Add to person object class by default

2025-08-15 21:20:10 +00:00 · 2008-03-01 23:39:58 +00:00
parent 42c510283a
commit 2000378d91
18 changed files with 74 additions and 24 deletions
--- a/ldap-useradmin/CHANGELOG
+++ b/ldap-useradmin/CHANGELOG
@ -55,3 +55,5 @@ All Samba attributes are removed when Samba access is disabled for a user.
 Added access control options to prevent use of the same UID or GID.
 ---- Changes since 1.390 ----
 Added locking to prevent concurrent writes to the LDAP database, to prevent UID collisions.
+---- Changes since 1.400 ----
+By default, all new Unix users are given the person object class too, as this seems to be needed in most new LDAP schemas.
--- a/ldap-useradmin/config
+++ b/ldap-useradmin/config
@ -16,3 +16,4 @@ imap_folderalt=1
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-*-linux
+++ b/ldap-useradmin/config-*-linux
@ -16,3 +16,4 @@ imap_folderalt=1
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-coherent-linux
+++ b/ldap-useradmin/config-coherent-linux
@ -15,3 +15,4 @@ secmode=0
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-debian-linux
+++ b/ldap-useradmin/config-debian-linux
@ -15,3 +15,4 @@ secmode=0
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-debian-linux-3.1
+++ b/ldap-useradmin/config-debian-linux-3.1
@ -15,3 +15,4 @@ secmode=0
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-debian-linux-4.0-*
+++ b/ldap-useradmin/config-debian-linux-4.0-*
@ -15,3 +15,4 @@ secmode=0
 samba_gclass=sambaGroup
 alias_same=0
 other_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-debian-squirrelmail-linux
+++ b/ldap-useradmin/config-debian-squirrelmail-linux
@ -21,3 +21,4 @@ secmode=0
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-macos
+++ b/ldap-useradmin/config-macos
@ -16,3 +16,4 @@ secmode=0
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-mandrake-linux
+++ b/ldap-useradmin/config-mandrake-linux
@ -15,3 +15,4 @@ secmode=0
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-redhat-linux
+++ b/ldap-useradmin/config-redhat-linux
@ -15,3 +15,4 @@ secmode=0
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-sol-linux
+++ b/ldap-useradmin/config-sol-linux
@ -15,3 +15,4 @@ secmode=0
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-suse-linux
+++ b/ldap-useradmin/config-suse-linux
@ -15,3 +15,4 @@ secmode=0
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-trustix-linux
+++ b/ldap-useradmin/config-trustix-linux
@ -15,3 +15,4 @@ secmode=0
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config-united-linux
+++ b/ldap-useradmin/config-united-linux
@ -15,3 +15,4 @@ secmode=0
 samba_gclass=sambaGroup
 alias_same=0
 given_class=inetOrgPerson
+person=1
--- a/ldap-useradmin/config.info
+++ b/ldap-useradmin/config.info
@ -22,6 +22,7 @@ group_mod_props=LDAP properties for modified groups<br>(In <i>fieldname</i>: <i>
 group_fields=Extra LDAP group properties to allow editing of<br>(In <i>fieldname</i> <i>description</i> format),9,40,3,\t
 multi_fields=Allow multiple values for extra properties?,1,1-Yes,0-No
 noclash=Attributes for which duplicates are disallowed,0
+person=Give all Unix users the <tt>person</tt> object class?,1,1-Yes,0-No

 line5=Home directory options,11
 homedir_perms=Permissions on new home directories,3,From Users and Groups module
--- a/ldap-useradmin/ldap-useradmin-lib.pl
+++ b/ldap-useradmin/ldap-useradmin-lib.pl
@ -245,11 +245,18 @@ $_[0]->{'dn'} = "uid=$_[0]->{'user'},$base";
 local @classes = ( "posixAccount", "shadowAccount",
 		   split(/\s+/, $config{'other_class'}),
 		   @{$_[0]->{'ldap_class'}} );
+if ($schema->objectclass("person") && $config{'person'}) {
+	push(@classes, "person");
+	}
@classes = &unique(@classes);
 local @attrs = &user_to_dn($_[0]);
 push(@attrs, &split_props($config{'props'}, $_[0]));
 push(@attrs, @{$_[0]->{'ldap_attrs'}});
 push(@attrs, "objectClass" => \@classes);
+if (&indexoflc("person", @classes) >= 0 && !&in_props(\@attrs, "sn")) {
+	# Person needs 'sn'
+	push(@attrs, "sn", &in_props(\@attrs, "cn"));
+	}
 local $rv = $ldap->add($_[0]->{'dn'}, attr => \@attrs);
 if ($rv->code) {
 	&error(&text('usave_eadd', $rv->error));
@ -1205,5 +1212,18 @@ $string =~ s/
 return $string;
 }

+# in_props(&props, name)
+# Looks up the value of a named property in a list
+sub in_props
+{
+local ($props, $name) = @_;
+for(my $i=0; $i<@$props; $i++) {
+	if (lc($props->[$i]) eq lc($name)) {
+		return $props->[$i+1];
+		}
+	}
+return undef;
+}
+
 1;

--- a/ldap-useradmin/save_user.cgi
+++ b/ldap-useradmin/save_user.cgi
@ -345,6 +345,9 @@ else {

 		# Add to the ldap database
 		@classes = ( "posixAccount", "shadowAccount" );
+		if ($schema->objectclass("person") && $config{'person'}) {
+			push(@classes, "person");
+			}

 		push(@classes, split(/\s+/, $config{'other_class'}));
 		push(@classes, $samba_class) if ($in{'samba'});
@ -353,8 +356,7 @@ else {
 		@classes = &unique(@classes);
 		$base = &get_user_base();
 		$newdn = "uid=$user,$base";
-		$rv = $ldap->add($newdn, attr =>
-                        [ "cn" => $real,
+		@allprops = ( "cn" => $real,
                              "uid" => \@users,
                              "uidNumber" => $uid,
                              "loginShell" => $shell,
@ -362,7 +364,13 @@ else {
                              "gidNumber" => $gid,
                              "userPassword" => $pass,
                              "objectClass" => \@classes,
-			  @props ]);
+			      @props );
+		if (&indexoflc("person", @classes) >= 0 &&
+		    !&in_props(\@allprops, "sn")) {
+			# Person needs an 'sn' too
+			push(@allprops, "sn", $real);
+			}
+		$rv = $ldap->add($newdn, attr => \@allprops);
 		if ($rv->code) {
 			&error(&text('usave_eadd', $rv->error));
 			}
@ -511,25 +519,30 @@ else {
 		else {
                       @cyrus_class_4 = split(' ',$cyrus_class);
                       foreach $one_cyrus_class (@cyrus_class_4) {     
-                       @classes = grep { $_ ne $one_cyrus_class } @classes;
+			       @classes = grep { $_ ne $one_cyrus_class }
+					       @classes;
 			       }
-
 			}
 		push(@classes, "shadowAccount") if ($shadow);
 		&name_fields();
 		@classes = &unique(@classes);
 		@rprops = grep { defined($uinfo->get_value($_)) } @rprops;
 		$newdn = $in{'dn'};
-		$rv = $ldap->modify($in{'dn'}, replace =>
-                        { "cn" => $real,
+		%allprops = ( "cn" => $real,
 			      "uid" => \@users,
 			      "uidNumber" => $uid,
 			      "loginShell" => $shell,
 			      "homeDirectory" => $home,
 			      "gidNumber" => $gid,
 			      "userPassword" => $pass,
-			  "objectClass" => [ &unique(@classes) ],
-			  @props },
+			      "objectClass" => \@classes,
+			      @props );
+		if (&indexoflc("person", @classes) >= 0 &&
+		    !$allprops{'sn'}) {
+			# Person needs 'sn'
+			$allprops{'sn'} = $real;
+			}
+		$rv = $ldap->modify($in{'dn'}, 'replace' => \%allprops,
 					       'delete' => \@rprops);
 		if ($rv->code) {
 			&error(&text('usave_emod', $rv->error));