--- management/univention-directory-manager-modules/modules/univention/admin/handlers/groups/group.py (.../release-ucs-2.4-2/ucs) (Revision 27072)
+++ management/univention-directory-manager-modules/modules/univention/admin/handlers/groups/group.py (.../release-ucs-2.4-3) (Revision 27072)
@@ -109,6 +109,17 @@
default=('2',[]),
options=['samba']
),
+ 'sambaPrivileges': univention.admin.property(
+ short_description=_('Samba privileges'),
+ long_description=('Manage samba privileges'),
+ syntax=univention.admin.syntax.sambaPrivileges,
+ multivalue=1,
+ options=['samba'],
+ required=0,
+ dontsearch=0,
+ may_change=1,
+ identifies=0,
+ ),
'description': univention.admin.property(
short_description=_('Description'),
long_description='',
@@ -222,6 +233,9 @@
], advanced = True ),
univention.admin.tab(_('Allowed groups'),_('Groups that are allowed to send e-mails to the group'),[
[univention.admin.field("allowedEmailGroups")]
+ ], advanced = True ),
+ univention.admin.tab(_('Windows'),_('Windows account settings'),[
+ [univention.admin.field("sambaPrivileges")]
], advanced = True )
]
@@ -231,6 +245,7 @@
mapping.register('description', 'description', None, univention.admin.mapping.ListToString)
mapping.register('sambaGroupType', 'sambaGroupType', None, univention.admin.mapping.ListToString)
mapping.register('mailAddress', 'mailPrimaryAddress', None, univention.admin.mapping.ListToString)
+mapping.register('sambaPrivileges', 'univentionSambaPrivilegeList')
def _case_insensitive_in_list(dn, list):
for element in list:
@@ -569,6 +584,18 @@
def _ldap_modlist( self ):
ml=univention.admin.handlers.simpleLdap._ldap_modlist( self )
+
+ # samba privileges
+ if self.hasChanged("sambaPrivileges") and "samba" in self.options:
+ o = self.oldattr.get('objectClass', [])
+ # add univentionSambaPrivileges objectclass
+ if self["sambaPrivileges"] and not "univentionSambaPrivileges" in o:
+ ml.insert(0, ('objectClass', '', 'univentionSambaPrivileges'))
+ # do not remove univentionSambaPrivileges objectclass
+ # (we need it in the listener filter)
+ #if not self["sambaPrivileges"] and "univentionSambaPrivileges" in o:
+ # ml.insert(0, ('objectClass', 'univentionSambaPrivileges', ''))
+
if self.hasChanged( 'mailAddress' ) and self[ 'mailAddress' ]:
for i, j in self.alloc:
if i == 'mailPrimaryAddress': break
Index: management/univention-directory-manager-modules/modules/univention/admin/handlers/groups/de.po
===================================================================
--- management/univention-directory-manager-modules/modules/univention/admin/handlers/users/de.po (.../release-ucs-2.4-2/ucs) (Revision 27072)
+++ management/univention-directory-manager-modules/modules/univention/admin/handlers/users/de.po (.../release-ucs-2.4-3) (Revision 27072)
@@ -286,6 +286,14 @@
msgid "Groups"
msgstr "Gruppen"
+#: user.py:528
+msgid "Samba privileges"
+msgstr "Samba Privilegien"
+
+#: user.py:529
+msgid "Manage samba privileges"
+msgstr "Samba Privilegien verwalten"
+
#: user.py:538
msgid "Primary group"
msgstr "Primäre Gruppe"
Index: management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/forward_zone.py
===================================================================
--- management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py (.../release-ucs-2.4-2/ucs) (Revision 27072)
+++ management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py (.../release-ucs-2.4-3) (Revision 27072)
@@ -524,6 +524,17 @@
identifies=0,
options=['samba']
),
+ 'sambaPrivileges': univention.admin.property(
+ short_description=_('Samba privileges'),
+ long_description=('Manage samba privileges'),
+ syntax=univention.admin.syntax.sambaPrivileges,
+ multivalue=1,
+ options=['samba'],
+ required=0,
+ dontsearch=0,
+ may_change=1,
+ identifies=0,
+ ),
'groups': univention.admin.property(
short_description=_('Groups'),
long_description='',
@@ -1114,7 +1125,7 @@
univention.admin.tab(_('Windows'),_('Windows account settings'),[
[univention.admin.field("sambahome"), univention.admin.field("homedrive")],
[univention.admin.field("scriptpath"), univention.admin.field("profilepath")],
- [univention.admin.field("sambaRID")],
+ [univention.admin.field("sambaRID"), univention.admin.field("sambaPrivileges")],
[univention.admin.field("sambaLogonHours"), univention.admin.field("sambaUserWorkstations")]
]),
univention.admin.tab(_('Groups'),_('Group memberships'), [
@@ -1380,7 +1391,7 @@
mapping.register('organisation', 'o', None, univention.admin.mapping.ListToString)
mapping.register('mailPrimaryAddress', 'mailPrimaryAddress', None, univention.admin.mapping.ListToLowerString)
-mapping.register('mailAlternativeAddress', 'mailAlternativeAddress', univention.admin.mapping.ListToLowerListUniq)
+mapping.register('mailAlternativeAddress', 'mailAlternativeAddress', None, univention.admin.mapping.ListToLowerListUniq)
mapping.register('mailGlobalSpamFolder', 'mailGlobalSpamFolder', None, univention.admin.mapping.ListToString)
mapping.register('street', 'street', None, univention.admin.mapping.ListToString)
@@ -1402,6 +1413,7 @@
mapping.register('sambahome', 'sambaHomePath', None, univention.admin.mapping.ListToString)
mapping.register('sambaUserWorkstations', 'sambaUserWorkstations', sambaWorkstationsMap, sambaWorkstationsUnmap)
mapping.register('sambaLogonHours', 'sambaLogonHours', logonHoursMap, logonHoursUnmap)
+mapping.register('sambaPrivileges', 'univentionSambaPrivilegeList')
mapping.register('scriptpath', 'sambaLogonScript', None, univention.admin.mapping.ListToString)
mapping.register('profilepath', 'sambaProfilePath', None, univention.admin.mapping.ListToString)
mapping.register('homedrive', 'sambaHomeDrive', None, univention.admin.mapping.ListToString)
@@ -2227,6 +2239,17 @@
shadowLastChangeValue = '' # if is filled, it will be added to ml in the end
sambaPwdLastSetValue = '' # if is filled, it will be added to ml in the end
+ # samba privileges
+ if self.hasChanged("sambaPrivileges") and "samba" in self.options:
+ o = self.oldattr.get('objectClass', [])
+ # add univentionSambaPrivileges objectclass
+ if self["sambaPrivileges"] and not "univentionSambaPrivileges" in o:
+ ml.insert(0, ('objectClass', '', 'univentionSambaPrivileges'))
+ # do not remove univentionSambaPrivileges objectclass
+ # (we need it in the listener filter)
+ #if not self["sambaPrivileges"] and "univentionSambaPrivileges" in o:
+ # ml.insert(0, ('objectClass', 'univentionSambaPrivileges', ''))
+
if self.options != self.old_options:
univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'options: %s' % self.options)
univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'old_options: %s' % self.old_options)
Index: management/univention-directory-manager-modules/modules/univention/admin/handlers/users/de.po
===================================================================
--- management/univention-directory-manager-modules/modules/univention/admin/syntax.py (.../release-ucs-2.4-2/ucs) (Revision 27072)
+++ management/univention-directory-manager-modules/modules/univention/admin/syntax.py (.../release-ucs-2.4-3) (Revision 27072)
@@ -1116,6 +1116,23 @@
name='ldapServer'
def parse(self, text):
return text
+
+class sambaPrivileges(simple):
+ name='sambaPrivileges'
+ privileges = [
+ { "name" : "SeMachineAccountPrivilege", "description" : _("Add machines to domain") },
+ { "name" : "SeSecurityPrivilege", "description" : _("Manage auditing and security log") },
+ { "name" : "SeTakeOwnershipPrivilege", "description" : _("Take ownership of files or other objects") },
+ { "name" : "SeBackupPrivilege", "description" : _("Back up files and directories") },
+ { "name" : "SeRestorePrivilege", "description" : _("Restore files and directories") },
+ { "name" : "SeRemoteShutdownPrivilege", "description" : _("Force shutdown from a remote system") },
+ { "name" : "SePrintOperatorPrivilege", "description" : _("Manage printers") },
+ { "name" : "SeAddUsersPrivilege", "description" : _("Add users and groups to the domain") },
+ { "name" : "SeDiskOperatorPrivilege", "description" : _("Manage disk shares") },
+ ]
+ def parse(self, text):
+ return text
+
class printerServer(simple):
name='printerServer'
def parse(self, text):
--- management/univention-directory-manager/uniconf/modedit.py (.../release-ucs-2.4-2/ucs) (Revision 27072)
+++ management/univention-directory-manager/uniconf/modedit.py (.../release-ucs-2.4-3) (Revision 27072)
@@ -3730,6 +3730,105 @@
################################
+ elif property.syntax.name == 'sambaPrivileges':
+ self.minput[name]=[]
+ minput_rows=[]
+ atts=copy.deepcopy(attributes)
+ mvaluelist=[]
+ i=0
+ if value:
+ for v in value:
+ try:
+ mvaluelist.append({'name': unicode(i), 'description': syntax.tostring(v)})
+ except univention.admin.uexceptions.valueInvalidSyntax, e:
+ pass
+ i+=1
+ if name:
+ # [0]: input field (or several input fields in case of a complex syntax property)
+
+ packages = property.syntax.privileges
+
+ self.minput[name].append(question_select(property.short_description,atts,{'choicelist':packages,'helptext':_('select Server')}))
+ atts=copy.deepcopy(attributes)
+ b_atts=copy.deepcopy(attributes)
+ b2_atts=copy.deepcopy(attributes)
+ # [1]: add button
+ self.minput[name].append(get_addbutton(b_atts,_("Add %s") % name))
+ # [2]: mselect list widget
+ self.minput[name].append(question_mselect(_("Entries:"),atts,{"helptext":_("Current entries for '%s'") % name,"choicelist":mvaluelist}))
+ # [3]: remove button
+ self.minput[name].append(get_removebutton(b_atts,_("Remove selected '%s' entrie(s) from list") % name))
+
+ # move buttons:
+ # [4]: up button [ ^ ]
+ self.minput[name].append(get_upbutton(b2_atts,_("Move upwards")))
+ # [5]: down button [ v ]
+ self.minput[name].append(get_downbutton(b2_atts,_("Move downwards")))
+
+ # put the widgets/buttons from minput[name] into a table
+ # | |
+ # |----------------|
+ # | |
+ # ---------------------------------|
+ # | |
+ # |----------------|
+ # | |
+ # |----------------|
+ # | |
+ #----------------------------------|
+ minput_rows.append(tablerow("",{},{"obs":[\
+ tablecol('',{'rowspan':'2'}, {'obs': [\
+ #input field
+ self.minput[name][0]\
+ ]}),\
+ tablecol('',{}, {'obs': [\
+ # needed freespace
+ htmltext("",{},{'htmltext':[' ']})
+ ]})\
+ ]}))
+ minput_rows.append(tablerow("",{},{"obs":[\
+ tablecol('',{'type':'multi_add_top'}, {'obs': [\
+ #add button
+ self.minput[name][1]\
+ ]})\
+ ]}))
+ minput_rows.append(tablerow("",{},{"obs":[\
+ tablerow("",{},{"obs":[\
+ tablecol('',{'rowspan':'3'}, {'obs': [\
+ #mselect list
+ self.minput[name][2]\
+ ]}),\
+ tablecol('',{'type':'multi_remove'}, {'obs': [\
+ #up button
+ self.minput[name][4]\
+ ]})\
+ ]}),\
+ tablerow("",{},{"obs":[\
+ tablecol('',{'type':'multi_remove'}, {'obs': [\
+ #remove button
+ self.minput[name][3]\
+ ]})\
+ ]}),\
+ tablerow("",{},{"obs":[\
+ tablecol('',{'type':'multi_remove_img'}, {'obs': [\
+ #down button
+ self.minput[name][5]\
+ ]})\
+ ]})\
+ ]}))
+ else:
+ minput_rows.append(tablerow("",{},{"obs":[\
+ tablecol('',{}, {'obs': [\
+ ]}),\
+ tablecol('',{}, {'obs': [\
+ ]})\
+ ]}))
+ cols.append(tablecol('',{'type':'tab_layout'}, {'obs': [table("",{'type':'multi'},{"obs":minput_rows})]}))
+
+
+
+ ################################
+
elif property.syntax.name == 'ldapServer':
self.minput[name]=[]
minput_rows=[]
Index: management/univention-directory-manager/debian/univention-directory-manager.univention-config-registry-variables
===================================================================