSN: 20050706115152.000000Z#000001#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20050706115152Z
+
+dn: uid=eeggs,ou=people,o=ls
+objectClass: top
+objectClass: lspeople
+objectClass: posixAccount
+objectClass: sambaSamAccount
+uid: eeggs
+uidNumber: 100000
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-201000
+structuralObjectClass: lspeople
+entryUUID: 22b70a42-825b-1029-83a3-b10e837060e0
+creatorsName: cn=anonymous
+createTimestamp: 20050706111625Z
+gidNumber: 102009
+mail: eeggs@ldapsaisie.biz
+facsimileTelephoneNumber: 030000000
+vacationInfo: Je suis absent pour le moment
+vacationEnd: 20070101000000Z
+vacationForward: brenard@easter-eggs.com
+eeallowedservices: MAIL
+eeallowedservices: FTP
+description: Utilisateur test Easter-eggs
+cn: Easter Eggs
+sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205019
+mailbox: eeggs/
+personalTitle: M.
+userPassword: toto
+sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE
+sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0
+mailQuota: 5
+homeDirectory: /home/eeggs
+loginShell: /bin/false
+givenName: Easter
+maildrop: eeggs@ldapsaisie.biz
+vacationActive:
+sn: Eggs
+entryCSN: 20080211134602.394624Z#000000#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20080211134602Z
+
+dn: uid=invite,ou=people,o=ls
+objectClass: top
+objectClass: lspeople
+objectClass: posixAccount
+objectClass: sambaSamAccount
+uid: invite
+cn: Utilisateur de passage
+givenName: Utilisateur
+sn: de passage
+homeDirectory: /home/invite
+loginShell: /bin/false
+uidNumber: 101012
+gidNumber: 101009
+userPassword: toto
+sambaAcctFlags: [U          ]
+sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-203019
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203024
+mailbox: invite/
+mailQuota: 52428800
+eeallowedservices: MAIL
+eeallowedservices: SAMBA
+eeallowedservices: FTP
+mail: invite@ldapsaisie.biz
+maildrop: invite@ldapsaisie.biz
+structuralObjectClass: lspeople
+entryUUID: 233dd144-825b-1029-9a9d-8f6e2b792dd2
+creatorsName: cn=anonymous
+createTimestamp: 20050706111626Z
+sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
+entryCSN: 20050706133832.000000Z#000008#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20050706133832Z
+
+dn: uid=hmartin,ou=people,o=ls
+objectClass: top
+objectClass: lspeople
+objectClass: posixAccount
+objectClass: sambaSamAccount
+uid: hmartin
+homeDirectory: /home/com
+loginShell: /bin/false
+uidNumber: 101022
+sambaAcctFlags: [U          ]
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203044
+structuralObjectClass: lspeople
+entryUUID: 234393a4-825b-1029-9a9f-8f6e2b792dd2
+creatorsName: cn=anonymous
+createTimestamp: 20050706111626Z
+givenName: Henri
+sn: MARTIN
+gidNumber: 102001
+mail: henri.martin@ldapsaisie.biz
+maildrop: henri.martin@ldapsaisie.biz
+mailAlternateAddress: hmartin@ldapsaisie.biz
+vacationEnd: 20060101000000Z
+mailQuota: 52428800
+eeallowedservices: MAIL
+eeallowedservices: SAMBA
+eeallowedservices: FTP
+cn: Henri MARTIN
+sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003
+mailbox: hmartin/
+personalTitle: M.
+userPassword: toto
+sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE
+sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0
+entryCSN: 20080211164417.161923Z#000000#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20080211164417Z
+
+dn: uid=secretariat,ou=people,o=ls
+objectClass: top
+objectClass: lspeople
+objectClass: posixAccount
+objectClass: sambaSamAccount
+uid: secretariat
+homeDirectory: /home/secretariat
+loginShell: /bin/false
+uidNumber: 101036
+userPassword: toto
+sambaAcctFlags: [U          ]
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203072
+structuralObjectClass: lspeople
+entryUUID: 239920bc-825b-1029-9abb-8f6e2b792dd2
+creatorsName: cn=anonymous
+createTimestamp: 20050706111627Z
+sambaNTPassword: 8DB716B655D71DF6BD056A41B22B9EA9
+sambaLMPassword: 6CE56DC112C920EF0F5E44C88BF9DC39
+givenName: Secretariat
+sn: Secretariat
+gidNumber: 70513
+mail: secretariat@ldapsaisie.biz
+maildrop: secretariat@ldapsaisie.biz
+vacationEnd: 20050101000000Z
+mailQuota: 52428800
+eeallowedservices: MAIL
+eeallowedservices: SAMBA
+eeallowedservices: FTP
+cn: Secretariat Secretariat
+mailbox: secretariat/
+sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-513
+entryCSN: 20050706144306.000000Z#000001#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20050706144306Z
+
+dn: uid=ls,ou=people,o=ls
+objectClass: top
+objectClass: lspeople
+objectClass: posixAccount
+objectClass: sambaSamAccount
+uid: ls
+homeDirectory: /home/ls
+loginShell: /bin/false
+uidNumber: 101068
+userPassword: toto
+sambaAcctFlags: [U          ]
+sambaLMPassword: 6E72264E11F708C0AAD3B435B51404EE
+sambaNTPassword: 8D9B9B87EE8C0423691F4F0E00C5BDE1
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203136
+structuralObjectClass: lspeople
+entryUUID: 23afa346-825b-1029-9ac3-8f6e2b792dd2
+creatorsName: cn=anonymous
+createTimestamp: 20050706111627Z
+givenName: _
+sn: LdapSaisie
+gidNumber: 102001
+mail: ls@ldapsaisie.biz
+maildrop: ls@ldapsaisie.biz
+vacationEnd: 20060101000000Z
+mailQuota: 52428800
+eeallowedservices: MAIL
+eeallowedservices: SAMBA
+eeallowedservices: FTP
+cn: LS
+sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003
+mailbox: ls/
+entryCSN: 20061212145541.000000Z#000001#000#000000
+modifiersName: uid=catbo,ou=people,o=ls
+modifyTimestamp: 20061212145541Z
+
+dn: cn=invite,ou=groups,o=ls
+objectClass: top
+objectClass: lsgroup
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+cn: invite
+gidNumber: 101009
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203019
+sambaGroupType: 2
+structuralObjectClass: lsgroup
+entryUUID: 2425636a-825b-1029-9ae1-8f6e2b792dd2
+creatorsName: cn=anonymous
+createTimestamp: 20050706111628Z
+entryCSN: 20070308165544.000000Z#000000#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20070308165544Z
+
+dn: cn=ls,ou=groups,o=ls
+objectClass: top
+objectClass: lsgroup
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+cn: ls
+gidNumber: 102001
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205003
+sambaGroupType: 2
+structuralObjectClass: lsgroup
+entryUUID: 242bef1e-825b-1029-9ae3-8f6e2b792dd2
+creatorsName: cn=anonymous
+createTimestamp: 20050706111628Z
+uniqueMember: uid=secretariat,ou=people,o=ls
+entryCSN: 20080211142555.171664Z#000000#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20080211142555Z
+
+dn: cn=informatique,ou=groups,o=ls
+objectClass: top
+objectClass: lsgroup
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 102009
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205019
+sambaGroupType: 2
+structuralObjectClass: lsgroup
+entryUUID: 2438d9d6-825b-1029-9ae7-8f6e2b792dd2
+creatorsName: cn=anonymous
+createTimestamp: 20050706111628Z
+cn: informatique
+uniqueMember: uid=eeggs,ou=people,o=ls
+entryCSN: 20070309093000.000000Z#000000#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20070309093000Z
+
+dn: cn=direction,ou=groups,o=ls
+objectClass: top
+objectClass: lsgroup
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+cn: direction
+gidNumber: 102007
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205015
+sambaGroupType: 2
+structuralObjectClass: lsgroup
+entryUUID: 243f7a34-825b-1029-9ae9-8f6e2b792dd2
+creatorsName: cn=anonymous
+createTimestamp: 20050706111628Z
+entryCSN: 20070309093009.000000Z#000000#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20070309093009Z
+
+dn: cn=administratif,ou=groups,o=ls
+objectClass: top
+objectClass: lsgroup
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+cn: administratif
+gidNumber: 102005
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205011
+sambaGroupType: 2
+structuralObjectClass: lsgroup
+entryUUID: 245e0cb0-825b-1029-9af4-8f6e2b792dd2
+creatorsName: cn=anonymous
+createTimestamp: 20050706111628Z
+entryCSN: 20070308180424.000000Z#000001#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20070308180424Z
+
+dn: cn=communication,ou=groups,o=ls
+objectClass: top
+objectClass: lsgroup
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+cn: communication
+gidNumber: 102003
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205007
+sambaGroupType: 2
+structuralObjectClass: lsgroup
+entryUUID: 2460db34-825b-1029-9af5-8f6e2b792dd2
+creatorsName: cn=anonymous
+createTimestamp: 20050706111628Z
+entryCSN: 20070308180413.000000Z#000000#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20070308180413Z
+
+dn: uid=spam,ou=mailboxes,o=ls
+uid: spam
+userPassword: toto
+mailQuota: 104857600
+eeallowedservices: MAIL
+mail: spam@ldapsaisie.biz
+maildrop: spam@ldapsaisie.biz
+mailbox: spam/
+objectClass: top
+objectClass: lsmailbox
+structuralObjectClass: lsmailbox
+entryUUID: c88b9eb4-8301-1029-9567-dda2c03231d0
+creatorsName: uid=eeggs,ou=people,o=ls
+createTimestamp: 20050707070920Z
+entryCSN: 20050707070920.000000Z#000001#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20050707070920Z
+
+dn: uid=virus,ou=mailboxes,o=ls
+uid: virus
+userPassword: toto
+mailbox: virus/
+objectClass: top
+objectClass: lsmailbox
+structuralObjectClass: lsmailbox
+entryUUID: 974dac8c-8303-1029-9569-dda2c03231d0
+creatorsName: uid=eeggs,ou=people,o=ls
+createTimestamp: 20050707072216Z
+mailQuota: 104857600
+eeallowedservices: MAIL
+mail: virus@ldapsaisie.biz
+maildrop: virus@ldapsaisie.biz
+entryCSN: 20050707072249.000000Z#000001#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20050707072249Z
+
+dn: uid=gnarwl,ou=sysaccounts,o=ls
+objectClass: top
+objectClass: lssysaccount
+uid: gnarwl
+structuralObjectClass: lssysaccount
+entryUUID: f55954e0-fdcc-1029-9d72-de06c303d7ef
+creatorsName: uid=eeggs,ou=people,o=ls
+createTimestamp: 20051210133105Z
+userPassword: toto
+entryCSN: 20051210133237.000000Z#000001#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20051210133237Z
+
+dn: mail=informatique@ldapsaisie.biz,ou=aliases,o=ls
+objectClass: top
+objectClass: lsalias
+structuralObjectClass: lsalias
+entryUUID: 081e6612-fdd0-1029-9d73-de06c303d7ef
+creatorsName: uid=eeggs,ou=people,o=ls
+createTimestamp: 20051210135305Z
+mail: informatique@ldapsaisie.biz
+description: Service Informatique
+maildrop: eeggs@ldapsaisie.biz
+entryCSN: 20051210141428.000000Z#000001#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20051210141428Z
+
+dn: uid=erwpa,ou=people,o=ls
+uid: erwpa
+objectClass: top
+objectClass: lspeople
+objectClass: posixAccount
+objectClass: sambaSamAccount
+uidNumber: 101082
+sambaAcctFlags: [U          ]
+homeDirectory: /home/erwpa
+loginShell: /bin/false
+sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203164
+structuralObjectClass: lspeople
+entryUUID: aa7fcb30-b1a3-102a-875e-dcce935f6f2c
+sn: PAGEARD
+gidNumber: 102009
+mail: erwan.page@ldapsaisie.biz
+maildrop: erwan.page@ldapsaisie.biz
+vacationEnd: 20060101000000Z
+eeallowedservices: MAIL
+eeallowedservices: SAMBA
+eeallowedservices: FTP
+cn: Erwan PAGE
+sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205019
+mailbox: erwpa/
+personalTitle: M.
+givenName: Erwan
+userPassword: toto
+sambaLMPassword: BAC14D04669EE1D1AAD3B435B51404EE
+sambaNTPassword: FBBF55D0EF0E34D39593F55C5F2CA5F2
+entryCSN: 20080211170049.821887Z#000000#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20080211170049Z
+
+dn: cn=test,ou=groups,o=ls
+cn: test
+description: test BR
+objectClass: top
+objectClass: lsgroup
+objectClass: sambaGroupMapping
+objectClass: posixGroup
+sambaGroupType: 2
+gidNumber: 102012
+sambaSID: 42
+structuralObjectClass: lsgroup
+entryUUID: 91b290d2-6117-102b-9c6f-91889acd20dc
+creatorsName: uid=eeggs,ou=people,o=ls
+createTimestamp: 20070307164933Z
+entryCSN: 20070308165811.000000Z#000000#000#000000
+modifiersName: uid=eeggs,ou=people,o=ls
+modifyTimestamp: 20070308165811Z
+

trunk/lsexample/permissions-ls.conf

@@ -0,0 +1,208 @@
+## Racine
+access to dn.regex="^o=ls$" attrs="entry,children,objectclass"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by users read
+	by * read
+
+## Sysaccounts
+### Ajout d'entrees par les admins
+access to dn.regex="^ou=sysaccounts,o=ls$" attrs="children"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by users read
+	by * none
+
+access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs="entry,objectclass"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by users read
+	by * none
+
+### Les admins peuvent modifier le mot de passe, les autres peuvent s'en servir pour l'authentification
+access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs="userPassword"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by anonymous auth
+	by * none
+	
+### Les admins peuvent modifier tous les attributs, les autres ne voient rien
+access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by * none
+
+## Aliases
+### Ajout d'entrees par les admins
+access to dn.regex="^ou=aliases,o=ls$" attrs="children,objectclass"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by * read
+
+access to dn.regex="^mail=[^,]+,ou=aliases,o=ls$" attrs="entry,objectclass"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by * read
+
+### Les admins peuvent modifier tous les attributs, tout le monde peut voir
+access to dn.regex="^mail=[^,]+,ou=aliases,o=ls$"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by * read
+
+## Mailboxes
+### Ajout d'entrees par les admins
+access to dn.regex="^ou=mailboxes,o=ls$" attrs="children,objectclass"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by * read
+
+access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="entry,objectclass"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by * read
+
+### Les admins peuvent modifier le mot de passe, les autres peuvent s'en servir pour l'authentification
+access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="userPassword"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by anonymous auth
+	by * none
+	
+### Les admins peuvent modifier ces attributs, l'appli mail le voir, les autres aucun droits
+access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="mailbox,mailforwardingaddress"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by dn="uid=mail,ou=sysaccounts,o=ls" read
+	by * none
+
+### Les admins peuvent modifier ces attributs, les authentifies peuvent les voir
+access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="uid,description,mail,mailalternateaddress,mailquota,eeallowedservices"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by * read
+
+## Groups
+### Ajout d'entrees par les admins
+access to dn.regex="^ou=groups,o=ls$" attrs="children,objectclass"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by users read
+	by * none
+
+access to dn.regex="^cn=[^,]+,ou=groups,o=ls$" attrs="entry,objectclass"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by users read
+	by * none
+
+### Les admins peuvent tout modifier, les authentifies peuvent tout voir
+access to dn.regex="^cn=[^,]+,ou=groups,o=ls$"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by users read
+	by * none
+
+
+## Peoples
+### Ajout d'entrees par les admins
+access to dn.regex="^ou=people,o=ls$" attrs="children,objectclass"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by users read
+	by * read
+
+access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="entry,objectclass"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by users read
+	by * read
+
+
+### Les admins peuvent modifier le mot de passe, samba le mettre à jour, les autres peuvent s'en servir pour l'authentification
+access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="userPassword"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by dn="uid=samba,ou=sysaccounts,o=ls" write
+	by self write
+	by anonymous auth
+	by * none
+	
+### Les admins peuvent modifier ces attributs, l'appli mail les voir, les autres aucun droits
+access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="mailbox"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by dn="uid=mail,ou=sysaccounts,o=ls" read
+	by * none
+
+### Les admins peuvent modifier ces attributs, les authentifies peuvent les voir
+access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="uid,mailquota,eeallowedservices,uidNumber,gidNumber,homeDirectory,loginShell,sambaSID,sambaAcctFlags,sambaPrimaryGroupSID"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by users read
+	by * none
+
+### Les admins peuvent modifier ces attributs, le proprio aussi, gnarwl peut les modifier et mail les voir
+access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="mailforwardingaddress"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by dn="uid=gnarwl,ou=sysaccounts,o=ls" write
+	by self write
+	by dn="uid=mail,ou=sysaccounts,o=ls" read
+	by * none
+
+### Les admins peuvent modifier ces attributs, le proprio aussi, les authentifies peuvent les voir, gnarwl peut les modifier
+access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="vacationActive"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by dn="uid=gnarwl,ou=sysaccounts,o=ls" write
+	by self write
+	by users read
+	by * none
+
+### Les admins peuvent modifier ces attributs, le proprio aussi, mail et gnarwl peuvent les voir
+access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="vacationForward"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by self write
+	by dn="uid=mail,ou=sysaccounts,o=ls" read
+	by dn="uid=gnarwl,ou=sysaccounts,o=ls" read
+	by * none
+
+### Les admins peuvent modifier ces attributs, le proprio aussi, samba aussi
+access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="sambaLMPassword,sambaNTPassword"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by dn="uid=samba,ou=sysaccounts,o=ls" write
+	by self write
+	by * none
+
+### Les admins peuvent modifier ces attributs, le proprio aussi, les authentifies peuvent les voir
+access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="c,cn,jpegPhoto,personalTitle,sn,givenName,postalAddress,postalCode,l,st,telephoneNumber,mobile,fax,mail,mailalternateaddress,maildrop,description,vacationInfo,vacationEnd"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by self write
+	by users read
+	by * read
+
+## Computers
+### Ajout d'entrees par les admins
+access to dn.regex="^ou=computers,o=ls$" attrs="children,objectclass"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by dn="uid=samba,ou=sysaccounts,o=ls" write
+	by users read
+	by * none
+
+access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="entry,objectclass"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by dn="uid=samba,ou=sysaccounts,o=ls" write
+	by users read
+	by * none
+
+
+### Les admins peuvent modifier ces attributs, samba peut les voir
+access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="sambaLMPassword,sambaNTPassword"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by dn="uid=samba,ou=sysaccounts,o=ls" write
+	by * none
+
+### Les admins peuvent modifier ces attributs, les authentifiés peuvent les voir
+access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="cn,uid,uidNumber,gidNumber,homeDirectory,sambaSID,sambaPrimaryGroupSID,sambaAcctFlags,sambaPwdCanChange,sambaPwdMustChange,sambaPwdLastSet"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by dn="uid=samba,ou=sysaccounts,o=ls" write
+	by users read
+	by * none
+
+
+## Les authentifies peuvent voir les noeuds et les admins peuvent en ajouter
+access to * attrs="entry"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by users read
+	by * none
+
+## SambaDomains
+### Ajout d'entrees par les admins
+access to dn.regex="^ou=sambadomains,o=ls$"
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by dn="uid=samba,ou=sysaccounts,o=ls" read
+	by users read
+	by * none
+
+## Le reste
+access to *
+	by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
+	by * none

trunk/lsexample/slapd.conf

@@ -0,0 +1,28 @@
+include		/etc/ldap/schema/ls.schema
+
+
+database bdb
+suffix "o=ls"
+
+# The database directory MUST exist prior to running slapd AND 
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory /var/lib/ldap/ls
+
+# Indices to maintain
+index objectClass eq
+index uid pres,eq
+index uidNumber eq
+index gidNumber eq
+index eeallowedservices eq
+index cn pres,eq
+index mail pres,eq
+index mailalternateaddress pres,eq
+index sambasid eq
+index sambaDomainName eq
+index memberUid eq
+
+# Save the time that the entry gets modified, for database #1
+lastmod on
+
+include /etc/ldap/permissions-ls.conf

trunk/modify.php

@@ -30,20 +30,54 @@ if($LSsession -> startLSsession()) {
   // Définition du Titre de la page
   $GLOBALS['Smarty'] -> assign('pagetitle',_('Modifier'));
 
+  if (isset($_POST['LSform_objecttype'])) {
+    $LSobject = $_POST['LSform_objecttype'];
+  }
+  else if (isset($_GET['LSobject'])) {
+    $LSobject = $_GET['LSobject'];
+  }
+  
+  if (isset($_POST['LSform_objectdn'])) {
+    $dn = $_POST['LSform_objectdn'];
+  }
+  else if (isset($_GET['dn'])) {
+    $dn = $_GET['dn'];
+  }
+
+  if ((isset($dn)) && (isset($LSobject)) ) {
     // Création d'un LSobject
-  if (class_exists($_GET['LSobject'])) {
+    if (class_exists($LSobject)) {
-    debug('me : '.$GLOBALS['LSsession'] -> whoami($_GET['dn']));
+      if ( $GLOBALS['LSsession'] -> canEdit($LSobject,$dn) ) {
-    if ( $GLOBALS['LSsession'] -> whoami($_GET['dn']) != 'user' ) {
+        $LSview_actions[] = array(
-      $object = new $_GET['LSobject']();
+          'label' => _('Voir'),
-      if ($object -> loadData($_GET['dn'])) {
+          'url' =>'view.php?LSobject='.$LSobject.'&dn='.$dn,
-        $form = $object -> getForm('test');
+          'action' => 'view'
+        );
+        
+        if ($GLOBALS['LSsession'] -> canRemove($LSobject,$dn)) {
+          $LSview_actions[] = array(
+            'label' => _('Supprimer'),
+            'url' => 'remove.php?LSobject='.$LSobject.'&dn='.$dn,
+            'action' => 'delete'
+          );
+        }
+        
+        $object = new $LSobject();
+        if ($object -> loadData($dn)) {
+          $form = $object -> getForm('modify');
           if ($form->validate()) {
             // MàJ des données de l'objet LDAP
-          $object -> updateData('test');
+            if ($object -> updateData('modify')) {
+              header('Location: view.php?LSobject='.$LSobject.'&dn='.$object -> getDn());
             }
+          }
+          $GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
+          $GLOBALS['LSsession'] -> setTemplate('modify.tpl');
           $form -> display();
         }
-      else debug('erreur durant le chargement du dn');
+        else {
+          $GLOBALS['LSerror'] -> addErrorCode(1011);
+        }
       }
       else {
         $GLOBALS['LSerror'] -> addErrorCode(1011);
@@ -52,9 +86,11 @@ if($LSsession -> startLSsession()) {
     else {
       $GLOBALS['LSerror'] -> addErrorCode(21);
     }
+  }
+  else {
+    $GLOBALS['LSerror'] -> addErrorCode(1012);
+  }
 
-  // Template
-  $GLOBALS['LSsession'] -> setTemplate('modify.tpl');
 }
 else {
   $GLOBALS['LSsession'] -> setTemplate('login.tpl');

trunk/remove.php

@@ -0,0 +1,78 @@
+<?php
+/*******************************************************************************
+ * Copyright (C) 2007 Easter-eggs
+ * http://ldapsaisie.labs.libre-entreprise.org
+ *
+ * Author: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+******************************************************************************/
+
+require_once 'includes/functions.php';
+require_once 'includes/class/class.LSsession.php';
+
+$GLOBALS['LSsession'] = new LSsession();
+
+if($LSsession -> startLSsession()) {
+
+  if ((isset($_GET['LSobject'])) && (isset($_GET['dn']))) {
+    
+    if ($GLOBALS['LSsession'] -> loadLSobject($_GET['LSobject'])) {
+        if ( $GLOBALS['LSsession'] -> canRemove($_GET['LSobject'],$_GET['dn']) ) {
+          $object = new $_GET['LSobject']();
+          if ($object -> loadData($_GET['dn'])) {
+            if (isset($_GET['valid'])) {
+              $objectname=$object -> getDisplayValue();
+              $GLOBALS['Smarty'] -> assign('pagetitle',_('Suppression').' : '.$objectname);
+              if ($object -> remove()) {
+                $GLOBALS['Smarty'] -> assign('question',$objectname.' '._('a bien été supprimé').'.');
+              }
+              else {
+                $GLOBALS['LSerror'] -> addErrorCode(35,$objectname);
+              }
+            }
+            else {
+              // Définition du Titre de la page
+              $GLOBALS['Smarty'] -> assign('pagetitle',_('Suppresion').' : '.$object -> getDisplayValue());
+              $GLOBALS['Smarty'] -> assign('question',_('Voulez-vous vraiment supprimer').' <strong>'.$object -> getDisplayValue().'</strong> ?');
+              $GLOBALS['Smarty'] -> assign('validation_url','remove.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$_GET['dn'].'&amp;valid');
+              $GLOBALS['Smarty'] -> assign('validation_txt',_('Valider'));
+            }
+            $GLOBALS['LSsession'] -> setTemplate('question.tpl');
+          }
+          else {
+            $GLOBALS['LSerror'] -> addErrorCode(1012);
+          }
+        }
+        else {
+          $GLOBALS['LSerror'] -> addErrorCode(1011);
+        }
+    }
+    else {
+      $GLOBALS['LSerror'] -> addErrorCode(21);
+    }
+  }
+  else {
+    $GLOBALS['LSerror'] -> addErrorCode(1012);
+  }
+
+}
+else {
+  $GLOBALS['LSsession'] -> setTemplate('login.tpl');
+}
+
+// Affichage des retours d'erreurs
+$GLOBALS['LSsession'] -> displayTemplate();
+?>

trunk/templates/create.tpl

@@ -0,0 +1,52 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+  <head>
+    <title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
+    <link rel="stylesheet" type="text/css" href="templates/css/base.css" media="screen" title="Normal" />
+    {$LSsession_css}
+    {$LSsession_js}
+  </head>
+<body>
+<div id='LSerror'>
+{$LSerrors}
+</div>
+<div id='LSdebug'>
+  <a href='#' id='LSdebug_hidden'>X</a> 
+  <div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
+</div>
+
+<div id='main'>
+  <div id='left'>
+    <img src='templates/images/logo.png' alt='Logo' id='logo'/>
+    <ul class='menu'>
+    {foreach from=$LSaccess item=item key=LSobject}
+      <li class='menu'><a href='view.php?LSobject={$LSobject}' class='menu'>{$item.label}</a></li>
+    {/foreach}
+    </ul>
+  </div>
+  <div id='right'>
+    <p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
+    
+    {if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
+    
+    <form action='{$LSform_action}' method='post' class='LSform'>
+    {$LSform_header}
+    <dl class='LSform'>
+      {foreach from=$LSform_fields item=field}
+      <dt class='LSform'>{$field.label}</dt>
+      <dd class='LSform'>{$field.html}{if $field.add != ''} <span class='LSform-addfield'>+ Ajouter un champ</span>{/if}</dd>
+      {if $field.errors != ''}
+        {foreach from=$field.errors item=error}
+        <dd class='LSform LSform-errors'>{$error}</dd>
+        {/foreach}
+      {/if}
+      {/foreach}
+      <dd class='LSform'><input type='submit' value='{$LSform_submittxt}' class='LSform' /></dd>
+    </dl>
+    </form>
+  </div>
+  <hr class='spacer' />
+</div>
+</body>
+</html>

trunk/templates/css/LSform.css

@@ -1,20 +1,3 @@
-p.LSform-view-actions {
-  text-align:                 right;
-  font-size:                  0.8em;
-  margin:                     0.2em;
-  margin-right:               3em;
-  color:                      #0072b8;
-}
-
-a.LSform-view-actions {
-  text-decoration:            none;
-  color:                      #0072b8;
-}
-
-a.LSform-view-actions:hover {
-  text-decoration:            underline;
-}
-
 dl.LSform {
   margin:                     0;
   margin-left:                2em;

trunk/templates/css/base.css

@@ -114,6 +114,10 @@ td.LSobject-list-actions {
   width:              7em;
 }
 
+td.LSobject-list-names {
+  cursor:             pointer;
+}
+
 p.LSobject-list-page {
   text-align:         center;
   margin:             0.5em;
@@ -132,3 +136,21 @@ a.LSobject-list-page:hover {
 strong.LSobject-list-page {
   color:              #0072b8;
 }
+
+p.LSview-actions {
+  text-align:                 right;
+  font-size:                  0.8em;
+  margin:                     0.2em;
+  margin-right:               3em;
+  color:                      #0072b8;
+}
+
+p.question {
+  margin-left:        3em;
+}
+
+a.question {
+  margin-left:        10em;
+  margin-top:         3em;
+  color:              #0072b8;
+}

trunk/templates/modify.tpl

@@ -29,7 +29,13 @@
     <p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
     
     {if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
-    <p class='LSform-view-actions'><a href='view.php?LSobject={$LSform_object.type}&amp;dn={$LSform_object.dn}' class='LSform-view-actions'>Voir</a></p>
+    {if $LSview_actions != ''}
+    <p class='LSview-actions'>
+      {foreach from=$LSview_actions item=item}
+        <a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
+      {/foreach}
+    </p>
+    {/if}
     
     <form action='{$LSform_action}' method='post' class='LSform'>
     {$LSform_header}

trunk/templates/question.tpl

@@ -0,0 +1,45 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+  <head>
+    <title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
+    <link rel="stylesheet" type="text/css" href="templates/css/base.css" media="screen" title="Normal" />
+    {$LSsession_css}
+    {$LSsession_js}
+  </head>
+<body>
+<div id='LSerror'>
+{$LSerrors}
+</div>
+<div id='LSdebug'>
+  <a href='#' id='LSdebug_hidden'>X</a> 
+  <div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
+</div>
+
+<div id='main'>
+  <div id='left'>
+    <img src='templates/images/logo.png' alt='Logo' id='logo'/>
+    <ul class='menu'>
+    {foreach from=$LSaccess item=item key=LSobject_type}
+      <li class='menu'><a href='view.php?LSobject={$LSobject_type}' class='menu'>{$item.label}</a></li>
+    {/foreach}
+    </ul>
+  </div>
+  <div id='right'>
+    <p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
+    {if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
+    {if $LSview_actions != ''}
+    <p class='LSview-actions'>
+      {foreach from=$LSview_actions item=item}
+        <a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
+      {/foreach}
+    </p>
+    {/if}
+    
+    <p class='question'>{$question}</p>
+    {if $validation_txt!=''}<a href='{$validation_url}' class='question'>Valider</a>{/if}
+  </div>
+  <hr class='spacer' />
+</div>
+</body>
+</html>

trunk/templates/view.tpl

@@ -28,7 +28,14 @@
   <div id='right'>
     <p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
     {if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
-    {if $LSform_canEdit == 'true'}<p class='LSform-view-actions'><a href='modify.php?LSobject={$LSform_object.type}&amp;dn={$LSform_object.dn}' class='LSform-view-actions'>Modifier</a></p>{/if}
+    {if $LSview_actions != ''}
+    <p class='LSview-actions'>
+      {foreach from=$LSview_actions item=item}
+        <a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
+      {/foreach}
+    </p>
+    {/if}
+    
     <dl class='LSform'>
       {foreach from=$LSform_fields item=field}
       <dt class='LSform'>{$field.label}</dt>

trunk/templates/viewList.tpl

@@ -28,6 +28,14 @@
   <div id='right'>
     <p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
     {if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
+    
+    {if $LSview_actions != ''}
+    <p class='LSview-actions'>
+      {foreach from=$LSview_actions item=item}
+        <a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
+      {/foreach}
+    </p>
+    {/if}
     <table class='LSobject-list'>
       <tr class='LSobject-list'>
         <th class='LSobject-list'>{$LSobject_list_objectname}</th>
@@ -36,7 +44,13 @@
     {foreach from=$LSobject_list item=object}
         <tr class='LSobject-list'>
             <td class='LSobject-list LSobject-list-names'><a href='view.php?LSobject={$LSobject_list_objecttype}&amp;dn={$object.dn}'  class='LSobject-list'>{$object.displayValue}</a> </td>
-            <td class='LSobject-list LSobject-list-actions'>{if $object.canEdit}<a href='modify.php?LSobject={$LSobject_list_objecttype}&amp;dn={$object.dn}'  class='LSobject-list-actions'><img src='templates/images/edit.png' alt='{$_Modifier}' title='{$_Modifier}'/></a>{/if}</td>
+            <td class='LSobject-list LSobject-list-actions'>
+            {if $object.actions!=''}
+            {foreach from=$object.actions item=item}
+              <a href='{$item.url}'  class='LSobject-list-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}'/></a>
+            {/foreach}
+            {/if}
+            </td>
         </tr>
     {/foreach}
     </table>

trunk/view.php

@@ -28,14 +28,37 @@ require_once 'includes/class/class.LSsession.php';
 $GLOBALS['LSsession'] = new LSsession();
 
 if($LSsession -> startLSsession()) {
+  if (isset($_GET['LSobject'])) {
     $LSobject = $_GET['LSobject'];
     
     if ( $LSobject == 'SELF' ) {
       if ($GLOBALS['LSsession'] -> canAccess($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
-      if ( $GLOBALS['LSsession'] -> canEdit($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
+        if ( $GLOBALS['LSsession'] -> canEdit($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn')) ) {
-        $GLOBALS['Smarty'] -> assign('LSform_canEdit',true);
+          $LSview_actions[] = array (
+            'label' => _('Modifier'),
+            'url' => 'modify.php?LSobject='.$GLOBALS['LSsession']-> LSuserObject -> getType().'&dn='.$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'),
+            'action' => 'modify'
+          );
         }
+        
+        if ($GLOBALS['LSsession'] -> canCreate($GLOBALS['LSsession']-> LSuserObject -> getType())) {
+          $LSview_actions[] = array(
+            'label' => _('Copier'),
+            'url' =>'create.php?LSobject='.$GLOBALS['LSsession']-> LSuserObject -> getType().'&load='.$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'),
+            'action' => 'copy'
+          );
+        }
+        
+        if ($GLOBALS['LSsession'] -> canRemove($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
+          $LSview_actions[] = array (
+            'label' => _('Supprimer'),
+            'url' => 'remove.php?LSobject='.$GLOBALS['LSsession']-> LSuserObject -> getType().'&dn='.$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'),
+            'action' => 'delete'
+          );
+        }
+        
         $GLOBALS['Smarty'] -> assign('pagetitle',_('Mon compte'));
+        $GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
         $form = $GLOBALS['LSsession']-> LSuserObject -> getView();
         $form -> displayView();
         $GLOBALS['LSsession'] -> setTemplate('view.tpl');
@@ -49,12 +72,35 @@ if($LSsession -> startLSsession()) {
         if ( isset($_GET['dn']) ) {
           if ($GLOBALS['LSsession'] -> canAccess($_GET['LSobject'],$_GET['dn'])) {
             if ( $GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$_GET['dn']) ) {
-            $GLOBALS['Smarty'] -> assign('LSform_canEdit','true');
+              $LSview_actions[] = array(
+                'label' => _('Modifier'),
+                'url' =>'modify.php?LSobject='.$_GET['LSobject'].'&dn='.$_GET['dn'],
+                'action' => 'modify'
+              );
             }
+            
+            if ($GLOBALS['LSsession'] -> canCreate($_GET['LSobject'])) {
+              $LSview_actions[] = array(
+                'label' => _('Copier'),
+                'url' =>'create.php?LSobject='.$_GET['LSobject'].'&load='.$_GET['dn'],
+                'action' => 'copy'
+              );
+            }
+            
+            if ($GLOBALS['LSsession'] -> canRemove($_GET['LSobject'],$_GET['dn'])) {
+              $LSview_actions[] = array(
+                'label' => _('Supprimer'),
+                'url' => 'remove.php?LSobject='.$_GET['LSobject'].'&dn='.$_GET['dn'],
+                'action' => 'delete'
+              );
+            }
+            
             $object = new $_GET['LSobject']();
             $object -> loadData($_GET['dn']);
             $view = $object -> getView();
             $view -> displayView();
+            $GLOBALS['Smarty'] -> assign('pagetitle',$object -> getDisplayValue());
+            $GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
             $GLOBALS['LSsession'] -> setTemplate('view.tpl');
           }
           else {
@@ -66,6 +112,16 @@ if($LSsession -> startLSsession()) {
           $object = new $_GET['LSobject']();
           $GLOBALS['Smarty']->assign('pagetitle',$object -> getLabel());
           $GLOBALS['Smarty']->assign('LSobject_list_objectname',$object -> getLabel());
+          
+          if ($GLOBALS['LSsession'] -> canCreate($_GET['LSobject'])) {
+            $LSview_actions[] = array (
+              'label' => _('Nouveau'),
+              'url' => 'create.php?LSobject='.$_GET['LSobject'],
+              'action' => 'create'
+            );
+            $canCopy=true;
+          }
+          
           $list=$object -> listObjects();
           $nbObjects=count($list);
           if ($nbObjects > NB_LSOBJECT_LIST) {
@@ -81,11 +137,42 @@ if($LSsession -> startLSsession()) {
             }
           }
           foreach($list as $thisObject) {
+            unset($actions);
             if ($GLOBALS['LSsession'] -> canAccess($_GET['LSobject'],$thisObject->getValue('dn'))) {
+              $actions[] = array(
+                'label' => _('Voir'),
+                'url' =>'view.php?LSobject='.$_GET['LSobject'].'&dn='.$thisObject -> getValue('dn'),
+                'action' => 'view'
+              );
+              
+              if ($GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$thisObject->getValue('dn'))) {
+                $actions[]=array(
+                  'label' => _('Modifier'),
+                  'url' => 'modify.php?LSobject='.$_GET['LSobject'].'&dn='.$thisObject->getValue('dn'),
+                  'action' => 'modify'
+                );
+              }
+              
+              if ($canCopy) {
+                $actions[] = array(
+                  'label' => _('Copier'),
+                  'url' =>'create.php?LSobject='.$_GET['LSobject'].'&load='.$thisObject -> getValue('dn'),
+                  'action' => 'copy'
+                );
+              }
+              
+              if ($GLOBALS['LSsession'] -> canRemove($thisObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
+                $actions[] = array (
+                  'label' => _('Supprimer'),
+                  'url' => 'remove.php?LSobject='.$_GET['LSobject'].'&dn='.$thisObject -> getValue('dn'),
+                  'action' => 'delete'
+                );
+              }
+              
               $objectList[]=array(
                 'dn' => $thisObject->getValue('dn'),
                 'displayValue' => $thisObject->getDisplayValue(),
-              'canEdit' => $GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$thisObject->getValue('dn'))
+                'actions' => $actions
               );
             }
             else {
@@ -98,6 +185,7 @@ if($LSsession -> startLSsession()) {
           $GLOBALS['Smarty']->assign('_Modifier',_('Modifier'));
           $GLOBALS['Smarty']->assign('LSobject_list',$objectList);
           $GLOBALS['Smarty']->assign('LSobject_list_objecttype',$_GET['LSobject']);
+          $GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
           $GLOBALS['LSsession'] -> setTemplate('viewList.tpl');
         }
       }
@@ -105,6 +193,10 @@ if($LSsession -> startLSsession()) {
         $GLOBALS['LSerror'] -> addErrorCode(1004,$_GET['LSobject']);
       }
     }
+  }
+  else {
+    $GLOBALS['LSerror'] -> addErrorCode(1012);
+  }
 }
 else {
   $GLOBALS['LSsession'] -> setTemplate('login.tpl');