- Développement des capacité de l'interface (ajout / suppression / copie / modification)
- Création d'un annuaire de test (dossier lsexample) - Debug divers
|
@ -43,7 +43,8 @@ $GLOBALS['LSobjects']['LSeecompany'] = array (
|
|||
'admin' => 'w'
|
||||
),
|
||||
'form' => array (
|
||||
'test' => 1
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
)
|
||||
),
|
||||
'dc' => array (
|
||||
|
@ -57,7 +58,8 @@ $GLOBALS['LSobjects']['LSeecompany'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
)
|
||||
)
|
||||
)
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
|
||||
$GLOBALS['LSobjects']['LSeegroup'] = array (
|
||||
'objectclass' => array(
|
||||
'lsgroup',
|
||||
'posixGroup'
|
||||
),
|
||||
'rdn' => 'cn',
|
||||
|
@ -51,7 +52,8 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
|
|||
'admin' => 'w'
|
||||
),
|
||||
'form' => array (
|
||||
'test' => 1
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
)
|
||||
),
|
||||
'gidNumber' => array (
|
||||
|
@ -59,6 +61,7 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
|
|||
'ldap_type' => 'numeric',
|
||||
'html_type' => 'text',
|
||||
'required' => 1,
|
||||
'generate_function' => 'generate_gidNumber',
|
||||
'validation' => array (
|
||||
array (
|
||||
'filter' => 'gidNumber=%{val}',
|
||||
|
@ -71,7 +74,7 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
|
|||
'admin' => 'w'
|
||||
),
|
||||
'form' => array (
|
||||
'test' => 1
|
||||
'modify' => 1
|
||||
)
|
||||
),
|
||||
'uniqueMember' => array (
|
||||
|
@ -91,10 +94,10 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
|
|||
'admin' => 'w'
|
||||
),
|
||||
'form' => array (
|
||||
'test' => 1
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
),
|
||||
'possible_values' => array(
|
||||
'aucun' => _('-- Selectionner --'),
|
||||
'OTHER_OBJECT' => array(
|
||||
'object_type' => 'LSeepeople', // Nom de l'objet à lister
|
||||
'display_attribute' => '%{cn} (%{uidNumber})', // Spécifie le attributs à lister pour le choix,
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
$GLOBALS['LSobjects']['LSeepeople'] = array (
|
||||
'objectclass' => array(
|
||||
'top',
|
||||
'lspeople',
|
||||
'posixAccount',
|
||||
'sambaSamAccount',
|
||||
),
|
||||
|
@ -58,8 +59,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 0,
|
||||
'add' => 1
|
||||
'modify' => 0,
|
||||
'create' => 1
|
||||
)
|
||||
),
|
||||
'uidNumber' => array (
|
||||
|
@ -86,7 +87,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 0,
|
||||
'modify' => 0,
|
||||
)
|
||||
),
|
||||
'cn' => array (
|
||||
|
@ -103,8 +104,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'add' => 1
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
)
|
||||
),
|
||||
'givenName' => array (
|
||||
|
@ -125,8 +126,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'add' => 1
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
),
|
||||
'onDisplay' => 'return_data'
|
||||
),
|
||||
|
@ -135,15 +136,15 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
'ldap_type' => 'ascii',
|
||||
'html_type' => 'text',
|
||||
'required' => 1,
|
||||
'rights' => array( // Définition de droits : 'r' => lecture / 'w' => modification / '' => aucun (par defaut)
|
||||
'self' => 'w', // définition des droits de l'utilisateur sur lui même
|
||||
'user' => 'r', // définition des droits de tout les utilisateurs
|
||||
'rights' => array(
|
||||
'self' => 'w',
|
||||
'user' => 'r',
|
||||
'admin' => 'w'
|
||||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'add' => 1
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
)
|
||||
),
|
||||
'gidNumber' => array (
|
||||
|
@ -166,8 +167,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'add' => 1
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
),
|
||||
'possible_values' => array(
|
||||
'OTHER_OBJECT' => array(
|
||||
|
@ -200,8 +201,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'add' => 1
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
),
|
||||
'possible_values' => array(
|
||||
'/bin/false' => _('Aucun'),
|
||||
|
@ -218,7 +219,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
'admin' => 'r'
|
||||
),
|
||||
'form' => array (
|
||||
//'test' => 0,
|
||||
//'modify' => 0,
|
||||
)
|
||||
),
|
||||
'homeDirectory' => array (
|
||||
|
@ -233,7 +234,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'modify' => 1,
|
||||
)
|
||||
),
|
||||
'mail' => array (
|
||||
|
@ -253,8 +254,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'add' => 1
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
)
|
||||
),
|
||||
'personalTitle' => array (
|
||||
|
@ -270,8 +271,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'add' => 1
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
),
|
||||
'possible_values' => array(
|
||||
'M.' => 'M.',
|
||||
|
@ -295,7 +296,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'modify' => 1,
|
||||
)
|
||||
),
|
||||
'vacationActive' => array (
|
||||
|
@ -315,7 +316,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'modify' => 1,
|
||||
),
|
||||
'possible_values' => array(
|
||||
'' => 'Non',
|
||||
|
@ -333,7 +334,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'modify' => 1,
|
||||
)
|
||||
),
|
||||
'vacationForward' => array (
|
||||
|
@ -352,7 +353,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'modify' => 1,
|
||||
)
|
||||
),
|
||||
'mailQuota' => array (
|
||||
|
@ -370,7 +371,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'modify' => 1,
|
||||
)
|
||||
),
|
||||
'description' => array (
|
||||
|
@ -384,7 +385,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
),
|
||||
'view' => 1,
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
)
|
||||
),
|
||||
'userPassword' => array (
|
||||
|
@ -401,23 +403,29 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
|
|||
'sambaNTPassword'
|
||||
),
|
||||
'form' => array (
|
||||
'test' => 1,
|
||||
'add' => 1
|
||||
'modify' => 1,
|
||||
'create' => 1
|
||||
)
|
||||
),
|
||||
'sambaLMPassword' => array (
|
||||
'label' => _('Mot de passe Samba (LM)'),
|
||||
'ldap_type' => 'ascii',
|
||||
'html_type' => 'password',
|
||||
'html_type' => 'text',
|
||||
'required' => 1,
|
||||
'generate_function' => 'generate_sambaLMPassword'
|
||||
'generate_function' => 'generate_sambaLMPassword',
|
||||
'form' => array (
|
||||
'modify' => 0
|
||||
)
|
||||
),
|
||||
'sambaNTPassword' => array (
|
||||
'label' => _('Mot de passe Samba (NT)'),
|
||||
'ldap_type' => 'ascii',
|
||||
'html_type' => 'password',
|
||||
'html_type' => 'text',
|
||||
'required' => 1,
|
||||
'generate_function' => 'generate_sambaNTPassword'
|
||||
'generate_function' => 'generate_sambaNTPassword',
|
||||
'form' => array (
|
||||
'modify' => 0
|
||||
)
|
||||
)
|
||||
)
|
||||
);
|
||||
|
|
|
@ -104,6 +104,10 @@ $GLOBALS['LSerror_code'] = array (
|
|||
'msg' => _("LSldapObject : L'attribut %{attr_depend} dépendant de l'attribut %{attr} n'existe pas."),
|
||||
'level' => 'w'
|
||||
),
|
||||
35 => array (
|
||||
'msg' => _("LSldapObject : Erreur durant la suppression de %{objectname}."),
|
||||
'level' => 'c'
|
||||
),
|
||||
|
||||
// LSldapObject
|
||||
41 => array (
|
||||
|
@ -238,6 +242,11 @@ $GLOBALS['LSerror_code'] = array (
|
|||
1011 => array (
|
||||
'msg' => _("LSsession : Vous n'êtes pas authorisé à effectuer cette action."),
|
||||
'level' => 'c'
|
||||
),
|
||||
1012 => array (
|
||||
'msg' => _("LSsession : Des informations sont manquantes pour l'affichage de cette page."),
|
||||
'level' => 'c'
|
||||
)
|
||||
|
||||
);
|
||||
?>
|
||||
|
|
|
@ -28,13 +28,13 @@ $GLOBALS['LSconfig'] = array(
|
|||
'cacheLSrights' => true,
|
||||
'ldap_servers' => array (
|
||||
array (
|
||||
'name' => 'Ldap 1',
|
||||
'name' => 'LSexample',
|
||||
'ldap_config'=> array(
|
||||
'host' => '127.0.0.1',
|
||||
'port' => 389,
|
||||
'version' => 3,
|
||||
'starttls' => false,
|
||||
'binddn' => 'uid=toto,ou=people,o=ls',
|
||||
'binddn' => 'uid=eeggs,ou=people,o=ls',
|
||||
'bindpw' => 'toto',
|
||||
'basedn' => 'o=ls',
|
||||
'options' => array(),
|
||||
|
@ -42,9 +42,11 @@ $GLOBALS['LSconfig'] = array(
|
|||
'scope' => 'sub'
|
||||
),
|
||||
'LSadmins' => array (
|
||||
'o=ost' => array (
|
||||
'uid=toto,ou=people,o=ls' => NULL,
|
||||
'cn=adminldap,ou=groups,o=ost' => array (
|
||||
'o=ls' => array (
|
||||
'uid=eeggs,ou=people,o=ls' => NULL
|
||||
),
|
||||
'ou=people,o=ls' => array (
|
||||
'cn=adminldap,ou=groups,o=ls' => array (
|
||||
'attr' => 'uniqueMember',
|
||||
'LSobject' => 'LSeegroup'
|
||||
)
|
||||
|
@ -76,7 +78,7 @@ $GLOBALS['LSconfig'] = array(
|
|||
);
|
||||
|
||||
//Debug
|
||||
$GLOBALS['LSdebug']['active'] = false;
|
||||
$GLOBALS['LSdebug']['active'] = true;
|
||||
|
||||
// Définitions des locales
|
||||
$textdomain = 'ldapsaisie';
|
||||
|
|
79
trunk/create.php
Normal file
|
@ -0,0 +1,79 @@
|
|||
<?php
|
||||
/*******************************************************************************
|
||||
* Copyright (C) 2007 Easter-eggs
|
||||
* http://ldapsaisie.labs.libre-entreprise.org
|
||||
*
|
||||
* Author: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License version 2
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
******************************************************************************/
|
||||
|
||||
require_once 'includes/functions.php';
|
||||
require_once 'includes/class/class.LSsession.php';
|
||||
|
||||
$GLOBALS['LSsession'] = new LSsession();
|
||||
|
||||
if($LSsession -> startLSsession()) {
|
||||
|
||||
if (isset($_POST['LSform_objecttype'])) {
|
||||
$LSobject = $_POST['LSform_objecttype'];
|
||||
}
|
||||
else if (isset($_GET['LSobject'])) {
|
||||
$LSobject = $_GET['LSobject'];
|
||||
}
|
||||
|
||||
if (isset($LSobject)) {
|
||||
// Création d'un LSobject
|
||||
if (class_exists($LSobject)) {
|
||||
if ( $GLOBALS['LSsession'] -> canCreate($LSobject) ) {
|
||||
$object = new $LSobject();
|
||||
|
||||
if ($_GET['load']!='') {
|
||||
$form = $object -> getForm('create',$_GET['load']);
|
||||
}
|
||||
else {
|
||||
$form = $object -> getForm('create');
|
||||
}
|
||||
if ($form->validate()) {
|
||||
// MàJ des données de l'objet LDAP
|
||||
if ($object -> updateData('create')) {
|
||||
header('Location: view.php?LSobject='.$LSobject.'&dn='.$object -> getDn());
|
||||
}
|
||||
}
|
||||
// Définition du Titre de la page
|
||||
$GLOBALS['Smarty'] -> assign('pagetitle',_('Nouveau').' : '.$object -> getLabel());
|
||||
$GLOBALS['LSsession'] -> setTemplate('create.tpl');
|
||||
$form -> display();
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1011);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(21);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1012);
|
||||
}
|
||||
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSsession'] -> setTemplate('login.tpl');
|
||||
}
|
||||
|
||||
// Affichage des retours d'erreurs
|
||||
$GLOBALS['LSsession'] -> displayTemplate();
|
||||
?>
|
|
@ -22,200 +22,201 @@
|
|||
|
||||
|
||||
/*
|
||||
* Données de configuration pour le support SAMBA
|
||||
*/
|
||||
* Données de configuration pour le support SAMBA
|
||||
*/
|
||||
|
||||
// SID du domaine Samba géré
|
||||
define('LS_SAMBA_DOMAIN_SID','S-1-5-21-2421470416-3566881284-3047381809');
|
||||
// SID du domaine Samba géré
|
||||
define('LS_SAMBA_DOMAIN_SID','S-1-5-21-2421470416-3566881284-3047381809');
|
||||
|
||||
// Nombre de base pour le calcul des sambaSID Utilisateur
|
||||
define('LS_SAMBA_SID_BASE_USER',1000);
|
||||
// Nombre de base pour le calcul des sambaSID Utilisateur
|
||||
define('LS_SAMBA_SID_BASE_USER',1000);
|
||||
|
||||
// Nombre de base pour le calcul des sambaSID Groupe
|
||||
define('LS_SAMBA_SID_BASE_GROUP',1001);
|
||||
// Nombre de base pour le calcul des sambaSID Groupe
|
||||
define('LS_SAMBA_SID_BASE_GROUP',1001);
|
||||
|
||||
/*
|
||||
/*
|
||||
* NB : C'est deux nombres doivent être pour l'un paire et pour l'autre impaire
|
||||
* pour conserver l'unicité des SID
|
||||
*/
|
||||
* pour conserver l'unicité des SID
|
||||
*/
|
||||
|
||||
// Nom de l'attribut LDAP uidNumber
|
||||
define('LS_SAMBA_UIDNUMBER_ATTR','uidNumber');
|
||||
// Nom de l'attribut LDAP uidNumber
|
||||
define('LS_SAMBA_UIDNUMBER_ATTR','uidNumber');
|
||||
|
||||
// Nom de l'attribut LDAP gidNumber
|
||||
define('LS_SAMBA_GIDNUMBER_ATTR','gidNumber');
|
||||
// Nom de l'attribut LDAP gidNumber
|
||||
define('LS_SAMBA_GIDNUMBER_ATTR','gidNumber');
|
||||
|
||||
// Nom de l'attribut LDAP userPassword
|
||||
define('LS_SAMBA_USERPASSWORD_ATTR','userPassword');
|
||||
// Nom de l'attribut LDAP userPassword
|
||||
define('LS_SAMBA_USERPASSWORD_ATTR','userPassword');
|
||||
|
||||
// Message d'erreur
|
||||
// Message d'erreur
|
||||
|
||||
$GLOBALS['error_code']['SAMBA_SUPPORT_01']= array (
|
||||
'msg' => _("SAMBA Support : la classe smHash ne peut pas être chargée."),
|
||||
'level' => 'c'
|
||||
);
|
||||
$GLOBALS['error_code']['SAMBA_SUPPORT_02']= array (
|
||||
'msg' => _("SAMBA Support : La constante %{const} n'est pas définie."),
|
||||
'level' => 'c'
|
||||
);
|
||||
$GLOBALS['error_code']['SAMBA_SUPPORT_01']= array (
|
||||
'msg' => _("SAMBA Support : la classe smHash ne peut pas être chargée."),
|
||||
'level' => 'c'
|
||||
);
|
||||
$GLOBALS['error_code']['SAMBA_SUPPORT_02']= array (
|
||||
'msg' => _("SAMBA Support : La constante %{const} n'est pas définie."),
|
||||
'level' => 'c'
|
||||
);
|
||||
|
||||
$GLOBALS['error_code']['SAMBA_SUPPORT_03']= array (
|
||||
'msg' => _("SAMBA Support : Les constantes LS_SAMBA_SID_BASE_USER et LS_SAMBA_SID_BASE_GROUP ne doivent pas avoir la même parité pour l'unicité des sambaSID."),
|
||||
'level' => 'c'
|
||||
);
|
||||
$GLOBALS['error_code']['SAMBA_SUPPORT_03']= array (
|
||||
'msg' => _("SAMBA Support : Les constantes LS_SAMBA_SID_BASE_USER et LS_SAMBA_SID_BASE_GROUP ne doivent pas avoir la même parité pour l'unicité des sambaSID."),
|
||||
'level' => 'c'
|
||||
);
|
||||
|
||||
|
||||
$GLOBALS['error_code']['SAMBA_01']= array (
|
||||
'msg' => _("SAMBA Support : L'attribut %{dependency} est introuvable. Impossible de générer l'attribut %{attr}."),
|
||||
'level' => 'c'
|
||||
);
|
||||
$GLOBALS['error_code']['SAMBA_01']= array (
|
||||
'msg' => _("SAMBA Support : L'attribut %{dependency} est introuvable. Impossible de générer l'attribut %{attr}."),
|
||||
'level' => 'c'
|
||||
);
|
||||
|
||||
/*
|
||||
* Fin des données de configuration
|
||||
*/
|
||||
* Fin des données de configuration
|
||||
*/
|
||||
|
||||
|
||||
/*
|
||||
* Verification du support Samba par ldapSaisie
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @retval boolean true si Samba est pleinement supporté, false sinon
|
||||
*/
|
||||
function LSaddon_samba_support() {
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @retval boolean true si Samba est pleinement supporté, false sinon
|
||||
*/
|
||||
function LSaddon_samba_support() {
|
||||
|
||||
$retval=true;
|
||||
$retval=true;
|
||||
|
||||
// Dependance de librairie
|
||||
if ( !class_exists('smbHash') ) {
|
||||
if ( ! @include_once(LS_LIB_DIR . 'class.smbHash.php') ) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O1');
|
||||
$retval=false;
|
||||
}
|
||||
}
|
||||
// Dependance de librairie
|
||||
if ( !class_exists('smbHash') ) {
|
||||
if ( ! @include_once(LS_LIB_DIR . 'class.smbHash.php') ) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O1');
|
||||
$retval=false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$MUST_DEFINE_CONST= array(
|
||||
'LS_SAMBA_DOMAIN_SID',
|
||||
'LS_SAMBA_SID_BASE_USER',
|
||||
'LS_SAMBA_SID_BASE_GROUP',
|
||||
'LS_SAMBA_UIDNUMBER_ATTR',
|
||||
'LS_SAMBA_GIDNUMBER_ATTR',
|
||||
'LS_SAMBA_USERPASSWORD_ATTR'
|
||||
);
|
||||
$MUST_DEFINE_CONST= array(
|
||||
'LS_SAMBA_DOMAIN_SID',
|
||||
'LS_SAMBA_SID_BASE_USER',
|
||||
'LS_SAMBA_SID_BASE_GROUP',
|
||||
'LS_SAMBA_UIDNUMBER_ATTR',
|
||||
'LS_SAMBA_GIDNUMBER_ATTR',
|
||||
'LS_SAMBA_USERPASSWORD_ATTR'
|
||||
);
|
||||
|
||||
foreach($MUST_DEFINE_CONST as $const) {
|
||||
if ( constant($const) == '' ) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O2',$const);
|
||||
$retval=false;
|
||||
}
|
||||
}
|
||||
foreach($MUST_DEFINE_CONST as $const) {
|
||||
if ( constant($const) == '' ) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O2',$const);
|
||||
$retval=false;
|
||||
}
|
||||
}
|
||||
|
||||
// Pour l'intégrité des SID
|
||||
if ( (LS_SAMBA_SID_BASE_USER % 2) == (LS_SAMBA_SID_BASE_GROUP % 2) ) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O3');
|
||||
$retval=false;
|
||||
}
|
||||
// Pour l'intégrité des SID
|
||||
if ( (LS_SAMBA_SID_BASE_USER % 2) == (LS_SAMBA_SID_BASE_GROUP % 2) ) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_SUPPORT_O3');
|
||||
$retval=false;
|
||||
}
|
||||
|
||||
return $retval;
|
||||
}
|
||||
return $retval;
|
||||
}
|
||||
|
||||
/*
|
||||
* Generation de sambaSID
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* Number = LS_SAMBA_UIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_USER
|
||||
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
|
||||
*
|
||||
* @param[in] $ldapObject L'objet ldap
|
||||
*
|
||||
* @retval string SambaSID ou false si il y a un problème durant la génération
|
||||
*/
|
||||
function generate_sambaSID($ldapObject) {
|
||||
if ( get_class($ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ]) != 'LSattribute' ) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_UIDNUMBER_ATTR, 'attr' => 'sambaSID'));
|
||||
return;
|
||||
}
|
||||
* Generation de sambaSID
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* Number = LS_SAMBA_UIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_USER
|
||||
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
|
||||
*
|
||||
* @param[in] $ldapObject L'objet ldap
|
||||
*
|
||||
* @retval string SambaSID ou false si il y a un problème durant la génération
|
||||
*/
|
||||
function generate_sambaSID($ldapObject) {
|
||||
if ( get_class($ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ]) != 'LSattribute' ) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_01',array('dependency' => LS_SAMBA_UIDNUMBER_ATTR, 'attr' => 'sambaSID'));
|
||||
return;
|
||||
}
|
||||
|
||||
$uidNumber = $ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_USER;
|
||||
$sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $uidNumber;
|
||||
$uidNumber = $ldapObject -> attrs[ LS_SAMBA_UIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_USER;
|
||||
$sambaSID = LS_SAMBA_DOMAIN_SID . '-' . $uidNumber;
|
||||
|
||||
return ($sambaSID);
|
||||
}
|
||||
return ($sambaSID);
|
||||
}
|
||||
|
||||
/*
|
||||
* Generation de sambaPrimaryGroupSID
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP
|
||||
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
|
||||
*
|
||||
* @param[in] $ldapObject L'objet ldap
|
||||
*
|
||||
* @retval string sambaPrimaryGroupSID ou false si il y a un problème durant la génération
|
||||
*/
|
||||
function generate_sambaPrimaryGroupSID($ldapObject) {
|
||||
if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_02',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaPrimaryGroupSID'));
|
||||
return;
|
||||
}
|
||||
* Generation de sambaPrimaryGroupSID
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* Number = LS_SAMBA_GIDNUMBER_ATTR * 2 + LS_SAMBA_SID_BASE_GROUP
|
||||
* sambaSID = LS_SAMBA_DOMAIN_SID-Number
|
||||
*
|
||||
* @param[in] $ldapObject L'objet ldap
|
||||
*
|
||||
* @retval string sambaPrimaryGroupSID ou false si il y a un problème durant la génération
|
||||
*/
|
||||
function generate_sambaPrimaryGroupSID($ldapObject) {
|
||||
if ( get_class($ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ]) != 'LSattribute' ) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_02',array('dependency' => LS_SAMBA_GIDNUMBER_ATTR, 'attr' => 'sambaPrimaryGroupSID'));
|
||||
return;
|
||||
}
|
||||
|
||||
$gidNumber = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_GROUP;
|
||||
$sambaPrimaryGroupSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber;
|
||||
$gidNumber = $ldapObject -> attrs[ LS_SAMBA_GIDNUMBER_ATTR ] -> getValue() * 2 + LS_SAMBA_SID_BASE_GROUP;
|
||||
$sambaPrimaryGroupSID = LS_SAMBA_DOMAIN_SID . '-' . $gidNumber;
|
||||
|
||||
return ($sambaPrimaryGroupSID);
|
||||
}
|
||||
return ($sambaPrimaryGroupSID);
|
||||
}
|
||||
|
||||
/*
|
||||
* Generation de sambaNTPassword
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @param[in] $ldapObject L'objet ldap
|
||||
*
|
||||
* @retval string sambaNTPassword ou false si il y a un problème durant la génération
|
||||
*/
|
||||
function generate_sambaNTPassword($ldapObject) {
|
||||
* Generation de sambaNTPassword
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @param[in] $ldapObject L'objet ldap
|
||||
*
|
||||
* @retval string sambaNTPassword ou false si il y a un problème durant la génération
|
||||
*/
|
||||
function generate_sambaNTPassword($ldapObject) {
|
||||
if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_03',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaNTPassword'));
|
||||
return;
|
||||
}
|
||||
|
||||
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
|
||||
$sambapassword = new smbHash;
|
||||
$sambaNTPassword = $sambapassword -> nthash($password);
|
||||
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
|
||||
debug('pwd : '.$password);
|
||||
$sambapassword = new smbHash;
|
||||
$sambaNTPassword = $sambapassword -> nthash($password);
|
||||
|
||||
if($sambaNTPassword == '') {
|
||||
return;
|
||||
}
|
||||
return $sambaNTPassword;
|
||||
}
|
||||
if($sambaNTPassword == '') {
|
||||
return;
|
||||
}
|
||||
return $sambaNTPassword;
|
||||
}
|
||||
|
||||
/*
|
||||
* Generation de sambaLMPassword
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @param[in] $ldapObject L'objet ldap
|
||||
*
|
||||
* @retval string sambaLMPassword ou false si il y a un problème durant la génération
|
||||
*/
|
||||
function generate_sambaLMPassword($ldapObject) {
|
||||
* Generation de sambaLMPassword
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @param[in] $ldapObject L'objet ldap
|
||||
*
|
||||
* @retval string sambaLMPassword ou false si il y a un problème durant la génération
|
||||
*/
|
||||
function generate_sambaLMPassword($ldapObject) {
|
||||
if ( get_class($ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ]) != 'LSattribute' ) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode('SAMBA_04',array('dependency' => LS_SAMBA_USERPASSWORD_ATTR, 'attr' => 'sambaLMPassword'));
|
||||
return;
|
||||
}
|
||||
|
||||
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
|
||||
$sambapassword = new smbHash;
|
||||
$sambaLMPassword = $sambapassword -> lmhash($password);
|
||||
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
|
||||
$sambapassword = new smbHash;
|
||||
$sambaLMPassword = $sambapassword -> lmhash($password);
|
||||
|
||||
if($sambaLMPassword == '') {
|
||||
return;
|
||||
}
|
||||
return $sambaLMPassword;
|
||||
}
|
||||
if($sambaLMPassword == '') {
|
||||
return;
|
||||
}
|
||||
return $sambaLMPassword;
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -80,14 +80,6 @@ class LSattr_html {
|
|||
function addToForm (&$form,$idForm,$data=NULL) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(101,$this -> name);
|
||||
}
|
||||
|
||||
function __sleep() {
|
||||
return ( array_keys( get_object_vars( &$this ) ) );
|
||||
}
|
||||
|
||||
function __wakeup() {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -37,10 +37,10 @@ class LSattr_html_select_list extends LSattr_html{
|
|||
* @retval LSformElement L'element du formulaire ajouté
|
||||
*/
|
||||
function addToForm (&$form,$idForm,$data=NULL) {
|
||||
if (count($data)>1) {
|
||||
/*if (count($data)>1) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(103,'select_list');
|
||||
return;
|
||||
}
|
||||
}*/
|
||||
$possible_values=$this -> getPossibleValues();
|
||||
$this -> config['text_possible_values'] = $possible_values;
|
||||
$element=$form -> addElement('select', $this -> name, $this -> config['label'],$this -> config);
|
||||
|
|
|
@ -26,38 +26,38 @@
|
|||
*/
|
||||
class LSattr_ldap_password extends LSattr_ldap {
|
||||
|
||||
var $clearPassword = NULL;
|
||||
var $clearPassword = NULL;
|
||||
|
||||
/**
|
||||
* Retourne la valeur d'affichage de l'attribut après traitement lié à son type ldap
|
||||
*
|
||||
* @param[in] $data mixed La valeur de l'attribut
|
||||
*
|
||||
* @retval mixed La valeur d'affichage de l'attribut
|
||||
*/
|
||||
/**
|
||||
* Retourne la valeur d'affichage de l'attribut après traitement lié à son type ldap
|
||||
*
|
||||
* @param[in] $data mixed La valeur de l'attribut
|
||||
*
|
||||
* @retval mixed La valeur d'affichage de l'attribut
|
||||
*/
|
||||
function getDisplayValue($data) {
|
||||
return '********';
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne la valeur de l'attribut après traitement lié à son type ldap
|
||||
*
|
||||
* @param[in] $data mixed La valeur de l'attribut
|
||||
*
|
||||
* @retval mixed La valeur traitée de l'attribut
|
||||
*/
|
||||
/**
|
||||
* Retourne la valeur de l'attribut après traitement lié à son type ldap
|
||||
*
|
||||
* @param[in] $data mixed La valeur de l'attribut
|
||||
*
|
||||
* @retval mixed La valeur traitée de l'attribut
|
||||
*/
|
||||
function getUpdateData($data) {
|
||||
$this -> clearPassord = $data[0];
|
||||
$this -> clearPassword = $data[0];
|
||||
return '{CRYPT}'.crypt($data[0],'$1$'.$this -> getSalt().'$');
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne une salt (chaine de caractère aléatoire) de la longueur passée en paramètre
|
||||
*
|
||||
* @param[in] integer La longueur de la salt (par defaut : 8)
|
||||
*
|
||||
* @retval string La salt
|
||||
*/
|
||||
/**
|
||||
* Retourne une salt (chaine de caractère aléatoire) de la longueur passée en paramètre
|
||||
*
|
||||
* @param[in] integer La longueur de la salt (par defaut : 8)
|
||||
*
|
||||
* @retval string La salt
|
||||
*/
|
||||
function getSalt($length=8) {
|
||||
$pattern = "1234567890abcdefghijklmnopqrstuvwxyz";
|
||||
$key = $pattern{rand(0,35)};
|
||||
|
@ -68,14 +68,14 @@ class LSattr_ldap_password extends LSattr_ldap {
|
|||
return $key;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne le mot de passe en texte clair
|
||||
*
|
||||
* @retval string Le mot de passe en texte clair
|
||||
*/
|
||||
function getClearPassword() {
|
||||
return $this -> clearPassword;
|
||||
}
|
||||
/**
|
||||
* Retourne le mot de passe en texte clair
|
||||
*
|
||||
* @retval string Le mot de passe en texte clair
|
||||
*/
|
||||
function getClearPassword() {
|
||||
return $this -> clearPassword;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -184,15 +184,19 @@ class LSattribute {
|
|||
* @param[in] object $form Le formulaire dans lequel doit être ajouté l'attribut
|
||||
* @param[in] string $idForm L'identifiant du formulaire
|
||||
* @param[in] objet &$obj Objet utilisable pour la génération de la valeur de l'attribut
|
||||
* @param[in] array $value valeur de l'élement
|
||||
*
|
||||
* @retval boolean true si l'ajout a fonctionner ou qu'il n'est pas nécessaire, false sinon
|
||||
*/
|
||||
function addToForm(&$form,$idForm,&$obj=NULL) {
|
||||
function addToForm(&$form,$idForm,&$obj=NULL,$value=NULL) {
|
||||
if(isset($this -> config['form'][$idForm])) {
|
||||
if($this -> myRights() == 'n') {
|
||||
return true;
|
||||
}
|
||||
if($this -> data !='') {
|
||||
if ($value) {
|
||||
$data = $value;
|
||||
}
|
||||
else if($this -> data !='') {
|
||||
$data=$this -> getFormVal();
|
||||
}
|
||||
else if (isset($this -> config['default_value'])) {
|
||||
|
@ -235,6 +239,11 @@ class LSattribute {
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Récupération des droits de l'utilisateur sur l'attribut
|
||||
*
|
||||
* @retval string 'r'/'w'/'n' pour 'read'/'write'/'none'
|
||||
**/
|
||||
function myRights() {
|
||||
// cache
|
||||
if ($this -> _myRights != NULL) {
|
||||
|
@ -484,13 +493,6 @@ class LSattribute {
|
|||
return $this -> config['dependAttrs'];
|
||||
}
|
||||
|
||||
function __sleep() {
|
||||
return ( array_keys( get_object_vars( &$this ) ) );
|
||||
}
|
||||
|
||||
function __wakeup() {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -85,7 +85,7 @@ class LSform {
|
|||
$GLOBALS['Smarty'] -> assign('LSform_header',$LSform_header);
|
||||
$LSform_object = array(
|
||||
'type' => $this -> ldapObject -> getType(),
|
||||
'dn' => $this -> ldapObject -> getDn()
|
||||
'dn' => $this -> ldapObject -> getValue('dn')
|
||||
);
|
||||
$GLOBALS['Smarty'] -> assign('LSform_object',$LSform_object);
|
||||
$fields = array();
|
||||
|
|
|
@ -52,12 +52,12 @@ class LSformElement {
|
|||
*
|
||||
* @retval true
|
||||
*/
|
||||
function LSformElement (&$form, $name, $label, $params){
|
||||
function LSformElement (&$form, $name, $label, $params){
|
||||
$this -> name = $name;
|
||||
$this -> label = $label;
|
||||
$this -> params = $params;
|
||||
$this -> form = $form;
|
||||
return true;
|
||||
$this -> label = $label;
|
||||
$this -> params = $params;
|
||||
$this -> form = $form;
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -72,15 +72,15 @@ class LSformElement {
|
|||
* @retval boolean Retourne True
|
||||
*/
|
||||
function setValue($data) {
|
||||
if (!is_array($data)) {
|
||||
$data=array($data);
|
||||
}
|
||||
if (!is_array($data)) {
|
||||
$data=array($data);
|
||||
}
|
||||
|
||||
$this -> values = $data;
|
||||
return true;
|
||||
$this -> values = $data;
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
/**
|
||||
* Ajoute une valeur à l'élément
|
||||
*
|
||||
* Cette méthode ajoute une valeur à l'élément
|
||||
|
@ -92,24 +92,24 @@ class LSformElement {
|
|||
* @retval void
|
||||
*/
|
||||
function addValue($data) {
|
||||
if (is_array($data)) {
|
||||
$this -> values = array_merge($this -> values, $data);
|
||||
}
|
||||
else {
|
||||
$this -> values[] = $data;
|
||||
}
|
||||
if (is_array($data)) {
|
||||
$this -> values = array_merge($this -> values, $data);
|
||||
}
|
||||
else {
|
||||
$this -> values[] = $data;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test si l'élément est éditable
|
||||
*
|
||||
* Cette méthode test si l'élément est éditable
|
||||
*
|
||||
* @retval boolean
|
||||
*/
|
||||
function isFreeze(){
|
||||
return $this -> _freeze;
|
||||
}
|
||||
/**
|
||||
* Test si l'élément est éditable
|
||||
*
|
||||
* Cette méthode test si l'élément est éditable
|
||||
*
|
||||
* @retval boolean
|
||||
*/
|
||||
function isFreeze(){
|
||||
return $this -> _freeze;
|
||||
}
|
||||
|
||||
/*
|
||||
* Freeze l'élément
|
||||
|
@ -119,7 +119,7 @@ class LSformElement {
|
|||
* @retval void
|
||||
*/
|
||||
function freeze() {
|
||||
$this -> _freeze = true;
|
||||
$this -> _freeze = true;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -130,109 +130,109 @@ class LSformElement {
|
|||
* @retval void
|
||||
*/
|
||||
function setRequired($isRequired=true) {
|
||||
$this -> _required = $isRequired;
|
||||
$this -> _required = $isRequired;
|
||||
}
|
||||
|
||||
/*
|
||||
* Test si l'élément est requis
|
||||
*
|
||||
* Cette méthode test si l'élément est requis
|
||||
*
|
||||
* @retval boolean
|
||||
*/
|
||||
function isRequired(){
|
||||
return $this -> _required;
|
||||
}
|
||||
/*
|
||||
* Test si l'élément est requis
|
||||
*
|
||||
* Cette méthode test si l'élément est requis
|
||||
*
|
||||
* @retval boolean
|
||||
*/
|
||||
function isRequired(){
|
||||
return $this -> _required;
|
||||
}
|
||||
|
||||
/**
|
||||
* Affiche le label de l'élement
|
||||
*
|
||||
* @retval void
|
||||
*/
|
||||
function displayLabel() {
|
||||
if ($this -> isRequired()) {
|
||||
$required=" <span class='required_elements'>*</span>";
|
||||
}
|
||||
else {
|
||||
$required="";
|
||||
}
|
||||
echo "\t\t<td>".$this -> getLabel()."$required</td>\n";
|
||||
}
|
||||
/**
|
||||
* Affiche le label de l'élement
|
||||
*
|
||||
* @retval void
|
||||
*/
|
||||
function displayLabel() {
|
||||
if ($this -> isRequired()) {
|
||||
$required=" <span class='required_elements'>*</span>";
|
||||
}
|
||||
else {
|
||||
$required="";
|
||||
}
|
||||
echo "\t\t<td>".$this -> getLabel()."$required</td>\n";
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne le label de l'élement
|
||||
*
|
||||
* @retval void
|
||||
*/
|
||||
function getLabelInfos() {
|
||||
if ($this -> isRequired()) {
|
||||
$return['required']=true;
|
||||
}
|
||||
$return['label'] = $this -> getLabel();
|
||||
return $return;
|
||||
}
|
||||
/**
|
||||
* Retourne le label de l'élement
|
||||
*
|
||||
* @retval void
|
||||
*/
|
||||
function getLabelInfos() {
|
||||
if ($this -> isRequired()) {
|
||||
$return['required']=true;
|
||||
}
|
||||
$return['label'] = $this -> getLabel();
|
||||
return $return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Recupère la valeur de l'élement passée en POST
|
||||
*
|
||||
* Cette méthode vérifie la présence en POST de la valeur de l'élément et la récupère
|
||||
* pour la mettre dans le tableau passer en paramètre avec en clef le nom de l'élément
|
||||
*
|
||||
* @param[] array Pointeur sur le tableau qui recupèrera la valeur.
|
||||
*
|
||||
* @retval boolean true si la valeur est présente en POST, false sinon
|
||||
*/
|
||||
function getPostData(&$return) {
|
||||
if($this -> params['form'][$this -> form -> idForm] != 1) {
|
||||
return true;
|
||||
}
|
||||
if (isset($_POST[$this -> name])) {
|
||||
if(!is_array($_POST[$this -> name])) {
|
||||
$_POST[$this -> name] = array($_POST[$this -> name]);
|
||||
}
|
||||
foreach($_POST[$this -> name] as $key => $val) {
|
||||
$return[$this -> name][$key] = $val;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
$return[$this -> name] = array();
|
||||
return true;
|
||||
}
|
||||
}
|
||||
/**
|
||||
* Recupère la valeur de l'élement passée en POST
|
||||
*
|
||||
* Cette méthode vérifie la présence en POST de la valeur de l'élément et la récupère
|
||||
* pour la mettre dans le tableau passer en paramètre avec en clef le nom de l'élément
|
||||
*
|
||||
* @param[] array Pointeur sur le tableau qui recupèrera la valeur.
|
||||
*
|
||||
* @retval boolean true si la valeur est présente en POST, false sinon
|
||||
*/
|
||||
function getPostData(&$return) {
|
||||
if($this -> isFreeze()) {
|
||||
return true;
|
||||
}
|
||||
if (isset($_POST[$this -> name])) {
|
||||
if(!is_array($_POST[$this -> name])) {
|
||||
$_POST[$this -> name] = array($_POST[$this -> name]);
|
||||
}
|
||||
foreach($_POST[$this -> name] as $key => $val) {
|
||||
$return[$this -> name][$key] = $val;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
$return[$this -> name] = array();
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne le label de l'élement
|
||||
*
|
||||
* Retourne $this -> label, ou $this -> params['label'], ou $this -> name
|
||||
*
|
||||
* @retval string Le label de l'élément
|
||||
*/
|
||||
function getLabel() {
|
||||
if ($this -> label != "") {
|
||||
return $this -> label;
|
||||
}
|
||||
else if ($this -> params['label']) {
|
||||
return $this -> params['label'];
|
||||
}
|
||||
else {
|
||||
return $this -> name;
|
||||
}
|
||||
}
|
||||
/**
|
||||
* Retourne le label de l'élement
|
||||
*
|
||||
* Retourne $this -> label, ou $this -> params['label'], ou $this -> name
|
||||
*
|
||||
* @retval string Le label de l'élément
|
||||
*/
|
||||
function getLabel() {
|
||||
if ($this -> label != "") {
|
||||
return $this -> label;
|
||||
}
|
||||
else if ($this -> params['label']) {
|
||||
return $this -> params['label'];
|
||||
}
|
||||
else {
|
||||
return $this -> name;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne l'HTML pour les boutons d'ajout et de suppression de champs du formulaire LSform
|
||||
*
|
||||
* @retval string Le code HTML des boutons
|
||||
*/
|
||||
function getMultipleData() {
|
||||
if ($this -> params['multiple'] == true ) {
|
||||
return "<img src='templates/images/add.png' id='LSform_add_field_btn_".$this -> name."_".rand()."' class='LSform-add-field-btn' alt='"._('Ajouter')."'/><img src='templates/images/remove.png' class='LSform-remove-field-btn' alt='"._('Supprimer')."'/>";
|
||||
}
|
||||
else {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
/**
|
||||
* Retourne l'HTML pour les boutons d'ajout et de suppression de champs du formulaire LSform
|
||||
*
|
||||
* @retval string Le code HTML des boutons
|
||||
*/
|
||||
function getMultipleData() {
|
||||
if ($this -> params['multiple'] == true ) {
|
||||
return "<img src='templates/images/add.png' id='LSform_add_field_btn_".$this -> name."_".rand()."' class='LSform-add-field-btn' alt='"._('Ajouter')."'/><img src='templates/images/remove.png' class='LSform-remove-field-btn' alt='"._('Supprimer')."'/>";
|
||||
}
|
||||
else {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
|
||||
class LSformElement_password extends LSformElement {
|
||||
|
||||
/**
|
||||
/**
|
||||
* Recupère la valeur de l'élement passée en POST
|
||||
*
|
||||
* Cette méthode vérifie la présence en POST de la valeur de l'élément et la récupère
|
||||
|
@ -43,17 +43,17 @@ class LSformElement_password extends LSformElement {
|
|||
* @retval boolean true si la valeur est présente en POST, false sinon
|
||||
*/
|
||||
function getPostData(&$return) {
|
||||
// Récupère la valeur dans _POST, et les vérifie avec la fonction générale
|
||||
$retval = parent :: getPostData($return);
|
||||
// Si une valeur est recupérée
|
||||
// Récupère la valeur dans _POST, et les vérifie avec la fonction générale
|
||||
$retval = parent :: getPostData($return);
|
||||
// Si une valeur est recupérée
|
||||
if ($retval) {
|
||||
$val = $this -> form -> ldapObject -> attrs[$this -> name] -> getValue();
|
||||
if( (empty($return[$this -> name][0]) ) && ( ! empty( $val ) ) ) {
|
||||
unset($return[$this -> name]);
|
||||
$this -> form -> _notUpdate[$this -> name] == true;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
$val = $this -> form -> ldapObject -> attrs[$this -> name] -> getValue();
|
||||
if( (empty($return[$this -> name][0]) ) && ( ! empty( $val ) ) ) {
|
||||
unset($return[$this -> name]);
|
||||
$this -> form -> _notUpdate[$this -> name] == true;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return $retval;
|
||||
}
|
||||
|
||||
|
@ -64,22 +64,25 @@ class LSformElement_password extends LSformElement {
|
|||
*
|
||||
* @retval array
|
||||
*/
|
||||
function getDisplay(){
|
||||
$return = $this -> getLabelInfos();
|
||||
if (!$this -> isFreeze()) {
|
||||
$return['html'] = "<input type='password' name='".$this -> name."[]' />\n* "._('Modification uniquement').".";
|
||||
}
|
||||
else {
|
||||
if (empty($this -> values)) {
|
||||
$return['html'] = _('Aucunes valeur definie');
|
||||
}
|
||||
else {
|
||||
$return['html'] = "********";
|
||||
}
|
||||
function getDisplay(){
|
||||
$return = $this -> getLabelInfos();
|
||||
if (!$this -> isFreeze()) {
|
||||
$return['html'] = "<input type='password' name='".$this -> name."[]' />\n";
|
||||
if (!empty($this -> values)) {
|
||||
$return['html'] .= "* "._('Modification uniquement').".";
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (empty($this -> values)) {
|
||||
$return['html'] = _('Aucunes valeur definie');
|
||||
}
|
||||
else {
|
||||
$return['html'] = "********";
|
||||
}
|
||||
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -50,7 +50,7 @@ class LSformElement_select extends LSformElement {
|
|||
$multiple_tag='multiple';
|
||||
}
|
||||
|
||||
$return['html'] = "<select name='".$this -> name."' $multiple_tag class='LSform'>\n";
|
||||
$return['html'] = "<select name='".$this -> name."[]' $multiple_tag class='LSform'>\n";
|
||||
foreach ($this -> params['text_possible_values'] as $choice_value => $choice_text) {
|
||||
if (in_array($choice_value, $this -> values)) {
|
||||
$selected=' selected';
|
||||
|
|
|
@ -212,13 +212,13 @@ class LSldap {
|
|||
* @retval boolean true si l'objet a bien été mis à jour, false sinon
|
||||
*/
|
||||
function update($object_type,$dn,$change) {
|
||||
debug($change);
|
||||
debug($change);
|
||||
if($entry=$this -> getEntry($object_type,$dn)) {
|
||||
$entry -> replace($change);
|
||||
$ret = $entry -> update();
|
||||
if (Net_Ldap::isError($ret)) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(5,$dn);
|
||||
debug('NetLdap-Error : '.$ret->getMessage());
|
||||
debug('NetLdap-Error : '.$ret->getMessage());
|
||||
}
|
||||
else {
|
||||
return true;
|
||||
|
@ -234,16 +234,16 @@ class LSldap {
|
|||
* Test de bind
|
||||
*
|
||||
* Cette methode établie une connexion à l'annuaire Ldap et test un bind
|
||||
* avec un login et un mot de passe passé en paramètre
|
||||
* avec un login et un mot de passe passé en paramètre
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @retval boolean true si la connection à réussi, false sinon
|
||||
*/
|
||||
function checkBind($dn,$pwd) {
|
||||
$config = $this -> config;
|
||||
$config['binddn'] = $dn;
|
||||
$config['bindpw'] = $pwd;
|
||||
$config = $this -> config;
|
||||
$config['binddn'] = $dn;
|
||||
$config['bindpw'] = $pwd;
|
||||
$cnx = Net_LDAP::connect($config);
|
||||
if (Net_LDAP::isError($cnx)) {
|
||||
return;
|
||||
|
@ -251,14 +251,25 @@ class LSldap {
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne l'état de la connexion Ldap
|
||||
*
|
||||
* @retval boolean True si le serveur est connecté, false sinon.
|
||||
*/
|
||||
function isConnected() {
|
||||
return ($this -> cnx == NULL)?false:true;
|
||||
}
|
||||
/**
|
||||
* Retourne l'état de la connexion Ldap
|
||||
*
|
||||
* @retval boolean True si le serveur est connecté, false sinon.
|
||||
*/
|
||||
function isConnected() {
|
||||
return ($this -> cnx == NULL)?false:true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Supprime un objet de l'annuaire
|
||||
*
|
||||
* @param[in] string DN de l'objet à supprimer
|
||||
*
|
||||
* @retval boolean True si l'objet à été supprimé, false sinon
|
||||
*/
|
||||
function remove($dn) {
|
||||
return $this -> cnx -> delete($dn);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -87,13 +87,16 @@ class LSldapObject {
|
|||
* @retval boolean true si la chargement a réussi, false sinon.
|
||||
*/
|
||||
function loadData($dn) {
|
||||
$this -> dn = $dn;
|
||||
$data = $GLOBALS['LSldap'] -> getAttrs($dn);
|
||||
$this -> dn = $dn;
|
||||
$data = $GLOBALS['LSldap'] -> getAttrs($dn);
|
||||
if(!empty($data)) {
|
||||
foreach($this -> attrs as $attr_name => $attr) {
|
||||
if(!$this -> attrs[$attr_name] -> loadData($data[$attr_name]))
|
||||
return;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -166,19 +169,37 @@ class LSldapObject {
|
|||
* et de chaque attribut.
|
||||
*
|
||||
* @param[in] $idForm [<b>required</b>] Identifiant du formulaire a créer
|
||||
* @param[in] $config Configuration spécifique pour le formulaire
|
||||
* @param[in] $load DN d'un objet similaire dont la valeur des attribut doit être chargé dans le formulaire.
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @retval LSform Le formulaire crée
|
||||
*/
|
||||
function getForm($idForm,$config=array()) {
|
||||
function getForm($idForm,$load=NULL) {
|
||||
$GLOBALS['LSsession'] -> loadLSclass('LSform');
|
||||
$LSform = new LSform($this,$idForm);
|
||||
$this -> forms[$idForm] = array($LSform,$config);
|
||||
foreach($this -> attrs as $attr_name => $attr) {
|
||||
if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this)) {
|
||||
$LSform -> can_validate = false;
|
||||
$this -> forms[$idForm] = array($LSform,$load);
|
||||
|
||||
if ($load) {
|
||||
$type = $this -> getType();
|
||||
$loadObject = new $type();
|
||||
if (!$loadObject -> loadData($load)) {
|
||||
$load=false;
|
||||
}
|
||||
}
|
||||
|
||||
if ($load) {
|
||||
foreach($this -> attrs as $attr_name => $attr) {
|
||||
if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this,$loadObject -> getValue($attr_name))) {
|
||||
$LSform -> can_validate = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
foreach($this -> attrs as $attr_name => $attr) {
|
||||
if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this)) {
|
||||
$LSform -> can_validate = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
return $LSform;
|
||||
|
@ -261,7 +282,7 @@ class LSldapObject {
|
|||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(23,$this -> type_name);
|
||||
$GLOBALS['LSerror'] -> stop();
|
||||
return;
|
||||
}
|
||||
}
|
||||
$new_data = $LSform -> exportValues();
|
||||
|
@ -276,12 +297,12 @@ class LSldapObject {
|
|||
if(function_exists($this -> config['before_save'])) {
|
||||
if(!$this -> config['before_save']($this)) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(28,$this -> config['before_save']);
|
||||
$GLOBALS['LSerror'] -> stop();
|
||||
return;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(27,$this -> config['before_save']);
|
||||
$GLOBALS['LSerror'] -> stop();
|
||||
return;
|
||||
}
|
||||
}
|
||||
if ($this -> submitChange($idForm)) {
|
||||
|
@ -290,16 +311,25 @@ class LSldapObject {
|
|||
$this -> reloadData();
|
||||
$this -> refreshForm($idForm);
|
||||
}
|
||||
else {
|
||||
return;
|
||||
}
|
||||
if((isset($this -> config['after_save']))&&(!$this -> submitError)) {
|
||||
if(function_exists($this -> config['after_save'])) {
|
||||
if(!$this -> config['after_save']($this)) {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(30,$this -> config['after_save']);
|
||||
return;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(29,$this -> config['after_save']);
|
||||
return;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -478,6 +508,7 @@ class LSldapObject {
|
|||
if(!empty($submitData)) {
|
||||
$dn=$this -> getDn();
|
||||
if($dn) {
|
||||
$this -> dn=$dn;
|
||||
debug($submitData);
|
||||
return $GLOBALS['LSldap'] -> update($this -> type_name,$dn, $submitData);
|
||||
}
|
||||
|
@ -486,6 +517,9 @@ class LSldapObject {
|
|||
return;
|
||||
}
|
||||
}
|
||||
else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -848,24 +882,35 @@ class LSldapObject {
|
|||
return $this -> type_name;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne qui est l'utilisateur par rapport à cet object
|
||||
*
|
||||
* @retval string 'admin'/'self'/'user' pour Admin , l'utilisateur lui même ou un simple utilisateur
|
||||
*/
|
||||
function whoami() {
|
||||
if (!$this -> _whoami)
|
||||
$this -> _whoami = $GLOBALS['LSsession'] -> whoami($this -> dn);
|
||||
return $this -> _whoami;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne le label de l'objet
|
||||
*
|
||||
* @retval string Le label de l'objet ($this -> config['label'])
|
||||
*/
|
||||
function getLabel() {
|
||||
return $this -> config['label'];
|
||||
}
|
||||
|
||||
function __sleep() {
|
||||
return ( array_keys( get_object_vars( &$this ) ) );
|
||||
}
|
||||
|
||||
function __wakeup() {
|
||||
return true;
|
||||
/**
|
||||
* Supprime l'objet dans l'annuaire
|
||||
*
|
||||
* @retval boolean True si l'objet à été supprimé, false sinon
|
||||
*/
|
||||
function remove() {
|
||||
return $GLOBALS['LSldap'] -> remove($this -> getDn());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -240,10 +240,10 @@ class LSsession {
|
|||
if (!$this -> LSldapConnect())
|
||||
return;
|
||||
$this -> loadLSrights();
|
||||
$this -> loadLSaccess();
|
||||
}
|
||||
$this -> LSuserObject = new $this -> ldapServer['authobject']();
|
||||
$this -> LSuserObject -> loadData($this -> dn);
|
||||
$this -> loadLSaccess();
|
||||
$GLOBALS['Smarty'] -> assign('LSsession_username',$this -> LSuserObject -> getDisplayValue());
|
||||
return true;
|
||||
|
||||
|
@ -589,16 +589,25 @@ class LSsession {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Charge les droits d'accès de l'utilisateur pour construire le menu de l'interface
|
||||
*
|
||||
* @retval void
|
||||
*/
|
||||
function loadLSaccess() {
|
||||
$LSaccess = array(
|
||||
'SELF' => array(
|
||||
'label' => _('Mon compte'),
|
||||
'DNs' => $this -> dn
|
||||
)
|
||||
);
|
||||
if ($this -> canAccess($this -> LSuserObject -> getType(),$this -> dn)) {
|
||||
$LSaccess = array(
|
||||
'SELF' => array(
|
||||
'label' => _('Mon compte'),
|
||||
'DNs' => $this -> dn
|
||||
)
|
||||
);
|
||||
}
|
||||
else {
|
||||
$LSaccess = array();
|
||||
}
|
||||
foreach ($GLOBALS['LSobjects'] as $objecttype => $objectconf) {
|
||||
$objectdn = $objectconf['container_dn'].','.$this -> topDn;
|
||||
if ($this -> isAdmin($objectdn) ) {
|
||||
if ($this -> canAccess($objecttype) ) {
|
||||
$LSaccess[$objecttype] = array (
|
||||
'label' => $objectconf['label'],
|
||||
'Dns' => 'All'
|
||||
|
@ -608,6 +617,13 @@ class LSsession {
|
|||
$this -> LSaccess = $LSaccess;
|
||||
}
|
||||
|
||||
/**
|
||||
* Dit si l'utilisateur est admin de le DN spécifié
|
||||
*
|
||||
* @param[in] string DN de l'objet
|
||||
*
|
||||
* @retval boolean True si l'utilisateur est admin sur l'objet, false sinon.
|
||||
*/
|
||||
function isAdmin($dn) {
|
||||
foreach($this -> LSrights['topDn_admin'] as $topDn_admin) {
|
||||
if($dn == $topDn_admin) {
|
||||
|
@ -620,6 +636,13 @@ class LSsession {
|
|||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne qui est l'utilisateur par rapport à l'object
|
||||
*
|
||||
* @param[in] string Le DN de l'objet
|
||||
*
|
||||
* @retval string 'admin'/'self'/'user' pour Admin , l'utilisateur lui même ou un simple utilisateur
|
||||
*/
|
||||
function whoami($dn) {
|
||||
if ($this -> isAdmin($dn)) {
|
||||
return 'admin';
|
||||
|
@ -632,15 +655,51 @@ class LSsession {
|
|||
return 'user';
|
||||
}
|
||||
|
||||
function canAccess($LSobject,$dn=NULL,$right=NULL) {
|
||||
/**
|
||||
* Retourne le droit de l'utilisateur à accèder à un objet
|
||||
*
|
||||
* @param[in] string $LSobject Le type de l'objet
|
||||
* @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut)
|
||||
* @param[in] string $right Le type de droit d'accès à tester ('r'/'w')
|
||||
* @param[in] string $attr Le nom de l'attribut auquel on test l'accès
|
||||
*
|
||||
* @retval boolean True si l'utilisateur a accès, false sinon
|
||||
*/
|
||||
function canAccess($LSobject,$dn=NULL,$right=NULL,$attr=NULL) {
|
||||
if (!$this -> loadLSobject($LSobject))
|
||||
return;
|
||||
if ($dn) {
|
||||
$whoami = $this -> whoami($dn);
|
||||
}
|
||||
else {
|
||||
$whoami = 'user';
|
||||
$objectdn=$GLOBALS['LSobjects'][$LSobject]['container_dn'].','.$this -> topDn;
|
||||
$whoami = $this -> whoami($objectdn);
|
||||
}
|
||||
|
||||
// Pour un attribut particulier
|
||||
if ($attr) {
|
||||
if ($attr=='rdn') {
|
||||
$attr=$GLOBALS['LSobjects'][$LSobject]['rdn'];
|
||||
}
|
||||
if (!isset($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr])) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (($right=='r')||($right=='w')) {
|
||||
if ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]==$right) {
|
||||
return true;
|
||||
}
|
||||
return;
|
||||
}
|
||||
else {
|
||||
if ( ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]=='r') || ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]=='w') ) {
|
||||
return true;
|
||||
}
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// Pour un attribut quelconque
|
||||
if (is_array($GLOBALS['LSobjects'][$LSobject]['attrs'])) {
|
||||
if (($right=='r')||($right=='w')) {
|
||||
foreach ($GLOBALS['LSobjects'][$LSobject]['attrs'] as $attr_name => $attr_config) {
|
||||
|
@ -660,17 +719,42 @@ class LSsession {
|
|||
return;
|
||||
}
|
||||
|
||||
function canEdit($LSobject,$dn=NULL) {
|
||||
return $this -> canAccess($LSobject,$dn,'w');
|
||||
/**
|
||||
* Retourne le droit de l'utilisateur à editer à un objet
|
||||
*
|
||||
* @param[in] string $LSobject Le type de l'objet
|
||||
* @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut)
|
||||
* @param[in] string $attr Le nom de l'attribut auquel on test l'accès
|
||||
*
|
||||
* @retval boolean True si l'utilisateur a accès, false sinon
|
||||
*/
|
||||
function canEdit($LSobject,$dn=NULL,$attr=NULL) {
|
||||
return $this -> canAccess($LSobject,$dn,'w',$attr);
|
||||
}
|
||||
|
||||
function __sleep() {
|
||||
return ( array_keys( get_object_vars( &$this ) ) );
|
||||
/**
|
||||
* Retourne le droit de l'utilisateur à supprimer un objet
|
||||
*
|
||||
* @param[in] string $LSobject Le type de l'objet
|
||||
* @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut)
|
||||
*
|
||||
* @retval boolean True si l'utilisateur a accès, false sinon
|
||||
*/
|
||||
function canRemove($LSobject,$dn) {
|
||||
return $this -> canAccess($LSobject,$dn,'w','rdn');
|
||||
}
|
||||
|
||||
function __wakeup() {
|
||||
return true;
|
||||
/**
|
||||
* Retourne le droit de l'utilisateur à créer un objet
|
||||
*
|
||||
* @param[in] string $LSobject Le type de l'objet
|
||||
*
|
||||
* @retval boolean True si l'utilisateur a accès, false sinon
|
||||
*/
|
||||
function canCreate($LSobject) {
|
||||
return $this -> canAccess($LSobject,NULL,'w','rdn');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
175
trunk/lsexample/ls.schema
Normal file
|
@ -0,0 +1,175 @@
|
|||
# Easter-eggs OID: 1.3.6.1.4.1.10650
|
||||
# 1.3.6.1.4.1.10650.2 LDAP OID
|
||||
# 1.3.6.1.4.1.10650.3 Customers OID
|
||||
#
|
||||
# 1.3.6.1.4.1.10650.2.1 Ldap Attributes
|
||||
# 1.3.6.1.4.1.10650.2.1.1 Admin sys Ldap Attributes
|
||||
# 1.3.6.1.4.1.10650.2.1.2 Dev Ldap Attributes
|
||||
# 1.3.6.1.4.1.10650.2.1.3 Global Attributes
|
||||
# 1.3.6.1.4.1.10650.2.2 Ldap Objectclass
|
||||
# 1.3.6.1.4.1.10650.2.2.1 Admin sys Ldap Objectclass
|
||||
# 1.3.6.1.4.1.10650.2.2.2 Dev Ldap Objectclass
|
||||
# 1.3.6.1.4.1.10650.2.2.3 Global OC
|
||||
|
||||
# Ost
|
||||
# 1.3.6.1.4.1.10650.3.1127.2.1 Ldap attributes
|
||||
# 1.3.6.1.4.1.10650.3.1127.2.2 Ldap OC
|
||||
|
||||
|
||||
# <Ee attributes>
|
||||
attributetype (1.3.6.1.4.1.10650.2.1.1.1
|
||||
NAME 'eeallowedservices'
|
||||
DESC 'List of allowed services'
|
||||
EQUALITY caseIgnoreMatch
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
||||
|
||||
# </Ee attributes>
|
||||
|
||||
# <From qmail schema>
|
||||
attributetype ( 1.3.6.1.4.1.7914.1.2.1.4 NAME 'mailAlternateAddress'
|
||||
SUBSTR caseIgnoreSubstringsMatch
|
||||
DESC 'Secondary (alias) mailaddresses for the same user'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
attributetype ( 1.3.6.1.4.1.7914.1.2.1.7 NAME 'mailForwardingAddress'
|
||||
DESC 'Address(es) to forward all incoming messages to.'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||
|
||||
# </From qmail schema>
|
||||
|
||||
# <From courier.schema>
|
||||
attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox'
|
||||
DESC 'The absolute path to the mailbox for a mail account in a non-default location'
|
||||
EQUALITY caseExactIA5Match
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||
|
||||
|
||||
attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop'
|
||||
DESC 'RFC822 Mailbox - mail alias'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SUBSTR caseIgnoreIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
|
||||
# </From courier.schema>
|
||||
|
||||
# <From postfix>
|
||||
attributetype ( 1.3.6.1.4.1.7914.1.2.1.5 NAME 'mailQuota'
|
||||
DESC 'The amount of space the user can use until all further messages get bounced.'
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
|
||||
SINGLE-VALUE )
|
||||
# </From postfix>
|
||||
|
||||
# <From gnarwl>
|
||||
# Original
|
||||
#attributetype ( 1.3.6.1.4.1.11048.1.1.1.1
|
||||
# NAME 'vacationActive'
|
||||
# SINGLE-VALUE
|
||||
# EQUALITY booleanMatch
|
||||
# DESC 'A flag, for marking the user as being away'
|
||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
|
||||
|
||||
# Ee
|
||||
attributetype ( 1.3.6.1.4.1.11048.1.1.1.1
|
||||
NAME 'vacationActive'
|
||||
SINGLE-VALUE
|
||||
DESC 'Equal to uid@autoreponse.foo.bar, for marking the user as being away'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SUBSTR caseIgnoreIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
|
||||
|
||||
attributetype ( 1.3.6.1.4.1.11048.1.1.1.3
|
||||
NAME 'vacationInfo'
|
||||
SINGLE-VALUE
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
|
||||
DESC 'Absentee note to leave behind, while on vacation'
|
||||
EQUALITY octetStringMatch )
|
||||
|
||||
attributetype ( 1.3.6.1.4.1.11048.1.1.1.4
|
||||
NAME 'vacationStart'
|
||||
SINGLE-VALUE
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
|
||||
DESC 'Beginning of vacation'
|
||||
EQUALITY octetStringMatch )
|
||||
|
||||
# Original
|
||||
#attributetype ( 1.3.6.1.4.1.11048.1.1.1.5
|
||||
# NAME 'vacationEnd'
|
||||
# SINGLE-VALUE
|
||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
|
||||
# DESC 'End of vacation'
|
||||
# EQUALITY octetStringMatch )
|
||||
|
||||
# Ee
|
||||
attributetype ( 1.3.6.1.4.1.11048.1.1.1.5
|
||||
NAME 'vacationEnd'
|
||||
SINGLE-VALUE
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
|
||||
DESC 'End of vacation'
|
||||
ORDERING generalizedTimeOrderingMatch
|
||||
EQUALITY generalizedTimeMatch )
|
||||
|
||||
attributetype (1.3.6.1.4.1.11048.1.1.1.10
|
||||
NAME 'vacationForward'
|
||||
EQUALITY caseIgnoreIA5Match
|
||||
SUBSTR caseIgnoreIA5SubstringsMatch
|
||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
|
||||
DESC 'Where to forward mails to, while on vacation' )
|
||||
|
||||
# </From gnarwl>
|
||||
|
||||
## Objectclasses
|
||||
# LS people
|
||||
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.1
|
||||
NAME 'lspeople'
|
||||
DESC 'LS people Objectclass'
|
||||
STRUCTURAL
|
||||
MUST ( uid $ cn )
|
||||
MAY ( jpegPhoto $ sn $ givenName $ postalAddress $ postalCode $ l $ st $ c $ telephoneNumber $ mobile $ fax $ mail $ mailalternateaddress $ personalTitle $ description $ userPassword $ eeallowedservices $ mailforwardingaddress $ maildrop $ mailquota $ mailbox $ vacationActive $ vacationInfo $ vacationEnd $ vacationForward ))
|
||||
|
||||
# LS Alias
|
||||
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.2
|
||||
NAME 'lsalias'
|
||||
DESC 'LS alias Objectclass'
|
||||
STRUCTURAL
|
||||
MUST ( mail $ maildrop )
|
||||
MAY ( mailalternateaddress $ description ))
|
||||
|
||||
# LS group
|
||||
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.3
|
||||
NAME 'lsgroup'
|
||||
DESC 'LS group Objectclass'
|
||||
STRUCTURAL
|
||||
MUST ( cn )
|
||||
MAY ( uniquemember $ description ))
|
||||
|
||||
# LS system account
|
||||
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.4
|
||||
NAME 'lssysaccount'
|
||||
DESC 'LS system account Objectclass'
|
||||
STRUCTURAL
|
||||
MUST ( uid )
|
||||
MAY (userpassword $ description))
|
||||
|
||||
# Ost mailbox
|
||||
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.5
|
||||
NAME 'lsmailbox'
|
||||
DESC 'LS custom mailbox Objectclass'
|
||||
STRUCTURAL
|
||||
MUST ( uid )
|
||||
MAY ( userPassword $ description $ eeallowedservices $ maildrop $ mailbox $ mail $ mailalternateaddress $ mailforwardingaddress $ mailquota ))
|
||||
|
||||
# Ost computer
|
||||
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.6
|
||||
NAME 'lscomputer'
|
||||
DESC 'LS computer Objectclass'
|
||||
STRUCTURAL
|
||||
MUST ( uid ))
|
||||
|
||||
# Ost samba domains
|
||||
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.8
|
||||
NAME 'lssambadomain'
|
||||
DESC 'LS samba domain Objectclass'
|
||||
STRUCTURAL)
|
||||
|
604
trunk/lsexample/lsexample.ldif
Normal file
|
@ -0,0 +1,604 @@
|
|||
dn: o=ls
|
||||
objectClass: top
|
||||
objectClass: organization
|
||||
o: ls
|
||||
structuralObjectClass: organization
|
||||
entryUUID: 2229e388-825b-1029-838c-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111624Z
|
||||
modifyTimestamp: 20050706111624Z
|
||||
entryCSN: 20050706111624.000000Z#000001#000#000000
|
||||
|
||||
dn: ou=sysaccounts,o=ls
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
ou: sysaccounts
|
||||
structuralObjectClass: organizationalUnit
|
||||
entryUUID: 2238a738-825b-1029-838d-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111624Z
|
||||
modifyTimestamp: 20050706111624Z
|
||||
entryCSN: 20050706111624.000000Z#000002#000#000000
|
||||
|
||||
dn: ou=people,o=ls
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
ou: people
|
||||
structuralObjectClass: organizationalUnit
|
||||
entryUUID: 223b67e8-825b-1029-838e-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111624Z
|
||||
modifyTimestamp: 20050706111624Z
|
||||
entryCSN: 20050706111624.000000Z#000003#000#000000
|
||||
|
||||
dn: ou=mailboxes,o=ls
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
ou: mailboxes
|
||||
structuralObjectClass: organizationalUnit
|
||||
entryUUID: 2240f622-825b-1029-8390-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111624Z
|
||||
modifyTimestamp: 20050706111624Z
|
||||
entryCSN: 20050706111624.000000Z#000005#000#000000
|
||||
|
||||
dn: ou=aliases,o=ls
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
ou: aliases
|
||||
structuralObjectClass: organizationalUnit
|
||||
entryUUID: 2243b88a-825b-1029-8391-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111624Z
|
||||
modifyTimestamp: 20050706111624Z
|
||||
entryCSN: 20050706111624.000000Z#000006#000#000000
|
||||
|
||||
dn: ou=computers,o=ls
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
ou: computers
|
||||
structuralObjectClass: organizationalUnit
|
||||
entryUUID: 22468588-825b-1029-8392-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111624Z
|
||||
modifyTimestamp: 20050706111624Z
|
||||
entryCSN: 20050706111624.000000Z#000007#000#000000
|
||||
|
||||
dn: ou=sambadomains,o=ls
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
ou: sambadomains
|
||||
structuralObjectClass: organizationalUnit
|
||||
entryUUID: 224cf30a-825b-1029-8394-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111624Z
|
||||
modifyTimestamp: 20050706111624Z
|
||||
entryCSN: 20050706111624.000000Z#000009#000#000000
|
||||
|
||||
dn: sambaDomainName=LS_NT,ou=sambadomains,o=ls
|
||||
objectClass: top
|
||||
objectClass: lssambadomain
|
||||
objectClass: sambaDomain
|
||||
sambaDomainName: LS_NT
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809
|
||||
structuralObjectClass: lssambadomain
|
||||
entryUUID: 2250d4ac-825b-1029-8395-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111624Z
|
||||
modifyTimestamp: 20050706111624Z
|
||||
entryCSN: 20050706111624.000000Z#00000a#000#000000
|
||||
|
||||
dn: ou=groups,o=ls
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
ou: groups
|
||||
structuralObjectClass: organizationalUnit
|
||||
entryUUID: 224947d2-825b-1029-8393-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111624Z
|
||||
modifyTimestamp: 20050706111624Z
|
||||
entryCSN: 20050706111624.000000Z#000008#000#000000
|
||||
|
||||
dn: cn=adminldap,ou=groups,o=ls
|
||||
objectClass: top
|
||||
objectClass: lsgroup
|
||||
objectClass: posixGroup
|
||||
objectClass: sambaGroupMapping
|
||||
cn: adminldap
|
||||
gidNumber: 70000
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-70000
|
||||
sambaGroupType: 2
|
||||
structuralObjectClass: lsgroup
|
||||
entryUUID: 226bb240-825b-1029-8396-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111625Z
|
||||
uniqueMember: uid=eeggs,ou=people,o=ls
|
||||
entryCSN: 20080211142717.746402Z#000000#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20080211142717Z
|
||||
|
||||
dn: uid=mail,ou=sysaccounts,o=ls
|
||||
objectClass: top
|
||||
objectClass: lssysaccount
|
||||
uid: mail
|
||||
structuralObjectClass: lssysaccount
|
||||
userPassword: toto
|
||||
entryUUID: 22958d72-825b-1029-839c-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111625Z
|
||||
modifyTimestamp: 20050706111625Z
|
||||
entryCSN: 20050706111625.000000Z#000007#000#000000
|
||||
|
||||
dn: uid=ftp,ou=sysaccounts,o=ls
|
||||
objectClass: top
|
||||
objectClass: lssysaccount
|
||||
uid: ftp
|
||||
structuralObjectClass: lssysaccount
|
||||
userPassword: toto
|
||||
entryUUID: 22a46608-825b-1029-839d-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111625Z
|
||||
modifyTimestamp: 20050706111625Z
|
||||
entryCSN: 20050706111625.000000Z#000008#000#000000
|
||||
|
||||
dn: uid=http,ou=sysaccounts,o=ls
|
||||
objectClass: top
|
||||
objectClass: lssysaccount
|
||||
uid: http
|
||||
structuralObjectClass: lssysaccount
|
||||
userPassword: toto
|
||||
entryUUID: 22a7274e-825b-1029-839e-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111625Z
|
||||
modifyTimestamp: 20050706111625Z
|
||||
entryCSN: 20050706111625.000000Z#000009#000#000000
|
||||
|
||||
dn: uid=samba,ou=sysaccounts,o=ls
|
||||
objectClass: top
|
||||
objectClass: lssysaccount
|
||||
uid: samba
|
||||
structuralObjectClass: lssysaccount
|
||||
entryUUID: 22a9f44c-825b-1029-839f-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111625Z
|
||||
userPassword: toto
|
||||
entryCSN: 20050706115506.000000Z#000001#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20050706115506Z
|
||||
|
||||
dn: uid=ldapsaisie,ou=sysaccounts,o=ls
|
||||
objectClass: top
|
||||
objectClass: lssysaccount
|
||||
uid: ldapsaisie
|
||||
structuralObjectClass: lssysaccount
|
||||
userPassword: toto
|
||||
entryUUID: 22acb6aa-825b-1029-83a0-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
modifiersName: cn=anonymous
|
||||
createTimestamp: 20050706111625Z
|
||||
modifyTimestamp: 20050706111625Z
|
||||
entryCSN: 20050706111625.000000Z#00000b#000#000000
|
||||
|
||||
dn: uid=nss,ou=sysaccounts,o=ls
|
||||
objectClass: top
|
||||
objectClass: lssysaccount
|
||||
uid: nss
|
||||
structuralObjectClass: lssysaccount
|
||||
entryUUID: 22b06d40-825b-1029-83a1-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111625Z
|
||||
userPassword: toto
|
||||
entryCSN: 20050706115152.000000Z#000001#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20050706115152Z
|
||||
|
||||
dn: uid=eeggs,ou=people,o=ls
|
||||
objectClass: top
|
||||
objectClass: lspeople
|
||||
objectClass: posixAccount
|
||||
objectClass: sambaSamAccount
|
||||
uid: eeggs
|
||||
uidNumber: 100000
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-201000
|
||||
structuralObjectClass: lspeople
|
||||
entryUUID: 22b70a42-825b-1029-83a3-b10e837060e0
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111625Z
|
||||
gidNumber: 102009
|
||||
mail: eeggs@ldapsaisie.biz
|
||||
facsimileTelephoneNumber: 030000000
|
||||
vacationInfo: Je suis absent pour le moment
|
||||
vacationEnd: 20070101000000Z
|
||||
vacationForward: brenard@easter-eggs.com
|
||||
eeallowedservices: MAIL
|
||||
eeallowedservices: FTP
|
||||
description: Utilisateur test Easter-eggs
|
||||
cn: Easter Eggs
|
||||
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205019
|
||||
mailbox: eeggs/
|
||||
personalTitle: M.
|
||||
userPassword: toto
|
||||
sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE
|
||||
sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0
|
||||
mailQuota: 5
|
||||
homeDirectory: /home/eeggs
|
||||
loginShell: /bin/false
|
||||
givenName: Easter
|
||||
maildrop: eeggs@ldapsaisie.biz
|
||||
vacationActive:
|
||||
sn: Eggs
|
||||
entryCSN: 20080211134602.394624Z#000000#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20080211134602Z
|
||||
|
||||
dn: uid=invite,ou=people,o=ls
|
||||
objectClass: top
|
||||
objectClass: lspeople
|
||||
objectClass: posixAccount
|
||||
objectClass: sambaSamAccount
|
||||
uid: invite
|
||||
cn: Utilisateur de passage
|
||||
givenName: Utilisateur
|
||||
sn: de passage
|
||||
homeDirectory: /home/invite
|
||||
loginShell: /bin/false
|
||||
uidNumber: 101012
|
||||
gidNumber: 101009
|
||||
userPassword: toto
|
||||
sambaAcctFlags: [U ]
|
||||
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-203019
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203024
|
||||
mailbox: invite/
|
||||
mailQuota: 52428800
|
||||
eeallowedservices: MAIL
|
||||
eeallowedservices: SAMBA
|
||||
eeallowedservices: FTP
|
||||
mail: invite@ldapsaisie.biz
|
||||
maildrop: invite@ldapsaisie.biz
|
||||
structuralObjectClass: lspeople
|
||||
entryUUID: 233dd144-825b-1029-9a9d-8f6e2b792dd2
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111626Z
|
||||
sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
|
||||
entryCSN: 20050706133832.000000Z#000008#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20050706133832Z
|
||||
|
||||
dn: uid=hmartin,ou=people,o=ls
|
||||
objectClass: top
|
||||
objectClass: lspeople
|
||||
objectClass: posixAccount
|
||||
objectClass: sambaSamAccount
|
||||
uid: hmartin
|
||||
homeDirectory: /home/com
|
||||
loginShell: /bin/false
|
||||
uidNumber: 101022
|
||||
sambaAcctFlags: [U ]
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203044
|
||||
structuralObjectClass: lspeople
|
||||
entryUUID: 234393a4-825b-1029-9a9f-8f6e2b792dd2
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111626Z
|
||||
givenName: Henri
|
||||
sn: MARTIN
|
||||
gidNumber: 102001
|
||||
mail: henri.martin@ldapsaisie.biz
|
||||
maildrop: henri.martin@ldapsaisie.biz
|
||||
mailAlternateAddress: hmartin@ldapsaisie.biz
|
||||
vacationEnd: 20060101000000Z
|
||||
mailQuota: 52428800
|
||||
eeallowedservices: MAIL
|
||||
eeallowedservices: SAMBA
|
||||
eeallowedservices: FTP
|
||||
cn: Henri MARTIN
|
||||
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003
|
||||
mailbox: hmartin/
|
||||
personalTitle: M.
|
||||
userPassword: toto
|
||||
sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE
|
||||
sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0
|
||||
entryCSN: 20080211164417.161923Z#000000#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20080211164417Z
|
||||
|
||||
dn: uid=secretariat,ou=people,o=ls
|
||||
objectClass: top
|
||||
objectClass: lspeople
|
||||
objectClass: posixAccount
|
||||
objectClass: sambaSamAccount
|
||||
uid: secretariat
|
||||
homeDirectory: /home/secretariat
|
||||
loginShell: /bin/false
|
||||
uidNumber: 101036
|
||||
userPassword: toto
|
||||
sambaAcctFlags: [U ]
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203072
|
||||
structuralObjectClass: lspeople
|
||||
entryUUID: 239920bc-825b-1029-9abb-8f6e2b792dd2
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111627Z
|
||||
sambaNTPassword: 8DB716B655D71DF6BD056A41B22B9EA9
|
||||
sambaLMPassword: 6CE56DC112C920EF0F5E44C88BF9DC39
|
||||
givenName: Secretariat
|
||||
sn: Secretariat
|
||||
gidNumber: 70513
|
||||
mail: secretariat@ldapsaisie.biz
|
||||
maildrop: secretariat@ldapsaisie.biz
|
||||
vacationEnd: 20050101000000Z
|
||||
mailQuota: 52428800
|
||||
eeallowedservices: MAIL
|
||||
eeallowedservices: SAMBA
|
||||
eeallowedservices: FTP
|
||||
cn: Secretariat Secretariat
|
||||
mailbox: secretariat/
|
||||
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-513
|
||||
entryCSN: 20050706144306.000000Z#000001#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20050706144306Z
|
||||
|
||||
dn: uid=ls,ou=people,o=ls
|
||||
objectClass: top
|
||||
objectClass: lspeople
|
||||
objectClass: posixAccount
|
||||
objectClass: sambaSamAccount
|
||||
uid: ls
|
||||
homeDirectory: /home/ls
|
||||
loginShell: /bin/false
|
||||
uidNumber: 101068
|
||||
userPassword: toto
|
||||
sambaAcctFlags: [U ]
|
||||
sambaLMPassword: 6E72264E11F708C0AAD3B435B51404EE
|
||||
sambaNTPassword: 8D9B9B87EE8C0423691F4F0E00C5BDE1
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203136
|
||||
structuralObjectClass: lspeople
|
||||
entryUUID: 23afa346-825b-1029-9ac3-8f6e2b792dd2
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111627Z
|
||||
givenName: _
|
||||
sn: LdapSaisie
|
||||
gidNumber: 102001
|
||||
mail: ls@ldapsaisie.biz
|
||||
maildrop: ls@ldapsaisie.biz
|
||||
vacationEnd: 20060101000000Z
|
||||
mailQuota: 52428800
|
||||
eeallowedservices: MAIL
|
||||
eeallowedservices: SAMBA
|
||||
eeallowedservices: FTP
|
||||
cn: LS
|
||||
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003
|
||||
mailbox: ls/
|
||||
entryCSN: 20061212145541.000000Z#000001#000#000000
|
||||
modifiersName: uid=catbo,ou=people,o=ls
|
||||
modifyTimestamp: 20061212145541Z
|
||||
|
||||
dn: cn=invite,ou=groups,o=ls
|
||||
objectClass: top
|
||||
objectClass: lsgroup
|
||||
objectClass: posixGroup
|
||||
objectClass: sambaGroupMapping
|
||||
cn: invite
|
||||
gidNumber: 101009
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203019
|
||||
sambaGroupType: 2
|
||||
structuralObjectClass: lsgroup
|
||||
entryUUID: 2425636a-825b-1029-9ae1-8f6e2b792dd2
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111628Z
|
||||
entryCSN: 20070308165544.000000Z#000000#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20070308165544Z
|
||||
|
||||
dn: cn=ls,ou=groups,o=ls
|
||||
objectClass: top
|
||||
objectClass: lsgroup
|
||||
objectClass: posixGroup
|
||||
objectClass: sambaGroupMapping
|
||||
cn: ls
|
||||
gidNumber: 102001
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205003
|
||||
sambaGroupType: 2
|
||||
structuralObjectClass: lsgroup
|
||||
entryUUID: 242bef1e-825b-1029-9ae3-8f6e2b792dd2
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111628Z
|
||||
uniqueMember: uid=secretariat,ou=people,o=ls
|
||||
entryCSN: 20080211142555.171664Z#000000#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20080211142555Z
|
||||
|
||||
dn: cn=informatique,ou=groups,o=ls
|
||||
objectClass: top
|
||||
objectClass: lsgroup
|
||||
objectClass: posixGroup
|
||||
objectClass: sambaGroupMapping
|
||||
gidNumber: 102009
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205019
|
||||
sambaGroupType: 2
|
||||
structuralObjectClass: lsgroup
|
||||
entryUUID: 2438d9d6-825b-1029-9ae7-8f6e2b792dd2
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111628Z
|
||||
cn: informatique
|
||||
uniqueMember: uid=eeggs,ou=people,o=ls
|
||||
entryCSN: 20070309093000.000000Z#000000#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20070309093000Z
|
||||
|
||||
dn: cn=direction,ou=groups,o=ls
|
||||
objectClass: top
|
||||
objectClass: lsgroup
|
||||
objectClass: posixGroup
|
||||
objectClass: sambaGroupMapping
|
||||
cn: direction
|
||||
gidNumber: 102007
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205015
|
||||
sambaGroupType: 2
|
||||
structuralObjectClass: lsgroup
|
||||
entryUUID: 243f7a34-825b-1029-9ae9-8f6e2b792dd2
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111628Z
|
||||
entryCSN: 20070309093009.000000Z#000000#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20070309093009Z
|
||||
|
||||
dn: cn=administratif,ou=groups,o=ls
|
||||
objectClass: top
|
||||
objectClass: lsgroup
|
||||
objectClass: posixGroup
|
||||
objectClass: sambaGroupMapping
|
||||
cn: administratif
|
||||
gidNumber: 102005
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205011
|
||||
sambaGroupType: 2
|
||||
structuralObjectClass: lsgroup
|
||||
entryUUID: 245e0cb0-825b-1029-9af4-8f6e2b792dd2
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111628Z
|
||||
entryCSN: 20070308180424.000000Z#000001#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20070308180424Z
|
||||
|
||||
dn: cn=communication,ou=groups,o=ls
|
||||
objectClass: top
|
||||
objectClass: lsgroup
|
||||
objectClass: posixGroup
|
||||
objectClass: sambaGroupMapping
|
||||
cn: communication
|
||||
gidNumber: 102003
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205007
|
||||
sambaGroupType: 2
|
||||
structuralObjectClass: lsgroup
|
||||
entryUUID: 2460db34-825b-1029-9af5-8f6e2b792dd2
|
||||
creatorsName: cn=anonymous
|
||||
createTimestamp: 20050706111628Z
|
||||
entryCSN: 20070308180413.000000Z#000000#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20070308180413Z
|
||||
|
||||
dn: uid=spam,ou=mailboxes,o=ls
|
||||
uid: spam
|
||||
userPassword: toto
|
||||
mailQuota: 104857600
|
||||
eeallowedservices: MAIL
|
||||
mail: spam@ldapsaisie.biz
|
||||
maildrop: spam@ldapsaisie.biz
|
||||
mailbox: spam/
|
||||
objectClass: top
|
||||
objectClass: lsmailbox
|
||||
structuralObjectClass: lsmailbox
|
||||
entryUUID: c88b9eb4-8301-1029-9567-dda2c03231d0
|
||||
creatorsName: uid=eeggs,ou=people,o=ls
|
||||
createTimestamp: 20050707070920Z
|
||||
entryCSN: 20050707070920.000000Z#000001#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20050707070920Z
|
||||
|
||||
dn: uid=virus,ou=mailboxes,o=ls
|
||||
uid: virus
|
||||
userPassword: toto
|
||||
mailbox: virus/
|
||||
objectClass: top
|
||||
objectClass: lsmailbox
|
||||
structuralObjectClass: lsmailbox
|
||||
entryUUID: 974dac8c-8303-1029-9569-dda2c03231d0
|
||||
creatorsName: uid=eeggs,ou=people,o=ls
|
||||
createTimestamp: 20050707072216Z
|
||||
mailQuota: 104857600
|
||||
eeallowedservices: MAIL
|
||||
mail: virus@ldapsaisie.biz
|
||||
maildrop: virus@ldapsaisie.biz
|
||||
entryCSN: 20050707072249.000000Z#000001#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20050707072249Z
|
||||
|
||||
dn: uid=gnarwl,ou=sysaccounts,o=ls
|
||||
objectClass: top
|
||||
objectClass: lssysaccount
|
||||
uid: gnarwl
|
||||
structuralObjectClass: lssysaccount
|
||||
entryUUID: f55954e0-fdcc-1029-9d72-de06c303d7ef
|
||||
creatorsName: uid=eeggs,ou=people,o=ls
|
||||
createTimestamp: 20051210133105Z
|
||||
userPassword: toto
|
||||
entryCSN: 20051210133237.000000Z#000001#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20051210133237Z
|
||||
|
||||
dn: mail=informatique@ldapsaisie.biz,ou=aliases,o=ls
|
||||
objectClass: top
|
||||
objectClass: lsalias
|
||||
structuralObjectClass: lsalias
|
||||
entryUUID: 081e6612-fdd0-1029-9d73-de06c303d7ef
|
||||
creatorsName: uid=eeggs,ou=people,o=ls
|
||||
createTimestamp: 20051210135305Z
|
||||
mail: informatique@ldapsaisie.biz
|
||||
description: Service Informatique
|
||||
maildrop: eeggs@ldapsaisie.biz
|
||||
entryCSN: 20051210141428.000000Z#000001#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20051210141428Z
|
||||
|
||||
dn: uid=erwpa,ou=people,o=ls
|
||||
uid: erwpa
|
||||
objectClass: top
|
||||
objectClass: lspeople
|
||||
objectClass: posixAccount
|
||||
objectClass: sambaSamAccount
|
||||
uidNumber: 101082
|
||||
sambaAcctFlags: [U ]
|
||||
homeDirectory: /home/erwpa
|
||||
loginShell: /bin/false
|
||||
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203164
|
||||
structuralObjectClass: lspeople
|
||||
entryUUID: aa7fcb30-b1a3-102a-875e-dcce935f6f2c
|
||||
sn: PAGEARD
|
||||
gidNumber: 102009
|
||||
mail: erwan.page@ldapsaisie.biz
|
||||
maildrop: erwan.page@ldapsaisie.biz
|
||||
vacationEnd: 20060101000000Z
|
||||
eeallowedservices: MAIL
|
||||
eeallowedservices: SAMBA
|
||||
eeallowedservices: FTP
|
||||
cn: Erwan PAGE
|
||||
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205019
|
||||
mailbox: erwpa/
|
||||
personalTitle: M.
|
||||
givenName: Erwan
|
||||
userPassword: toto
|
||||
sambaLMPassword: BAC14D04669EE1D1AAD3B435B51404EE
|
||||
sambaNTPassword: FBBF55D0EF0E34D39593F55C5F2CA5F2
|
||||
entryCSN: 20080211170049.821887Z#000000#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20080211170049Z
|
||||
|
||||
dn: cn=test,ou=groups,o=ls
|
||||
cn: test
|
||||
description: test BR
|
||||
objectClass: top
|
||||
objectClass: lsgroup
|
||||
objectClass: sambaGroupMapping
|
||||
objectClass: posixGroup
|
||||
sambaGroupType: 2
|
||||
gidNumber: 102012
|
||||
sambaSID: 42
|
||||
structuralObjectClass: lsgroup
|
||||
entryUUID: 91b290d2-6117-102b-9c6f-91889acd20dc
|
||||
creatorsName: uid=eeggs,ou=people,o=ls
|
||||
createTimestamp: 20070307164933Z
|
||||
entryCSN: 20070308165811.000000Z#000000#000#000000
|
||||
modifiersName: uid=eeggs,ou=people,o=ls
|
||||
modifyTimestamp: 20070308165811Z
|
||||
|
208
trunk/lsexample/permissions-ls.conf
Normal file
|
@ -0,0 +1,208 @@
|
|||
## Racine
|
||||
access to dn.regex="^o=ls$" attrs="entry,children,objectclass"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by users read
|
||||
by * read
|
||||
|
||||
## Sysaccounts
|
||||
### Ajout d'entrees par les admins
|
||||
access to dn.regex="^ou=sysaccounts,o=ls$" attrs="children"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by users read
|
||||
by * none
|
||||
|
||||
access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs="entry,objectclass"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by users read
|
||||
by * none
|
||||
|
||||
### Les admins peuvent modifier le mot de passe, les autres peuvent s'en servir pour l'authentification
|
||||
access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs="userPassword"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by anonymous auth
|
||||
by * none
|
||||
|
||||
### Les admins peuvent modifier tous les attributs, les autres ne voient rien
|
||||
access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by * none
|
||||
|
||||
## Aliases
|
||||
### Ajout d'entrees par les admins
|
||||
access to dn.regex="^ou=aliases,o=ls$" attrs="children,objectclass"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by * read
|
||||
|
||||
access to dn.regex="^mail=[^,]+,ou=aliases,o=ls$" attrs="entry,objectclass"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by * read
|
||||
|
||||
### Les admins peuvent modifier tous les attributs, tout le monde peut voir
|
||||
access to dn.regex="^mail=[^,]+,ou=aliases,o=ls$"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by * read
|
||||
|
||||
## Mailboxes
|
||||
### Ajout d'entrees par les admins
|
||||
access to dn.regex="^ou=mailboxes,o=ls$" attrs="children,objectclass"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by * read
|
||||
|
||||
access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="entry,objectclass"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by * read
|
||||
|
||||
### Les admins peuvent modifier le mot de passe, les autres peuvent s'en servir pour l'authentification
|
||||
access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="userPassword"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by anonymous auth
|
||||
by * none
|
||||
|
||||
### Les admins peuvent modifier ces attributs, l'appli mail le voir, les autres aucun droits
|
||||
access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="mailbox,mailforwardingaddress"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by dn="uid=mail,ou=sysaccounts,o=ls" read
|
||||
by * none
|
||||
|
||||
### Les admins peuvent modifier ces attributs, les authentifies peuvent les voir
|
||||
access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="uid,description,mail,mailalternateaddress,mailquota,eeallowedservices"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by * read
|
||||
|
||||
## Groups
|
||||
### Ajout d'entrees par les admins
|
||||
access to dn.regex="^ou=groups,o=ls$" attrs="children,objectclass"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by users read
|
||||
by * none
|
||||
|
||||
access to dn.regex="^cn=[^,]+,ou=groups,o=ls$" attrs="entry,objectclass"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by users read
|
||||
by * none
|
||||
|
||||
### Les admins peuvent tout modifier, les authentifies peuvent tout voir
|
||||
access to dn.regex="^cn=[^,]+,ou=groups,o=ls$"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by users read
|
||||
by * none
|
||||
|
||||
|
||||
## Peoples
|
||||
### Ajout d'entrees par les admins
|
||||
access to dn.regex="^ou=people,o=ls$" attrs="children,objectclass"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by users read
|
||||
by * read
|
||||
|
||||
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="entry,objectclass"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by users read
|
||||
by * read
|
||||
|
||||
|
||||
### Les admins peuvent modifier le mot de passe, samba le mettre à jour, les autres peuvent s'en servir pour l'authentification
|
||||
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="userPassword"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by dn="uid=samba,ou=sysaccounts,o=ls" write
|
||||
by self write
|
||||
by anonymous auth
|
||||
by * none
|
||||
|
||||
### Les admins peuvent modifier ces attributs, l'appli mail les voir, les autres aucun droits
|
||||
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="mailbox"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by dn="uid=mail,ou=sysaccounts,o=ls" read
|
||||
by * none
|
||||
|
||||
### Les admins peuvent modifier ces attributs, les authentifies peuvent les voir
|
||||
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="uid,mailquota,eeallowedservices,uidNumber,gidNumber,homeDirectory,loginShell,sambaSID,sambaAcctFlags,sambaPrimaryGroupSID"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by users read
|
||||
by * none
|
||||
|
||||
### Les admins peuvent modifier ces attributs, le proprio aussi, gnarwl peut les modifier et mail les voir
|
||||
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="mailforwardingaddress"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by dn="uid=gnarwl,ou=sysaccounts,o=ls" write
|
||||
by self write
|
||||
by dn="uid=mail,ou=sysaccounts,o=ls" read
|
||||
by * none
|
||||
|
||||
### Les admins peuvent modifier ces attributs, le proprio aussi, les authentifies peuvent les voir, gnarwl peut les modifier
|
||||
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="vacationActive"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by dn="uid=gnarwl,ou=sysaccounts,o=ls" write
|
||||
by self write
|
||||
by users read
|
||||
by * none
|
||||
|
||||
### Les admins peuvent modifier ces attributs, le proprio aussi, mail et gnarwl peuvent les voir
|
||||
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="vacationForward"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by self write
|
||||
by dn="uid=mail,ou=sysaccounts,o=ls" read
|
||||
by dn="uid=gnarwl,ou=sysaccounts,o=ls" read
|
||||
by * none
|
||||
|
||||
### Les admins peuvent modifier ces attributs, le proprio aussi, samba aussi
|
||||
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="sambaLMPassword,sambaNTPassword"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by dn="uid=samba,ou=sysaccounts,o=ls" write
|
||||
by self write
|
||||
by * none
|
||||
|
||||
### Les admins peuvent modifier ces attributs, le proprio aussi, les authentifies peuvent les voir
|
||||
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="c,cn,jpegPhoto,personalTitle,sn,givenName,postalAddress,postalCode,l,st,telephoneNumber,mobile,fax,mail,mailalternateaddress,maildrop,description,vacationInfo,vacationEnd"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by self write
|
||||
by users read
|
||||
by * read
|
||||
|
||||
## Computers
|
||||
### Ajout d'entrees par les admins
|
||||
access to dn.regex="^ou=computers,o=ls$" attrs="children,objectclass"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by dn="uid=samba,ou=sysaccounts,o=ls" write
|
||||
by users read
|
||||
by * none
|
||||
|
||||
access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="entry,objectclass"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by dn="uid=samba,ou=sysaccounts,o=ls" write
|
||||
by users read
|
||||
by * none
|
||||
|
||||
|
||||
### Les admins peuvent modifier ces attributs, samba peut les voir
|
||||
access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="sambaLMPassword,sambaNTPassword"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by dn="uid=samba,ou=sysaccounts,o=ls" write
|
||||
by * none
|
||||
|
||||
### Les admins peuvent modifier ces attributs, les authentifiés peuvent les voir
|
||||
access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="cn,uid,uidNumber,gidNumber,homeDirectory,sambaSID,sambaPrimaryGroupSID,sambaAcctFlags,sambaPwdCanChange,sambaPwdMustChange,sambaPwdLastSet"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by dn="uid=samba,ou=sysaccounts,o=ls" write
|
||||
by users read
|
||||
by * none
|
||||
|
||||
|
||||
## Les authentifies peuvent voir les noeuds et les admins peuvent en ajouter
|
||||
access to * attrs="entry"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by users read
|
||||
by * none
|
||||
|
||||
## SambaDomains
|
||||
### Ajout d'entrees par les admins
|
||||
access to dn.regex="^ou=sambadomains,o=ls$"
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by dn="uid=samba,ou=sysaccounts,o=ls" read
|
||||
by users read
|
||||
by * none
|
||||
|
||||
## Le reste
|
||||
access to *
|
||||
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
|
||||
by * none
|
28
trunk/lsexample/slapd.conf
Normal file
|
@ -0,0 +1,28 @@
|
|||
include /etc/ldap/schema/ls.schema
|
||||
|
||||
|
||||
database bdb
|
||||
suffix "o=ls"
|
||||
|
||||
# The database directory MUST exist prior to running slapd AND
|
||||
# should only be accessible by the slapd and slap tools.
|
||||
# Mode 700 recommended.
|
||||
directory /var/lib/ldap/ls
|
||||
|
||||
# Indices to maintain
|
||||
index objectClass eq
|
||||
index uid pres,eq
|
||||
index uidNumber eq
|
||||
index gidNumber eq
|
||||
index eeallowedservices eq
|
||||
index cn pres,eq
|
||||
index mail pres,eq
|
||||
index mailalternateaddress pres,eq
|
||||
index sambasid eq
|
||||
index sambaDomainName eq
|
||||
index memberUid eq
|
||||
|
||||
# Save the time that the entry gets modified, for database #1
|
||||
lastmod on
|
||||
|
||||
include /etc/ldap/permissions-ls.conf
|
|
@ -30,31 +30,67 @@ if($LSsession -> startLSsession()) {
|
|||
// Définition du Titre de la page
|
||||
$GLOBALS['Smarty'] -> assign('pagetitle',_('Modifier'));
|
||||
|
||||
// Création d'un LSobject
|
||||
if (class_exists($_GET['LSobject'])) {
|
||||
debug('me : '.$GLOBALS['LSsession'] -> whoami($_GET['dn']));
|
||||
if ( $GLOBALS['LSsession'] -> whoami($_GET['dn']) != 'user' ) {
|
||||
$object = new $_GET['LSobject']();
|
||||
if ($object -> loadData($_GET['dn'])) {
|
||||
$form = $object -> getForm('test');
|
||||
if ($form->validate()) {
|
||||
// MàJ des données de l'objet LDAP
|
||||
$object -> updateData('test');
|
||||
if (isset($_POST['LSform_objecttype'])) {
|
||||
$LSobject = $_POST['LSform_objecttype'];
|
||||
}
|
||||
else if (isset($_GET['LSobject'])) {
|
||||
$LSobject = $_GET['LSobject'];
|
||||
}
|
||||
|
||||
if (isset($_POST['LSform_objectdn'])) {
|
||||
$dn = $_POST['LSform_objectdn'];
|
||||
}
|
||||
else if (isset($_GET['dn'])) {
|
||||
$dn = $_GET['dn'];
|
||||
}
|
||||
|
||||
if ((isset($dn)) && (isset($LSobject)) ) {
|
||||
// Création d'un LSobject
|
||||
if (class_exists($LSobject)) {
|
||||
if ( $GLOBALS['LSsession'] -> canEdit($LSobject,$dn) ) {
|
||||
$LSview_actions[] = array(
|
||||
'label' => _('Voir'),
|
||||
'url' =>'view.php?LSobject='.$LSobject.'&dn='.$dn,
|
||||
'action' => 'view'
|
||||
);
|
||||
|
||||
if ($GLOBALS['LSsession'] -> canRemove($LSobject,$dn)) {
|
||||
$LSview_actions[] = array(
|
||||
'label' => _('Supprimer'),
|
||||
'url' => 'remove.php?LSobject='.$LSobject.'&dn='.$dn,
|
||||
'action' => 'delete'
|
||||
);
|
||||
}
|
||||
|
||||
$object = new $LSobject();
|
||||
if ($object -> loadData($dn)) {
|
||||
$form = $object -> getForm('modify');
|
||||
if ($form->validate()) {
|
||||
// MàJ des données de l'objet LDAP
|
||||
if ($object -> updateData('modify')) {
|
||||
header('Location: view.php?LSobject='.$LSobject.'&dn='.$object -> getDn());
|
||||
}
|
||||
}
|
||||
$GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
|
||||
$GLOBALS['LSsession'] -> setTemplate('modify.tpl');
|
||||
$form -> display();
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1011);
|
||||
}
|
||||
$form -> display();
|
||||
}
|
||||
else debug('erreur durant le chargement du dn');
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1011);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1011);
|
||||
$GLOBALS['LSerror'] -> addErrorCode(21);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(21);
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1012);
|
||||
}
|
||||
|
||||
// Template
|
||||
$GLOBALS['LSsession'] -> setTemplate('modify.tpl');
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSsession'] -> setTemplate('login.tpl');
|
||||
|
|
78
trunk/remove.php
Normal file
|
@ -0,0 +1,78 @@
|
|||
<?php
|
||||
/*******************************************************************************
|
||||
* Copyright (C) 2007 Easter-eggs
|
||||
* http://ldapsaisie.labs.libre-entreprise.org
|
||||
*
|
||||
* Author: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License version 2
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
******************************************************************************/
|
||||
|
||||
require_once 'includes/functions.php';
|
||||
require_once 'includes/class/class.LSsession.php';
|
||||
|
||||
$GLOBALS['LSsession'] = new LSsession();
|
||||
|
||||
if($LSsession -> startLSsession()) {
|
||||
|
||||
if ((isset($_GET['LSobject'])) && (isset($_GET['dn']))) {
|
||||
|
||||
if ($GLOBALS['LSsession'] -> loadLSobject($_GET['LSobject'])) {
|
||||
if ( $GLOBALS['LSsession'] -> canRemove($_GET['LSobject'],$_GET['dn']) ) {
|
||||
$object = new $_GET['LSobject']();
|
||||
if ($object -> loadData($_GET['dn'])) {
|
||||
if (isset($_GET['valid'])) {
|
||||
$objectname=$object -> getDisplayValue();
|
||||
$GLOBALS['Smarty'] -> assign('pagetitle',_('Suppression').' : '.$objectname);
|
||||
if ($object -> remove()) {
|
||||
$GLOBALS['Smarty'] -> assign('question',$objectname.' '._('a bien été supprimé').'.');
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(35,$objectname);
|
||||
}
|
||||
}
|
||||
else {
|
||||
// Définition du Titre de la page
|
||||
$GLOBALS['Smarty'] -> assign('pagetitle',_('Suppresion').' : '.$object -> getDisplayValue());
|
||||
$GLOBALS['Smarty'] -> assign('question',_('Voulez-vous vraiment supprimer').' <strong>'.$object -> getDisplayValue().'</strong> ?');
|
||||
$GLOBALS['Smarty'] -> assign('validation_url','remove.php?LSobject='.$_GET['LSobject'].'&dn='.$_GET['dn'].'&valid');
|
||||
$GLOBALS['Smarty'] -> assign('validation_txt',_('Valider'));
|
||||
}
|
||||
$GLOBALS['LSsession'] -> setTemplate('question.tpl');
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1012);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1011);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(21);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1012);
|
||||
}
|
||||
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSsession'] -> setTemplate('login.tpl');
|
||||
}
|
||||
|
||||
// Affichage des retours d'erreurs
|
||||
$GLOBALS['LSsession'] -> displayTemplate();
|
||||
?>
|
52
trunk/templates/create.tpl
Normal file
|
@ -0,0 +1,52 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
|
||||
"http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
|
||||
<link rel="stylesheet" type="text/css" href="templates/css/base.css" media="screen" title="Normal" />
|
||||
{$LSsession_css}
|
||||
{$LSsession_js}
|
||||
</head>
|
||||
<body>
|
||||
<div id='LSerror'>
|
||||
{$LSerrors}
|
||||
</div>
|
||||
<div id='LSdebug'>
|
||||
<a href='#' id='LSdebug_hidden'>X</a>
|
||||
<div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
|
||||
</div>
|
||||
|
||||
<div id='main'>
|
||||
<div id='left'>
|
||||
<img src='templates/images/logo.png' alt='Logo' id='logo'/>
|
||||
<ul class='menu'>
|
||||
{foreach from=$LSaccess item=item key=LSobject}
|
||||
<li class='menu'><a href='view.php?LSobject={$LSobject}' class='menu'>{$item.label}</a></li>
|
||||
{/foreach}
|
||||
</ul>
|
||||
</div>
|
||||
<div id='right'>
|
||||
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
|
||||
|
||||
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
|
||||
|
||||
<form action='{$LSform_action}' method='post' class='LSform'>
|
||||
{$LSform_header}
|
||||
<dl class='LSform'>
|
||||
{foreach from=$LSform_fields item=field}
|
||||
<dt class='LSform'>{$field.label}</dt>
|
||||
<dd class='LSform'>{$field.html}{if $field.add != ''} <span class='LSform-addfield'>+ Ajouter un champ</span>{/if}</dd>
|
||||
{if $field.errors != ''}
|
||||
{foreach from=$field.errors item=error}
|
||||
<dd class='LSform LSform-errors'>{$error}</dd>
|
||||
{/foreach}
|
||||
{/if}
|
||||
{/foreach}
|
||||
<dd class='LSform'><input type='submit' value='{$LSform_submittxt}' class='LSform' /></dd>
|
||||
</dl>
|
||||
</form>
|
||||
</div>
|
||||
<hr class='spacer' />
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -1,20 +1,3 @@
|
|||
p.LSform-view-actions {
|
||||
text-align: right;
|
||||
font-size: 0.8em;
|
||||
margin: 0.2em;
|
||||
margin-right: 3em;
|
||||
color: #0072b8;
|
||||
}
|
||||
|
||||
a.LSform-view-actions {
|
||||
text-decoration: none;
|
||||
color: #0072b8;
|
||||
}
|
||||
|
||||
a.LSform-view-actions:hover {
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
dl.LSform {
|
||||
margin: 0;
|
||||
margin-left: 2em;
|
||||
|
|
|
@ -114,6 +114,10 @@ td.LSobject-list-actions {
|
|||
width: 7em;
|
||||
}
|
||||
|
||||
td.LSobject-list-names {
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
p.LSobject-list-page {
|
||||
text-align: center;
|
||||
margin: 0.5em;
|
||||
|
@ -132,3 +136,21 @@ a.LSobject-list-page:hover {
|
|||
strong.LSobject-list-page {
|
||||
color: #0072b8;
|
||||
}
|
||||
|
||||
p.LSview-actions {
|
||||
text-align: right;
|
||||
font-size: 0.8em;
|
||||
margin: 0.2em;
|
||||
margin-right: 3em;
|
||||
color: #0072b8;
|
||||
}
|
||||
|
||||
p.question {
|
||||
margin-left: 3em;
|
||||
}
|
||||
|
||||
a.question {
|
||||
margin-left: 10em;
|
||||
margin-top: 3em;
|
||||
color: #0072b8;
|
||||
}
|
||||
|
|
BIN
trunk/templates/images/clear.png
Normal file
After Width: | Height: | Size: 773 B |
Before Width: | Height: | Size: 498 B After Width: | Height: | Size: 498 B |
BIN
trunk/templates/images/create.png
Normal file
After Width: | Height: | Size: 477 B |
BIN
trunk/templates/images/delete.png
Normal file
After Width: | Height: | Size: 655 B |
Before Width: | Height: | Size: 805 B After Width: | Height: | Size: 799 B |
BIN
trunk/templates/images/modify.png
Normal file
After Width: | Height: | Size: 317 B |
|
@ -29,7 +29,13 @@
|
|||
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
|
||||
|
||||
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
|
||||
<p class='LSform-view-actions'><a href='view.php?LSobject={$LSform_object.type}&dn={$LSform_object.dn}' class='LSform-view-actions'>Voir</a></p>
|
||||
{if $LSview_actions != ''}
|
||||
<p class='LSview-actions'>
|
||||
{foreach from=$LSview_actions item=item}
|
||||
<a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
|
||||
{/foreach}
|
||||
</p>
|
||||
{/if}
|
||||
|
||||
<form action='{$LSform_action}' method='post' class='LSform'>
|
||||
{$LSform_header}
|
||||
|
|
45
trunk/templates/question.tpl
Normal file
|
@ -0,0 +1,45 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
|
||||
"http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
|
||||
<link rel="stylesheet" type="text/css" href="templates/css/base.css" media="screen" title="Normal" />
|
||||
{$LSsession_css}
|
||||
{$LSsession_js}
|
||||
</head>
|
||||
<body>
|
||||
<div id='LSerror'>
|
||||
{$LSerrors}
|
||||
</div>
|
||||
<div id='LSdebug'>
|
||||
<a href='#' id='LSdebug_hidden'>X</a>
|
||||
<div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
|
||||
</div>
|
||||
|
||||
<div id='main'>
|
||||
<div id='left'>
|
||||
<img src='templates/images/logo.png' alt='Logo' id='logo'/>
|
||||
<ul class='menu'>
|
||||
{foreach from=$LSaccess item=item key=LSobject_type}
|
||||
<li class='menu'><a href='view.php?LSobject={$LSobject_type}' class='menu'>{$item.label}</a></li>
|
||||
{/foreach}
|
||||
</ul>
|
||||
</div>
|
||||
<div id='right'>
|
||||
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
|
||||
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
|
||||
{if $LSview_actions != ''}
|
||||
<p class='LSview-actions'>
|
||||
{foreach from=$LSview_actions item=item}
|
||||
<a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
|
||||
{/foreach}
|
||||
</p>
|
||||
{/if}
|
||||
|
||||
<p class='question'>{$question}</p>
|
||||
{if $validation_txt!=''}<a href='{$validation_url}' class='question'>Valider</a>{/if}
|
||||
</div>
|
||||
<hr class='spacer' />
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -28,7 +28,14 @@
|
|||
<div id='right'>
|
||||
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
|
||||
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
|
||||
{if $LSform_canEdit == 'true'}<p class='LSform-view-actions'><a href='modify.php?LSobject={$LSform_object.type}&dn={$LSform_object.dn}' class='LSform-view-actions'>Modifier</a></p>{/if}
|
||||
{if $LSview_actions != ''}
|
||||
<p class='LSview-actions'>
|
||||
{foreach from=$LSview_actions item=item}
|
||||
<a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
|
||||
{/foreach}
|
||||
</p>
|
||||
{/if}
|
||||
|
||||
<dl class='LSform'>
|
||||
{foreach from=$LSform_fields item=field}
|
||||
<dt class='LSform'>{$field.label}</dt>
|
||||
|
|
|
@ -28,6 +28,14 @@
|
|||
<div id='right'>
|
||||
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
|
||||
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
|
||||
|
||||
{if $LSview_actions != ''}
|
||||
<p class='LSview-actions'>
|
||||
{foreach from=$LSview_actions item=item}
|
||||
<a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
|
||||
{/foreach}
|
||||
</p>
|
||||
{/if}
|
||||
<table class='LSobject-list'>
|
||||
<tr class='LSobject-list'>
|
||||
<th class='LSobject-list'>{$LSobject_list_objectname}</th>
|
||||
|
@ -36,7 +44,13 @@
|
|||
{foreach from=$LSobject_list item=object}
|
||||
<tr class='LSobject-list'>
|
||||
<td class='LSobject-list LSobject-list-names'><a href='view.php?LSobject={$LSobject_list_objecttype}&dn={$object.dn}' class='LSobject-list'>{$object.displayValue}</a> </td>
|
||||
<td class='LSobject-list LSobject-list-actions'>{if $object.canEdit}<a href='modify.php?LSobject={$LSobject_list_objecttype}&dn={$object.dn}' class='LSobject-list-actions'><img src='templates/images/edit.png' alt='{$_Modifier}' title='{$_Modifier}'/></a>{/if}</td>
|
||||
<td class='LSobject-list LSobject-list-actions'>
|
||||
{if $object.actions!=''}
|
||||
{foreach from=$object.actions item=item}
|
||||
<a href='{$item.url}' class='LSobject-list-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}'/></a>
|
||||
{/foreach}
|
||||
{/if}
|
||||
</td>
|
||||
</tr>
|
||||
{/foreach}
|
||||
</table>
|
||||
|
|
220
trunk/view.php
|
@ -28,82 +28,174 @@ require_once 'includes/class/class.LSsession.php';
|
|||
$GLOBALS['LSsession'] = new LSsession();
|
||||
|
||||
if($LSsession -> startLSsession()) {
|
||||
$LSobject = $_GET['LSobject'];
|
||||
if (isset($_GET['LSobject'])) {
|
||||
$LSobject = $_GET['LSobject'];
|
||||
|
||||
if ( $LSobject == 'SELF' ) {
|
||||
if ($GLOBALS['LSsession'] -> canAccess($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
|
||||
if ( $GLOBALS['LSsession'] -> canEdit($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
|
||||
$GLOBALS['Smarty'] -> assign('LSform_canEdit',true);
|
||||
if ( $LSobject == 'SELF' ) {
|
||||
if ($GLOBALS['LSsession'] -> canAccess($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
|
||||
if ( $GLOBALS['LSsession'] -> canEdit($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn')) ) {
|
||||
$LSview_actions[] = array (
|
||||
'label' => _('Modifier'),
|
||||
'url' => 'modify.php?LSobject='.$GLOBALS['LSsession']-> LSuserObject -> getType().'&dn='.$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'),
|
||||
'action' => 'modify'
|
||||
);
|
||||
}
|
||||
|
||||
if ($GLOBALS['LSsession'] -> canCreate($GLOBALS['LSsession']-> LSuserObject -> getType())) {
|
||||
$LSview_actions[] = array(
|
||||
'label' => _('Copier'),
|
||||
'url' =>'create.php?LSobject='.$GLOBALS['LSsession']-> LSuserObject -> getType().'&load='.$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'),
|
||||
'action' => 'copy'
|
||||
);
|
||||
}
|
||||
|
||||
if ($GLOBALS['LSsession'] -> canRemove($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
|
||||
$LSview_actions[] = array (
|
||||
'label' => _('Supprimer'),
|
||||
'url' => 'remove.php?LSobject='.$GLOBALS['LSsession']-> LSuserObject -> getType().'&dn='.$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'),
|
||||
'action' => 'delete'
|
||||
);
|
||||
}
|
||||
|
||||
$GLOBALS['Smarty'] -> assign('pagetitle',_('Mon compte'));
|
||||
$GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
|
||||
$form = $GLOBALS['LSsession']-> LSuserObject -> getView();
|
||||
$form -> displayView();
|
||||
$GLOBALS['LSsession'] -> setTemplate('view.tpl');
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1004,$_GET['LSobject']);
|
||||
}
|
||||
$GLOBALS['Smarty'] -> assign('pagetitle',_('Mon compte'));
|
||||
$form = $GLOBALS['LSsession']-> LSuserObject -> getView();
|
||||
$form -> displayView();
|
||||
$GLOBALS['LSsession'] -> setTemplate('view.tpl');
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1004,$_GET['LSobject']);
|
||||
}
|
||||
}
|
||||
else {
|
||||
if ( $GLOBALS['LSsession'] -> loadLSobject($_GET['LSobject']) ) {
|
||||
if ( isset($_GET['dn']) ) {
|
||||
if ($GLOBALS['LSsession'] -> canAccess($_GET['LSobject'],$_GET['dn'])) {
|
||||
if ( $GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$_GET['dn']) ) {
|
||||
$GLOBALS['Smarty'] -> assign('LSform_canEdit','true');
|
||||
if ( $GLOBALS['LSsession'] -> loadLSobject($_GET['LSobject']) ) {
|
||||
if ( isset($_GET['dn']) ) {
|
||||
if ($GLOBALS['LSsession'] -> canAccess($_GET['LSobject'],$_GET['dn'])) {
|
||||
if ( $GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$_GET['dn']) ) {
|
||||
$LSview_actions[] = array(
|
||||
'label' => _('Modifier'),
|
||||
'url' =>'modify.php?LSobject='.$_GET['LSobject'].'&dn='.$_GET['dn'],
|
||||
'action' => 'modify'
|
||||
);
|
||||
}
|
||||
|
||||
if ($GLOBALS['LSsession'] -> canCreate($_GET['LSobject'])) {
|
||||
$LSview_actions[] = array(
|
||||
'label' => _('Copier'),
|
||||
'url' =>'create.php?LSobject='.$_GET['LSobject'].'&load='.$_GET['dn'],
|
||||
'action' => 'copy'
|
||||
);
|
||||
}
|
||||
|
||||
if ($GLOBALS['LSsession'] -> canRemove($_GET['LSobject'],$_GET['dn'])) {
|
||||
$LSview_actions[] = array(
|
||||
'label' => _('Supprimer'),
|
||||
'url' => 'remove.php?LSobject='.$_GET['LSobject'].'&dn='.$_GET['dn'],
|
||||
'action' => 'delete'
|
||||
);
|
||||
}
|
||||
|
||||
$object = new $_GET['LSobject']();
|
||||
$object -> loadData($_GET['dn']);
|
||||
$view = $object -> getView();
|
||||
$view -> displayView();
|
||||
$GLOBALS['Smarty'] -> assign('pagetitle',$object -> getDisplayValue());
|
||||
$GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
|
||||
$GLOBALS['LSsession'] -> setTemplate('view.tpl');
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1011);
|
||||
}
|
||||
$object = new $_GET['LSobject']();
|
||||
$object -> loadData($_GET['dn']);
|
||||
$view = $object -> getView();
|
||||
$view -> displayView();
|
||||
$GLOBALS['LSsession'] -> setTemplate('view.tpl');
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1011);
|
||||
$objectList=array();
|
||||
$object = new $_GET['LSobject']();
|
||||
$GLOBALS['Smarty']->assign('pagetitle',$object -> getLabel());
|
||||
$GLOBALS['Smarty']->assign('LSobject_list_objectname',$object -> getLabel());
|
||||
|
||||
if ($GLOBALS['LSsession'] -> canCreate($_GET['LSobject'])) {
|
||||
$LSview_actions[] = array (
|
||||
'label' => _('Nouveau'),
|
||||
'url' => 'create.php?LSobject='.$_GET['LSobject'],
|
||||
'action' => 'create'
|
||||
);
|
||||
$canCopy=true;
|
||||
}
|
||||
|
||||
$list=$object -> listObjects();
|
||||
$nbObjects=count($list);
|
||||
if ($nbObjects > NB_LSOBJECT_LIST) {
|
||||
if (isset($_GET['page'])) {
|
||||
$list = array_slice($list, ($_GET['page']) * NB_LSOBJECT_LIST, NB_LSOBJECT_LIST);
|
||||
$GLOBALS['Smarty']->assign('LSobject_list_currentpage',$_GET['page']);
|
||||
$GLOBALS['Smarty']->assign('LSobject_list_nbpage',ceil($nbObjects / NB_LSOBJECT_LIST));
|
||||
}
|
||||
else {
|
||||
$list = array_slice($list, 0, NB_LSOBJECT_LIST);
|
||||
$GLOBALS['Smarty']->assign('LSobject_list_currentpage',0);
|
||||
$GLOBALS['Smarty']->assign('LSobject_list_nbpage',ceil($nbObjects / NB_LSOBJECT_LIST));
|
||||
}
|
||||
}
|
||||
foreach($list as $thisObject) {
|
||||
unset($actions);
|
||||
if ($GLOBALS['LSsession'] -> canAccess($_GET['LSobject'],$thisObject->getValue('dn'))) {
|
||||
$actions[] = array(
|
||||
'label' => _('Voir'),
|
||||
'url' =>'view.php?LSobject='.$_GET['LSobject'].'&dn='.$thisObject -> getValue('dn'),
|
||||
'action' => 'view'
|
||||
);
|
||||
|
||||
if ($GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$thisObject->getValue('dn'))) {
|
||||
$actions[]=array(
|
||||
'label' => _('Modifier'),
|
||||
'url' => 'modify.php?LSobject='.$_GET['LSobject'].'&dn='.$thisObject->getValue('dn'),
|
||||
'action' => 'modify'
|
||||
);
|
||||
}
|
||||
|
||||
if ($canCopy) {
|
||||
$actions[] = array(
|
||||
'label' => _('Copier'),
|
||||
'url' =>'create.php?LSobject='.$_GET['LSobject'].'&load='.$thisObject -> getValue('dn'),
|
||||
'action' => 'copy'
|
||||
);
|
||||
}
|
||||
|
||||
if ($GLOBALS['LSsession'] -> canRemove($thisObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
|
||||
$actions[] = array (
|
||||
'label' => _('Supprimer'),
|
||||
'url' => 'remove.php?LSobject='.$_GET['LSobject'].'&dn='.$thisObject -> getValue('dn'),
|
||||
'action' => 'delete'
|
||||
);
|
||||
}
|
||||
|
||||
$objectList[]=array(
|
||||
'dn' => $thisObject->getValue('dn'),
|
||||
'displayValue' => $thisObject->getDisplayValue(),
|
||||
'actions' => $actions
|
||||
);
|
||||
}
|
||||
else {
|
||||
debug($thisObject->getValue('dn'));
|
||||
}
|
||||
}
|
||||
$GLOBALS['LSsession'] -> addJSscript('LSview.js');
|
||||
|
||||
$GLOBALS['Smarty']->assign('_Actions',_('Actions'));
|
||||
$GLOBALS['Smarty']->assign('_Modifier',_('Modifier'));
|
||||
$GLOBALS['Smarty']->assign('LSobject_list',$objectList);
|
||||
$GLOBALS['Smarty']->assign('LSobject_list_objecttype',$_GET['LSobject']);
|
||||
$GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
|
||||
$GLOBALS['LSsession'] -> setTemplate('viewList.tpl');
|
||||
}
|
||||
}
|
||||
else {
|
||||
$objectList=array();
|
||||
$object = new $_GET['LSobject']();
|
||||
$GLOBALS['Smarty']->assign('pagetitle',$object -> getLabel());
|
||||
$GLOBALS['Smarty']->assign('LSobject_list_objectname',$object -> getLabel());
|
||||
$list=$object -> listObjects();
|
||||
$nbObjects=count($list);
|
||||
if ($nbObjects > NB_LSOBJECT_LIST) {
|
||||
if (isset($_GET['page'])) {
|
||||
$list = array_slice($list, ($_GET['page']) * NB_LSOBJECT_LIST, NB_LSOBJECT_LIST);
|
||||
$GLOBALS['Smarty']->assign('LSobject_list_currentpage',$_GET['page']);
|
||||
$GLOBALS['Smarty']->assign('LSobject_list_nbpage',ceil($nbObjects / NB_LSOBJECT_LIST));
|
||||
}
|
||||
else {
|
||||
$list = array_slice($list, 0, NB_LSOBJECT_LIST);
|
||||
$GLOBALS['Smarty']->assign('LSobject_list_currentpage',0);
|
||||
$GLOBALS['Smarty']->assign('LSobject_list_nbpage',ceil($nbObjects / NB_LSOBJECT_LIST));
|
||||
}
|
||||
}
|
||||
foreach($list as $thisObject) {
|
||||
if ($GLOBALS['LSsession'] -> canAccess($_GET['LSobject'],$thisObject->getValue('dn'))) {
|
||||
$objectList[]=array(
|
||||
'dn' => $thisObject->getValue('dn'),
|
||||
'displayValue' => $thisObject->getDisplayValue(),
|
||||
'canEdit' => $GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$thisObject->getValue('dn'))
|
||||
);
|
||||
}
|
||||
else {
|
||||
debug($thisObject->getValue('dn'));
|
||||
}
|
||||
}
|
||||
$GLOBALS['LSsession'] -> addJSscript('LSview.js');
|
||||
|
||||
$GLOBALS['Smarty']->assign('_Actions',_('Actions'));
|
||||
$GLOBALS['Smarty']->assign('_Modifier',_('Modifier'));
|
||||
$GLOBALS['Smarty']->assign('LSobject_list',$objectList);
|
||||
$GLOBALS['Smarty']->assign('LSobject_list_objecttype',$_GET['LSobject']);
|
||||
$GLOBALS['LSsession'] -> setTemplate('viewList.tpl');
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1004,$_GET['LSobject']);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1004,$_GET['LSobject']);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$GLOBALS['LSerror'] -> addErrorCode(1012);
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
|