";
$resultC = ldap_add($ds,"cn=".$cont.",".$childDN,$entryCont);
if (!($resultC)) break;
}
# MainAdmin anlegen
$entryMA ['objectclass'] = "groupOfNames";
$entryMA ['cn'] = "MainAdmin";
$entryMA ['member'] = $mainadmin;
if ($resultMA = ldap_add($ds,"cn=MainAdmin,cn=roles,".$childDN,$entryMA)){
#$admins = array("HostAdmin","DhcpAdmin","ZoneAdmin");
#foreach ($admins as $admin){
# $entryAdmin ['objectclass'] = "Admins";
# $entryAdmin ['cn'] = $admin;
# ldap_add($ds,"cn=".$admin.",cn=roles,".$childDN,$entryAdmin);
#}
return 1;
}
else{
return 0;
}
}
else{
return 0;
}
}
# Löschen untergeordnete AU (d.h. deren untergeordnete AUs werden als neue uAUs integriert)
function delete_childau($childDN,$childou,$delmodus){
global $ds, $suffix, $auDN, $domDN, $assocdom, $ldapError;
if ( $delmodus == "integrate"){
# Associated DNS Domain integrieren
$childdc = get_domain_data($childDN,array("dn","associatedname"));
print_r($childdc); echo "
";
# wenn einzige AU dann einfach in Parentdomain aufnehmen und betroffene Einträge löschen
if (count($childdc[0]['associatedname']) == 1 ){
echo "einzige AU
";
# dc Childs verschieben
$dcchilds = get_dc_childs($childdc[0]['dn'],array("dn","dc"));
# print_r($dcchilds); echo "
";
if (count($dcchilds) != 0){
foreach ($dcchilds as $dcc){
# print_r($dcc['dn']); echo " >> "; print_r("dc=".$dcc['dc'].",".$domDN); echo "
";
if(move_subtree($dcc['dn'],"dc=".$dcc['dc'].",".$domDN)){
$newdom = $dcc['dc'].".".$assocdom;
#print_r($newdom); echo "
";
dive_into_dctree_adapt("dc=".$dcc['dc'].",".$domDN,$newdom);
}
}
}
# alten dc-Knoten löschen
dive_into_tree_del($childdc[0]['dn'],"");
}
# wenn noch andere AUs in der Domain, dann nur betroffene Einträge entfernen
if (count($childdc[0]['associatedname']) > 1 ){
echo "mehrere AUs
";
# ChildAU-Rollen unterhalb dc-Knoten löschen (nur diese)(oder übernehmen: MA zu HA, HA zu HA)
$roles = get_roles($childDN);
#print_r($roles); echo "
";
# was ist wenn rollen nur noch ein member haben ... fehler
if(count($roles['MainAdmin']) != 0){
$mainadmins = $roles['MainAdmin'];
for ($i=0; $i";
$resultMA = ldap_mod_del($ds,"cn=MainAdmin,cn=roles,".$childdc[0]['dn'],$entryRoleMain);
}
if(count($roles['HostAdmin']) != 0){
$hostadmins = $roles['HostAdmin'];
for ($i=0; $i";
$resultHA = ldap_mod_del($ds,"cn=HostAdmin,cn=roles,".$childdc[0]['dn'],$entryRoleHost);
}
if(count($roles['ZoneAdmin']) != 0){
$zoneadmins = $roles['ZoneAdmin'];
for ($i=0; $i";
ldap_mod_del($ds, $childdc[0]['dn'], $entrydel);
$zentries = get_zone_entries_assocname($childdc[0]['dn'],array("dn"),$childDN);
# print_r($zentries); echo "
";
foreach ($zentries as $ze){
# print_r($ze['dn']); echo "
";
ldap_delete($ds, $ze['dn']);
}
}
# Rechner (mit IP) + dranhängende MCs, PXEs verschieben
$hosts = get_hosts($childDN,array("dn","hostname"));
if (count($hosts) != 0){
foreach ($hosts as $host){
# print_r($host['dn']); echo "
";
# print_r($host['hostname']); echo "
";
# print_r("hostname=".$host['hostname']."-int-".$childou.",cn=computers,".$auDN); echo "
";
if (move_subtree($host['dn'], "hostname=".$host['hostname']."-ex-".$childou.",cn=computers,".$auDN)){
$newhostDN = "hostname=".$host['hostname']."-ex-".$childou.",cn=computers,".$auDN;
$dhcp = get_node_data($newhostDN, array("dhcphlpcont"));
# print_r($dhcp); echo "
";
if ($dhcp['dhcphlpcont'] != ""){
$entrydel ['dhcphlpcont'] = array();
$entrydel ['objectclass'] = "dhcpHost";
# print_r($dhcphlpcont);
ldap_mod_del($ds, $newhostDN, $entrydel);
}
}
}
}
# DHCP Objekte IP Ranges löschen
$subnets = get_subnets($childDN,array("dn"));
# print_r($subnets); echo "
";
if (count($subnets) != 0){
foreach ($subnets as $subnet){
# print_r($subnet['dn']); echo "
";
delete_ip_dhcprange($subnet['dn'],$childDN);
}
} # DHCP Pools auch noch
# Freie IP Bereiche zurücknehmen
$fipb_array = get_freeipblocks_au($childDN);
# print_r($fipb_array); echo "
";
# print_r(count($fipb_array)); echo "
";
if (count($fipb_array) == 1 && $fipb_array[0] != ""){
$entry_ipblock ['freeipblock'] = $fipb_array[0];
# print_r($entry_ipblock); echo "
";
ldap_mod_add($ds,$auDN,$entry_ipblock);
}
if (count($fipb_array) > 1 ){
foreach ($fipb_array as $fipb){
$entry_ipblock ['FreeIPBlock'][] = $fipb;
# print_r($entry_ipblock); echo "
";
ldap_mod_add($ds,$auDN,$entry_ipblock);
}
}
merge_ipranges($auDN);
# Verschieben der Childs an neue Stelle
$child_childs = get_childau($childDN,array("dn","ou"));
# print_r($child_childs); echo "
";
if (count($child_childs) != 0){
foreach ($child_childs as $cc){
$child_childDN = $cc['dn'];
$newccDN = "ou=".$cc['ou'].",".$auDN;
# print_r($child_childDN); echo " >> ";
# print_r($newccDN); echo "
";
if (move_subtree($child_childDN,$newccDN)){
adjust_dn_entries($child_childDN,$newccDN);
}
}
}
# Löschen des AU Knotens
dive_into_tree_del($childDN,"");
$mesg = "
Erfolgreich gelöscht mit Integration
";
return $mesg;
}
if ( $delmodus == "complete" ){
# IP Bereiche zurück
# DNS Teilbaum Objekte löschen
# alles rekursive löschen
/*if (dive_into_tree_del($dcDN,"")){
$delentry ['objectclass'] = "domainrelatedobject";
$delentry ['associateddomain'] = $domsuffix;
#print_r($delentry); echo "
";
$delresult = ldap_mod_del($ds,$childDN,$delentry);
if ($delresult){
$mesg = "Domain komplett gelöscht
";
}else{$mesg = "Fehler! ldap_mod_del
";}
}else{$mesg = "Fehler! dive_into_tree_del
";}
*/
$mesg = "Komplettes löschen mometan noch nicht unterstützt.
Nur eine Ebene mit Integration ...
";
return $mesg;
}
}
###############################################################################
# Funktionen zur Verwaltung von Domains
#
# Anlegen Domain beim Anlegen einer Child-AU
function new_child_domain($childdomain, $childDN, $assocdom, $domDN){
global $ds, $suffix, $domprefix, $domsuffix, $ldapError;
$domsuffix_actual = $domsuffix;
# ChildAU in gleicher Domain wie AU
if ( $childdomain == "" || $childdomain == $domprefix ){
$entryDC ["associatedname"] = $childDN;
$resultDC = ldap_mod_add($ds,$domDN,$entryDC);
if ($resultDC){
# HostAdmins übernehmen, welche Admins noch? MainAdmin?
$roles = get_roles($childDN);
if(count($roles['MainAdmin']) != 0){
$mainadmins = $roles['MainAdmin'];
for ($i=0; $i";
$resultMA = ldap_mod_add($ds,"cn=MainAdmin,cn=roles,".$domDN,$entryRoleMain);
}
#if(count($roles['HostAdmin']) != 0){
# $dnsroles = get_roles($domDN);
# ...
# $hostadmins = $roles['HostAdmin'];
# for ($i=0; $i";
# $resultHA = ldap_mod_add($ds,"cn=HostAdmin,cn=roles,".$domDN,$entryRoleHost);
#}
# Domainname zu associatedDomain der ChildAU
$entryAD['objectclass'] = "domainRelatedObject";
$entryAD['associateddomain'] = $assocdom;
$resultAD = ldap_mod_add($ds,$childDN,$entryAD);
if($resultAD){return 1;}else{return 0;}
}
else{return 0;}
}
# ChildAU in eigner Domain (inklusive Subdomain von AU Domain)
if ( $childdomain != "" && $childdomain != $domprefix ){
# entsprechenden DC Knoten anlegen, sowie Roles (MainAdmin, HostAdmin)
$dc_array = explode('.',$childdomain);
$dc_array = array_reverse($dc_array);
$dcDN = "ou=DNS,".$suffix;
# $childdomainfull = $childdomain.".".$domsuffix;
#print_r($dc_array);
foreach ($dc_array as $dc){
$resultsum = false;
if (check_for_dc($dcDN,$dc)){
echo "dc ".$dc." schon vorhanden ... nächster dc
";
$domsuffix_actual = $dc.".".$domsuffix_actual;
$dcDN = "dc=".$dc.",".$dcDN;
}
else{
$dcDN = "dc=".$dc.",".$dcDN;
$entryDC ["objectclass"][0] = "dnsdomain";
$entryDC ["objectclass"][1] = "domainrelatedobject";
$entryDC ["objectclass"][2] = "top";
$entryDC ["dc"] = $dc;
$entryDC ["associatedname"] = $childDN;
$entryDC ["associateddomain"] = $dc.".".$domsuffix_actual;
#print_r($entryDC); echo "
";
#print_r($dcDN); echo "
";
$resultDC = ldap_add($ds,$dcDN,$entryDC);
if ($resultDC){
$domsuffix_actual = $dc.".".$domsuffix_actual;
#print_r($dcDN); echo"
";
$entryRolesCont ['objectclass'] = "AUContainer";
$entryRolesCont ['cn'] = "roles";
#print_r($entryRolesCont); echo "
";
$resultRC = ldap_add($ds,"cn=roles,".$dcDN,$entryRolesCont);
if ($resultRC){
# Rollen eintragen
$roles = get_roles($childDN);
#print_r($roles); echo "
";
$mainadmins = $roles['MainAdmin'];
$entryRoleMain ['objectclass'] = "groupOfNames";
$entryRoleMain ['cn'] = "MainAdmin";
for ($i=0; $i";
$resultMA = ldap_add($ds,"cn=MainAdmin,cn=roles,".$dcDN,$entryRoleMain);
if(count($roles['HostAdmin']) != 0){
$entryRoleHost ['objectclass'] = "groupOfNames";
$entryRoleHost ['cn'] = "HostAdmin";
$hostadmins = $roles['HostAdmin'];
for ($i=0; $i";
$resultHA = ldap_add($ds,"cn=HostAdmin,cn=roles,".$dcDN,$entryRoleHost);
}
#$entryRoleZone ['objectclass'] = "Admins";
#$entryRoleZone ['cn'] = "ZoneAdmin";
#$resultZA = ldap_add($ds,"cn=ZoneAdmin,cn=roles,".$dcDN,$entryRoleZone);
if ($resultMA){$resultsum = true;}
}
}
break; # damit dc-Zuwachs immer nur um eine neue Ebene moeglich
}
}
# Domainname zu associatedDomain der ChildAU
if ($resultsum == true){
$entryAD['objectclass'] = "domainRelatedObject";
$entryAD['associateddomain'] = $domsuffix_actual;
$resultAD = ldap_mod_add($ds,$childDN,$entryAD);
}
# fixme: fehlt noch anlegen der INCLUDE-Direktive in der parentdomain
if($resultAD){return 1;}
else{return 0;}
}
}
# Domain einer Child-AU ändern
function change_child_domain($childdomain, $oldchilddomain, $childDN, $assocdom, $domDN, $domprefix){
global $ds, $suffix, $domsuffix, $ldapError;
#print_r($oldchilddomain); echo "
";
#print_r($domprefix); echo "
";
# dcDNnew
$dcDN = "ou=DNS,".$suffix;
$dc_array = explode('.',$childdomain);
$dc_array = array_reverse($dc_array);
$dcDNnew = "";
foreach ($dc_array as $dc){
if (check_for_dc($dcDN,$dc)){
$dcDN = "dc=".$dc.",".$dcDN;
}
else{
$dcDN = "dc=".$dc.",".$dcDN;
$dcDNnew .= $dcDN;
break;
}
}
# dcDNold
$dcDNold = "ou=DNS,".$suffix;
$dcold_array = explode('.',$oldchilddomain);
$dcold_array = array_reverse($dcold_array);
foreach ($dcold_array as $dc){
$dcDNold = "dc=".$dc.",".$dcDNold;
}
#print_r($dcDNnew); echo "
";
#print_r($dcDNold); echo "
";
# Aus eigener AU Domain heraus in neue nicht AU Domain, d.h. dcDNold = domDN
# Subdomain oder neue Domain anlegen
if ($oldchilddomain == $domprefix){
# associatedDomain aus ChildAU entfernen
$entryAD['objectclass'] = "domainRelatedObject";
$entryAD['associateddomain'] = $assocdom;
#print_r($entryAD); echo "
";
if ($resultAD = ldap_mod_del($ds,$childDN,$entryAD)){
# neuen dc Knoten anlegen mit Rollen ...
if(new_child_domain($childdomain, $childDN, $assocdom, $domDN)){
# associatedName ChildDN aus altem dc-Knoten entfernen
$entryAN ['associatedname'] = $childDN;
#print_r($entryAN); echo "
";
$result = ldap_mod_del($ds,$domDN,$entryAN);
# Eigene Rollen aus dc-Knoten entfernen
$roles = get_roles($childDN);
if(count($roles['MainAdmin']) != 0){
$mainadmins = $roles['MainAdmin'];
if (count($mainadmins) > 1){
for ($i=0; $i";
$resultMA = ldap_mod_del($ds,"cn=MainAdmin,cn=roles,".$dcDNold,$entryRoleMain);
}
if(count($roles['HostAdmin']) != 0){
$hostadmins = $roles['HostAdmin'];
if (count($hostadmins) > 1){
for ($i=0; $i";
$resultHA = ldap_mod_del($ds,"cn=HostAdmin,cn=roles,".$dcDNold,$entryRoleHost);
}
if(count($roles['ZoneAdmin']) != 0){
$zoneadmins = $roles['ZoneAdmin'];
if (count($zoneadmins) > 1){
for ($i=0; $i";
$resultZA = ldap_mod_del($ds,"cn=ZoneAdmin,cn=roles,".$dcDNold,$entryRoleZone);
}
# DNS Einträge mit associatedName ChildDN verschieben
$zone_entries = get_zone_entries_assocname($domDN,array("dn","relativedomainname"),$childDN);
#echo "
"; print_r($zone_entries); echo "
";
if (count($zone_entries) >= 1){
foreach ($zone_entries as $ze){
#print_r($ze['relativedomainname']); echo "
";
#print_r($dcDNnew); echo "
";
move_subtree($ze['dn'], "relativedomainname=".$ze['relativedomainname'].",".$dcDNnew);
$domsuffix = "uni-freiburg.de"; # neu setzen da es beim new_child_domain schon mal hochgezählt wurde
$newassocdom = $childdomain.".".$domsuffix;
$entryZE ['zonename'] = $newassocdom;
#print_r($entryZE); echo "
";
$resultZE = ldap_mod_replace($ds,"relativedomainname=".$ze['relativedomainname'].",".$dcDNnew,$entryZE);
}
}
# fixme: fehlt noch anpassen der INCLUDE-Direktive in der parentdomain
return 1;
}
else{
return 0;
}
}
else{
return 0;
}
}
# Aus nicht AU Domain (aber eventuell Subdomain) in nicht AU Domain
# Verschieben des dc-Teilbaumes
if ($oldchilddomain != $domprefix){
# Verschiebe dc-Baum von dcDNold nach dcDNnew
# dcDNnew
$dcDN = "ou=DNS,".$suffix;
$dc_array = explode('.',$childdomain);
$dc_array = array_reverse($dc_array);
$dcDNnew = "";
foreach ($dc_array as $dc){
if (check_for_dc($dcDN,$dc)){
$dcDN = "dc=".$dc.",".$dcDN;
}
else{
$dcDN = "dc=".$dc.",".$dcDN;
$dcDNnew .= $dcDN;
break;
}
}
# dcDNold
$dcDNold = "ou=DNS,".$suffix;
$dcold_array = explode('.',$oldchilddomain);
$dcold_array = array_reverse($dcold_array);
foreach ($dcold_array as $dc){
$dcDNold = "dc=".$dc.",".$dcDNold;
}
# dc Baum verschieben
if ($dcDNnew != ""){
if (move_subtree($dcDNold, $dcDNnew)){
# rekursives anpassen im neue dc-Baum:
# associatedDomain, zoneName, includeFilename, includeOrigin
$newassocdom = $childdomain.".".$domsuffix;
if(dive_into_dctree_adapt($dcDNnew,$newassocdom)){
return 1;
# fixme: fehlt noch anpassen der INCLUDE-Direktive in der parentdomain
}
else{
return 0;
}
}
else{
return 0;
}
}else{
echo "Domain existiert schon, bitte anderen Domainnamen wählen!";
return 0;
}
}
}
function dive_into_dctree_adapt($dcDNnew,$newassocdom){
global $ds, $suffix, $domprefix, $domsuffix, $ldapError;
print_r($dcDNnew); echo "
";
print_r($newassocdom); echo "
";
# associatedDomain in dc-Knoten und in allen (mehrere) associatedName-ou-Knoten
$entryAD['associateddomain'] = $newassocdom;
print_r($entryAD); echo "
";
$resultAD = ldap_mod_replace($ds,$dcDNnew,$entryAD);
#$top_dcDN = str_replace("ou=DNS,","",$dcDNnew);
#print_r($top_dcDN); echo "
";
$assocnames = get_dc_data($dcDNnew,array("associatedname")); # funkt nicht bei uni-freiburg.de
echo "
"; print_r($assocnames); echo "
";
if (count($assocnames['associatedname']) > 1){
foreach ($assocnames['associatedname'] as $aname){
print_r($aname); echo "
";
$resultAU = ldap_mod_replace($ds,$aname,$entryAD);
}
}else{
$aname = $assocnames['associatedname'];
print_r($aname); echo "
";
$resultAU = ldap_mod_replace($ds,$aname,$entryAD);
}
# ZoneName in allen Knoten eine Ebene tiefer
$zone_entries = get_zone_entries($dcDNnew,array("dn","zonename"));
echo "
"; print_r($zone_entries); echo "
";
foreach ($zone_entries as $ze){
$entryZE ['zonename'] = $newassocdom;
print_r($entryZE); echo "
";
$resultZE = ldap_mod_replace($ds,$ze['dn'],$entryZE);
}
# Zonenamen in Reversezones ... Fehlt noch
# Rekursion
# child dc für Rekursion
$dcchilds = get_dc_childs($dcDNnew,array("dn","dc"));
echo "
"; print_r($dcchilds); echo "
";
foreach ($dcchilds as $dcc){
$newassocdom = $dcc['dc'].".".$newassocdom;
print_r($dcc['dn']); echo " >> "; print_r($newassocdom); echo "
";
dive_into_dctree_adapt($dcc['dn'],$newassocdom);
}
}
function delete_child_domain($oldchilddomain,$assocdom,$childDN, $domDN, $delmodus){
global $ds, $suffix, $domprefix, $domsuffix, $ldapError;
#print_r($domDN); echo "
";
# dcDNold
$dcDNold = "ou=DNS,".$suffix;
$dcold_array = explode('.',$oldchilddomain);
$dcold_array = array_reverse($dcold_array);
foreach ($dcold_array as $dc){
$dcDNold = "dc=".$dc.",".$dcDNold;
}
#print_r($dcDNold); echo "
";
# dcDNnew = domDN
if ( $delmodus == "integrate" ){
# associatedNames zu neuem dc-Knoten hinzufügen
$assocnames = get_dc_data($dcDNold,array("associatedname")); # funkt nicht bei uni-freiburg.de
# echo "
"; print_r($assocnames); echo "
";
if (count($assocnames['associatedname']) > 1){
foreach ($assocnames['associatedname'] as $aname){
#print_r($aname); echo "
";
$entryAN['associatedname'][] = $aname;
}
}else{
$entryAN['associatedname'] = $assocnames['associatedname'];
$assocname = $assocnames['associatedname'];
$assocnames ['associatedname'] = array($assocname);
}
#print_r($entryAN); echo "
";
$resultAN = ldap_mod_add($ds,$domDN,$entryAN);
if($resultAN){
# DNS Einträge verschieben und an neue Domain anpassen
$zone_entries = get_zone_entries($dcDNold,array("dn","relativedomainname"));
#echo "
"; print_r($zone_entries); echo "
";
if (count($zone_entries) >= 1){
foreach ($zone_entries as $ze){
#print_r($ze['relativedomainname']); echo "
";
#print_r($domDN); echo "
";
move_subtree($ze['dn'], "relativedomainname=".$ze['relativedomainname'].",".$domDN);
$entryZE ['zonename'] = $assocdom;
print_r($entryZE); echo "
";
$resultZE = ldap_mod_replace($ds,"relativedomainname=".$ze['relativedomainname'].",".$domDN,$entryZE);
}
}
# Rollenmembers kopieren für jeden associatedName (ohne Duplikate zu generieren)
$newdom_roles = get_roles_dns($domDN);
#print_r($newdom_roles); echo "
";
if (count($newdom_roles['MainAdmin']) != 0){$newmainadmins = $newdom_roles['MainAdmin'];}else{$newmainadmins = array();}
if (count($newdom_roles['HostAdmin']) != 0){$newhostadmins = $newdom_roles['HostAdmin'];}else{$newhostadmins = array();}
if (count($newdom_roles['ZoneAdmin']) != 0){$newzoneadmins = $newdom_roles['ZoneAdmin'];}else{$newzoneadmins = array();}
#print_r($newmainadmins); echo "
";
#print_r($newhostadmins); echo "
";
#print_r($newzoneadmins); echo "
";
foreach ($assocnames['associatedname'] as $aname){
#echo "_________________________________________
";
#print_r($aname); echo "
";
$roles = get_roles($aname);
#print_r($roles); echo "
";
$mainadmins = $roles['MainAdmin'];
#print_r($mainadmins); echo "
";
#print_r($newmainadmins); echo "
";
$mainadmins = array_diff($mainadmins, $newmainadmins);
$mainadmins = array_merge($newmainadmins,$mainadmins);
#print_r($mainadmins); echo "
";
if (count($mainadmins) > 1){
for ($i=0; $i
";
$resultMA = ldap_mod_replace($ds,"cn=MainAdmin,cn=roles,".$domDN,$entryRoleMain);
if(count($roles['HostAdmin']) != 0){
$hostadmins = $roles['HostAdmin'];
#print_r($hostadmins); echo "
";
#print_r($newhostadmins); echo "
";
$hostadmins = array_diff($hostadmins, $newhostadmins);
$hostadmins = array_merge($newhostadmins,$hostadmins);
#print_r($hostadmins); echo "
";
if (count($hostadmins) > 1){
for ($i=0; $i
";
$resultHA = ldap_mod_replace($ds,"cn=HostAdmin,cn=roles,".$domDN,$entryRoleHost);
}
if(count($roles['ZoneAdmin']) != 0){
$zoneadmins = $roles['ZoneAdmin'];
#print_r($zoneadmins); echo "
";
#print_r($newzoneadmins); echo "
";
$zoneadmins = array_diff($zoneadmins, $newzoneadmins);
$zoneadmins = array_merge($newzoneadmins,$zoneadmins);
#print_r($zoneadmins); echo "
";
if (count($zoneadmins) > 1){
for ($i=0; $i
";
$resultZA = ldap_mod_replace($ds,"cn=ZoneAdmin,cn=roles,".$domDN,$entryRoleZone);
}
# associatedDomain anpassen in allen AUs von $assocnames (alt)
$entryAD ['associateddomain'] = $assocdom;
#print_r($entryAD); echo "
";
$resultAD = ldap_mod_replace($ds,$aname,$entryAD);
#echo "_________________________________________
";
}
# Falls alter dc-Knoten noch Subdomains, d.h. dc-Teilbäume hat, diese verschieben mit
# rekursivem Anpassen aller Einträge
$dcchilds = get_dc_childs($dcDNold,array("dn","dc"));
#echo "
"; print_r($dcchilds); echo "
";
if (count($dcchilds) != 0){
foreach ($dcchilds as $dcc){
print_r($dcc['dn']); echo " >> "; print_r("dc=".$dcc['dc'].",".$domDN); echo "
";
if(move_subtree($dcc['dn'],"dc=".$dcc['dc'].",".$domDN)){
$newdom = $dcc['dc'].".".$assocdom;
#print_r($newdom); echo "
";
dive_into_dctree_adapt("dc=".$dcc['dc'].",".$domDN,$newdom);
}
}
}
# alten dc-Knoten entfernen
dive_into_tree_del($dcDNold,"");
# fixme: fehlt noch löschen der INCLUDE-Direktive in der parentdomain
}
else{
return 0;
}
}
if ( $delmodus == "complete" ){
# if (dive_into_tree_del($dcDNold,"")){
$delentry ['objectclass'] = "domainrelatedobject";
$delentry ['associateddomain'] = $oldchilddomain.".".$domsuffix;
print_r($delentry); echo "
";
# $delresult = ldap_mod_del($ds,$childDN,$delentry);
# if ($delresult){
# $mesg = "Domain komplett gelöscht
";
# }else{$mesg = "Fehler! ldap_mod_del
";}
# }else{$mesg = "Fehler! dive_into_tree_del
";}
}
# return $mesg;
}
/*
function modify_childau_domain($childdomain, $oldchilddomain, $childDN){
global $ds, $suffix, $domsuffix, $ldapError;
$dcDN = "ou=DNS,".$suffix;
$dcoldDN = "ou=DNS,".$suffix;
$dc_array = explode('.',$childdomain);
$dc_array = array_reverse($dc_array);
$dcold_array = explode('.',$oldchilddomain);
$dcold_array = array_reverse($dcold_array);
foreach ($dcold_array as $dc){
$dcoldDN = "dc=".$dc.",".$dcoldDN;
$aname = get_dc_data($dcoldDN,array("associatedname"));
if ($aname == $childDN){
break;
}
}
#print_r($dcoldDN); echo "
";
#print_r($domsuffix); echo "
";
$dcnewDN = "";
foreach ($dc_array as $dc){
if (check_for_dc($dc)){
# echo "dc ".$dc." schon vorhanden ... nächster dc
";
$domsuffix = $dc.".".$domsuffix;
$dcDN = "dc=".$dc.",".$dcDN;
}
else{
$dcDN = "dc=".$dc.",".$dcDN;
$domsuffix = $dc.".".$domsuffix;
$dcnewDN .= $dcDN;
break;
}
}
#print_r($dcnewDN); echo "
";
#print_r($domsuffix); echo "
";
if ($dcnewDN != ""){
if (move_subtree($dcoldDN,$dcnewDN)){
$entryAD['associateddomain'] = $childdomain.".".$domsuffix;
$resultAD = ldap_mod_replace($ds,$childDN,$entryAD);
$resultAD2 = ldap_mod_replace($ds,$dcnewDN,$entryAD);
if ($resultAD && $resultAD2){return 1;}else{return 0;}
}
}else{
echo "Domain existiert schon, bitte anderen Domainnamen wählen!";
}
}
function same_domain($assocdom, $dcDN, $childDN){
global $ds, $suffix, $domsuffix, $ldapError;
$entryDC ["associatedname"] = $childDN;
$resultDC = ldap_mod_add($ds,$dcDN,$entryDC);
if ($resultDC){
# HostAdmins übernehmen, welche Admins noch? MainAdmin?
$roles = get_roles($childDN);
if(count($roles['HostAdmin']) != 0){
$hostadmins = $roles['HostAdmin'];
for ($i=0; $i";
$resultHA = ldap_mod_add($ds,"cn=HostAdmin,cn=roles,".$dcDN,$entryRoleHost);
}
# Domainname zu associatedDomain der ChildAU
$entryAD['objectclass'] = "domainRelatedObject";
$entryAD['associateddomain'] = $assocdom;
$resultAD = ldap_mod_add($ds,$childDN,$entryAD);
if($resultAD){return 1;}else{return 0;}
}
else{return 0;}
}
function new_childau_domain($childdomain, $childDN){
global $ds, $suffix, $domsuffix, $ldapError;
# entsprechenden DC Knoten anlegen, sowie Roles (MainAdmin, HostAdmin)
$dc_array = explode('.',$childdomain);
$dc_array = array_reverse($dc_array);
$dcDN = "ou=DNS,".$suffix;
# $childdomainfull = $childdomain.".".$domsuffix;
#print_r($dc_array);
foreach ($dc_array as $dc){
$resultsum = false;
if (check_for_dc($dc)){
echo "dc ".$dc." schon vorhanden ... nächster dc
";
$domsuffix = $dc.".".$domsuffix;
$dcDN = "dc=".$dc.",".$dcDN;
}
else{
$dcDN = "dc=".$dc.",".$dcDN;
$entryDC ["objectclass"][0] = "dnsdomain";
$entryDC ["objectclass"][1] = "domainrelatedobject";
$entryDC ["objectclass"][2] = "top";
$entryDC ["dc"] = $dc;
$entryDC ["associatedname"] = $childDN;
$entryDC ["associateddomain"] = $dc.".".$domsuffix;
#print_r($entryDC); echo "
";
#print_r($dcDN); echo "
";
$resultDC = ldap_add($ds,$dcDN,$entryDC);
if ($resultDC){
$domsuffix = $dc.".".$domsuffix;
#print_r($dcDN); echo"
";
$entryRolesCont ['objectclass'] = "AUContainer";
$entryRolesCont ['cn'] = "roles";
#print_r($entryRolesCont); echo "
";
$resultRC = ldap_add($ds,"cn=roles,".$dcDN,$entryRolesCont);
if ($resultRC){
$roles = get_roles($childDN);
print_r($roles); echo "
";
$mainadmins = $roles['MainAdmin'];
$entryRoleMain ['objectclass'] = "groupOfNames";
$entryRoleMain ['cn'] = "MainAdmin";
for ($i=0; $i";
$resultMA = ldap_add($ds,"cn=MainAdmin,cn=roles,".$dcDN,$entryRoleMain);
if(count($roles['HostAdmin']) != 0){
$hostadmins = $roles['HostAdmin'];
$entryRoleHost ['objectclass'] = "groupOfNames";
$entryRoleHost ['cn'] = "HostAdmin";
for ($i=0; $i";
$resultHA = ldap_add($ds,"cn=HostAdmin,cn=roles,".$dcDN,$entryRoleHost);
}
if ($resultMA){$resultsum = true;}
}
}
break; # damit dc-Zuwachs immer nur um eine neue Ebene moeglich
}
}
# Domainname zu associatedDomain der ChildAU
if ($resultsum == true){
$entryAD['objectclass'] = "domainRelatedObject";
$entryAD['associateddomain'] = $domsuffix;
$resultAD = ldap_mod_add($ds,$childDN,$entryAD);
}
if($resultAD){return 1;}
else{return 0;}
}
function delete_childau_domain($oldchilddomain,$childDN,$delmodus){
global $ds, $suffix, $domsuffix, $ldapError;
$dcold_array = explode('.',$oldchilddomain);
$dcold_array = array_reverse($dcold_array);
$dcDN = "ou=DNS,".$suffix;
foreach ($dcold_array as $dc){
$dcDN = "dc=".$dc.",".$dcDN;
$aname = get_dc_data($dcDN,array("associatedname"));
$domsuffix = $dc.".".$domsuffix;
if ($aname == $childDN){
break;
}
}
#print_r($dcDN); echo "
";
#print_r($domsuffix); echo "
";
if ( $delmodus == "complete" ){
if (dive_into_tree_del($dcDN,"")){
$delentry ['objectclass'] = "domainrelatedobject";
$delentry ['associateddomain'] = $domsuffix;
#print_r($delentry); echo "
";
$delresult = ldap_mod_del($ds,$childDN,$delentry);
if ($delresult){
$mesg = "Domain komplett gelöscht
";
}else{$mesg = "Fehler! ldap_mod_del
";}
}else{$mesg = "Fehler! dive_into_tree_del
";}
}
if ( $delmodus == "integrate"){
$mesg = "DNS Integration, noch nicht fertiggestellt";
}
return $mesg;
}
*/
###############################################################################
# Funktionen für das Rollen Management
#
function new_role_member($userDN,$role,$auDN,$domDN){
global $ds, $suffix, $ldapError;
$actroles = get_roles($auDN);
$entry['member'] = $userDN;
if ($domDN != ""){
$actdnsroles = get_roles_dns($domDN);
switch ($role){
case 'MainAdmin':
$roleDN1 = "cn=".$role.",cn=roles,".$auDN;
$roleDN2 = "cn=".$role.",cn=roles,".$domDN;
$results1 = ldap_mod_add($ds,$roleDN1,$entry);
$results2 = ldap_mod_add($ds,$roleDN2,$entry);
if ($results1 && $results2){
return 1;
}else{
return 0;
}
break;
case 'HostAdmin':
$roleDN1 = "cn=".$role.",cn=roles,".$auDN;
#$roleDN2 = "cn=".$role.",cn=roles,".$domDN;
if ( count($actroles['HostAdmin']) != 0 ){
$results1 = ldap_mod_add($ds,$roleDN1,$entry);
#$results2 = ldap_mod_add($ds,$roleDN2,$entry);
}else{
$entrynew ['objectclass'] = "groupOfNames";
$entrynew ['cn'] = $role;
$entrynew ['member'] = $userDN;
$results1 = ldap_add($ds,$roleDN1,$entrynew);
#$results2 = ldap_add($ds,$roleDN2,$entryHA);
}
if ($results1){ #&& $results2){
return 1;
}else{
return 0;
}
break;
case 'DhcpAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['DhcpAdmin']) != 0 ){
$results = ldap_mod_add($ds,$roleDN,$entry);
}else{
$entrynew ['objectclass'] = "groupOfNames";
$entrynew ['cn'] = $role;
$entrynew ['member'] = $userDN;
$results = ldap_add($ds,$roleDN,$entrynew);
}
if ($results){
return 1;
}else{
return 0;
}
break;
case 'RbsAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['RbsAdmin']) != 0 ){
$results = ldap_mod_add($ds,$roleDN,$entry);
}else{
$entrynew ['objectclass'] = "groupOfNames";
$entrynew ['cn'] = $role;
$entrynew ['member'] = $userDN;
$results = ldap_add($ds,$roleDN,$entrynew);
}
if ($results){
return 1;
}else{
return 0;
}
break;
case 'ZoneAdmin':
$roleDN1 = "cn=".$role.",cn=roles,".$auDN;
#$roleDN2 = "cn=".$role.",cn=roles,".$domDN;
if ( count($actroles['ZoneAdmin']) != 0 ){
$results1 = ldap_mod_add($ds,$roleDN1,$entry);
#$results2 = ldap_mod_add($ds,$roleDN2,$entry);
}else{
$entrynew ['objectclass'] = "groupOfNames";
$entrynew ['cn'] = $role;
$entrynew ['member'] = $userDN;
$results = ldap_add($ds,$roleDN1,$entrynew);
}
if ($results1){ #&& $results2){
return 1;
}else{
return 0;
}
break;
}
}else{
switch ($role){
case 'MainAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
$results = ldap_mod_add($ds,$roleDN,$entry);
if ($results){
return 1;
}else{
return 0;
}
break;
case 'HostAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['HostAdmin']) != 0 ){
$results = ldap_mod_add($ds,$roleDN,$entry);
}else{
$entrynew ['objectclass'] = "groupOfNames";
$entrynew ['cn'] = $role;
$entrynew ['member'] = $userDN;
$results = ldap_add($ds,$roleDN,$entrynew);
}
if ($results){
return 1;
}else{
return 0;
}
break;
case 'DhcpAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['DhcpAdmin']) != 0 ){
$results = ldap_mod_add($ds,$roleDN,$entry);
}else{
$entrynew ['objectclass'] = "groupOfNames";
$entrynew ['cn'] = $role;
$entrynew ['member'] = $userDN;
$results = ldap_add($ds,$roleDN,$entrynew);
}
if ($results){
return 1;
}else{
return 0;
}
break;
case 'RbsAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['RbsAdmin']) != 0 ){
$results = ldap_mod_add($ds,$roleDN,$entry);
}else{
$entrynew ['objectclass'] = "groupOfNames";
$entrynew ['cn'] = $role;
$entrynew ['member'] = $userDN;
$results = ldap_add($ds,$roleDN,$entrynew);
}
if ($results){
return 1;
}else{
return 0;
}
break;
case 'ZoneAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['ZoneAdmin']) != 0 ){
$results = ldap_mod_add($ds,$roleDN,$entry);
}else{
$entrynew ['objectclass'] = "groupOfNames";
$entrynew ['cn'] = $role;
$entrynew ['member'] = $userDN;
$results = ldap_add($ds,$roleDN,$entrynew);
}
if ($results){
return 1;
}else{
return 0;
}
break;
}
}
}
function delete_role_member($userDN,$role,$auDN,$domDN){
global $ds, $suffix, $ldapError;
$actroles = get_roles($auDN);
$entry['member'] = $userDN;
if ($domDN != ""){
$actdnsroles = get_roles_dns($domDN);
switch ($role){
case 'MainAdmin':
$roleDN1 = "cn=".$role.",cn=roles,".$auDN;
$roleDN2 = "cn=".$role.",cn=roles,".$domDN;
if ( count($actroles['MainAdmin']) == 1 || count($actdnsroles['MainAdmin']) == 1 ){
echo "Rolle MainAdmin muss mindestens ein Mitglied haben!
$userDN wird nicht gelöscht.
";
}else{
$results1 = ldap_mod_del($ds,$roleDN1,$entry);
$results2 = ldap_mod_del($ds,$roleDN2,$entry);
}
if ($results1 && $results2){
return 1;
}else{
return 0;
}
break;
case 'HostAdmin':
$roleDN1 = "cn=".$role.",cn=roles,".$auDN;
#$roleDN2 = "cn=".$role.",cn=roles,".$domDN;
if ( count($actroles['HostAdmin']) == 1 ){
$results1 = ldap_delete($ds,$roleDN1);
}else{
$results1 = ldap_mod_del($ds,$roleDN1,$entry);
}
#$results2 = ldap_mod_del($ds,$roleDN2,$entry);
if ($results1){ #&& $results2){
return 1;
}else{
return 0;
}
break;
case 'DhcpAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['DhcpAdmin']) == 1 ){
$results = ldap_delete($ds,$roleDN);
}else{
$results = ldap_mod_del($ds,$roleDN,$entry);
}
if ($results){
return 1;
}else{
return 0;
}
break;
case 'RbsAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['RbsAdmin']) == 1 ){
$results = ldap_delete($ds,$roleDN);
}else{
$results = ldap_mod_del($ds,$roleDN,$entry);
}
if ($results){
return 1;
}else{
return 0;
}
break;
case 'ZoneAdmin':
$roleDN1 = "cn=".$role.",cn=roles,".$auDN;
#$roleDN2 = "cn=".$role.",cn=roles,".$domDN;
if ( count($actroles['ZoneAdmin']) == 1 ){
$results1 = ldap_delete($ds,$roleDN1);
}else{
$results1 = ldap_mod_del($ds,$roleDN1,$entry);
}
#$results2 = ldap_mod_del($ds,$roleDN2,$entry);
if ($results1){ #&& $results2){
return 1;
}else{
return 0;
}
break;
}
}else{
switch ($role){
case 'MainAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['MainAdmin']) == 1 ){
echo "Rolle MainAdmin muss mindestens ein Mitglied haben!
$userDN wird nicht gelöscht.
";
}else{
$results = ldap_mod_del($ds,$roleDN,$entry);
}
if ($results){
return 1;
}else{
return 0;
}
break;
case 'HostAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['HostAdmin']) == 1 ){
$results = ldap_delete($ds,$roleDN);
}else{
$results = ldap_mod_del($ds,$roleDN,$entry);
}
if ($results){
return 1;
}else{
return 0;
}
break;
case 'DhcpAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['DhcpAdmin']) == 1 ){
$results = ldap_delete($ds,$roleDN);
}else{
$results = ldap_mod_del($ds,$roleDN,$entry);
}
if ($results){
return 1;
}else{
return 0;
}
break;
case 'RbsAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['RbsAdmin']) == 1 ){
$results = ldap_delete($ds,$roleDN);
}else{
$results = ldap_mod_del($ds,$roleDN,$entry);
}
if ($results){
return 1;
}else{
return 0;
}
break;
case 'ZoneAdmin':
$roleDN = "cn=".$role.",cn=roles,".$auDN;
if ( count($actroles['ZoneAdmin']) == 1 ){
$results = ldap_delete($ds,$roleDN);
}else{
$results = ldap_mod_del($ds,$roleDN,$entry);
}
if ($results){
return 1;
}else{
return 0;
}
break;
}
}
}
function get_role_members($roleDN)
{
global $ds, $suffix, $ldapError;
if(!($result = uniLdapSearch($ds, $roleDN, "objectclass=*", array("member"), "", "one", 0, 0))) {
# redirect(5, "", $ldapError, FALSE);
echo "search problem";
die;
} else {
$members_array = array();
$result = ldapArraySauber($result);
foreach ($result as $item){
if (count($item['member']) > 1){
$members_array = $item['member'];
}
else{
$members_array[] = $item['member'];
}
}
}
return $members_array;
}
?>