bn8/ldapsaisie
1
0
Fork 0
mirror of https://gitlab.easter-eggs.com/ee/ldapsaisie.git synced 2024-04-27 02:16:38 +02:00
Code Issues Projects Releases Wiki Activity

Improve POSIX support and add examples to handle this type of attributes

Browse source
This commit is contained in:
Benjamin Renard 2020-09-11 13:54:08 +02:00
parent a848888894
commit 255817d7aa
4 changed files with 324 additions and 126 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
lsexample/lsexample.ldif
View file

@ -141,6 +141,7 @@ dn: uid=hmartin,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
uid: hmartin
homeDirectory: /home/com
@ -168,6 +169,7 @@ dn: uid=s.ldapsaisie,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
loginShell: /bin/false
uidNumber: 101036
@ -194,6 +196,7 @@ dn: uid=ls,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
uid: ls
homeDirectory: /home/ls
@ -222,6 +225,7 @@ uid: erwpa
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
uidNumber: 101082
sambaAcctFlags: [U ]
@ -248,6 +252,7 @@ dn: uid=eeggs2,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
uid: eeggs2
uidNumber: 1000000
gidNumber: 102009
@ -269,6 +274,7 @@ dn: uid=eeggs3,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
uid: eeggs3
uidNumber: 10000000
gidNumber: 102009
@ -368,6 +374,7 @@ dn: uid=user1,ou=people,ou=company1,ou=companies,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
givenName: prenom1
loginShell: /bin/false
@ -390,6 +397,7 @@ dn: uid=user2,ou=people,ou=company1,ou=companies,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
givenName: prenom2
loginShell: /bin/false
@ -440,6 +448,7 @@ dn: uid=eeggs,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
loginShell: /bin/bash
personalTitle: M.
@ -469,6 +478,7 @@ dn: uid=invite,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
givenName: Utilisateur
loginShell: /bin/false
@ -490,6 +500,7 @@ dn: uid=demo,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
givenName: Demonstration
loginShell: /bin/false
@ -512,6 +523,7 @@ dn: uid=admin,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
givenName: Administration
loginShell: /bin/false

381
src/conf/LSobjects/config.LSobjects.LSpeople.php
View file

@ -25,6 +25,7 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
'top',
'lspeople',
'posixAccount',
'shadowAccount',
'sambaSamAccount',
),
'rdn' => 'uid',
@ -137,7 +138,12 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
'uidNumber',
'gidNumber',
'loginShell',
'homeDirectory'
'homeDirectory',
'gecos',
'shadowExpire',
'shadowMax',
'shadowInactive',
'shadowLastChange',
)
),
'Samba' => array (
@ -268,35 +274,6 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'uidNumber' => array (
'label' => 'Numeric identifier',
'ldap_type' => 'numeric',
'html_type' => 'text',
'required' => 1,
'generate_function' => 'generate_samba_uidNumber',
'check_data' => array (
'numeric' => array(
'msg' => "The numeric identifier must be an integer."
),
),
'validation' => array (
array (
'filter' => 'uidNumber=%{val}',
'result' => 0,
'msg' => 'This uid is already used.'
)
),
'rights' => array(
'admin' => 'w'
),
'view' => 1,
'form' => array (
'modify' => 0,
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'givenName' => array (
'label' => 'First Name',
@ -366,101 +343,8 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
'form' => array (
'modify' => 1,
'create' => 1
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'gidNumber' => array (
'label' => 'Main group',
'ldap_type' => 'numeric',
'html_type' => 'select_list',
'html_options' => array (
'possible_values' => array(
'0' => 'No group',
array (
'label' => 'LDAP Groups',
'possible_values' => array (
'OTHER_OBJECT' => array (
'object_type' => 'LSgroup', // Nom de l'objet à lister
'display_name_format' => '%{cn} (%{gidNumber})', // Spécifie le attributs à lister pour le choix,
// si non définie => utilisation du 'display_name_format'
// de la définition de l'objet
'value_attribute' => 'gidNumber', // Spécifie le attributs dont la valeur sera retournée par
/*'filter' => // le formulaire spécifie les filtres de recherche pour
array ( // l'établissement de la liste d'objets :
array( // Premier filtre
'filter' => 'cn=*a*',
//'basedn' => 'o=company',
'scope' => 'sub',
)
)*/
)
)
)
)
),
'multiple' => false,
'required' => 1,
'validation' => array (
array (
'msg' => "This group doesn't exist.",
'object_type' => 'LSgroup', // 'object_type' : Permet definir le type d'objet recherchés
//'basedn' => 'o=company', // et d'utiliser les objectClass définis dans le fichier de configuration
'filter' => '(gidNumber=%{val})', // pour la recherche
'result' => 1
)
),
'rights' => array(
'admin' => 'w',
'godfather' => 'r'
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1
),
'dependAttrs' => array(
'sambaPrimaryGroupSID',
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'loginShell' => array (
'label' => 'Command shell',
'help_info' => "Allow user to connect a POSIX system.",
'ldap_type' => 'boolean',
'ldap_options' => array (
'true_value' => '/bin/bash',
'false_value' => '/bin/false'
),
'html_type' => 'boolean',
'required' => 1,
'default_value' => 'no',
'rights' => array(
'admin' => 'w'
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'homeDirectory' => array (
'label' => 'Home Directory',
'ldap_type' => 'ascii',
'html_type' => 'text',
'required' => 1,
'generate_function' => 'generate_homeDirectory',
'rights' => array(
'admin' => 'r'
),
'view' => 1
'dependAttrs' => array('gecos'),
),
/* ----------- end -----------*/
@ -599,7 +483,9 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
),
'dependAttrs' => array(
'sambaLMPassword',
'sambaNTPassword'
'sambaNTPassword',
'sambaPwdLastSet',
'shadowLastChange',
),
'form' => array (
'modify' => 1,
@ -693,7 +579,250 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
/* ----------- end -----------*/
/************************************************
* Samba Attributres
* POSIX Attributes
************************************************/
/* ----------- start -----------*/
'uidNumber' => array (
'label' => 'Numeric identifier',
'ldap_type' => 'numeric',
'html_type' => 'text',
'required' => 1,
'generate_function' => 'generate_samba_uidNumber',
'check_data' => array (
'numeric' => array(
'msg' => "The numeric identifier must be an integer."
),
),
'validation' => array (
array (
'filter' => 'uidNumber=%{val}',
'result' => 0,
'msg' => 'This uid is already used.'
)
),
'rights' => array(
'admin' => 'w'
),
'view' => 1,
'form' => array (
'modify' => 0,
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'gidNumber' => array (
'label' => 'Main group',
'ldap_type' => 'numeric',
'html_type' => 'select_list',
'html_options' => array (
'possible_values' => array(
'0' => 'No group',
array (
'label' => 'LDAP Groups',
'possible_values' => array (
'OTHER_OBJECT' => array (
'object_type' => 'LSgroup', // Nom de l'objet à lister
'display_name_format' => '%{cn} (%{gidNumber})', // Spécifie le attributs à lister pour le choix,
// si non définie => utilisation du 'display_name_format'
// de la définition de l'objet
'value_attribute' => 'gidNumber', // Spécifie le attributs dont la valeur sera retournée par
/*'filter' => // le formulaire spécifie les filtres de recherche pour
array ( // l'établissement de la liste d'objets :
array( // Premier filtre
'filter' => 'cn=*a*',
//'basedn' => 'o=company',
'scope' => 'sub',
)
)*/
)
)
)
)
),
'multiple' => false,
'required' => 1,
'validation' => array (
array (
'msg' => "This group doesn't exist.",
'object_type' => 'LSgroup', // 'object_type' : Permet definir le type d'objet recherchés
//'basedn' => 'o=company', // et d'utiliser les objectClass définis dans le fichier de configuration
'filter' => '(gidNumber=%{val})', // pour la recherche
'result' => 1
)
),
'rights' => array(
'admin' => 'w',
'godfather' => 'r'
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1
),
'dependAttrs' => array(
'sambaPrimaryGroupSID',
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'loginShell' => array (
'label' => 'Command shell',
'help_info' => "Allow user to connect a POSIX system.",
'ldap_type' => 'boolean',
'ldap_options' => array (
'true_value' => '/bin/bash',
'false_value' => '/bin/false'
),
'html_type' => 'boolean',
'required' => 1,
'default_value' => 'no',
'rights' => array(
'admin' => 'w'
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'homeDirectory' => array (
'label' => 'Home Directory',
'ldap_type' => 'ascii',
'html_type' => 'text',
'required' => 1,
'generate_function' => 'generate_homeDirectory',
'rights' => array(
'admin' => 'r'
),
'view' => 1
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'gecos' => array (
'label' => 'Gecos',
'ldap_type' => 'ascii',
'html_type' => 'text',
'html_options' => array(
'generate_value_format' => '%{cn~}',
'autoGenerateOnModify' => true, // default : false
'autoGenerateOnCreate' => true // default : false
),
'required' => 1,
'generate_value_format' => '%{cn~}',
'rights' => array(
'admin' => 'w'
),
'view' => 1,
'form' => array(
'modify' => 1,
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'shadowExpire' => array (
'label' => 'Password expiration',
'ldap_type' => 'shadowExpire',
'html_type' => 'date',
'html_options' => array(
'time' => false,
'showNowButton' => False,
'special_values' => array(
'0' => 'Always (disable account)',
),
),
'required' => 0,
'generate_function' => 'generate_shadowExpire_from_sambaPwdMustChange',
'rights' => array(
'admin' => 'w'
),
'view' => 1,
'form' => array(
'modify' => 1,
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'shadowMax' => array (
'label' => 'Password validity (in days)',
'help_info' => 'The maximum number of days the password is valid.',
'ldap_type' => 'numeric',
'html_type' => 'text',
'check_data' => array (
'integer' => array(
'params' => array(
'positive' => true,
),
'msg' => "The password validity must be an positive integer.",
),
),
'required' => 0,
'rights' => array(
'admin' => 'w'
),
'view' => 1,
'form' => array(
'create' => 1,
'modify' => 1,
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'shadowInactive' => array (
'label' => 'Inactivity allowed (in days)',
'help_info' => 'The number of days of inactivity allowed for the specified user.',
'ldap_type' => 'numeric',
'html_type' => 'text',
'check_data' => array (
'integer' => array(
'params' => array(
'positive' => true,
),
'msg' => "The inactivity allowed must be an positive integer.",
),
),
'required' => 0,
'rights' => array(
'admin' => 'w'
),
'view' => 1,
'form' => array(
'create' => 1,
'modify' => 1,
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'shadowLastChange' => array (
'label' => 'Password last change time',
'ldap_type' => 'shadowExpire',
'html_type' => 'date',
'html_options' => array(
'time' => False,
'showNowButton' => False,
),
'generate_function' => 'generate_shadowLastChange',
'no_value_label' => 'Never',
'rights' => array(
'admin' => 'w'
),
'view' => 1,
),
/* ----------- end -----------*/
/************************************************
* Samba Attributes
************************************************/
/* ----------- start -----------*/

16
src/includes/addons/LSaddons.posix.php
View file

@ -261,3 +261,19 @@ LSerror :: defineError('POSIX_01',
}
return $uids;
}
/**
* Generate shadowLastChange attribute value
*
* Just return a shadowLastChange value corresponding to current date.
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @param[in] $anything anything
*
* @retval integer The shadowLastChange attribute value (=current date)
*/
function generate_shadowLastChange($anything) {
return time()/86400;
}

41
src/lang/fr_FR.UTF8/lang.php
View file

@ -16,6 +16,10 @@ $GLOBALS['LSlang'] = array (
"Allow user to connect a POSIX system." =>
"Autorisie l'utilisateur à se connecter aux systèmes POSIX.",
# LSobjects.LSpeople.attrs.shadowExpire.html_options.special_values.0
"Always (disable account)" =>
"Toujours (compte désactivé)",
# LSobjects.LSpeople.attrs.sambaPwdMustChange.html_options.special_values.0
"At first login" =>
"À la première connexion",
@ -99,6 +103,10 @@ $GLOBALS['LSlang'] = array (
"Full Name" =>
"Nom complet",
# LSobjects.LSpeople.attrs.gecos.label
"Gecos" =>
"Gecos",
# LSobjects.LSpeople.attrs.mail.check_data.email.msg
"Given email address is invalid." =>
"L'adresse mail saisie est invalide.",
@ -128,6 +136,10 @@ $GLOBALS['LSlang'] = array (
"If not set, the user will be free to change his password whenever he wants." =>
"Si non défini, l'utilisateur pourra changer son mot de passe quand il le veut.",
# LSobjects.LSpeople.attrs.shadowInactive.label
"Inactivity allowed (in days)" =>
"Durée d'inactivité autorisée (en jours)",
# LSobjects.LSpeople.attrs.gidNumber.html_options.possible_values.1.label
"LDAP Groups" =>
"Groupes LDAP",
@ -192,6 +204,7 @@ $GLOBALS['LSlang'] = array (
"Nb / page :" =>
"Nb / page :",
# LSobjects.LSpeople.attrs.shadowLastChange.no_value_label
# LSobjects.LSpeople.attrs.sambaLogonTime.no_value_label
# LSobjects.LSpeople.attrs.sambaLogoffTime.no_value_label
# LSobjects.LSpeople.attrs.sambaKickoffTime.html_options.special_values.2147483647
@ -214,10 +227,22 @@ $GLOBALS['LSlang'] = array (
"One or several users don't exist." =>
"Un ou plusieurs utilisateurs n'existent pas.",
# LSobjects.LSpeople.attrs.shadowExpire.label
"Password expiration" =>
"Expiration du mot de passe",
# LSobjects.LSpeople.attrs.shadowLastChange.label
"Password last change time" =>
"Dernière modification du mot de passe",
# LSobjects.LSpeople.attrs.lsRecoveryHash.label
"Password recovery hash" =>
"Hash de récupération de mot de passe",
# LSobjects.LSpeople.attrs.shadowMax.label
"Password validity (in days)" =>
"Durée de validité du mot de passe (en jours)",
# LSobjects.LSpeople.attrs.jpegPhoto.label
"Picture" =>
"Image",
@ -310,10 +335,26 @@ $GLOBALS['LSlang'] = array (
"The first name must contain alphanumeric values only." =>
"Le prénom doit contenir uniquement des caractères alpha-numérique.",
# LSobjects.LSpeople.attrs.shadowInactive.check_data.integer.msg
"The inactivity allowed must be an positive integer." =>
"La durée d'inactivité autorisée doit être un entier positif.",
# LSobjects.LSpeople.attrs.shadowMax.help_info
"The maximum number of days the password is valid." =>
"Le nombre de jours maximum durant lequel le mot de passe sera valide.",
# LSobjects.LSpeople.attrs.shadowInactive.help_info
"The number of days of inactivity allowed for the specified user." =>
"Le nombre de jours d'inactivité autorisée pour cet utilisateur.",
# LSobjects.LSpeople.attrs.uidNumber.check_data.numeric.msg
"The numeric identifier must be an integer." =>
"L'identifiant numérique doit forcement être un entier.",
# LSobjects.LSpeople.attrs.shadowMax.check_data.integer.msg
"The password validity must be an positive integer." =>
"La durée de validité du mot de passe doit être un entier positif.",
# LSobjects.LSpeople.attrs.gidNumber.validation.0.msg
"This group doesn't exist." =>
"Ce groupe n'existe pas.",