diff --git a/resources/lib/UnityGroup.php b/resources/lib/UnityGroup.php index 4a79b444..4340611c 100644 --- a/resources/lib/UnityGroup.php +++ b/resources/lib/UnityGroup.php @@ -12,6 +12,7 @@ class UnityGroup public const PI_PREFIX = "pi_"; public $gid; + private $entry; // Services private $LDAP; @@ -30,6 +31,7 @@ class UnityGroup public function __construct($gid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK) { $this->gid = $gid; + $this->entry = $LDAP->getPIGroupEntry($gid); $this->LDAP = $LDAP; $this->SQL = $SQL; @@ -59,7 +61,7 @@ public function __toString() */ public function exists() { - return $this->getLDAPPiGroup()->exists(); + return $this->entry->exists(); } // @@ -255,9 +257,8 @@ public function cancelGroupJoinRequest($user, $send_mail = true) // $users = $this->getGroupMembers(); // // now we delete the ldap entry - // $ldapPiGroupEntry = $this->getLDAPPiGroup(); - // if ($ldapPiGroupEntry->exists()) { - // $ldapPiGroupEntry->delete(); + // if ($this->entry->exists()) { + // $this->entry->delete(); // $this->REDIS->removeCacheArray("sorted_groups", "", $this->gid); // foreach ($users as $user) { // $this->REDIS->removeCacheArray($user->uid, "groups", $this->gid); @@ -486,8 +487,7 @@ public function getGroupMemberUIDs($ignorecache = false) } $updatecache = false; if (!isset($members)) { - $pi_group = $this->getLDAPPiGroup(); - $members = $pi_group->getAttribute("memberuid"); + $members = $this->entry->getAttribute("memberuid"); $updatecache = true; } if (!$ignorecache && $updatecache) { @@ -520,16 +520,13 @@ private function init() // make this user a PI $owner = $this->getOwner(); - // (1) Create LDAP PI group - $ldapPiGroupEntry = $this->getLDAPPiGroup(); - - if (!$ldapPiGroupEntry->exists()) { + if (!$this->entry->exists()) { $nextGID = $this->LDAP->getNextPiGIDNumber($this->SQL); - $ldapPiGroupEntry->setAttribute("objectclass", UnityLDAP::POSIX_GROUP_CLASS); - $ldapPiGroupEntry->setAttribute("gidnumber", strval($nextGID)); - $ldapPiGroupEntry->setAttribute("memberuid", array($owner->uid)); - $ldapPiGroupEntry->write(); + $this->entry->setAttribute("objectclass", UnityLDAP::POSIX_GROUP_CLASS); + $this->entry->setAttribute("gidnumber", strval($nextGID)); + $this->entry->setAttribute("memberuid", array($owner->uid)); + $this->entry->write(); } $this->REDIS->appendCacheArray("sorted_groups", "", $this->gid); @@ -540,9 +537,8 @@ private function init() private function addUserToGroup($new_user) { // Add to LDAP Group - $pi_group = $this->getLDAPPiGroup(); - $pi_group->appendAttribute("memberuid", $new_user->uid); - $pi_group->write(); + $this->entry->appendAttribute("memberuid", $new_user->uid); + $this->entry->write(); $this->REDIS->appendCacheArray($this->gid, "members", $new_user->uid); $this->REDIS->appendCacheArray($new_user->uid, "groups", $this->gid); } @@ -550,9 +546,8 @@ private function addUserToGroup($new_user) private function removeUserFromGroup($old_user) { // Remove from LDAP Group - $pi_group = $this->getLDAPPiGroup(); - $pi_group->removeAttributeEntryByValue("memberuid", $old_user->uid); - $pi_group->write(); + $this->entry->removeAttributeEntryByValue("memberuid", $old_user->uid); + $this->entry->write(); $this->REDIS->removeCacheArray($this->gid, "members", $old_user->uid); $this->REDIS->removeCacheArray($old_user->uid, "groups", $this->gid); } @@ -583,11 +578,6 @@ public function getOwner() ); } - public function getLDAPPiGroup() - { - return $this->LDAP->getPIGroupEntry($this->gid); - } - public static function ownerUID2GID($uid) { return self::PI_PREFIX . $uid; diff --git a/resources/lib/UnityOrg.php b/resources/lib/UnityOrg.php index 3f3ad111..8e6b9797 100644 --- a/resources/lib/UnityOrg.php +++ b/resources/lib/UnityOrg.php @@ -7,6 +7,7 @@ class UnityOrg { public $gid; + private $entry; private $MAILER; private $SQL; @@ -17,6 +18,7 @@ class UnityOrg public function __construct($gid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK) { $this->gid = $gid; + $this->entry = $LDAP->getOrgGroupEntry($this->gid); $this->LDAP = $LDAP; $this->SQL = $SQL; @@ -27,14 +29,12 @@ public function __construct($gid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK) public function init() { - $org_group = $this->getLDAPOrgGroup(); - - if (!$org_group->exists()) { + if (!$this->entry->exists()) { $nextGID = $this->LDAP->getNextOrgGIDNumber($this->SQL); - $org_group->setAttribute("objectclass", UnityLDAP::POSIX_GROUP_CLASS); - $org_group->setAttribute("gidnumber", strval($nextGID)); - $org_group->write(); + $this->entry->setAttribute("objectclass", UnityLDAP::POSIX_GROUP_CLASS); + $this->entry->setAttribute("gidnumber", strval($nextGID)); + $this->entry->write(); } $this->REDIS->appendCacheArray("sorted_orgs", "", $this->gid); @@ -42,12 +42,7 @@ public function init() public function exists() { - return $this->getLDAPOrgGroup()->exists(); - } - - public function getLDAPOrgGroup() - { - return $this->LDAP->getOrgGroupEntry($this->gid); + return $this->entry->exists(); } public function inOrg($user, $ignorecache = false) @@ -83,8 +78,7 @@ public function getOrgMemberUIDs($ignorecache = false) } $updatecache = false; if (!isset($members)) { - $org_group = $this->getLDAPOrgGroup(); - $members = $org_group->getAttribute("memberuid"); + $members = $this->entry->getAttribute("memberuid"); $updatecache = true; } if (!$ignorecache && $updatecache) { @@ -96,17 +90,15 @@ public function getOrgMemberUIDs($ignorecache = false) public function addUser($user) { - $org_group = $this->getLDAPOrgGroup(); - $org_group->appendAttribute("memberuid", $user->uid); - $org_group->write(); + $this->entry->appendAttribute("memberuid", $user->uid); + $this->entry->write(); $this->REDIS->appendCacheArray($this->gid, "members", $user->uid); } public function removeUser($user) { - $org_group = $this->getLDAPOrgGroup(); - $org_group->removeAttributeEntryByValue("memberuid", $user->uid); - $org_group->write(); + $this->entry->removeAttributeEntryByValue("memberuid", $user->uid); + $this->entry->write(); $this->REDIS->removeCacheArray($this->gid, "members", $user->uid); } } diff --git a/resources/lib/UnityUser.php b/resources/lib/UnityUser.php index 77639a81..ed340261 100644 --- a/resources/lib/UnityUser.php +++ b/resources/lib/UnityUser.php @@ -10,6 +10,7 @@ class UnityUser private const HOME_DIR = "/home/"; public $uid; + private $entry; // service stack private $LDAP; @@ -21,6 +22,7 @@ class UnityUser public function __construct($uid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK) { $this->uid = $uid; + $this->entry = $LDAP->getUserEntry($uid); $this->LDAP = $LDAP; $this->SQL = $SQL; @@ -58,7 +60,7 @@ public function init($firstname, $lastname, $email, $org, $send_mail = true) // // Create LDAP group // - $ldapGroupEntry = $this->getLDAPGroup(); + $ldapGroupEntry = $this->getGroupEntry(); $id = $this->LDAP->getUnassignedID($this->uid, $this->SQL); if (!$ldapGroupEntry->exists()) { @@ -70,24 +72,22 @@ public function init($firstname, $lastname, $email, $org, $send_mail = true) // // Create LDAP user // - $ldapUserEntry = $this->getLDAPUser(); - - if (!$ldapUserEntry->exists()) { - $ldapUserEntry->setAttribute("objectclass", UnityLDAP::POSIX_ACCOUNT_CLASS); - $ldapUserEntry->setAttribute("uid", $this->uid); - $ldapUserEntry->setAttribute("givenname", $firstname); - $ldapUserEntry->setAttribute("sn", $lastname); - $ldapUserEntry->setAttribute( + if (!$this->entry->exists()) { + $this->entry->setAttribute("objectclass", UnityLDAP::POSIX_ACCOUNT_CLASS); + $this->entry->setAttribute("uid", $this->uid); + $this->entry->setAttribute("givenname", $firstname); + $this->entry->setAttribute("sn", $lastname); + $this->entry->setAttribute( "gecos", \transliterator_transliterate("Latin-ASCII", "$firstname $lastname") ); - $ldapUserEntry->setAttribute("mail", $email); - $ldapUserEntry->setAttribute("o", $org); - $ldapUserEntry->setAttribute("homedirectory", self::HOME_DIR . $this->uid); - $ldapUserEntry->setAttribute("loginshell", $this->LDAP->getDefUserShell()); - $ldapUserEntry->setAttribute("uidnumber", strval($id)); - $ldapUserEntry->setAttribute("gidnumber", strval($id)); - $ldapUserEntry->write(); + $this->entry->setAttribute("mail", $email); + $this->entry->setAttribute("o", $org); + $this->entry->setAttribute("homedirectory", self::HOME_DIR . $this->uid); + $this->entry->setAttribute("loginshell", $this->LDAP->getDefUserShell()); + $this->entry->setAttribute("uidnumber", strval($id)); + $this->entry->setAttribute("gidnumber", strval($id)); + $this->entry->write(); } // update cache @@ -141,29 +141,19 @@ public function init($firstname, $lastname, $email, $org, $send_mail = true) } } - /** - * Returns the ldap account entry corresponding to the user - * - * @return ldapEntry posix account - */ - public function getLDAPUser() - { - return $this->LDAP->getUserEntry($this->uid); - } - /** * Returns the ldap group entry corresponding to the user * * @return ldapEntry posix group */ - public function getLDAPGroup() + public function getGroupEntry() { return $this->LDAP->getGroupEntry($this->uid); } public function exists() { - return $this->getLDAPUser()->exists() && $this->getLDAPGroup()->exists(); + return $this->entry->exists() && $this->getGroupEntry()->exists(); } // @@ -172,9 +162,8 @@ public function exists() public function setOrg($org) { - $ldap_user = $this->getLDAPUser(); - $ldap_user->setAttribute("o", $org); - $ldap_user->write(); + $this->entry->setAttribute("o", $org); + $this->entry->write(); $this->REDIS->setCache($this->uid, "org", $org); } @@ -189,13 +178,13 @@ public function getOrg($ignorecache = false) } if ($this->exists()) { - $org = $this->getLDAPUser()->getAttribute("o")[0]; + $org = $this->entry->getAttribute("o")[0]; if (!$ignorecache) { $this->REDIS->setCache($this->uid, "org", $org); } - return $this->getLDAPUser()->getAttribute("o")[0]; + return $this->entry->getAttribute("o")[0]; } return null; @@ -208,8 +197,7 @@ public function getOrg($ignorecache = false) */ public function setFirstname($firstname, $operator = null) { - $ldap_user = $this->getLDAPUser(); - $ldap_user->setAttribute("givenname", $firstname); + $this->entry->setAttribute("givenname", $firstname); $operator = is_null($operator) ? $this->uid : $operator->uid; $this->SQL->addLog( @@ -219,7 +207,7 @@ public function setFirstname($firstname, $operator = null) $this->uid ); - $ldap_user->write(); + $this->entry->write(); $this->REDIS->setCache($this->uid, "firstname", $firstname); } @@ -239,7 +227,7 @@ public function getFirstname($ignorecache = false) } if ($this->exists()) { - $firstname = $this->getLDAPUser()->getAttribute("givenname")[0]; + $firstname = $this->entry->getAttribute("givenname")[0]; if (!$ignorecache) { $this->REDIS->setCache($this->uid, "firstname", $firstname); @@ -258,8 +246,7 @@ public function getFirstname($ignorecache = false) */ public function setLastname($lastname, $operator = null) { - $ldap_user = $this->getLDAPUser(); - $ldap_user->setAttribute("sn", $lastname); + $this->entry->setAttribute("sn", $lastname); $operator = is_null($operator) ? $this->uid : $operator->uid; $this->SQL->addLog( @@ -269,7 +256,7 @@ public function setLastname($lastname, $operator = null) $this->uid ); - $this->getLDAPUser()->write(); + $this->entry->write(); $this->REDIS->setCache($this->uid, "lastname", $lastname); } @@ -289,7 +276,7 @@ public function getLastname($ignorecache = false) } if ($this->exists()) { - $lastname = $this->getLDAPUser()->getAttribute("sn")[0]; + $lastname = $this->entry->getAttribute("sn")[0]; if (!$ignorecache) { $this->REDIS->setCache($this->uid, "lastname", $lastname); @@ -314,8 +301,7 @@ public function getFullname() */ public function setMail($email, $operator = null) { - $ldap_user = $this->getLDAPUser(); - $ldap_user->setAttribute("mail", $email); + $this->entry->setAttribute("mail", $email); $operator = is_null($operator) ? $this->uid : $operator->uid; $this->SQL->addLog( @@ -325,7 +311,7 @@ public function setMail($email, $operator = null) $this->uid ); - $this->getLDAPUser()->write(); + $this->entry->write(); $this->REDIS->setCache($this->uid, "mail", $email); } @@ -345,7 +331,7 @@ public function getMail($ignorecache = false) } if ($this->exists()) { - $mail = $this->getLDAPUser()->getAttribute("mail")[0]; + $mail = $this->entry->getAttribute("mail")[0]; if (!$ignorecache) { $this->REDIS->setCache($this->uid, "mail", $mail); @@ -364,12 +350,11 @@ public function getMail($ignorecache = false) */ public function setSSHKeys($keys, $operator = null, $send_mail = true) { - $ldapUser = $this->getLDAPUser(); $operator = is_null($operator) ? $this->uid : $operator->uid; $keys_filt = array_values(array_unique($keys)); - if ($ldapUser->exists()) { - $ldapUser->setAttribute("sshpublickey", $keys_filt); - $ldapUser->write(); + if ($this->entry->exists()) { + $this->entry->setAttribute("sshpublickey", $keys_filt); + $this->entry->write(); } $this->REDIS->setCache($this->uid, "sshkeys", $keys_filt); @@ -409,8 +394,7 @@ public function getSSHKeys($ignorecache = false) } if ($this->exists()) { - $ldapUser = $this->getLDAPUser(); - $result = $ldapUser->getAttribute("sshpublickey"); + $result = $this->entry->getAttribute("sshpublickey"); if (is_null($result)) { $keys = array(); } else { @@ -444,10 +428,9 @@ public function setLoginShell($shell, $operator = null, $send_mail = true) if (empty($shell)) { throw new Exception("login shell must not be empty!"); } - $ldapUser = $this->getLDAPUser(); - if ($ldapUser->exists()) { - $ldapUser->setAttribute("loginshell", $shell); - $ldapUser->write(); + if ($this->entry->exists()) { + $this->entry->setAttribute("loginshell", $shell); + $this->entry->write(); } $operator = is_null($operator) ? $this->uid : $operator->uid; @@ -486,9 +469,7 @@ public function getLoginShell($ignorecache = false) } if ($this->exists()) { - $ldapUser = $this->getLDAPUser(); - - $loginshell = $ldapUser->getAttribute("loginshell")[0]; + $loginshell = $this->entry->getAttribute("loginshell")[0]; if (!$ignorecache) { $this->REDIS->setCache($this->uid, "loginshell", $loginshell); @@ -502,10 +483,9 @@ public function getLoginShell($ignorecache = false) public function setHomeDir($home, $operator = null) { - $ldapUser = $this->getLDAPUser(); - if ($ldapUser->exists()) { - $ldapUser->setAttribute("homedirectory", $home); - $ldapUser->write(); + if ($this->entry->exists()) { + $this->entry->setAttribute("homedirectory", $home); + $this->entry->write(); $operator = is_null($operator) ? $this->uid : $operator->uid; $this->SQL->addLog( @@ -535,9 +515,7 @@ public function getHomeDir($ignorecache = false) } if ($this->exists()) { - $ldapUser = $this->getLDAPUser(); - - $homedir = $ldapUser->getAttribute("homedirectory"); + $homedir = $this->entry->getAttribute("homedirectory"); if (!$ignorecache) { $this->REDIS->setCache($this->uid, "homedir", $homedir); diff --git a/test/functional/NewUserTest.php b/test/functional/NewUserTest.php index 4da13cce..26e72ba5 100644 --- a/test/functional/NewUserTest.php +++ b/test/functional/NewUserTest.php @@ -65,7 +65,7 @@ private function ensureUserDoesNotExist() $org->removeUser($USER); assert(!$org->inOrg($USER)); } - $USER->getLDAPUser()->delete(); + $LDAP->getUserEntry($USER->uid)->delete(); assert(!$USER->exists()); } $all_users_group = $LDAP->getUserGroup(); @@ -84,9 +84,9 @@ private function ensureUserDoesNotExist() private function ensureOrgGroupDoesNotExist() { global $USER, $SSO, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK; - $org_group = new UnityOrg($SSO["org"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK); + $org_group = $LDAP->getOrgGroupEntry($SSO["org"]); if ($org_group->exists()) { - $org_group->getLDAPOrgGroup()->delete(); + $org_group->delete(); assert(!$org_group->exists()); } } @@ -102,9 +102,9 @@ private function ensureUserNotInPIGroup(UnityGroup $pi_group) private function ensurePIGroupDoesNotExist() { - global $USER; + global $USER, $LDAP; if ($USER->getPIGroup()->exists()) { - $USER->getPIGroup()->getLDAPPIGroup()->delete(); + $LDAP->getPIGroupEntry($USER->getPIGroup()->gid)->delete(); assert(!$USER->getPIGroup()->exists()); } }