ldap-useradmin/0000775000567100000120000000000011220733746013452 5ustar jcameronwheelldap-useradmin/config-sol-linux0000664000567100000120000000057111220733746016575 0ustar jcameronwheelauth_ldap=/etc/ldap.conf imap_login=cyrus samba_class=sambaAccount imap_class=SuSEeMailObject imap_folders=old public sent-mail md5=0 given=0 slappasswd=slappasswd samba_def=0 imap_def=0 multi_fields=0 mailfmt=0 shells=fixed,ldap,passwd,shells secmode=0 samba_gclass=sambaGroup alias_same=0 given_class=inetOrgPerson person=1 given_order=0 imap_foldersep=. ldap_tls=0 membox=0 ldap-useradmin/mass_delete_user.cgi0000755000567100000120000001625711220733746017475 0ustar jcameronwheel#!/usr/local/bin/perl # mass_delete_user.cgi # Delete multiple users, after asking for confirmation require './ldap-useradmin-lib.pl'; &ReadParse(); $ldap = &ldap_connect(); %ulist = map { $_->{'user'}, $_ } &list_users(); &error_setup($text{'umass_err'}); foreach $name (split(/\0/, $in{'d'})) { $user = $ulist{$name}; if ($user) { &can_edit_user($user) || &error(&text('umass_euser', $name)); push(@dlist, $user); $delete_sys = $user if ($user->{'uid'} < 10 && (!$delete_sys || $user->{'uid'} < $delete_sys->{'uid'})); } } @dlist || &error($text{'umass_enone'}); if ($in{'disable'}) { # Disabling a bunch of users &ui_print_unbuffered_header(undef, $text{'dmass_title'}, ""); if ($in{'confirmed'}) { foreach $user (@dlist) { # Show username print "",&text('dmass_doing', $user->{'user'}),"
\n"; print "\n"; } &webmin_log("disable", "users", scalar(@dlist), { 'user' => [ map { $_->{'user'} } @dlist ] }); &ui_print_footer("", $text{'index_return'}); } else { # Ask if the user is sure print &ui_confirmation_form( "mass_delete_user.cgi", &text('dmass_sure', scalar(@dlist)), [ [ "confirmed", 1 ], [ "disable", 1 ], map { [ "d", $_->{'user'} ] } @dlist ], [ [ undef, $text{'dmass_dis'} ] ], ); &ui_print_footer("", $text{'index_return'}); } } elsif ($in{'enable'}) { # Enabling a bunch of users &ui_print_unbuffered_header(undef, $text{'emass_title'}, ""); foreach $user (@dlist) { # Show username print "",&text('emass_doing', $user->{'user'}),"
\n"; print "\n"; } &webmin_log("enable", "users", scalar(@dlist), { 'user' => [ map { $_->{'user'} } @dlist ] }); &ui_print_footer("", $text{'index_return'}); } else { # Deleting a bunch of users &ui_print_unbuffered_header(undef, $text{'umass_title'}, ""); if ($in{'confirmed'}) { foreach $user (@dlist) { # Show username print "",&text('umass_doing', $user->{'user'}),"
\n"; print "\n"; } &webmin_log("delete", "users", scalar(@dlist), { 'user' => [ map { $_->{'user'} } @dlist ] }); &ui_print_footer("", $text{'index_return'}); } else { # Sum up home directories foreach $user (@dlist) { if ($user->{'home'} ne "/" && -d $user->{'home'}) { $size += &disk_usage_kb($user->{'home'}); } } # Ask if the user is sure print &ui_confirmation_form( "mass_delete_user.cgi", &text('umass_sure', scalar(@dlist), &nice_size($size*1024)), [ [ "confirmed", 1 ], map { [ "d", $_->{'user'} ] } @dlist ], [ [ undef, $text{'umass_del1'} ], [ "delhome", $text{'umass_del2'} ] ], &ui_checkbox("others", 1, $text{'udel_dothers'}, $mconfig{'default_other'}), $delete_sys && $delete_sys->{'user'} eq 'root' ? "$text{'udel_root'}" : "" ); &ui_print_footer("", $text{'index_return'}); } } ldap-useradmin/config0000664000567100000120000000057411220733746014650 0ustar jcameronwheelldap_host=localhost imap_login=cyrus samba_class=sambaAccount imap_class=SuSEeMailObject imap_folders=old public sent-mail md5=0 given=0 slappasswd=slappasswd samba_def=0 imap_def=0 multi_fields=0 mailfmt=0 shells=fixed,ldap,passwd,shells secmode=0 imap_folderalt=1 samba_gclass=sambaGroup alias_same=0 given_class=inetOrgPerson person=1 given_order=0 imap_foldersep=. ldap_tls=0 ldap-useradmin/acl_security.pl0000755000567100000120000001706711220733746016511 0ustar jcameronwheel# XXX need little module for assigning ACLs require 'ldap-useradmin-lib.pl'; # acl_security_form(&options) # Output HTML for editing security options for the useradmin module sub acl_security_form { local $o = $_[0]; print " $text{'acl_uedit'} \n"; printf " $text{'acl_uedit_all'}  \n", $o->{'uedit_mode'} == 0 ? "checked" : ""; printf " $text{'acl_uedit_none'} \n", $o->{'uedit_mode'} == 1 ? "checked" : ""; printf " $text{'acl_uedit_this'}
\n", $o->{'uedit_mode'} == 6 ? "checked" : ""; printf " $text{'acl_uedit_only'}\n", $o->{'uedit_mode'} == 2 ? "checked" : ""; printf " %s
\n", $o->{'uedit_mode'} == 2 ? $o->{'uedit'} : "", &user_chooser_button("uedit_can", 1); printf " $text{'acl_uedit_except'}\n", $o->{'uedit_mode'} == 3 ? "checked" : ""; printf " %s
\n", $o->{'uedit_mode'} == 3 ? $o->{'uedit'} : "", &user_chooser_button("uedit_cannot", 1); printf " $text{'acl_uedit_uid'}\n", $o->{'uedit_mode'} == 4 ? "checked" : ""; printf " - \n", $o->{'uedit_mode'} == 4 ? $o->{'uedit'} : ""; printf "
\n", $o->{'uedit_mode'} == 4 ? $o->{'uedit2'} : ""; printf " $text{'acl_uedit_group'}\n", $o->{'uedit_mode'} == 5 ? "checked" : ""; printf " %s
\n", $o->{'uedit_mode'} == 5 ? join(" ", map { "".getgrgid($_) } split(/\s+/, $o->{'uedit'})) :"", &group_chooser_button("uedit_group", 1); printf "%s %s
\n", " " x 5, $o->{'uedit_sec'} ? 'checked' : '',$text{'acl_uedit_sec'}; printf " $text{'acl_uedit_re'}\n", $o->{'uedit_mode'} == 7 ? "checked" : ""; printf " %s
\n", $o->{'uedit_mode'} == 7 ? $o->{'uedit_re'} : ""; print " \n"; print " $text{'acl_ucreate'} \n"; printf " $text{'yes'}\n", $o->{'ucreate'} ? "checked" : ""; printf " $text{'no'}\n", $o->{'ucreate'} ? "" : "checked"; print "$text{'acl_batch'} \n"; printf " $text{'yes'}\n", $o->{'batch'} ? "checked" : ""; printf " $text{'no'} \n", $o->{'batch'} ? "" : "checked"; print " $text{'acl_home'}\n"; printf " %s
\n", $o->{'home'}, &file_chooser_button("home", 1); printf " %s \n", $o->{'autohome'} ? "checked" : "", $text{'acl_autohome'}; print " $text{'acl_uid'}\n"; print ""; printf " %s
\n", $o->{'umultiple'} ? "checked" : "", $text{'acl_umultiple'}; printf " %s
\n", $o->{'gmultiple'} ? "checked" : "", $text{'acl_gmultiple'}; print " \n"; print "
\n"; print " $text{'acl_gedit'} \n"; printf " $text{'acl_gedit_all'}  \n", $o->{'gedit_mode'} == 0 ? "checked" : ""; printf " $text{'acl_gedit_none'}
\n", $o->{'gedit_mode'} == 1 ? "checked" : ""; printf " $text{'acl_gedit_only'}\n", $o->{'gedit_mode'} == 2 ? "checked" : ""; printf " %s
\n", $o->{'gedit_mode'} == 2 ? $o->{'gedit'} : "", &group_chooser_button("gedit_can", 1); printf " $text{'acl_gedit_except'}\n", $o->{'gedit_mode'} == 3 ? "checked" : ""; printf " %s
\n", $o->{'gedit_mode'} == 3 ? $o->{'gedit'} : "", &group_chooser_button("gedit_cannot", 1); printf " $text{'acl_gedit_gid'}\n", $o->{'gedit_mode'} == 4 ? "checked" : ""; printf " -\n", $o->{'gedit_mode'} == 4 ? $o->{'gedit'} : ""; printf " \n", $o->{'gedit_mode'} == 4 ? $o->{'gedit2'} : ""; print " $text{'acl_gcreate'} \n"; printf " $text{'yes'}\n", $o->{'gcreate'}==1 ? "checked" : ""; printf " $text{'acl_gnew'}\n", $o->{'gcreate'}==2 ? "checked" : ""; printf " $text{'no'} \n", $o->{'gcreate'}==0 ? "checked" : ""; } # acl_security_save(&options) # Parse the form for security options for the useradmin module sub acl_security_save { $_[0]->{'lowuid'} = $in{'lowuid'}; $_[0]->{'hiuid'} = $in{'hiuid'}; $_[0]->{'autouid'} = $in{'autouid'}; $_[0]->{'autogid'} = $in{'autogid'}; $_[0]->{'calcuid'} = $in{'calcuid'}; $_[0]->{'calcgid'} = $in{'calcgid'}; $_[0]->{'useruid'} = $in{'useruid'}; $_[0]->{'usergid'} = $in{'usergid'}; $_[0]->{'lowgid'} = $in{'lowgid'}; $_[0]->{'higid'} = $in{'higid'}; $_[0]->{'uedit_mode'} = $in{'uedit_mode'}; $_[0]->{'uedit'} = $in{'uedit_mode'} == 2 ? $in{'uedit_can'} : $in{'uedit_mode'} == 3 ? $in{'uedit_cannot'} : $in{'uedit_mode'} == 4 ? $in{'uedit_uid'} : $in{'uedit_mode'} == 5 ? join(" ", map { "".getgrnam($_) } split(/\s+/, $in{'uedit_group'})) : ""; $_[0]->{'uedit2'} = $in{'uedit_mode'} == 4 ? $in{'uedit_uid2'} : undef; $_[0]->{'uedit_sec'} = $in{'uedit_mode'} == 5 ? $in{'uedit_sec'} : undef; $_[0]->{'uedit_re'} = $in{'uedit_mode'} == 7 ? $in{'uedit_re'} : undef; $_[0]->{'gedit_mode'} = $in{'gedit_mode'}; $_[0]->{'gedit'} = $in{'gedit_mode'} == 2 ? $in{'gedit_can'} : $in{'gedit_mode'} == 3 ? $in{'gedit_cannot'} : $in{'gedit_mode'} == 4 ? $in{'gedit_gid'} : ""; $_[0]->{'gedit2'} = $in{'gedit_mode'} == 4 ? $in{'gedit_gid2'} : undef; $_[0]->{'ucreate'} = $in{'ucreate'}; $_[0]->{'gcreate'} = $in{'gcreate'}; if ($in{'uedit_gmode'} == 0) { delete($_[0]->{'uedit_gmode'}); $_[0]->{'ugroups'} = "*"; } elsif ($in{'uedit_gmode'} == 2) { delete($_[0]->{'uedit_gmode'}); $_[0]->{'ugroups'} = $in{'uedit_gcan'}; } else { $_[0]->{'uedit_gmode'} = $in{'uedit_gmode'}; $_[0]->{'ugroups'} = $in{'uedit_gmode'} == 3 ? $in{'uedit_gcannot'} : $in{'uedit_gmode'} == 4 ? $in{'uedit_gid'} : ""; } $_[0]->{'ugroups2'} = $in{'uedit_gmode'} == 4 ? $in{'uedit_gid2'} : undef; $_[0]->{'logins'} = $in{'logins_mode'} == 0 ? "" : $in{'logins_mode'} == 1 ? "*" : $in{'logins'}; $_[0]->{'shells'} = $in{'shells_def'} ? "*" : join(" ", split(/\s+/, $in{'shells'})); $_[0]->{'peopt'} = $in{'peopt'}; $_[0]->{'batch'} = $in{'batch'}; $_[0]->{'export'} = $in{'export'}; $_[0]->{'home'} = $in{'home'}; $_[0]->{'delhome'} = $in{'delhome'}; $_[0]->{'autohome'} = $in{'autohome'}; $_[0]->{'umultiple'} = $in{'umultiple'}; $_[0]->{'uuid'} = $in{'uuid'}; $_[0]->{'gmultiple'} = $in{'gmultiple'}; $_[0]->{'ggid'} = $in{'ggid'}; foreach $o ('chuid', 'chgid', 'movehome', 'mothers', 'makehome', 'copy', 'cothers', 'dothers') { $_[0]->{$o} = $in{$o}; } } ldap-useradmin/config-mandrake-linux0000664000567100000120000000057111220733746017562 0ustar jcameronwheelauth_ldap=/etc/ldap.conf imap_login=cyrus samba_class=sambaAccount imap_class=SuSEeMailObject imap_folders=old public sent-mail md5=0 given=0 slappasswd=slappasswd samba_def=0 imap_def=0 multi_fields=0 mailfmt=0 shells=fixed,ldap,passwd,shells secmode=0 samba_gclass=sambaGroup alias_same=0 given_class=inetOrgPerson person=1 given_order=0 imap_foldersep=. ldap_tls=0 membox=0 ldap-useradmin/log_parser.pl0000775000567100000120000000306211220733746016150 0ustar jcameronwheel# log_parser.pl # Functions for parsing this module's logs do 'ldap-useradmin-lib.pl'; # parse_webmin_log(user, script, action, type, object, ¶ms) # Converts logged information from this module into human-readable form sub parse_webmin_log { local ($user, $script, $action, $type, $object, $p, $long) = @_; $object = &html_escape($object); if ($type eq 'user') { if ($action eq 'modify' && $p->{'old'} ne $object) { return &text('log_urename', "".&html_escape($p->{'old'})."", "$object"); } elsif ($action eq 'modify') { return &text('log_umodify', "$object"); } elsif ($action eq 'create') { return &text('log_ucreate', "$object"); } elsif ($action eq 'delete' && $p->{'delhome'}) { return &text('log_udeletehome', "$object", "".&html_escape($p->{'home'}).""); } elsif ($action eq 'delete') { return &text('log_udelete', "$object"); } } elsif ($type eq 'group') { if ($action eq 'modify') { return &text('log_gmodify', "$object"); } elsif ($action eq 'create') { return &text('log_gcreate', "$object"); } elsif ($action eq 'delete') { return &text('log_gdelete', "$object"); } } elsif ($action eq 'batch') { if ($object =~ /^\//) { return &text($long ? 'log_batch_l' : 'log_batch', "$object", $p->{'created'}, $p->{'modified'}, $p->{'deleted'}); } else { return &text($long ? 'log_ubatch_l' : 'log_ubatch', $p->{'created'}, $p->{'modified'},$p->{'deleted'}); } } return undef; } ldap-useradmin/edit_user.cgi0000775000567100000120000003213211220733746016125 0ustar jcameronwheel#!/usr/local/bin/perl # edit_user.cgi # Display details of an existing user and allow editing require './ldap-useradmin-lib.pl'; use Time::Local; &ReadParse(); $ldap = &ldap_connect(); $schema = $ldap->schema(); if ($in{'new'}) { $access{'ucreate'} || &error($text{'uedit_ecreate'}); $pass = $mconfig{'lock_string'}; $shell = $mconfig{'default_shell'} if ($mconfig{'default_shell'}); foreach $oec (split(/\s+/, $config{'other_class'})) { $oclass{$oec}++; } if ($config{'samba_def'}) { $oclass{$samba_class}++; } if ($config{'imap_def'}) { @cyrus_class_3 = split(' ',$cyrus_class); $oclass{$cyrus_class_3[0]}++; } # Get initial values from form parameters foreach $n ("user", "firstname", "lastname", "real", "home", "shell", "gid", "pass", "change", "expire", "min", "max", "warn", "inactive") { if (defined($in{$n})) { $$n = $in{$n}; } } &ui_print_header(undef, $text{'uedit_title2'}, ""); } else { # Get values from current user $rv = $ldap->search(base => $in{'dn'}, scope => 'base', filter => '(objectClass=posixAccount)'); ($uinfo) = $rv->all_entries; @users = $uinfo->get_value('uid'); $user = $users[0]; $uid = $uinfo->get_value('uidNumber'); $firstname = $uinfo->get_value('givenName'); $lastname = $uinfo->get_value('sn'); $real = $uinfo->get_value('cn'); $home = $uinfo->get_value('homeDirectory'); $shell = $uinfo->get_value('loginShell'); $gid = $uinfo->get_value('gidNumber'); $pass = $uinfo->get_value('userPassword'); $change = $uinfo->get_value('shadowLastChange'); $expire = $uinfo->get_value('shadowExpire'); $min = $uinfo->get_value('shadowMin'); $max = $uinfo->get_value('shadowMax'); $warn = $uinfo->get_value('shadowWarning'); $inactive = $uinfo->get_value('shadowInactive'); foreach $oc ($uinfo->get_value('objectClass')) { $oclass{$oc} = 1; } @alias = $uinfo->get_value($config{'maillocaladdress'} || 'alias'); %uinfo = &dn_to_hash($uinfo); &can_edit_user(\%uinfo) || &error($text{'uedit_eedit'}); &ui_print_header(undef, $text{'uedit_title'}, ""); } @tds = ( "width=30%" ); # build a list of used shells and uids @shlist = ($mconfig{'default_shell'} ? ( $mconfig{'default_shell'} ) : ( )); %shells = map { $_, 1 } split(/,/, $config{'shells'}); push(@shlist, "/bin/sh", "/bin/csh", "/bin/false") if ($shells{'fixed'}); if ($shells{'passwd'}) { # Don't do this unless we need to, as scanning all users is slow &build_user_used(undef, \@shlist); } if ($shells{'shells'}) { open(SHELLS, "/etc/shells"); while() { s/\r|\n//g; s/#.*$//; push(@shlist, $_) if (/\S/); } close(SHELLS); } push(@shlist, $shell) if ($shell); @shlist = &unique(@shlist); # Start of the form print &ui_form_start("save_user.cgi", "post"); print &ui_hidden("new", $in{'new'}); print &ui_hidden("dn", $in{'dn'}); print &ui_table_start($text{'uedit_details'}, "width=100%", 2, \@tds); # DN and classes if (!$in{'new'}) { print &ui_table_row($text{'uedit_dn'}, "$in{'dn'}", 3); print &ui_table_row($text{'uedit_classes'}, ,join(" , ", map { "$_" } $uinfo->get_value('objectClass')), 3); } # Show username input print &ui_table_row($text{'user'}, @users > 1 ? &ui_textarea("user", join("\n", @users), 2, 10) : &ui_textbox("user", $user, 20)); # Show UID input, filled in with a default for new users if ($in{'new'}) { # Find the first free UID above the base $newuid = $mconfig{'base_uid'}; while(&check_uid_used($ldap, $newuid)) { $newuid++; } $uidfield = &ui_textbox("uid", $newuid, 10); } else { $uidfield = &ui_textbox("uid", $uid, 10); } print &ui_table_row($text{'uid'}, $uidfield); if ($config{'given'}) { # Show Full name inputs if ($in{'new'}) { if ($config{'given_order'} == 0) { # Firstname surname $onch = "onChange='form.real.value = form.firstname.value+\" \"+form.lastname.value'"; } else { # Surname, firstname $onch = "onChange='form.real.value = form.lastname.value+\", \"+form.firstname.value'"; } } print &ui_table_row($text{'uedit_firstname'}, &ui_textbox("firstname", $firstname, 20, 0, undef, $onch)); print &ui_table_row($text{'uedit_lastname'}, &ui_textbox("lastname", $lastname, 20, 0, undef, $onch)); } # Show real name input print &ui_table_row($text{'real'}, &ui_textbox("real", $real, 40)); # Show home directory input, with an 'automatic' option if ($mconfig{'home_base'}) { local $hb = $in{'new'} || &auto_home_dir($mconfig{'home_base'}, $user) eq $home; $homefield = &ui_radio("home_base", $hb ? 1 : 0, [ [ 1, $text{'uedit_auto'} ], [ 0, &ui_filebox("home", $hb ? "" : $home, 25, 0, undef, undef, 1) ] ]); } else { $homefield = &ui_filebox("home", $home, 25, 0, undef, undef, 1); } print &ui_table_row($text{'home'}, $homefield); # Show shell selection menu print &ui_table_row($text{'shell'}, &ui_select("shell", $uinfo{'shell'}, \@shlist, 1, 0, 0, 0, "onChange='form.othersh.disabled = form.shell.value != \"*\"'"). &ui_filebox("othersh", undef, 40, 1)); # Generate password if needed if ($in{'new'} && $mconfig{'random_password'}) { &seed_random(); foreach (1 .. 15) { $random_password .= $random_password_chars[ rand(scalar(@random_password_chars))]; } } # Check if temporary locking is supported if (!$in{'new'} && $pass ne $mconfig{'lock_string'} && $pass ne "") { # Can disable if not already locked, or if a new account $can_disable = 1; if ($pass =~ /^\Q$useradmin::disable_string\E/) { $disabled = 1; $pass =~ s/^\Q$useradmin::disable_string\E//; } } elsif ($in{'new'}) { $can_disable = 1; } # Show password field $passmode = $pass eq "" && $random_password eq "" ? 0 : $pass eq $mconfig{'lock_string'} && $random_password eq "" ? 1 : $random_password ne "" ? 3 : $pass && $pass ne $mconfig{'lock_string'} && $random_password eq "" ? 2 : -1; $pffunc = $mconfig{'passwd_stars'} ? \&ui_password : \&ui_textbox; print &ui_table_row($text{'pass'}, &ui_radio_table("passmode", $passmode, [ [ 0, $mconfig{'empty_mode'} ? $text{'none1'} : $text{'none2'} ], [ 1, $text{'nologin'} ], [ 3, $text{'clear'}, &$pffunc("pass", $mconfig{'random_password'} && $n eq "" ? $random_password : "", 15) ], $access{'nocrypt'} ? ( [ 2, $text{'nochange'}, &ui_hidden("encpass", $pass) ] ) : ( [ 2, $text{'encrypted'}, &ui_textbox("encpass", $passmode == 2 ? $pass : "", 40) ] ) ]). ($can_disable ? "  ".&ui_checkbox("disable", 1, $text{'uedit_disabled'}, $disabled) : "") ); print &ui_table_end(); # Show shadow password options if (&in_schema($schema, "shadowLastChange")) { print &ui_table_start($text{'uedit_passopts'}, "width=100%", 4, \@tds); # Last change date print &ui_table_row($text{'change'}, ($uinfo{'change'} ? &make_date(timelocal( gmtime($change * 60*60*24)),1) : $n eq "" ? $text{'uedit_never'} : $text{'uedit_unknown'})); # Expiry date if ($in{'new'} && $mconfig{'default_expire'} =~ /^(\d+)\/(\d+)\/(\d+)$/) { $eday = $1; $emon = $2; $eyear = $3; } elsif ($expire) { @tm = localtime(timelocal(gmtime($expire * 60*60*24))); $eday = $tm[3]; $emon = $tm[4]+1; $eyear = $tm[5]+1900; } print &ui_table_row($text{'expire'}, &useradmin::date_input($eday, $emon, $eyear, 'expire')); # Minimum and maximum days for changing print &ui_table_row($text{'min'}, &ui_textbox("min", $in{'new'} ? $mconfig{'default_min'} : $min, 5)); print &ui_table_row($text{'max'}, &ui_textbox("max", $in{'new'} ? $mconfig{'default_max'} : $max, 5)); # Password warning days print &ui_table_row($text{'warn'}, &ui_textbox("warn", $in{'new'} ? $mconfig{'default_warn'} : $warn, 5)); # Inactive dats print &ui_table_row($text{'inactive'}, &ui_textbox("inactive", $in{'new'} ?$mconfig{'default_inactive'} : $inactive, 5)); print &ui_table_end(); } # Group memberships section print &ui_table_start($text{'uedit_gmem'}, "width=100%", 4, \@tds); # Primary group print &ui_table_row($text{'group'}, &ui_textbox("gid", $in{'new'} ? $mconfig{'default_group'} : ($x=&all_getgrgid($gid)) || $gid, 13). " ".&group_chooser_button("gid"), 3); if ($config{'secmode'} != 1) { # Work out which secondary groups the user is in @defsecs = &split_quoted_string($mconfig{'default_secs'}); $base = &get_group_base(); $rv = $ldap->search(base => $base, filter => '(objectClass=posixGroup)'); %ingroups = ( ); foreach $g (sort { lc($a->dn()) cmp lc($b->dn()) } $rv->all_entries) { $group = $g->get_value("cn"); @mems = $g->get_value("memberUid"); local $ismem = &indexof($user, @mems) >= 0; if ($n eq "") { $ismem = 1 if (&indexof($group, @defsecs) >= 0); } $ingroups{$group} = $ismem; } } if ($config{'secmode'} == 0) { # Show secondary groups with select menu foreach $g (sort { lc($a->dn()) cmp lc($b->dn()) } $rv->all_entries) { $group = $g->get_value("cn"); push(@canglist, [ $group, $group ]); } @ingroups = map { [ $_, $_ ] } sort { $a cmp $b } grep { $ingroups{$_} } (keys %ingroups); $groupfield = &ui_multi_select("sgid", \@ingroups, \@canglist, 5, 1, 0, $text{'uedit_allg'}, $text{'uedit_ing'}); } elsif ($config{'secmode'} == 2) { # Show a text box @insecs = ( ); foreach $g (sort { lc($a->dn()) cmp lc($b->dn()) } $rv->all_entries) { $group = $g->get_value("cn"); if ($ingroups{$group}) { push(@insecs, $group); } } $groupfield = &ui_textarea("sgid", join("\n", @insecs), 5, 20); } if ($groupfield) { print &ui_table_row($text{'uedit_2nd'}, $groupfield, 3); } print &ui_table_end(); # Show extra fields (if any) &extra_fields_input($config{'fields'}, $uinfo); # Show capabilties section print &ui_table_start($text{'uedit_cap'}, "width=100%", 4, \@tds); # Samba login? print &ui_table_row($text{'uedit_samba'}, &ui_yesno_radio("samba", $oclass{$samba_class} ? 1 : 0)); if ($config{'imap_host'}) { # Cyrus IMAP login @cyrus_class_3 = split(' ',$cyrus_class); print &ui_table_row($text{'uedit_cyrus'}, &ui_yesno_radio("cyrus", $oclass{$cyrus_class_3[0]} ? 1 : 0)); # IMAP domain if ($config{'domain'}) { print &ui_table_row($text{'uedit_alias'}, &ui_textbox("alias", join(" ", @alias), 40), 3); } # Show field for changing the quota on existing users, or setting # it for new users if ($config{'quota_support'}) { print &ui_table_row($text{'uedit_quota'}, $in{'new'} || !$oclass{$cyrus_class_3[0]} ? &ui_textbox("quota", $config{'quota'}, 10)." kB" : &ui_opt_textbox("quota", undef, 10, $text{'uedit_unquota'})." Kb"); } } else { print &ui_hidden("cyrus", $oclass{$cyrus_class}); } print &ui_table_end(); if ($in{'new'}) { # On-create options print &ui_table_start($text{'uedit_oncreate'}, "width=100%", 2, \@tds); # Create home dir? print &ui_table_row($text{'uedit_makehome'}, &ui_yesno_radio("makehome", 1)); # Create in other modules? print &ui_table_row($text{'uedit_cothers'}, &ui_yesno_radio("others", $mconfig{'default_other'})); print &ui_table_end(); } else { # On save options print &ui_table_start($text{'onsave'}, "width=100%", 2, \@tds); # Move home directory print &ui_table_row($text{'uedit_movehome'}, &ui_yesno_radio("movehome", 1)); # Change UID on files print &ui_table_row($text{'uedit_chuid'}, &ui_radio("chuid", 1, [ [ 0, $text{'no'} ], [ 1, $text{'home'} ], [ 2, $text{'uedit_allfiles'} ] ])); # Change GID on files print &ui_table_row($text{'uedit_chgid'}, &ui_radio("chgid", 1, [ [ 0, $text{'no'} ], [ 1, $text{'home'} ], [ 2, $text{'uedit_allfiles'} ] ])); # Modify in other modules print &ui_table_row($text{'uedit_mothers'}, &ui_yesno_radio("others", $mconfig{'default_other'} ? 1 : 0)); print &ui_table_end(); } # Build buttons for end of form @buts = ( ); if ($in{'new'}) { # Show buttons for new users push(@buts, [ undef, $text{'create'} ]); } else { # Show buttons for existing users push(@buts, [ undef, $text{'save'} ], [ 'raw', $text{'uedit_raw'} ]); if (&foreign_available("mailboxes") && &foreign_installed("mailboxes", 1)) { # Link to the mailboxes module, if installed push(@buts, [ 'mailboxes', $text{'uedit_mail'} ]); } if (&foreign_available("usermin") && &foreign_installed("usermin", 1) && (%uacl = &get_module_acl("usermin") && $uacl{'sessions'})) { # Link to Usermin module for switching to some user &foreign_require("usermin", "usermin-lib.pl"); local %uminiserv; &usermin::get_usermin_miniserv_config(\%uminiserv); if ($uminiserv{'session'}) { push(@buts, [ "switch", $text{'uedit_swit'} ]); } } push(@buts, [ 'delete', $text{'delete'} ]); } print &ui_form_end(\@buts); &ui_print_footer("", $text{'index_return'}); ldap-useradmin/config-suse-linux0000664000567100000120000000060211220733746016752 0ustar jcameronwheelauth_ldap=/etc/openldap/ldap.conf imap_login=cyrus samba_class=sambaAccount imap_class=SuSEeMailObject imap_folders=old public sent-mail md5=0 given=0 slappasswd=slappasswd samba_def=0 imap_def=0 multi_fields=0 mailfmt=0 shells=fixed,ldap,passwd,shells secmode=0 samba_gclass=sambaGroup alias_same=0 given_class=inetOrgPerson person=1 given_order=0 imap_foldersep=. ldap_tls=0 membox=0 ldap-useradmin/edit_group.cgi0000775000567100000120000001006611220733746016305 0ustar jcameronwheel#!/usr/local/bin/perl # edit_group.cgi # Display a form for editing or creating a group require './ldap-useradmin-lib.pl'; &ReadParse(); $ldap = &ldap_connect(); if ($in{'new'}) { $access{'gcreate'} || &error($text{'gedit_ecreate'}); &ui_print_header(undef, $text{'gedit_title2'}, ""); } else { $rv = $ldap->search(base => $in{'dn'}, scope => 'base', filter => '(objectClass=posixGroup)'); ($ginfo) = $rv->all_entries; $group = $ginfo->get_value('cn'); $gid = $ginfo->get_value('gidNumber'); $pass = $ginfo->get_value('userPassword'); @members = $ginfo->get_value('memberUid'); foreach $oc ($ginfo->get_value('objectClass')) { $oclass{$oc} = 1; } %ginfo = &dn_to_hash($ginfo); &can_edit_group(\%ginfo) || &error($text{'gedit_eedit'}); &ui_print_header(undef, $text{'gedit_title'}, ""); } # Build list of all possible users @ulist = &useradmin::list_users(); %ulistdone = map { $_->{'user'}, 1 } @ulist; push(@ulist, grep { !$ulistdone{$_->{'user'}} } &list_users()); # Start of form print &ui_form_start("save_group.cgi", "post"); print &ui_hidden("new", $in{'new'}); print &ui_hidden("dn", $in{'dn'}); print &ui_table_start($text{'gedit_details'}, "width=100%", 2, [ "width=30%" ]); # Current DN and classes if (!$in{'new'}) { print &ui_table_row($text{'gedit_dn'}, "$in{'dn'}"); print &ui_table_row($text{'uedit_classes'}, join(" , ", map { "$_" } $ginfo->get_value('objectClass'))); } # Group name print &ui_table_row($text{'gedit_group'}, &ui_textbox("group", $group, 20)); # Group ID if ($in{'new'}) { # Next GID comes from LDAP only $newgid = $mconfig{'base_gid'}; while(&check_gid_used($ldap, $newgid)) { $newgid++; } $gidfield = &ui_textbox("gid", $newgid, 10); } else { $gidfield = &ui_textbox("gid", $gid, 10); } print &ui_table_row($text{'gedit_gid'}, $gidfield); # Group password (rarely used, but..) print &ui_table_row($text{'pass'}, &ui_radio_table("passmode", $pass eq "" ? 0 : 1, [ [ 0, $text{'none2'} ], [ 1, $text{'encrypted'}, &ui_textbox("encpass", $pass, 20) ], [ 2, $text{'clear'}, &ui_textbox("pass", undef, 15) ] ])); # Member chooser if ($config{'membox'} == 0) { # Nicer left/right chooser print &ui_table_row($text{'gedit_members'}, &ui_multi_select("members", [ map { [ $_, $_ ] } @members ], [ map { [ $_->{'user'}, $_->{'user'} ] } @ulist ], 10, 1, 0, $text{'gedit_allu'}, $text{'gedit_selu'}, 150)); } else { # Text box print &ui_table_row($text{'gedit_members'}, &ui_textarea("members", join("\n", @members), 5, 30)); } print &ui_table_end(); # Show extra fields (if any) &extra_fields_input($config{'group_fields'}, $ginfo); # Show capabilties section print &ui_table_start($text{'gedit_cap'}, "width=100%", 4, [ "width=30%" ]); # Samba group? print &ui_table_row($text{'gedit_samba'}, &ui_yesno_radio("samba", $oclass{$samba_group_class})); print &ui_table_end(); # Show section for on-save or on-creation options if (!$in{'new'}) { print &ui_table_start($text{'onsave'}, "width=100%", 2, [ "width=30%" ]); # Change GID on save print &ui_table_row($text{'chgid'}, &ui_radio("chgid", 0, [ [ 0, $text{'no'} ], [ 1, $text{'gedit_homedirs'} ], [ 2, $text{'gedit_allfiles'} ] ])); # Update in other modules? print &ui_table_row($text{'gedit_mothers'}, &ui_radio("others", $mconfig{'default_other'}, [ [ 1, $text{'yes'} ], [ 0, $text{'no'} ] ])); print &ui_table_end(); } else { print &ui_table_start($text{'uedit_oncreate'}, "width=100%", 2, [ "width=30%" ]); # Create in other modules? print &ui_table_row($text{'gedit_cothers'}, &ui_radio("others", $mconfig{'default_other'}, [ [ 1, $text{'yes'} ], [ 0, $text{'no'} ] ])); print &ui_table_end(); } # Save/delete/create buttons if (!$in{'new'}) { print &ui_form_end([ [ undef, $text{'save'} ], [ 'raw', $text{'uedit_raw'} ], [ 'delete', $text{'delete'} ], ]); } else { print &ui_form_end([ [ undef, $text{'create'} ] ]); } &ui_print_footer("index.cgi?mode=groups", $text{'index_greturn'}); ldap-useradmin/config-*-linux0000664000567100000120000000063011220733746016125 0ustar jcameronwheelauth_ldap=/etc/pam_ldap/auth_ldap.conf imap_login=cyrus samba_class=sambaAccount imap_class=SuSEeMailObject imap_folders=old public sent-mail md5=0 given=0 slappasswd=slappasswd samba_def=0 imap_def=0 multi_fields=0 mailfmt=0 shells=fixed,ldap,passwd,shells secmode=0 imap_folderalt=1 samba_gclass=sambaGroup alias_same=0 given_class=inetOrgPerson person=1 given_order=0 imap_foldersep=. ldap_tls=0 membox=0 ldap-useradmin/batch_exec.cgi0000775000567100000120000003712011220733746016231 0ustar jcameronwheel#!/usr/local/bin/perl # batch_exec.cgi # Execute create/modify/delete commands in a batch file require './ldap-useradmin-lib.pl'; $access{'batch'} || &error($text{'batch_ecannot'}); if ($ENV{'REQUEST_METHOD'} eq 'GET') { &ReadParse(); } else { &ReadParseMime(); } if ($in{'source'} == 0) { $data = $in{'file'}; $data =~ /\S/ || &error($text{'batch_efile'}); } elsif ($in{'source'} == 1) { open(LOCAL, $in{'local'}) || &error($text{'batch_elocal'}); while() { $data .= $_; } close(LOCAL); } elsif ($in{'source'} == 2) { $data = $in{'text'}; $data =~ /\S/ || &error($text{'batch_etext'}); } &ui_print_unbuffered_header(undef, $text{'batch_title'}, ""); $ldap = &ldap_connect(); $schema = $ldap->schema(); $pft = $schema->attribute("shadowLastChange") ? 2 : 0; &lock_user_files(); # Work out a good base UID for new users $newuid = $mconfig{'base_uid'}; $newgid = $mconfig{'base_gid'}; @glist = &list_groups(); # Process the file $lnum = $created = $modified = $deleted = 0; print "
\n";
LINE: foreach $line (split(/[\r\n]+/, $data)) {
	$lnum++;
	$line =~ s/^\s*#.*$//;
	next if ($line !~ /\S/);
	local @line = split(/:/, $line, -1);
	local %user;
	if ($line[0] eq 'create') {
		# Creating a new user
		local @attrs;
		if ($pft == 2) {
			# SYSV-style passwd and shadow information
			if (@line < 13) {
				print &text('batch_elen', $lnum, 13),"\n";
				next;
				}
			$user{'min'} = $line[8];
			$user{'max'} = $line[9];
			$user{'warn'} = $line[10];
			$user{'inactive'} = $line[11];
			$user{'expire'} = $line[12];
			$user{'change'} = $line[2] eq '' ? '' :
						int(time() / (60*60*24));
			@attrs = @line[13 .. $#line];
			}
		else {
			# Classic passwd file information
			if (@line < 8) {
				print &text('batch_elen', $lnum, 8),"\n";
				next;
				}
			@attrs = @line[9 .. $#line];
			}

		# Parse common fields
		if (!$line[1]) {
			print &text('batch_eline', $lnum),"\n";
			next;
			}
		$user{'user'} = $line[1];
		$err = &useradmin::check_username_restrictions($user{'user'});
		if ($err) {
			print &text('batch_echeck', $lnum, $err),"\n";
			next;
			}
		if (&check_user_used($ldap, $user{'user'})) {
			print &text('batch_euser', $lnum, $user{'user'}),"\n";
			next;
			}
		if ($line[3] !~ /^\d+$/) {
			# make up a UID
			while(&check_uid_used($ldap, $newuid) ||
			      $mconfig{'new_user_gid'} &&
			      &check_gid_used($ldap, $newuid)) {
				$newuid++;
				}
			$user{'uid'} = $newuid;
			}
		else {
			# use the given UID
			if (&check_uid_used($ldap, $line[3])) {
				print &text('batch_ecaccess', $lnum,
					    $text{'usave_euidused2'}),"\n";
				next;
				}
			$user{'uid'} = $line[3];
			}
		if (!-r $line[7]) {
			print &text('batch_eshell', $lnum, $line[7]),"\n";
			next;
			}
		$user{'shell'} = $line[7];
		$user{'real'} = $line[5];
		local @gids = split(/[ ,]+/, $line[4]);
		$user{'gid'} = $gids[0];
		local $grp = &all_getgrgid($gids[0]);

		if ($line[6] eq '' && $mconfig{'home_base'}) {
			# Choose home dir automatically
			$user{'home'} = &auto_home_dir(
				$mconfig{'home_base'}, $user{'user'}, $user{'gid'});
			}
		elsif ($line[6] !~ /^\//) {
			print &text('batch_ehome', $lnum,$line[6]),"\n";
			next;
			}
		else {
			# Use given home dir
			$user{'home'} = $line[6];
			}

		# Work out secondary group membership
		local @secs;
		if (@gids > 1) {
			local $i;
			for($i=1; $i<@gids; $i++) {
				local ($group) =
				    grep { $_->{'gid'} eq $gids[$i] } @glist;
				push(@secs, $group) if ($group);
				}
			}

		# Work out password
		if ($in{'crypt'}) {
			$user{'pass'} = $line[2];
			$user{'passmode'} = 2;
			}
		elsif ($line[2] eq 'x') {
			# No login allowed
			$user{'pass'} = $mconfig{'lock_string'};
			$user{'passmode'} = 1;
			}
		elsif ($line[2] eq '') {
			# No password needed
			$user{'pass'} = '';
			$user{'passmode'} = 0;
			}
		else {
			# Normal password
			$user{'pass'} = &encrypt_password($line[2]);
			$user{'passmode'} = 3;
			$user{'plainpass'} = $line[2];
			}

		$user{'ldap_attrs'} ||= [ ];
		if ($in{'samba'}) {
			# Add Samba-specific properties
			push(@{$user{'ldap_class'}}, $config{'samba_class'});
			&samba_properties(1, \%user, $user{'passmode'},
					  $user{'plainpass'}, $schema,
					  $user{'ldap_attrs'}, $ldap);
			}

		# Add extra LDAP attrs
		foreach $a (@attrs) {
			next if (!$a);
			if ($a =~ /^([^=]+)=(.*)/) {
				push(@{$user{'ldap_attrs'}}, $1, $2);
				}
			else {
				print &text('batch_eattr', $lnum, $a),"\n";
				next LINE;
				}
			}

		# Run the before command
		&set_user_envs(\%user, 'CREATE_USER', $user{'plainpass'},
			       [ map { $_->{'gid'} } @secs ]);
		$merr = &making_changes();
		&error(&text('usave_emaking', "$merr"))
			if (defined($merr));

		if ($user{'gid'} !~ /^\d+$/) {
			# Need to create a new group for the user
			if (&check_group_used($ldap, $user{'user'})) {
				print &text('batch_egtaken', $lnum,
					    $user{'user'}),"\n";
				next;
				}

			if ($mconfig{'new_user_gid'}) {
				$newgid = $user{'uid'};
				}
			else {
				while(&check_gid_used($ldap, $newgid)) {
					$newgid++;
					}
				}
			local %group;
			$group{'group'} = $user{'user'};
			$user{'gid'} = $group{'gid'} = $newgid;
			&create_group(\%group);
			}

		# Create home directory
		if ($in{'makehome'} && !-d $user{'home'}) {
			&lock_file($user{'home'});
			if (!mkdir($user{'home'}, oct($mconfig{'homedir_perms'}))) {
				print &text('batch_emkdir', $user{'home'}, $!),"\n";
				}
			chmod(oct($mconfig{'homedir_perms'}), $user{'home'});
			chown($user{'uid'}, $user{'gid'}, $user{'home'});
			&unlock_file($user{'home'});
			}

		# Create the user!
		&create_user(\%user);

		# Add user to some secondary groups
		local $group;
		foreach $group (@secs) {
			local @mems = split(/,/ , $group->{'members'});
			push(@mems, $user{'user'});
			$group->{'members'} = join(",", @mems);
			&modify_group($group, $group);
			}

		# Re-get the new user object
		$base = &get_user_base();
		$newdn = "uid=$user{'user'},$base";
		$rv = $ldap->search(base => $newdn,
				    scope => 'base',
				    filter => '(&(objectClass=posixAccount))');
		($uinfo) = $rv->all_entries;
		%user = &dn_to_hash($uinfo);

		# Call the post command
		&set_user_envs(\%user, 'CREATE_USER', $user{'plainpass'},
			       [ map { $_->{'gid'} } @secs ]);
		&made_changes();

		# Call other modules, ignoring any failures
		$error_must_die = 1;
		eval {
			&other_modules("useradmin_create_user", \%user)
				if ($in{'others'});
			};
		$other_err = $@;
		$error_must_die = 0;

		if ($in{'copy'} && $in{'makehome'}) {
			# Copy files to user's home directory
			local $uf = $mconfig{'user_files'};
			local $shell = $user{'shell'}; $shell =~ s/^(.*)\///g;
			if ($group = &all_getgrgid($user{'gid'})) {
				$uf =~ s/\$group/$group/g;
				}
			$uf =~ s/\$gid/$user{'gid'}/g;
			$uf =~ s/\$shell/$shell/g;
			&useradmin::copy_skel_files($uf, $user{'home'},
					 $user{'uid'}, $user{'gid'});
			}

		print "",&text('batch_created',$user{'user'}),"\n";
		print "",&text('batch_eother', $other_err),"\n"
			if ($other_err);
		$created++;
		}
	elsif ($line[0] eq 'delete') {
		# Deleting an existing user
		if (@line != 2) {
			print &text('batch_elen', $lnum, 2),"\n";
			next;
			}
		local @ulist = &list_users();
		local ($user) = grep { $_->{'user'} eq $line[1] } @ulist;
		if (!$user) {
			print &text('batch_enouser', $lnum, $line[1]),"\n";
			next;
			}
		if (!$mconfig{'delete_root'} && $user->{'uid'} <= 10) {
			print &text('batch_edaccess', $lnum,
				    $text{'udel_eroot'}),"\n";
			next;
			}

		# Run the before command
		&set_user_envs($user, 'DELETE_USER', undef,
			       [ &secondary_groups($user->{'user'}) ]);
		$merr = &making_changes();
		&error(&text('usave_emaking', "$merr"))
			if (defined($merr));

		# Delete from other modules, ignoring errors
		$error_must_die = 1;
		eval {
			&other_modules("useradmin_delete_user", $user)
				if ($in{'others'});
			};
		$other_err = $@;
		$error_must_die = 0;

		# Delete the user entry
		&delete_user($user);

		# Delete the user from groups
		foreach $g (&list_groups()) {
			@mems = split(/,/, $g->{'members'});
			$idx = &indexof($user->{'user'}, @mems);
			if ($idx >= 0) {
				splice(@mems, $idx, 1);
				%newg = %$g;
				$newg{'members'} = join(',', @mems);
				&modify_group($g, \%newg);
				}
			$mygroup = $g if ($g->{'group'} eq $user->{'user'});
			}

		# Delete the user's group
		if ($mygroup && !$mygroup->{'members'}) {
			local $another;
			foreach $ou (&list_users()) {
				$another++
					if ($ou->{'gid'} == $mygroup->{'gid'});
				}
			if (!$another) {
				&delete_group($mygroup);
				}
			}
		&made_changes();

		# Delete his addressbook entry
		if ($config{'addressbook'}) {
			&delete_ldap_subtree($ldap,
				"ou=$user->{'user'}, $config{'addressbook'}");
			}

		# Delete his home directory
		if ($in{'delhome'} && $user->{'home'} !~ /^\/+$/) {
			if ($mconfig{'delete_only'}) {
				&lock_file($user->{'home'});
				&system_logged("find \"$user->{'home'}\" ! -type d -user $user->{'uid'} | xargs rm -f >/dev/null 2>&1");
				&system_logged("find \"$user->{'home'}\" -type d -user $user->{'uid'} | xargs rmdir >/dev/null 2>&1");
				rmdir($user->{'home'});
				&unlock_file($user->{'home'});
				}
			else {
				&system_logged("rm -rf \"$user->{'home'}\" >/dev/null 2>&1");
				}
			}

		print "",&text('batch_deleted',$user->{'user'}),"\n";
		print "",&text('batch_eother', $other_err),"\n"
			if ($other_err);
		$deleted++;
		}
	elsif ($line[0] eq 'modify') {
		# Modifying an existing user
		local $wlen = $pft == 5 ? 11 :
			      $pft == 4 ? 13 :
			      $pft == 2 ? 14 :
			      $pft == 1 || $pft == 6 ? 12 : 9;
		if (@line < $wlen) {
			print &text('batch_elen', $lnum, $wlen),"\n";
			next;
			}
		local @attrs = @line[$wlen .. $#line];
		local @ulist = &list_users();
		local ($user) = grep { $_->{'user'} eq $line[1] } @ulist;
		if (!$user) {
			print &text('batch_enouser', $lnum, $line[1]),"\n";
			next;
			}
		%olduser = %user = %$user;
		$user{'olduser'} = $user->{'user'};

		# Update supplied fields
		$user{'user'} = $line[2] if ($line[2] ne '');
		if ($in{'crypt'} && $line[3] ne '') {
			# Changing to pre-encrypted password
			$user{'pass'} = $line[3];
			$user{'passmode'} = 2;
			}
		elsif ($line[3] eq 'x') {
			# No login allowed
			$user{'pass'} = $mconfig{'lock_string'};
			$user{'passmode'} = 1;
			}
		elsif ($line[3] ne '') {
			# Normal password
			$user{'pass'} = &encrypt_password($line[3]);
			$user{'passmode'} = 3;
			$user{'plainpass'} = $line[3];
			}
		else {
			# No change
			$user{'passmode'} = 4;
			}
		$user{'uid'} = $line[4] if ($line[4] ne '');
		$user{'gid'} = $line[5] if ($line[5] ne '');
		$user{'real'} = $line[6] if ($line[6] ne '');
		$user{'home'} = $line[7] if ($line[7] ne '');
		$user{'shell'} = $line[8] if ($line[8] ne '');

		if ($pft == 2) {
			# SYSV-style passwd and shadow information
			$user{'min'}=$line[9] if ($line[9] ne '');
			$user{'max'}=$line[10] if ($line[10] ne '');
			$user{'warn'}=$line[11] if ($line[11] ne '');
			$user{'inactive'}=$line[12]
				if ($line[12] ne '');
			$user{'expire'}=$line[13] if ($line[13] ne '');
			$user{'change'}=int(time() / (60*60*24))
				if ($line[3] ne '');
			}

		# Work out Samba properties
		$wassamba = &indexof($config{'samba_class'},
				     @{$user{'ldap_class'}}) >= 0;
		$user{'ldap_attrs'} ||= [ ];
		if ($wassamba) {
			# Need to update Samba attributes
			&samba_properties(0, \%user, $user{'passmode'},
					  $user{'plainpass'}, $schema,
					  $user{'ldap_attrs'});
			}

		# Set extra LDAP attrs
		foreach $a (@attrs) {
			next if (!$a);
			if ($a =~ /^([^=]+)=(.*)/) {
				push(@{$user{'ldap_attrs'}}, $1, $2);
				}
			else {
				print &text('batch_eattr', $lnum, $a),"\n";
				next LINE;
				}
			}

		# Run the before command
		&set_user_envs(\%user, 'MODIFY_USER', $user{'plainpass'},
			       [ &secondary_groups($user{'user'}) ]);
		$merr = &making_changes();
		&error(&text('usave_emaking', "$merr"))
			if (defined($merr));

		# Move home directory if needed
		if ($olduser{'home'} ne $user{'home'} && $in{'movehome'} &&
		    $user{'home'} ne '/' && $olduser{'home'} ne '/') {
			if (-d $olduser{'home'} && !-e $user{'home'}) {
				local $out = &backquote_logged(
					"mv \"$olduser{'home'}\" ".
					"\"$user{'home'}\" 2>&1");
				if ($?) { &error(&text('batch_emove',
						 $lnum, $out)); }
				}
			}

		# Change UIDs and GIDs
		if ($olduser{'gid'} != $user{'gid'} && $in{'chgid'}) {
			if ($in{'chgid'} == 1) {
				&useradmin::recursive_change(
					$user{'home'}, $olduser{'uid'},
					$olduser{'gid'}, -1, $user{'gid'});
				}
			else {
				&useradmin::recursive_change(
					"/", $olduser{'uid'},
					$olduser{'gid'}, -1, $user{'gid'});
				}
			}
		if ($olduser{'uid'} != $user{'uid'} && $in{'chuid'}) {
			if ($in{'chuid'} == 1) {
				&useradmin::recursive_change(
					$user{'home'}, $olduser{'uid'},
					-1, $user{'uid'}, -1);
				}
			else {
				&useradmin::recursive_change(
					"/", $olduser{'uid'},
					-1, $user{'uid'}, -1);
				}
			}

		# Actually modify the user
		&modify_user(\%olduser, \%user);

		# If the user has been renamed, update any secondary groups
		if ($olduser{'user'} ne $user{'user'}) {
			foreach $group (@glist) {
				local @mems = split(/,/, $group->{'members'});
				local $idx = &indexof($olduser{'user'}, @mems);
				if ($idx >= 0) {
					$mems[$idx] = $user{'user'};
					$group->{'members'} = join(",", @mems);
					&modify_group($group, $group);
					}
				}
			}

		&made_changes();

		# Modify in other modules, ignoring errors
		$error_must_die = 1;
		eval {
			&other_modules("useradmin_modify_user",
				       \%user, \%olduser)
				if ($in{'others'});
			};
		$error_must_die = 0;
		$other_err = $@;

		print "",&text('batch_modified',$olduser{'user'}),"\n";
		print "",&text('batch_eother', $other_err),"\n"
			if ($other_err);
		$modified++;
		}
	else {
		print &text('batch_eaction', $lnum, $line[0]),"\n";
		next;
		}
	}
print "
\n"; &unlock_user_files(); &webmin_log("batch", undef, $in{'source'} == 1 ? $in{'local'} : undef, { 'created' => $created, 'modified' => $modified, 'deleted' => $deleted, 'lnum' => $lnum } ); &ui_print_footer("batch_form.cgi", $text{'batch_return'}, "", $text{'index_return'}); # check_user(\%user, [\%olduser]) # Check access control restrictions for a user sub check_user { # check if uid is within range if ($access{'lowuid'} && $_[0]->{'uid'} < $access{'lowuid'}) { return &text('usave_elowuid', $access{'lowuid'}); } if ($access{'hiuid'} && $_[0]->{'uid'} > $access{'hiuid'}) { return &text('usave_ehiuid', $access{'hiuid'}); } if ($_[1] && !$access{'uuid'} && $_[1]->{'uid'} != $_[0]->{'uid'}) { return $text{'usave_euuid'}; } # make sure home dir is under the allowed root if (!$access{'autohome'}) { $al = length($access{'home'}); if (length($_[0]->{'home'}) < $al || substr($_[0]->{'home'}, 0, $al) ne $access{'home'}) { return &text('usave_ehomepath', $_[0]->{'home'}); } } # check for invalid shell if ($access{'shells'} ne '*' && &indexof($_[0]->{'shell'}, split(/\s+/, $access{'shells'})) < 0) { return &text('usave_eshell', $_[0]->{'shell'}); } # check for invalid primary group (unless one is dynamically assigned) if ($user{'gid'} ne '') { local $ng = &all_getgrgid($_[0]->{'gid'}); local $ni = &can_use_group(\%access, $ng); if ($_[1]) { if ($_[1]->{'gid'} != $_[0]->{'gid'}) { local $og = &all_getgrgid($_[1]->{'gid'}); local $oi = &can_use_group(\%access, $og); if (!$ni) { return &text('usave_eprimary', $ng); } if (!$oi) { return &text('usave_eprimaryr', $og); } } } else { return &text('usave_eprimary', $ng) if (!$ni); } } return undef; } sub secondary_groups { local @secs; foreach $g (@glist) { @mems = split(/,/, $g->{'members'}); if (&indexof($_[0], @mems) >= 0) { push(@secs, $g->{'gid'}); } } return @secs; } ldap-useradmin/mass_delete_group.cgi0000755000567100000120000000406211220733746017642 0ustar jcameronwheel#!/usr/local/bin/perl # Delete multiple groups require './ldap-useradmin-lib.pl'; &ReadParse(); %glist = map { $_->{'group'}, $_ } &list_groups(); &error_setup($text{'gmass_err'}); foreach $name (split(/\0/, $in{'gd'})) { $group = $glist{$name}; if ($group) { &can_edit_group(\%access, $group) || &error(&text('gmass_egroup', $name)); push(@dlist, $group); } } @dlist || &error($text{'gmass_enone'}); &ui_print_header(undef, $text{'gmass_title'}, ""); if ($in{'confirmed'}) { foreach $group (@dlist) { # Show username print "",&text('gmass_doing', $group->{'group'}), "
\n"; print "\n"; } &webmin_log("delete", "group", $group->{'group'}, $group); &ui_print_footer("", $text{'index_return'}); } else { foreach $group (@dlist) { # check if this is anyone's primary group foreach $u (&list_users()) { if ($u->{'gid'} == $group->{'gid'}) { print "",&text('gmass_eprimary', $group->{'group'}, $u->{'user'}), "

\n"; &ui_print_footer("", $text{'index_return'}); exit; } } } # Ask if the user is sure print &ui_confirmation_form( "mass_delete_group.cgi", &text('gmass_sure', scalar(@dlist)), [ map { [ "gd", $_->{'group'} ] } @dlist ], [ [ "confirmed", $text{'gdel_del'} ] ], &ui_checkbox("others", 1, $text{'gdel_dothers'}, $mconfig{'default_other'}), ); &ui_print_footer("", $text{'index_return'}); } ldap-useradmin/config-debian-linux0000664000567100000120000000061611220733746017222 0ustar jcameronwheelauth_ldap=/usr/share/libnss-ldap/ldap.conf imap_login=cyrus samba_class=sambaSamAccount imap_class=SuSEeMailObject imap_folders=old public sent-mail md5=0 given=0 slappasswd=slappasswd samba_def=0 imap_def=0 multi_fields=0 mailfmt=0 shells=fixed,ldap,passwd,shells secmode=0 samba_gclass=sambaGroup alias_same=0 given_class=inetOrgPerson person=1 given_order=0 imap_foldersep=. ldap_tls=0 membox=0 ldap-useradmin/module.info0000664000567100000120000000060311220733746015613 0ustar jcameronwheeldesc=LDAP Users and Groups category=system depends=useradmin ldap-client longdesc=Manage users and groups stored in an LDAP database, used for Unix, Samba and Cyrus IMAP authentication. desc_ca=Usuaris i Grups LDAP desc_de=LDAP Nutzer und Gruppen os_support=!windows desc_es=Usuarios y Grupos LDAP cpan=1 desc_cz=LDAP u¾ivatelé a skupiny desc_nl=LDAP Gebruikers en Groepen version=1.481 ldap-useradmin/save_user.cgi0000775000567100000120000005557411220733746016155 0ustar jcameronwheel#!/usr/local/bin/perl # save_user.cgi # Create, update or delete an LDAP user require './ldap-useradmin-lib.pl'; use Time::Local; &ReadParse(); $ldap = &ldap_connect(); $schema = $ldap->schema(); &lock_user_files(); if (!$in{'new'}) { # Get existing user $rv = $ldap->search(base => $in{'dn'}, scope => 'base', filter => '(&(objectClass=posixAccount))'); ($uinfo) = $rv->all_entries; $uinfo || &error($text{'usave_egone'}); %ouser = &dn_to_hash($uinfo); &can_edit_user(\%ouser) || &error($text{'usave_eedit'}); } else { $access{'ucreate'} || &error($text{'usave_ecreate'}); } if ($in{'mailboxes'}) { # Just re-direct to mailboxes page &redirect("../mailboxes/list_mail.cgi?user=$ouser{'user'}"); exit; } elsif ($in{'switch'}) { # Just re-direct to Usermin switch user program &redirect("../usermin/switch.cgi?user=$ouser{'user'}"); exit; } elsif ($in{'delete'}) { # Delete the user .. but ask first! &ui_print_header(undef, $text{'udel_title'}, ""); $home = $uinfo->get_value("homeDirectory"); $user = $uinfo->get_value("uid"); if ($in{'confirm'}) { # Run the before command %uhash = &dn_to_hash($uinfo); &set_user_envs(\%uhash, 'DELETE_USER', undef, undef); $merr = &making_changes(); &error(&text('usave_emaking', "$merr")) if (defined($merr)); # Work out old classes @classes = $uinfo->get_value("objectClass"); @cyrus_class_2 = split(' ',$cyrus_class); $wascyrus = &indexof($cyrus_class_2[0], @classes) >= 0; # Delete from other modules %user = &dn_to_hash($uinfo); if ($in{'others'}) { print "$text{'udel_other'}
\n"; &useradmin::other_modules("useradmin_delete_user", \%user); print "$text{'udel_done'}

\n"; } # Delete from any groups print "$text{'udel_groups'}
\n"; $base = &get_group_base(); $rv = $ldap->search(base => $base, filter => '(&(objectClass=posixGroup))'); foreach $g ($rv->all_entries) { local @mems = $g->get_value("memberUid"); local $idx = &indexof($user, @mems); if ($idx >= 0) { # Take out of this group splice(@mems, $idx, 1); $rv = $ldap->modify($g->dn(), replace => { 'memberUid' => \@mems }); if ($rv->code) { &error(&text('usave_emodgroup', $g->get_value('cn'), $rv->error)); } } } print "$text{'udel_done'}

\n"; # Delete from the LDAP db print "$text{'udel_pass'}
\n"; $rv = $ldap->delete($in{'dn'}); if ($rv->code) { &error(&text('usave_edelete', $rv->error)); } print "$text{'udel_done'}

\n"; # Delete his addressbook entry if ($config{'addressbook'} && $wascyrus) { print "$text{'udel_book'}
\n"; $err = &delete_addressbook(); if ($err) { print &text('udel_failed', $err),"

\n"; } else { print "$text{'udel_done'}

\n"; } } # Delete his home directory if ($in{'delhome'}) { print "$text{'udel_home'}
\n"; $home = $uinfo->get_value("homeDirectory"); if (-d $home && $home ne "/") { local $realhome = &resolve_links($home); local $qhome = quotemeta($realhome); system("rm -rf $qhome >/dev/null 2>&1"); unlink($home); # in case of links } print "$text{'udel_done'}

\n"; # Delete his IMAP mailbox only if home gets deleted, too if ($config{'imap_host'}) { print "$text{'udel_imap'}
\n"; $imap = &imap_connect(); $rv = $imap->delete("user".$config{'imap_foldersep'}. $uinfo->get_value("uid")); $imap->logout(); print "$text{'udel_done'}

\n"; } } &made_changes(); %p = ( %in, %user ); &webmin_log("delete", "user", $user{'user'}, \%p); } else { # Show confirmation page if ($home ne "/" && -d $home) { # With option to delete home $size = &nice_size(&disk_usage_kb($home)*1024); $msg = &text('udel_sure', $user, $home, $size); @buts = ( [ undef, $text{'udel_del1'} ], [ "delhome", $text{'udel_del2'} ] ); } else { # Without home $msg = &text('udel_sure2', $user); @buts = ( [ undef, $text{'udel_del1'} ] ); } print &ui_confirmation_form( "save_user.cgi", $msg, [ [ "dn", $in{'dn'} ], [ "confirm", 1 ], [ "delete", 1 ] ], \@buts, &ui_checkbox("others", 1, $text{'udel_dothers'}, $mconfig{'default_other'}), $user eq 'root' ? "$text{'udel_root'}" : "" ); } $ldap->unbind(); &ui_print_footer("", $text{'index_return'}); exit; } elsif ($in{'raw'}) { # Show all LDAP attributes for user &redirect("raw.cgi?user=1&dn=".&urlize($in{'dn'})); exit; } else { # Validate inputs &error_setup($text{'usave_err'}); $in{'user'} =~ /^[^:\t]+$/ || &error(&text('usave_ebadname', $in{'user'})); $in{'user'} =~ s/\r//g; $in{'real'} || &error($text{'usave_ereal'}); @users = split(/\n/, $in{'user'}); $user = $users[0]; $in{'uid'} =~ /^\-?[0-9]+$/ || &error(&text('usave_euid', $in{'uid'})); $uid = $in{'uid'}; $in{'real'} =~ /^[^:]*$/ || &error(&text('usave_ereal', $in{'real'})); $firstname = $in{'firstname'}; $lastname = $in{'lastname'}; $real = $in{'real'}; $shell = $in{'shell'} eq '*' ? $in{'othersh'} : $in{'shell'}; if ($in{'new'}) { &check_user_used($ldap, $user) && &error(&text('usave_einuse', $user)); } # Check for UID clash if ($in{'new'} && !$access{'umultiple'}) { &check_uid_used($ldap, $uid) && &error($text{'usave_euidused2'}); } # Validate IMAP quota $quota = undef; if ($config{'quota_support'} && !$in{'quota_def'} && defined($in{'quota'})) { $in{'quota'} =~ /^\d+$/ || &error($text{'usave_equota'}); $quota = $in{'quota'}; } # Compute and validate home directory if ($access{'autohome'}) { if ($in{'new'} || $ouser{'user'} ne $user) { $home = &auto_home_dir($access{'home'}, $user, $grp); } else { $home = $ouser{'home'}; } } elsif ($mconfig{'home_base'} && $in{'home_base'}) { $home = &auto_home_dir($mconfig{'home_base'}, $user); } else { $home = $in{'home'}; $home =~ /^\// || &error(&text('usave_ehome', $home)); } if (!$access{'autohome'}) { $home =~ /^\// || &error(&text('usave_ehome', $home)); $al = length($access{'home'}); if (length($home) < $al || substr($home, 0, $al) ne $access{'home'}) { &error(&text('usave_ehomepath', $home)); } } local $pfx = $config{'md5'} == 1 || $config{'md5'} == 3 ? "{md5}" : $config{'md5'} == 4 ? "{ssha}" : $config{'md5'} == 0 ? "{crypt}" : ""; if ($in{'passmode'} == 0) { # Password is blank if (!$mconfig{'empty_mode'}) { local $err = &useradmin::check_password_restrictions( "", $user); &error($err) if ($err); } $pass = ""; } elsif ($in{'passmode'} == 1) { # Password is locked $pass = $mconfig{'lock_string'}; } elsif ($in{'passmode'} == 2) { # Specific encrypted password entered, or possibly no change $pass = $in{'encpass'}; $pass = $pfx.$pass if ($pass !~ /^\{[a-z0-9]+\}/i && $pfx); } elsif ($in{'passmode'} == 3) { # Normal password entered - check restrictions local $err = &useradmin::check_password_restrictions( $in{'pass'}, $user); &error($err) if ($err); $pass = $pfx.&encrypt_password($in{'pass'}); $plainpass = $in{'pass'}; } if ($in{'disable'} && ($in{'passmode'} == 2 || $in{'passmode'} == 3)) { $pass = $useradmin::disable_string.$pass; } if ($in{'gid'} =~ /^\d+$/) { $gid = $in{'gid'}; } else { $gid = &all_getgrnam($in{'gid'}); defined($gid) || &error(&text('usave_egid', $in{'gid'})); } # Build useradmin-style hash of user details local %uhash = ( 'user' => $user, 'uid' => $uid, 'gid' => $gid, 'group' => $in{'group'}, 'real' => $real, 'shell' => $shell, 'pass' => $pass, 'plainpass' => $plainpass, 'home' => $home, 'firstname' => $firstname, 'lastname' => $lastname ); if ($in{'new'}) { defined(&all_getpwnam($user)) && &error(&text('usave_einuse', $user)); if ($in{'passmode'} == 1 || $in{'passmode'} == 2) { if ($in{'cyrus'}) { &error($text{'usave_ecyruspass'}); } } # Run the pre-change command &set_user_envs(\%uhash, 'CREATE_USER', $in{'passmode'} == 3 ? $in{'pass'} : "", undef); $merr = &making_changes(); &error(&text('usave_emaking', "$merr")) if (defined($merr)); # Create home dir if (!-e $home && $in{'makehome'}) { &lock_file($home); mkdir($home, oct($mconfig{'homedir_perms'})) || &error(&text('usave_emkdir', $!)); chmod(oct($mconfig{'homedir_perms'}), $home) || &error(&text('usave_echmod', $!)); chown($uid, $gid, $home) || &error(&text('usave_echown', $!)); &unlock_file($home); } # Get configured properties for new users local @props = &split_props($config{'props'}, \%uhash); if ($in{'cyrus'}) { push(@props, &split_props($config{'imap_props'}, \%uhash)); } # Build Samba-related properties if ($in{'samba'}) { &samba_properties(1, \%uhash, $in{'passmode'}, $in{'pass'}, $schema, \@props, $ldap); } if ($in{'cyrus'}) { # Build mail-related properties &mail_props(); } # Add any extra LDAP fields &parse_extra_fields($config{'fields'}, \@props, \@rprops, $ldap); # Add shadow LDAP fields $shadow = &shadow_fields(); # Add to the ldap database @classes = ( "posixAccount", "shadowAccount" ); if ($schema && $schema->objectclass("person") && $config{'person'}) { push(@classes, "person"); } push(@classes, split(/\s+/, $config{'other_class'})); push(@classes, $samba_class) if ($in{'samba'}); push(@classes, split(' ',$cyrus_class)) if ($in{'cyrus'}); @classes = grep { /\S/ } @classes; # Remove empty &name_fields(); @classes = &unique(@classes); $base = &get_user_base(); $newdn = "uid=$user,$base"; @allprops = ( "cn" => $real, "uid" => \@users, "uidNumber" => $uid, "loginShell" => $shell, "homeDirectory" => $home, "gidNumber" => $gid, "userPassword" => $pass, "objectClass" => \@classes, @props ); if (&indexoflc("person", @classes) >= 0 && !&in_props(\@allprops, "sn")) { # Person needs an 'sn' too push(@allprops, "sn", $real); } $rv = $ldap->add($newdn, attr => \@allprops); if ($rv->code) { &error(&text('usave_eadd', $rv->error)); } if ($in{'cyrus'}) { if ($config{'addressbook'}) { # Create addressbook entry &setup_addressbook(\%uhash); } # Disconnect to save the changes $ldap->unbind(); undef($ldap); # Create imap account &setup_imap(\%uhash, $quota); # Re-connect for later LDAP operations $ldap = &ldap_connect(); } # Copy files into user's directory if ($in{'makehome'} && $mconfig{'user_files'}) { local $uf = $mconfig{'user_files'}; local $shell = $user{'shell'}; $shell =~ s/^(.*)\///g; $uf =~ s/\$group/$in{'gid'}/g; $uf =~ s/\$gid/$user{'gid'}/g; $uf =~ s/\$shell/$shell/g; &useradmin::copy_skel_files($uf, $home, $uid, $gid); } } else { # Modifying a user $olduser = $uinfo->get_value('uid'); if ($olduser ne $user) { defined(&all_getpwnam($user)) && &error(&text('usave_einuse', $user)); } # Work out old settings @classes = $uinfo->get_value("objectClass"); $wassamba = &indexof($samba_class, @classes) >= 0; @cyrus_class_2 = split(' ',$cyrus_class); $wascyrus = &indexof($cyrus_class_2[0], @classes) >= 0; if ($in{'passmode'} == 1 || $in{'passmode'} == 2) { if (!$wascyrus && $in{'cyrus'}) { &error($text{'usave_ecyruspass'}); } } # Run the pre-change command &set_user_envs(\%uhash, 'MODIFY_USER', $in{'passmode'} == 3 ? $in{'pass'} : "", undef); $merr = &making_changes(); &error(&text('usave_emaking', "$merr")) if (defined($merr)); # Rename home dir, if needed $oldhome = $uinfo->get_value("homeDirectory"); if ($home ne $oldhome && -d $oldhome && !-e $home && $in{'movehome'}) { $out = `mv '$oldhome' '$home' 2>&1`; if ($?) { &error(&text('usave_emove', $out)); } } # Change GID on files if needed $oldgid = $uinfo->get_value("gidNumber"); $olduid = $uinfo->get_value("uidNumber"); if ($oldgid != $gid && $in{'chgid'}) { if ($in{'chgid'} == 1) { &useradmin::recursive_change($home, $olduid, $oldgid, -1, $gid); } else { &useradmin::recursive_change("/", $olduid, $oldgid, -1, $gid); } } # Change UID on files if needed if ($olduid != $uid && $in{'chuid'}) { if ($in{'chuid'} == 1) { &useradmin::recursive_change($home, $olduid, -1, $uid, -1); } else { &useradmin::recursive_change("/", $olduid, -1, $uid, -1); } } # Get properties for modified users local @props = &split_props($config{'mod_props'}, \%uhash); # Work out samba-related property changes $oldpass = $uinfo->get_value('userPassword'); if ($in{'samba'}) { # Is a samba user .. add or update props $passmode = $in{'passmode'}; if ($passmode == 2 && $wassamba && $in{'encpass'} eq $oldpass) { # Not being changed $passmode = 4; } &samba_properties(!$wassamba, \%uhash, $passmode, $in{'pass'}, $schema, \@props, $ldap); } elsif ($wassamba) { # Is no longer a samba user .. take away standard # samba properties &samba_removes(\%uhash, $schema, \@rprops); } # Work out imap-related property changes if ($in{'cyrus'}) { &mail_props(); } if ($in{'cyrus'} && !$wascyrus) { # Add any extra properties for IMAP users push(@props, &split_props($config{'imap_props'})); } elsif (!$in{'cyrus'} && $wascyrus) { # Take away properties for IMAP users push(@rprops, &split_first($config{'imap_props'})); &delete_mail_props(); } # Add or update any extra LDAP fields &parse_extra_fields($config{'fields'}, \@props, \@rprops, $ldap, $in{'dn'}); # Add or update shadow LDAP fields $shadow = &shadow_fields(); # Update the ldap database if ($in{'samba'}) { push(@classes, $samba_class); } else { @classes = grep { $_ ne $samba_class } @classes; } if ($in{'cyrus'}) { push(@classes, split(' ',$cyrus_class)); } else { @cyrus_class_4 = split(' ',$cyrus_class); foreach $one_cyrus_class (@cyrus_class_4) { @classes = grep { $_ ne $one_cyrus_class } @classes; } } push(@classes, "shadowAccount") if ($shadow); &name_fields(); @classes = &unique(@classes); @classes = grep { /\S/ } @classes; # Remove empty @rprops = grep { defined($uinfo->get_value($_)) } @rprops; if ($olduser ne $user) { # Need to rename the LDAP dn itself, first $renaming = 1; $base = &get_user_base(); $newdn = "uid=$user,$base"; $rv = $ldap->moddn($in{'dn'}, newrdn => "uid=$user"); if ($rv->code) { &error(&text('usave_emoddn', $rv->error)); } } else { $newdn = $in{'dn'}; } # Change the user's properties %allprops = ( "cn" => $real, "uid" => \@users, "uidNumber" => $uid, "loginShell" => $shell, "homeDirectory" => $home, "gidNumber" => $gid, "userPassword" => $pass, "objectClass" => \@classes, @props ); if (&indexoflc("person", @classes) >= 0 && !$allprops{'sn'}) { # Person needs 'sn' $allprops{'sn'} = $real; } $rv = $ldap->modify($newdn, 'replace' => \%allprops, 'delete' => \@rprops); if ($rv->code) { &error(&text('usave_emod', $rv->error)); } if ($olduser ne $user) { # Check if an addressbook dn exists local $olda = "ou=$olduser, $config{'addressbook'}"; $rv = $ldap->search(base => $olda, scope => 'base', filter => '(&(objectClass=organizationalUnit))'); ($oldbook) = $rv->all_entries; if ($oldbook) { # Need to rename the addressbook dn $rv = $ldap->modify($olda, replace => { "ou" => $user }); if ($rv->code) { &error(&text('usave_emodbook', $rv->error)); } $rv = $ldap->moddn($olda, newrdn => "ou=$user"); if ($rv->code) { &error(&text('usave_emodbookdn', $rv->error)); } } } if ($in{'cyrus'} && !$wascyrus) { # Adding IMAP support if ($config{'addressbook'}) { # Create addressbook entry &setup_addressbook(); } # Setup the imap account as well &setup_imap(\%uhash, $quota); } elsif (!$in{'cyrus'} && $wascyrus) { # Removing IMAP support if ($config{'addressbook'}) { # Delete addressbook entry &delete_addressbook(); } } elsif ($in{'cyrus'} && $wascyrus) { # Changing IMAP support if (!$in{'quota_def'} && $config{'quota_support'}) { &set_imap_quota(\%uhash, $in{'quota'}); } } } if ($config{'secmode'} != 1) { # Update any groups that the user has been added to/removed from @sgnames = $config{'secmode'} == 2 ? split(/\s+/, $in{'sgid'}) : split(/\r?\n/, $in{'sgid'}); foreach $gname (@sgnames) { $ingroup{$gname}++; } $base = &get_group_base(); $rv = $ldap->search(base => $base, filter => '(&(objectClass=posixGroup))'); foreach $g ($rv->all_entries) { local @mems = $g->get_value("memberUid"); local $gname = $g->get_value("cn"); if ($renaming) { local $idx = &indexof($olduser, @mems); if ($ingroup{$gname} && $idx<0) { # Need to add to the group push(@mems, $user); } elsif (!$ingroup{$gname} && $idx>=0) { # Need to remove from the group splice(@mems, $idx, 1); } elsif ($idx >= 0) { # Need to rename in group $mems[$idx] = $user; } else { next; } } else { local $idx = &indexof($user, @mems); if ($ingroup{$gname} && $idx<0) { # Need to add to the group push(@mems, $user); } elsif (!$ingroup{$gname} && $idx>=0) { # Need to remove from the group splice(@mems, $idx, 1); } else { next; } } # Actually change the group $rv = $ldap->modify($g->dn(), replace => { 'memberUid' => \@mems }); if ($rv->code) { &error(&text('usave_emodgroup', $g->get_value('cn'), $rv->error)); } } } # Get the updated user object $rv = $ldap->search(base => $newdn, scope => 'base', filter => '(&(objectClass=posixAccount))'); ($uinfo) = $rv->all_entries; %user = &dn_to_hash($uinfo); # Run post-change script &set_user_envs(\%user, $in{'new'} ? 'CREATE_USER' : 'MODIFY_USER', $in{'passmode'} == 3 ? $in{'pass'} : "", undef); &made_changes(); # Run other modules' scripts if ($in{'others'}) { $user{'passmode'} = $in{'passmode'}; if ($in{'passmode'} == 2 && $user{'pass'} eq $ouser{'pass'}) { # not changing password $user{'passmode'} = 4; } $user{'plainpass'} = $in{'pass'} if ($in{'passmode'} == 3); $ldap->unbind(); # force commit? if (!$in{'new'}) { $user{'olduser'} = $ouser{'user'}; &useradmin::other_modules("useradmin_modify_user", \%user, \%ouser); } else { &useradmin::other_modules("useradmin_create_user", \%user); } } } $ldap->unbind(); delete($in{'pass'}); delete($in{'passmode'}); &unlock_user_files(); &webmin_log(!$in{'new'} ? 'modify' : 'create', 'user', $user, \%in); &redirect($in{'return'} || ""); # mail_props() # Add properties for mail and aliases sub mail_props { # Do nothing if no domain is set return if (!$config{'domain'}); # Add surname and first name details local ($autofirstname, $autolastname); if ($firstname && $lastname) { $autofirstname = $firstname; $autolastname = $lastname; } elsif ($in{'real'} =~ /(\S+)\s+(\S+)$/) { $autofirstname = lc($1); $autolastname = lc($2); } elsif ($in{'real'} =~ /(\S+)/) { $autofirstname = lc($1); } else { $autofirstname = lc($in{'user'}); } if ($autolastname) { if (&in_schema($schema, "mail")) { if ($config{'mailfmt'} == 0) { push(@props, "mail", "$autofirstname.$autolastname\@$config{'domain'}") } else { push(@props, "mail", "$user\@$config{'domain'}") } } } else { push(@props, "mail", "$autofirstname\@$config{'domain'}") if (&in_schema($schema, "mail")); } # Add extra aliases local $aattr = $config{'maillocaladdress'} || "alias"; if (&in_schema($schema, $aattr)) { local @alias = split(/\s+/, $in{'alias'}); if ($in{'alias'}) { if (!$config{'alias_same'}) { ($dup, $dupwhat) = &check_duplicates($ldap, $aattr, \@alias, $in{'dn'}); $dup && &error(&text('save_ealiasdup', $dupwhat, $dup->dn())); } push(@props, $aattr, \@alias); } else { push(@rprops, $aattr); } } local $battr = $config{'mailroutingaddress'}; push(@props, $battr, lc($in{'user'})."\@$config{'imap_host'}") if ($battr ne "") && (&in_schema($schema, $battr)); } # delete_mail_props() # Take away any extra properties added by mail_props sub delete_mail_props { local $aattr = $config{'maillocaladdress'} || "alias"; if (&in_schema($schema, $aattr)) { push(@rprops, $aattr); } local $battr = $config{'mailroutingaddress'}; if (($battr ne "") && &in_schema($schema, $battr)) { push(@rprops, $battr); } push(@rprops, "mail") if (&in_schema($schema, "mail")); } sub delete_addressbook { return &delete_ldap_subtree($ldap, "ou=$user, $config{'addressbook'}"); } sub name_fields { if ($config{'given'}) { if ($firstname) { if (&in_schema($schema, "gn")) { push(@props, "gn", $firstname); } elsif (&in_schema($schema, "givenName")) { push(@props, "givenName", $firstname) } } if ($lastname && &in_schema($schema, "sn")) { push(@props, "sn", $lastname); } if ($firstname || $lastname) { push(@classes, $config{'given_class'}); } } if (&in_schema($schema, "gecos")) { push(@props, "gecos", &remove_accents($in{'real'})); } } sub shadow_fields { if (&in_schema($schema, "shadowLastChange")) { # Validate shadow-password inputs $in{'min'} =~ /^\-?[0-9]*$/ || &error(&text('usave_emin', $in{'min'})); if ($in{'min'} ne '') { push(@props, "shadowMin", $in{'min'}); } else { push(@rprops, "shadowMin"); } $in{'max'} =~ /^\-?[0-9]*$/ || &error(&text('usave_emax', $in{'max'})); if ($in{'max'} ne '') { push(@props, "shadowMax", $in{'max'}); } else { push(@rprops, "shadowMax"); } if ($in{'expired'} ne "" && $in{'expirem'} ne "" && $in{'expirey'} ne "") { eval { $expire = timelocal(0, 0, 12, $in{'expired'}, $in{'expirem'}-1, $in{'expirey'}-1900); }; if ($@) { &error($text{'usave_eexpire'}); } push(@props, "shadowExpire", int($expire / (60*60*24))); } else { push(@rprops, "shadowExpire"); } $in{'warn'} =~ /^\-?[0-9]*$/ || &error(&text('usave_ewarn', $in{'warn'})); if ($in{'warn'} ne '') { push(@props, "shadowWarning", $in{'warn'}); } else { push(@rprops, "shadowWarning"); } $in{'inactive'} =~ /^\-?[0-9]*$/ || &error(&text('usave_einactive', $in{'inactive'})); if ($in{'inactive'} ne '') { push(@props, "shadowInactive", $in{'inactive'}); } else { push(@rprops, "shadowInactive"); } if ($in{'passmode'} == 3 || $in{'passmode'} == 2 && $pass ne $oldpass) { $daynow = int(time() / (60*60*24)); push(@props, "shadowLastChange", $daynow); } return 1; } else { return 0; } } ldap-useradmin/images/0000775000567100000120000000000011220733746014717 5ustar jcameronwheelldap-useradmin/images/icon.gif0000644000567100000120000000076611220733746016345 0ustar jcameronwheelGIF89a00ÂÿÿÿÈÌÈfffÌÌÌøÈÌø!ù,00þªÑ½0J)ª½7º6ÆüSµA5] ®ŠH:¦„¦ ºo)ÈsJü6Š Q(Žb‹QçÇ BpÆ ðxx˜@g«h,wɵ‡%8¹…aNSiƒæ ½À½n@G?@™?\!ƒx {r t7„ƒ n(qLŒZŽ`•YZ ¢£ ( ”h—˜{z?qžž©E6­Sc qKžÁ‹·£È¢¼Vq±©ÂÅ 'nqbÍ«Ðu»S|ØfÚÂs·v$àÖ}Ãæ,\^_m¾›‰ðñ+ªö’àC`_´E, Din`ƒ‚Û"”D¯ 0áô,5¼ –„‰ ¨ËôjcAƒ­a£Éä~ @z[É –»?<¦òmÅ'h¥ñÜåó NnƱøiŽ©Ð É P‹¤Ü7^C¤!äMëU Õ @„Å/È°†à,˲jÜ2$ÄÀ¹3ÇžUëO켋y‰ì¥‹‹­[$ SKG–±Âaifr e¼-ØŽ\|µ+QË3÷œ —« Ó¤De±:õWÏ­ëú\vvlй¢*›\A÷îÔÀƒ$;ldap-useradmin/images/.xvpics/0000755000567100000120000000000011220733746016307 5ustar jcameronwheelldap-useradmin/images/.xvpics/icon.gif0000664000567100000120000000450111220733746017730 0ustar jcameronwheelP7 332 #IMGINFO:48x48 RGB (502 bytes) #END_OF_COMMENTS 48 48 255 ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ۶ڻֺ۶ڷں׺ÿÿÿÿÿmIÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ¶ÛºÿÿÿÿÿÿÿmInmmÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ¶ÛºÿÿÿÿÿÿÿmInmmÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ¶ÛºÿÿÿÿÿÿmInmmÛÚ¶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ¶àààÛºÿÿÿÿÿmIÿ¶Û¶ÛÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿºÖààÛ¶ÿÿÿÿÿÿmÿÛ¶Ú·ÚÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛàÀàààÛ¶ÿÿÿÿÿmInÚÛÚ¶ÛÿÿÿÿÿÿÿÿÿÿÿÿÿÿàÀàà»Û¶ÿÿÿÿÿÿmInmmÛÚ¶ÿÿÿÿÿÿÿÿÿÿÿàààÀÿÿÿÛ¶ÛºÿÿÿÿÿÿmIÿmInÚÿÿÿÿÿÿÿÿÿàààÿÿÿÿÿÿÿ»ÖºÛ¶Ú»Öº×ºÚ·ÚÿÿÿÿÿÿmIÿmIÿ¶ÛÿÿÿÿàÀààÿÿÿÿÿÿÿÿÿÿ»ÖºÛ¶Ú»Öº×ºÚ·ÚÿÿÿÿmmJþ·Ú¶ààààÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ»ÖºÛ¶Ú»ÖºÿÿÿÿÿÿÿÿmÿmÛ¶Ûàà»Öÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ»×»Û·ÛÿÿÿÿÿÿÿÿÿmÿÿmÛ¶ÛààÀààÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ»ÖºÛ¶Ú»Öº×ºÚ·ÚÿÿÿÿÿmIÿÿmÛ¶mÛà»àÛ¶àààÿÿÿÿÿÿÿÿÿÿÿÿ»×ºÚ·Úº×ºÖ»Ú¶ÛÿÿÿÿÿÿÿmÛImÛà»ÿàÛÿÿÿàÀàÿÿÿÿÿÿÿÿÿÛ¶Ú»×»Û·Û·Û»ÖºÿÿÿÿÿÿmIÿÿIÛÚÀÿàÛÿÿÿÿÿÿàÀÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿmÛÿmÛÿàÿÿÀÛÿÿÿÿÿÿÿààÀÿÿÿÿ۶ڻֺ۶ڷں׺ÿÿÿÿÿÿmIÿmÛÿàÿÿÿÀÿÿÿÿÿÿÿÿÿÿàààÿ»ÖÛºÿÿÿÿÿÿmIÿÛÿÿà»ÿÿÿàÿÿÿÿÿÿÿÿÿÿÿÿààààÛ¶ÿÿÿÿÿÿmIÿÛHÿàÛÿÿÿÿàÿÿÿÿÿÿÿÿÿÿÿÿ»¶àààààÛºÿÿÿÿÿÿmIÿÛHÿàÛÿÿÿÿÿàÿÿÿÿÿÿÿÿÿÿÿ»¶àààÛºÿÿÿÿÿÿmIÿÛHÿàÛÿÿÿÿÿÿàÿÿÿÿÿÿÿÿÿÿ»¶ààÛºÿÿÿÿÿmÿÿÿÛ¶mmà»Öÿÿÿÿÿÿàÿÿÿÿÿÿÿÿÿ»ÖàÛºÿÿÿÿÿÿÿmÿÿÿÛ¶mmÿà»ÿÿÿÿÿÿàÿÿÿÿÿÿÿÿÿÛ¶ÛºÿÿÿÿÿÿÿmÿÿÿÛ¶mmÿà»ÿÿÿÿÿÿÿàÿÿÿÿÿÿÿÿÛ¶ÛºÿÿÿÿÿmIÿÿÿÛ¶ÿÿmIà߶ÿÿÿÿÿÿÿàÿÿÿÿÿÿÿ۶ڻֺ۶ڷں׺ÿÿÿÿÿÿÿÿÿÿÛ¶ÿÿÿÿàÛ¶ÿÿÿÿÿÿÿÿàÿÿÿÿÿÿ۶ڻֺ۶ڷں׺ÿÿÿÿÿÿÿÿÿÿÛ¶ÿÿÿÿàÛ¶ÿÿÿÿÿÿÿÿÿàÿÿÿÿÿÿÿÿÛ¶Ú»ÖºÛ¶ÚÿÿÿÿÿÿÿÿÿÿÿÛ¶ÿÿÿÿÿàÿÛ¶ÿÿÿÿÿÿÿÿÿàÿÿÿÿÿÿÿÿÛ·Û»×»ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿàÿÿÿÿÿÿÿÿÿÿÿÿÿàÿÿÿ»ÖºÛ¶Ú»Öº×ºÚ·ÚÿÿÿÿÿÿÿÿÿÿÿÛ¶Ú»Öà»Ú¶Û¶Ú»Öÿÿÿº×ºà»ÖºÛ¶Ú»Öº×ºÚ·Ú·ÚÿÿÿÿÿÿÿÿÿÿÿÛ¶àÛºÿÿÿÖ»àÛ¶Û»×»Ú¶ÿÿÿÿÿÿÿÿÿÿÿÛ¶àÛºÿÿÿÖ»àÛ¶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ¶ààààÀÛºÿÿÿÖ»ààÛ¶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ¶àààÛºÿÿÿÖ»ààÛ¶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ¶àÛºÿÿÿÖ»àààÛ¶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ¶ÛºÿÿÿÖ»Û¶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ¶ÛºÿÿÿÖ»Û¶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ¶ÛºÿÿÿÖ»Û¶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ۶ڻֺ۶ڷں׺ÿÿÿ׺ڷڶۺֻڶ۶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ۶ڻֺ۶ڷں׺ÿÿÿ׺ڷڶۺֻڶ۶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ¶Ú»ÖºÛ¶Úÿÿÿÿÿÿÿÿ·Úº×ºÖ»Ú¶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ·Û»×»ÿÿÿÿÿÿÿÿÿÿÿÛ·Û¶Û»ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ۶ڻֺ۶ڷں׺ÿÿÿ׺ڷڶۺֻڶ۶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ۷ں׺ڷڶۺֻÿÿÿÖ»Ú·Ú¶ÛºÖ»Ú·Ú¶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÛ¶Ú»×»Û·Û·Û»Öºÿÿÿ׺ڷ۷ۻ׻۷ڶÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿldap-useradmin/images/smallicon.gif0000664000567100000120000000077611220733746017401 0ustar jcameronwheelGIF87aÕø™™™ÖÙâü€€sssâffàfdÖZZ>æææäæä333ÌÌÌÈÌÈÀÀÀ|äæðÈÌÔ€€€ïssîsrþÀÀfffdfdäæüZZZºÿÿÿ䦦ÈÌàóóóòóò@@@ÙÙÙÖÙÖ³³³,þÀN‡”„Ȥð‘i6H sT&Å,´4¨u àDŠ[eCp8ÖKQ(Ð\ˆ€0% €LNP"€€J $” B%"‚V £¡B%%I££["ªBrB¡Á¥ ŸB€wxC©pÌJxÈ%# ~ÚHXuÓG ¨H¿êYÓ#~îpÎê••’€8Wáœ?!!f]R"”…`!:0x0`œáÒ;Z4hXˆ£‚ß:Šö ÀP¥©Ä¢`ãËH³Ì´çrŒ$ÄŠ–õ)dÀ¨*$Ê`BÅKN+úl(R¤„ˆ $T‰$;ldap-useradmin/cgi_args.pl0000775000567100000120000000076511220733746015600 0ustar jcameronwheel do 'ldap-useradmin-lib.pl'; sub cgi_args { my ($cgi) = @_; if ($cgi eq 'edit_user.cgi') { # Link to first available user my @allulist = &list_users(); my @ulist = &useradmin::list_allowed_users(\%access, \@allulist); return @ulist ? "dn=".&urlize($ulist[0]->{'dn'}) : "new=1"; } elsif ($cgi eq 'edit_group.cgi') { my @allglist = &list_groups(); my @glist = &useradmin::list_allowed_groups(\%access, \@allglist); return @glist ? "dn=".&urlize($glist[0]->{'dn'}) : "new=1"; } return undef; } ldap-useradmin/config.info0000664000567100000120000001234111220733746015575 0ustar jcameronwheelline1=LDAP server options,11 ldap_host=LDAP server host,3,From NSS config file ldap_port=LDAP server port,3,From NSS config file or default ldap_tls=LDAP server uses encryption?,1,1-Yes SSL,2-Yes TLS,0-No login=Bind to LDAP server as,3,Bind name from NSS config file pass=Credentials for bind name above,12 user_base=Base for users,3,From NSS config file group_base=Base for groups,3,From NSS config file other_class=Other objectClasses to add to new users,0 gother_class=Other objectClasses to add to new groups,0 given=Show fields for given name and surname?,1,1-Yes,0-No given_class=Object class to add for given name?,0 given_order=Order for first name and surname,1,1-Surname, Firstname,0-Firstname Surname slappasswd=Full path to slappasswd program,0 line9=LDAP attributes,11 props=LDAP properties for all new users
(In fieldname: value format),9,40,3,\t mod_props=LDAP properties for modified users
(In fieldname: value format),9,40,3,\t fields=Extra LDAP user properties to allow editing of
(In fieldname description format),9,40,3,\t group_props=LDAP properties for all new groups
(In fieldname: value format),9,40,3,\t group_mod_props=LDAP properties for modified groups
(In fieldname: value format),9,40,3,\t group_fields=Extra LDAP group properties to allow editing of
(In fieldname description format),9,40,3,\t multi_fields=Allow multiple values for extra properties?,1,1-Yes,0-No noclash=Attributes for which duplicates are disallowed,0 person=Give all Unix users the person object class?,1,1-Yes,0-No line5=Home directory options,11 homedir_perms=Permissions on new home directories,3,From Users and Groups module user_files=Copy files into new home directories from,3,From Users and Groups module home_base=Automatic home directory base,3,From Users and Groups module home_style=Automatic home directory style,4,0-home/username,1-home/u/username,2-home/u/us/username,3-home/u/s/username,4-Just base directory,5-home/primary_group/username,-From Users and Groups module line6=New user options,11 base_uid=Lowest UID for new users,3,From Users and Groups module base_gid=Lowest GID for new groups,3,From Users and Groups module md5=Encryption method for passwords,1,3-LDAP MD5,1-Unix MD5,0-crypt,2-Plain text,4-LDAP SSHA shells=Build list of shells from,2,fixed-Builtin list,passwd-System users,shells-/etc/shells line7=New user defaults,11 default_group=Default primary group for new users,3,From Users and Groups module default_secs=Default secondary groups for new users,3,From Users and Groups module default_shell=Default shell for new users,3,From Users and Groups module default_min=Default minimum days for new users,3,From Users and Groups module default_max=Default maximum days for new users,3,From Users and Groups module default_warn=Default warning days for new users,3,From Users and Groups module default_inactive=Default inactive days for new users,3,From Users and Groups module default_expire=Default expiry date for new users (dd/mm/yyyy),3,From Users and Groups module default_other=Create and update in other modules,1,1-Yes,0-No,-From Users and Groups module line8=User interface options,11 display_max=Maximum number of users or groups to display,3,From Users and Groups module passwd_stars=Conceal plain-text password?,1,1-Yes,0-No,-From Users and Groups module random_password=Generate password for new users?,1,1-Yes,0-No,-From Users and Groups module charset=Character set for editing users and groups,3,From Webmin language secmode=Show secondary groups on user form?,1,0-Yes,1-No,2-As text box membox=Edit group members using,1,1-Text box,0-User selector line2=Samba account options,11 samba_class=LDAP object class for Samba users,10,sambaAccount-sambaAccount (Samba 2),sambaSamAccount-sambaSamAccount (Samba 3),Other samba_def=Enabled Samba account by default?,1,1-Yes,0-No samba_domain=Domain SID for Samba3,0 samba_props=LDAP properties for new Samba users,9,40,3,\t samba_gclass=LDAP object class for Samba groups,10,-sambaGroup (Samba 2),sambaSamGroup-sambaSamGroup (Samba 3 old schema),sambaGroupMapping-sambaGroupMapping (Samba 3 new schema),Other samba_gid=Primary group SID,10,none-None,-Work out automatically line3=Cyrus IMAP server options,11 imap_class=LDAP object class for IMAP users,0 imap_def=Enabled IMAP account by default?,1,1-Yes,0-No imap_host=Cyrus IMAP server host,3,None imap_login=Administration login for IMAP server,0 imap_pass=Administration password for IMAP server,0 imap_props=LDAP properties for new IMAP users,9,40,5,\t imap_folders=Folders to create for new IMAP users,9,30,3,\t imap_folderalt=Path for folders,1,1-user.$user.$folder,0-$folder imap_foldersep=Folder separator,1,.-.,/-/ domain=Email domain for mail attribute,0,Don't add mail attributes mailfmt=Email address format,1,0-firstname.surname@domain,1-username@domain addressbook=Address book base,3,None quota_support=IMAP server supports quotas?,1,1-Yes,0-No quota=Default quota for new Cyrus users,3,None,,,kB maillocaladdress=Attribute for mail aliases,3,Default (alias) alias_same=Can two users have the same alias?,1,1-Yes,0-No line4=Before and after commands,11 pre_command=Command to run before making changes,0 post_command=Command to run after making changes,0 ldap-useradmin/config-redhat-linux0000664000567100000120000000057111220733746017247 0ustar jcameronwheelauth_ldap=/etc/ldap.conf imap_login=cyrus samba_class=sambaAccount imap_class=SuSEeMailObject imap_folders=old public sent-mail md5=0 given=0 slappasswd=slappasswd samba_def=0 imap_def=0 multi_fields=0 mailfmt=0 shells=fixed,ldap,passwd,shells secmode=0 samba_gclass=sambaGroup alias_same=0 given_class=inetOrgPerson person=1 given_order=0 imap_foldersep=. ldap_tls=0 membox=0 ldap-useradmin/config.info.nl0000644000567100000120000001351511220733746016207 0ustar jcameronwheelline1=LDAP server opties,11 ldap_host=LDAP server host,3,Van NSS config file ldap_port=LDAP server poort,3,Van NSS config file of standaard ldap_tls=LDAP server gebruikt versleuteling?,1,1-Ja SSL,2-Ja TLS,0-Nee login=Bind aan LDAP server als,3,Bind naam van NSS config file pass=Credentials voor bind namen boven,12 user_base=Basis voor gebruikers,3,Van NSS config file group_base=Basis voor groepen,3,Van NSS config file other_class=Andere object Classen om toe te voegen aan nieuwe gebruikers,0 gother_class=Andere object klassen om toe te voegen aan nieuwe groepen,0 given=Laat velden zien van voor, en achternaam?,1,1-Ja,0-Nee given_class=Object class om toe te voegen aan gegeven naam?,0 given_order=Volgorde voor voornaam en achternaam,1,1-Achternaam, Voornaam,0-Voornaam Achternaam slappasswd=Volledig pad naar slappasswd programma,0 line9=LDAP attributen,11 props=LDAP eigenschappen voor alle nieuwe gebruikers
veldnaam waarde formaat),9,40,3,\t mod_props=LDAP eigenschappen voor gemodificeerde gebruikers
veldnaam omschrijving formaat),9,40,3,\t fields=Extra LDAP gebruikers eigenschappen om bewerken toe te staan
van >(In veldnaam omschrijving formaat),9,40,3,\t group_props=LDAP eigenschappen voor alle nieuwe groepen
veldnaam omschrijving formaat),9,40,3,\t group_mod_props=LDAP eigenschappen voor modificeren groepen
veldnaam omschrijving formaat),9,40,3,\t group_fields=Extra LDAP groeps eigenschappen om bewerken toe te staan
van >(In veldnaam omschrijving formaat),9,40,3,\t multi_fields=Meerdere waardes toestaan voor extra eigenschappen?,1,1-Ja,0-Nee noclash=Attributen waar duplicaten niet voor zijn toegestaan,0 person=Geef alle Unix gebruikers de person object class?,1,1-Ja,0-Nee line5=Home directory opties,11 homedir_perms=Permissies op nieuwe home directory's,3,Van Gebruikers en Groepen module user_files=Kopieer files in nieuwe home directory's van,3,Van Gebruikers en Groepen module home_base=Automatische home directory basis,3,Van Gebruikers en Groepen module home_style=Automatische home directory stijl,4,0,home/username,1,home/u/username,2,home/u/us/username,3,home/u/s/username,4,Alleen basis directory,5,home/primaire_groep/username,-Van Gebruikers en Groepen module line6=Nieuwe gebruiker opties,11 base_uid=Laagste UID voor nieuwe gebruikers,3,Van Gebruikers en Groepen module base_gid=Laagste GID voor nieuwe groepen,3,Van Gebruikers en Groepen module md5=Encryptie methoden voor wachtwoorden,1,3-LDAP MD5,1-Unix MD5,0-crypt,2-Platte tekst,4-LDAP SSHA shells=Bouw een lijst van shells van,2,vaste ingebouwde lijst,paswd-Systeem gebruikers,shells-/etc/shells line7=Nieuwe gebruiker standaarden,11 default_group=Standaard primaire groep voor nieuwe gebruikers,3,Van Gebruikers en Groepen module default_secs=Standaard secundaire groepen voor nieuwe gebruikers,3,Van Gebruikers en Groepen module default_shell=Standaard shell voor nieuwe gebruikers,3,Van Gebruikers en Groepen module default_min=Standaard minimum dagen voor nieuwe gebruikers,3,Van Gebruikers en Groepen module default_max=Standaard maximum dagen voor nieuwe gebruikers,3,Van Gebruikers en Groepen module default_warn=Standaard waarschuwing's dagen voor nieuwe gebruikers,3,Van Gebruikers en Groepen module default_inactive=Standaard inactieve dagen voor nieuwe gebruikers,3,Van Gebruikers en Groepen module default_expire=Standaard expiratie datum voor nieuwe gebruikers (dd/mm/yyyy),3,Van Gebruikers en Groepen module default_other=Maken en updaten in andere modules,1,1-Ja,0-Nee,-Van Gebruikers en Groepen module line8=Laat opties zien,11 display_max=Maximum aantal gebruikers of groepen om te laten zien,3,Van Gebruikers en Groepen module passwd_stars=Verberg platte tekst wachtwoord?,1,1-Ja,0-Nee,-Van gebruikers en Groepen module random_password=Genereer wachtwoord voor nieuwe gebruikers?,1,1-Ja,0-Nee,-Van Gebruikers en Groepen module charset=Karakter set voor bewerken van gebruikers en groepen,3,Webmin taal secmode=Laat secundaire groepen zien op gebruikers formulier?,1,0-Ja,1-Nee,2-Als tekstbox membox=Bewerk groep leden met gebruik van,1,1-Tekst box,0-Gebruiker kiezer line2=Samba account opties,11 samba_class=LDAP object class voor Samba gebruikers,10,sambaAccount-sambaAccount (Samba 2),sambaSamAccount-sambaSamAccount (Samba),Anders samba_def=Samba account standaard aanzetten?,1,1-Ja,0-Nee samba_domain=Domein SID voor Samba3,0 samba_props=LDAP eigenschappen voor nieuwe Samba gebruikers,9,40,3,\t samba_gclass=LDAP object class voor Samba groepen,10,-sambaGroup (Samba 2),sambaSamGroup-sambaSamGroup (Samba 3 oude schema),sambaGroupMapping-sambaGroupMapping (Samba 3 nieuw schema),Anders samba_gid=Primaire groep SID,10,none-Geen,-Automatisch uitzoeken line3=Cyrus IMAP server opties,11 imap_class=LDAP object class voor IMAP gebruikers,0 imap_def=IMAP account standaard aanzetten?,1,1-Ja,0-Nee imap_host=Cyrus IMAP server host,3,Geen imap_login=Administratie login voor IMAP server,0 imap_pass=Administratie wachtwoord voor IMAP server,0 imap_props=LDAP eigenschappen voor nieuwe IMAP gebruikers,9,40,5,\t imap_folders=Folders om te maken voor nieuwe IMAP gebruikers,9,30,3,\t imap_folderalt=Pad voor folders,1,1-user.$user.$folder,0-$folder imap_foldersep=Folder afscheiding,1,.-.,/-/ domain=Email domein voor mail attributen,0,Geen mail attributen toevoegen mailfmt=Email adres formaat,1,0-voornaam.achternaam@domein,1-gebruikersnaam@domein addressbook=Adres boek basis,3,Geen quota_support=IMAP server ondersteuning quota's?,1,1-Ja,0-Nee quota=Standaard quota voor nieuwe Cyrus gebruikers,3,Geen,,,kb maillocaladdress=Attributen voor mail aliassen,3,Standaard (alias) alias_same=Mogen twee gebruikers dezelfde alias hebben?,1,1-Ja,0-Nee line4=Voor en na opdrachten,11 pre_command=Opdracht om uit te voeren vooraf het maken van veranderingen,0 post_command=Opdracht om uit te voeren na het maken van veranderingen,0 ldap-useradmin/config-coherent-linux0000664000567100000120000000057111220733746017607 0ustar jcameronwheelauth_ldap=/etc/ldap.conf imap_login=cyrus samba_class=sambaAccount imap_class=SuSEeMailObject imap_folders=old public sent-mail md5=0 given=0 slappasswd=slappasswd samba_def=0 imap_def=0 multi_fields=0 mailfmt=0 shells=fixed,ldap,passwd,shells secmode=0 samba_gclass=sambaGroup alias_same=0 given_class=inetOrgPerson person=1 given_order=0 imap_foldersep=. ldap_tls=0 membox=0 ldap-useradmin/config.info.es0000644000567100000120000001242111220733746016200 0ustar jcameronwheelline1=Opciones de servidor LDAP,11 auth_ldap=Archivo de configuración de librería NSS de LDAP en Linux,3,Ninguna ldap_host=Máquina servidor LDAP,3,Del archivo de configuración NSS ldap_port=Puerto del servidor LDAP,3,Del archivo de configuración NSS o por defecto ldap_tls=¿LDAP usa TLS?,1,1-Sí,0-No login=Enlazar al servidor LDAP como,3,Nombre de enlace del archivo de configuración NSS pass=Credenciales para el nombre de enlazado superior,12 user_base=Base para usuarios,3,De archivo configuración NSS group_base=Base para grupos,3,Del archivo de configuración NSS other_class=Otras objectClasses para añadir a los nuevos usuarios,0 gother_class=Otras objectClasses para añadir a nuevos grupos,0 given=¿Mostrar campos para el nombre y apellidos dado?,1,1-Sí,0-No slappasswd=Ruta completa al programa slappasswd,0 line9=Atributos LDAP,11 props=Propiedades LDAP para todos los nuevos usuarios,9,40,3,\t mod_props=Propiedades LDAP para usuarios modificados,9,40,3,\t fields=Propiedades extra del usuario LDAP para permitirla la edición de
(In fieldname description format),9,40,3,\t group_props=Propiedades LDAP para todos los grupos nuevos,9,40,3,\t group_mod_props=Propiedades LDAP para grupos modificados,9,40,3,\t group_fields=Propiedades extra del grupo LDAP para permitir la edición de
(In fieldname description format),9,40,3,\t multi_fields=¿Permitir múltiples valores para propiedades extra?,1,1-Sí,0-No line5=Opciones de directorio home,11 homedir_perms=Permisos en los nuevos directorios home,3,Del módulo de Usuarios y Grupos user_files=Copiar archivos en nuevos directorios home desde,3,Del módulo de Usuarios y Grupos home_base=Base de directorio home automático,3,Del módulo de Usuarios y Grupos home_style=Estilo del directorio home automático,4,0-home/username,1-home/u/username,2-home/u/us/username,3-home/u/s/username,4-Sólo directorio base,5-home/primary_group/username,-Del módulo de Usuarios y Grupos line6=Opciones de usuario nuevo,11 base_uid=UID menor para nuevos usuarios,3,Del módulo de Usuarios y Grupos base_gid=GID menor para nuevos grupos,3,Del módulo de Usuarios y Grupos md5=Método de encriptación de contraseñas,1,3-LDAP MD5,1-Unix MD5,0-crypt,2-Texto plano shells=Construir lista de shells desde,2,fijada-Lista original,passwd-Usuarios de sistema,shells-/etc/shells secmode=¿Mostrar grupos secundarios en el formulario de usuario?,1,0-Sí,1-No line7=Conf. por defecto de nuevo usuario,11 default_group=Grupo primario por defecto para usuarios nuevos,3,Del módulo de Usuarios y Grupos default_secs=Grupos secundarios por defecto para usuarios nuevos,3,Del módulo de Usuarios y Grupos default_shell=Shell por defecto para usuarios nuevos,3,Del módulo de Usuarios y Grupos default_min=Dias mínimos por defecto para usuarios nuevos,3,Del módulo de Usuarios y Grupos default_max=Dias máximos por defecto para usuarios nuevos,3,Del módulo de Usuarios y Grupos default_warn=Dias de aviso por defecto para usuarios nuevos,3,Del módulo de Usuarios y Grupos default_inactive=Dias inactivos por defecto para usuarios nuevos,3,Del módulo de Usuarios y Grupos default_expire=Fecha de expiración por defecto para usuarios nuevos (dd/mm/yyy),3,Del módulo de Usuarios y Grupos default_other=Crear y actualizar en otros módulos,1,1-Sí,0-No,-Del módulo de Usuarios y Grupos line8=Mostrar opciones,11 display_max=Número máximo de usuarios o grupos a mostrar,3,Del módulo de Usuarios y Grupos passwd_stars=¿Encubrir contraseña en texto plano?,1,1-Sí,0-No,-Del módulo de Usuarios y Grupos random_password=¿Generar contraseña para los usuarios nuevos?,1,1-Sí,0-No,-Del módulo de Usuarios y Grupos charset=Juego de caracteres para editar usuarios y grupos,3,Del idioma de Webmin line2=Opciones de cuenta Samba,11 samba_class=Clase de objeto LDAP para usuarios Samba,0 samba_def=¿Habilitar cuenta Samba por defecto?,1,1-Sí,0-No samba_domain=Dominio SID para Samba3,0 samba_props=Propiedades LDAP para usuarios nuevos de Samba,9,40,3,\t samba_gclass=Clase de objeto LDAP para grupos Samba,0 line3=Opciones de servidor IMAP Cyrus,11 imap_class=Clase de objeto LDAP para usuarios IMAP,0 imap_def=¿Habilitar cuenta IMAP por defecto?,1,1-Sí,0-No imap_host=Máquina Servidor Cyrus IMAP,3,Ninguno imap_login=Login de administración del servidor IMAP,0 imap_pass=Contraseña de administración del servidor IMAP,0 imap_props=Propiedades LDAP para usuarios IMAP nuevos,9,40,5,\t imap_folders=Carpetas a crear para usuarios IMAP nuevos,9,30,3,\t imap_folderalt=Ruta a carpetas,1,1-user.$user.$folder,0-$folder domain=Dominio de email para atributo de correo,0,No añadir atributos de correo mailfmt=Formato de dirección email,1,0,firstname.surname@domain,1-username@domain addressbook=Base de libreta de direcciones,3,Ninguna quota=Cuota por defecto para usuarios nuevos Cyrus,3,Ninguno maillocaladdress=Atributo para alias de correo,3,Por defecto (alias) line4=Comandos de antes y después,11 pre_command=Comando a ejecutar antes de hacer cambios,0 post_command=Comando a ejecutar tras aceptar los cambios,0 ldap-useradmin/config-united-linux0000664000567100000120000000060211220733746017263 0ustar jcameronwheelauth_ldap=/etc/openldap/ldap.conf imap_login=cyrus samba_class=sambaAccount imap_class=SuSEeMailObject imap_folders=old public sent-mail md5=0 given=0 slappasswd=slappasswd samba_def=0 imap_def=0 multi_fields=0 mailfmt=0 shells=fixed,ldap,passwd,shells secmode=0 samba_gclass=sambaGroup alias_same=0 given_class=inetOrgPerson person=1 given_order=0 imap_foldersep=. ldap_tls=0 membox=0 ldap-useradmin/cpan_modules.pl0000775000567100000120000000012511220733746016461 0ustar jcameronwheel require 'ldap-useradmin-lib.pl'; sub cpan_recommended { return ( "Net::LDAP" ); } ldap-useradmin/install_check.pl0000775000567100000120000000110411220733746016611 0ustar jcameronwheel# install_check.pl do 'ldap-useradmin-lib.pl'; # is_installed(mode) # For mode 1, returns 2 if the server is installed and configured for use by # Webmin, 1 if installed but not configured, or 0 otherwise. # For mode 0, returns 1 if installed, 0 if not sub is_installed { if ($config{'auth_ldap'}) { return 0 if (!-r $config{'auth_ldap'}); } else { if ($_[0]) { return 1 if (!$config{'ldap_host'} || !$config{'login'} || !$config{'pass'} || !$config{'user_base'} || !$config{'group_base'}); } } if ($_[0]) { return 2 if ($got_net_ldap); } return 1; } ldap-useradmin/config-debian-linux-4.0-*0000664000567100000120000000057411220733746017653 0ustar jcameronwheelauth_ldap=/etc/ldap.conf imap_login=cyrus samba_class=sambaSamAccount imap_class=SuSEeMailObject imap_folders=old public sent-mail md5=0 given=0 slappasswd=slappasswd samba_def=0 imap_def=0 multi_fields=0 mailfmt=0 shells=fixed,ldap,passwd,shells secmode=0 samba_gclass=sambaGroup alias_same=0 other_class=inetOrgPerson person=1 given_order=0 imap_foldersep=. ldap_tls=0 membox=0 ldap-useradmin/batch_form.cgi0000775000567100000120000000457011220733746016253 0ustar jcameronwheel#!/usr/local/bin/perl # batch_form.cgi # Display a form for doing batch creation, updates or deletion from a text file require './ldap-useradmin-lib.pl'; $access{'batch'} || &error($text{'batch_ecannot'}); &ui_print_header(undef, $text{'batch_title'}, ""); $ldap = &ldap_connect(); $schema = $ldap->schema(); $pft = $schema->attribute("shadowLastChange") ? 2 : 0; # Instructions print &ui_hidden_start($text{'batch_instr'}, "instr", 0, "batch_form.cgi"); print "$text{'batch_desc'}\n"; print "

",$text{'batch_desc'.$pft},"

\n"; print "$text{'batch_descafter'}
\n"; print "$text{'batch_descafter2'}
\n"; print &ui_hidden_end("instr"); print &ui_form_start("batch_exec.cgi", "form-data"); print &ui_table_start($text{'batch_header'}, undef, 2); # Source file print &ui_table_row($text{'batch_source'}, &ui_radio_table("source", 0, [ [ 0, $text{'batch_source0'}, &ui_upload("file") ], [ 1, $text{'batch_source1'}, &ui_textbox("local", undef, 40)." ". &file_chooser_button("local") ], [ 2, $text{'batch_source2'}, &ui_textarea("text", undef, 5, 60) ] ])); # Do other modules? print &ui_table_row($text{'batch_others'}, &ui_yesno_radio("others", $config{'default_other'})); # Only run post-command at end? print &ui_table_row($text{'batch_batch'}, &ui_yesno_radio("batch", 0)); # Create home dir print &ui_table_row($text{'batch_makehome'}, &ui_yesno_radio("makehome", 1)); # Copy files to homes print &ui_table_row($text{'batch_copy'}, &ui_yesno_radio("copy", 1)); # Move home dirs print &ui_table_row($text{'batch_movehome'}, &ui_yesno_radio("movehome", 1)); # Update UIDs on files print &ui_table_row($text{'batch_chuid'}, &ui_radio("chuid", 1, [ [ 0, $text{'no'} ], [ 1, $text{'home'} ], [ 2, $text{'uedit_allfiles'} ] ])); # Update GIDs on files print &ui_table_row($text{'batch_chgid'}, &ui_radio("chgid", 1, [ [ 0, $text{'no'} ], [ 1, $text{'home'} ], [ 2, $text{'uedit_allfiles'} ] ])); # Delete home dirs print &ui_table_row($text{'batch_delhome'}, &ui_yesno_radio("delhome", 1)); # Encrypt password print &ui_table_row($text{'batch_crypt'}, &ui_yesno_radio("crypt", 0)); # Create Samba account print &ui_table_row($text{'batch_samba'}, &ui_yesno_radio("samba", $config{'samba_def'} ? 1 : 0)); print &ui_table_end(); print &ui_form_end([ [ undef, $text{'batch_upload'} ] ]); &ui_print_footer("", $text{'index_return'}); ldap-useradmin/config.info.de0000644000567100000120000001274311220733746016170 0ustar jcameronwheelline1=LDAP-Serveroptionen,11 auth_ldap=LinuxLDAP-NSS-Bibliothek-Konfigurationsdatei,3,Keine ldap_host=LDAP-Server,3,Aus der NSS-Konfigurationsdatei ldap_port=LDAP-Server-Port,3,Aus der NSS-Konfigurationsdatei ldap_tls=TLS für LDAP?,1,1-Ja,0-Nein login=Binde an LDAP-Server als,3,Name aus der NSS-Konfigurationsdatei pass=Zugang für den zu bindenden obig benannten Namen,12 user_base=Basis für Benutzer,3,Aus der NSS-Konfigurationsdatei group_base=Basis für Gruppen,3,Aus der NSS-Konfigurationsdatei other_class=Andere ObjectClasses für das Hinzufügen für neue Benutzer,0 gother_class=Andere ObjectClasses für das Hinzufügen zu neuen Gruppen,0 given=Zeige Felder für Vor- und Nachname an?,1,1-Ja,0-Nein slappasswd=Voller Pfad zu slappasswd,0 line9=LDAP-Attribute,11 props=LDAP-Eigenschaften für alle neuen Benutzer,9,40,3,\t mod_props=LDAP-Eigenschaften für veränderte Benutzer,9,40,3,\t fields=Zusätzliche LDAP-Benutzereigenschaften, um das Editieren von
(Im Feldname Beschreibung-Format) zu erlauben,9,40,3,\t group_props=LDAP-Eigenschaften für alle neuen Gruppen,9,40,3,\t group_mod_props=LDAP-Eigenschaften für veränderte Gruppen,9,40,3,\t group_fields=Zusätzliche LDAP-Gruppeneigenschaften, um das Editieren von
(Im Feldname Beschreibung-Format) zu erlauben,9,40,3,\t multi_fields=Erlaube mehrfache Werte für zusätzliche Eigenschaften?,1,1-Ja,0-Nein line5=Heimatverzeichnisoptionen,11 homedir_perms=Berechtigungen der neuen Heimatverzeichnisse,3,Aus dem Benutzer- und Gruppenmodul user_files=Kopiere Dateien in neue Heimatverzeichnisse aus,3,Aus dem Benutzer- und Gruppenmodul home_base=Automatische Heimatverzeichnis-Basis,3,Aus dem Benutzer- und Gruppenmodul home_style=Automatische Heimatverzeichnisart,4,0-home/username,1-home/u/username,2-home/u/us/username,3-home/u/s/username,4-Nur Basisverzeichnis,5-home/primary_group/username,-Aus dem Benutzer- und Gruppenmodul line6=Optionen für neue Benutzer,11 base_uid=Niedrigste UID für neue Benutzer,3,Aus dem Benutzer- und Gruppenmodul base_gid=Niedrigste GID für neue Gruppen,3,Aus dem Benutzer- und Gruppenmodul md5=Verschlüsselungsmethodik für Passworte,1,3-LDAP MD5,1-Unix MD5,0-cryp,2-Einfacher Text shells=Baue eine Liste der Shells aus,2,fixed-Eingebaute Liste,passwd-Systembenutzer,shells-/etc/shells secmode=Zeige sekundäre Gruppen auf dem Benutzerformular?,0-Ja,1-Nein line7=Standards für neue Benutzer,11 default_group=Standardmäßige Primäre Gruppe für neue Benutzer,3,Aus dem Benutzer- und Gruppenmodul default_secs=Standardmäßige Sekundäre Gruppe für neue Benutzer,3,Aus dem Benutzer- und Gruppenmodul default_shell=Standard-Shell für neue Benutzer,3,Aus dem Benutzer- und Gruppenmodul default_min=Standardmäßige Minimale Tage für neue Benutzer,3,Aus dem Benutzer- und Gruppenmodul default_max=Standardmäßige Maximale Tage für neue Benutzer,3,Aus dem Benutzer- und Gruppenmodul default_warn=Standardmäßige Warntage für neue Benutzer,3,Aus dem Benutzer- und Gruppenmodul default_inactive=Standardmäßige Inaktive Tage für neue Benutzer,3,Aus dem Benutzer- und Gruppenmodul default_expire=Standard-Ablaufzeit für neue Benutzer (dd/mm/yyyy),3,Aus dem Benutzer- und Gruppenmodul default_other=In anderen Modulen erzeugen und aktualisieren,1,1-Ja,0-Nein,-Aus dem Benutzer- und Gruppenmodul line8=Anzeigeoptionen,11 display_max=Maximale Anzahl der anzuzeigenden Benutzer und Gruppen,3,Aus dem Benutzer- und Gruppenmodul passwd_stars=Nur-Text-Passworte verschleiern?,1,1-Ja,0-Nein,-Aus dem Benutzer- und Gruppenmodul random_password=Generiere Passwort für neue Benutzer?,1,1-Ja,0-Nein,-Aus dem Benutzer- und Gruppenmodul charset=Zeichensatz für das Editieren von Benutzern und Gruppen,3,Nehme Webmin-Spracheinstellung line2=Sambaaccount-Optionen,11 samba_class=LDAP-ObjectClass für Samba-Benutzer,0 samba_def=Aktiviere Sambaaccount standardmäßig?,1,1-Ja,0-Nein samba_domain=Domain-SID für Samba3,0 samba_props=LDAP-Eigenschaften für neue Samba-Benutzer,9,40,3,\t samba_gclass=LDAP-ObjectClass für Samba-Gruppen,0 line3=Cyrus-IMAP-Server-Optionen,11 imap_class=LDAP-ObjectClasses für IMAP-Benutzer,0 imap_def=IMAP-Account standardmäßig aktivieren?,1,1-Ja,0-Nein imap_host=Cyrus-IMAP-Server,3,Keiner imap_login=Administratives Login für IMAP-Server,0 imap_pass=Administratives Passwort für IMAP-Server,0 imap_props=LDAP-Eigenschaften für neue IMAP-Benutzer,9,40,5,\t imap_folders=Ordner, die für neue IMAP-Benutzer erzeugt werden sollen,9,30,3,\t imap_folderalt=Pfad für Ordner,1,1-user.$user.$folder,0-$folder domain=E-Mail-Domaine für das Mail-Attribut,0,Keines hinzufügen mailfmt=E-Mail-Adressformat,1,0-Vorname.Nachname@domain,1,Benutzername@domain addressbook=Adressbuchbasis,3,Keine quota=Standard-Quota für neue Cyrus-Benutzer,3,Keines maillocaladdress=Attribute für E-Mail-Aliase,3,Standard (Alias) line4=Vorher- und Nachherkommandos,11 pre_command=Kommando vor Änderungen,0 post_command=Kommando nach Änderungen,0 ldap-useradmin/help/0000775000567100000120000000000011220733746014402 5ustar jcameronwheelldap-useradmin/help/intro.ca.html0000644000567100000120000000364211220733746017010 0ustar jcameronwheel

Usuaris i Grups LDAP
Si el sistema està configurat per a utilitzar un servidor LDAP per a emmagatzemar usuaris i grups Unix,es pot utilitzar aquest mòdul per gestionar els usuaris d'una base de dades LDAP. LDAP es fa servir sovint com una alternativa a NIS per a sincronitzar la informació dels usuaris a través de múltiples sistemes d'una xarxa, com una base de dades que pot emmagatzemar atributs addicionals per a cada usuari, a més a més dels estàndards Unix nom d'usuari, shell, i altres.

Naturalment, hi ha d'haver un servidor LDAP executant-se al sistema o en algun host de la xarxa per poder fer servir aquest mòdul. A més a més, cal configurar un o més hosts per a utilitzar LDAP per autenticar usuaris i/o grups. No es pot fer cap d'aquestes tasques des d'aquest mòdul -s'han de fer manualment, o amb altres mòduls Webmin per aquest propòsit.

Si també tens Samba configurat per utilitzar un servidor LDAP, aquest mòdul pot també crear i gestionar els atributs de contrasenyes necessaris per tal que cada usuari LDAP pugui entrar també al servidor Samba. Per tal que aquesta característica funcioni, s'ha de configurar el servidor LDAP per suportar els atributs addicionals Samba i la classe d'objecte per a cada usuari en el seu esquema. Només es crearam les atributs Samba quan l'opció Usuaris Samba estigui a .

El mòdul també pot crear usuaris en un servidor IMAP Cyrus, si està configurat per a l'autenticació contra la mateixa base de dades LDAP. Crearà bústies per a cada nou usuari, subscriurà l'usuari a les seves bústies i li donarà permisos d'administrador sobre les mateixes. Si se suprimeix un usuari LDAP, la seva bústia IMAP també ho serà. Actualment, aquesta característica només funciona amb el servidor IMAP Cyrus - no s'ha provat i probablement no sigui necessari per altres servidors, que fan servir el directori arrel de l'usuari per a emmagatzemar el correu.

ldap-useradmin/help/config_mod_props.html0000664000567100000120000000121011220733746020611 0ustar jcameronwheel
LDAP properties for all modified users
This option can be used to specifiy properties that will be updated in LDAP users when they are modified. They must be entered in the following format :

name1: value1
name2: value2

The following substitutions can be used, which are replaced when the user is saved :

${USER} The user's login name
${PLAINPASS} The user's un-encrypted password, if one was given
${REAL} The user's real name
${UID} The user's Unix UID number
${GID} The user's Unix group ID number
${HOME} The user's home directory
${SHELL} The user's login shell