/** * updates an existing group in sync backend * * @param Tinebase_Model_Group $_group * * @return Tinebase_Model_Group */ public function updateGroupInSyncBackend(Tinebase_Model_Group $_group) { if ($this->isDisabledBackend() || $this->isReadOnlyBackend()) { return $_group; } $metaData = $this->_getMetaData($_group->getId()); $dn = $metaData['dn']; $ldapData = array('cn' => $_group->name, 'description' => $_group->description, 'objectclass' => $metaData['objectclass']); foreach ($this->_plugins as $plugin) { $plugin->inspectUpdateGroup($_group, $ldapData); } if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' $dn: ' . $dn); } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' $ldapData: ' . print_r($ldapData, true)); } // rename? $newDn = "cn={$ldapData['cn']},{$this->_options['groupsDn']}"; if ($newDn != $dn) { $this->_ldap->rename($dn, $newDn); } // remove cn as samba forbids updating this // 0x43 (Operation not allowed on RDN; 00002016: Modify of RDN 'CN' on CN=...,CN=Users,DC=example,DC=org // not permitted, must use 'rename' operation instead unset($ldapData['cn']); $this->getLdap()->update($dn, $ldapData); $group = $this->getGroupByIdFromSyncBackend($_group); return $group; }
/** * updates an existing group in sync backend * * @param Tinebase_Model_Group $_group * * @return Tinebase_Model_Group */ public function updateGroupInSyncBackend(Tinebase_Model_Group $_group) { if ($this->isDisabledBackend() || $this->isReadOnlyBackend()) { return $_group; } $metaData = $this->_getMetaData($_group->getId()); $dn = $metaData['dn']; $ldapData = array('cn' => $_group->name, 'description' => $_group->description, 'objectclass' => $metaData['objectclass']); foreach ($this->_plugins as $plugin) { $plugin->inspectUpdateGroup($_group, $ldapData); } if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' $dn: ' . $dn); } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' $ldapData: ' . print_r($ldapData, true)); } $this->getLdap()->update($dn, $ldapData); if (isset($metaData['cn']) && $metaData['cn'] != $ldapData['cn']) { $newDn = "cn={$ldapData['cn']},{$this->_options['groupsDn']}"; $this->_ldap->rename($dn, $newDn); } $group = $this->getGroupByIdFromSyncBackend($_group); return $group; }
/** * updates an existing user * * @todo check required objectclasses? * * @param Tinebase_Model_FullUser $_account * @return Tinebase_Model_FullUser */ public function updateUserInSyncBackend(Tinebase_Model_FullUser $_account) { if ($this->_isReadOnlyBackend) { return $_account; } $ldapEntry = $this->_getLdapEntry('accountId', $_account); $ldapData = $this->_user2ldap($_account, $ldapEntry); foreach ($this->_ldapPlugins as $plugin) { $plugin->inspectUpdateUser($_account, $ldapData, $ldapEntry); } // no need to update this attribute, it's not allowed to change and even might not be update-able unset($ldapData[$this->_userUUIDAttribute]); if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' DN: ' . $ldapEntry['dn']); } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' LDAP data: ' . print_r($ldapData, true)); } $this->_ldap->update($ldapEntry['dn'], $ldapData); $dn = Zend_Ldap_Dn::factory($ldapEntry['dn'], null); $rdn = $dn->getRdn(); // do we need to rename the entry? if (isset($ldapData[key($rdn)]) && $rdn[key($rdn)] != $ldapData[key($rdn)]) { $groupsBackend = Tinebase_Group::factory(Tinebase_Group::LDAP); // get the current group memberships $memberships = $groupsBackend->getGroupMembershipsFromSyncBackend($_account); // remove the user from current groups, because the dn/uid has changed foreach ($memberships as $groupId) { $groupsBackend->removeGroupMemberInSyncBackend($groupId, $_account); } $newDN = $this->_generateDn($_account); if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' rename ldap entry to: ' . $newDN); } $this->_ldap->rename($dn, $newDN); // add the user to current groups again foreach ($memberships as $groupId) { $groupsBackend->addGroupMemberInSyncBackend($groupId, $_account); } } // refetch user from ldap backend $user = $this->getUserByPropertyFromSyncBackend('accountId', $_account, 'Tinebase_Model_FullUser'); return $user; }