Account creation (ltb-project#225)

* First implementaton of creation page

* Doc for entry creation

* Delete entry

* Doc for delete

* Message for create/delete results

* change error codes for delete

* Modal to confirm entry deletion

* DN escaping and encoding

* Small typo in HTML code

* Improve messages for audit log

* Use macro system also for update

Author: coudot

conf/config.inc.php

@@ -180,10 +180,20 @@
 
 $use_update = true;
 $update_items = array('firstname', 'lastname', 'title', 'businesscategory', 'employeenumber', 'employeetype', 'mail', 'mailquota', 'phone', 'mobile', 'fax', 'postaladdress', 'street', 'postalcode', 'l', 'state', 'organizationalunit', 'organization', 'manager', 'secretary');
+$update_items_macros = array('fullname' => '%firstname% %lastname%');
 
 $use_rename = true;
 $rename_items = array('identifier');
 
+$use_create = true;
+$create_items = array('identifier', 'firstname', 'lastname', 'mail');
+$create_objectclass = array('top', 'person', 'organizationalPerson', 'inetOrgPerson');
+$create_dn_items = array('identifier');
+$create_base = $ldap_user_base;
+$create_items_macros = array('fullname' => '%firstname% %lastname%');
+
+$use_delete = true;
+
 # Local password policy
 # This is applied before directory password policy
 # Minimal length
@@ -346,6 +356,12 @@
 #$display_prehook_updatevalidity_error = true;
 #$ignore_prehook_updatevalidity_error = true;
 
+## Delete
+
+#$prehook_delete = "/usr/share/service-desk/prehook_delete.sh";
+#$display_prehook_delete_error = true;
+#$ignore_prehook_delete_error = true;
+
 ### Posthooks
 
 # The posthook is only launched if the action was successful
@@ -388,6 +404,11 @@
 #$posthook_updatevalidity = "/usr/share/service-desk/posthook_updatevalidity.sh";
 #$display_posthook_updatevalidity_error = true;
 
+## Delete
+
+#$posthook_delete = "/usr/share/service-desk/posthook_delete.sh";
+#$display_posthook_delete_error = true;
+
 # The name of an HTTP Header that may hold a reference to an extra config file to include.
 #$header_name_extra_config="SSP-Extra-Config";
 

docs/createentry.rst

@@ -0,0 +1,58 @@
+Create entry
+============
+
+This allows to create a new account in the directory.
+
+Disable or enable feature
+-------------------------
+
+If feature is enabled, a new button is shown in the menu.
+To disable it:
+
+.. code-block:: php
+
+   $use_create = false;
+
+Items
+-----
+
+You can choose which items will be asked for the entry creation:
+
+.. code-block:: php
+
+   $create_items = array('firstname', 'lastname', 'title', 'businesscategory', 'mail');
+
+DN
+--
+
+Choose which items will be used to compute the DN (RDN):
+
+.. code-block:: php
+
+   $create_dn_items = array('identifier');
+
+Set the branch where entries are created (by default this is the user search base):
+
+.. code-block:: php
+
+   $create_base = "ou=service,ou=users,dc=example,dc=com";
+
+
+Object classes
+--------------
+
+Set which object classes are used to create the entry:
+
+.. code-block:: php
+
+   $create_objectclass = array('top', 'person', 'organizationalPerson', 'inetOrgPerson');
+
+Macros
+------
+
+You may need to create additional attributes based on submitted items.
+This is possible by defining a macro for the corresponding item:
+
+.. code-block:: php
+
+   $create_items_macros = array('fullname' => '%firstname% %lastname%');

docs/deleteentry.rst

@@ -0,0 +1,12 @@
+Deleteentry
+============
+
+Disable or enable feature
+-------------------------
+
+If feature is enabled, a delete button is shown on entry display page.
+To disable it:
+
+.. code-block:: php
+
+   $use_delete = false;

docs/hook.rst

@@ -141,7 +141,7 @@ Account disable
 
 The script is called with one parameter: login.
 
-Define prehook or posthook script (and disable the feature):
+Define prehook or posthook script (and enable the feature):
 
 .. code-block:: php
 
@@ -166,7 +166,7 @@ Update validity dates
 
 The script is called with one parameter: login.
 
-Define prehook or posthook script (and updatevalidity the feature):
+Define prehook or posthook script (and enable the feature):
 
 .. code-block:: php
 
@@ -185,3 +185,28 @@ To ignore prehook error:
 .. code-block:: php
 
     $ignore_prehook_updatevalidity_error = true;
+
+Delete
+------
+
+The script is called with one parameter: login.
+
+Define prehook or posthook script (and enable the feature):
+
+.. code-block:: php
+
+    $prehook_delete = "/usr/share/service-desk/prehook_delete.sh";
+    $posthook_delete = "/usr/share/service-desk/posthook_delete.sh";
+
+To display hook error:
+
+.. code-block:: php
+
+   $display_prehook_delete_error = true;
+   $display_posthook_delete_error = true;
+
+To ignore prehook error:
+
+.. code-block:: php
+
+    $ignore_prehook_delete_error = true;

docs/index.rst

@@ -32,5 +32,7 @@ LDAP Tool Box Service Desk documentation
    dashboards.rst
    configuration-mail.rst
    audit.rst
-   updateentry.rst
+   createentry.rst
    renameentry.rst
+   updateentry.rst
+   deleteentry.rst

docs/updateentry.rst

@@ -21,3 +21,13 @@ You can choose which items will be available for the update:
    $update_items = array('firstname', 'lastname', 'title', 'businesscategory', 'employeenumber', 'employeetype', 'mail', 'mailquota', 'phone', 'mobile', 'fax', 'postaladdress', 'street', 'postalcode', 'l', 'state', 'organizationalunit', 'organization', 'manager', 'secretary');
 
 .. tip:: Other items will be read-only if they are listed in display items
+
+Macros
+------
+
+You may need to update additional attributes based on submitted items.
+This is possible by defining a macro for the corresponding item:
+
+.. code-block:: php
+
+   $update_items_macros = array('fullname' => '%firstname% %lastname%');

htdocs/create.php

@@ -0,0 +1,129 @@
+<?php
+/*
+ * Create an entry
+ */
+
+$result = "";
+$dn = "";
+$entry = "";
+$action = "displayform";
+$result = "";
+
+if (isset($_POST["action"]) and $_POST["action"]) {
+    $action = $_POST["action"];
+}
+
+if ($result === "") {
+
+    require_once("../conf/config.inc.php");
+    require __DIR__ . '/../vendor/autoload.php';
+    require_once("../lib/date.inc.php");
+
+    # Connect to LDAP
+    $ldap_connection = $ldapInstance->connect();
+
+    $ldap = $ldap_connection[0];
+    $result = $ldap_connection[1];
+
+    if ($ldap) {
+
+            # Create entry
+            if ($action == "createentry") {
+
+                # Get all data
+                $create_attributes = array();
+                foreach ($create_items as $item) {
+                    $values = array();
+                    $item_keys = preg_grep("/^$item(\d+)$/", array_keys($_POST));
+                    foreach ($item_keys as $item_key) {
+                        if (isset($_POST[$item_key]) and !empty($_POST[$item_key])) {
+                            $value = $_POST[$item_key];
+                            if ( $attributes_map[$item]['type'] == "date" ||  $attributes_map[$item]['type'] == "ad_date" ) {
+                                $value = $directory->getLdapDate(new DateTime($_POST[$item_key]));
+                            }
+                            $values[] = $value;
+                        }
+                    }
+
+                    $create_attributes[ $attributes_map[$item]['attribute'] ] = $values;
+                }
+
+                $create_attributes['objectclass'] = $create_objectclass;
+
+                $dn = "";
+
+                foreach ($create_dn_items as $dn_item) {
+                    $attribute = $attributes_map[$dn_item]['attribute'];
+                    if ($dn) { $dn .= "+"; }
+                    $dn .= $attribute . "=" . ldap_escape($create_attributes[$attribute][0], "", LDAP_ESCAPE_DN);
+                }
+
+                $dn .= "," . $create_base;
+
+                # Use macros
+                foreach ($create_items_macros as $item => $macro) {
+                    $value = preg_replace_callback('/%(\w+)%/',
+                        function ($matches) use ($item, $create_attributes, $attributes_map) {
+                            return $create_attributes[ $attributes_map[$matches[1]]['attribute'] ][0];
+                        },
+                        $macro);
+                    error_log( "Use macro $macro for item $item: $value" );
+                    $create_attributes[ $attributes_map[$item]['attribute'] ] = $value;
+                }
+
+                # Create entry
+                if (!ldap_add($ldap, $dn, $create_attributes)) {
+                    error_log("LDAP - modify failed for $dn");
+                    $result = "createfailed";
+                    $action = "displayform";
+                } else {
+                    $errno = ldap_errno($ldap);
+                    if ( $errno ) {
+                        error_log("LDAP - create error $errno (".ldap_error($ldap).") for $dn");
+                        $result = "createfailed";
+                        $action = "displayform";
+                    } else {
+                        $result = "createok";
+                        $action = "displayentry";
+                    }
+                }
+
+                if ($audit_log_file) {
+                    auditlog($audit_log_file, $dn, $audit_admin, "createentry", $result, $comment);
+                }
+
+            }
+
+            # Display form
+            if ($action == "displayform") {
+
+                # Compute lists
+                $item_list = array();
+
+                foreach ($create_items as $item) {
+                    if ( $attributes_map[$item]["type"] === "static_list") {
+                        $item_list[$item] = isset($attributes_static_list[$item]) ? $attributes_static_list[$item] : array();
+                    }
+                    if ( $attributes_map[$item]["type"] === "list") {
+                        $item_list[$item] = $ldapInstance->get_list( $attributes_list[$item]["base"], $attributes_list[$item]["filter"], $attributes_list[$item]["key"], $attributes_list[$item]["value"]  );
+                    }
+                }
+
+            }
+    }
+}
+
+if ( $action == "displayentry" ) {
+    $location = 'index.php?page=display&dn='.urlencode($dn).'&createresult='.$result;
+    header('Location: '.$location);
+}
+
+$smarty->assign("entry", $entry);
+$smarty->assign("action", $action);
+
+$smarty->assign("item_list", $item_list);
+
+$smarty->assign("create_items", $create_items);
+$smarty->assign("show_undef", $display_show_undefined);
+
+?>