From a0a87ed9cd491d40d71385a3f9debe5182aebc1f Mon Sep 17 00:00:00 2001
From: Andrew Yoder <ayoder770@gmail.com>
Date: Sun, 16 Aug 2020 18:18:14 -0400
Subject: [PATCH] Custom object Classes for ldap-useradmin module

---
 ldap-useradmin/CHANGELOG             |  3 +++
 ldap-useradmin/config.info           |  2 ++
 ldap-useradmin/ldap-useradmin-lib.pl | 32 ++++++++++++++++++++++++----
 ldap-useradmin/save_group.cgi        |  2 +-
 ldap-useradmin/save_user.cgi         |  2 +-
 5 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/ldap-useradmin/CHANGELOG b/ldap-useradmin/CHANGELOG
index 077f2533a..0c8cb78e9 100644
--- a/ldap-useradmin/CHANGELOG
+++ b/ldap-useradmin/CHANGELOG
@@ -77,3 +77,6 @@ The list of groups now includes descriptions, if any are set.
 Added Module Config options for additional LDAP filters to find users and groups, in addition to the posixAccount / posixGroup object class filters.
 ---- Changes since 1.610 ----
 The userPassword attribute is now removed for users or groups that don't have a password set.
+---- Changes since 1.954 ----
+Added the option to point the ldap-useradmin to a system file for the LDAP bind credentials
+Allow the default posixAccount/posixGroup object classes to be overridden
diff --git a/ldap-useradmin/config.info b/ldap-useradmin/config.info
index 6dd939bd3..80549f459 100644
--- a/ldap-useradmin/config.info
+++ b/ldap-useradmin/config.info
@@ -25,6 +25,8 @@ multi_fields=Allow multiple values for extra properties?,1,1-Yes,0-No
 noclash=Attributes for which duplicates are disallowed,0
 person=Give all Unix users the <tt>person</tt> object class?,1,1-Yes,0-No
 gecos=Set <tt>gecos</tt> attribute to match real name?,1,1-Yes,0-No
+custom_user_obj_class=Custom primary user objectClass (default posixAccount),3
+custom_group_obj_class=Custom primary group objectClass (default posixGroup),3
 user_filter=Additional LDAP filter for users,3,None,,,,Attribute=value
 group_filter=Additional LDAP filter for groups,3,None,,,,Attribute=value
 
diff --git a/ldap-useradmin/ldap-useradmin-lib.pl b/ldap-useradmin/ldap-useradmin-lib.pl
index a569fd84e..12ad2985e 100755
--- a/ldap-useradmin/ldap-useradmin-lib.pl
+++ b/ldap-useradmin/ldap-useradmin-lib.pl
@@ -233,7 +233,7 @@ sub create_user
 local $ldap = &ldap_connect();
 local $base = &get_user_base();
 $_[0]->{'dn'} = "uid=$_[0]->{'user'},$base";
-local @classes = ( "posixAccount", "shadowAccount",
+local @classes = ( &def_user_obj_class(), "shadowAccount",
 		   split(/\s+/, $config{'other_class'}),
 		   @{$_[0]->{'ldap_class'}} );
 local $schema = $ldap->schema();
@@ -356,7 +356,7 @@ sub create_group
 local $ldap = &ldap_connect();
 local $base = &get_group_base();
 $_[0]->{'dn'} = "cn=$_[0]->{'group'},$base";
-local @classes = ( "posixGroup" );
+local @classes = ( &def_group_obj_class() );
 push(@classes, split(/\s+/, $config{'gother_class'}));
 @classes = &uniquelc(@classes);
 local @attrs = &group_to_dn($_[0]);
@@ -1244,7 +1244,7 @@ return undef;
 # Returns an LDAP filter expression to find users
 sub user_filter
 {
-my $rv = "(objectClass=posixAccount)";
+my $rv = "(objectClass=".&def_user_obj_class().")";
 if ($config{'user_filter'}) {
 	$rv = "(&".$rv."(".$config{'user_filter'}."))";
 	}
@@ -1255,12 +1255,36 @@ return $rv;
 # Returns an LDAP filter expression to find groups
 sub group_filter
 {
-my $rv = "(objectClass=posixGroup)";
+my $rv = "(objectClass=".&def_group_obj_class().")";
 if ($config{'group_filter'}) {
 	$rv = "(&".$rv."(".$config{'group_filter'}."))";
 	}
 return $rv;
 }
 
+# def_user_obj_class()
+# Returns the objectClass to use for LDAP users
+# Default is "posixAccount" if not overridden
+sub def_user_obj_class
+{
+my $userObjClass = "posixAccount";
+if ($config{'custom_user_obj_class'}){
+	$userObjClass = $config{'custom_user_obj_class'};
+}
+return $userObjClass;
+}
+
+# def_group_obj_class()
+# Returns the objectClass to use for LDAP groups
+# Default is "posixGroup" if not overridden
+sub def_group_obj_class
+{
+my $groupObjClass = "posixGroup";
+if ($config{'custom_group_obj_class'}){
+	$groupObjClass = $config{'custom_group_obj_class'};
+}
+return $groupObjClass;
+}
+
 1;
 
diff --git a/ldap-useradmin/save_group.cgi b/ldap-useradmin/save_group.cgi
index cf19b667c..08584667b 100755
--- a/ldap-useradmin/save_group.cgi
+++ b/ldap-useradmin/save_group.cgi
@@ -284,7 +284,7 @@ else {
 	# Add to the LDAP database
 	$base = &get_group_base();
 	$newdn = "cn=$group,$base";
-	@classes = ( "posixGroup" );
+	@classes = ( &def_group_obj_class() );
 	push(@classes, split(/\s+/, $config{'gother_class'}));
 	if ($in{'samba'}) {
 		push(@classes, $samba_group_class);
diff --git a/ldap-useradmin/save_user.cgi b/ldap-useradmin/save_user.cgi
index 62c9430a3..d4f554cf6 100755
--- a/ldap-useradmin/save_user.cgi
+++ b/ldap-useradmin/save_user.cgi
@@ -341,7 +341,7 @@ else {
 		$shadow = &shadow_fields();
 
 		# Add to the ldap database
-		@classes = ( "posixAccount", "shadowAccount" );
+		@classes = ( &def_user_obj_class(), "shadowAccount" );
 		if ($schema && $schema->objectclass("person") && $config{'person'}) {
 			push(@classes, "person");
 			}